chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use api_not_allowed(true); + format code

Browse Source
remotes/angel/1.11.x
jmontoyaa 8 years ago
parent f0e3287f43
commit 7e9c4fb1cb
5 changed files with 73 additions and 127 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 44
      main/survey/question.php
  2. 14
      main/survey/reporting.php
  3. 67
      main/survey/survey.php
  4. 44
      main/survey/survey_invitation.php
  5. 31
      main/survey/survey_invite.php

44
main/survey/question.php
Unescape View File

@ -19,10 +19,13 @@ $(document).ready( function() {
/** @todo this has to be moved to a more appropriate place (after the display_header of the code)*/
if (!api_is_allowed_to_edit(false, true)) {
Display :: display_header();
Display :: display_error_message(get_lang('NotAllowed'), false);
Display :: display_footer();
exit;
api_not_allowed(true);
}
// Getting the survey information
$surveyData = SurveyManager::get_survey($_GET['survey_id']);
if (empty($surveyData)) {
api_not_allowed(true);
}
// Is valid request
@ -32,40 +35,27 @@ $is_valid_request = isset($_REQUEST['is_executable']) ? $_REQUEST['is_executable
$table_survey = Database:: get_course_table(TABLE_SURVEY);
$table_survey_question = Database:: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database:: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_course = Database:: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database:: get_main_table(TABLE_MAIN_USER);
$course_id = api_get_course_int_id();
// Getting the survey information
$surveyData = SurveyManager::get_survey($_GET['survey_id']);
if (empty($surveyData)) {
Display :: display_header(get_lang('ToolSurvey'));
Display :: display_error_message(get_lang('InvallidSurvey'), false);
Display :: display_footer();
exit;
}
$urlname = api_substr(api_html_entity_decode($surveyData['title'], ENT_QUOTES), 0, 40);
if (api_strlen(strip_tags($surveyData['title'])) > 40) {
$urlname .= '...';
$urlname .= '...';
}
if ($surveyData['survey_type'] == 1) {
$sql = 'SELECT id FROM '.Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP).'
WHERE
$sql = 'SELECT id FROM '.Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP).'
WHERE
c_id = '.$course_id.' AND
survey_id = '.(int)$_GET['survey_id'].' LIMIT 1';
$rs = Database::query($sql);
if (Database::num_rows($rs)===0) {
$rs = Database::query($sql);
if (Database::num_rows($rs)===0) {
Display::addFlash(
Display::return_message(get_lang('YouNeedToCreateGroups'))
);
header('Location: '.api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.(int)$_GET['survey_id']);
exit;
}
header('Location: '.api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.(int)$_GET['survey_id']);
exit;
}
}
// Breadcrumbs
@ -155,8 +145,8 @@ $surveyQuestion->getForm()->setDefaults($formData);
$surveyQuestion->renderForm();
if ($surveyQuestion->getForm()->validate()) {
$values = $surveyQuestion->getForm()->getSubmitValues();
$surveyQuestion->save($surveyData, $values);
$values = $surveyQuestion->getForm()->getSubmitValues();
$surveyQuestion->save($surveyData, $values);
}
Display::display_header($tool_name, 'Survey');

14
main/survey/reporting.php
Unescape View File

@ -76,6 +76,10 @@ $people_filled = SurveyManager::get_people_who_filled_survey(
SurveyUtil::check_parameters($people_filled);
$survey_data = SurveyManager::get_survey($survey_id);
// Getting the survey information
if (empty($survey_data)) {
api_not_allowed(true);
}
$isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
api_get_user_id(),
@ -98,16 +102,6 @@ if (!api_is_allowed_to_edit(false, true) || $isDrhOfCourse) {
// Database table definitions
$table_course = Database:: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database:: get_main_table(TABLE_MAIN_USER);
// Getting the survey information
if (empty($survey_data)) {
Display :: display_header(get_lang('ToolSurvey'));
Display :: display_error_message(get_lang('InvallidSurvey'), false);
Display :: display_footer();
exit;
}
$urlname = strip_tags(api_substr(api_html_entity_decode($survey_data['title'], ENT_QUOTES), 0, 40));
if (api_strlen(strip_tags($survey_data['title'])) > 40) {
$urlname .= '...';

67
main/survey/survey.php
Unescape View File

@ -55,51 +55,44 @@ $interbreadcrumb[] = array(
// Getting the survey information
if (!empty($_GET['survey_id'])) {
$course_code = api_get_course_id();
if ($course_code!=-1) {
$survey_data = SurveyManager::get_survey($survey_id);
} else {
Display :: display_header(get_lang('ToolSurvey'));
Display :: display_error_message(get_lang('NotAllowed'), false);
Display :: display_footer();
exit;
}
$course_code = api_get_course_id();
if ($course_code!=-1) {
$survey_data = SurveyManager::get_survey($survey_id);
} else {
api_not_allowed(true);
}
} else {
Display :: display_header(get_lang('ToolSurvey'));
Display :: display_error_message(get_lang('NotAllowed'), false);
Display :: display_footer();
exit;
api_not_allowed(true);
}
$tool_name = strip_tags($survey_data['title']);
$is_survey_type_1 = $survey_data['survey_type'] == 1;
if (api_strlen(strip_tags($survey_data['title'])) > 40) {
$tool_name .= '...';
$tool_name .= '...';
}
if ($is_survey_type_1 && ($action == 'addgroup' || $action == 'deletegroup')) {
$_POST['name'] = trim($_POST['name']);
if ($action == 'addgroup') {
if (!empty($_POST['group_id'])) {
Database::query('UPDATE '.$table_survey_question_group.' SET description = \''.Database::escape_string($_POST['description']).'\'
WHERE c_id = '.$course_id.' AND id = \''.Database::escape_string($_POST['group_id']).'\'');
$sendmsg = 'GroupUpdatedSuccessfully';
} elseif(!empty($_POST['name'])) {
Database::query('INSERT INTO '.$table_survey_question_group.' (c_id, name,description,survey_id) values ('.$course_id.', \''.Database::escape_string($_POST['name']).'\',\''.Database::escape_string($_POST['description']).'\',\''.Database::escape_string($survey_id).'\') ');
$sendmsg = 'GroupCreatedSuccessfully';
} else {
$sendmsg = 'GroupNeedName';
}
}
$_POST['name'] = trim($_POST['name']);
if ($action == 'addgroup') {
if (!empty($_POST['group_id'])) {
Database::query('UPDATE '.$table_survey_question_group.' SET description = \''.Database::escape_string($_POST['description']).'\'
WHERE c_id = '.$course_id.' AND id = \''.Database::escape_string($_POST['group_id']).'\'');
$sendmsg = 'GroupUpdatedSuccessfully';
} elseif(!empty($_POST['name'])) {
Database::query('INSERT INTO '.$table_survey_question_group.' (c_id, name,description,survey_id) values ('.$course_id.', \''.Database::escape_string($_POST['name']).'\',\''.Database::escape_string($_POST['description']).'\',\''.Database::escape_string($survey_id).'\') ');
$sendmsg = 'GroupCreatedSuccessfully';
} else {
$sendmsg = 'GroupNeedName';
}
}
if ($action == 'deletegroup') {
Database::query('DELETE FROM '.$table_survey_question_group.' WHERE c_id = '.$course_id.' AND id = '.intval($_GET['gid']).' and survey_id = '.intval($survey_id));
$sendmsg = 'GroupDeletedSuccessfully';
}
header('Location: '.api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.$survey_id.'&sendmsg='.$sendmsg);
exit;
if ($action == 'deletegroup') {
Database::query('DELETE FROM '.$table_survey_question_group.' WHERE c_id = '.$course_id.' AND id = '.intval($_GET['gid']).' and survey_id = '.intval($survey_id));
$sendmsg = 'GroupDeletedSuccessfully';
}
header('Location: '.api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.$survey_id.'&sendmsg='.$sendmsg);
exit;
}
// Displaying the header
@ -108,9 +101,9 @@ Display::display_header($tool_name, 'Survey');
// Action handling
$my_action_survey = Security::remove_XSS($action);
$my_question_id_survey = isset($_GET['question_id']) ? Security::remove_XSS($_GET['question_id']) : null;
$my_survey_id_survey = Security::remove_XSS($_GET['survey_id']);
$message_information = isset($_GET['message']) ? Security::remove_XSS($_GET['message']) : null;
$my_question_id_survey = isset($_GET['question_id']) ? Security::remove_XSS($_GET['question_id']) : null;
$my_survey_id_survey = Security::remove_XSS($_GET['survey_id']);
$message_information = isset($_GET['message']) ? Security::remove_XSS($_GET['message']) : null;
if (isset($action)) {
if (($action == 'moveup' || $action == 'movedown') && isset($_GET['question_id'])) {

44
main/survey/survey_invitation.php
Unescape View File

@ -12,45 +12,28 @@ require_once __DIR__.'/../inc/global.inc.php';
/** @todo this has to be moved to a more appropriate place (after the display_header of the code)*/
if (!api_is_allowed_to_edit(false, true)) {
Display :: display_header(get_lang('ToolSurvey'));
Display :: display_error_message(get_lang('NotAllowed'), false);
Display :: display_footer();
exit;
api_not_allowed(true);
}
// Database table definitions
$table_survey = Database :: get_course_table(TABLE_SURVEY);
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$table_survey = Database:: get_course_table(TABLE_SURVEY);
$table_survey_question = Database:: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database:: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_course = Database:: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database:: get_main_table(TABLE_MAIN_USER);
$table_survey_invitation = Database:: get_course_table(TABLE_SURVEY_INVITATION);
$tool_name = get_lang('SurveyInvitations');
// Getting the survey information
// We exit here if ther is no valid $_GET parameter
if (!isset($_GET['survey_id']) OR !is_numeric($_GET['survey_id'])) {
Display :: display_header($tool_name);
Display :: display_error_message(get_lang('InvallidSurvey'), false);
Display :: display_footer();
exit;
}
$survey_id = Security::remove_XSS($_GET['survey_id']);
$survey_data = SurveyManager::get_survey($survey_id);
if (empty($survey_data)) {
Display :: display_header($tool_name);
Display :: display_error_message(get_lang('InvallidSurvey'), false);
Display :: display_footer();
exit;
api_not_allowed(true);
}
$urlname = strip_tags(api_substr(api_html_entity_decode($survey_data['title'], ENT_QUOTES), 0, 40));
if (api_strlen(strip_tags($survey_data['title'])) > 40) {
$urlname .= '...';
$urlname .= '...';
}
// Breadcrumbs
@ -61,13 +44,6 @@ $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH).'survey/survey.p
// Displaying the header
Display::display_header($tool_name);
// Checking the parameters
if (!is_numeric($survey_id)) {
Display::display_error_message(get_lang('Error'), false);
Display::display_footer();
exit;
}
// Getting all the people who have filled this survey
$answered_data = SurveyManager::get_people_who_filled_survey($survey_id);
if ($survey_data['anonymous'] == 1) {
@ -75,7 +51,7 @@ if ($survey_data['anonymous'] == 1) {
$answered_data = array();
}
if (!isset($_GET['view']) OR $_GET['view'] == 'invited') {
if (!isset($_GET['view']) || $_GET['view'] == 'invited') {
echo get_lang('ViewInvited'). ' | ';
} else {
echo ' <a href="'.api_get_self().'?survey_id='.$survey_id.'&amp;view=invited">'.get_lang('ViewInvited').'</a> |';

31
main/survey/survey_invite.php
Unescape View File

@ -18,34 +18,28 @@ require_once __DIR__.'/../inc/global.inc.php';
$this_section = SECTION_COURSES;
if (!api_is_allowed_to_edit(false, true)) {
Display :: display_header(get_lang('ToolSurvey'));
Display :: display_error_message(get_lang('NotAllowed'), false);
Display :: display_footer();
exit;
api_not_allowed(true);
}
// Database table definitions
$table_survey = Database:: get_course_table(TABLE_SURVEY);
$table_survey_question = Database:: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_course = Database:: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database:: get_main_table(TABLE_MAIN_USER);
$course_id = api_get_course_int_id();
// Getting the survey information
$survey_id = Security::remove_XSS($_GET['survey_id']);
$survey_data = SurveyManager::get_survey($survey_id);
if (empty($survey_data)) {
Display :: display_header(get_lang('ToolSurvey'));
Display :: display_error_message(get_lang('InvallidSurvey'), false);
Display :: display_footer();
exit;
api_not_allowed(true);
}
// Database table definitions
$table_survey = Database:: get_course_table(TABLE_SURVEY);
$table_survey_question = Database:: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_course = Database:: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database:: get_main_table(TABLE_MAIN_USER);
$urlname = strip_tags(api_substr(api_html_entity_decode($survey_data['title'], ENT_QUOTES), 0, 40));
if (api_strlen(strip_tags($survey_data['title'])) > 40) {
$urlname .= '...';
$urlname .= '...';
}
// Breadcrumbs
@ -64,7 +58,7 @@ if (api_is_course_admin()) {
$tool_name = get_lang('SurveyPublication');
// Displaying the header
Display::display_header($tool_name,'Survey');
Display::display_header($tool_name, 'Survey');
echo '<script>
$(function() {
@ -109,10 +103,9 @@ $complete_user_list = CourseManager::get_user_list_from_course_code(
);
$possible_users = array();
foreach ($complete_user_list as & $user) {
$possible_users[$user['user_id']] = api_get_person_name($user['firstname'], $user['lastname']);
$possible_users[$user['user_id']] = api_get_person_name($user['firstname'], $user['lastname']);
}
CourseManager::addUserGroupMultiSelect($form, array());
/*$form->addElement(

Write Preview
Loading…
Cancel
Save