chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Adding session token in the promotion/career list see BT#4090

Browse Source
skala
Julio Montoya 13 years ago
parent c80f51cbee
commit 63e8896944
2 changed files with 82 additions and 78 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 154
      main/admin/careers.php
  2. 6
      main/admin/promotions.php

154
main/admin/careers.php
Unescape View File

@ -23,7 +23,12 @@ $htmlHeadXtra[] = api_get_jqgrid_js();
// setting breadcrumbs
$interbreadcrumb[]=array('url' => 'index.php','name' => get_lang('PlatformAdmin'));
$interbreadcrumb[]=array('url' => 'career_dashboard.php','name' => get_lang('CareersAndPromotions'));
$action = $_GET['action'];
$action = isset($_GET['action']) ? $_GET['action'] : null;
$check = Security::check_token('request');
$token = Security::get_token();
if ($action == 'add') {
$interbreadcrumb[]=array('url' => 'careers.php','name' => get_lang('Careers'));
$interbreadcrumb[]=array('url' => '#','name' => get_lang('Add'));
@ -37,9 +42,7 @@ if ($action == 'add') {
// The header.
Display::display_header($tool_name);
//jqgrid will use this URL to do the selects
$url = api_get_path(WEB_AJAX_PATH).'model.ajax.php?a=get_careers';
//The order is important you need to check the the $column variable in the model.ajax.php file
@ -59,8 +62,8 @@ $extra_params['height'] = 'auto';
//With this function we can add actions to the jgrid (edit, delete, etc)
$action_links = 'function action_formatter(cellvalue, options, rowObject) {
return \'<a href="?action=edit&id=\'+options.rowId+\'">'.Display::return_icon('edit.png',get_lang('Edit'),'',ICON_SIZE_SMALL).'</a>'.
'&nbsp;<a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES))."\'".')) return false;" href="?action=copy&id=\'+options.rowId+\'">'.Display::return_icon('copy.png',get_lang('Copy'),'',ICON_SIZE_SMALL).'</a>'.
'&nbsp;<a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES))."\'".')) return false;" href="?action=delete&id=\'+options.rowId+\'">'.Display::return_icon('delete.png',get_lang('Delete'),'',ICON_SIZE_SMALL).'</a>'.
'&nbsp;<a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES))."\'".')) return false;" href="?sec_token='.$token.'&action=copy&id=\'+options.rowId+\'">'.Display::return_icon('copy.png',get_lang('Copy'),'',ICON_SIZE_SMALL).'</a>'.
'&nbsp;<a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES))."\'".')) return false;" href="?sec_token='.$token.'&action=delete&id=\'+options.rowId+\'">'.Display::return_icon('delete.png',get_lang('Delete'),'',ICON_SIZE_SMALL).'</a>'.
'\';
}';
?>
@ -76,83 +79,86 @@ $(function() {
$career = new Career();
// Action handling: Add
if (isset($_GET['action']) && $_GET['action'] == 'add') {
if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) {
api_not_allowed();
}
$_SESSION['notebook_view'] = 'creation_date';
$url = api_get_self().'?action='.Security::remove_XSS($_GET['action']);
$form = $career->return_form($url, 'add');
// The validation or display
if ($form->validate()) {
$check = Security::check_token('post');
switch ($action) {
case 'add':
if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) {
api_not_allowed();
}
$_SESSION['notebook_view'] = 'creation_date';
$url = api_get_self().'?action='.Security::remove_XSS($_GET['action']);
$form = $career->return_form($url, 'add');
// The validation or display
if ($form->validate()) {
if ($check) {
$values = $form->exportValues();
$res = $career->save($values);
if ($res) {
Display::display_confirmation_message(get_lang('ItemAdded'));
}
}
$career->display();
} else {
echo '<div class="actions">';
echo '<a href="'.api_get_self().'">'.Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM).'</a>';
echo '</div>';
$form->addElement('hidden', 'sec_token');
$form->setConstants(array('sec_token' => $token));
$form->display();
}
break;
case 'edit':
// Action handling: Editing
$url = api_get_self().'?action='.Security::remove_XSS($_GET['action']).'&id='.intval($_GET['id']);
$form = $career->return_form($url, 'edit');
// The validation or display
if ($form->validate()) {
if ($check) {
$values = $form->exportValues();
$career->update_all_promotion_status_by_career_id($values['id'],$values['status']);
$res = $career->update($values);
if ($values['status']) {
Display::display_confirmation_message(sprintf(get_lang('CareerXUnarchived'), $values['name']), false);
} else {
Display::display_confirmation_message(sprintf(get_lang('CareerXArchived'), $values['name']), false);
}
}
$career->display();
} else {
echo '<div class="actions">';
echo '<a href="'.api_get_self().'">'.Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM).'</a>';
echo '</div>';
$form->addElement('hidden', 'sec_token');
$form->setConstants(array('sec_token' => $token));
$form->display();
}
break;
case 'delete':
// Action handling: delete
if ($check) {
$values = $form->exportValues();
$res = $career->save($values);
$res = $career->delete($_GET['id']);
if ($res) {
Display::display_confirmation_message(get_lang('ItemAdded'));
Display::display_confirmation_message(get_lang('ItemDeleted'));
}
}
Security::clear_token();
$career->display();
} else {
echo '<div class="actions">';
echo '<a href="'.api_get_self().'">'.Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM).'</a>';
echo '</div>';
$token = Security::get_token();
$form->addElement('hidden', 'sec_token');
$form->setConstants(array('sec_token' => $token));
$form->display();
}
} elseif (isset($_GET['action']) && $_GET['action'] == 'edit' && is_numeric($_GET['id'])) {
// Action handling: Editing
$url = api_get_self().'?action='.Security::remove_XSS($_GET['action']).'&id='.intval($_GET['id']);
$form = $career->return_form($url, 'edit');
// The validation or display
if ($form->validate()) {
$check = Security::check_token('post');
break;
case 'copy':
if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) {
api_not_allowed();
}
if ($check) {
$values = $form->exportValues();
$career->update_all_promotion_status_by_career_id($values['id'],$values['status']);
$res = $career->update($values);
if ($values['status']) {
Display::display_confirmation_message(sprintf(get_lang('CareerXUnarchived'), $values['name']), false);
} else {
Display::display_confirmation_message(sprintf(get_lang('CareerXArchived'), $values['name']), false);
$res = $career->copy($_GET['id'], true); //copy career and promotions inside
if ($res) {
Display::display_confirmation_message(get_lang('ItemCopied'));
}
}
Security::clear_token();
$career->display();
} else {
echo '<div class="actions">';
echo '<a href="'.api_get_self().'">'.Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM).'</a>';
echo '</div>';
$token = Security::get_token();
$form->addElement('hidden', 'sec_token');
$form->setConstants(array('sec_token' => $token));
$form->display();
}
} elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && is_numeric($_GET['id'])) {
// Action handling: delete
$res = $career->delete(intval($_GET['id']));
if ($res) {
Display::display_confirmation_message(get_lang('ItemDeleted'));
}
$career->display();
} elseif (isset($_GET['action']) && $_GET['action'] == 'copy') {
if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) {
api_not_allowed();
}
$res = $career->copy($_GET['id'], true); //copy career and promotions inside
if ($res) {
Display::display_confirmation_message(get_lang('ItemCopied'));
}
$career->display();
} else {
$career->display();
break;
default:
$career->display();
break;
}
Display :: display_footer();

6
main/admin/promotions.php
Unescape View File

@ -116,8 +116,7 @@ switch ($action) {
} else {
echo '<div class="actions">';
echo Display::url(Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM), api_get_self());
echo '</div>';
$token = Security::get_token();
echo '</div>';
$form->addElement('hidden', 'sec_token');
$form->setConstants(array('sec_token' => $token));
$form->display();
@ -144,8 +143,7 @@ switch ($action) {
} else {
echo '<div class="actions">';
echo Display::url(Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM), api_get_self());
echo '</div>';
$token = Security::get_token();
echo '</div>';
$form->addElement('hidden', 'sec_token');
$form->setConstants(array('sec_token' => $token));
$form->display();

Write Preview
Loading…
Cancel
Save