Minor - validate if course exists + format code

7 years ago · a6f7d87319
parent bbbdc1f7dd
commit a6f7d87319
2 changed files with 16 additions and 11 deletions
--- a/main/inc/lib/course.lib.php
+++ b/main/inc/lib/course.lib.php
@ -576,15 +576,20 @@ class CourseManager
            return false; //detected possible SQL injection
        }

+        if (empty($user_id) || empty($course_code)) {
+            return false;
+        }
+
        $courseInfo = api_get_course_info($course_code);
-        $courseId = $courseInfo['real_id'];
-        $courseCode = $courseInfo['code'];
-        $userCourseCategoryId = intval($userCourseCategoryId);

-        if (empty($user_id) || empty($courseCode)) {
+        if (empty($courseInfo)) {
            return false;
        }

+        $courseId = $courseInfo['real_id'];
+        $courseCode = $courseInfo['code'];
+        $userCourseCategoryId = (int) $userCourseCategoryId;
+
        if (!empty($session_id)) {
            $session_id = intval($session_id);
        } else {
@ -620,6 +625,7 @@ class CourseManager
                $session_id,
                $courseCode
            );
+
            // Add event to the system log
            Event::addEvent(
                LOG_SUBSCRIBE_USER_TO_COURSE,
@ -630,11 +636,11 @@ class CourseManager
                $courseId,
                $session_id
            );
-            $user_info = api_get_user_info($user_id);
+            $userInfo = api_get_user_info($user_id);
            Event::addEvent(
                LOG_SUBSCRIBE_USER_TO_COURSE,
                LOG_USER_OBJECT,
-                $user_info,
+                $userInfo,
                api_get_utc_datetime(),
                api_get_user_id(),
                $courseId,
@ -658,11 +664,11 @@ class CourseManager
                $courseId
            );

-            $user_info = api_get_user_info($user_id);
+            $userInfo = api_get_user_info($user_id);
            Event::addEvent(
                LOG_SUBSCRIBE_USER_TO_COURSE,
                LOG_USER_OBJECT,
-                $user_info,
+                $userInfo,
                api_get_utc_datetime(),
                api_get_user_id(),
                $courseId
--- a/main/user/subscribe_user.php
+++ b/main/user/subscribe_user.php
@ -168,10 +168,9 @@ if (!empty($_POST['keyword'])) {
    echo '<br/>'.get_lang('SearchResultsFor').' <span style="font-style: italic ;"> '.$keyword_name.' </span><br>';
 }

-Display :: display_header($tool_name, "User");
+Display :: display_header($tool_name, 'User');

 // Build search-form
-
 switch ($type) {
    case STUDENT:
        $url = api_get_path(WEB_CODE_PATH).'user/user.php?'.api_get_cidreq().'';
@ -180,7 +179,7 @@ switch ($type) {
        $url = api_get_path(WEB_CODE_PATH).'user/user.php?'.api_get_cidreq().'&type='.COURSEMANAGER;
        break;
 }
-$actionsLeft = '';
+
 $actionsLeft = Display::url(
    Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM),
    $url