[svn r20622] Slightly improved filtering, presentation and documentation (related to FS#4187)

main/inc/lib/message.lib.php

@@ -22,8 +22,8 @@
 ==============================================================================
 */
 
-include_once(api_get_path(LIBRARY_PATH).'/online.inc.php');
-require_once '../messages/message.class.php';
+require_once api_get_path(LIBRARY_PATH).'online.inc.php';
+require_once api_get_path(SYS_CODE_PATH).'messages/message.class.php';
 function inbox_display() {
 	$charset = api_get_setting('platform_charset');
 	$table_message = Database::get_main_table(TABLE_MESSAGE); 
@@ -32,46 +32,45 @@ function inbox_display() {
 		$redirect="#remote-tab-2";	
 		if (api_get_setting('allow_social_tool')=='true' && api_get_setting('allow_message_tool')=='true') {
 			$success= get_lang('SelectedMessagesDeleted').
-			"&nbsp
-			<br/><a href=\"".
+			"&nbsp;
+			<br /><a href=\"".
 			"../social/index.php?$redirect\">".
 			get_lang('BackToInbox').
 			"</a>";
 		} else {
 			$success= get_lang('SelectedMessagesDeleted').
-			"&nbsp
-			<br/><a href=\"".
+			"&nbsp;
+			<br /><a href=\"".
 			"../social/index.php?$redirect\">".
 			get_lang('BackToInbox').
 			"</a>";				
 		}
-			
 	} else {
 		$success= get_lang('SelectedMessagesDeleted').
-			"&nbsp
-			<br/><a href=\"".
+			"&nbsp;
+			<br /><a href=\"".
 			"inbox.php\">".
 			get_lang('BackToOutbox').
 			"</a>";
 	}
-	
+
 	if (isset ($_REQUEST['action'])) {
 		switch ($_REQUEST['action']) {
 			case 'delete' :
-			$number_of_selected_messages = count($_POST['id']);
-			foreach ($_POST['id'] as $index => $message_id) {
-				MessageManager::delete_message_by_user_receiver(api_get_user_id(), $message_id);	
-			}
-			Display::display_normal_message(api_xml_http_response_encode($success),false);
-			break;
+    			$number_of_selected_messages = count($_POST['id']);
+    			foreach ($_POST['id'] as $index => $message_id) {
+    				MessageManager::delete_message_by_user_receiver(api_get_user_id(), $message_id);
+    			}
+    			Display::display_normal_message(api_xml_http_response_encode($success),false);
+    			break;
 			case 'deleteone' :
-			MessageManager::delete_message_by_user_receiver(api_get_user_id(), $_GET['id']);
-			Display::display_confirmation_message(api_xml_http_response_encode($success),false);
-			echo '<br/>';	
-			break;
+    			MessageManager::delete_message_by_user_receiver(api_get_user_id(), $_GET['id']);
+    			Display::display_confirmation_message(api_xml_http_response_encode($success),false);
+    			echo '<br />';
+    			break;
 		}
 	}
-	
+
 	// display sortable table with messages of the current user
 	$table = new SortableTable('messages', 'get_number_of_messages_mask', 'get_message_data_mask', 1);
 	$table->set_header(0, '', false,array ('style' => 'width:20px;'));
@@ -82,7 +81,7 @@ function inbox_display() {
 	$table->set_header(3,$title,false);
 	$table->set_header(4,api_xml_http_response_encode(get_lang('Date')),false,array('style' => 'width:150px;'));
 	$table->set_header(5,$action,false,array ('style' => 'width:100px;'));
-echo '<div id="div_content_table_data">';
+    echo '<div id="div_content_table_data">';
 	if ($request===true) {
 		echo '<form name="form_send" id="form_send" action="" method="post">';
 		echo '<input type="hidden" name="action" value="delete" />';
@@ -97,7 +96,7 @@ echo '<div id="div_content_table_data">';
 		$table->set_form_actions(array ('delete' => api_xml_http_response_encode(get_lang('DeleteSelectedMessages'))));
 		$table->display();
 	}
-echo '</div>';
+    echo '</div>';
 }
 function get_number_of_messages_mask() {
 	return MessageManager::get_number_of_messages();

main/messages/send_message.php

@@ -25,20 +25,20 @@
 */
 $language_file = array('registration','messages','userInfo','admin');
 $cidReset=true;
-include_once ('../inc/global.inc.php');
+require_once '../inc/global.inc.php';
 require_once '../messages/message.class.php';
-include_once(api_get_path(LIBRARY_PATH).'/usermanager.lib.php');
-include_once(api_get_path(LIBRARY_PATH).'/message.lib.php');
-include_once(api_get_path(LIBRARY_PATH).'/social.lib.php');
+require_once api_get_path(LIBRARY_PATH).'usermanager.lib.php';
+require_once api_get_path(LIBRARY_PATH).'message.lib.php';
+require_once api_get_path(LIBRARY_PATH).'social.lib.php';
 
 if (api_is_anonymous()) {
 	api_not_allowed();
 }
 
-$user_id=$_POST['user_id'];
-$panel_id=$_POST['panel_id'];
-$content_message=$_POST['txt_content'];
-$subject_message=$_POST['txt_subject'];
+$user_id=intval($_POST['user_id']);
+$panel_id=intval($_POST['panel_id']);
+$content_message=$_POST['txt_content']; //check this is filtered on output
+$subject_message=$_POST['txt_subject']; //check this is filtered on output
 $user_info=array();
 $user_info=api_get_user_info($user_id);
 if ($panel_id==2) {
@@ -73,6 +73,6 @@ if ($panel_id==4) {
 	}
 	UserFriend::send_invitation_friend_user($user_id,$subject_message,$content_message);
 } elseif ($panel_id==5) {
-		UserFriend::send_invitation_friend_user($user_id,$subject_message,$content_message);	
+	UserFriend::send_invitation_friend_user($user_id,$subject_message,$content_message);	
 }
 ?>

main/messages/send_message_to_userfriend.inc.php

@@ -2,11 +2,11 @@
 /* For licensing terms, see /dokeos_license.txt */
 $language_file = array('registration','messages','userInfo','admin');
 $cidReset=true;
-include_once ('../inc/global.inc.php');
+require_once '../inc/global.inc.php';
 require_once '../messages/message.class.php';
-include_once(api_get_path(LIBRARY_PATH).'/usermanager.lib.php');
-include_once(api_get_path(LIBRARY_PATH).'/message.lib.php');
-include_once(api_get_path(LIBRARY_PATH).'/social.lib.php');
+require_once api_get_path(LIBRARY_PATH).'usermanager.lib.php';
+require_once api_get_path(LIBRARY_PATH).'message.lib.php';
+require_once api_get_path(LIBRARY_PATH).'social.lib.php';
 if (api_is_anonymous()) {
 	api_not_allowed();
 }
@@ -46,15 +46,15 @@ if ( isset($_REQUEST['user_friend']) ) {
                 //normal message
 		   		 $user_info=api_get_user_info($userfriend_id);
 		  		 echo api_xml_http_response_encode(get_lang('To')); ?> :&nbsp;&nbsp;&nbsp;&nbsp;<?php echo api_xml_http_response_encode($user_info['firstName'].' '.$user_info['lastName']); ?>
-		  		 <br/>
-		 		 <br/><?php echo api_xml_http_response_encode(get_lang('Subject')); ?> :<br/><input id="txt_subject_id" type="text" style="width:300px;"><br/>
-		   		 <br/><?php echo api_xml_http_response_encode(get_lang('Message')); ?> :<br/><textarea id="txt_area_invite" rows="4" cols="41"></textarea>
+		  		 <br />
+		 		 <br /><?php echo api_xml_http_response_encode(get_lang('Subject')); ?> :<br /><input id="txt_subject_id" type="text" style="width:300px;"><br/>
+		   		 <br /><?php echo api_xml_http_response_encode(get_lang('Message')); ?> :<br /><textarea id="txt_area_invite" rows="4" cols="41"></textarea>
 		   		 <br /><br />		    	  
 		   		 <input type="button" value="<?php echo api_xml_http_response_encode(get_lang('SendMessage')); ?>" onclick="action_database_panel('5','<?php echo $userfriend_id;?>')" />
 <?php
 			} else {
                 // friend invitation message
-				echo api_xml_http_response_encode(get_lang('AddPersonalMessage'));  ?> :<br/><br/>
+				echo api_xml_http_response_encode(get_lang('AddPersonalMessage'));  ?> :<br /><br />
 				<textarea id="txt_area_invite" rows="5" cols="41"></textarea><br /><br />
 						    
 		    	<input type="button" value="<?php echo api_xml_http_response_encode(get_lang('SocialAddToFriends')); ?>" onclick="action_database_panel('4','<?php echo $userfriend_id;?>')" />

main/social/register_friend.php

@@ -1,27 +1,25 @@
-<?php
-/*
- * Created on 24/01/2009
- *
- * To change the template for this generated file go to
- * Window - Preferences - PHPeclipse - PHP - Code Templates
+<?php //$id: $
+/* For licensing terms, see /dokeos_license.txt */
+/**
+ * Provides a short controller for friends registration
  */
- // name of the language file that needs to be included
+ // names of the language files that needs to be included
 $language_file = array('registration','messages','userInfo','admin');
 require '../inc/global.inc.php';
-include_once (api_get_path(LIBRARY_PATH).'image.lib.php');
-require_once (api_get_path(LIBRARY_PATH).'usermanager.lib.php');
+require_once api_get_path(LIBRARY_PATH).'image.lib.php';
+require_once api_get_path(LIBRARY_PATH).'usermanager.lib.php';
 require_once api_get_path(LIBRARY_PATH).'social.lib.php';
 $the_current_user_id	 = api_get_user_id();
-$my_current_friend		 = $_POST['friend_id'];
-$my_denied_current_friend= $_POST['denied_friend_id'];
-$my_delete_friend        = $_POST['delete_friend_id'];
-$friend_id_qualify       = $_POST['user_id_friend_q'];
-$type_friend_qualify     = $_POST['type_friend_q'];
-$is_my_friend            = $_POST['is_my_friend'];
+$my_current_friend		 = intval($_POST['friend_id']);
+$my_denied_current_friend= intval($_POST['denied_friend_id']);
+$my_delete_friend        = intval($_POST['delete_friend_id']);
+$friend_id_qualify       = intval($_POST['user_id_friend_q']);
+$type_friend_qualify     = $_POST['type_friend_q']; //filtered?
+$is_my_friend            = $_POST['is_my_friend']; //filtered?
 if (isset($is_my_friend)) {
 	$relation_type='3';//my friend
 } else {
-	$relation_type='1';//Contact unknow	
+	$relation_type='1';//Contact unknown	
 }
 
 

main/social/select_friend_response.php

@@ -121,5 +121,4 @@ cellpadding="0" cellspacing="0" bgcolor="#9DACBF">
 </div>
 <br/>
 <?php
-}
-?>
+}