chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #347 - Links, Messages, Metadata: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls.

Browse Source
skala
Ivan Tcholakov 16 years ago
parent 2a3704ad05
commit 84ba413d37
13 changed files with 144 additions and 151 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      main/link/link.php
  2. 52
      main/link/linkfunctions.php
  3. 26
      main/messages/download.php
  4. 162
      main/messages/new_message.php
  5. 6
      main/metadata/importlinks.php
  6. 2
      main/metadata/importmanifest.php
  7. 2
      main/metadata/index.php
  8. 4
      main/metadata/md_document.php
  9. 2
      main/metadata/md_funcs.php
  10. 6
      main/metadata/md_link.php
  11. 4
      main/metadata/md_mix.php
  12. 25
      main/metadata/md_phpdig.php
  13. 2
      main/metadata/md_scorm.php

2
main/link/link.php
Unescape View File

@ -282,7 +282,7 @@ if(api_get_setting('search_enabled')=='true') {
$sqlcategories = "SELECT * FROM ".$tbl_categories." $condition_session ORDER BY display_order DESC";
$resultcategories = Database::query($sqlcategories,__FILE__,__LINE__);
$resultcategories = Database::query($sqlcategories);
if (Database::num_rows($resultcategories)) {
echo ' <div class="row">

52
main/link/linkfunctions.php
Unescape View File

@ -114,7 +114,7 @@ function addlinkcategory($type)
$sql = "INSERT INTO ".$tbl_link." (url, title, description, category_id, display_order, on_homepage, target, session_id) VALUES ('$urllink','$title','$description','$selectcategory','$order', '$onhomepage','$target','$session_id')";
$catlinkstatus = get_lang('LinkAdded');
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$link_id = Database::insert_id();
@ -162,7 +162,7 @@ function addlinkcategory($type)
$table_link_category = Database::get_course_table(TABLE_LINK_CATEGORY);
$sql_cat = 'SELECT * FROM %s WHERE id=%d LIMIT 1';
$sql_cat = sprintf($sql_cat, $table_link_category, (int)$selectcategory);
$result = Database::query($sql_cat, __FILE__, __LINE__);
$result = Database::query($sql_cat);
if (Database::num_rows($result) == 1) {
$row = Database::fetch_array($result);
$ic_slide->addValue("category", $row['category_title']);
@ -182,7 +182,7 @@ function addlinkcategory($type)
$sql = 'INSERT INTO %s (id, course_code, tool_id, ref_id_high_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, $courseid, TOOL_LINK, $link_id, $did);
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
}
@ -214,7 +214,7 @@ function addlinkcategory($type)
$session_id = api_get_session_id();
$sql = "INSERT INTO ".$tbl_categories." (category_title, description, display_order, session_id) VALUES ('".Security::remove_XSS($category_title)."','".Security::remove_XSS($description)."', '$order', '$session_id')";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$catlinkstatus = get_lang('CategoryAdded');
@ -258,7 +258,7 @@ function deletelinkcategory($type)
// make a restore function possible for the platform administrator
if (isset($_GET['id']) && $_GET['id']==strval(intval($_GET['id']))) {
$sql="UPDATE $tbl_link SET on_homepage='0' WHERE id='".Database::escape_string($_GET['id'])."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
api_item_property_update($_course, TOOL_LINK, $id, "delete", $_user['user_id']);
@ -274,11 +274,11 @@ function deletelinkcategory($type)
// first we delete the category itself and afterwards all the links of this category.
$sql = "DELETE FROM ".$tbl_categories." WHERE id='".Database::escape_string(Security::remove_XSS($_GET['id']))."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$sql = "DELETE FROM ".$tbl_link." WHERE category_id='".Database::escape_string(Security::remove_XSS($_GET['id']))."'";
$catlinkstatus = get_lang('CategoryDeleted');
unset ($id);
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
Display::display_confirmation_message(get_lang('CategoryDeleted'));
}
@ -296,7 +296,7 @@ function delete_link_from_search_engine($course_id, $link_id) {
$tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF);
$sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $link_id);
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
if (Database::num_rows($res) > 0) {
$row = Database::fetch_array($res);
require_once(api_get_path(LIBRARY_PATH) .'search/DokeosIndexer.class.php');
@ -305,7 +305,7 @@ function delete_link_from_search_engine($course_id, $link_id) {
}
$sql = 'DELETE FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $link_id);
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
// remove terms from db
require_once(api_get_path(LIBRARY_PATH) .'specific_fields_manager.lib.php');
@ -347,7 +347,7 @@ function editlinkcategory($type)
{
// this is used to populate the link-form with the info found in the database
$sql = "SELECT * FROM ".$tbl_link." WHERE id='".$_GET['id']."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if ($myrow = Database::fetch_array($result))
{
$urllink = $myrow["url"];
@ -373,7 +373,7 @@ function editlinkcategory($type)
// finding the old category_id
$sql = "SELECT * FROM ".$tbl_link." WHERE id='".Database::escape_string(Security::remove_XSS($_POST['id']))."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result);
$category_id = $row['category_id'];
@ -387,7 +387,7 @@ function editlinkcategory($type)
}
$sql = "UPDATE ".$tbl_link." set url='".Database::escape_string(Security::remove_XSS($_POST['urllink']))."', title='".Database::escape_string(Security::remove_XSS($_POST['title']))."', description='".Database::escape_string(Security::remove_XSS($_POST['description']))."', category_id='".Database::escape_string(Security::remove_XSS($_POST['selectcategory']))."', display_order='".$max_display_order."', on_homepage='".Database::escape_string(Security::remove_XSS($onhomepage))." ' $mytarget WHERE id='".Database::escape_string(Security::remove_XSS($_POST['id']))."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
// update search enchine and its values table if enabled
if (api_get_setting('search_enabled')=='true') {
@ -402,7 +402,7 @@ function editlinkcategory($type)
$tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF);
$sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $link_id);
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
if (Database::num_rows($res) > 0) {
require_once(api_get_path(LIBRARY_PATH) . 'search/DokeosIndexer.class.php');
@ -448,7 +448,7 @@ function editlinkcategory($type)
$table_link_category = Database::get_course_table(TABLE_LINK_CATEGORY);
$sql_cat = 'SELECT * FROM %s WHERE id=%d LIMIT 1';
$sql_cat = sprintf($sql_cat, $table_link_category, (int)$selectcategory);
$result = Database::query($sql_cat, __FILE__, __LINE__);
$result = Database::query($sql_cat);
if (Database::num_rows($result) == 1) {
$row = Database::fetch_array($result);
$ic_slide->addValue("category", $row['category_title']);
@ -467,12 +467,12 @@ function editlinkcategory($type)
// save it to db
$sql = 'DELETE FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=\'%s\'';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $link_id);
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
//var_dump($sql);
$sql = 'INSERT INTO %s (id, course_code, tool_id, ref_id_high_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $link_id, $did);
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
}
@ -490,7 +490,7 @@ function editlinkcategory($type)
if (!$submitCategory)
{
$sql = "SELECT * FROM ".$tbl_categories." WHERE id='".$_GET['id']."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if ($myrow = Database::fetch_array($result))
{
$category_title = $myrow["category_title"];
@ -501,7 +501,7 @@ function editlinkcategory($type)
if ($submitCategory)
{
$sql = "UPDATE ".$tbl_categories." set category_title='".Database::escape_string(Security::remove_XSS($_POST['category_title']))."', description='".Database::escape_string(Security::remove_XSS($_POST['description']))."' WHERE id='".Database::escape_string(Security::remove_XSS($_POST['id']))."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
Display::display_confirmation_message(get_lang('CategoryModded'));
}
@ -700,7 +700,7 @@ function movecatlink($catlinkid)
if(!empty($thiscatlinkId))
{
$sql = "SELECT category_id from ".$movetable." WHERE id='$thiscatlinkId'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$catid = Database::fetch_array($result);
}
}
@ -759,15 +759,15 @@ function get_cat($catname) // get category id (existing or make new)
{
$tbl_categories = Database :: get_course_table(TABLE_LINK_CATEGORY);
$result = Database::query("SELECT `id` FROM ".$tbl_categories." WHERE `category_title`='".addslashes($catname)."'", __FILE__, __LINE__);
$result = Database::query("SELECT `id` FROM ".$tbl_categories." WHERE `category_title`='".addslashes($catname)."'");
if (Database::num_rows($result) >= 1 && ($row = Database::fetch_array($result)))
return $row['id']; // several categories with same name: take first
$result = Database::query("SELECT MAX(display_order) FROM ".$tbl_categories."", __FILE__, __LINE__);
$result = Database::query("SELECT MAX(display_order) FROM ".$tbl_categories."");
list ($max_order) = Database::fetch_row($result);
Database::query("INSERT INTO ".$tbl_categories." (category_title, description, display_order) VALUES ('".addslashes($catname)."','','". ($max_order +1)."')", __FILE__, __LINE__);
Database::query("INSERT INTO ".$tbl_categories." (category_title, description, display_order) VALUES ('".addslashes($catname)."','','". ($max_order +1)."')");
return Database::insert_id();
}
@ -782,11 +782,11 @@ function put_link($url, $cat, $title, $description, $on_homepage, $hidden)
$urleq = "url='".addslashes($url)."'";
$cateq = "category_id=".$cat;
$result = Database::query("SELECT id FROM $tbl_link WHERE ".$urleq.' AND '.$cateq, __FILE__, __LINE__);
$result = Database::query("SELECT id FROM $tbl_link WHERE ".$urleq.' AND '.$cateq);
if (Database::num_rows($result) >= 1 && ($row = Database::fetch_array($result)))
{
Database::query("UPDATE $tbl_link set title='".addslashes($title)."', description='".addslashes($description)."' WHERE id='".addslashes($id = $row['id'])."'", __FILE__, __LINE__);
Database::query("UPDATE $tbl_link set title='".addslashes($title)."', description='".addslashes($description)."' WHERE id='".addslashes($id = $row['id'])."'");
$lang_link = get_lang('update_link');
$ipu = "LinkUpdated";
@ -794,10 +794,10 @@ function put_link($url, $cat, $title, $description, $on_homepage, $hidden)
}
else // add new link
{
$result = Database::query("SELECT MAX(display_order) FROM $tbl_link WHERE category_id='".addslashes($cat)."'", __FILE__, __LINE__);
$result = Database::query("SELECT MAX(display_order) FROM $tbl_link WHERE category_id='".addslashes($cat)."'");
list ($max_order) = Database::fetch_row($result);
Database::query("INSERT INTO $tbl_link (url, title, description, category_id, display_order, on_homepage) VALUES ('".addslashes($url)."','".addslashes($title)."','".addslashes($description)."','".addslashes($cat)."','". ($max_order +1)."','".$on_homepage."')", __FILE__, __LINE__);
Database::query("INSERT INTO $tbl_link (url, title, description, category_id, display_order, on_homepage) VALUES ('".addslashes($url)."','".addslashes($title)."','".addslashes($description)."','".addslashes($cat)."','". ($max_order +1)."','".$on_homepage."')");
$id = Database::insert_id();
$lang_link = get_lang('new_link');

26
main/messages/download.php
Unescape View File

@ -41,36 +41,36 @@ $tbl_messsage_attachment = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT);
$sql= "SELECT filename,message_id FROM $tbl_messsage_attachment WHERE path LIKE BINARY '$file_url'";
$result= Database::query($sql, __FILE__, __LINE__);
$result= Database::query($sql);
$row= Database::fetch_array($result,MYSQL_ASSOC);
$title = str_replace(' ','_', $row['filename']);
$message_id = $row['message_id'];
// allow download only for user sender and user receiver
$sql = "SELECT user_sender_id, user_receiver_id, group_id FROM $tbl_messsage WHERE id = '$message_id'";
$rs= Database::query($sql, __FILE__, __LINE__);
$rs= Database::query($sql);
$row_users= Database::fetch_array($rs,MYSQL_ASSOC);
$current_uid = api_get_user_id();
$current_uid = api_get_user_id();
// get message user id for inbox/outbox
$message_uid = '';
$message_type = array('inbox','outbox');
if (in_array($_GET['type'],$message_type)) {
if ($_GET['type'] == 'inbox') {
$message_uid = $row_users['user_receiver_id'];
} else {
if (in_array($_GET['type'],$message_type)) {
if ($_GET['type'] == 'inbox') {
$message_uid = $row_users['user_receiver_id'];
} else {
$message_uid = $row_users['user_sender_id'];
}
}
}
// allow to the correct user for download this file
$not_allowed_to_edit = false;
if (!empty($row_users['group_id'])) {
$users_group = GroupPortalManager::get_all_users_by_group($row_users['group_id']);
$users_group = GroupPortalManager::get_all_users_by_group($row_users['group_id']);
if (!in_array($current_uid,array_keys($users_group))) {
$not_allowed_to_edit = true;
}
} else {
}
} else {
if ($current_uid != $message_uid) {
$not_allowed_to_edit = true;
}
@ -82,10 +82,10 @@ if ($not_allowed_to_edit) {
}
// set the path directory file
if (!empty($row_users['group_id'])) {
if (!empty($row_users['group_id'])) {
$path_user_info = GroupPortalManager::get_group_picture_path_by_id($row_users['group_id'], 'system', true);
} else {
$path_user_info = UserManager::get_user_picture_path_by_id($message_uid, 'system', true);
$path_user_info = UserManager::get_user_picture_path_by_id($message_uid, 'system', true);
}
$full_file_name = $path_user_info['dir'].'message_attachments/'.$file_url;

162
main/messages/new_message.php
Unescape View File

@ -58,8 +58,8 @@ $htmlHeadXtra[] = '<script src="'.api_get_path(WEB_LIBRARY_PATH).'javascript/tag
$htmlHeadXtra[] = '<link href="'.api_get_path(WEB_LIBRARY_PATH).'javascript/tag/style.css" rel="stylesheet" type="text/css" />';
$htmlHeadXtra[] = '<script type="text/javascript">
$(document).ready(function (){
$(document).ready(function (){
$("#users").fcbkcomplete({
json_url: "'.api_get_path(WEB_AJAX_PATH).'message.ajax.php?a=find_users",
cache: false,
@ -70,40 +70,40 @@ $(document).ready(function (){
//onremove: "testme",
//onselect: "testme",
filter_selected: true,
newel: true
});
newel: true
});
});
var counter_image = 1;
/*
/*
function remove_image_form(id_elem1) {
var elem1 = document.getElementById(id_elem1);
elem1.parentNode.removeChild(elem1);
elem1.parentNode.removeChild(elem1);
}
*/
function add_image_form() {
// Multiple filepaths for image form
var filepaths = document.getElementById("filepaths");
*/
function add_image_form() {
// Multiple filepaths for image form
var filepaths = document.getElementById("filepaths");
if (document.getElementById("filepath_"+counter_image)) {
counter_image = counter_image + 1;
counter_image = counter_image + 1;
} else {
counter_image = counter_image;
counter_image = counter_image;
}
var elem1 = document.createElement("div");
elem1.setAttribute("id","filepath_"+counter_image);
filepaths.appendChild(elem1);
id_elem1 = "filepath_"+counter_image;
var elem1 = document.createElement("div");
elem1.setAttribute("id","filepath_"+counter_image);
filepaths.appendChild(elem1);
id_elem1 = "filepath_"+counter_image;
id_elem1 = "\'"+id_elem1+"\'";
//document.getElementById("filepath_"+counter_image).innerHTML = "<input type=\"file\" name=\"attach_"+counter_image+"\" size=\"20\" />&nbsp;<a href=\"javascript:remove_image_form("+id_elem1+")\"><img src=\"'.api_get_path(WEB_CODE_PATH).'img/delete.gif\"></a>";
//document.getElementById("filepath_"+counter_image).innerHTML = "<input type=\"file\" name=\"attach_"+counter_image+"\" size=\"20\" />&nbsp;<a href=\"javascript:remove_image_form("+id_elem1+")\"><img src=\"'.api_get_path(WEB_CODE_PATH).'img/delete.gif\"></a>";
document.getElementById("filepath_"+counter_image).innerHTML = "<input type=\"file\" name=\"attach_"+counter_image+"\" size=\"28\" />&nbsp;<input type=\"text\" name=\"legend[]\" size=\"28\" /></a>";
if (filepaths.childNodes.length == 6) {
var link_attach = document.getElementById("link-more-attach");
if (filepaths.childNodes.length == 6) {
var link_attach = document.getElementById("link-more-attach");
if (link_attach) {
link_attach.innerHTML="";
}
}
}
</script>';
$nameTools = get_lang('ComposeMessage');
@ -128,19 +128,19 @@ function show_compose_reply_to_message ($message_id, $receiver_id) {
global $charset;
$table_message = Database::get_main_table(TABLE_MESSAGE);
$query = "SELECT user_sender_id FROM $table_message WHERE user_receiver_id=".intval($receiver_id)." AND id='".intval($message_id)."';";
$result = Database::query($query,__FILE__,__LINE__);
$result = Database::query($query);
$row = Database::fetch_array($result,'ASSOC');
if (!isset($row['user_sender_id'])) {
echo get_lang('InvalidMessageId');
die();
}
$pre_html = '<div class="row">
<div class="label">'.get_lang('SendMessageTo').'</div>
<div class="formw">';
$post = '</div></div>';
$post = '</div></div>';
$multi_select = '<select id="users" name="users">
</select>';
</select>';
echo $pre_html.'<strong>'.GetFullUserName($row['user_sender_id']).'</strong>'.$post;
//echo get_lang('To').':&nbsp;<strong>'. GetFullUserName($row['user_sender_id']).'</strong>';
//$default['title'] = get_lang('EnterTitle');
@ -151,58 +151,58 @@ function show_compose_reply_to_message ($message_id, $receiver_id) {
function show_compose_to_user ($receiver_id) {
global $charset;
echo get_lang('To').':&nbsp;<strong>'. GetFullUserName($receiver_id).'</strong>';
$default['title'] = api_xml_http_response_encode(get_lang('EnterTitle'));
$default['title'] = api_xml_http_response_encode(get_lang('EnterTitle'));
$default['users'] = array($receiver_id);
manage_form($default);
}
function manage_form ($default, $select_from_user_list = null) {
global $charset;
$table_message = Database::get_main_table(TABLE_MESSAGE);
$group_id = intval($_REQUEST['group_id']);
$message_id = intval($_GET['message_id']);
$param_f = isset($_GET['f'])?Security::remove_XSS($_GET['f']):'';
$form = new FormValidator('compose_message',null,api_get_self().'?f='.$param_f,null,array('enctype'=>'multipart/form-data'));
if (empty($group_id)) {
$form = new FormValidator('compose_message',null,api_get_self().'?f='.$param_f,null,array('enctype'=>'multipart/form-data'));
if (empty($group_id)) {
if (isset($select_from_user_list)) {
$form->add_textfield('id_text_name', get_lang('SendMessageTo'),true,array('size' => 40,'id'=>'id_text_name','onkeyup'=>'send_request_and_search()','autocomplete'=>'off','style'=>'padding:0px'));
$form->addRule('id_text_name', get_lang('ThisFieldIsRequired'), 'required');
$form->addElement('html','<div id="id_div_search" style="padding:0px" class="message-select-box" >&nbsp;</div>');
$form->addElement('hidden','user_list',0,array('id'=>'user_list'));
} else {
if (empty($default['users'])) {
//the magic should be here
if (empty($default['users'])) {
//the magic should be here
$pre_html = '<div class="row">
<div class="label">'.get_lang('SendMessageTo').'</div>
<div class="formw">';
$post = '</div></div>';
$post = '</div></div>';
$multi_select = '<select id="users" name="users">
</select>';
</select>';
$form->addElement('html',$pre_html.$multi_select.$post );
} else {
$form->addElement('hidden','hidden_user',$default['users'][0],array('id'=>'hidden_user'));
}
}
} else {
} else {
$group_info = GroupPortalManager::get_group_data($group_id);
$form->addElement('html','<div class="row"><div class="label">'.get_lang('ToGroup').'</div><div class="formw">'.api_xml_http_response_encode($group_info['name']).'</div></div>');
$form->addElement('html','<div class="row"><div class="label">'.get_lang('ToGroup').'</div><div class="formw">'.api_xml_http_response_encode($group_info['name']).'</div></div>');
$form->addElement('hidden','group_id',$group_id);
$form->addElement('hidden','parent_id',$message_id);
$form->addElement('hidden','parent_id',$message_id);
}
$form->add_textfield('title', get_lang('Title'),true ,array('size' => 77));
$form->add_html_editor('content', get_lang('Message'), false, false, array('ToolbarSet' => 'Messages', 'Width' => '95%', 'Height' => '250'));
//$form->addElement('textarea','content', get_lang('Message'), array('cols' => 75,'rows'=>8));
if (isset($_GET['re_id'])) {
$form->addElement('hidden','re_id',Security::remove_XSS($_GET['re_id']));
$form->addElement('hidden','save_form','save_form');
}
}
if (empty($group_id)) {
$form->addElement('html','<div class="row"><div class="label">'.get_lang('FilesAttachment').'</div><div class="formw">
<span id="filepaths">
@ -212,31 +212,31 @@ function manage_form ($default, $select_from_user_list = null) {
</div></span></div></div>');
$form->addElement('html','<div class="row"><div class="formw"><span id="link-more-attach"><a href="javascript://" onclick="return add_image_form()">'.get_lang('AddOneMoreFile').'</a></span>&nbsp;('.sprintf(get_lang('MaximunFileSizeX'),format_file_size(api_get_setting('message_max_upload_filesize'))).')</div></div>');
}
$form->addElement('style_submit_button','compose',api_xml_http_response_encode(get_lang('SendMessage')),'class="save"');
$form->setRequiredNote('<span class="form_required">*</span> <small>'.get_lang('ThisFieldIsRequired').'</small>');
$form->setRequiredNote('<span class="form_required">*</span> <small>'.get_lang('ThisFieldIsRequired').'</small>');
if (!empty($group_id) && !empty($message_id)) {
$message_info = MessageManager::get_message_by_id($message_id);
$default['title']=get_lang('Re:').api_html_entity_decode($message_info['title'],ENT_QUOTES,$charset);
}
$message_info = MessageManager::get_message_by_id($message_id);
$default['title']=get_lang('Re:').api_html_entity_decode($message_info['title'],ENT_QUOTES,$charset);
}
$form->setDefaults($default);
if ($form->validate()) {
$check = Security::check_token('post');
if ($check) {
$values = $default;
if ($check) {
$values = $default;
$user_list = $values['users'];
$file_comments = $_POST['legend'];
$title = $values['title'];
$content = $values['content'];
$content = $values['content'];
$group_id = $values['group_id'];
$parent_id = $values['parent_id'];
if (is_array($user_list) && count($user_list)> 0) {
//all is well, send the message
foreach ($user_list as $user) {
foreach ($user_list as $user) {
$res = MessageManager::send_message($user, $title, $content, $_FILES, $file_comments, $group_id, $parent_id);
if ($res) {
if (is_string($res)) {
@ -244,11 +244,11 @@ function manage_form ($default, $select_from_user_list = null) {
} else {
MessageManager::display_success_message($user);
}
}
}
}
}
}
}
}
Security::clear_token();
Security::clear_token();
} else {
$token = Security::get_token();
$form->addElement('hidden','sec_token');
@ -264,7 +264,7 @@ function manage_form ($default, $select_from_user_list = null) {
if ($_GET['f']=='social') {
$this_section = SECTION_SOCIAL;
$interbreadcrumb[]= array ('url' => api_get_path(WEB_PATH).'main/social/home.php','name' => get_lang('Social'));
$interbreadcrumb[]= array ('url' => '#','name' => $nameTools);
$interbreadcrumb[]= array ('url' => '#','name' => $nameTools);
} else {
$this_section = SECTION_MYPROFILE;
$interbreadcrumb[]= array ('url' => api_get_path(WEB_PATH).'main/auth/profile.php','name' => get_lang('Profile'));
@ -282,10 +282,10 @@ if ($group_id != 0) {
echo '<a href="'.api_get_path(WEB_PATH).'main/social/groups.php?id='.$group_id.'">'.Display::return_icon('back.png',api_xml_http_response_encode(get_lang('ComposeMessage'))).api_xml_http_response_encode(get_lang('BackToGroup')).'</a>';
echo '<a href="'.api_get_path(WEB_PATH).'main/messages/new_message.php?group_id='.$group_id.'">'.Display::return_icon('message_new.png',api_xml_http_response_encode(get_lang('ComposeMessage'))).api_xml_http_response_encode(get_lang('ComposeMessage')).'</a>';
echo '</div>';
} else {
} else {
if ($_GET['f']=='social') {
} else {
echo '<div class=actions>';
if (api_get_setting('allow_social_tool') == 'true' && api_get_setting('allow_message_tool') == 'true') {
@ -293,12 +293,12 @@ if ($group_id != 0) {
}
if (api_get_setting('allow_message_tool') == 'true') {
echo '<a href="'.api_get_path(WEB_PATH).'main/messages/inbox.php">'.Display::return_icon('inbox.png').' '.get_lang('Messages').'</a>';
}
}
echo '<a href="'.api_get_path(WEB_PATH).'main/auth/profile.php?type=reduced">'.Display::return_icon('edit.gif', get_lang('EditNormalProfile')).'&nbsp;'.get_lang('EditNormalProfile').'</a>';
echo '</div>';
}
}
echo '<div id="social-content" >';
@ -314,28 +314,28 @@ echo '<div id="social-content" >';
echo '</ul>';
echo '</div>';
} else {
require_once api_get_path(LIBRARY_PATH).'social.lib.php';
echo '<div id="social-content-left">';
require_once api_get_path(LIBRARY_PATH).'social.lib.php';
echo '<div id="social-content-left">';
//this include the social menu div
SocialManager::show_social_menu('messages_compose');
echo '</div>';
$id_content_right = 'social-content-right';
$id_content_right = 'social-content-right';
}
echo '<div id="'.$id_content_right.'">';
//MAIN CONTENT
if (!isset($_POST['compose'])) {
//MAIN CONTENT
if (!isset($_POST['compose'])) {
if(isset($_GET['re_id'])) {
show_compose_reply_to_message($_GET['re_id'], api_get_user_id());
} elseif(isset($_GET['send_to_user'])) {
show_compose_to_user($_GET['send_to_user']);
} else {
show_compose_to_any($_user['user_id']);
}
} else {
$restrict = false;
}
} else {
$restrict = false;
if (isset($_POST['users'])) {
$restrict = true;
} elseif (isset($_POST['group_id'])) {
@ -343,16 +343,16 @@ echo '<div id="social-content" >';
} elseif(isset($_POST['hidden_user'])) {
$restrict = true;
}
$default['title'] = $_POST['title'];
$default['content'] = $_POST['content'];
$default['content'] = $_POST['content'];
// comes from a reply button
if (isset($_GET['re_id'])) {
if (isset($_GET['re_id'])) {
manage_form($default);
} else {
// post
if ($restrict) {
// post
if ($restrict) {
if (!isset($_POST['group_id'])) {
$default['users'] = $_POST['users'];
} else {
@ -360,7 +360,7 @@ echo '<div id="social-content" >';
}
if (isset($_POST['hidden_user'])) {
$default['users'] = array($_POST['hidden_user']);
}
}
manage_form($default);
} else {
Display::display_error_message(get_lang('ErrorSendingMessage'));

6
main/metadata/importlinks.php
Unescape View File

@ -86,7 +86,7 @@ function get_cat($catname)
global $_course; $cateq = "category_title='". addslashes($catname) . "'";
$linkcat_table = Database::get_course_table(TABLE_LINK_CATEGORY);
$result = Database::query("SELECT id FROM $linkcat_table WHERE " . $cateq, __FILE__, __LINE__);
$result = Database::query("SELECT id FROM $linkcat_table WHERE " . $cateq);
if (Database::num_rows($result) >= 1 && ($row = Database::fetch_array($result)))
return $row['id']; // several categories with same name: take first
@ -113,7 +113,7 @@ if (isset($lcn)) // category_title
if (($lci = get_cat($lcn)) !== FALSE)
{
$link_table = Database::get_course_table(TABLE_LINK);
$result = Database::query("SELECT id FROM $link_table WHERE category_id=" . $lci, __FILE__, __LINE__);
$result = Database::query("SELECT id FROM $link_table WHERE category_id=" . $lci);
while ($row = Database::fetch_array($result))
{
@ -326,7 +326,7 @@ if (count($perCat)) foreach ($perCat as $cat => $number)
$perCat[$cat] = '(' . htmlspecialchars($cat, ENT_QUOTES, $charset) . ')';
$linkcat_table = Database::get_course_table(TABLE_LINK_CATEGORY);
$result = Database::query("SELECT category_title FROM $linkcat_table", __FILE__, __LINE__);
$result = Database::query("SELECT category_title FROM $linkcat_table");
while ($row = Database::fetch_array($result))
{

2
main/metadata/importmanifest.php
Unescape View File

@ -61,7 +61,7 @@ if (isset($workWith)) // explicit in URL, or selected at bottom of screen
{
$scormdocument = Database::get_course_table(TABLE_LP_MAIN);
$sql = "SELECT id FROM $scormdocument WHERE path='". Database::escape_string(api_substr($workWith,1)) . "' OR path='". Database::escape_string(substr($workWith,1)) . "/.'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) == 1)
{

2
main/metadata/index.php
Unescape View File

@ -66,7 +66,7 @@ $mdObj = new mdobject($_course, EID_ID); // see 'md_' . EID_TYPE . '.php'
$result = Database::query("SELECT isocode FROM " .
Database :: get_main_table(TABLE_MAIN_LANGUAGE) .
" WHERE available='1' ORDER BY isocode ASC", __FILE__, __LINE__);
" WHERE available='1' ORDER BY isocode ASC");
$sep = ":"; $langLangs = $sep . "xx" . $sep . "xx";

4
main/metadata/md_document.php
Unescape View File

@ -166,7 +166,7 @@ function mdobject($_course, $id)
$document_table = Database::get_course_table(TABLE_DOCUMENT);
if (($docinfo = @Database::fetch_array(Database::query(
"SELECT path,title,comment,filetype FROM $document_table WHERE id='" .
addslashes($id) . "'", __FILE__, __LINE__))))
addslashes($id) . "'"))))
{
$this->mdo_path = $docinfo['path'];
$this->mdo_title = $docinfo['title'];
@ -176,7 +176,7 @@ function mdobject($_course, $id)
$group_info = Database::get_course_table(TABLE_GROUP);
if (($result = Database::query(
"SELECT id,secret_directory FROM $group_info", __FILE__, __LINE__)))
"SELECT id,secret_directory FROM $group_info")))
while (($row = Database::fetch_array($result)))
if (($secdir = $row['secret_directory'] . '/') ==
substr($this->mdo_path, 0, strlen($secdir)))

2
main/metadata/md_funcs.php
Unescape View File

@ -448,7 +448,7 @@ function _query($sql, $eid = '', $sep = '')
if ($eid) $sql .= $sep ? $this->_coldatstart('eid', $eid . $sep) :
$this->_coldat('eid', $eid);
return Database::query($sql, __FILE__, __LINE__);
return Database::query($sql);
}
}

6
main/metadata/md_link.php
Unescape View File

@ -169,7 +169,7 @@ function mdo_storeback(&$xmlDoc) // by ref!
$link_table = Database::get_course_table(TABLE_LINK);
if ($u) Database::query("UPDATE $link_table SET " . substr($u, 2) .
" WHERE id='" . addslashes($this->mdo_id) . "'", __FILE__, __LINE__);
" WHERE id='" . addslashes($this->mdo_id) . "'");
}
@ -200,7 +200,7 @@ function mdobject($_course, $id)
$link_table = Database::get_course_table(TABLE_LINK);
if (($linkinfo = @Database::fetch_array(Database::query(
"SELECT url,title,description,category_id FROM $link_table WHERE id='" .
addslashes($id) . "'", __FILE__, __LINE__))))
addslashes($id) . "'"))))
{
$this->mdo_url = $linkinfo['url'];
$this->mdo_title = $linkinfo['title'];
@ -210,7 +210,7 @@ function mdobject($_course, $id)
$linkcat_table = Database::get_course_table(TABLE_LINK_CATEGORY);
if (($catinfo = @Database::fetch_array(Database::query(
"SELECT category_title FROM $linkcat_table WHERE id='" .
addslashes($lci) . "'", __FILE__, __LINE__))))
addslashes($lci) . "'"))))
$this->mdo_category_title = $catinfo['category_title'];
}
}

4
main/metadata/md_mix.php
Unescape View File

@ -52,7 +52,7 @@ function mdobject($_course, $eid)
if (($docinfo = @mysql_fetch_array(Database::query(
"SELECT path,comment,filetype FROM
$table WHERE id='" .
addslashes($id) . "'", __FILE__, __LINE__))))
addslashes($id) . "'"))))
{
$this->mdo_path = $docinfo['path'];
$this->mdo_comment = $docinfo['comment'];
@ -79,7 +79,7 @@ function mdobject($_course, $eid)
if (($linkinfo = @mysql_fetch_array(Database::query(
"SELECT url,title,description,category_id FROM
$link_table WHERE id='" . addslashes($id) .
"'", __FILE__, __LINE__))))
"'"))))
{
$this->mdo_url = $linkinfo['url'];
}

25
main/metadata/md_phpdig.php
Unescape View File

@ -74,7 +74,7 @@ function find_site($url)
$site_url = "site_url = '" . addslashes($url) . "'";
$result = Database::query("SELECT site_id FROM " . PHPDIG_DB_PREFIX .
"sites WHERE " . $site_url, __FILE__, __LINE__); // find site
"sites WHERE " . $site_url); // find site
if (Database::num_rows($result) == 1)
{
@ -83,7 +83,7 @@ function find_site($url)
else
{
$result = Database::query("INSERT INTO " . PHPDIG_DB_PREFIX .
"sites SET " . $site_url, __FILE__, __LINE__); // new site
"sites SET " . $site_url); // new site
$site_id = Database::insert_id();
$result = Database::query("INSERT INTO " . PHPDIG_DB_PREFIX .
@ -102,20 +102,17 @@ function remove_engine_entries($url, $path, $file = '')
str_replace(array('_', '%'), array('\_', '\%'), $file)) . "%'";
$result = Database::query("SELECT spider_id FROM " . PHPDIG_DB_PREFIX .
"spider WHERE site_id=" . ($site_id = find_site($url)) . $and_path,
__FILE__, __LINE__); // find page(s)
"spider WHERE site_id=" . ($site_id = find_site($url)) . $and_path); // find page(s)
while ($row = Database::fetch_array($result))
{
Database::query("DELETE FROM " . PHPDIG_DB_PREFIX .
"engine WHERE spider_id=" . (int)$row['spider_id'],
__FILE__, __LINE__); // delete all references to keywords
"engine WHERE spider_id=" . (int)$row['spider_id']); // delete all references to keywords
$aff .= ' +' . Database::affected_rows();
}
Database::query("DELETE FROM " . PHPDIG_DB_PREFIX .
"spider WHERE site_id=" . $site_id . $and_path,
__FILE__, __LINE__); // delete page
"spider WHERE site_id=" . $site_id . $and_path); // delete page
echo htmlspecialchars($url . $path . $file, ENT_QUOTES, $charset), ' (site_id ',
$site_id, '): ', Database::affected_rows(), $aff,
@ -133,8 +130,7 @@ function index_words($site_id, $path, $file, $first_words, $keywords)
addslashes($first_words) . "',site_id='$site_id'";
// do not set upddate,md5,num_words,last_modified,filesize
Database::query("INSERT INTO " . PHPDIG_DB_PREFIX . $spider_set_path_etc,
__FILE__, __LINE__);
Database::query("INSERT INTO " . PHPDIG_DB_PREFIX . $spider_set_path_etc);
$spider_id = Database::insert_id(); $new = 0;
@ -144,15 +140,13 @@ function index_words($site_id, $path, $file, $first_words, $keywords)
ereg('^['.WORDS_CHARS_LATIN1.'#$]', $key))
{
$result = Database::query("SELECT key_id FROM " . PHPDIG_DB_PREFIX .
"keywords WHERE keyword = '" . addslashes($key) . "'",
__FILE__, __LINE__);
"keywords WHERE keyword = '" . addslashes($key) . "'");
if (Database::num_rows($result) == 0)
{
Database::query("INSERT INTO " . PHPDIG_DB_PREFIX .
"keywords (keyword,twoletters) VALUES ('" . addslashes($key) .
"','" .addslashes(substr(str_replace('\\','',$key),0,2)) ."')",
__FILE__, __LINE__);
"','" .addslashes(substr(str_replace('\\','',$key),0,2)) ."')");
$key_id = Database::insert_id(); $new++;
}
else
@ -161,8 +155,7 @@ function index_words($site_id, $path, $file, $first_words, $keywords)
}
Database::query("INSERT INTO " . PHPDIG_DB_PREFIX .
"engine (spider_id,key_id,weight) VALUES ($spider_id,$key_id,$w)",
__FILE__, __LINE__);
"engine (spider_id,key_id,weight) VALUES ($spider_id,$key_id,$w)");
}
echo '<tr><td>', htmlspecialchars($file, ENT_QUOTES, $charset), '</td><td>(spider_id ',

2
main/metadata/md_scorm.php
Unescape View File

@ -87,7 +87,7 @@ function mdobject($_course, $id)
$this->mdo_dcmap_e = $ieee_dcmap_e; $this->mdo_dcmap_v = $ieee_dcmap_v;
$sql = "SELECT path,description,lp_type FROM $scormdocument WHERE id='" . addslashes($id) . "'";
if (($docinfo = @Database::fetch_array(Database::query($sql,__FILE__, __LINE__))))
if (($docinfo = @Database::fetch_array(Database::query($sql))))
{
$this->mdo_path = $docinfo['path'];
//Sometimes the new scorm-tool adds '/.' at the end of a directory name, so remove this before continue

Write Preview
Loading…
Cancel
Save