From 2fa39544aaaade7fcc87b6f47f74a068be3f3238 Mon Sep 17 00:00:00 2001
From: Imanol Losada <imanol.losada@gmail.com>
Date: Tue, 27 Jan 2015 15:43:53 -0500
Subject: [PATCH 1/8] Fix a few buy courses plugin issues - refs #7370

---
 plugin/buycourses/lang/english.php       |  1 +
 plugin/buycourses/lang/french.php        |  1 +
 plugin/buycourses/lang/spanish.php       |  1 +
 plugin/buycourses/src/buy_course.lib.php | 14 +++++++-------
 plugin/buycourses/src/configuration.php  |  3 ++-
 plugin/buycourses/view/index.tpl         | 16 ++++++++++++----
 6 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/plugin/buycourses/lang/english.php b/plugin/buycourses/lang/english.php
index ae2408d163..fa715aca2a 100644
--- a/plugin/buycourses/lang/english.php
+++ b/plugin/buycourses/lang/english.php
@@ -11,6 +11,7 @@ $strings['Private'] = "Private - access authorized only for course members";
 $strings['CourseVisibilityClosed'] = "Closed - no access to this course";
 $strings['OpenToThePlatform'] = "Open - access authorized only for users registered on the platform";
 $strings['OpenToTheWorld'] = "Public - access open to anybody";
+$strings['CourseVisibilityHidden'] = "Hidden - Completely hidden to all users except the administrators";
 $strings['Description'] = "Description";
 $strings['Buy'] = "Buy";
 $strings['Mostrar_disponibles'] = "Show available courses";
diff --git a/plugin/buycourses/lang/french.php b/plugin/buycourses/lang/french.php
index 97c20312dc..0d152e8daa 100644
--- a/plugin/buycourses/lang/french.php
+++ b/plugin/buycourses/lang/french.php
@@ -11,6 +11,7 @@ $strings['Private'] = "Privé - Accès autorisé seulement aux inscrits au cours
 $strings['CourseVisibilityClosed'] = "Fermé - Pas d'accès au cours";
 $strings['OpenToThePlatform'] = "Ouvert - Accès autorisé seulement pour les utilisateurs inscrits à la plateforme";
 $strings['OpenToTheWorld'] = "Public - Accès autorisé à tous";
+$strings['CourseVisibilityHidden'] = "Invisible - Complètement invisible et inaccessible pour tous les utilisateurs excepté les administrateurs";
 $strings['Description'] = "Description";
 $strings['Buy'] = "Acheter";
 $strings['Mostrar_disponibles'] = "Montrer les cours disponibles";
diff --git a/plugin/buycourses/lang/spanish.php b/plugin/buycourses/lang/spanish.php
index 38ccef238f..5a3f4e8b1a 100644
--- a/plugin/buycourses/lang/spanish.php
+++ b/plugin/buycourses/lang/spanish.php
@@ -11,6 +11,7 @@ $strings['Private'] = "Privado - acceso autorizado s&oacute;lo para los miembros
 $strings['CourseVisibilityClosed'] = "Cerrado - no hay acceso a este curso";
 $strings['OpenToThePlatform'] = "Abierto - acceso autorizado s&oacute;lo para los usuarios registrados en la plataforma";
 $strings['OpenToTheWorld'] = "P&uacute;blico - acceso autorizado a cualquier persona";
+$strings['CourseVisibilityHidden'] = "Invisible - Totalmente invisible para todos los usuarios a parte de los administradores";
 $strings['Description'] = "Descripci&oacute;n";
 $strings['Buy'] = "Comprar";
 $strings['Mostrar_disponibles'] = "Mostrar cursos disponibles";
diff --git a/plugin/buycourses/src/buy_course.lib.php b/plugin/buycourses/src/buy_course.lib.php
index e3eb0b6a13..418298873a 100644
--- a/plugin/buycourses/src/buy_course.lib.php
+++ b/plugin/buycourses/src/buy_course.lib.php
@@ -126,7 +126,7 @@ function listCourses()
     $tableCourse = Database::get_main_table(TABLE_MAIN_COURSE);
     $sql = "SELECT a.course_id, a.visible, a.price, b.*
         FROM $tableBuyCourse a, $tableCourse b
-        WHERE a.course_id = b.id;";
+        WHERE a.course_id = b.id AND a.session_id = 0;";
     $res = Database::query($sql);
     $aux = array();
     while ($row = Database::fetch_assoc($res)) {
@@ -170,7 +170,7 @@ function userSessionList()
             // get course of current session
             $sql = "SELECT a.course_id, a.session_id, a.visible, a.price, b.*
             FROM $tableBuyCourse a, $tableCourse b
-            WHERE a.code = b.code AND a.code = '" . $rowSessionCourse['course_code'] . "' AND a.visible = 1;";
+            WHERE a.code = b.code AND a.code = '" . $rowSessionCourse['course_code'] . "'";
             $res = Database::query($sql);
             // loop inside a course of current session
             while ($row = Database::fetch_assoc($res)) {
@@ -369,19 +369,19 @@ function getCourseVisibilityIcon($option)
     $style = 'margin-bottom:-5px;margin-right:5px;';
     switch ($option) {
         case 0:
-            return Display::return_icon('bullet_red.gif', get_lang('CourseVisibilityClosed'), array('style' => $style));
+            return Display::return_icon('bullet_red.gif', get_plugin_lang('CourseVisibilityClosed', 'BuyCoursesPlugin'), array('style' => $style));
             break;
         case 1:
-            return Display::return_icon('bullet_orange.gif', get_lang('Private'), array('style' => $style));
+            return Display::return_icon('bullet_orange.gif', get_plugin_lang('Private', 'BuyCoursesPlugin'), array('style' => $style));
             break;
         case 2:
-            return Display::return_icon('bullet_green.gif', get_lang('OpenToThePlatform'), array('style' => $style));
+            return Display::return_icon('bullet_green.gif', get_plugin_lang('OpenToThePlatform', 'BuyCoursesPlugin'), array('style' => $style));
             break;
         case 3:
-            return Display::return_icon('bullet_blue.gif', get_lang('OpenToTheWorld'), array('style' => $style));
+            return Display::return_icon('bullet_blue.gif', get_plugin_lang('OpenToTheWorld', 'BuyCoursesPlugin'), array('style' => $style));
             break;
         default:
-            return '';
+            return Display::return_icon('bullet_grey.gif', get_plugin_lang('CourseVisibilityHidden', 'BuyCoursesPlugin'), array('style' => $style));;
     }
 }
 /**
diff --git a/plugin/buycourses/src/configuration.php b/plugin/buycourses/src/configuration.php
index 5f84896ca1..bb596eef9d 100644
--- a/plugin/buycourses/src/configuration.php
+++ b/plugin/buycourses/src/configuration.php
@@ -21,7 +21,7 @@ $interbreadcrumb[] = array("url" => "paymentsetup.php", "name" => get_lang('Conf
 $tpl = new Template($templateName);
 
 $teacher = api_is_platform_admin();
-api_protect_course_script(true);
+//api_protect_course_script(true);
 
 if ($teacher) {
     // sync course table with the plugin
@@ -31,6 +31,7 @@ if ($teacher) {
     $visibility[] = getCourseVisibilityIcon('1');
     $visibility[] = getCourseVisibilityIcon('2');
     $visibility[] = getCourseVisibilityIcon('3');
+    $visibility[] = getCourseVisibilityIcon('4');
 
     $coursesList = listCourses();
     $confirmationImgPath = api_get_path(WEB_PLUGIN_PATH) . 'buycourses/resources/img/32/accept.png';
diff --git a/plugin/buycourses/view/index.tpl b/plugin/buycourses/view/index.tpl
index 8e671f214e..80aed3709c 100644
--- a/plugin/buycourses/view/index.tpl
+++ b/plugin/buycourses/view/index.tpl
@@ -26,7 +26,9 @@
 
             <div class="span3">
                 <div class="thumbnail">
-                    <img src="resources/img/128/buycourses.png">
+                    <a href="src/list.php">
+                        <img src="resources/img/128/buycourses.png">
+                    </a>
                     <div class="caption">
                         <a class="btn" href="src/list.php">{{ BuyCourses }}</a>
                     </div>
@@ -35,7 +37,9 @@
             {% if isAdmin == 'true' %}
             <div class="span3">
                 <div class="thumbnail">
-                    <img src="resources/img/128/settings.png">
+                    <a href="src/configuration.php">
+                        <img src="resources/img/128/settings.png">
+                    </a>
                     <div class="caption">
                         <a class="btn" href="src/configuration.php">{{ ConfigurationOfCoursesAndPrices }}</a>
                     </div>
@@ -43,7 +47,9 @@
             </div>
             <div class="span3">
                 <div class="thumbnail">
-                    <img src="resources/img/128/paymentsettings.png">
+                    <a href="src/paymentsetup.php">
+                        <img src="resources/img/128/paymentsettings.png">
+                    </a>
                     <div class="caption">
                         <a class="btn" href="src/paymentsetup.php">{{ ConfigurationOfPayments }} </a>
                     </div>
@@ -51,7 +57,9 @@
             </div>
             <div class="span3">
                 <div class="thumbnail">
-                    <img src="resources/img/128/backlogs.png">
+                    <a href="src/pending_orders.php">
+                        <img src="resources/img/128/backlogs.png">
+                    </a>
                     <div class="caption">
                         <a class="btn" href="src/pending_orders.php"> {{ OrdersPendingOfPayment }} </a>
                     </div>

From 5fe3e21d0a8da4d04e6fc9d97e468ff23fdbf947 Mon Sep 17 00:00:00 2001
From: Imanol Losada <imanol.losada@gmail.com>
Date: Tue, 27 Jan 2015 16:18:37 -0500
Subject: [PATCH 2/8] Enable course protection script - refs #7370

---
 plugin/buycourses/src/configuration.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugin/buycourses/src/configuration.php b/plugin/buycourses/src/configuration.php
index bb596eef9d..da48a808ca 100644
--- a/plugin/buycourses/src/configuration.php
+++ b/plugin/buycourses/src/configuration.php
@@ -21,7 +21,7 @@ $interbreadcrumb[] = array("url" => "paymentsetup.php", "name" => get_lang('Conf
 $tpl = new Template($templateName);
 
 $teacher = api_is_platform_admin();
-//api_protect_course_script(true);
+api_protect_course_script(true);
 
 if ($teacher) {
     // sync course table with the plugin

From 68ce8d755a6e5a7f4c7ed01e21d6bd87d5edeff6 Mon Sep 17 00:00:00 2001
From: Imanol Losada <imanol.losada@gmail.com>
Date: Wed, 28 Jan 2015 08:27:37 -0500
Subject: [PATCH 3/8] Replace api_protect_course_script with
 api_protect_admin_script - refs #7370

---
 plugin/buycourses/src/configuration.php  | 2 +-
 plugin/buycourses/src/paymentsetup.php   | 2 +-
 plugin/buycourses/src/pending_orders.php | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/plugin/buycourses/src/configuration.php b/plugin/buycourses/src/configuration.php
index da48a808ca..9010434d09 100644
--- a/plugin/buycourses/src/configuration.php
+++ b/plugin/buycourses/src/configuration.php
@@ -21,7 +21,7 @@ $interbreadcrumb[] = array("url" => "paymentsetup.php", "name" => get_lang('Conf
 $tpl = new Template($templateName);
 
 $teacher = api_is_platform_admin();
-api_protect_course_script(true);
+api_protect_admin_script(true);
 
 if ($teacher) {
     // sync course table with the plugin
diff --git a/plugin/buycourses/src/paymentsetup.php b/plugin/buycourses/src/paymentsetup.php
index 6310008fda..fe6d2a1f98 100644
--- a/plugin/buycourses/src/paymentsetup.php
+++ b/plugin/buycourses/src/paymentsetup.php
@@ -18,7 +18,7 @@ $interbreadcrumb[] = array("url" => "configuration.php", "name" => $plugin->get_
 
 $tpl = new Template($templateName);
 $teacher = api_is_platform_admin();
-api_protect_course_script(true);
+api_protect_admin_script(true);
 
 if ($teacher) {
     // Sync course table with the plugin
diff --git a/plugin/buycourses/src/pending_orders.php b/plugin/buycourses/src/pending_orders.php
index 4d80fd55ef..d844ab9046 100644
--- a/plugin/buycourses/src/pending_orders.php
+++ b/plugin/buycourses/src/pending_orders.php
@@ -19,7 +19,7 @@ $interbreadcrumb[] = array("url" => "paymentsetup.php", "name" => $plugin->get_l
 $tpl = new Template($tableName);
 
 $teacher = api_is_platform_admin();
-api_protect_course_script(true);
+api_protect_admin_script(true);
 
 if ($teacher) {
     $pendingList = pendingList($_SESSION['bc_codetext']);

From c641adb6e19ab0ddf6e81f4fdac4b90b55a21199 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Thu, 19 Mar 2015 13:58:01 +0100
Subject: [PATCH 4/8] Fix ribbon see BT#9573

---
 main/css/base.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main/css/base.css b/main/css/base.css
index 7689e46d54..c18c900e1c 100755
--- a/main/css/base.css
+++ b/main/css/base.css
@@ -2915,7 +2915,7 @@ div.admin_section h4 {
 }
 
 .ribbon .rib-total {
-    width: 275px;
+    width: 275px !important;
 }
 
 .ribbon .rib-error, .ribbon .ribbon-total-error {

From ad5d2d6041a4e50cf554379164787bd7b34567cd Mon Sep 17 00:00:00 2001
From: Yannick Warnier <ywarnier@beeznest.org>
Date: Thu, 19 Mar 2015 12:23:19 -0500
Subject: [PATCH 5/8] Update changelog to 1.9.10.2

---
 documentation/changelog.html | 70 ++++++++++++++++++++++++++++++++++++
 main/install/index.php       |  2 +-
 main/install/version.php     |  2 +-
 3 files changed, 72 insertions(+), 2 deletions(-)

diff --git a/documentation/changelog.html b/documentation/changelog.html
index d0ee4dd90f..22630d817e 100755
--- a/documentation/changelog.html
+++ b/documentation/changelog.html
@@ -44,6 +44,76 @@
 <p><i>Note: most #wxyz references are issue numbers you can find in <a href="http://support.chamilo.org/projects/chamilo-18/issues" target="_blank">our public bug tracking system</a>. Some references marked BT#xyz are developments made externally for BeezNest customers and integrated into Chamilo. The details of these tasks cannot be seen for confidentiality reasons, but the code change is public and can be reviewed by anyone.</i></p>
 <p>&nbsp;</p>
 
+
+<h1>Chamilo 1.9.10.2 - Sipán, 19th of March, 2015</h1>
+<h3>Release notes - summary</h3>
+  <p>Chamilo 1.9.10.2 is a patch (minor) version of the 1.9.x branch, with
+    bugfixes and a few new minor features, but more importantly fixes for
+    vulnerabilities discovered in 1.9.10 and previous versions (as such, you
+    can just overwrite previous files to upgrade from 1.9.8, 1.9.8.1 or
+    1.9.8.2 to 1.9.10.2).</p>
+  <p>See our <a href="https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues">Security page</a> for more information.</p>
+  <h3>Release name</h3>
+  <p><a href="https://es.wikipedia.org/wiki/Sip%C3%A1n_%28Per%C3%BA%29">Sipán</a>
+  is a small city on the Peruvian Coast where the remains of the Lord of Sipán
+  (a ruler of the 3rd century AC) were discovered in 1987. It held many well-conserved
+  offerings. We believe this version of Chamilo, containing additional fixes on
+  top of an excellent 1.9.10 version, has its fair share of common points with Sipán.</p>
+<h3>Security fixes</h3>
+  <ul>
+    <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/97fec370270eec1db137d93c2aa2c59f2d496a94">97fec370</a> - <a href="https://support.chamilo.org/issues/7564">#7564</a>) Fix multiple XSS &amp; CSRF vulnerabilities</li>
+    <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/ba947ae6376f559440d70d3c539fdb14b19a76ae">ba947ae6</a> - <a href="https://support.chamilo.org/issues/7564">#7564</a>) Use htmlspecialchars when parsing a URL</li>
+    <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/9da1112af7e39c9d8e7da7a57e95a907e6934e27">9da1112a</a> - <a href="https://support.chamilo.org/issues/7564">#7564</a>) Fix partially #7564</li>
+    <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/0c65e9b1be5dc53a8f6836657ded7aeec31cf4b9">0c65e9b1</a>) Format code + adding Security::remove_xss</li>
+  </ul>
+<h3>Improvements (minor features) and debug</h3>
+  <ul>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/96ab630c17388b75f1c76ce0d7cba82ae7c1c154">96ab630c</a> - <a href="https://task.beeznest.com/issues/9494">BT#9494</a>) Fix Exercise result if was added inside a LP</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/b6b54d5bc2ed8638e623f306d71b23f54f59e4b7">b6b54d5b</a> - <a href="https://task.beeznest.com/issues/9255">BT#9255</a>) Fix bad condition that sets all documents to invisible</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/76c83f1d1ba26b23839ccf572b6a921d37ca5986">76c83f1d</a> - <a href="https://task.beeznest.com/issues/9255">BT#9255</a>) Fix redirection after changing document visibility.</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/f58039ea016438b77a5400aef5973c5121a1c983">f58039ea</a> - <a href="https://task.beeznest.com/issues/9571">BT#9571</a>) Fix URL links</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/0fd3188cf207a78ebce50cee148d1caa19de0218">0fd3188c</a> - <a href="https://task.beeznest.com/issues/9559">BT#9559</a>) Fix LP export to PDF</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/391fa4ff7666642c0f21fca42e9f662adea9082d">391fa4ff</a>) Fix reporting.</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/b540f82f114f693f220dd84f67d7a1a971a4c74d">b540f82f</a> - <a href="https://task.beeznest.com/issues/9426">BT#9426</a>) Add "allow_delete_attendance" option</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/c552d086f4c3d21260e407f9fc351d580b060eed">c552d086</a> - <a href="https://task.beeznest.com/issues/8986">BT#8986</a>) Adding session support in forum copy from course to course</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/d0ed859b07282a2c30c18a4e29009541da0e158b">d0ed859b</a> - <a href="https://task.beeznest.com/issues/9436">BT#9436</a>) Improve script to move users from course to session with all resources</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/c7b17060a77ea57961bfc168690b4d0312c60d39">c7b17060</a> - <a href="https://support.chamilo.org/issues/7577">#7577</a>) Fix query in buy_course plugin</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/b2953724a42239a9494d4c0ee27888b72175a2c3">b2953724</a> - <a href="https://task.beeznest.com/issues/9420">BT#9420</a>) Blocking glossary in LP if not allowed</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/e75de5ee93b19752de2a897154c3434e5c9d6456">e75de5ee</a> - <a href="https://task.beeznest.com/issues/9436">BT#9436</a>) Script to move users from course to session with all resources</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/d74d70055ff0b935b70b6823b8e96a3ef2c154b1">d74d7005</a> - <a href="https://task.beeznest.com/issues/9420">BT#9420</a>) Fix setting show_glossary_in_extra_tools</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/11b0e96555c08bf7b569dd3fb89aaecc8ee6682a">11b0e965</a> - <a href="https://task.beeznest.com/issues/9420">BT#9420</a>) Adding glossary possible options</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/ba5b122cb5d26a63825b5b5ec4a2d3c67601555e">ba5b122c</a> - <a href="https://task.beeznest.com/issues/9494">BT#9494</a>) Show exercises included in learning paths in the Gradebook</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/becb73323d5942100b4d709085935ae65409f5bc">becb7332</a>) Fix queries in work tool.</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/0f4ac57793baa68b2d11792c8fdf06a1ac4246ed">0f4ac577</a> - <a href="https://task.beeznest.com/issues/9324">BT#9324</a>) Prevent session admins to see all users</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/709f388cf0379ecccb0de0f928fe6494622f085c">709f388c</a> - <a href="https://task.beeznest.com/issues/9324">BT#9324</a>) Add default setting for configuration.php for users list view filter for session admins</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/afbd8f39d8e728856aaba450a50c686f3d55fcdb">afbd8f39</a> - <a href="https://task.beeznest.com/issues/8986">BT#8986</a>) Fix session selection</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/6061f6975af7b709fb273e3409259caa21d32d84">6061f697</a> - <a href="https://task.beeznest.com/issues/9324">BT#9324</a>) Show only session admin created users in user list and in session creation- refs BT#9324</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/0c9ca6a9e98994cf21bfcda649272f333713e296">0c9ca6a9</a> - <a href="https://task.beeznest.com/issues/9323">BT#9323</a>) Add 'DISTINCT' to session list query to avoid returning repeated records</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/8cbb3661156203fe7b9c5dfef1a819437ae28af3">8cbb3661</a> - <a href="https://support.chamilo.org/issues/7540">#7540</a>) Fix sub category creation</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/132919c0172180888638209e711e35f81a422497">132919c0</a> - <a href="https://task.beeznest.com/issues/9422">BT#9422</a>) User in group can edit wiki page</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/fb445f8be00a59cd2cd719eb8e3dc5bde9cd5094">fb445f8b</a> - <a href="https://task.beeznest.com/issues/9408">BT#9408</a>) Fix queries in the report by question in exercises</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/19193942730dbd6d94ef895a726efdba94d12bb9">19193942</a>) Fixes certification validation. Takes the score not the percentage.</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/2812d601059e31047a9fdabaaf6ec08e34a8e8cf">2812d601</a>) Fixing header order in gradebook</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/d1756906054366a92c5516708dee8e417c9b6340">d1756906</a> - <a href="https://task.beeznest.com/issues/9293">BT#9293</a>) "*.phps" files are renamed to php when downloading a zip</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/ab6f1b2990d6faa278a9706eed5f043aad302ddc">ab6f1b29</a> - <a href="https://task.beeznest.com/issues/9287">BT#9287</a>) Fixes users order in gradebook</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/8da0d49ff538277fb794ecc6f5d7bb1562350e66">8da0d49f</a> - <a href="https://task.beeznest.com/issues/9380">BT#9380</a>) Fixes fatal error in wiki in session</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/47043767efc43b2402b0e4617cbffdea464e3424">47043767</a>) Adds nl.js file to fckeditor.</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/d1f552d2c85ac9ab1d4c9df9319aa47374661ea7">d1f552d2</a>) Fixes error when deleting a group tutors should be also removed.</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/cef6d391f8e0fa573b485d8ed3c25036cc0bc366">cef6d391</a> - <a href="https://task.beeznest.com/issues/9340">BT#9340</a>) Adds students/tutors export/import</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/df11c14bab171a0ee3f21680e78f062593481d52">df11c14b</a> - <a href="https://task.beeznest.com/issues/9355">BT#9355</a>) Fixes $groupId value was overwritten</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/50c9b18219cb87e9624d593e043cc10e18ee4c33">50c9b182</a> - <a href="https://task.beeznest.com/issues/9325">BT#9325</a>) New feature: Edit extra content in admin panels</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/cebeba5c42cf5d0f548ee95678dc1a3b4ea810b8">cebeba5c</a> - <a href="https://task.beeznest.com/issues/9340">BT#9340</a>) Adds "users" field while exporting classes</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/762c4b3f2c309809ed151c2edcfe25e6cb8ecf4a">762c4b3f</a> - <a href="https://task.beeznest.com/issues/8617">BT#8617</a>) Fixes show_description when updating sessions</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/f14dfa42dca2d76ebcbbe6d4b92b7d69ef606b8a">f14dfa42</a> - <a href="https://task.beeznest.com/issues/8617">BT#8617</a>) Adds show_description parameter in import csv files</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/e17cb4c01c3e91479ba32d4030bfd2db2d17bf89">e17cb4c0</a> - <a href="https://task.beeznest.com/issues/9329">BT#9329</a>) Checks only results with qualification</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/b82a265c042b3bead1171401ce74c7121b95e6ce">b82a265c</a> - <a href="https://task.beeznest.com/issues/9328">BT#9328</a>) Adds importSubscribeStatic option</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/4eaeae3376add647ec2f9dc26089975505ebced9">4eaeae33</a>) When cleaning user LP results delete also the interactions and objs</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/3a7cf71e159c4c8106b33f17061eab2a46c2499f">3a7cf71e</a> - <a href="https://task.beeznest.com/issues/7802">BT#7802</a>) Adding event comments</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/2fa39544aaaade7fcc87b6f47f74a068be3f3238">2fa39544</a> - <a href="https://support.chamilo.org/issues/7370">#7370</a>) Fix a few buy courses plugin issues</li>
+  <li>(<a href="https://github.com/chamilo/chamilo-lms/commit/2fd2c2b7a4284204138662bd432a7301c625579d">2fd2c2b7</a> - <a href="https://task.beeznest.com/issues/9022">BT#9022</a>) Add certificate path to the web service. Add 'add_gradebook_certificates_cron_task_enabled' configuration parameter</li>
+</ul>
+
+
 <h1>Chamilo 1.9.10 - Huánuco, 25th of January, 2015</h1>
 <h3>Release notes - summary</h3>
 <p>Chamilo 1.9.10 is a new minor version of the 1.9.x branch, with many bugfixes and a few interesting new features (as such, you can just overwrite previous files to upgrade from 1.9.8, 1.9.8.1 or 1.9.8.2 to 1.9.10).</p>
diff --git a/main/install/index.php b/main/install/index.php
index 2fb77d01b9..7355ea9f07 100755
--- a/main/install/index.php
+++ b/main/install/index.php
@@ -111,7 +111,7 @@ error_reporting(E_ALL);
 // Upgrading from any subversion of 1.6 is just like upgrading from 1.6.5
 $update_from_version_6 = array('1.6', '1.6.1', '1.6.2', '1.6.3', '1.6.4', '1.6.5');
 // Upgrading from any subversion of 1.8 avoids the additional step of upgrading from 1.6
-$update_from_version_8 = array('1.8', '1.8.2', '1.8.3', '1.8.4', '1.8.5', '1.8.6', '1.8.6.1', '1.8.6.2','1.8.7','1.8.7.1','1.8.8','1.8.8.2', '1.8.8.4', '1.8.8.6', '1.9.0', '1.9.2','1.9.4','1.9.6', '1.9.6.1');
+$update_from_version_8 = array('1.8', '1.8.2', '1.8.3', '1.8.4', '1.8.5', '1.8.6', '1.8.6.1', '1.8.6.2','1.8.7','1.8.7.1','1.8.8','1.8.8.2', '1.8.8.4', '1.8.8.6', '1.9.0', '1.9.2','1.9.4','1.9.6', '1.9.6.1', '1.9.8', '1.9.10');
 
 $my_old_version = '';
 $tmp_version = get_config_param('dokeos_version');
diff --git a/main/install/version.php b/main/install/version.php
index 0bd55a4ce8..6e8a87f6fd 100755
--- a/main/install/version.php
+++ b/main/install/version.php
@@ -12,7 +12,7 @@
 /**
  * Variables used from the main/install/index.php
  */
-$new_version            = '1.9.10';
+$new_version            = '1.9.10.2';
 $new_version_status     = 'stable';
 $new_version_last_id	= 0;
 $new_version_stable 	= true;

From d93b95f83d75b1c6c910c27d127f07fc0497c666 Mon Sep 17 00:00:00 2001
From: Yannick Warnier <ywarnier@beeznest.org>
Date: Sun, 22 Mar 2015 01:31:26 -0500
Subject: [PATCH 6/8] Minor session icon edition (fuzzy icon otherwise)

---
 main/inc/lib/userportal.lib.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/main/inc/lib/userportal.lib.php b/main/inc/lib/userportal.lib.php
index 84944005a6..83614497c6 100755
--- a/main/inc/lib/userportal.lib.php
+++ b/main/inc/lib/userportal.lib.php
@@ -1111,7 +1111,7 @@ class IndexManager
                                 'window_list.png',
                                 $session_box['title'],
                                 array('id' => 'session_img_' . $session_id),
-                                ICON_SIZE_LARGE
+                                ICON_SIZE_BIG
                             );
                             $extra_info = !empty($session_box['coach']) ? $session_box['coach'] : null;
                             $extra_info .= !empty($session_box['coach']) ? ' - '.$session_box['dates'] : $session_box['dates'];
@@ -1244,7 +1244,8 @@ class IndexManager
                                             'width' => '48px',
                                             'align' => 'absmiddle',
                                             'id' => 'session_img_' . $session_id
-                                        )
+                                        ),
+                                        ICON_SIZE_BIG
                                     ) . ' ';
 
                                 if (api_is_drh()) {

From 241096206294efc1c36deb1d58137c4649899984 Mon Sep 17 00:00:00 2001
From: Yannick Warnier <ywarnier@beeznest.org>
Date: Sun, 22 Mar 2015 01:39:35 -0500
Subject: [PATCH 7/8] Fix issue in course advance showing title of first module
 in "next topic" section on course homepage

---
 main/inc/introductionSection.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main/inc/introductionSection.inc.php b/main/inc/introductionSection.inc.php
index 6f4595df45..f215b88777 100755
--- a/main/inc/introductionSection.inc.php
+++ b/main/inc/introductionSection.inc.php
@@ -324,7 +324,7 @@ if ($tool == TOOL_COURSE_HOMEPAGE && !isset($_GET['intro_cmdEdit'])) {
             $thematic_description_html .=
                 '<div class="span6 items-progress">
                                                     <div class="topics">'.$subTitle2.'</div>
-                                                    <p class="title_topics">'.$thematic_info['title'].'</p>
+                                                    <p class="title_topics">'.$thematic_info2['title'].'</p>
                                                     <p class="date">'.$thematic_advance_info2['start_date'].'</p>
                                                     <h3 class="title">'.$thematic_advance_info2['content'].'</h3>
                                                     <p class="time">'.get_lang('DurationInHours').' : '.$thematic_advance_info2['duration'].' - <a href="'.$thematicUrl.'">'.get_lang('SeeDetail').'</a></p>

From ada067400b2ab78857224b8be122b367ce76d49a Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Mon, 23 Mar 2015 10:41:42 +0100
Subject: [PATCH 8/8] Fix condition.

---
 main/tracking/courseLog.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/main/tracking/courseLog.php b/main/tracking/courseLog.php
index bb48059ad2..2200f0ee11 100755
--- a/main/tracking/courseLog.php
+++ b/main/tracking/courseLog.php
@@ -50,21 +50,28 @@ if (api_is_drh()) {
     if (api_drh_can_access_all_session_content()) {
         // If the drh has been configured to be allowed to see all session content, give him access to the session courses
         $coursesFromSession = SessionManager::getAllCoursesFollowedByUser(api_get_user_id(), null);
+
+        $coursesFromSessionCodeList = array();
         if (!empty($coursesFromSession)) {
-            $coursesFromSession = array_keys($coursesFromSession);
+            foreach ($coursesFromSession as $course) {
+                $coursesFromSessionCodeList[$course['code']] = $course['code'];
+            }
         }
 
         $coursesFollowedList = CourseManager::get_courses_followed_by_drh(api_get_user_id());
+
         if (!empty($coursesFollowedList)) {
             $coursesFollowedList = array_keys($coursesFollowedList);
         }
+
         if (!in_array($courseCode, $coursesFollowedList)) {
-            if (!in_array($courseCode, $coursesFromSession)) {
+            if (!in_array($courseCode, $coursesFromSessionCodeList)) {
                 api_not_allowed();
             }
         }
     } else {
-        // If the drh has *not* been configured to be allowed to see all session content, then check if he has also been given access to the corresponding courses
+        // If the drh has *not* been configured to be allowed to see all session content,
+        // then check if he has also been given access to the corresponding courses
         $coursesFollowedList = CourseManager::get_courses_followed_by_drh(api_get_user_id());
         $coursesFollowedList = array_keys($coursesFollowedList);
         if (!in_array(api_get_course_id(), $coursesFollowedList)) {