skala
Yannick Warnier 15 years ago
commit 7af5eec4ec
  1. 2
      documentation/changelog.html
  2. 48
      main/forum/forumfunction.inc.php
  3. 18
      main/link/link.php
  4. 49
      main/link/linkfunctions.php

@ -46,6 +46,7 @@
<h3>Debugging</h3>
<ul>
<li>Security: fixed several possible SQL injections in links edition</li>
<li>Fixed major course copy drawback by which exercise contents were keeping links to the old course (thanks to Ludovic Gasc and SANTEXCEL - BT#658)</li>
<li>Some PHP short tags fixed. Reported by Sicabol, see <a href="http://www.chamilo.org/node/114" target="_blank">http://www.chamilo.org/node/114</a> (Feature #347)</li>
<li>Student publications deleted when an user is unsubscribed of a course. Reported and fixed by André Boivin</li>
@ -65,6 +66,7 @@
<li>Learning Path (Courses): PHP sessions of a LP are destroyed when visiting the main course page.</li>
<li>Assignment tool: Work.php deletes all homeworks bugs fixed. Reported and fixed by carlosbrolotobar <a href="http://www.chamilo.org/node/143" target="_blank">http://www.chamilo.org/node/143</a></li>
<li>Core API: Support has been implemented for json_encode() function for PHP version < 5.2. The correspondent bug-report "Hide and show not working" and testing have been done by Hubert Borderiou <a href="http://support.chamilo.org/issues/761" target="_blank">http://support.chamilo.org/issues/761</a></li>
<li>Fixed target problems in links tool link edition</li>
</ul>
<br />
<h3>CSS changes</h3>

@ -2854,33 +2854,42 @@ function send_notification_mails($thread_id, $reply_info) {
}
/**
* This function is called whenever something is made visible because there might be new posts and the user might have indicated that (s)he wanted
* to be informed about the new posts by mail.
* This function is called whenever something is made visible because there might
* be new posts and the user might have indicated that (s)he wanted to be
* informed about the new posts by mail.
*
* @param int
* @param string Content type (post, thread, forum, forum_category)
* @param int Item DB ID
* @return string language variable
*
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @version february 2006, dokeos 1.8
*/
function handle_mail_cue($content, $id) {
$table_mailcue = Database :: get_course_table(TABLE_FORUM_MAIL_QUEUE);
$table_forums = Database :: get_course_table(TABLE_FORUM);
$table_threads = Database :: get_course_table(TABLE_FORUM_THREAD);
$table_posts = Database :: get_course_table(TABLE_FORUM_POST);
$table_users = Database :: get_main_table(TABLE_MAIN_USER);
$table_mailcue = Database :: get_course_table(TABLE_FORUM_MAIL_QUEUE);
$table_forums = Database :: get_course_table(TABLE_FORUM);
$table_threads = Database :: get_course_table(TABLE_FORUM_THREAD);
$table_posts = Database :: get_course_table(TABLE_FORUM_POST);
$table_users = Database :: get_main_table(TABLE_MAIN_USER);
$table_userscourses = Database :: get_main_table(TABLE_MAIN_COURSE_REL_USER);
$course = api_get_course_id();
// if the post is made visible we only have to send mails to the people who indicated that they wanted to be informed for that thread.
if ($content=='post') {
// getting the information about the post (need the thread_id)
$post_info=get_post_information($id);
$thread_id = Database::escape_string($post_info['thread_id']);
// sending the mail to all the users that wanted to be informed for replies on this thread.
$sql="SELECT users.firstname, users.lastname, users.user_id, users.email FROM $table_mailcue mailcue, $table_posts posts, $table_users users
WHERE posts.thread_id='".Database::escape_string($post_info['thread_id'])."'
$sql="SELECT users.firstname, users.lastname, users.user_id, users.email
FROM $table_mailcue mailcue, $table_posts posts,
$table_users users, $table_userscourses userscourses
WHERE posts.thread_id='$thread_id'
AND posts.post_notification='1'
AND mailcue.thread_id='".Database::escape_string($post_info['thread_id'])."'
AND mailcue.thread_id='$thread_id'
AND users.user_id=posts.poster_id
AND users.active=1
AND userscourses.user_id = users.user_id
AND userscourses.course_code = '$course'
GROUP BY users.email";
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
@ -2888,15 +2897,22 @@ function handle_mail_cue($content, $id) {
}
// deleting the relevant entries from the mailcue
$sql_delete_mailcue="DELETE FROM $table_mailcue WHERE post_id='".Database::escape_string($id)."' AND thread_id='".Database::escape_string($post_info['thread_id'])."'";
$sql_delete_mailcue="DELETE FROM $table_mailcue
WHERE post_id='".Database::escape_string($id)."'
AND thread_id='".Database::escape_string($post_info['thread_id'])."'";
//$result=Database::query($sql_delete_mailcue);
} elseif ($content=='thread') {
// sending the mail to all the users that wanted to be informed for replies on this thread.
$sql="SELECT users.firstname, users.lastname, users.user_id, users.email FROM $table_mailcue mailcue, $table_posts posts, $table_users users
$sql="SELECT users.firstname, users.lastname, users.user_id, users.email
FROM $table_mailcue mailcue, $table_posts posts,
$table_users users, $table_userscourses userscourses
WHERE posts.thread_id='".Database::escape_string($id)."'
AND posts.post_notification='1'
AND mailcue.thread_id='".Database::escape_string($id)."'
AND users.user_id=posts.poster_id
AND users.active=1
AND userscourses.user_id = users.user_id
AND userscourses.course_code = $course
GROUP BY users.email";
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {

@ -16,6 +16,7 @@
* @author René Haentjens, added CSV file import (October 2004)
* @package chamilo.link
* @todo improve organisation, tables should come from database library
* @todo Needs serious rewriting here. This doesn't make sense
*/
/* INIT SECTION */
@ -81,6 +82,7 @@ $submit_link = isset($_REQUEST['submitLink']);
$action = !empty($_REQUEST['action']) ? $_REQUEST['action'] : '';
$category_title = !empty($_REQUEST['category_title']) ? $_REQUEST['category_title'] : '';
$submit_category = isset($_POST['submitCategory']);
$target_link = !empty($_REQUEST['target_link']) ? $_REQUEST['target_link'] : '_self';
$nameTools = get_lang('Links');
@ -275,12 +277,16 @@ if (api_is_allowed_to_edit(null, true) && isset($_GET['action'])) {
'.get_lang('AddTargetOfLinkOnHomepage').'
</div>
<div class="formw" >
<select name="target_link" id="target_link">
<option value="_self">_self</option>
<option value="_blank">_blank</option>
<option value="_parent">_parent</option>
<option value="_top">_top</option>
</select>
<select name="target_link" id="target_link">';
$targets = array('_self'=>get_lang('LinkOpenSelf'),'_blank'=>get_lang('LinkOpenBlank'),'_parent'=>get_lang('LinkOpenParent'),'_top'=>get_lang('LinkOpenTop'));
foreach ($targets as $target_id => $target) {
$selected = '';
if ($target_id == $target_link) {
$selected = ' selected="selected"';
}
echo ' <option value="'.$target_id.'"'.$selected.'>'.$target.'</option> ';
}
echo ' </select>
</div>
</div>';

@ -293,6 +293,7 @@ function editlinkcategory($type) {
global $description;
global $category_title;
global $onhomepage;
global $target_link;
$tbl_link = Database :: get_course_table(TABLE_LINK);
$tbl_categories = Database :: get_course_table(TABLE_LINK_CATEGORY);
@ -300,18 +301,20 @@ function editlinkcategory($type) {
if ($type == 'link') {
// This is used to populate the link-form with the info found in the database
$sql = "SELECT * FROM ".$tbl_link." WHERE id='".$_GET['id']."'";
$result = Database::query($sql);
if ($myrow = Database::fetch_array($result)) {
$urllink = $myrow['url'];
$title = $myrow['title'];
$description = $myrow['description'];
$category = $myrow['category_id'];
if ($myrow['on_homepage'] != 0) {
$onhomepage = 'checked';
if (!empty($_GET['id'])) {
$sql = "SELECT * FROM ".$tbl_link." WHERE id='".intval($_GET['id'])."'";
$result = Database::query($sql);
if ($myrow = Database::fetch_array($result)) {
$urllink = $myrow['url'];
$title = $myrow['title'];
$description = $myrow['description'];
$category = $myrow['category_id'];
if ($myrow['on_homepage'] != 0) {
$onhomepage = 'checked';
}
$target_link = $myrow['target'];
}
}
// This is used to put the modified info of the link-form into the database
if ($_POST['submitLink']) {
@ -331,7 +334,7 @@ function editlinkcategory($type) {
$category_id = $row['category_id'];
if ($category_id != $_POST['selectcategory']) {
$sql = "SELECT MAX(display_order) FROM ".$tbl_link." WHERE category_id='".$_POST['selectcategory']."'";
$sql = "SELECT MAX(display_order) FROM ".$tbl_link." WHERE category_id='".intval($_POST['selectcategory'])."'";
$result = Database::query($sql);
list ($max_display_order) = Database::fetch_row($result);
$max_display_order ++;
@ -344,11 +347,11 @@ function editlinkcategory($type) {
// Update search enchine and its values table if enabled
if (api_get_setting('search_enabled') == 'true') {
$link_id = $_POST['id'];
$link_id = intval($_POST['id']);
$course_id = api_get_course_id();
$link_url = $_POST['urllink'];
$link_title = $_POST['title'];
$link_description = $_POST['description'];
$link_url = Database::escape_string($_POST['urllink']);
$link_title = Database::escape_string($_POST['title']);
$link_description = Database::escape_string($_POST['description']);
// Actually, it consists on delete terms from db, insert new ones, create a new search engine document, and remove the old one
// get search_did
@ -440,7 +443,7 @@ function editlinkcategory($type) {
// This is used to populate the category-form with the info found in the database
if (!$submit_category) {
$sql = "SELECT * FROM ".$tbl_categories." WHERE id='".$_GET['id']."'";
$sql = "SELECT * FROM ".$tbl_categories." WHERE id='".intval($_GET['id'])."'";
$result = Database::query($sql);
if ($myrow = Database::fetch_array($result)) {
$category_title = $myrow["category_title"];
@ -512,10 +515,10 @@ function showlinksofcategory($catid) {
$myrow[3] = text_filter($myrow[3]);
if ($myrow['visibility'] == '1') {
echo '<tr class="', $css_class, '"><td align="center" valign="middle" width="15"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], '&amp;link_url=', urlencode($myrow[1]), '" target="_blank"><img src="../../main/img/file_html.gif" border="0" alt="', get_lang('Link'), '"/></a></td><td width="80%" valign="top"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], '&amp;link_url=', urlencode($myrow[1]), '" target="_blank">', Security::remove_XSS($myrow[2]), '</a>', $session_img, '<br />', $myrow[3];
echo '<tr class="', $css_class, '"><td align="center" valign="middle" width="15"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], '&amp;link_url=', urlencode($myrow[1]), '" target="_blank"><img src="../../main/img/file_html.gif" border="0" alt="', get_lang('Link'), '"/></a></td><td width="80%" valign="top"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], '&amp;link_url=', urlencode($myrow[1]), '" target="',$myrow['target'],'">', Security::remove_XSS($myrow[2]), '</a>', $session_img, '<br />', $myrow[3];
} else {
if (api_is_allowed_to_edit(null, true)) {
echo '<tr class="', $css_class, '"><td align="center" valign="middle" width="15"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], "&amp;link_url=", urlencode($myrow[1]), '" target="_blank" class="invisible">', Display::return_icon('file_html_na.gif', get_lang('Link')), '</a></td><td width="80%" valign="top"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], '&amp;link_url=', urlencode($myrow[1]), '" target="_blank" class="invisible">', Security::remove_XSS($myrow[2]), "</a>\n", $session_img, '<br />', $myrow[3];
echo '<tr class="', $css_class, '"><td align="center" valign="middle" width="15"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], "&amp;link_url=", urlencode($myrow[1]), '" target="_blank" class="invisible">', Display::return_icon('file_html_na.gif', get_lang('Link')), '</a></td><td width="80%" valign="top"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], '&amp;link_url=', urlencode($myrow[1]), '" target="',$myrow['target'],'" class="invisible">', Security::remove_XSS($myrow[2]), "</a>\n", $session_img, '<br />', $myrow[3];
}
}
@ -678,23 +681,23 @@ function get_cat($catname) {
function put_link($url, $cat, $title, $description, $on_homepage, $hidden) {
$tbl_link = Database :: get_course_table(TABLE_LINK);
$urleq = "url='".addslashes($url)."'";
$cateq = "category_id=".$cat;
$urleq = "url='".Database::escape_string($url)."'";
$cateq = "category_id=".intval($cat);
$result = Database::query("SELECT id FROM $tbl_link WHERE ".$urleq.' AND '.$cateq);
if (Database::num_rows($result) >= 1 && ($row = Database::fetch_array($result))) {
Database::query("UPDATE $tbl_link set title='".addslashes($title)."', description='".addslashes($description)."' WHERE id='".addslashes($id = $row['id'])."'");
Database::query("UPDATE $tbl_link set title='".Database::escape_string($title)."', description='".Database::escape_string($description)."' WHERE id='".Database::escape_string($row['id'])."'");
$lang_link = get_lang('update_link');
$ipu = 'LinkUpdated';
$rv = 1; // 1 = upd
} else {
// Add new link
$result = Database::query("SELECT MAX(display_order) FROM $tbl_link WHERE category_id='".addslashes($cat)."'");
$result = Database::query("SELECT MAX(display_order) FROM $tbl_link WHERE category_id='".intval($cat)."'");
list ($max_order) = Database::fetch_row($result);
Database::query("INSERT INTO $tbl_link (url, title, description, category_id, display_order, on_homepage) VALUES ('".addslashes($url)."','".addslashes($title)."','".addslashes($description)."','".addslashes($cat)."','". ($max_order +1)."','".$on_homepage."')");
Database::query("INSERT INTO $tbl_link (url, title, description, category_id, display_order, on_homepage) VALUES ('".Database::escape_string($url)."','".Database::escape_string($title)."','".Database::escape_string($description)."','".intval($cat)."','". (intval($max_order) +1)."','".intval($on_homepage)."')");
$id = Database::insert_id();
$lang_link = get_lang('new_link');

Loading…
Cancel
Save