chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r17472] Improved language translation and SQL filtering (FS#3387)

Browse Source
skala
Yannick Warnier 17 years ago
parent c3daa53ad3
commit 536d808945
2 changed files with 24 additions and 19 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 16
      main/notebook/index.php
  2. 27
      main/notebook/notebookfunction.inc.php

16
main/notebook/index.php
Unescape View File

@ -33,7 +33,7 @@ $icon_delete ='delete.gif';
//---------------------------------------------------------
echo '<a href="index.php?action=addnotebook">'.Display::return_icon($icon_add,get_lang('NewNotebook')).get_lang('NewNotebook').'</a>';
echo '<a href="index.php?action=addnotebook">'.Display::return_icon($icon_add,get_lang('NewNote')).get_lang('NewNote').'</a>';
if (isset($_REQUEST['action']) && $_REQUEST['action']=='addnotebook') {
echo '<table class="notebook-add-form" id="notebook-add">';
@ -41,8 +41,8 @@ if (isset($_REQUEST['action']) && $_REQUEST['action']=='addnotebook') {
echo '<form name="frm_add_notebook" method="post">';
echo '<input type="hidden" name="sec_token" value="'.$stok.'" />';
echo '<input type="hidden" name="action" value="addnotebook">';
echo '<div class="add-desc-notebook"><textarea class="style-add-textarea" rows="5" cols="80" name="description" maxlength="255" onfocus="this.value=\'\';document.getElementById(\'msg_add_error\').style.display=\'none\';"><<'.get_lang("WriteHereYourNote").'>></textarea></div>';
echo '<div class="action_notebook"><input type="button" value="'.get_lang('Ok').'" onclick="return add_notebook()"><input type="button" value="'.get_lang('Cancel').'" onclick="document.getElementById(\'notebook-add\').style.display = \'none\';document.getElementById(\'msg_add_error\').style.display=\'none\';"></div>';
echo '<div class="add-desc-notebook"><textarea class="style-add-textarea" rows="5" cols="80" name="description" maxlength="255" onfocus="this.value=\'\';document.getElementById(\'msg_add_error\').style.display=\'none\';"><<'.get_lang('WriteYourNoteHere').'>></textarea></div>';
echo '<div class="action_notebook"><input type="button" value="'.get_lang('SaveNote').'" onclick="return add_notebook()"><input type="button" value="'.get_lang('Cancel').'" onclick="document.getElementById(\'notebook-add\').style.display = \'none\';document.getElementById(\'msg_add_error\').style.display=\'none\';"></div>';
echo '<span class="msg_error" id="msg_add_error"></span>';
echo '</form>';
echo '</td></tr>';
@ -58,7 +58,7 @@ if ($ctok==$_POST['sec_token']) {
$description = Security::remove_XSS($_REQUEST['description']);
$add_notebook= add_notebook_details($user_id,$course_id,$session_id,$description,$date);
if($add_notebook) {
Display::display_confirmation_message(get_lang('NotebookAdded'));
Display::display_confirmation_message(get_lang('NoteCreated'));
}
}
}
@ -72,7 +72,7 @@ if ($ctok==$_POST['sec_token']) {
$description = Security::remove_XSS($_REQUEST['upd_description']);
$edit_notebook= edit_notebook_details($notebook_id,$user_id,$course_id,$session_id,$description,$date);
if($edit_notebook) {
Display::display_confirmation_message(get_lang('NotebookUpdated'));
Display::display_confirmation_message(get_lang('NoteUpdated'));
}
}
@ -86,7 +86,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_notebook'){
$notebook_id = Security::remove_XSS($_REQUEST['notebook_id']);
$delete_notebook = delete_notebook_details($notebook_id);
if($delete_notebook) {
Display::display_confirmation_message(get_lang('NotebookDeleted'));
Display::display_confirmation_message(get_lang('NoteDeleted'));
}
}
@ -112,7 +112,7 @@ while ($row_notebook_list=Database::fetch_array($notebook_list)){
echo '<form name="frm_edit_notebook" action="index.php" method="post"><input type="hidden" name="upd_notebook_id" value="'.$notebook_id.'" />';
echo '<input type="hidden" name="sec_token" value="'.$stok.'" />';
echo '<div class="upd-desc-notebook"><textarea class="style-edit-textarea" rows="4" cols="120" name="upd_description" maxlength="255" onfocus="this.select()">'.$row_notebook_list['description'].'</textarea></div>';
echo '<div class="action_notebook"><input type="button" value="'.get_lang('Ok').'" onclick="edit_notebook()"><input type="button" value="'.get_lang('Cancel').'" onclick="edit_cancel_notebook()"></div>';
echo '<div class="action_notebook"><input type="button" value="'.get_lang('SaveNote').'" onclick="edit_notebook()"><input type="button" value="'.get_lang('Cancel').'" onclick="edit_cancel_notebook()"></div>';
echo '<span class="msg_error" id="msg_edit_error"></span>';
echo '</form></div>';
} else {
@ -121,7 +121,7 @@ while ($row_notebook_list=Database::fetch_array($notebook_list)){
echo '<span><a href="index.php?action=edit_notebook&notebook_id='.$row_notebook_list['notebook_id'].'#note-'.$row_notebook_list['notebook_id'].'" >'.Display::return_icon($icon_edit,get_lang('Edit')).'</a>&nbsp;';
echo '<a href="index.php?action=delete_notebook&notebook_id='.$row_notebook_list['notebook_id'].'" onclick="return confirmation(\''.$title.'\');">'.Display::return_icon($icon_delete,get_lang('Edit')).'</a></span>';
if ( $row_notebook_list['status']==1 ) {
echo '&nbsp;&nbsp;<span class="date_information">'.get_lang('EndDate').'&nbsp;:&nbsp;'.$row_notebook_list['end_date'].'</span>';
echo '&nbsp;&nbsp;<span class="date_information">'.get_lang('LastUpdateDate').'&nbsp;:&nbsp;'.$row_notebook_list['end_date'].'</span>';
}
echo '</div>';
}

27
main/notebook/notebookfunction.inc.php
Unescape View File

@ -5,9 +5,6 @@
* @author Christian Fasanando
* This library enables maintenance of the notebook tool
*/
/**
* This function retrieves notebook details by users
* @return array Array of type ([notebook_id=>a,user_id=>b,course=>c,session_id=>d,description=>e,start_date=>f,end_date=>g,status=>h],[])
@ -38,17 +35,20 @@ function get_notebook_details($user_id) {
*/
function add_notebook_details($user_id,$course,$session_id,$description,$start_date) {
$t_notebook = Database :: get_course_table(TABLE_NOTEBOOK);
if ($user_id !== strval(intval($user_id))) { return false;}
$safe_user_id = (int)$user_id;
$safe_course = Database::escape_string($course);
$safe_session_id = (int)$session_id;
if ($session_id !== strval(intval($session_id))) { return false;}
$safe_session_id = (int)$session_id;
$safe_description = Database::escape_string($description);
$safe_start_date = Database::escape_string($start_date);
if (empty($description) || empty($start_date)) {
if (empty($description) || empty($safe_start_date)) {
return false;
}
$sql = "INSERT INTO $t_notebook(user_id,course,session_id,description,start_date,status)
VALUES('$safe_user_id' , '$safe_course','$safe_session_id','$safe_description','$start_date',0)";
VALUES('$safe_user_id' , '$safe_course','$safe_session_id','$safe_description','$safe_start_date',0)";
$result = api_sql_query($sql, __FILE__, __LINE__);
return $result;
@ -69,11 +69,15 @@ function add_notebook_details($user_id,$course,$session_id,$description,$start_d
function edit_notebook_details($notebook_id,$user_id,$course,$session_id,$description,$end_date) {
$t_notebook = Database :: get_course_table(TABLE_NOTEBOOK);
if ($notebook_id !== strval(intval($notebook_id))) { return false;}
$safe_notebook_id = (int)$notebook_id;
if ($user_id !== strval(intval($user_id))) { return false;}
$safe_user_id = (int)$user_id;
$safe_course = Database::escape_string($course);
$safe_session_id = (int)$session_id;
if ($session_id !== strval(intval($session_id))) { return false;}
$safe_session_id = (int)$session_id;
$safe_description = Database::escape_string($description);
$safe_end_date = Database::escape_string($end_date);
if (empty($description) || empty($end_date)) {
return false;
@ -94,6 +98,7 @@ function edit_notebook_details($notebook_id,$user_id,$course,$session_id,$descri
*/
function delete_notebook_details($notebook_id) {
$t_notebook = Database :: get_course_table(TABLE_NOTEBOOK);
if ($notebook_id !== strval(intval($notebook_id))) { return false;}
$safe_notebook_id = (int)$notebook_id;
$sql = "DELETE FROM $t_notebook WHERE notebook_id=$safe_notebook_id";
@ -110,15 +115,15 @@ function to_javascript_notebook() {
return "<script type=\"text/javascript\">
function confirmation (name)
{
if (confirm(\" ". get_lang("AreYouSureToDeleteThis") ." \"+ name + \" ?\"))
if (confirm(\" ". get_lang('AreYouSureToDelete') ." \"+ name + \" ?\"))
{return true;}
else
{return false;}
}
function add_notebook() {
msg_error='".get_lang("YouMustWriteANote")."';
msg='<<".get_lang("WriteHereYourNote").">>';
msg_error='".get_lang('YouMustWriteANote')."';
msg='<<".get_lang('WriteYourNoteHere').">>';
if(document.frm_add_notebook.description.value=='' || document.frm_add_notebook.description.value==msg) {
document.getElementById('msg_add_error').style.display='block';
document.getElementById('msg_add_error').innerHTML=msg_error;
@ -134,7 +139,7 @@ function to_javascript_notebook() {
}
function edit_notebook() {
msg_error='".get_lang("YouMustWriteANote")."';
msg_error='".get_lang('YouMustWriteANote')."';
if(document.frm_edit_notebook.upd_description.value=='') {
document.getElementById('msg_edit_error').style.display='block';
document.getElementById('msg_edit_error').innerHTML=msg_error;

Write Preview
Loading…
Cancel
Save