merge

16 years ago · 685b3423ab
parent cef78c260a 64cc78fc89
commit 685b3423ab
6 changed files with 38 additions and 28 deletions
--- a/main/auth/inscription.php
+++ b/main/auth/inscription.php
@ -298,10 +298,12 @@ if ($display_all_form === true) {

 					// looping through the selected values and assigning the selected values to either the first or second select form
 					foreach ($selected_values as $key => $selected_value) {
-						if (key_exists($selected_value, $values[0])) {
-							$extra_data['extra_'.$field_details[1]]['extra_'.$field_details[1]] = $selected_value;
-						} else {
-							$extra_data['extra_'.$field_details[1]]['extra_'.$field_details[1].'*'] = $selected_value;
+							if(is_array($values)){
+							if (array_key_exists($selected_value, $values[0])) {
+								$extra_data['extra_'.$field_details[1]]['extra_'.$field_details[1]] = $selected_value;
+							} else {
+								$extra_data['extra_'.$field_details[1]]['extra_'.$field_details[1].'*'] = $selected_value;
+							}
 						}
 					}
 				}
--- a/main/dropbox/dropbox_class.inc.php
+++ b/main/dropbox/dropbox_class.inc.php
@ -376,6 +376,9 @@ class Dropbox_Person

 		//Note: perhaps include an ex coursemember check to delete old files

+		$session_id = api_get_session_id();
+		$condition_session = api_get_session_condition($session_id);
+			
 		$post_tbl = Database::get_course_table(TABLE_DROPBOX_POST);
 		$person_tbl = Database::get_course_table(TABLE_DROPBOX_PERSON);
 		$file_tbl = Database::get_course_table(TABLE_DROPBOX_FILE);
@ -384,11 +387,10 @@ class Dropbox_Person
 				FROM $post_tbl r, $person_tbl p
 				WHERE r.dest_user_id = '".addslashes($this->userId)."'
 					AND r.dest_user_id = p.user_id
-					AND r.file_id = p.file_id";
+					AND r.file_id = p.file_id $condition_session";
+
+		//if (intval($_SESSION['id_session']>0)) { $sql .= " AND r.session_id = ".intval($_SESSION['id_session']); }

-		if (intval($_SESSION['id_session']>0)) {
-			$sql .= " AND r.session_id = ".intval($_SESSION['id_session']);
-		}
        $result = Database::query($sql,__FILE__,__LINE__);
 		while ($res = Database::fetch_array($result)) {
 			$temp = new Dropbox_Work($res["file_id"]);
@ -401,11 +403,10 @@ class Dropbox_Person
 				FROM $file_tbl f, $person_tbl p
 				WHERE f.uploader_id = '".addslashes($this->userId)."'
 				AND f.uploader_id = p.user_id
-				AND f.id = p.file_id";
+				AND f.id = p.file_id $condition_session";
+
+		//if(intval($_SESSION['id_session']>0)) { $sql .= " AND f.session_id = ".intval($_SESSION['id_session']); }

-		if(intval($_SESSION['id_session']>0)) {
-			$sql .= " AND f.session_id = ".intval($_SESSION['id_session']);
-		}
        $result =Database::query($sql,__FILE__,__LINE__);
 		while ($res = Database::fetch_array($result)) {
 			$this->sentWork[] = new Dropbox_SentWork($res["id"]);
--- a/main/dropbox/dropbox_functions.inc.php
+++ b/main/dropbox/dropbox_functions.inc.php
@ -317,11 +317,12 @@ function get_dropbox_categories($filter='')
 	global $_user;
 	global $dropbox_cnf;

-	//echo '<h1>'.$filter.'</h1>';
-
 	$return_array=array();
-
-	$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."'";
+	
+	$session_id = api_get_session_id();
+	$condition_session = api_get_session_condition($session_id);
+		
+	$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' $condition_session";

 	$result=Database::query($sql,__FILE__,__LINE__);
 	while ($row=Database::fetch_array($result))
@ -378,16 +379,17 @@ function store_addcategory()

 	if (!$_POST['edit_id'])
 	{
+		$session_id = api_get_session_id();
 		// step 3a, we check if the category doesn't already exist
-		$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string(Security::remove_XSS($_POST['category_name']))."' AND received='".$received."' AND sent='".$sent."'";
+		$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string(Security::remove_XSS($_POST['category_name']))."' AND received='".$received."' AND sent='$sent' AND session_id='$session_id'";
 		$result=Database::query($sql,__FILE__,__LINE__);


 		// step 3b, we add the category if it does not exist yet.
 		if (Database::num_rows($result)==0)
 		{
-			$sql="INSERT INTO ".$dropbox_cnf['tbl_category']." (cat_name, received, sent, user_id)
-					VALUES ('".Database::escape_string(Security::remove_XSS($_POST['category_name']))."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', '".Database::escape_string($_user['user_id'])."')";
+			$sql="INSERT INTO ".$dropbox_cnf['tbl_category']." (cat_name, received, sent, user_id, session_id)
+					VALUES ('".Database::escape_string(Security::remove_XSS($_POST['category_name']))."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', '".Database::escape_string($_user['user_id'])."',$session_id)";
 			Database::query($sql,__FILE__,__LINE__);
 			return array('type' => 'confirmation', 'message'=>get_lang('CategoryStored'));
 		}
--- a/main/dropbox/dropbox_init.inc.php
+++ b/main/dropbox/dropbox_init.inc.php
@ -91,7 +91,8 @@ $user_id = api_get_user_id();
 $course_code = $_course['sysCode'];
 $course_info = Database::get_course_info($course_code);

-$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_code);
+$session_id = api_get_session_id();
+$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_code,$session_id);


 /*
@ -268,16 +269,16 @@ if (($_POST['action']=='download_received' || $_POST['action']=='download_sent')
 * ========================================
 * Prevents access of all users that are not course members
 */
-if((!$is_allowed_in_course || !$is_courseMember) && !api_is_allowed_to_edit())
-{
-	if ($origin != 'learnpath')
-	{
+
+if((!$is_allowed_in_course || !$is_course_member) && !api_is_allowed_to_edit(null,true)) {
+
+	if ($origin != 'learnpath') {
 		api_not_allowed(true);//print headers/footers
-	}else{
+	} else {
 		api_not_allowed();
 	}
-	exit();
-}
+	exit();	
+}	

 /*
 ==============================================================================
--- a/main/inc/lib/add_course.lib.inc.php
+++ b/main/inc/lib/add_course.lib.inc.php
@ -1125,9 +1125,12 @@ function update_Db_course($courseDbName)
  			received tinyint unsigned NOT NULL default 0,
  			sent tinyint unsigned NOT NULL default 0,
  			user_id int NOT NULL default 0,
+  			session_id smallint NOT NULL default 0,		
  			PRIMARY KEY  (cat_id)
  			)";
 	Database::query($sql, __FILE__, __LINE__);
+	$sql = "ALTER TABLE `".$TABLETOOLDROPBOXCATEGORY . "` ADD INDEX ( session_id ) ";
+	Database::query($sql, __FILE__, __LINE__);

 	$sql = "CREATE TABLE `".$TABLETOOLDROPBOXFEEDBACK."` (
 			  feedback_id int NOT NULL auto_increment,
--- a/main/install/migrate-db-1.8.6.1-1.8.6.2-pre.sql
+++ b/main/install/migrate-db-1.8.6.1-1.8.6.2-pre.sql
@ -60,4 +60,5 @@ ALTER TABLE quiz ADD COLUMN expired_time int NOT NULL DEFAULT '0' AFTER feedback
 ALTER TABLE group_info ADD COLUMN chat_state TINYINT DEFAULT 1, ADD INDEX (chat_state);
 ALTER TABLE group_category ADD COLUMN chat_state TINYINT DEFAULT 1, ADD INDEX (chat_state);
 ALTER TABLE student_publication ADD COLUMN weight float(6,2) UNSIGNED NOT NULL DEFAULT 0;
-ALTER TABLE course_description ADD COLUMN description_type TINYINT NOT NULL DEFAULT 0;
+ALTER TABLE course_description ADD COLUMN description_type TINYINT NOT NULL DEFAULT 0;
+ALTER TABLE dropbox_category ADD COLUMN session_id smallint NOT NULL DEFAULT 0, ADD INDEX (session_id);