chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add database::escape_string, Security::remove_XSS

Browse Source
1.10.x
jmontoyaa 9 years ago
parent 3d62bc8afc
commit 52ef413e27
7 changed files with 36 additions and 37 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 11
      main/exercice/adminhp.php
  2. 17
      main/exercice/hotpotatoes_exercise_report.php
  3. 2
      main/exercice/hotpotatoes_exercise_result.class.php
  4. 15
      main/exercice/hotspot_admin.inc.php
  5. 4
      main/forum/forumqualify.php
  6. 6
      main/inc/lib/fileUpload.lib.php
  7. 18
      main/upload/upload.document.php

11
main/exercice/adminhp.php
Unescape View File

@ -20,18 +20,17 @@ if (isset($_REQUEST["cancel"])) {
} }
$newName = !empty($_REQUEST['newName']) ? $_REQUEST['newName'] : ''; $newName = !empty($_REQUEST['newName']) ? $_REQUEST['newName'] : '';
$hotpotatoesName = !empty($_REQUEST['hotpotatoesName']) ? $_REQUEST['hotpotatoesName'] : ''; $hotpotatoesName = !empty($_REQUEST['hotpotatoesName']) ? Security::remove_XSS($_REQUEST['hotpotatoesName']) : '';
$is_allowedToEdit = api_is_allowed_to_edit(null,true);
$is_allowedToEdit=api_is_allowed_to_edit(null,true);
// document path // document path
$documentPath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document'; $documentPath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document';
// picture path // picture path
$picturePath=$documentPath.'/images'; $picturePath = $documentPath.'/images';
// audio path // audio path
$audioPath=$documentPath.'/audio'; $audioPath = $documentPath.'/audio';
// Database table definitions // Database table definitions
if (!$is_allowedToEdit) { if (!$is_allowedToEdit) {
@ -39,7 +38,7 @@ if (!$is_allowedToEdit) {
} }
if (isset($_SESSION['gradebook'])) { if (isset($_SESSION['gradebook'])) {
$gradebook= $_SESSION['gradebook']; $gradebook = $_SESSION['gradebook'];
} }
if (!empty($gradebook) && $gradebook == 'view') { if (!empty($gradebook) && $gradebook == 'view') {

17
main/exercice/hotpotatoes_exercise_report.php
Unescape View File

@ -1,5 +1,8 @@
<?php <?php
/* For licensing terms, see /license.txt */ /* For licensing terms, see /license.txt */
use ChamiloSession as Session;
/** /**
* Exercise list: This script shows the list of exercises for administrators and students. * Exercise list: This script shows the list of exercises for administrators and students.
* @package chamilo.exercise * @package chamilo.exercise
@ -7,15 +10,12 @@
* *
*/ */
use ChamiloSession as Session;
// including the global library
require_once '../inc/global.inc.php'; require_once '../inc/global.inc.php';
// Setting the tabs // Setting the tabs
$this_section = SECTION_COURSES; $this_section = SECTION_COURSES;
$htmlHeadXtra[] = api_get_jqgrid_js(); $htmlHeadXtra[] = api_get_jqgrid_js();
$_course = api_get_course_info();
// Access control // Access control
api_protect_course_script(true, false, true); api_protect_course_script(true, false, true);
@ -23,7 +23,6 @@ api_protect_course_script(true, false, true);
// including additional libraries // including additional libraries
require_once 'hotpotatoes.lib.php'; require_once 'hotpotatoes.lib.php';
// document path // document path
$documentPath = api_get_path(SYS_COURSE_PATH).$_course['path']."/document"; $documentPath = api_get_path(SYS_COURSE_PATH).$_course['path']."/document";
@ -37,7 +36,7 @@ $TBL_TRACK_HOTPOTATOES_EXERCISES = Database :: get_main_table(TABLE_STATISTIC_TR
$TBL_LP_ITEM_VIEW = Database :: get_course_table(TABLE_LP_ITEM_VIEW); $TBL_LP_ITEM_VIEW = Database :: get_course_table(TABLE_LP_ITEM_VIEW);
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$hotpotatoes_path = isset($_REQUEST['path']) ? $_REQUEST['path'] : null; $hotpotatoes_path = isset($_REQUEST['path']) ? Security::remove_XSS($_REQUEST['path']) : null;
$filter_user = isset($_REQUEST['filter_by_user']) ? intval($_REQUEST['filter_by_user']) : null; $filter_user = isset($_REQUEST['filter_by_user']) ? intval($_REQUEST['filter_by_user']) : null;
if (empty($hotpotatoes_path)) { if (empty($hotpotatoes_path)) {
@ -73,10 +72,12 @@ $actions = null;
if ($is_allowedToEdit && $origin != 'learnpath') { if ($is_allowedToEdit && $origin != 'learnpath') {
// the form // the form
if (api_is_platform_admin() || api_is_course_admin() || api_is_course_tutor() || api_is_course_coach()) { if (api_is_platform_admin() || api_is_course_admin() || api_is_course_tutor() || api_is_course_coach()) {
$actions .= '<a id="export_opener" href="'.api_get_self().'?export_report=1&path='.Security::remove_XSS($hotpotatoes_path).' ">'.Display::return_icon('save.png', get_lang('Export'),'',ICON_SIZE_MEDIUM).'</a>'; $actions .= '<a id="export_opener" href="'.api_get_self().'?export_report=1&path='.$hotpotatoes_path.' ">'.
Display::return_icon('save.png', get_lang('Export'),'',ICON_SIZE_MEDIUM).'</a>';
} }
} else { } else {
$actions .= '<a href="exercise.php">' . Display :: return_icon('back.png', get_lang('GoBackToQuestionList'),'',ICON_SIZE_MEDIUM).'</a>'; $actions .= '<a href="exercise.php">' .
Display :: return_icon('back.png', get_lang('GoBackToQuestionList'),'',ICON_SIZE_MEDIUM).'</a>';
} }
if ($is_allowedToEdit) { if ($is_allowedToEdit) {

2
main/exercice/hotpotatoes_exercise_result.class.php
Unescape View File

@ -121,7 +121,7 @@ class HotpotatoesExerciseResult
* @param boolean Whether to include user fields or not * @param boolean Whether to include user fields or not
* @return boolean False on error * @return boolean False on error
*/ */
public function exportCompleteReportCSV($document_path='', $hotpotato_name) public function exportCompleteReportCSV($document_path = '', $hotpotato_name)
{ {
global $charset; global $charset;
$this->getExercisesReporting($document_path, $hotpotato_name); $this->getExercisesReporting($document_path, $hotpotato_name);

15
main/exercice/hotspot_admin.inc.php
Unescape View File

@ -1,13 +1,14 @@
<?php <?php
/* For licensing terms, see /license.txt */ /* For licensing terms, see /license.txt */
use \ChamiloSession as Session;
/** /**
* This script allows to manage answers. It is included from the * This script allows to manage answers. It is included from the
* script admin.php * script admin.php
* @package chamilo.exercise * @package chamilo.exercise
* @author Toon Keppens * @author Toon Keppens
*/ */
use \ChamiloSession as Session;
$modifyAnswers = intval($_GET['hotspotadmin']); $modifyAnswers = intval($_GET['hotspotadmin']);
@ -246,11 +247,11 @@ if ($submitAnswers || $buttonBack) {
} // end for() } // end for()
//now the noerror section //now the noerror section
$selectQuestionNoError = $_POST['select_question_noerror']; $selectQuestionNoError = Security::remove_XSS($_POST['select_question_noerror']);
$lp_noerror = $_POST['lp_noerror']; $lp_noerror = Security::remove_XSS($_POST['lp_noerror']);
$try_noerror = isset($_POST['try_noerror']) ? $_POST['try_noerror'] : null; $try_noerror = isset($_POST['try_noerror']) ? Security::remove_XSS($_POST['try_noerror']) : null;
$url_noerror = $_POST['url_noerror']; $url_noerror = Security::remove_XSS($_POST['url_noerror']);
$comment_noerror = $_POST['comment_noerror']; $comment_noerror = Security::remove_XSS($_POST['comment_noerror']);
$threadhold_total = '0;0;0'; $threadhold_total = '0;0;0';
if ($try_noerror == 'on') { if ($try_noerror == 'on') {
@ -292,6 +293,7 @@ if ($submitAnswers || $buttonBack) {
if ($weighting[$i]) { if ($weighting[$i]) {
$questionWeighting+=$weighting[$i]; $questionWeighting+=$weighting[$i];
} }
// creates answer // creates answer
$objAnswer->createAnswer( $objAnswer->createAnswer(
$reponse[$i], $reponse[$i],
@ -324,7 +326,6 @@ if ($submitAnswers || $buttonBack) {
$editQuestion = $questionId; $editQuestion = $questionId;
unset($modifyAnswers); unset($modifyAnswers);
echo '<script type="text/javascript">window.location.href="' . $hotspot_admin_url . '&message=ItemUpdated"</script>'; echo '<script type="text/javascript">window.location.href="' . $hotspot_admin_url . '&message=ItemUpdated"</script>';
} }
} }

4
main/forum/forumqualify.php
Unescape View File

@ -171,7 +171,7 @@ if ($allowToQualify) {
// Show max qualify in my form // Show max qualify in my form
$maxQualify = showQualify('2', $userIdToQualify, $threadId); $maxQualify = showQualify('2', $userIdToQualify, $threadId);
$score = isset($_POST['idtextqualify']) ? $_POST['idtextqualify'] : ''; $score = isset($_POST['idtextqualify']) ? Security::remove_XSS($_POST['idtextqualify']) : '';
if ($score > $maxQualify) { if ($score > $maxQualify) {
Display:: display_error_message( Display:: display_error_message(
@ -292,7 +292,7 @@ if ($allowToQualify) {
$realname = $attachment_list['path']; $realname = $attachment_list['path'];
$user_filename = $attachment_list['filename']; $user_filename = $attachment_list['filename'];
echo Display::return_icon('attachment.gif',get_lang('Attachment')); echo Display::return_icon('attachment.gif', get_lang('Attachment'));
echo '<a href="download.php?file='; echo '<a href="download.php?file=';
echo $realname; echo $realname;
echo ' "> '.$user_filename.' </a>'; echo ' "> '.$user_filename.' </a>';

6
main/inc/lib/fileUpload.lib.php
Unescape View File

@ -1202,7 +1202,7 @@ function filter_extension(&$filename)
* @param int $group_id * @param int $group_id
* @param int $session_id Session ID, if any * @param int $session_id Session ID, if any
* @param int $userId creator id * @param int $userId creator id
* *
* @return int id if inserted document * @return int id if inserted document
*/ */
function add_document( function add_document(
@ -1542,13 +1542,12 @@ function create_unexisting_directory(
WHERE WHERE
c_id = $course_id AND c_id = $course_id AND
( (
path = '" . $systemFolderName . "' path = '" . Database::escape_string($systemFolderName). "'
) )
"; ";
$rs = Database::query($sql); $rs = Database::query($sql);
if (Database::num_rows($rs) == 0) { if (Database::num_rows($rs) == 0) {
$document_id = add_document( $document_id = add_document(
$_course, $_course,
$systemFolderName, $systemFolderName,
@ -1566,7 +1565,6 @@ function create_unexisting_directory(
if ($document_id) { if ($document_id) {
// Update document item_property // Update document item_property
if (!empty($visibility)) { if (!empty($visibility)) {
$visibilities = array( $visibilities = array(
0 => 'invisible', 0 => 'invisible',
1 => 'visible', 1 => 'visible',

18
main/upload/upload.document.php
Unescape View File

@ -10,6 +10,7 @@
* @author Yannick Warnier <ywarnier@beeznest.org> * @author Yannick Warnier <ywarnier@beeznest.org>
*/ */
$_course = api_get_course_info();
$courseDir = $_course['path'] . "/document"; $courseDir = $_course['path'] . "/document";
$sys_course_path = api_get_path(SYS_COURSE_PATH); $sys_course_path = api_get_path(SYS_COURSE_PATH);
$base_work_dir = $sys_course_path . $courseDir; $base_work_dir = $sys_course_path . $courseDir;
@ -18,7 +19,7 @@ $max_filled_space = DocumentManager::get_course_quota();
//what's the current path? //what's the current path?
if (isset($_POST['curdirpath'])) { if (isset($_POST['curdirpath'])) {
$path = $_POST['curdirpath']; $path = Security::remove_XSS($_POST['curdirpath']);
} else { } else {
$path = '/'; $path = '/';
} }
@ -34,7 +35,7 @@ if (!DocumentManager::get_document_id($_course, $path)) {
*/ */
$nameTools = get_lang('UplUploadDocument'); $nameTools = get_lang('UplUploadDocument');
$interbreadcrumb[] = array( $interbreadcrumb[] = array(
"url" => "./document.php?curdirpath=" . urlencode($path) . '&'.api_get_cidreq(), "url" => api_get_path(WEB_CODE_PATH)."document/document.php?curdirpath=" . urlencode($path) . '&'.api_get_cidreq(),
"name" => $langDocuments "name" => $langDocuments
); );
Display::display_header($nameTools, "Doc"); Display::display_header($nameTools, "Doc");
@ -54,14 +55,14 @@ if (isset($_FILES['user_upload'])) {
$_FILES['user_upload'], $_FILES['user_upload'],
$base_work_dir, $base_work_dir,
$_POST['curdirpath'], $_POST['curdirpath'],
$_user['user_id'], api_get_user_id(),
$to_group_id, $to_group_id,
$to_user_id, $to_user_id,
$_POST['unzip'], $_POST['unzip'],
$_POST['if_exists'] $_POST['if_exists']
); );
$new_comment = isset($_POST['comment']) ? trim($_POST['comment']) : ''; $new_comment = isset($_POST['comment']) ? Database::escape_string(trim($_POST['comment'])) : '';
$new_title = isset($_POST['title']) ? trim($_POST['title']) : ''; $new_title = isset($_POST['title']) ? Database::escape_string(trim($_POST['title'])) : '';
if ($new_path && ($new_comment || $new_title)) if ($new_path && ($new_comment || $new_title))
if (($docid = DocumentManager::get_document_id($_course, $new_path))) { if (($docid = DocumentManager::get_document_id($_course, $new_path))) {
@ -99,7 +100,7 @@ if (isset($_POST['submit_image'])) {
$img_directory = str_replace('.', '_', $_POST['related_file']."_files"); $img_directory = str_replace('.', '_', $_POST['related_file']."_files");
$folderData = create_unexisting_directory( $folderData = create_unexisting_directory(
$_course, $_course,
$_user['user_id'], api_get_user_id(),
api_get_session_id(), api_get_session_id(),
$to_group_id, $to_group_id,
$to_user_id, $to_user_id,
@ -131,11 +132,11 @@ if (isset($_POST['submit_image'])) {
} }
//they want to create a directory //they want to create a directory
if (isset($_POST['create_dir']) && $_POST['dirname']!='') { if (isset($_POST['create_dir']) && $_POST['dirname']!='') {
$added_slash = ($path == '/') ? '' : '/'; $added_slash = $path == '/' ? '' : '/';
$dir_name = $path.$added_slash.api_replace_dangerous_char($_POST['dirname']); $dir_name = $path.$added_slash.api_replace_dangerous_char($_POST['dirname']);
$created_dir = create_unexisting_directory( $created_dir = create_unexisting_directory(
$_course, $_course,
$_user['user_id'], api_get_user_id(),
api_get_session_id(), api_get_session_id(),
$to_group_id, $to_group_id,
$to_user_id, $to_user_id,
@ -206,7 +207,6 @@ if (isset($_GET['createdir'])) {
&nbsp;&nbsp;&nbsp;<input type="radio" name="if_exists" value="nothing" title="<?php echo (get_lang('UplDoNothingLong'));?>" checked="checked"/> <?php echo (get_lang('UplDoNothing'));?><br/> &nbsp;&nbsp;&nbsp;<input type="radio" name="if_exists" value="nothing" title="<?php echo (get_lang('UplDoNothingLong'));?>" checked="checked"/> <?php echo (get_lang('UplDoNothing'));?><br/>
&nbsp;&nbsp;&nbsp;<input type="radio" name="if_exists" value="overwrite" title="<?php echo (get_lang('UplOverwriteLong'));?>"/> <?php echo (get_lang('UplOverwrite'));?><br/> &nbsp;&nbsp;&nbsp;<input type="radio" name="if_exists" value="overwrite" title="<?php echo (get_lang('UplOverwriteLong'));?>"/> <?php echo (get_lang('UplOverwrite'));?><br/>
&nbsp;&nbsp;&nbsp;<input type="radio" name="if_exists" value="rename" title="<?php echo (get_lang('UplRenameLong'));?>"/> <?php echo (get_lang('UplRename'));?> &nbsp;&nbsp;&nbsp;<input type="radio" name="if_exists" value="rename" title="<?php echo (get_lang('UplRenameLong'));?>"/> <?php echo (get_lang('UplRename'));?>
</td> </td>
</tr> </tr>
</table> </table>

Write Preview
Loading…
Cancel
Save