chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix double escape_string session name

Browse Source
pull/2487/head
jmontoyaa 9 years ago
parent 88ef652774
commit 8359aefcc6
2 changed files with 10 additions and 10 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      main/inc/lib/database.lib.php
  2. 19
      main/inc/lib/sessionmanager.lib.php

1
main/inc/lib/database.lib.php
Unescape View File

@ -469,6 +469,7 @@ class Database
$whereReturn = self::parse_where_conditions($whereConditions);
$sql = "UPDATE $tableName SET $updateSql $whereReturn ";
$statement = self::getManager()->getConnection()->prepare($sql);
$result = $statement->execute($attributes);

19
main/inc/lib/sessionmanager.lib.php
Unescape View File

@ -1370,7 +1370,6 @@ class SessionManager
$sessionAdminId = 0,
$sendSubscriptionNotification = false
) {
$name = trim(stripslashes($name));
$coachId = intval($coachId);
$sessionCategoryId = intval($sessionCategoryId);
$visibility = intval($visibility);
@ -1407,11 +1406,11 @@ class SessionManager
return false;
} else {
$sql = "SELECT id FROM $tbl_session WHERE name='" . Database::escape_string($name) . "'";
$rs = Database::query($sql);
$sessionInfo = self::get_session_by_name($name);
$exists = false;
while ($row = Database::fetch_array($rs)) {
if ($row['id'] != $id) {
if (!empty($sessionInfo)) {
if ($sessionInfo['id'] != $id) {
$exists = true;
}
}
@ -4153,7 +4152,7 @@ class SessionManager
}
}
$session_name = Database::escape_string($enreg['SessionName']);
$session_name = $enreg['SessionName'];
// Default visibility
$visibilityAfterExpirationPerSession = $sessionVisibility;
@ -4171,6 +4170,7 @@ class SessionManager
break;
}
}
if (empty($session_name)) {
continue;
}
@ -4246,7 +4246,7 @@ class SessionManager
$suffix = ' - ' . $i;
}
$sql = 'SELECT 1 FROM ' . $tbl_session . '
WHERE name="' . $session_name . $suffix . '"';
WHERE name="' . Database::escape_string($session_name). $suffix . '"';
$rs = Database::query($sql);
if (Database::result($rs, 0, 0)) {
@ -4259,7 +4259,7 @@ class SessionManager
// Creating the session.
$sql = "INSERT IGNORE INTO $tbl_session SET
name = '" . $session_name . "',
name = '" . Database::escape_string($session_name). "',
id_coach = '$coach_id',
access_start_date = '$dateStart',
access_end_date = '$dateEnd',
@ -4376,7 +4376,7 @@ class SessionManager
$session_id = $sessionId;
if (!empty($enreg['SessionName'])) {
///$params['name'] = $enreg['SessionName'];
$sessionName = $enreg['SessionName'];
$sessionName = Database::escape_string($enreg['SessionName']);
$sql = "UPDATE $tbl_session SET name = '$sessionName' WHERE id = $session_id";
Database::query($sql);
}
@ -4415,7 +4415,6 @@ class SessionManager
Database::update($tbl_session, $params, array('id = ?' => $session_id));
foreach ($enreg as $key => $value) {
if (substr($key, 0, 6) == 'extra_') { //an extra field
self::update_session_extra_field_value($session_id, substr($key, 6), $value);

Write Preview
Loading…
Cancel
Save