diff --git a/main/course_description/edit.php b/main/course_description/edit.php index b92b70e5e1..fbbdc54f1c 100755 --- a/main/course_description/edit.php +++ b/main/course_description/edit.php @@ -77,7 +77,7 @@ if ($description_type == THEMATIC_ADVANCE) { $form->addElement('style_submit_button', null, get_lang('Save'), 'class="save"'); // Set some default values $default['title'] = Security::remove_XSS($description_title); -$default['contentDescription'] = Security::remove_XSS($description_content,STUDENT); +$default['contentDescription'] = Security::remove_XSS($description_content,COURSEMANAGERLOWSECURITY); $default['description_type'] = $description_type; $form->setDefaults($default); diff --git a/main/dropbox/index.php b/main/dropbox/index.php index cbc6b5acb6..b69d6ca50d 100755 --- a/main/dropbox/index.php +++ b/main/dropbox/index.php @@ -580,7 +580,7 @@ if ($_GET['action'] != 'add') { $receivers_celldata = trim(trim($receivers_celldata), ','); // Removing the trailing comma. $dropbox_file_data[] = $receivers_celldata; $last_upload_date = api_get_local_time($dropbox_file->last_upload_date, 'Y-m-d H:i:s', null, date_default_timezone_get()); - $dropbox_file_data[] = date_to_str_ago($last_upload_date).'
'.api_get_local_time($last_upload_date).''; + $dropbox_file_data[] = date_to_str_ago($last_upload_date).'
'.api_format_date_time_long($last_upload_date).''; //$dropbox_file_data[] = $dropbox_file->author; $receivers_celldata = ''; diff --git a/main/inc/lib/text.lib.php b/main/inc/lib/text.lib.php index d53bb2a968..8c7d5ba8e6 100755 --- a/main/inc/lib/text.lib.php +++ b/main/inc/lib/text.lib.php @@ -1,19 +1,14 @@ -\\1://\\2",$string); - $string=eregi_replace("([a-z0-9_.-]+@[a-z0-9.-]+)","\\1",$string); +function make_clickable($string) { + // TODO: eregi_replace() is deprecated as of PHP 5.3 + if (!stristr($string, ' src=') && !stristr($string, ' href=')) { + $string = eregi_replace("(https?|ftp)://([a-z0-9#?/&=._+:~%-]+)", "\\1://\\2", $string); + $string = eregi_replace("([a-z0-9_.-]+@[a-z0-9.-]+)", "\\1", $string); } - return $string; } /** - * formats the date according to the locale settings + * Formats the date according to the locale settings * * @author Patrick Cool , Ghent University - * @author Christophe Gesch� + * @author Christophe Gesché * originally inspired from from PhpMyAdmin * @param string $date_format date pattern * @param integer $time_stamp, default is NOW. * @return the formatted date */ -function format_locale_date($date_format, $time_stamp = -1, $language = null) -{ - /* - static $initialized = false; - static $days_short, $days_long, $months_short, $months_long; - - if (!$initialized) - { - // Defining the shorts for the days - $days_short = array (get_lang("SundayShort"), get_lang("MondayShort"), get_lang("TuesdayShort"), get_lang("WednesdayShort"), get_lang("ThursdayShort"), get_lang("FridayShort"), get_lang("SaturdayShort")); - // Defining the days of the week to allow translation of the days - $days_long = array (get_lang("SundayLong"), get_lang("MondayLong"), get_lang("TuesdayLong"), get_lang("WednesdayLong"), get_lang("ThursdayLong"), get_lang("FridayLong"), get_lang("SaturdayLong")); - // Defining the shorts for the months - $months_short = array (get_lang("JanuaryShort"), get_lang("FebruaryShort"), get_lang("MarchShort"), get_lang("AprilShort"), get_lang("MayShort"), get_lang("JuneShort"), get_lang("JulyShort"), get_lang("AugustShort"), get_lang("SeptemberShort"), get_lang("OctoberShort"), get_lang("NovemberShort"), get_lang("DecemberShort")); - // Defining the months of the year to allow translation of the months - $months_long = array (get_lang("JanuaryLong"), get_lang("FebruaryLong"), get_lang("MarchLong"), get_lang("AprilLong"), get_lang("MayLong"), get_lang("JuneLong"), get_lang("JulyLong"), get_lang("AugustLong"), get_lang("SeptemberLong"), get_lang("OctoberLong"), get_lang("NovemberLong"), get_lang("DecemberLong")); - - $initialized = true; - } - - if ($time_stamp == -1) $time_stamp = time(); - - // with the ereg we replace %aAbB of date format - //(they can be done by the system when locale date aren't aivailable - - $date = ereg_replace('%[A]', $days_long[(int)strftime('%w', $time_stamp)], $date_format); - $date = ereg_replace('%[a]', $days_short[(int)strftime('%w', $time_stamp)], $date); - $date = ereg_replace('%[B]', $months_long[(int)strftime('%m', $time_stamp)-1], $date); - $date = ereg_replace('%[b]', $months_short[(int)strftime('%m', $time_stamp)-1], $date); - - return strftime($date, $time_stamp); - */ +function format_locale_date($date_format, $time_stamp = -1, $language = null) { return api_format_date($date_format, $time_stamp, $language); -} // end function format_locale_date - +} /** -* @desc this function does some parsing on the text that gets inputted. This parsing can be of any kind -* LaTeX notation, Word Censoring, Glossary Terminology (extension will available soon), Musical Notations, ... -* The inspiration for this filter function came from Moodle an phpBB who both use a similar approach -* @param $input string. some text -* @return $output string. some text that contains the parsed elements. -* @example [tex]\sqrt(2)[/tex] -* @author Patrick Cool -* @version March 2OO6 -*/ -function text_filter($input, $filter=true) -{ + * @desc This function does some parsing on the text that gets inputted. This parsing can be of any kind + * LaTeX notation, Word Censoring, Glossary Terminology (extension will available soon), Musical Notations, ... + * The inspiration for this filter function came from Moodle an phpBB who both use a similar approach + * @param $input string. some text + * @return $output string. some text that contains the parsed elements. + * @example [tex]\sqrt(2)[/tex] + * @author Patrick Cool + * @version March 2OO6 + */ +function text_filter($input, $filter = true) { - //$input=stripslashes($input); + //$input = stripslashes($input); - if ($filter==true) - { + if ($filter) { // *** parse [tex]...[/tex] tags *** // // which will return techexplorer or image html depending on the capabilities of the // browser of the user (using some javascript that checks if the browser has the TechExplorer plugin installed or not) - $input=_text_parse_tex($input); - + $input = _text_parse_tex($input); // *** parse [teximage]...[/teximage] tags *** // // these force the gif rendering of LaTeX using the mimetex gif renderer //$input=_text_parse_tex_image($input); - // *** parse [texexplorer]...[/texexplorer] tags *** // // these force the texeplorer LaTeX notation - $input=_text_parse_texexplorer($input); + $input = _text_parse_texexplorer($input); // *** Censor Words *** // // censor words. This function removes certain words by [censored] @@ -135,8 +92,8 @@ function text_filter($input, $filter=true) // $input=text_censor_words($input); // *** parse [?]...[/?] tags *** // - // for the glossary tool (see http://www.dokeos.com/extensions) - $input=_text_parse_glossary($input); + // for the glossary tool + $input = _text_parse_glossary($input); // parse [wiki]...[/wiki] tags // this is for the coolwiki plugin. @@ -156,9 +113,8 @@ function text_filter($input, $filter=true) return $input; } - /** - * Apply parsing to content to parse tex commandos that are seperated by [tex] + * Applies parsing for tex commandos that are seperated by [tex] * [/tex] to make it readable for techexplorer plugin. * This function should not be accessed directly but should be accesse through the text_filter function * @param string $text The text to parse @@ -166,21 +122,17 @@ function text_filter($input, $filter=true) * @author Patrick Cool * @version June 2004 */ -function _text_parse_tex($textext) -{ +function _text_parse_tex($textext) { //$textext = str_replace(array ("[tex]", "[/tex]"), array ('[*****]', '[/*****]'), $textext); //$textext=stripslashes($texttext); - $input_array=preg_split("/(\[tex]|\[\/tex])/",$textext,-1, PREG_SPLIT_DELIM_CAPTURE); - + $input_array = preg_split("/(\[tex]|\[\/tex])/", $textext, -1, PREG_SPLIT_DELIM_CAPTURE); - foreach ($input_array as $key=>$value) - { - if ($key>0 && $input_array[$key-1]=='[tex]' AND $input_array[$key+1]=='[/tex]') - { - $input_array[$key]=latex_gif_renderer($value); - unset($input_array[$key-1]); - unset($input_array[$key+1]); + foreach ($input_array as $key => $value) { + if ($key > 0 && $input_array[$key - 1] == '[tex]' AND $input_array[$key + 1] == '[/tex]') { + $input_array[$key] = latex_gif_renderer($value); + unset($input_array[$key - 1]); + unset($input_array[$key + 1]); //echo 'LaTeX:
'; } } @@ -188,8 +140,9 @@ function _text_parse_tex($textext) $output=implode('',$input_array); return $output; } + /** - * Apply parsing to content to parse tex commandos that are seperated by [tex] + * Applies parsing for tex commandos that are seperated by [tex] * [/tex] to make it readable for techexplorer plugin. * This function should not be accessed directly but should be accesse through the text_filter function * @param string $text The text to parse @@ -197,25 +150,21 @@ function _text_parse_tex($textext) * @author Patrick Cool * @version June 2004 */ -function _text_parse_texexplorer($textext) -{ - if (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) - { - $textext = str_replace(array ("[texexplorer]", "[/texexplorer]"), array (""), $textext); - } - else - { - $textext = str_replace(array ("[texexplorer]", "[/texexplorer]"), array (""), $textext); +function _text_parse_texexplorer($textext) { + if (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) { + $textext = str_replace(array("[texexplorer]", "[/texexplorer]"), array(""), $textext); + } else { + $textext = str_replace(array("[texexplorer]", "[/texexplorer]"), array(""), $textext); } return $textext; } + /** * This function should not be accessed directly but should be accesse through the text_filter function * @author Patrick Cool */ -function _text_parse_glossary($input) -{ +function _text_parse_glossary($input) { return $input; } @@ -224,46 +173,37 @@ function _text_parse_glossary($input) * This function should not be accessed directly but should be accesse through the text_filter function * @author Patrick Cool */ -function _text_parse_tool($input) -{ +function _text_parse_tool($input) { // an array with all the valid tools - $tools[]=array(TOOL_ANNOUNCEMENT, 'announcements/announcements.php'); - $tools[]=array(TOOL_CALENDAR_EVENT, 'calendar/agenda.php'); + $tools[] = array(TOOL_ANNOUNCEMENT, 'announcements/announcements.php'); + $tools[] = array(TOOL_CALENDAR_EVENT, 'calendar/agenda.php'); // check if the name between the [tool] [/tool] tags is a valid one } - - - /** * render LaTeX code into a gif or retrieve a cached version of the gif * @author Patrick Cool Ghent University */ -function latex_gif_renderer($latex_code) -{ +function latex_gif_renderer($latex_code) { global $_course; // setting the paths and filenames - $mimetex_path=api_get_path(LIBRARY_PATH).'mimetex/'; - $temp_path=api_get_path(SYS_COURSE_PATH).$_course['path'].'/temp/'; - $latex_filename=md5($latex_code).'.gif'; - - if(!file_exists($temp_path.$latex_filename) OR isset($_GET['render'])) - { - if ((PHP_OS == "WINNT") || (PHP_OS == "WIN32") || (PHP_OS == "Windows")) - { - $mimetex_command=$mimetex_path.'mimetex.exe -e "'.$temp_path.md5($latex_code).'.gif" '.escapeshellarg($latex_code).''; - } - else - { - $mimetex_command=$mimetex_path.'mimetex.linux -e "'.$temp_path.md5($latex_code).'.gif" '.escapeshellarg($latex_code); + $mimetex_path = api_get_path(LIBRARY_PATH).'mimetex/'; + $temp_path = api_get_path(SYS_COURSE_PATH).$_course['path'].'/temp/'; + $latex_filename = md5($latex_code).'.gif'; + + if (!file_exists($temp_path.$latex_filename) OR isset($_GET['render'])) { + if ((PHP_OS == "WINNT") || (PHP_OS == "WIN32") || (PHP_OS == "Windows")) { + $mimetex_command = $mimetex_path.'mimetex.exe -e "'.$temp_path.md5($latex_code).'.gif" '.escapeshellarg($latex_code).''; + } else { + $mimetex_command = $mimetex_path.'mimetex.linux -e "'.$temp_path.md5($latex_code).'.gif" '.escapeshellarg($latex_code); } exec($mimetex_command); //echo 'volgende shell commando werd uitgevoerd:
'.$mimetex_command.'
'; } - $return = ""; + $return = ""; $return .= ''.$latex_code.''; return $return; } @@ -279,8 +219,8 @@ function latex_gif_renderer($latex_code) * @author Julio Montoya */ -function date_to_str_ago($date) -{ +function date_to_str_ago($date) { + static $initialized = false; static $today, $yesterday; static $min_decade, $min_year, $min_month, $min_week, $min_day, $min_hour, $min_minute; @@ -291,105 +231,106 @@ function date_to_str_ago($date) $today = api_ucfirst(get_lang('Today')); $yesterday = api_ucfirst(get_lang('Yesterday')); - $min_decade=get_lang('MinDecade'); - $min_year=get_lang('MinYear'); - $min_month=get_lang('MinMonth'); - $min_week=get_lang('MinWeek'); - $min_day=get_lang('MinDay'); - $min_hour=get_lang('MinHour'); - $min_minute=get_lang('MinMinute'); - - $min_decades=get_lang('MinDecades'); - $min_years=get_lang('MinYears'); - $min_months=get_lang('MinMonths'); - $min_weeks=get_lang('MinWeeks'); - $min_days=get_lang('MinDays'); - $min_hours=get_lang('MinHours'); - $min_minutes=get_lang('MinMinutes'); + $min_decade = get_lang('MinDecade'); + $min_year = get_lang('MinYear'); + $min_month = get_lang('MinMonth'); + $min_week = get_lang('MinWeek'); + $min_day = get_lang('MinDay'); + $min_hour = get_lang('MinHour'); + $min_minute = get_lang('MinMinute'); + + $min_decades = get_lang('MinDecades'); + $min_years = get_lang('MinYears'); + $min_months = get_lang('MinMonths'); + $min_weeks = get_lang('MinWeeks'); + $min_days = get_lang('MinDays'); + $min_hours = get_lang('MinHours'); + $min_minutes = get_lang('MinMinutes'); // original 1 //$sec_time=array("century"=>3.1556926*pow(10,9),"decade"=>315569260,"year"=>31556926,"month"=>2629743.83,"week"=>604800,"day"=>86400,"hour"=>3600,"minute"=>60,"second"=>1); //$sec_time=array(get_lang('MinDecade')=>315569260,get_lang('MinYear')=>31556926,get_lang('MinMonth')=>2629743.83,get_lang('MinWeek')=>604800,get_lang('MinDay')=>86400,get_lang('MinHour')=>3600,get_lang('MinMinute')=>60); - $sec_time_time=array(315569260,31556926,2629743.83,604800,86400,3600,60); - $sec_time_sing=array($min_decade,$min_year,$min_month,$min_week,$min_day,$min_hour,$min_minute); - $sec_time_plu =array($min_decades,$min_years,$min_months,$min_weeks,$min_days,$min_hours,$min_minutes); + $sec_time_time = array(315569260, 31556926, 2629743.83, 604800, 86400, 3600, 60); + $sec_time_sing = array($min_decade, $min_year, $min_month, $min_week, $min_day, $min_hour, $min_minute); + $sec_time_plu = array($min_decades, $min_years, $min_months, $min_weeks, $min_days, $min_hours, $min_minutes); $initialized = true; } - $dst_date=strtotime($date); - //for not call date several times - $date_array=date("s/i/G/j/n/Y",$dst_date); - $date_split=explode("/",$date_array); + $dst_date = is_string($date) ? strtotime($date) : $date; + // For avoiding calling date() several times + $date_array = date('s/i/G/j/n/Y', $dst_date); + $date_split = explode('/', $date_array); - $dst_s=$date_split[0]; - $dst_m=$date_split[1]; - $dst_h=$date_split[2]; - $dst_day=$date_split[3]; - $dst_mth=$date_split[4]; - $dst_yr=$date_split[5]; + $dst_s = $date_split[0]; + $dst_m = $date_split[1]; + $dst_h = $date_split[2]; + $dst_day = $date_split[3]; + $dst_mth = $date_split[4]; + $dst_yr = $date_split[5]; - $dst_date = mktime($dst_h,$dst_m,$dst_s,$dst_mth,$dst_day,$dst_yr); - $time=$offset = time()-$dst_date; //seconds between current days and today + $dst_date = mktime($dst_h, $dst_m, $dst_s, $dst_mth, $dst_day, $dst_yr); + $time = $offset = time() - $dst_date; // Seconds between current days and today. - //------------ Here start the functions sec_to_str - $act_day=date('d'); - $act_mth=date('n'); + // Here start the functions sec_to_str() + $act_day = date('d'); + $act_mth = date('n'); $act_yr = date('Y'); - if ($dst_day==$act_day && $dst_mth==$act_mth && $dst_yr == $act_yr ) { + if ($dst_day == $act_day && $dst_mth == $act_mth && $dst_yr == $act_yr) { return $today; } - if ($dst_day==$act_day-1 && $dst_mth==$act_mth && $dst_yr == $act_yr ) { + if ($dst_day == $act_day - 1 && $dst_mth == $act_mth && $dst_yr == $act_yr) { return $yesterday; } - $str_result=array(); - $time_result=array(); - $key_result=array(); + $str_result = array(); + $time_result = array(); + $key_result = array(); - $str=''; - $i=0; - for ($i=0;$i $time) { + $str = ''; + $i = 0; + for ($i = 0; $i < count($sec_time_time); $i++) { + $seconds = $sec_time_time[$i]; + if ($seconds > $time) { continue; } - $current_value=intval($time/$seconds); + $current_value = intval($time/$seconds); if ($current_value != 1) { - $date_str= $sec_time_plu[$i]; + $date_str = $sec_time_plu[$i]; } else { - $date_str= $sec_time_sing[$i]; + $date_str = $sec_time_sing[$i]; } - $key_result[]=$sec_time_sing[$i]; + $key_result[] = $sec_time_sing[$i]; - $str_result[]=$current_value.' '.$date_str; - $time_result[]= $current_value; - $str.=$current_value.$date_str; - $time%=$seconds; + $str_result[] = $current_value.' '.$date_str; + $time_result[] = $current_value; + $str .= $current_value.$date_str; + $time %= $seconds; } - if ($key_result[0]== $min_day && $key_result[1]== $min_minute) { - $key_result[1]=' 0 '.$min_hours; - $str_result[0]=$time_result[0].' '.$key_result[0]; - $str_result[1]=$key_result[1]; + if ($key_result[0] == $min_day && $key_result[1]== $min_minute) { + $key_result[1] = ' 0 '.$min_hours; + $str_result[0] = $time_result[0].' '.$key_result[0]; + $str_result[1] = $key_result[1]; } - if ($key_result[0]== $min_year && ($key_result[1]== $min_day || $key_result[1]== $min_week)) { - $key_result[1]=' 0 '.$min_months; - $str_result[0]=$time_result[0].' '.$key_result[0]; - $str_result[1]=$key_result[1]; + if ($key_result[0] == $min_year && ($key_result[1] == $min_day || $key_result[1] == $min_week)) { + $key_result[1] = ' 0 '.$min_months; + $str_result[0] = $time_result[0].' '.$key_result[0]; + $str_result[1] = $key_result[1]; } if (!empty($str_result[1])) { - $str=$str_result[0].', '.$str_result[1]; + $str = $str_result[0].', '.$str_result[1]; } else { - $str=$str_result[0]; + $str = $str_result[0]; } return $str; } + /** * This functions cuts a paragraph * i.e cut('Merry Xmas from Lima',13) = "Merry Xmas fr..." @@ -398,17 +339,16 @@ function date_to_str_ago($date) * @param bool Whether to embed in a ... * @return string * */ -function cut($text,$maxchar,$embed=false) -{ +function cut($text, $maxchar, $embed = false) { if (api_strlen($text) > $maxchar) { - if ($embed==true) { + if ($embed) { return ''.api_substr($text, 0, $maxchar).'...'; } return api_substr($text, 0, $maxchar).'...' ; - } else { - return $text; } + return $text; } + /** * Show a number as only integers if no decimals, but will show 2 decimals if exist. * @@ -416,8 +356,7 @@ function cut($text,$maxchar,$embed=false) * @param int decimal points 0=never, 1=if needed, 2=always * @return mixed an integer or a float depends on the parameter */ -function float_format($number, $flag = 1) -{ +function float_format($number, $flag = 1) { if (is_numeric($number)) { // a number if (!$number) { // zero $result = ($flag == 2 ? '0.00' : '0'); // output zero @@ -434,23 +373,21 @@ function float_format($number, $flag = 1) /** * Function to obtain last week timestamps - * @return array times for every day inside week + * @return array times for every day inside week */ function get_last_week() { $week = date('W'); $year = date('Y'); - - $lastweek=$week-1; - if ($lastweek==0){ + + $lastweek = $week - 1; + if ($lastweek == 0) { $week = 52; $year--; } - - $lastweek=sprintf("%02d", $lastweek); - for ($i=1;$i<=7;$i++){ - $arrdays[] = strtotime("$year". "W$lastweek"."$i"); + + $lastweek = sprintf("%02d", $lastweek); + for ($i=1; $i<=7; $i++) { + $arrdays[] = strtotime("$year"."W$lastweek"."$i"); } return $arrdays; } - -?> diff --git a/main/newscorm/blank.php b/main/newscorm/blank.php index 28b28d0289..249a844e79 100755 --- a/main/newscorm/blank.php +++ b/main/newscorm/blank.php @@ -1,8 +1,8 @@ */ diff --git a/main/newscorm/learnpath.class.php b/main/newscorm/learnpath.class.php index cd390b6b0a..bf8127b405 100755 --- a/main/newscorm/learnpath.class.php +++ b/main/newscorm/learnpath.class.php @@ -1,5 +1,5 @@ */ -/** - * Nothing very interesting - */ // including the global file require_once '../inc/global.inc.php'; diff --git a/main/newscorm/lp_view.php b/main/newscorm/lp_view.php index 14966ab8c6..c9f9902c9d 100755 --- a/main/newscorm/lp_view.php +++ b/main/newscorm/lp_view.php @@ -1,32 +1,28 @@ - - redesign * @author Denes Nagy, principal author * @author Isthvan Mandak, several new features * @author Roan Embrechts, code improvements and refactoring * @license GNU/GPL - See Dokeos license directory for details -============================================================================== */ /** * Script */ -/* -============================================================================== - INIT SECTION -============================================================================== -*/ +/* INIT SECTION */ $_SESSION['whereami'] = 'lp/view'; $this_section=SECTION_COURSES; if($lp_controller_touched!=1){ header('location: lp_controller.php?action=view&item_id='.$_REQUEST['item_id']); + exit; } /* @@ -61,11 +57,8 @@ $user_id = api_get_user_id(); $platform_theme = api_get_setting('stylesheets'); // plataform's css $my_style=$platform_theme; //escape external variables -/* ------------------------------------------------------------ - Header ------------------------------------------------------------ -*/ + +/* Header */ $htmlHeadXtra[] = ''; //jQuery if (api_get_setting('show_glossary_in_documents') == 'ismanual' || api_get_setting('show_glossary_in_documents') == 'isautomatic' ) { @@ -116,9 +109,14 @@ if (!isset($src)) { $htmlHeadXtra[] = ''; $prereq_check = $_SESSION['oLP']->prerequisites_match($lp_item_id); if($prereq_check === true){ - $src = $_SESSION['oLP']->get_link('http',$lp_item_id); + $src = $_SESSION['oLP']->get_link('http',$lp_item_id); + //Prevents FF 3.6 + Adobe Reader 9 bug see BT#794 when calling a pdf file in a LP + $file_info = pathinfo($src); + if (api_strtolower(substr($file_info['extension'], 0, 3) == 'pdf')) { + $src = 'lp_view_item.php?src='.$src; + } $_SESSION['oLP']->start_current_item(); //starts time counter manually if asset - }else{ + } else { $src = 'blank.php?error=prerequisites'; } break; @@ -169,9 +167,9 @@ if ($type_quiz && !empty($_REQUEST['exeId']) && isset($_GET['lp_id']) && isset($ $TBL_LP_ITEM_VIEW = Database::get_course_table(TABLE_LP_ITEM_VIEW); $TBL_LP_VIEW = Database::get_course_table(TABLE_LP_VIEW); $TBL_LP_ITEM = Database::get_course_table(TABLE_LP_ITEM); - $safe_item_id = Database::escape_string($_GET['lp_item_id']); - $safe_id = Database::escape_string($_GET['lp_id']); - $safe_exe_id = Database::escape_string($_REQUEST['exeId']); + $safe_item_id = Database::escape_string($_GET['lp_item_id']); + $safe_id = Database::escape_string($_GET['lp_id']); + $safe_exe_id = Database::escape_string($_REQUEST['exeId']); if ($safe_id == strval(intval($safe_id)) && $safe_item_id == strval(intval($safe_item_id))) { @@ -528,7 +526,7 @@ window.onresize = updateContentHeight; - +
diff --git a/main/newscorm/lp_view_item.php b/main/newscorm/lp_view_item.php index 7bedf3da2d..d0fa9a1849 100755 --- a/main/newscorm/lp_view_item.php +++ b/main/newscorm/lp_view_item.php @@ -1,48 +1,38 @@ - cleaning and update for new SCORM tool -* @package dokeos.learnpath -============================================================================== +* @package chamilo.learnpath */ -/* -============================================================================== - INIT SECTION -============================================================================== -*/ +//Prevents FF 3.6 + Adobe Reader 9 bug see BT#794 when calling a pdf file in a LP +if(isset($_GET['src'])) { + // including the global file + require_once '../inc/global.inc.php'; + api_protect_course_script(); + //get parameter only came from lp_view.php + $url_info = parse_url($_GET['src']); + $real_url_info = parse_url(api_get_path(WEB_PATH)); + + //the host must be the same + if ($url_info['host'] == $real_url_info['host']) { + header("Location: ".urldecode(Security::remove_XSS($_GET['src']))); + exit; + } else { + header("Location: blank.php?error=document_not_found"); + exit; + } +} + + +/* INIT SECTION */ $_SESSION['whereami'] = 'lp/build'; -if(isset($_SESSION['oLP']) && isset($_GET['id'])) -{ +if(isset($_SESSION['oLP']) && isset($_GET['id'])) { $_SESSION['oLP'] -> current = intval($_GET['id']); } $this_section=SECTION_COURSES; @@ -50,30 +40,21 @@ $this_section=SECTION_COURSES; api_protect_course_script(); /* ------------------------------------------------------------ Libraries ------------------------------------------------------------ */ //the main_api.lib.php, database.lib.php and display.lib.php //libraries are included by default -include('learnpath_functions.inc.php'); +require_once 'learnpath_functions.inc.php'; //include('../resourcelinker/resourcelinker.inc.php'); -include('resourcelinker.inc.php'); +require_once 'resourcelinker.inc.php'; //rewrite the language file, sadly overwritten by resourcelinker.inc.php // name of the language file that needs to be included $language_file = "learnpath"; -/* ------------------------------------------------------------ - Header and action code ------------------------------------------------------------ -*/ -/* ------------------------------------------------------------ - Constants and variables ------------------------------------------------------------ -*/ + +/* Header and action code */ +/* Constants and variables */ $is_allowed_to_edit = api_is_allowed_to_edit(null,true); $tbl_lp = Database::get_course_table(TABLE_LP_MAIN); @@ -96,9 +77,7 @@ $prereq = $_REQUEST['prereq']; $type = $_REQUEST['type']; */ /* -============================================================================== MAIN CODE -============================================================================== */ // using the resource linker as a tool for adding resources to the learning path if ($action=="add" and $type=="learnpathitem") @@ -123,15 +102,11 @@ $therow=Database::fetch_array($result); - all the functions not available for students - always available in this case (page only shown to admin) ----------------------------------------------------------- */ -/*================================================== - SHOWING THE ADMIN TOOLS - ==================================================*/ +/* SHOWING THE ADMIN TOOLS */ -/*================================================== - prerequisites setting end - ==================================================*/ +/* prerequisites setting end */ if (isset($_SESSION['gradebook'])){ $gradebook= $_SESSION['gradebook']; } @@ -179,11 +154,7 @@ function confirmation(name) { //echo $admin_output; -/* ------------------------------------------------------------ - DISPLAY SECTION ------------------------------------------------------------ -*/ +/* DISPLAY SECTION */ echo $_SESSION['oLP']->build_action_menu(); echo ''; @@ -200,10 +171,6 @@ echo '
'; echo ''; echo '
'; -/* -============================================================================== - FOOTER -============================================================================== -*/ +/* FOOTER */ Display::display_footer(); ?> \ No newline at end of file