chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix partially #7564

Browse Source
1.9.x
Julio Montoya 11 years ago
parent 11b0e96555
commit 9da1112af7
11 changed files with 36 additions and 32 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 19
      main/admin/configure_extensions.php
  2. 6
      main/admin/course_category.php
  3. 3
      main/admin/session_edit.php
  4. 6
      main/calendar/agenda.lib.php
  5. 2
      main/calendar/agenda_list.php
  6. 2
      main/inc/lib/diagnoser.lib.php
  7. 2
      main/inc/lib/fckeditor/editor/plugins/ajaxfilemanager/ajax_get_file_listing.php
  8. 6
      main/inc/lib/message.lib.php
  9. 2
      main/messages/new_message.php
  10. 6
      main/messages/outbox.php
  11. 14
      main/mySpace/student.php

19
main/admin/configure_extensions.php
Unescape View File

@ -4,9 +4,7 @@
* Edition of extensions configuration * Edition of extensions configuration
* @package chamilo.admin * @package chamilo.admin
*/ */
/**
* Code
*/
// name of the language file that needs to be included // name of the language file that needs to be included
$language_file='admin'; $language_file='admin';
$cidReset=true; $cidReset=true;
@ -154,17 +152,18 @@ if (isset($_POST['activeExtension'])) {
$listActiveServices = array(); $listActiveServices = array();
// get the list of active services // get the list of active services
$sql = 'SELECT variable FROM '.$tbl_settings_current.' WHERE variable LIKE "service_%" AND subkey="active" and selected_value="true"'; $sql = 'SELECT variable FROM '.$tbl_settings_current.'
WHERE variable LIKE "service_%" AND subkey="active" and selected_value="true"';
$rs = Database::query($sql); $rs = Database::query($sql);
while($row = Database::fetch_array($rs)){ while($row = Database::fetch_array($rs)){
$listActiveServices[] = $row['variable']; $listActiveServices[] = $row['variable'];
} }
$javascript_service_displayed = ''; /*$javascript_service_displayed = '';
if(isset($_GET['display'])){ if (isset($_GET['display'])) {
$javascript_service_displayed = 'document.getElementById("extension_content_'.$_GET['display'].'").style.display = "block"'; $javascript_service_displayed = 'document.getElementById("extension_content_'.$_GET['display'].'").style.display = "block"';
} }*/
// javascript to handle accordion behaviour // javascript to handle accordion behaviour
$javascript_message = ''; $javascript_message = '';
@ -223,8 +222,6 @@ $nameTool = get_lang('ConfigureExtensions');
Display::display_header($nameTool); Display::display_header($nameTool);
?> ?>
<div id="message" style="display: none"> <div id="message" style="display: none">
<?php <?php
if(!empty($message)) if(!empty($message))
@ -299,7 +296,7 @@ Display::display_header($nameTool);
</div> </div>
*/ ?> */ ?>
<!-- PPT2LP --> <!-- PPT2LP -->
<div id="main_ppt2lp"> <div id="main_ppt2lp">
<div id="extension_header_ppt2lp" class="accordion_header"> <div id="extension_header_ppt2lp" class="accordion_header">
@ -441,7 +438,7 @@ Display::display_header($nameTool);
</div> </div>
*/ */
/* /*
<!-- SEARCH --> <!-- SEARCH -->
<div id="main_search"> <div id="main_search">
<div id="extension_header_search" class="accordion_header"> <div id="extension_header_search" class="accordion_header">

6
main/admin/course_category.php
Unescape View File

@ -73,7 +73,7 @@ if ($action == 'add' || $action == 'edit') {
echo '<div class="actions">'; echo '<div class="actions">';
echo Display::url( echo Display::url(
Display::return_icon('folder_up.png', get_lang("Back"), '', ICON_SIZE_MEDIUM), Display::return_icon('folder_up.png', get_lang("Back"), '', ICON_SIZE_MEDIUM),
api_get_path(WEB_CODE_PATH).'admin/course_category.php?category='.$category api_get_path(WEB_CODE_PATH).'admin/course_category.php?category='.Security::remove_XSS($category)
); );
echo '</div>'; echo '</div>';
@ -81,7 +81,7 @@ if ($action == 'add' || $action == 'edit') {
if (!empty($category)) { if (!empty($category)) {
$form_title .= ' ' . get_lang('Into') . ' ' . Security::remove_XSS($category); $form_title .= ' ' . get_lang('Into') . ' ' . Security::remove_XSS($category);
} }
$url = api_get_self().'?action='.Security::remove_XSS($action).'&category='.Security::remove_XSS($category).'&id='.$category; $url = api_get_self().'?action='.Security::remove_XSS($action).'&category='.Security::remove_XSS($category).'&id='.Security::remove_XSS($category);
$form = new FormValidator('course_category', 'post', $url); $form = new FormValidator('course_category', 'post', $url);
$form->addElement('header', '', $form_title); $form->addElement('header', '', $form_title);
$form->addElement('hidden', 'formSent', 1); $form->addElement('hidden', 'formSent', 1);
@ -129,7 +129,7 @@ if ($action == 'add' || $action == 'edit') {
if (empty($parentInfo) || $parentInfo['auth_cat_child'] == 'TRUE') { if (empty($parentInfo) || $parentInfo['auth_cat_child'] == 'TRUE') {
echo Display::url( echo Display::url(
Display::return_icon('new_folder.png', get_lang("AddACategory"), '', ICON_SIZE_MEDIUM), Display::return_icon('new_folder.png', get_lang("AddACategory"), '', ICON_SIZE_MEDIUM),
api_get_path(WEB_CODE_PATH).'admin/course_category.php?action=add&category='.$category api_get_path(WEB_CODE_PATH).'admin/course_category.php?action=add&category='.Security::remove_XSS($category)
); );
} }

3
main/admin/session_edit.php
Unescape View File

@ -4,9 +4,6 @@
* Sessions edition script * Sessions edition script
* @package chamilo.admin * @package chamilo.admin
*/ */
/**
* Code
*/
// name of the language file that needs to be included // name of the language file that needs to be included
$language_file ='admin'; $language_file ='admin';

6
main/calendar/agenda.lib.php
Unescape View File

@ -68,7 +68,11 @@ class Agenda
*/ */
public function setType($type) public function setType($type)
{ {
$this->type = $type; $typeList = $this->getTypes();
if (in_array($type, $typeList)) {
$this->type = $type;
}
} }
/** /**

2
main/calendar/agenda_list.php
Unescape View File

@ -18,7 +18,7 @@ $interbreadcrumb[] = array(
$agenda = new Agenda(); $agenda = new Agenda();
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null; $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
$agenda->type = $type; $agenda->setType($type);
$events = $agenda->get_events( $events = $agenda->get_events(
null, null,
null, null,

2
main/inc/lib/diagnoser.lib.php
Unescape View File

@ -27,7 +27,7 @@ class Diagnoser
$sections = array('chamilo', 'php', 'mysql', 'webserver'); $sections = array('chamilo', 'php', 'mysql', 'webserver');
if (!in_array($_GET['section'], $sections)) { if (!in_array(trim($_GET['section']), $sections)) {
$current_section = 'chamilo'; $current_section = 'chamilo';
} else { } else {
$current_section = $_GET['section']; $current_section = $_GET['section'];

2
main/inc/lib/fckeditor/editor/plugins/ajaxfilemanager/ajax_get_file_listing.php
Unescape View File

@ -19,7 +19,7 @@ if (!isset($manager)) {
$pagination = new pagination(false); $pagination = new pagination(false);
$search_folder = null; $search_folder = null;
if (isset($_GET['search_folder'])) { if (isset($_GET['search_folder'])) {
$search_folder = str_replace("'", "", $_GET['search_folder']); //security fix for Chamilo by cfasanando $search_folder = str_replace("'", "", Security::remove_XSS($_GET['search_folder']));
} }
if (!empty($_GET['search'])) { if (!empty($_GET['search'])) {

6
main/inc/lib/message.lib.php
Unescape View File

@ -823,13 +823,13 @@ class MessageManager
$message[4] = '&nbsp;&nbsp;<a onclick="delete_one_message_outbox('.$result[0].')" href="javascript:void(0)" >'.Display::return_icon('delete.png', get_lang('DeleteMessage')).'</a>'; $message[4] = '&nbsp;&nbsp;<a onclick="delete_one_message_outbox('.$result[0].')" href="javascript:void(0)" >'.Display::return_icon('delete.png', get_lang('DeleteMessage')).'</a>';
} else { } else {
$link = ''; $link = '';
if ($_GET['f'] == 'social') { if (isset($_GET['f']) && $_GET['f'] == 'social') {
$link = '&f=social'; $link = '&f=social';
} }
$message[1] = '<a '.$class.' onclick="show_sent_message ('.$result[0].')" href="../messages/view_message.php?id_send='.$result[0].$link.'">'.$result[2].'</a><br />'.GetFullUserName($result[4]); $message[1] = '<a '.$class.' onclick="show_sent_message ('.$result[0].')" href="../messages/view_message.php?id_send='.$result[0].$link.'">'.$result[2].'</a><br />'.GetFullUserName($result[4]);
//$message[2] = '<a '.$class.' onclick="show_sent_message ('.$result[0].')" href="../messages/view_message.php?id_send='.$result[0].$link.'">'.$result[2].'</a>'; //$message[2] = '<a '.$class.' onclick="show_sent_message ('.$result[0].')" href="../messages/view_message.php?id_send='.$result[0].$link.'">'.$result[2].'</a>';
$message[2] = api_convert_and_format_date($result[3], DATE_TIME_FORMAT_LONG); //date stays the same $message[2] = api_convert_and_format_date($result[3], DATE_TIME_FORMAT_LONG); //date stays the same
$message[3] = '<a href="outbox.php?action=deleteone&id='.$result[0].'&f='.Security::remove_XSS($_GET['f']).'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmDeleteMessage')))."'".')) return false;" >'.Display::return_icon('delete.png', get_lang('DeleteMessage')).'</a>'; $message[3] = '<a href="outbox.php?action=deleteone&id='.$result[0].'&'.$link.'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmDeleteMessage')))."'".')) return false;" >'.Display::return_icon('delete.png', get_lang('DeleteMessage')).'</a>';
} }
foreach ($message as $key => $value) { foreach ($message as $key => $value) {
@ -1527,7 +1527,7 @@ class MessageManager
// display sortable table with messages of the current user // display sortable table with messages of the current user
$table = new SortableTable('message_outbox', array('MessageManager', 'get_number_of_messages_sent'), array('MessageManager', 'get_message_data_sent'), 3, 20, 'DESC'); $table = new SortableTable('message_outbox', array('MessageManager', 'get_number_of_messages_sent'), array('MessageManager', 'get_message_data_sent'), 3, 20, 'DESC');
$parameters['f'] = Security::remove_XSS($_GET['f']); $parameters['f'] = isset($_GET['f']) && $_GET['f'] == 'social' ? 'social' : null;
$table->set_additional_parameters($parameters); $table->set_additional_parameters($parameters);
$table->set_header(0, '', false, array('style' => 'width:15px;')); $table->set_header(0, '', false, array('style' => 'width:15px;'));

2
main/messages/new_message.php
Unescape View File

@ -164,7 +164,7 @@ function show_compose_to_user ($receiver_id) {
function manage_form($default, $select_from_user_list = null, $sent_to = null) { function manage_form($default, $select_from_user_list = null, $sent_to = null) {
$group_id = isset($_REQUEST['group_id']) ? intval($_REQUEST['group_id']) : null; $group_id = isset($_REQUEST['group_id']) ? intval($_REQUEST['group_id']) : null;
$message_id = isset($_GET['message_id']) ? intval($_GET['message_id']) : null; $message_id = isset($_GET['message_id']) ? intval($_GET['message_id']) : null;
$param_f = isset($_GET['f']) ? Security::remove_XSS($_GET['f']):''; $param_f = isset($_GET['f']) && $_GET['f'] == 'social' ? 'social' : null;
$form = new FormValidator('compose_message', null, api_get_self().'?f='.$param_f, null, array('enctype'=>'multipart/form-data')); $form = new FormValidator('compose_message', null, api_get_self().'?f='.$param_f, null, array('enctype'=>'multipart/form-data'));
if (empty($group_id)) { if (empty($group_id)) {

6
main/messages/outbox.php
Unescape View File

@ -6,13 +6,15 @@
// name of the language file that needs to be included // name of the language file that needs to be included
$language_file = array('registration','messages','userInfo'); $language_file = array('registration','messages','userInfo');
$cidReset=true; $cidReset = true;
require_once '../inc/global.inc.php'; require_once '../inc/global.inc.php';
api_block_anonymous_users(); api_block_anonymous_users();
if (isset($_GET['messages_page_nr'])) { if (isset($_GET['messages_page_nr'])) {
if (api_get_setting('allow_social_tool')=='true' && api_get_setting('allow_message_tool')=='true') { if (api_get_setting('allow_social_tool')=='true' &&
api_get_setting('allow_message_tool')=='true'
) {
$social_link = ''; $social_link = '';
if ($_REQUEST['f']=='social') { if ($_REQUEST['f']=='social') {
$social_link = '&f=social'; $social_link = '&f=social';

14
main/mySpace/student.php
Unescape View File

@ -4,9 +4,7 @@
* Student report * Student report
* @package chamilo.reporting * @package chamilo.reporting
*/ */
/**
* Code
*/
// name of the language file that needs to be included // name of the language file that needs to be included
$language_file = array ('registration', 'index', 'tracking', 'admin'); $language_file = array ('registration', 'index', 'tracking', 'admin');
$cidReset = true; $cidReset = true;
@ -198,8 +196,14 @@ if (api_is_drh()) {
} }
$actions .= '<span style="float:right">'; $actions .= '<span style="float:right">';
$actions .= Display::url(Display::return_icon('printer.png', get_lang('Print'), array(), ICON_SIZE_MEDIUM), 'javascript: void(0);', array('onclick'=>'javascript: window.print();')); $actions .= Display::url(
$actions .= Display::url(Display::return_icon('export_csv.png', get_lang('ExportAsCSV'), array(), ICON_SIZE_MEDIUM), api_get_self().'?export=csv&keyword='.$keyword); Display::return_icon('printer.png', get_lang('Print'), array(), ICON_SIZE_MEDIUM), 'javascript: void(0);',
array('onclick'=>'javascript: window.print();')
);
$actions .= Display::url(
Display::return_icon('export_csv.png', get_lang('ExportAsCSV'), array(), ICON_SIZE_MEDIUM),
api_get_self().'?export=csv&keyword='.$keyword
);
$actions .= '</span>'; $actions .= '</span>';
$actions .= '</div>'; $actions .= '</div>';

Write Preview
Loading…
Cancel
Save