diff --git a/main/forum/forumfunction.inc.php b/main/forum/forumfunction.inc.php index 806db2de40..a2d8ad16a2 100755 --- a/main/forum/forumfunction.inc.php +++ b/main/forum/forumfunction.inc.php @@ -3175,10 +3175,6 @@ function prepare4display($input='') { } return api_html_entity_decode(stripslashes($input)); } else { - /*foreach ($input as $key=>$value) - { - $returnarray[$key]=stripslashes($value); - }*/ $returnarray=array_walk($input, 'api_html_entity_decode'); $returnarray=array_walk($input, 'stripslashes'); return $returnarray; diff --git a/main/forum/viewthread.php b/main/forum/viewthread.php index c5a77aad0f..438fa2a0eb 100755 --- a/main/forum/viewthread.php +++ b/main/forum/viewthread.php @@ -1,12 +1,7 @@ , Ghent University -* @Copyright Ghent University -* @Copyright Patrick Cool -* -* @package dokeos.forum +* @package chamilo.forum */ // name of the language file that needs to be included $language_file = array ('forum','group'); diff --git a/main/forum/viewthread_flat.inc.php b/main/forum/viewthread_flat.inc.php index 64b2ca2cad..6cdc649582 100755 --- a/main/forum/viewthread_flat.inc.php +++ b/main/forum/viewthread_flat.inc.php @@ -1,8 +1,9 @@ \n"; - // the style depends on the status of the message: approved or not - if ($row['visible']=='0') { - $titleclass='forum_message_post_title_2_be_approved'; - $messageclass='forum_message_post_text_2_be_approved'; - $leftclass='forum_message_left_2_be_approved'; - } else { - $titleclass='forum_message_post_title'; - $messageclass='forum_message_post_text'; - $leftclass='forum_message_left'; - } - - echo "\t\n"; - echo "\t\t"; - if ($row['user_id']=='0') { - $name=prepare4display($row['poster_name']); - } else { - $name=api_get_person_name($row['firstname'], $row['lastname']); - } - if($origin!='learnpath') { - if (api_get_course_setting('allow_user_image_forum')) { - echo '
'.display_user_image($row['user_id'],$name).'
'; + $rows=get_posts($current_thread['thread_id']); + $increment=0; + foreach ($rows as $row) { + echo "\n"; + // the style depends on the status of the message: approved or not + if ($row['visible']=='0') { + $titleclass='forum_message_post_title_2_be_approved'; + $messageclass='forum_message_post_text_2_be_approved'; + $leftclass='forum_message_left_2_be_approved'; + } else { + $titleclass='forum_message_post_title'; + $messageclass='forum_message_post_text'; + $leftclass='forum_message_left'; } - echo display_user_link($row['user_id'], $name).'
'; - } else { - echo $name. '
'; - } - echo api_convert_and_format_date($row['post_date'], null, date_default_timezone_get()).'

'; - // get attach id - $attachment_list=get_attachment($row['post_id']); - $id_attach = !empty($attachment_list)?$attachment_list['id']:''; - // The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum - // The course admin him/herself can do this off course always - if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) { - if (api_is_allowed_to_session_edit(false,true)) - echo "".icon('../img/edit.gif',get_lang('Edit'))."\n"; - } - - if ($origin != 'learnpath') { - if (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) { - echo "".icon('../img/delete.gif',get_lang('Delete'))."\n"; - display_visible_invisible_icon('post', $row['post_id'], $row['visible'],array('forum'=>Security::remove_XSS($_GET['forum']),'thread'=>Security::remove_XSS($_GET['thread']), 'origin'=>$origin )); - echo "\n"; - if ($increment>0) { - echo "".icon('../img/deplacer_fichier.gif',get_lang('MovePost'))."\n"; - } + + echo "\t\n"; + echo "\t\t\n"; + // show the + if (isset($whatsnew_post_info[$current_forum['forum_id']][$current_thread['thread_id']][$row['post_id']]) and !empty($whatsnew_post_info[$current_forum['forum_id']][$current_thread['thread_id']][$row['post_id']]) and !empty($whatsnew_post_info[$_GET['forum']][$row['thread_id']])) { + $post_image=icon('../img/forumpostnew.gif'); + } else { + $post_image=icon('../img/forumpost.gif'); } - if ($current_thread['locked']==1) { - echo get_lang('ThreadLocked').'
'; + if ($row['post_notification']=='1' AND $row['poster_id']==$_user['user_id']) { + $post_image.=icon('../img/forumnotification.gif',get_lang('YouWillBeNotified')); } - } - echo "\n"; - // show the - if (isset($whatsnew_post_info[$current_forum['forum_id']][$current_thread['thread_id']][$row['post_id']]) and !empty($whatsnew_post_info[$current_forum['forum_id']][$current_thread['thread_id']][$row['post_id']]) and !empty($whatsnew_post_info[$_GET['forum']][$row['thread_id']])) { - $post_image=icon('../img/forumpostnew.gif'); - } else { - $post_image=icon('../img/forumpost.gif'); - } - if ($row['post_notification']=='1' AND $row['poster_id']==$_user['user_id']) { - $post_image.=icon('../img/forumnotification.gif',get_lang('YouWillBeNotified')); - } - // The post title - echo "\t\t\n"; - echo "\t\n"; + // The post title + echo "\t\t\n"; + echo "\t\n"; + + // The post message + echo "\t\n"; + echo "\t\t\n"; + echo "\t\n"; - // The post message - echo "\t\n"; - echo "\t\t\n"; - echo "\t\n"; - - // The check if there is an attachment - - $attachment_list=get_attachment($row['post_id']); - if (!empty($attachment_list)) { - echo ''; } - echo ''; - } - - // The post has been displayed => it can be removed from the what's new array - unset($whatsnew_post_info[$current_forum['forum_id']][$current_thread['thread_id']][$row['post_id']]); - unset($whatsnew_post_info[$current_forum['forum_id']][$current_thread['thread_id']]); - unset($_SESSION['whatsnew_post_info'][$current_forum['forum_id']][$current_thread['thread_id']][$row['post_id']]); - unset($_SESSION['whatsnew_post_info'][$current_forum['forum_id']][$current_thread['thread_id']]); - echo "
"; + if ($row['user_id']=='0') { + $name=prepare4display($row['poster_name']); + } else { + $name=api_get_person_name($row['firstname'], $row['lastname']); } - } - - $userinf=api_get_user_info($row['user_id']); - $user_status=api_get_status_of_user_in_course($row['user_id'],api_get_course_id()); - $current_qualify_thread=show_qualify('1',$_GET['cidReq'],$_GET['forum'],$row['poster_id'],$_GET['thread']); - if (api_is_allowed_to_edit(null,true) && $origin != 'learnpath') { - if( isset($_GET['gradebook'])){ - if ($increment>0 && $user_status!=1 ) { - $info_thread=get_thread_information(Security::remove_XSS($_GET['thread'])); - echo "".icon('../img/new_test_small.gif',get_lang('Qualify'))."\n"; - } + if($origin!='learnpath') { + if (api_get_course_setting('allow_user_image_forum')) { + echo '
'.display_user_image($row['user_id'],$name).'
'; + } + echo display_user_link($row['user_id'], $name).'
'; } else { - if ($increment>0 && $user_status!=1 ) { - echo "".icon('../img/new_test_small.gif',get_lang('Qualify'))."\n"; + echo $name. '
'; + } + echo api_convert_and_format_date($row['post_date'], null, date_default_timezone_get()).'

'; + // get attach id + $attachment_list=get_attachment($row['post_id']); + $id_attach = !empty($attachment_list)?$attachment_list['id']:''; + // The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum + // The course admin him/herself can do this off course always + if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) { + if (api_is_allowed_to_session_edit(false,true)) + echo "".icon('../img/edit.gif',get_lang('Edit'))."\n"; + } + + if ($origin != 'learnpath') { + if (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) { + echo "".icon('../img/delete.gif',get_lang('Delete'))."\n"; + display_visible_invisible_icon('post', $row['post_id'], $row['visible'],array('forum'=>Security::remove_XSS($_GET['forum']),'thread'=>Security::remove_XSS($_GET['thread']), 'origin'=>$origin )); + echo "\n"; + if ($increment>0) { + echo "".icon('../img/deplacer_fichier.gif',get_lang('MovePost'))."\n"; + } } } - } - //echo '

'; - if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit(false,true)) { - if ($_user['user_id'] OR ($current_forum['allow_anonymous']==1 AND !$_user['user_id'])) { - if (!api_is_anonymous() && api_is_allowed_to_session_edit(false,true)) { - echo ''.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage'))."\n"; - echo ''.Display :: return_icon('quote.gif', get_lang('QuoteMessage'))."\n"; + + $userinf = api_get_user_info($row['user_id']); + $user_status = api_get_status_of_user_in_course($row['user_id'],api_get_course_id()); + $current_qualify_thread = show_qualify('1',$_GET['cidReq'],$_GET['forum'],$row['poster_id'],$_GET['thread']); + if (api_is_allowed_to_edit(null,true) && $origin != 'learnpath') { + if( isset($_GET['gradebook'])){ + if ($increment>0 && $user_status!=1 ) { + $info_thread=get_thread_information(Security::remove_XSS($_GET['thread'])); + echo "".icon('../img/new_test_small.gif',get_lang('Qualify'))."\n"; + } + } else { + if ($increment>0 && $user_status!=1 ) { + echo "".icon('../img/new_test_small.gif',get_lang('Qualify'))."\n"; + } } } - } else { - if ($current_forum_category['locked']==1) { - echo get_lang('ForumcategoryLocked').'
'; + //echo '

'; + if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit(false,true)) { + if ($_user['user_id'] OR ($current_forum['allow_anonymous']==1 AND !$_user['user_id'])) { + if (!api_is_anonymous() && api_is_allowed_to_session_edit(false,true)) { + echo ''.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage'))."\n"; + echo ''.Display :: return_icon('quote.gif', get_lang('QuoteMessage'))."\n"; + } + } + } else { + if ($current_forum_category['locked']==1) { + echo get_lang('ForumcategoryLocked').'
'; + } + if ($current_forum['locked']==1) { + echo get_lang('ForumLocked').'
'; + } + if ($current_thread['locked']==1) { + echo get_lang('ThreadLocked').'
'; + } } - if ($current_forum['locked']==1) { - echo get_lang('ForumLocked').'
'; + echo "		".prepare4display(Security::remove_XSS($row['post_title'], STUDENT))."
".prepare4display(Security::remove_XSS($row['post_title'], STUDENT))."
".prepare4display(Security::remove_XSS($row['post_text'], STUDENT))."
".prepare4display(Security::remove_XSS($row['post_text'], STUDENT))."
'; - $realname=$attachment_list['path']; - $user_filename=$attachment_list['filename']; - - echo Display::return_icon('attachment.gif',get_lang('Attachment')); - echo ' '.$user_filename.' '; - echo ''.$attachment_list['comment'].''; - if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) { - echo '  '.Display::return_icon('delete.gif',get_lang('Delete')).'
'; + // The check if there is an attachment + + $attachment_list=get_attachment($row['post_id']); + if (!empty($attachment_list)) { + echo '
'; + $realname=$attachment_list['path']; + $user_filename=$attachment_list['filename']; + + echo Display::return_icon('attachment.gif',get_lang('Attachment')); + echo ' '.$user_filename.' '; + echo ''.$attachment_list['comment'].''; + if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) { + echo '  '.Display::return_icon('delete.gif',get_lang('Delete')).'
'; + } + echo '
"; - $increment++; -} -} + + // The post has been displayed => it can be removed from the what's new array + unset($whatsnew_post_info[$current_forum['forum_id']][$current_thread['thread_id']][$row['post_id']]); + unset($whatsnew_post_info[$current_forum['forum_id']][$current_thread['thread_id']]); + unset($_SESSION['whatsnew_post_info'][$current_forum['forum_id']][$current_thread['thread_id']][$row['post_id']]); + unset($_SESSION['whatsnew_post_info'][$current_forum['forum_id']][$current_thread['thread_id']]); + echo ""; + $increment++; + } +} \ No newline at end of file diff --git a/main/inc/lib/security.lib.php b/main/inc/lib/security.lib.php index 8f6698433c..9c6106d1c1 100644 --- a/main/inc/lib/security.lib.php +++ b/main/inc/lib/security.lib.php @@ -18,10 +18,9 @@ * For basic filtering, use filter() * For files inclusions (using dynamic paths) use check_rel_path() and check_abs_path() * -* @package dokeos.library +* @package chamilo.library * @author Yannick Warnier */ - /** * Security class * @@ -32,8 +31,6 @@ * a new Security object and using $secure->filter($new_var,[more options]) * and then using $secure->clean['var'] as a filtered equivalent, although * this is *not* mandatory at all. - * - * @author Yannick Warnier */ class Security { public static $clean = array();