From 7318d62ae58ab97f59d6973f41780e09c37ade5c Mon Sep 17 00:00:00 2001
From: Isaac Flores <isaac.flores@beeznest.com>
Date: Sat, 4 Jul 2009 01:05:34 +0200
Subject: [PATCH] [svn r21776] logic changes - Allow see image when user is
 student - (partial FS#4379)

---
 main/coursecopy/classes/CourseRestorer.class.php | 16 ++++++++++++++--
 main/coursecopy/copy_course.php                  | 14 +++++++-------
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/main/coursecopy/classes/CourseRestorer.class.php b/main/coursecopy/classes/CourseRestorer.class.php
index 703612f583..54a3ffb3ee 100644
--- a/main/coursecopy/classes/CourseRestorer.class.php
+++ b/main/coursecopy/classes/CourseRestorer.class.php
@@ -1,4 +1,4 @@
-<?php // $Id: CourseRestorer.class.php 21245 2009-06-03 14:56:13Z juliomontoya $
+<?php // $Id: CourseRestorer.class.php 21776 2009-07-03 23:05:34Z iflorespaz $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -571,11 +571,23 @@ class CourseRestorer
 	{
 		if ($this->course->has_resources(RESOURCE_COURSEDESCRIPTION))
 		{
+			
+						
+						
 			$table = Database :: get_course_table(TABLE_COURSE_DESCRIPTION, $this->course->destination_db);
 			$resources = $this->course->resources;
 			foreach ($resources[RESOURCE_COURSEDESCRIPTION] as $id => $cd)
 			{
-				$sql = "INSERT INTO ".$table." SET title = '".Database::escape_string($cd->title)."', content = '".Database::escape_string($cd->content)."'";
+			
+				if (isset($_POST['destination_course'])) {
+					$course_destination=Security::remove_XSS($_POST['destination_course']);
+				} else {
+					$course_destination=$this->course->destination_path;
+				}
+				$search='../courses/'.api_get_course_id().'/document';
+				$replace_search_by='../courses/'.$course_destination.'/document';
+				$description_content=str_replace($search,$replace_search_by,$cd->content);
+				$sql = "INSERT INTO ".$table." SET title = '".Database::escape_string($cd->title)."', content = '".Database::escape_string($description_content)."'";
 				api_sql_query($sql, __FILE__, __LINE__);
 				$this->course->resources[RESOURCE_COURSEDESCRIPTION][$id]->destination_id = Database::get_last_insert_id();
 			}
diff --git a/main/coursecopy/copy_course.php b/main/coursecopy/copy_course.php
index 29af32b1cb..dff3ffe909 100644
--- a/main/coursecopy/copy_course.php
+++ b/main/coursecopy/copy_course.php
@@ -1,5 +1,5 @@
 <?php
-// $Id: copy_course.php 19948 2009-04-21 17:27:59Z juliomontoya $
+// $Id: copy_course.php 21776 2009-07-03 23:05:34Z iflorespaz $
 /*
 ============================================================================== 
 	Dokeos - elearning and course management software
@@ -38,11 +38,11 @@
 */ 
 // name of the language file that needs to be included 
 $language_file = array('coursebackup','admin');
-include ('../inc/global.inc.php');
-include_once(api_get_path(LIBRARY_PATH) . 'fileManage.lib.php');
-require_once ('classes/CourseBuilder.class.php');
-require_once ('classes/CourseRestorer.class.php');
-require_once ('classes/CourseSelectForm.class.php');
+require_once '../inc/global.inc.php';
+include_once api_get_path(LIBRARY_PATH) . 'fileManage.lib.php';
+require_once 'classes/CourseBuilder.class.php';
+require_once 'classes/CourseRestorer.class.php';
+require_once 'classes/CourseSelectForm.class.php';
 
 if (!api_is_allowed_to_edit())
 {
@@ -99,7 +99,7 @@ if ((isset ($_POST['action']) && $_POST['action'] == 'course_select_form') || (i
 	}
 	$sql .= ' AND target_course_code IS NULL AND cu.user_id = '.$user_info['user_id'].' AND c.code != '."'".$course_info['sysCode']."'".' ORDER BY title ASC';
 	$res = api_sql_query($sql,__FILE__,__LINE__);
-	if( mysql_num_rows($res) == 0) {
+	if( Database::num_rows($res) == 0) {
 		Display::display_normal_message(get_lang('NoDestinationCoursesAvailable'));	
 	} else {
 ?>