Cleaning code, adding headers, adding security::remove_XSS

15 years ago · 51791a4a70
parent dfff928461
commit 51791a4a70
11 changed files with 78 additions and 137 deletions
--- a/main/admin/access_url_add_courses_to_url.php
+++ b/main/admin/access_url_add_courses_to_url.php
@ -5,6 +5,7 @@
 *	It displays a list of users and a list of courses;
 *	you can select multiple users and courses and then click on
 *	@package chamilo.admin
+*	@author Julio Montoya <gugli100@gmail.com>
 */

 // name of the language file that needs to be included
@ -21,9 +22,7 @@ if (!$_configuration['multiple_access_urls']) {
 }

 /*
-----------------------------------------------------------
 	Global constants and variables
-----------------------------------------------------------
 */

 $form_sent = 0;
@ -47,9 +46,7 @@ $interbreadcrumb[] = array ('url' => 'index.php', 'name' => get_lang('PlatformAd
 $interbreadcrumb[] = array ('url' => 'access_urls.php', 'name' => get_lang('MultipleAccessURLs'));

 /*
-==============================================================================
 		MAIN CODE
-==============================================================================
 */

 Display :: display_header($tool_name);
@ -75,25 +72,18 @@ if ($_POST['form_sent']) {
 	if ($form_sent == 1) {
 		if ( count($courses) == 0 || count($url_list) == 0) {
 			Display :: display_error_message(get_lang('AtLeastOneCourseAndOneURL'));
-			//header('Location: access_urls.php?action=show_message&message='.get_lang('AtLeastOneUserAndOneURL'));
 		} else {
 			UrlManager::add_courses_to_urls($courses,$url_list);
 			Display :: display_confirmation_message(get_lang('CourseBelongURL'));
-			//header('Location: access_urls.php?action=show_message&message='.get_lang('UsersBelongURL'));
 		}
 	}
 }



-/*
-----------------------------------------------------------
-	Display GUI
-----------------------------------------------------------
-*/
+/*	Display GUI */

-if(empty($first_letter_user))
-{
+if(empty($first_letter_user)) {
 	$sql = "SELECT count(*) as num_courses FROM $tbl_course";
 	$result = Database::query($sql);
 	$num_row = Database::fetch_array($result);
@ -172,9 +162,7 @@ unset($result);
 </form>
 <?php
 /*
-==============================================================================
 		FOOTER
-==============================================================================
 */
 Display :: display_footer();
 ?>
--- a/main/admin/access_url_add_sessions_to_url.php
+++ b/main/admin/access_url_add_sessions_to_url.php
@ -5,6 +5,7 @@
 *	It displays a list of users and a list of courses;
 *	you can select multiple users and courses and then click on
 *	@package chamilo.admin
+*	@author Julio Montoya <gugli100@gmail.com>
 */

 // name of the language file that needs to be included
@ -15,13 +16,13 @@ $this_section=SECTION_PLATFORM_ADMIN;

 require_once (api_get_path(LIBRARY_PATH).'urlmanager.lib.php');
 api_protect_admin_script();
-if (!$_configuration['multiple_access_urls'])
+if (!$_configuration['multiple_access_urls']) {
 	header('Location: index.php');
+	exit;
+}

 /*
-----------------------------------------------------------
 	Global constants and variables
-----------------------------------------------------------
 */

 $form_sent = 0;
@ -35,20 +36,12 @@ $tbl_access_url 			= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
 $tbl_user 					= Database :: get_main_table(TABLE_MAIN_USER);
 $tbl_session				= Database :: get_main_table(TABLE_MAIN_SESSION);

-/*
-----------------------------------------------------------
-	Header
-----------------------------------------------------------
-*/
+/*	Header	*/
 $tool_name = get_lang('AddSessionToURL');
 $interbreadcrumb[] = array ('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
 $interbreadcrumb[] = array ('url' => 'access_urls.php', 'name' => get_lang('MultipleAccessURLs'));

-/*
-==============================================================================
-		MAIN CODE
-==============================================================================
-*/
+/*		MAIN CODE	*/

 Display :: display_header($tool_name);
 echo '<div class="actions" style="height:22px;">';
@ -84,9 +77,7 @@ if ($_POST['form_sent']) {


 /*
-----------------------------------------------------------
 	Display GUI
-----------------------------------------------------------
 */
 /*
 if(empty($first_letter_user)) {
@ -172,9 +163,7 @@ unset($result);
 </form>
 <?php
 /*
-==============================================================================
 		FOOTER
-==============================================================================
 */
 Display :: display_footer();
 ?>
--- a/main/admin/access_url_add_users_to_url.php
+++ b/main/admin/access_url_add_users_to_url.php
@ -5,6 +5,7 @@
 *	It displays a list of users and a list of courses;
 *	you can select multiple users and courses and then click on
 *	@package chamilo.admin
+*	@author Julio Montoya <gugli100@gmail.com>
 */

 // name of the language file that needs to be included
@ -21,9 +22,7 @@ if (!$_configuration['multiple_access_urls']) {
 }

 /*
-----------------------------------------------------------
 	Global constants and variables
-----------------------------------------------------------
 */

 $form_sent = 0;
@ -37,21 +36,13 @@ $tbl_access_url_rel_user = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_
 $tbl_access_url = Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
 $tbl_user 		= Database :: get_main_table(TABLE_MAIN_USER);

-/*
-----------------------------------------------------------
-	Header
-----------------------------------------------------------
-*/
+/*	Header	*/
 $tool_name = get_lang('AddUsersToURL');
 $interbreadcrumb[] = array ('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
 $interbreadcrumb[] = array ('url' => 'access_urls.php', 'name' => get_lang('MultipleAccessURLs'));


-/*
-==============================================================================
-		MAIN CODE
-==============================================================================
-*/
+/*		MAIN CODE	*/

 Display :: display_header($tool_name);

@ -63,8 +54,6 @@ echo '</div>';

 api_display_tool_title($tool_name);

-
-
 if ($_POST['form_sent']) {
 	$form_sent = $_POST['form_sent'];
 	$users = is_array($_POST['user_list']) ? $_POST['user_list'] : array() ;
@ -90,11 +79,7 @@ if ($_POST['form_sent']) {



-/*
-----------------------------------------------------------
-	Display GUI
-----------------------------------------------------------
-*/
+/*	Display GUI	*/


 if(empty($first_letter_user)) {
@ -174,10 +159,6 @@ unset($result);
 </table>
 </form>
 <?php
-/*
-==============================================================================
-		FOOTER
-==============================================================================
-*/
+/*		FOOTER	*/
 Display :: display_footer();
 ?>
--- a/main/admin/access_url_edit.php
+++ b/main/admin/access_url_edit.php
@ -1,9 +1,9 @@
 <?php
 /* For licensing terms, see /license.txt */
-
 /**
- *	@package chamilo.admin
- */
+*	@package chamilo.admin
+*	@author Julio Montoya <gugli100@gmail.com>
+*/

 $language_file = 'admin';
 $cidReset = true;
@ -11,8 +11,9 @@ require_once '../inc/global.inc.php';
 $this_section = SECTION_PLATFORM_ADMIN;

 api_protect_admin_script();
-if (!$_configuration['multiple_access_urls'])
+if (!$_configuration['multiple_access_urls']) {
 	header('Location: index.php');
+}

 require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
 require_once api_get_path(LIBRARY_PATH).'security.lib.php';
--- a/main/admin/access_url_edit_courses_to_url.php
+++ b/main/admin/access_url_edit_courses_to_url.php
@ -2,6 +2,7 @@
 /* For licensing terms, see /license.txt */
 /**
 *	@package chamilo.admin
+*	@author Julio Montoya <gugli100@gmail.com>
 */


@ -26,8 +27,10 @@ $this_section = SECTION_PLATFORM_ADMIN;

 // Access restrictions
 api_protect_admin_script();
-if (!$_configuration['multiple_access_urls'])
+if (!$_configuration['multiple_access_urls']) {
 	header('Location: index.php');
+	exit;
+}


 // Database Table Definitions
--- a/main/admin/access_url_edit_sessions_to_url.php
+++ b/main/admin/access_url_edit_sessions_to_url.php
@ -2,6 +2,7 @@
 /* For licensing terms, see /license.txt */
 /**
 *	@package chamilo.admin
+*	@author Julio Montoya <gugli100@gmail.com>
 */


@ -13,7 +14,6 @@ $cidReset=true;

 // including some necessary dokeos files
 require_once '../inc/global.inc.php';
-
 require_once (api_get_path(LIBRARY_PATH).'urlmanager.lib.php');
 require_once (api_get_path(LIBRARY_PATH).'access_url_edit_sessions_to_url_functions.lib.php');

@ -26,8 +26,10 @@ $this_section = SECTION_PLATFORM_ADMIN;

 // Access restrictions
 api_protect_admin_script();
-if (!$_configuration['multiple_access_urls'])
+if (!$_configuration['multiple_access_urls']) {
 	header('Location: index.php');
+	exit;
+}


 // Database Table Definitions
--- a/main/admin/access_url_edit_users_to_url.php
+++ b/main/admin/access_url_edit_users_to_url.php
@ -2,6 +2,7 @@
 /* For licensing terms, see /license.txt */
 /**
 *	@package chamilo.admin
+*	@author Julio Montoya <gugli100@gmail.com>
 */


@ -13,7 +14,6 @@ $cidReset=true;

 // including some necessary dokeos files
 require_once '../inc/global.inc.php';
-
 require_once (api_get_path(LIBRARY_PATH).'urlmanager.lib.php');
 require_once ('../inc/lib/xajax/xajax.inc.php');
 $xajax = new xajax();
@ -25,8 +25,10 @@ $this_section = SECTION_PLATFORM_ADMIN;

 // Access restrictions
 api_protect_admin_script();
-if (!$_configuration['multiple_access_urls'])
+if (!$_configuration['multiple_access_urls']) {
 	header('Location: index.php');
+	exit;
+}


 // Database Table Definitions
--- a/main/admin/access_urls.php
+++ b/main/admin/access_urls.php
@ -2,6 +2,7 @@
 /* For licensing terms, see /license.txt */
 /**
 *	@package chamilo.admin
+*	@author Julio Montoya <gugli100@gmail.com>
 */

 // name of the language file that needs to be included
@ -11,10 +12,12 @@ require_once '../inc/global.inc.php';
 $this_section = SECTION_PLATFORM_ADMIN;

 api_protect_admin_script();
-if (!$_configuration['multiple_access_urls'])
+if (!$_configuration['multiple_access_urls']) {
 	header('Location: index.php');
+	exit;
+}

-$interbreadcrumb[] = array ("url" => 'index.php', "name" => get_lang('PlatformAdmin'));
+$interbreadcrumb[] = array ("url" => 'index.php', 'name' => get_lang('PlatformAdmin'));
 $tool_name = get_lang('MultipleAccessURLs');
 Display :: display_header($tool_name);

@ -161,10 +164,6 @@ function url_count_mask() {
 	return UrlManager::url_count();
 }

-/*
-==============================================================================
-		FOOTER
-==============================================================================
-*/
+/*		FOOTER	*/
 Display :: display_footer();
 ?>
--- a/main/admin/add_courses_to_session.php
+++ b/main/admin/add_courses_to_session.php
@ -1,11 +1,9 @@
 <?php //$id: $
-/* For licensing terms, see /dokeos_license.txt */
-/**
-==============================================================================
-*	@package dokeos.admin
-* 	@todo use formvalidator
-==============================================================================
-*/
+/* For licensing terms, see /license.txt */
+/**	
+ * @package chamilo.admin
+ * @todo use formvalidator
+ */

 // name of the language file that needs to be included
 $language_file='admin';
@ -436,10 +434,6 @@ function valide(){

 </script>
 <?php
-/*
-==============================================================================
-		FOOTER
-==============================================================================
-*/
+/*		FOOTER 	*/
 Display::display_footer();
 ?>
--- a/main/admin/course_information.php
+++ b/main/admin/course_information.php
@ -5,11 +5,7 @@
 * @author Bart Mollet
 * @package dokeos.admin
 */
-/*
-==============================================================================
-		INIT SECTION
-==============================================================================
-*/
+/*		INIT SECTION */

 // name of the language file that needs to be included
 $language_file = 'admin';
@ -25,7 +21,6 @@ api_protect_admin_script();
 */
 function get_course_usage($course_code, $session_id = 0)
 {
-
 	$table = Database::get_main_table(TABLE_MAIN_COURSE);
    $course_code = Database::escape_string($course_code);
 	$sql = "SELECT * FROM $table WHERE code='".$course_code."'";
@ -71,14 +66,13 @@ $res = Database::query($sql);
 $course = Database::fetch_object($res);
 $tool_name = $course->title.' ('.$course->visual_code.')';
 Display::display_header($tool_name);
-//api_display_tool_title($tool_name);
+
 ?>
-<p>
+<div class="actions">
 <a href="<?php echo api_get_path(WEB_COURSE_PATH).$course->directory; ?>"><?php Display::display_icon('course_home.gif', get_lang('CourseHomepage')); ?> <?php echo get_lang('CourseHomepage'); ?></a>
-<br/>
+</div>
 <?php
-if(api_get_setting('server_type') == 'test')
-{
+if(api_get_setting('server_type') == 'test') {
 	?>
 	<a href="course_create_content.php?course_code=<?php echo $course->code ?>"><?php echo get_lang('AddDummyContentToCourse') ?></a>
 	<?php
@ -92,7 +86,7 @@ echo '<blockquote>';

 $id_session = intval($_GET['id_session']);
 $table = new SortableTableFromArray(get_course_usage($course->code,$id_session),0,20,'usage_table');
-$table->set_additional_parameters(array ('code' => $_GET['code']));
+$table->set_additional_parameters(array ('code' => Security::remove_XSS($_GET['code'])));
 $table->set_other_tables(array('user_table','class_table'));
 $table->set_header(0,get_lang('Tool'), true);
 $table->set_header(1,get_lang('NumberOfItems'), true);
@ -111,8 +105,7 @@ $is_western_name_order = api_is_western_name_order();
 if (Database::num_rows($res) > 0)
 {
 	$users = array ();
-	while ($obj = Database::fetch_object($res))
-	{
+	while ($obj = Database::fetch_object($res)) {
 		$user = array ();
 		$user[] = $obj->official_code;
 		if ($is_western_name_order)
@ -154,6 +147,8 @@ else
 	echo get_lang('NoUsersInCourse');
 }
 echo '</blockquote>';
+
+/*@todo This should be dissapear classes are a deprecated feature*/ 
 /**
 * Show all classes subscribed in this course
 */
@ -180,15 +175,9 @@ if (Database::num_rows($res) > 0)
 	$table->set_header(1,'');
 	$table->display();
 	echo '</blockquote>';
-}
-else
-{
+} else {
 	echo '<p>'.get_lang('NoClassesForThisCourse').'</p>';
 }
-/*
-==============================================================================
-		FOOTER
-==============================================================================
-*/
+/*	FOOTER	*/
 Display::display_footer();
 ?>
--- a/main/admin/course_list.php
+++ b/main/admin/course_list.php
@ -1,33 +1,28 @@
 <?php // $Id: course_list.php 21855 2009-07-07 18:26:10Z juliomontoya $
-/* For licensing terms, see /dokeos_license.txt */
+/* For licensing terms, see /license.txt */
 /**
 * This script shows a list of courses and allows searching for courses codes
 * and names
- * @package dokeos.admin
+ * @package chamilo.admin
 */
-/*
-==============================================================================
-		INIT SECTION
-==============================================================================
-*/
+/*	INIT SECTION	*/

 // name of the language file that needs to be included
 $language_file = array('admin','courses');
 $cidReset = true;
-require ('../inc/global.inc.php');
+require_once '../inc/global.inc.php';
 $this_section = SECTION_PLATFORM_ADMIN;

 api_protect_admin_script();
-require_once (api_get_path(LIBRARY_PATH).'course.lib.php');
-require_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php');
-require_once (api_get_path(LIBRARY_PATH).'sortabletable.class.php');
+require_once api_get_path(LIBRARY_PATH).'course.lib.php';
+require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
+require_once api_get_path(LIBRARY_PATH).'sortabletable.class.php';
 require_once '../gradebook/lib/be/gradebookitem.class.php';
 require_once '../gradebook/lib/be/category.class.php';
 /**
 * Get the number of courses which will be displayed
 */
-function get_number_of_courses()
-{
+function get_number_of_courses() {
 	$course_table = Database :: get_main_table(TABLE_MAIN_COURSE);
 	$sql = "SELECT COUNT(code) AS total_number_of_items FROM $course_table";

@ -37,13 +32,10 @@ function get_number_of_courses()
    	$sql.= " INNER JOIN $access_url_rel_course_table url_rel_course ON (code=url_rel_course.course_code)";
    }

-	if (isset ($_GET['keyword']))
-	{
+	if (isset ($_GET['keyword'])) {
 		$keyword = Database::escape_string(trim($_GET['keyword']));
 		$sql .= " WHERE title LIKE '%".$keyword."%' OR code LIKE '%".$keyword."%' OR visual_code LIKE '%".$keyword."%'";
-	}
-	elseif (isset ($_GET['keyword_code']))
-	{
+	} elseif (isset ($_GET['keyword_code'])) {
 		$keyword_code = Database::escape_string($_GET['keyword_code']);
 		$keyword_title = Database::escape_string($_GET['keyword_title']);
 		$keyword_category = Database::escape_string($_GET['keyword_category']);
@ -180,8 +172,8 @@ if (isset ($_POST['action']))
 			break;
 	}
 }
-if (isset ($_GET['search']) && $_GET['search'] == 'advanced')
-{
+
+if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
 	// Get all course categories
 	$table_course_category = Database :: get_main_table(TABLE_MAIN_CATEGORY);
 	$interbreadcrumb[] = array ("url" => 'index.php', "name" => get_lang('PlatformAdmin'));
@ -267,26 +259,27 @@ else
 	if (isset ($_GET['keyword'])) {
 		$parameters = array ('keyword' => Security::remove_XSS($_GET['keyword']));
 	} elseif (isset ($_GET['keyword_code'])) {
-		$parameters['keyword_code'] =  Security::remove_XSS($_GET['keyword_code']);
-	 	$parameters['keyword_title'] = Security::remove_XSS($_GET['keyword_title']);
-		$parameters['keyword_category'] = Security::remove_XSS($_GET['keyword_category']);
-		$parameters['keyword_language'] = Security::remove_XSS($_GET['keyword_language']);
-		$parameters['keyword_visibility'] = Security::remove_XSS($_GET['keyword_visibility']);
-		$parameters['keyword_subscribe'] = Security::remove_XSS($_GET['keyword_subscribe']);
-		$parameters['keyword_unsubscribe'] = Security::remove_XSS($_GET['keyword_unsubscribe']);
+		$parameters['keyword_code'] 		= Security::remove_XSS($_GET['keyword_code']);
+	 	$parameters['keyword_title'] 		= Security::remove_XSS($_GET['keyword_title']);
+		$parameters['keyword_category'] 	= Security::remove_XSS($_GET['keyword_category']);
+		$parameters['keyword_language'] 	= Security::remove_XSS($_GET['keyword_language']);
+		$parameters['keyword_visibility'] 	= Security::remove_XSS($_GET['keyword_visibility']);
+		$parameters['keyword_subscribe'] 	= Security::remove_XSS($_GET['keyword_subscribe']);
+		$parameters['keyword_unsubscribe'] 	= Security::remove_XSS($_GET['keyword_unsubscribe']);
 	}

 	$table->set_additional_parameters($parameters);
-	$table->set_header(0, '', false);
+	
+	$table->set_header(0, '', false, 'width="8px"');
 	$table->set_header(1, get_lang('Code'));
 	$table->set_header(2, get_lang('Title'));
-	$table->set_header(3, get_lang('Language'));
+	$table->set_header(3, get_lang('Language'), true, 'width="70px"');
 	$table->set_header(4, get_lang('Category'));
-	$table->set_header(5, get_lang('SubscriptionAllowed'));
+	$table->set_header(5, get_lang('SubscriptionAllowed'), true,'width="60px"');
 	$table->set_header(6, get_lang('UnsubscriptionAllowed'),false,'width="50px"');
 	//$table->set_header(7, get_lang('IsVirtualCourse'));
 	$table->set_header(7, get_lang('Teacher'));
-	$table->set_header(8, get_lang('Action'), false,'width="130px"');
+	$table->set_header(8, get_lang('Action'), false,'width="145px"');
 	$table->set_column_filter(8,'modify_filter');
 	$table->set_form_actions(array ('delete_courses' => get_lang('DeleteCourse')),'course');
 	$table->display();