' . ((trim($s_description) == '') ? ''.get_lang("NoDescription").'' : stripslashes(nl2br($s_description))) . '
';
@@ -7880,7 +7882,7 @@ class learnpath {
$return .= '';
+ ' . $forum['forum_title'] . '';
$a_threads = get_threads($forum['forum_id']);
if(is_array($a_threads)){
foreach($a_threads as $thread)
{
- $return .= '- ' . $thread['thread_title'] . '
';
+ $return .= '- ' . $thread['thread_title'] . '
';
}
}
$return .= '
';
diff --git a/main/newscorm/lp_controller.php b/main/newscorm/lp_controller.php
index 56b96247bc..3e408ac1a1 100644
--- a/main/newscorm/lp_controller.php
+++ b/main/newscorm/lp_controller.php
@@ -214,10 +214,10 @@ switch($action)
$document_id = $_SESSION['oLP']->create_document($_course);
}
- $new_item_id = $_SESSION['oLP']->add_item($_POST['parent'], $_POST['previous'], $_POST['type'], $document_id, $_POST['title'], $_POST['description'], $_POST['prerequisites']);
+ $new_item_id = $_SESSION['oLP']->add_item($_POST['parent'], $_POST['previous'], $_POST['type'], $document_id, Security::remove_XSS($_POST['title']), $_POST['description'], $_POST['prerequisites']);
} else {
//for all other item types than documents, load the item using the item type and path rather than its ID
- $new_item_id = $_SESSION['oLP']->add_item($_POST['parent'], $_POST['previous'], $_POST['type'], $_POST['path'], $_POST['title'], $_POST['description'], $_POST['prerequisites'],$_POST['maxTimeAllowed']);
+ $new_item_id = $_SESSION['oLP']->add_item($_POST['parent'], $_POST['previous'], $_POST['type'], $_POST['path'], Security::remove_XSS($_POST['title']), $_POST['description'], $_POST['prerequisites'],$_POST['maxTimeAllowed']);
}
//display
@@ -254,7 +254,7 @@ switch($action)
//Kevin Van Den Haute: changed $_REQUEST['learnpath_description'] by '' because it's not used
//old->$new_lp_id = learnpath::add_lp(api_get_course_id(), $_REQUEST['learnpath_name'], $_REQUEST['learnpath_description'], 'dokeos', 'manual', '');
- $new_lp_id = learnpath::add_lp(api_get_course_id(), $_REQUEST['learnpath_name'], '', 'dokeos', 'manual', '');
+ $new_lp_id = learnpath::add_lp(api_get_course_id(), Security::remove_XSS($_REQUEST['learnpath_name']), '', 'dokeos', 'manual', '');
//learnpath::toggle_visibility($new_lp_id,'v');
//Kevin Van Den Haute: only go further if learnpath::add_lp has returned an id
if(is_numeric($new_lp_id))
@@ -359,7 +359,7 @@ switch($action)
//todo mp3 edit
$audio = array();
if (isset($_FILES['mp3'])) $audio = $_FILES['mp3'];
- $_SESSION['oLP']->edit_item($_GET['id'], $_POST['parent'], $_POST['previous'], $_POST['title'], $_POST['description'], $_POST['prerequisites'],$audio, $_POST['maxTimeAllowed']);
+ $_SESSION['oLP']->edit_item($_GET['id'], $_POST['parent'], $_POST['previous'], Security::remove_XSS($_POST['title']), $_POST['description'], $_POST['prerequisites'],$audio, $_POST['maxTimeAllowed']);
if(isset($_POST['content_lp'])) {
$_SESSION['oLP']->edit_document($_course);
@@ -417,7 +417,7 @@ switch($action)
if(isset($_POST['submit_button']))
{
- $_SESSION['oLP']->edit_item($_GET['id'], $_POST['parent'], $_POST['previous'], $_POST['title'], $_POST['description']);
+ $_SESSION['oLP']->edit_item($_GET['id'], $_POST['parent'], $_POST['previous'], Security::remove_XSS($_POST['title']), $_POST['description']);
$is_success = true;
}
@@ -561,8 +561,9 @@ switch($action)
if(!$lp_found){ error_log('New LP - No learnpath given for edit',0); require('lp_list.php'); }
else{
$_SESSION['refresh'] = 1;
- $_SESSION['oLP']->set_name($_REQUEST['lp_name']);
- $author= $_REQUEST['lp_author'];
+ $lp_name=Security::remove_XSS($_REQUEST['lp_name']);
+ $_SESSION['oLP']->set_name($lp_name);
+ $author=$_REQUEST['lp_author'];
//fixing the author name (no body or html tags)
$auth_init = stripos($author,'');
if ( $auth_init === false ) {
diff --git a/main/newscorm/lp_edit.php b/main/newscorm/lp_edit.php
index a2183ea8c1..1360179580 100644
--- a/main/newscorm/lp_edit.php
+++ b/main/newscorm/lp_edit.php
@@ -40,7 +40,7 @@ $form = new FormValidator('form1', 'post', 'lp_controller.php');
//Title
$form -> addElement('text', 'lp_name', ucfirst(get_lang('_title')),array('size'=>43));
-
+$form-> applyFilter('lp_name', 'html_filter');
//Encoding
$encoding_select = &$form->addElement('select', 'lp_encoding', get_lang('Charset'));
$encodings = array('UTF-8','ISO-8859-1','ISO-8859-15','cp1251','cp1252','KOI8-R','BIG5','GB2312','Shift_JIS','EUC-JP');
@@ -96,7 +96,7 @@ if (api_get_setting('allow_course_theme') == 'true')
//$form->add_html_editor('lp_author', get_lang('Author'));
$form->addElement('html_editor','lp_author',get_lang('Author'),array('size'=>80) );
-
+$form->applyFilter('lp_author', 'html_filter');
// LP image
$form->add_progress_bar();
if( strlen($_SESSION['oLP']->get_preview_image() ) > 0)
@@ -132,7 +132,6 @@ if (api_get_setting('search_enabled') === 'true')
$specific_fields = get_specific_field_list();
foreach ($specific_fields as $specific_field) {
$form -> addElement ('text', $specific_field['code'], $specific_field['name']);
-
$filter = array('course_code'=> "'". api_get_course_id() ."'", 'field_id' => $specific_field['id'], 'ref_id' => $_SESSION['oLP']->lp_id, 'tool_id' => '\''. TOOL_LEARNPATH .'\'');
$values = get_specific_field_values_list($filter, array('value'));
if ( !empty($values) ) {
'.get_lang("Edit").'
'.get_lang("Move").'';
+ $return .= '
'.get_lang('Prerequisites').'';
+ $return .= '
'.get_lang("Delete").'';
+ $return .= '
';
- $return .= '' . $row_hot['title'] . '';
+ $return .= '' . $row_hot['title'] . '';
//$return .= $row_quiz['title'];
$return .= '
';
- $return .= '' . $row_quiz['title'] . '';
+ $return .= '' . $row_quiz['title'] . '';
//$return .= $row_quiz['title'];
$return .= '
';
- $return .= '' . $row_link['title'] . '';
+ $return .= '' . $row_link['title'] . '';
$return .= '
';
- $return .= '' . get_lang('AddAssignmentPage') . '';
+ $return .= '' . get_lang('AddAssignmentPage') . '';
$return .= '
';
$return .= '.'add.gif)
- ' . $forum['forum_title'] . '