diff --git a/main/calendar/agenda.php b/main/calendar/agenda.php index 6dc995c480..0199cabe05 100644 --- a/main/calendar/agenda.php +++ b/main/calendar/agenda.php @@ -1,4 +1,4 @@ -$_POST['fday'], 'month'=>$_POST['fmonth'], 'year'=>$_POST['fyear'], 'hour'=>$_POST['fhour'], 'minutes'=>$_POST['fminute'], - 'end_day'=>$_POST['end_fday'], 'end_month'=>$_POST['end_fmonth'], 'end_year'=>$_POST['end_fyear'], 'end_hours'=>$_POST['end_fhour'], 'end_minutes'=>$_POST['end_fminute'], + 'end_day'=>$_POST['end_fday'], 'end_month'=>$_POST['end_fmonth'], 'end_year'=>$_POST['end_fyear'], 'end_hours'=>$_POST['end_fhour'], 'end_minutes'=>$_POST['end_fminute'], 'title'=>stripslashes($_POST['title']), 'content'=>stripslashes($_POST['content']), 'id'=>$_POST['id'], 'action'=>$_POST['action'], 'to'=>$_POST['selectedform']); $_SESSION['formelements']=$form_elements; if($id) // this is to correctly handle edits @@ -79,8 +79,8 @@ include "agenda.inc.php"; // some debug functions include($includePath."/lib/debug.lib.inc.php"); -/*============================================================================== - TREATING THE PARAMETERS +/*============================================================================== + TREATING THE PARAMETERS 1. viewing month only or everything 2. sort ascending or descending 3. showing or hiding the send-to-specific-groups-or-users form @@ -100,7 +100,7 @@ if ($_GET['action']=="showall") $_SESSION['show']="showall"; } //echo $_SESSION['show']; - + // 2. sorting order (ASC or DESC) if (!$_GET['sort'] and !$_SESSION['sort']) { @@ -114,14 +114,14 @@ if ($_GET['sort']=="desc") { $_SESSION['sort']="DESC"; } - -// 3. showing or hiding the send-to-specific-groups-or-users form -$setting_allow_individual_calendar=true; + +// 3. showing or hiding the send-to-specific-groups-or-users form +$setting_allow_individual_calendar=true; if (!$_POST['To'] and !$_SESSION['allow_individual_calendar']) { $_SESSION['allow_individual_calendar']="hide"; } -$allow_individual_calendar_status=$_SESSION['allow_individual_calendar']; +$allow_individual_calendar_status=$_SESSION['allow_individual_calendar']; if ($_POST['To'] and ($allow_individual_calendar_status=="hide")) { $_SESSION['allow_individual_calendar']="show"; @@ -130,17 +130,17 @@ if ($_POST['To'] and ($allow_individual_calendar_status=="show")) { $_SESSION['allow_individual_calendar']="hide"; } - + // 4. filter user or group if ($_GET['user'] or $_GET['group']) { - $_SESSION['user']=$_GET['user']; - $_SESSION['group']=$_GET['group']; + $_SESSION['user']=(int)$_GET['user']; + $_SESSION['group']=(int)$_GET['group']; } if ($_GET['user']=="none" or $_GET['group']=="none") { - api_session_unregister("user"); - api_session_unregister("group"); + api_session_unregister("user"); + api_session_unregister("group"); } if (!$is_courseAdmin){ if (!empty($_GET['toolgroup'])){ @@ -149,46 +149,46 @@ if (!$is_courseAdmin){ api_session_register('toolgroup'); } } - //It comes from the group tools. If it's define it overwrites $_SESSION['group'] + //It comes from the group tools. If it's define it overwrites $_SESSION['group'] if ($_GET['isStudentView']=="false") { - api_session_unregister("user"); - api_session_unregister("group"); + api_session_unregister("user"); + api_session_unregister("group"); } -// setting the javascripts +// setting the javascripts if ($_SESSION['allow_individual_calendar']=="show") { // this javascript should only be loaded when we show the forms to send messages to individual users/groups // because otherwise it produces a bug (=> year is set to 2009 on submit due to the javascript selectAll $htmlHeadXtra[] = to_javascript(); } -$htmlHeadXtra[] = user_group_filter_javascript(); +$htmlHeadXtra[] = user_group_filter_javascript(); // this loads the javascript that is needed for the date popup selection $htmlHeadXtra[] = ""; // setting the name of the tool $nameTools = get_lang('Agenda'); // language variable in trad4all.inc.php -// showing the header if we are not in the learning path, if we are in -// the learning path, we do not include the banner so we have to explicitly +// showing the header if we are not in the learning path, if we are in +// the learning path, we do not include the banner so we have to explicitly // include the stylesheet, which is normally done in the header -if ($_GET['origin'] != 'learnpath') -{ +if ($_GET['origin'] != 'learnpath') +{ Display::display_header($nameTools,'Agenda'); } -else +else { echo ""; } -/* ============================================================================== +/* ============================================================================== TRACKING ============================================================================== */ include('../inc/lib/events.lib.inc.php'); event_access_tool(TOOL_CALENDAR_EVENT); -/* ============================================================================== +/* ============================================================================== SETTING SOME VARIABLES ============================================================================== */ // Variable definitions @@ -211,17 +211,17 @@ $tbl_session_course_user= Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USE -/* ============================================================================== +/* ============================================================================== ACCESS RIGHTS ============================================================================== */ // permission stuff $is_allowedToEdit = is_allowed_to_edit(); $is_allowed_to_edit = is_allowed_to_edit(); -/* ============================================================================== - TITLE +/* ============================================================================== + TITLE ============================================================================== */ -// Displaying the title of the tool +// Displaying the title of the tool //api_display_tool_title($nameTools); // tool introduction @@ -231,14 +231,14 @@ Display::display_introduction_section(TOOL_CALENDAR_EVENT); echo ""; /* -============================================================================== +============================================================================== MAIN SECTION -============================================================================== +============================================================================== */ //setting the default year and month -$select_year = $_GET['year']; -$select_month = $_GET['month']; +$select_year = (int)$_GET['year']; +$select_month = (int)$_GET['month']; if (($select_year==NULL) && ($select_month==NULL)) { $today = getdate(); @@ -252,25 +252,25 @@ echo "" . ""; // THE LEFT PART -if ($_GET['origin']!='learnpath') -{ +if ($_GET['origin']!='learnpath') +{ echo '"; echo ""; } - + $fck_attribute['Width'] = '600'; $fck_attribute['Height'] = '400'; $fck_attribute['ToolbarSet'] = 'Middle'; @@ -284,7 +284,7 @@ if (is_allowed_to_edit()) switch ($_GET['action']) { case "add": - + if ($_POST['submit_event']) { store_new_agenda_item(); @@ -295,7 +295,7 @@ if (is_allowed_to_edit()) show_add_form(); } break; - + case "edit": if ($_POST['submit_event']) { @@ -308,24 +308,24 @@ if (is_allowed_to_edit()) show_add_form($id); } break; - + case "delete": $id=(int)$_GET['id']; delete_agenda_item($id); display_agenda_items(); break; - + case "showhide": $id=(int)$_GET['id']; showhide_agenda_item($id); display_agenda_items(); - break; + break; case "announce": //copying the agenda item into an announcement $id=(int)$_GET['id']; $ann_id = store_agenda_item_as_announcement($id); $tool_group_link = (isset($_SESSION['toolgroup'])?'&toolgroup='.$_SESSION['toolgroup']:''); Display::display_normal_message('Copied as announcement: New announcement'); - display_agenda_items(); + display_agenda_items(); } } @@ -333,25 +333,25 @@ if (is_allowed_to_edit()) // this is for students and whenever the courseaministrator has not chosen any action. It is in fact the default behaviour if (!$_GET['action'] OR $_GET['action']=="showall" OR $_GET['action']=="showcurrent" OR $_GET['action']=="view") { - if ($_GET['origin'] != 'learnpath') + if ($_GET['origin'] != 'learnpath') { display_agenda_items(); } - else + else { - display_one_agenda_item($_GET['agenda_id']); + display_one_agenda_item((int)$_GET['agenda_id']); } } echo " 
'; // the small calendar $MonthName = $MonthsLong[$select_month -1]; $agenda_items=get_kalender_items($select_month,$select_year); - display_minimonthcalendar($agenda_items, $select_month,$select_year, $MonthName); + display_minimonthcalendar($agenda_items, $select_month,$select_year, $MonthName); // the links for adding, filtering, showall, ... echo "
    "; if (is_allowed_to_edit()) { - display_courseadmin_links(); + display_courseadmin_links(); } display_student_links(); echo "
"; echo "		 
"; /* -============================================================================== - FOOTER -============================================================================== +============================================================================== + FOOTER +============================================================================== */ // The footer is displayed only if we are not in the learnpath -if ($_GET['origin'] != 'learnpath') -{ +if ($_GET['origin'] != 'learnpath') +{ Display::display_footer(); -} +} ?> \ No newline at end of file diff --git a/main/calendar/myagenda.php b/main/calendar/myagenda.php index e2e99d4b45..795066c340 100644 --- a/main/calendar/myagenda.php +++ b/main/calendar/myagenda.php @@ -207,22 +207,22 @@ if (isset ($_user['user_id'])) } // setting and/or getting the year, month, day, week $today = getdate(); - $year = $_GET['year']; + $year = (int)$_GET['year']; if ($year == NULL) { $year = $today['year']; } - $month = $_GET['month']; + $month = (int)$_GET['month']; if ($month == NULL) { $month = $today['mon']; } - $day = $_GET['day']; + $day = (int)$_GET['day']; if ($day == NULL) { $day = $today['mday']; } - $week = $_GET['week']; + $week = (int)$_GET['week']; if ($week == NULL) { $week = date("W"); @@ -289,7 +289,7 @@ if (isset ($_user['user_id'])) show_new_item_form(); break; case "store_personal_agenda_item" : - store_personal_item($_POST['frm_day'], $_POST['frm_month'], $_POST['frm_year'], $_POST['frm_hour'], $_POST['frm_minute'], $_POST['frm_title'], $_POST['frm_content'], $_GET['id']); + store_personal_item($_POST['frm_day'], $_POST['frm_month'], $_POST['frm_year'], $_POST['frm_hour'], $_POST['frm_minute'], $_POST['frm_title'], $_POST['frm_content'], (int)$_GET['id']); if ($_GET['id']) { Display :: display_normal_message(get_lang("PeronalAgendaItemEdited")); @@ -301,10 +301,10 @@ if (isset ($_user['user_id'])) show_personal_agenda(); break; case "edit_personal_agenda_item" : - show_new_item_form($_GET['id']); + show_new_item_form((int)$_GET['id']); break; case "delete_personal_agenda_item" : - delete_personal_agenda($_GET['id']); + delete_personal_agenda((int)$_GET['id']); Display :: display_normal_message(get_lang('PeronalAgendaItemDeleted')); show_personal_agenda(); break; @@ -551,7 +551,7 @@ function display_weekcalendar($agendaitems, $month, $year, $weekdaynames, $month if ($_GET['week']) { $today = mktime(0, 0, 0, 1, 1, $year); - $today = $today + (($_GET['week']) * (7 * 24 * 60 * 60)); + $today = $today + (((int)$_GET['week']) * (7 * 24 * 60 * 60)); $week_number = date("W", $today); } // calculating the start date of the week