chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

merge

Browse Source
skala
Yannick Warnier 15 years ago
parent e2c91d3ec7 aad1b51311
commit 7af5eec4ec
4 changed files with 72 additions and 45 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      documentation/changelog.html
  2. 48
      main/forum/forumfunction.inc.php
  3. 18
      main/link/link.php
  4. 49
      main/link/linkfunctions.php

2
documentation/changelog.html
Unescape View File

@ -46,6 +46,7 @@
<h3>Debugging</h3>
<ul>
<li>Security: fixed several possible SQL injections in links edition</li>
<li>Fixed major course copy drawback by which exercise contents were keeping links to the old course (thanks to Ludovic Gasc and SANTEXCEL - BT#658)</li>
<li>Some PHP short tags fixed. Reported by Sicabol, see <a href="http://www.chamilo.org/node/114" target="_blank">http://www.chamilo.org/node/114</a> (Feature #347)</li>
<li>Student publications deleted when an user is unsubscribed of a course. Reported and fixed by André Boivin</li>
@ -65,6 +66,7 @@
<li>Learning Path (Courses): PHP sessions of a LP are destroyed when visiting the main course page.</li>
<li>Assignment tool: Work.php deletes all homeworks bugs fixed. Reported and fixed by carlosbrolotobar <a href="http://www.chamilo.org/node/143" target="_blank">http://www.chamilo.org/node/143</a></li>
<li>Core API: Support has been implemented for json_encode() function for PHP version < 5.2. The correspondent bug-report "Hide and show not working" and testing have been done by Hubert Borderiou <a href="http://support.chamilo.org/issues/761" target="_blank">http://support.chamilo.org/issues/761</a></li>
<li>Fixed target problems in links tool link edition</li>
</ul>
<br />
<h3>CSS changes</h3>

48
main/forum/forumfunction.inc.php
Unescape View File

@ -2854,33 +2854,42 @@ function send_notification_mails($thread_id, $reply_info) {
}
/**
* This function is called whenever something is made visible because there might be new posts and the user might have indicated that (s)he wanted
* to be informed about the new posts by mail.
* This function is called whenever something is made visible because there might
* be new posts and the user might have indicated that (s)he wanted to be
* informed about the new posts by mail.
*
* @param int
* @param string Content type (post, thread, forum, forum_category)
* @param int Item DB ID
* @return string language variable
*
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @version february 2006, dokeos 1.8
*/
function handle_mail_cue($content, $id) {
$table_mailcue = Database :: get_course_table(TABLE_FORUM_MAIL_QUEUE);
$table_forums = Database :: get_course_table(TABLE_FORUM);
$table_threads = Database :: get_course_table(TABLE_FORUM_THREAD);
$table_posts = Database :: get_course_table(TABLE_FORUM_POST);
$table_users = Database :: get_main_table(TABLE_MAIN_USER);
$table_mailcue = Database :: get_course_table(TABLE_FORUM_MAIL_QUEUE);
$table_forums = Database :: get_course_table(TABLE_FORUM);
$table_threads = Database :: get_course_table(TABLE_FORUM_THREAD);
$table_posts = Database :: get_course_table(TABLE_FORUM_POST);
$table_users = Database :: get_main_table(TABLE_MAIN_USER);
$table_userscourses = Database :: get_main_table(TABLE_MAIN_COURSE_REL_USER);
$course = api_get_course_id();
// if the post is made visible we only have to send mails to the people who indicated that they wanted to be informed for that thread.
if ($content=='post') {
// getting the information about the post (need the thread_id)
$post_info=get_post_information($id);
$thread_id = Database::escape_string($post_info['thread_id']);
// sending the mail to all the users that wanted to be informed for replies on this thread.
$sql="SELECT users.firstname, users.lastname, users.user_id, users.email FROM $table_mailcue mailcue, $table_posts posts, $table_users users
WHERE posts.thread_id='".Database::escape_string($post_info['thread_id'])."'
$sql="SELECT users.firstname, users.lastname, users.user_id, users.email
FROM $table_mailcue mailcue, $table_posts posts,
$table_users users, $table_userscourses userscourses
WHERE posts.thread_id='$thread_id'
AND posts.post_notification='1'
AND mailcue.thread_id='".Database::escape_string($post_info['thread_id'])."'
AND mailcue.thread_id='$thread_id'
AND users.user_id=posts.poster_id
AND users.active=1
AND userscourses.user_id = users.user_id
AND userscourses.course_code = '$course'
GROUP BY users.email";
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
@ -2888,15 +2897,22 @@ function handle_mail_cue($content, $id) {
}
// deleting the relevant entries from the mailcue
$sql_delete_mailcue="DELETE FROM $table_mailcue WHERE post_id='".Database::escape_string($id)."' AND thread_id='".Database::escape_string($post_info['thread_id'])."'";
$sql_delete_mailcue="DELETE FROM $table_mailcue
WHERE post_id='".Database::escape_string($id)."'
AND thread_id='".Database::escape_string($post_info['thread_id'])."'";
//$result=Database::query($sql_delete_mailcue);
} elseif ($content=='thread') {
// sending the mail to all the users that wanted to be informed for replies on this thread.
$sql="SELECT users.firstname, users.lastname, users.user_id, users.email FROM $table_mailcue mailcue, $table_posts posts, $table_users users
$sql="SELECT users.firstname, users.lastname, users.user_id, users.email
FROM $table_mailcue mailcue, $table_posts posts,
$table_users users, $table_userscourses userscourses
WHERE posts.thread_id='".Database::escape_string($id)."'
AND posts.post_notification='1'
AND mailcue.thread_id='".Database::escape_string($id)."'
AND users.user_id=posts.poster_id
AND users.active=1
AND userscourses.user_id = users.user_id
AND userscourses.course_code = $course
GROUP BY users.email";
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {

18
main/link/link.php
Unescape View File

@ -16,6 +16,7 @@
* @author René Haentjens, added CSV file import (October 2004)
* @package chamilo.link
* @todo improve organisation, tables should come from database library
* @todo Needs serious rewriting here. This doesn't make sense
*/
/* INIT SECTION */
@ -81,6 +82,7 @@ $submit_link = isset($_REQUEST['submitLink']);
$action = !empty($_REQUEST['action']) ? $_REQUEST['action'] : '';
$category_title = !empty($_REQUEST['category_title']) ? $_REQUEST['category_title'] : '';
$submit_category = isset($_POST['submitCategory']);
$target_link = !empty($_REQUEST['target_link']) ? $_REQUEST['target_link'] : '_self';
$nameTools = get_lang('Links');
@ -275,12 +277,16 @@ if (api_is_allowed_to_edit(null, true) && isset($_GET['action'])) {
'.get_lang('AddTargetOfLinkOnHomepage').'
</div>
<div class="formw" >
<select name="target_link" id="target_link">
<option value="_self">_self</option>
<option value="_blank">_blank</option>
<option value="_parent">_parent</option>
<option value="_top">_top</option>
</select>
<select name="target_link" id="target_link">';
$targets = array('_self'=>get_lang('LinkOpenSelf'),'_blank'=>get_lang('LinkOpenBlank'),'_parent'=>get_lang('LinkOpenParent'),'_top'=>get_lang('LinkOpenTop'));
foreach ($targets as $target_id => $target) {
$selected = '';
if ($target_id == $target_link) {
$selected = ' selected="selected"';
}
echo ' <option value="'.$target_id.'"'.$selected.'>'.$target.'</option> ';
}
echo ' </select>
</div>
</div>';

49
main/link/linkfunctions.php
Unescape View File

@ -293,6 +293,7 @@ function editlinkcategory($type) {
global $description;
global $category_title;
global $onhomepage;
global $target_link;
$tbl_link = Database :: get_course_table(TABLE_LINK);
$tbl_categories = Database :: get_course_table(TABLE_LINK_CATEGORY);
@ -300,18 +301,20 @@ function editlinkcategory($type) {
if ($type == 'link') {
// This is used to populate the link-form with the info found in the database
$sql = "SELECT * FROM ".$tbl_link." WHERE id='".$_GET['id']."'";
$result = Database::query($sql);
if ($myrow = Database::fetch_array($result)) {
$urllink = $myrow['url'];
$title = $myrow['title'];
$description = $myrow['description'];
$category = $myrow['category_id'];
if ($myrow['on_homepage'] != 0) {
$onhomepage = 'checked';
if (!empty($_GET['id'])) {
$sql = "SELECT * FROM ".$tbl_link." WHERE id='".intval($_GET['id'])."'";
$result = Database::query($sql);
if ($myrow = Database::fetch_array($result)) {
$urllink = $myrow['url'];
$title = $myrow['title'];
$description = $myrow['description'];
$category = $myrow['category_id'];
if ($myrow['on_homepage'] != 0) {
$onhomepage = 'checked';
}
$target_link = $myrow['target'];
}
}
// This is used to put the modified info of the link-form into the database
if ($_POST['submitLink']) {
@ -331,7 +334,7 @@ function editlinkcategory($type) {
$category_id = $row['category_id'];
if ($category_id != $_POST['selectcategory']) {
$sql = "SELECT MAX(display_order) FROM ".$tbl_link." WHERE category_id='".$_POST['selectcategory']."'";
$sql = "SELECT MAX(display_order) FROM ".$tbl_link." WHERE category_id='".intval($_POST['selectcategory'])."'";
$result = Database::query($sql);
list ($max_display_order) = Database::fetch_row($result);
$max_display_order ++;
@ -344,11 +347,11 @@ function editlinkcategory($type) {
// Update search enchine and its values table if enabled
if (api_get_setting('search_enabled') == 'true') {
$link_id = $_POST['id'];
$link_id = intval($_POST['id']);
$course_id = api_get_course_id();
$link_url = $_POST['urllink'];
$link_title = $_POST['title'];
$link_description = $_POST['description'];
$link_url = Database::escape_string($_POST['urllink']);
$link_title = Database::escape_string($_POST['title']);
$link_description = Database::escape_string($_POST['description']);
// Actually, it consists on delete terms from db, insert new ones, create a new search engine document, and remove the old one
// get search_did
@ -440,7 +443,7 @@ function editlinkcategory($type) {
// This is used to populate the category-form with the info found in the database
if (!$submit_category) {
$sql = "SELECT * FROM ".$tbl_categories." WHERE id='".$_GET['id']."'";
$sql = "SELECT * FROM ".$tbl_categories." WHERE id='".intval($_GET['id'])."'";
$result = Database::query($sql);
if ($myrow = Database::fetch_array($result)) {
$category_title = $myrow["category_title"];
@ -512,10 +515,10 @@ function showlinksofcategory($catid) {
$myrow[3] = text_filter($myrow[3]);
if ($myrow['visibility'] == '1') {
echo '<tr class="', $css_class, '"><td align="center" valign="middle" width="15"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], '&amp;link_url=', urlencode($myrow[1]), '" target="_blank"><img src="../../main/img/file_html.gif" border="0" alt="', get_lang('Link'), '"/></a></td><td width="80%" valign="top"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], '&amp;link_url=', urlencode($myrow[1]), '" target="_blank">', Security::remove_XSS($myrow[2]), '</a>', $session_img, '<br />', $myrow[3];
echo '<tr class="', $css_class, '"><td align="center" valign="middle" width="15"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], '&amp;link_url=', urlencode($myrow[1]), '" target="_blank"><img src="../../main/img/file_html.gif" border="0" alt="', get_lang('Link'), '"/></a></td><td width="80%" valign="top"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], '&amp;link_url=', urlencode($myrow[1]), '" target="',$myrow['target'],'">', Security::remove_XSS($myrow[2]), '</a>', $session_img, '<br />', $myrow[3];
} else {
if (api_is_allowed_to_edit(null, true)) {
echo '<tr class="', $css_class, '"><td align="center" valign="middle" width="15"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], "&amp;link_url=", urlencode($myrow[1]), '" target="_blank" class="invisible">', Display::return_icon('file_html_na.gif', get_lang('Link')), '</a></td><td width="80%" valign="top"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], '&amp;link_url=', urlencode($myrow[1]), '" target="_blank" class="invisible">', Security::remove_XSS($myrow[2]), "</a>\n", $session_img, '<br />', $myrow[3];
echo '<tr class="', $css_class, '"><td align="center" valign="middle" width="15"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], "&amp;link_url=", urlencode($myrow[1]), '" target="_blank" class="invisible">', Display::return_icon('file_html_na.gif', get_lang('Link')), '</a></td><td width="80%" valign="top"><a href="link_goto.php?', api_get_cidreq(), '&amp;link_id=', $myrow[0], '&amp;link_url=', urlencode($myrow[1]), '" target="',$myrow['target'],'" class="invisible">', Security::remove_XSS($myrow[2]), "</a>\n", $session_img, '<br />', $myrow[3];
}
}
@ -678,23 +681,23 @@ function get_cat($catname) {
function put_link($url, $cat, $title, $description, $on_homepage, $hidden) {
$tbl_link = Database :: get_course_table(TABLE_LINK);
$urleq = "url='".addslashes($url)."'";
$cateq = "category_id=".$cat;
$urleq = "url='".Database::escape_string($url)."'";
$cateq = "category_id=".intval($cat);
$result = Database::query("SELECT id FROM $tbl_link WHERE ".$urleq.' AND '.$cateq);
if (Database::num_rows($result) >= 1 && ($row = Database::fetch_array($result))) {
Database::query("UPDATE $tbl_link set title='".addslashes($title)."', description='".addslashes($description)."' WHERE id='".addslashes($id = $row['id'])."'");
Database::query("UPDATE $tbl_link set title='".Database::escape_string($title)."', description='".Database::escape_string($description)."' WHERE id='".Database::escape_string($row['id'])."'");
$lang_link = get_lang('update_link');
$ipu = 'LinkUpdated';
$rv = 1; // 1 = upd
} else {
// Add new link
$result = Database::query("SELECT MAX(display_order) FROM $tbl_link WHERE category_id='".addslashes($cat)."'");
$result = Database::query("SELECT MAX(display_order) FROM $tbl_link WHERE category_id='".intval($cat)."'");
list ($max_order) = Database::fetch_row($result);
Database::query("INSERT INTO $tbl_link (url, title, description, category_id, display_order, on_homepage) VALUES ('".addslashes($url)."','".addslashes($title)."','".addslashes($description)."','".addslashes($cat)."','". ($max_order +1)."','".$on_homepage."')");
Database::query("INSERT INTO $tbl_link (url, title, description, category_id, display_order, on_homepage) VALUES ('".Database::escape_string($url)."','".Database::escape_string($title)."','".Database::escape_string($description)."','".intval($cat)."','". (intval($max_order) +1)."','".intval($on_homepage)."')");
$id = Database::insert_id();
$lang_link = get_lang('new_link');

Write Preview
Loading…
Cancel
Save