chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix Forum Threads can't be edit - Refs #8076

Browse Source
1.10.x
José Loguercio 9 years ago
parent f029cfdaf3
commit a04331b31e
7 changed files with 458 additions and 106 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 45
      main/forum/editpost.php
  2. 185
      main/forum/editthread.php
  3. 274
      main/forum/forumfunction.inc.php
  4. 22
      main/forum/newthread.php
  5. 25
      main/forum/viewforum.php
  6. 9
      main/forum/viewthread_flat.inc.php
  7. 4
      main/gradebook/lib/GradebookUtils.php

45
main/forum/editpost.php
Unescape View File

@ -32,10 +32,14 @@ api_protect_course_script(true);
$nameTools = get_lang('ToolForum');
// Unset the formElements in session before the includes function works
unset($_SESSION['formelements']);
/* Including necessary files */
require_once 'forumconfig.inc.php';
require_once 'forumfunction.inc.php';
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
@ -111,12 +115,6 @@ $htmlHeadXtra[] = <<<JS
</script>
JS;
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
if ($origin == 'learnpath') {
Display::display_reduced_header();
} else {
@ -215,41 +213,6 @@ $values = show_edit_post_form(
if (!empty($values) and isset($_POST['SubmitPost'])) {
store_edit_post($values);
$option_chek = isset($values['thread_qualify_gradebook']) ? $values['thread_qualify_gradebook'] : null; // values 1 or 0
if (1 == $option_chek) {
$id = $values['thread_id'];
$title_gradebook = Security::remove_XSS(stripslashes($values['calification_notebook_title']));
$value_calification = $values['numeric_calification'];
$weight_calification = $values['weight_calification'];
$description = '';
$session_id = api_get_session_id();
$link_info = GradebookUtils::is_resource_in_course_gradebook(
api_get_course_id(),
5,
$id,
$session_id
);
$link_id = $link_info['id'];
if (!$link_info) {
GradebookUtils::add_resource_to_course_gradebook(
$values['category_id'],
api_get_course_id(),
5,
$id,
$title_gradebook,
$weight_calification,
$value_calification,
$description,
1,
api_get_session_id()
);
} else {
Database::query('UPDATE '.$table_link.' SET weight='.$weight_calification.' WHERE id='.$link_id.'');
}
}
}
// Footer

185
main/forum/editthread.php
Unescape View File

@ -0,0 +1,185 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Edit a Forum Thread
* @Author José Loguercio <jose.loguercio@beeznest.com>
*
* @package chamilo.forum
*/
use ChamiloSession as Session;
// Including the global initialization file.
require_once '../inc/global.inc.php';
// The section (tabs).
$this_section = SECTION_COURSES;
// Notification for unauthorized people.
api_protect_course_script(true);
$cidreq = api_get_cidreq();
$nameTools = get_lang('ToolForum');
/* Including necessary files */
require_once 'forumconfig.inc.php';
require_once 'forumfunction.inc.php';
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
/* MAIN DISPLAY SECTION */
$currentForum = get_forum_information($_GET['forum']);
$currentForumCategory = get_forumcategory_information($currentForum['forum_category']);
// the variable $forum_settings is declared in forumconfig.inc.php
$forumSettings = $forum_setting;
/* Breadcrumbs */
if (isset($_SESSION['gradebook'])) {
$gradebook = Security::remove_XSS($_SESSION['gradebook']);
}
if (!empty($gradebook) && $gradebook == 'view') {
$interbreadcrumb[] = array (
'url' => '../gradebook/'.Security::remove_XSS($_SESSION['gradebook_dest']),
'name' => get_lang('ToolGradebook')
);
}
if (!empty($_GET['gidReq'])) {
$toolgroup = intval($_GET['gidReq']);
Session::write('toolgroup',$toolgroup);
}
$threadId = isset($_GET['thread']) ? intval($_GET['thread']) : 0;
$courseInfo = isset($_GET['cidReq']) ? api_get_course_info($_GET['cidReq']) : 0;
$cId = isset($courseInfo['real_id']) ? intval($courseInfo['real_id']) : 0;
/* Is the user allowed here? */
// The user is not allowed here if:
// 1. the forumcategory or forum is invisible (visibility==0) and the user is not a course manager
if (!api_is_allowed_to_edit(false, true) &&
(($currentForumCategory['visibility'] && $currentForumCategory['visibility'] == 0) || $currentForum['visibility'] == 0)
) {
api_not_allowed();
}
// 2. the forumcategory or forum is locked (locked <>0) and the user is not a course manager
if (!api_is_allowed_to_edit(false, true) &&
(($currentForumCategory['visibility'] && $currentForumCategory['locked'] <> 0) OR $currentForum['locked'] <> 0)
) {
api_not_allowed();
}
// 3. new threads are not allowed and the user is not a course manager
if (!api_is_allowed_to_edit(false, true) &&
$currentForum['allow_new_threads'] <> 1
) {
api_not_allowed();
}
// 4. anonymous posts are not allowed and the user is not logged in
if (!$_user['user_id'] AND $currentForum['allow_anonymous'] <> 1) {
api_not_allowed();
}
// 5. Check user access
if ($currentForum['forum_of_group'] != 0) {
$show_forum = GroupManager::user_has_access(
api_get_user_id(),
$currentForum['forum_of_group'],
GroupManager::GROUP_TOOL_FORUM
);
if (!$show_forum) {
api_not_allowed();
}
}
// 6. Invited users can't create new threads
if (api_is_invitee()) {
api_not_allowed(true);
}
$groupId = api_get_group_id();
if (!empty($groupId)) {
$groupProperties = GroupManager :: get_group_properties($groupId);
$interbreadcrumb[] = array('url' => '../group/group.php?'.$cidreq, 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => '../group/group_space.php?'.$cidreq, 'name' => get_lang('GroupSpace').' '.$groupProperties['name']);
$interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $currentForum['forum_title']);
$interbreadcrumb[] = array('url' => 'newthread.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']),'name' => get_lang('EditThread'));
} else {
$interbreadcrumb[] = array('url' => 'index.php?'.$cidreq, 'name' => $nameTools);
$interbreadcrumb[] = array('url' => 'viewforumcategory.php?'.$cidreq.'&forumcategory='.$currentForumCategory['cat_id'], 'name' => $currentForumCategory['cat_title']);
$interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $currentForum['forum_title']);
$interbreadcrumb[] = array('url' => '#', 'name' => get_lang('EditThread'));
}
$tableLink = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
/* Header */
$htmlHeadXtra[] = <<<JS
<script>
$(document).on('ready', function() {
if ($('#thread_qualify_gradebook').is(':checked') == true) {
document.getElementById('options_field').style.display = 'block';
} else {
document.getElementById('options_field').style.display = 'none';
}
$('#thread_qualify_gradebook').click(function() {
if ($('#thread_qualify_gradebook').is(':checked') == true) {
document.getElementById('options_field').style.display = 'block';
} else {
document.getElementById('options_field').style.display = 'none';
$("[name='numeric_calification']").val(0);
$("[name='calification_notebook_title']").val('');
$("[name='weight_calification']").val(0);
$("[name='thread_peer_qualify'][value='0']").prop('checked', true);
}
});
});
</script>
JS;
if ($origin == 'learnpath') {
Display::display_reduced_header();
} else {
Display :: display_header(null);
}
handle_forum_and_forumcategories();
// Action links
echo '<div class="actions">';
echo '<span style="float:right;">'.search_link().'</span>';
echo '<a href="viewforum.php?forum='.intval($_GET['forum']).'&'.$cidreq.'">'.
Display::return_icon('back.png',get_lang('BackToForum'),'',ICON_SIZE_MEDIUM).'</a>';
echo '</div>';
$threadData = getThreadInfo($threadId, $cId);
$values = showUpdateThreadForm(
$currentForum,
$forumSettings,
$threadData
);
if (!empty($values) && isset($values['SubmitPost'])) {
// update thread in table forum_thread.
updateThread($values);
}
if (isset($origin) && $origin != 'learnpath') {
Display :: display_footer();
}

274
main/forum/forumfunction.inc.php
Unescape View File

@ -1832,6 +1832,37 @@ function get_threads($forum_id, $course_code = null)
return $thread_list;
}
/**
* Get a thread by Id and course id
*
* @param int $threadId the thread Id
* @param int $cId the course id
* @return array containing all the information about the thread
*/
function getThreadInfo($threadId, $cId)
{
$em = Database::getManager();
$forumThread = $em->getRepository('ChamiloCourseBundle:CForumThread')->findOneBy(['threadId' => $threadId, 'cId' => $cId]);
$thread = [];
if ($forumThread) {
$thread['threadId'] = $forumThread->getThreadId();
$thread['threadTitle'] = $forumThread->getThreadTitle();
$thread['forumId'] = $forumThread->getForumId();
$thread['sessionId'] = $forumThread->getSessionId();
$thread['threadSticky'] = $forumThread->getThreadSticky();
$thread['locked'] = $forumThread->getLocked();
$thread['threadTitleQualify'] = $forumThread->getThreadTitleQualify();
$thread['threadQualifyMax'] = $forumThread->getThreadQualifyMax();
$thread['threadCloseDate'] = $forumThread->getThreadCloseDate();
$thread['threadWeight'] = $forumThread->getThreadWeight();
$thread['threadPeerQualify'] = $forumThread->isThreadPeerQualify();
}
return $thread;
}
/**
* Retrieve all posts of a given thread
* @param int $threadId The thread ID
@ -2196,7 +2227,7 @@ function get_forum_information($forum_id, $courseId = 0)
";
$result = Database::query($sql);
$row = Database::fetch_array($result);
$row = Database::fetch_array($result, 'ASSOC');
$row['approval_direct_post'] = 0;
// We can't anymore change this option, so it should always be activated.
@ -2256,6 +2287,75 @@ function count_number_of_forums_in_category($cat_id)
return $row['number_of_forums'];
}
/**
* This function update a thread
*
* @param array $values - The form Values
* @return void HTML
*
*/
function updateThread($values)
{
$threadTable = Database :: get_course_table(TABLE_FORUM_THREAD);
$courseId = api_get_course_int_id();
$params = [
'thread_title' => $values['thread_title'],
'thread_sticky' => isset($values['thread_sticky']) ? $values['thread_sticky'] : null,
'thread_title_qualify' => $values['calification_notebook_title'],
'thread_qualify_max' => $values['numeric_calification'],
'thread_weight' => $values['weight_calification'],
'thread_peer_qualify' => $values['thread_peer_qualify'],
];
$where = ['c_id = ? AND thread_id = ?' => [$courseId, $values['thread_id']]];
Database::update($threadTable, $params, $where);
if (api_is_course_admin() == true) {
$option_chek = isset($values['thread_qualify_gradebook']) ? $values['thread_qualify_gradebook'] : false; // values 1 or 0
if ($option_chek) {
$id = $values['thread_id'];
$titleGradebook = Security::remove_XSS(stripslashes($values['calification_notebook_title']));
$valueCalification = isset($values['numeric_calification']) ? intval($values['numeric_calification']) : 0;
$weightCalification = isset($values['weight_calification']) ? floatval($values['weight_calification']) : 0;
$description = '';
$sessionId = api_get_session_id();
$courseId = api_get_course_id();
$linkInfo = GradebookUtils::is_resource_in_course_gradebook(
$courseId,
LINK_FORUM_THREAD,
$id,
$sessionId
);
$linkId = $linkInfo['id'];
if (!$linkInfo) {
GradebookUtils::add_resource_to_course_gradebook(
$values['category_id'],
$courseId,
LINK_FORUM_THREAD,
$id,
$titleGradebook,
$weightCalification,
$valueCalification,
$description,
1,
$sessionId
);
} else {
$em = Database::getManager();
$gradebookLink = $em->getRepository('ChamiloCoreBundle:GradebookLink')->find($linkId);
$gradebookLink->setWeight($weightCalification);
$em->persist($gradebookLink);
$em->flush();
}
}
}
$message = get_lang('EditPostStored').'<br />';
Display :: display_confirmation_message($message, false);
}
/**
* This function stores a new thread. This is done through an entry in the forum_thread table AND
* in the forum_post table because. The threads are also stored in the item_property table. (forum posts are not (yet))
@ -2496,6 +2596,140 @@ function store_thread($current_forum, $values, $courseInfo = array(), $showMessa
}
}
/**
* This function displays the form that is used to UPDATE a Thread.
* @param array $currentForum
* @param array $forumSetting
* @param array $formValues
* @return void HMTL
* @author José Loguercio <jose.loguercio@beeznest.com>
* @version february 2016, chamilo 1.10.4
*/
function showUpdateThreadForm($currentForum, $forumSetting, $formValues = '')
{
$userInfo = api_get_user_info();
$myThread = isset($_GET['thread']) ? intval($_GET['thread']) : '';
$myForum = isset($_GET['forum']) ? intval($_GET['forum']) : '';
$myGradebook = isset($_GET['gradebook']) ? Security::remove_XSS($_GET['gradebook']) : '';
$form = new FormValidator(
'thread',
'post',
api_get_self() . '?' . http_build_query([
'forum' => $myForum,
'gradebook' => $myGradebook,
'thread' => $myThread,
]) . '&' . api_get_cidreq()
);
$form->addElement('header', get_lang('EditThread'));
$form->setConstants(array('forum' => '5'));
$form->addElement('hidden', 'forum_id', $myForum);
$form->addElement('hidden', 'thread_id', $myThread);
$form->addElement('hidden', 'gradebook', $myGradebook);
$form->addElement('text', 'thread_title', get_lang('Title'));
$form->addElement('advanced_settings', 'advanced_params', get_lang('AdvancedParameters'));
$form->addElement('html', '<div id="advanced_params_options" style="display:none">');
if ((api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && ($myThread)) {
// Thread qualify
if (Gradebook::is_active()) {
//Loading gradebook select
GradebookUtils::load_gradebook_select_in_tool($form);
$form->addElement(
'checkbox',
'thread_qualify_gradebook',
'',
get_lang('QualifyThreadGradebook'),
[
'id' => 'thread_qualify_gradebook'
]
);
} else {
$form->addElement('hidden', 'thread_qualify_gradebook', false);
}
$form->addElement('html', '<div id="options_field" style="display:none">');
$form->addElement('text', 'numeric_calification', get_lang('QualificationNumeric'));
$form->applyFilter('numeric_calification', 'html_filter');
$form->addElement('text', 'calification_notebook_title', get_lang('TitleColumnGradebook'));
$form->applyFilter('calification_notebook_title', 'html_filter');
$form->addElement(
'text',
'weight_calification',
get_lang('QualifyWeight'),
array('value' => '0.00', 'onfocus' => "javascript: this.select();")
);
$form->applyFilter('weight_calification', 'html_filter');
$group = array();
$group[] = $form->createElement('radio', 'thread_peer_qualify', null, get_lang('Yes'), 1);
$group[] = $form->createElement('radio', 'thread_peer_qualify', null, get_lang('No'), 0);
$form->addGroup(
$group,
'',
[
get_lang('ForumThreadPeerScoring'),
get_lang('ForumThreadPeerScoringComment'),
],
' '
);
$form->addElement('html', '</div>');
}
if ($forumSetting['allow_post_notification'] && isset($userInfo['user_id'])) {
$form->addElement('checkbox', 'post_notification', '', get_lang('NotifyByEmail').' ('.$userInfo['mail'].')');
}
if ($forumSetting['allow_sticky'] && api_is_allowed_to_edit(null, true)) {
$form->addElement('checkbox', 'thread_sticky', '', get_lang('StickyPost'));
}
$form->addElement('html', '</div>');
if (!empty($formValues)) {
$defaults['thread_qualify_gradebook'] = ($formValues['threadQualifyMax'] > 0 && empty($_POST)) ? 1 : 0 ;
$defaults['thread_title'] = prepare4display($formValues['threadTitle']);
$defaults['thread_sticky'] = strval(intval($formValues['threadSticky']));
$defaults['thread_peer_qualify'] = intval($formValues['threadPeerQualify']);
$defaults['numeric_calification'] = $formValues['threadQualifyMax'];
$defaults['calification_notebook_title'] = $formValues['threadTitleQualify'];
$defaults['weight_calification'] = $formValues['threadWeight'];
} else {
$defaults['thread_qualify_gradebook'] = 0;
$defaults['numeric_calification'] = 0;
$defaults['calification_notebook_title'] = '';
$defaults['weight_calification'] = 0;
$defaults['thread_peer_qualify'] = 0;
}
$form->setDefaults(isset($defaults) ? $defaults : null);
$form->addButtonUpdate(get_lang('ModifyThread'), 'SubmitPost');
if ($form->validate()) {
$check = Security::check_token('post');
if ($check) {
$values = $form->exportValues();
if (isset($values['thread_qualify_gradebook']) &&
$values['thread_qualify_gradebook'] == '1' &&
empty($values['weight_calification'])
) {
Display::display_error_message(
get_lang('YouMustAssignWeightOfQualification').'&nbsp;<a href="javascript:window.history.go(-1);">'.
get_lang('Back').'</a>',
false
);
return false;
}
Security::clear_token();
return $values;
}
} else {
$token = Security::get_token();
$form->addElement('hidden', 'sec_token');
$form->setConstants(array('sec_token' => $token));
$form->display();
}
}
/**
* This function displays the form that is used to add a post. This can be a new thread or a reply.
* @param array $current_forum
@ -3073,7 +3307,7 @@ function store_reply($current_forum, $values)
}
// Update the thread.
update_thread($values['thread_id'], $new_post_id, $post_date);
updateThreadInfo($values['thread_id'], $new_post_id, $post_date);
// Update the forum.
api_item_property_update(
@ -3405,39 +3639,7 @@ function store_edit_post($values)
$values['id_attach']
);
}
if (api_is_course_admin() == true) {
$ccode = api_get_course_id();
$sid = api_get_session_id();
$link_info = GradebookUtils::is_resource_in_course_gradebook($ccode, 5, $values['thread_id'], $sid);
$link_id = $link_info['id'];
$thread_qualify_gradebook = isset($values['thread_qualify_gradebook']) ? $values['thread_qualify_gradebook'] : null;
if ($thread_qualify_gradebook != 1) {
if ($link_info !== false) {
GradebookUtils::remove_resource_from_course_gradebook($link_id);
}
} else {
if ($link_info === false && !$_GET['thread']) {
$weigthqualify = $values['weight_calification'];
GradebookUtils::add_resource_to_course_gradebook(
$values['category_id'],
$ccode,
5,
$values['thread_id'],
Database::escape_string(stripslashes($values['calification_notebook_title'])),
$weigthqualify,
$values['numeric_calification'],
null,
0,
$sid
);
}
}
}
// Storing the attachments if any.
//update_added_resources('forum_post', $values['post_id']);
@ -3519,7 +3721,7 @@ function increase_thread_view($thread_id)
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @version february 2006, dokeos 1.8
*/
function update_thread($thread_id, $last_post_id, $post_date)
function updateThreadInfo($thread_id, $last_post_id, $post_date)
{
$table_threads = Database :: get_course_table(TABLE_FORUM_THREAD);
$course_id = api_get_course_int_id();

22
main/forum/newthread.php
Unescape View File

@ -33,6 +33,8 @@ $this_section = SECTION_COURSES;
// Notification for unauthorized people.
api_protect_course_script(true);
$cidreq = api_get_cidreq();
$nameTools = get_lang('ToolForum');
/* Including necessary files */
@ -43,7 +45,7 @@ require_once 'forumfunction.inc.php';
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
$origin = Security::remove_XSS($_GET['origin']);
}
/* MAIN DISPLAY SECTION */
@ -116,15 +118,15 @@ if (api_is_invitee()) {
$groupId = api_get_group_id();
if (!empty($groupId)) {
$group_properties = GroupManager :: get_group_properties($groupId);
$interbreadcrumb[] = array('url' => '../group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => '../group/group_space.php?'.api_get_cidreq(), 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
$interbreadcrumb[] = array('url' => 'viewforum.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $current_forum['forum_title']);
$interbreadcrumb[] = array('url' => 'newthread.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']),'name' => get_lang('NewTopic'));
$groupProperties = GroupManager :: get_group_properties($groupId);
$interbreadcrumb[] = array('url' => '../group/group.php?'.$cidreq, 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => '../group/group_space.php?'.$cidreq, 'name' => get_lang('GroupSpace').' '.$groupProperties['name']);
$interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $current_forum['forum_title']);
$interbreadcrumb[] = array('url' => 'newthread.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']),'name' => get_lang('NewTopic'));
} else {
$interbreadcrumb[] = array('url' => 'index.php?'.api_get_cidreq(), 'name' => $nameTools);
$interbreadcrumb[] = array('url' => 'viewforumcategory.php?'.api_get_cidreq().'&forumcategory='.$current_forum_category['cat_id'], 'name' => $current_forum_category['cat_title']);
$interbreadcrumb[] = array('url' => 'viewforum.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $current_forum['forum_title']);
$interbreadcrumb[] = array('url' => 'index.php?'.$cidreq, 'name' => $nameTools);
$interbreadcrumb[] = array('url' => 'viewforumcategory.php?'.$cidreq.'&forumcategory='.$current_forum_category['cat_id'], 'name' => $current_forum_category['cat_title']);
$interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $current_forum['forum_title']);
$interbreadcrumb[] = array('url' => '#', 'name' => get_lang('NewTopic'));
}
@ -167,7 +169,7 @@ handle_forum_and_forumcategories();
// Action links
echo '<div class="actions">';
echo '<span style="float:right;">'.search_link().'</span>';
echo '<a href="viewforum.php?forum='.Security::remove_XSS($_GET['forum']).'&'.api_get_cidreq().'">'.
echo '<a href="viewforum.php?forum='.Security::remove_XSS($_GET['forum']).'&'.$cidreq.'">'.
Display::return_icon('back.png',get_lang('BackToForum'),'',ICON_SIZE_MEDIUM).'</a>';
echo '</div>';

25
main/forum/viewforum.php
Unescape View File

@ -578,30 +578,21 @@ if (is_array($threads)) {
$html .= '<div class="col-md-3">';
$cidreq = api_get_cidreq();
// Get attachment id.
if (isset($row['post_id'])) {
$attachment_list = get_attachment($row['post_id']);
}
$id_attach = !empty($attachment_list) ? $attachment_list['id'] : '';
$sql = "SELECT post_id
FROM $table_posts
WHERE
c_id = $course_id AND
post_title='" . Database::escape_string($row['thread_title']) . "' AND
thread_id = ".$row['thread_id']."
";
$result_post_id = Database::query($sql);
$row_post_id = Database::fetch_array($result_post_id);
$iconsEdit = '';
if ($origin != 'learnpath') {
if (api_is_allowed_to_edit(false, true) &&
!(api_is_course_coach() && $current_forum['session_id'] != $sessionId)
) {
$iconsEdit .= '<a href="' . $forumUrl . 'editpost.php?' . api_get_cidreq()
$iconsEdit .= '<a href="' . $forumUrl . 'editthread.php?' . $cidreq
. '&forum=' . Security::remove_XSS($my_forum) . '&thread='
. Security::remove_XSS($row['thread_id']) . '&post=' . $row_post_id['post_id']
. Security::remove_XSS($row['thread_id'])
. '&id_attach=' . $id_attach . '">'
. Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a>';
@ -613,7 +604,7 @@ if (is_array($threads)) {
ICON_SIZE_SMALL
);
} else {
$iconsEdit.= '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&forum='
$iconsEdit.= '<a href="' . api_get_self() . '?' . $cidreq . '&forum='
. Security::remove_XSS($my_forum) . '&action=delete&content=thread&id='
. $row['thread_id'] . $origin_string
. "\" onclick=\"javascript:if(!confirm('"
@ -642,7 +633,7 @@ if (is_array($threads)) {
'gidReq' => api_get_group_id()
)
);
$iconsEdit .= '<a href="viewforum.php?' . api_get_cidreq() . '&forum='
$iconsEdit .= '<a href="viewforum.php?' . $cidreq . '&forum='
. Security::remove_XSS($my_forum)
. '&action=move&thread=' . $row['thread_id'] . $origin_string . '">'
. Display::return_icon('move.png', get_lang('MoveThread'), array(), ICON_SIZE_SMALL)
@ -661,14 +652,14 @@ if (is_array($threads)) {
}
$icon_liststd = 'user.png';
if (!api_is_anonymous() && api_is_allowed_to_session_edit(false, true)) {
$iconsEdit .= '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&forum='
$iconsEdit .= '<a href="' . api_get_self() . '?' . $cidreq . '&forum='
. Security::remove_XSS($my_forum)
. "&origin=$origin&action=notify&content=thread&id={$row['thread_id']}"
. '">' . Display::return_icon($iconnotify, get_lang('NotifyMe')) . '</a>';
}
if (api_is_allowed_to_edit(null,true) && $origin != 'learnpath') {
$iconsEdit .= '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&forum='
$iconsEdit .= '<a href="' . api_get_self() . '?' . $cidreq . '&forum='
. Security::remove_XSS($my_forum)
. "&origin=$origin&action=liststd&content=thread&id={$row['thread_id']}"
. '">' . Display::return_icon($icon_liststd, get_lang('StudentList'), array(), ICON_SIZE_SMALL)

9
main/forum/viewthread_flat.inc.php
Unescape View File

@ -15,6 +15,13 @@ if ((isset($_GET['action']) &&
delete_attachment(0, $_GET['id_attach']);
}
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$sessionId = api_get_session_id();
$_user = api_get_user_info();
$userId = api_get_user_id();
@ -311,7 +318,7 @@ if (isset($current_thread['thread_id'])) {
(api_is_allowed_to_edit(false, true) && !(api_is_course_coach() && $current_forum['session_id'] != $sessionId))
) {
$html .= '&nbsp;&nbsp;<a href="' . api_get_self() . '?' . api_get_cidreq() . '&origin='
. Security::remove_XSS($_GET['origin']) . '&action=delete_attach&id_attach='
. Security::remove_XSS($origin) . '&action=delete_attach&id_attach='
. $attachment['iid'] . '&forum=' . $clean_forum_id . '&thread=' . $clean_thread_id
. '" onclick="javascript:if(!confirm(\''
. addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))

4
main/gradebook/lib/GradebookUtils.php
Unescape View File

@ -776,9 +776,11 @@ class GradebookUtils
$row = Database::fetch_array($res);
$category_id = $row['id'];
}
return $category_id;
}
return $category_id;
return false;
}
/**

Write Preview
Loading…
Cancel
Save