chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r11159] Removed potential SQL injection (http://projects.dokeos.com/?do=details&id=1202)

Browse Source 
Removed undefined $documentPath usage
skala
Yannick Warnier 18 years ago
parent 09f1b7fdd6
commit 7f2c907fc7
2 changed files with 7 additions and 5 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      main/tracking/userLog.php
  2. 5
      main/tracking/userlogCSV.php

7
main/tracking/userLog.php
Unescape View File

@ -1,4 +1,4 @@
<?php // $Id: userLog.php 10902 2007-01-25 14:44:35Z elixir_julian $
<?php // $Id: userLog.php 11159 2007-02-20 01:06:22Z yannoo $
/*
==============================================================================
Dokeos - elearning and course management software
@ -74,7 +74,8 @@ require_once(api_get_path(SYS_CODE_PATH).'exercice/hotpotatoes.lib.php');
if ($_GET['scormcontopen'])
{
$tbl_lp = Database::get_course_table('lp');
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$_GET['scormcontopen'];
$contopen = (int) $_GET['scormcontopen'];
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$contopen;
$res = api_sql_query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];
@ -349,7 +350,7 @@ function display_exercise_tracking_info($view, $user_id, $course_id)
{
for($i = 0; $i < sizeof($hpresults); $i++)
{
$title = GetQuizName($hpresults[$i][0], $documentPath);
$title = GetQuizName($hpresults[$i][0]);
if ($title == '')
$title = GetFileName($hpresults[$i][0]);

5
main/tracking/userlogCSV.php
Unescape View File

@ -74,7 +74,8 @@ require_once(api_get_path(SYS_CODE_PATH).'exercice/hotpotatoes.lib.php');
if ($_GET['scormcontopen'])
{
$tbl_lp = Database::get_course_table('lp');
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$_GET['scormcontopen'];
$contopen = (int) $_GET['scormcontopen'];
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$contopen;
$res = api_sql_query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];
@ -280,7 +281,7 @@ function display_exercise_tracking_info($view, $user_id, $course_id)
{
for($i = 0; $i < sizeof($hpresults); $i++)
{
$title = GetQuizName($hpresults[$i][0], $documentPath);
$title = GetQuizName($hpresults[$i][0]);
if ($title == '')
$title = GetFileName($hpresults[$i][0]);

Write Preview
Loading…
Cancel
Save