chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

#4240 make document title text only

Browse Source
skala
Laurent Opprecht 14 years ago
parent fd6e512366
commit 583c35e66b
2 changed files with 7 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      main/document/create_document.php
  2. 5
      main/inc/lib/fileUpload.lib.php

3
main/document/create_document.php
Unescape View File

@ -526,7 +526,10 @@ if ($form->validate()) {
// Update parent folders
item_property_update_on_folder($_course, $dir, $_user['user_id']);
$new_comment = isset($_POST['comment']) ? trim($_POST['comment']) : '';
$new_comment = Database::escape_string($new_comment);
$new_title = isset($_POST['title']) ? trim($_POST['title']) : '';
$new_title = htmlspecialchars($new_title);
$new_title = Database::escape_string($new_title);
if ($new_comment || $new_title) {
$ct = '';
if ($new_comment)

5
main/inc/lib/fileUpload.lib.php
Unescape View File

@ -826,10 +826,13 @@ function add_document($_course, $path, $filetype, $filesize, $title, $comment =
$path = Database::escape_string($path);
$filetype = Database::escape_string($filetype);
$filesize = intval($filesize);
$title = htmlspecialchars($title);
$title = Database::escape_string($title);
$c_id = $_course['real_id'];
$table_document = Database::get_course_table(TABLE_DOCUMENT);
$sql = "INSERT INTO $table_document (c_id, path, filetype, size, title, comment, readonly, session_id)
VALUES ({$_course['real_id']}, '$path','$filetype','$filesize','".Database::escape_string($title)."', '$comment', $readonly, $session_id)";
VALUES ($c_id, '$path','$filetype','$filesize','$title', '$comment', $readonly, $session_id)";
if (Database::query($sql)) {
//display_message("Added to database (id ".Database::insert_id().")!");

Write Preview
Loading…
Cancel
Save