From a73754d20ffb384b2b3882b5a4bf107b9d46be71 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Mon, 4 May 2009 22:32:16 +0200
Subject: [PATCH] [svn r20297] Minor - UI improvement, also adding some
 Database::escape_string see FS#3772

---
 index.php       | 99 ++++++++++++++++++++++++-------------------------
 user_portal.php | 42 +++++++++++----------
 2 files changed, 71 insertions(+), 70 deletions(-)

diff --git a/index.php b/index.php
index d4fe1b5c54..62b97ea485 100644
--- a/index.php
+++ b/index.php
@@ -1,4 +1,4 @@
-<?php // $Id: index.php 20032 2009-04-23 21:04:45Z juliomontoya $
+<?php // $Id: index.php 20297 2009-05-04 20:32:16Z juliomontoya $
  
 /*
 ==============================================================================
@@ -27,7 +27,7 @@
 /**
 *	@package dokeos.main
 * 	@author Patrick Cool <patrick.cool@UGent.be>, Ghent University, Refactoring
-* 	@version $Id: index.php 20032 2009-04-23 21:04:45Z juliomontoya $
+* 	@version $Id: index.php 20297 2009-05-04 20:32:16Z juliomontoya $
 *   @todo check the different @todos in this page and really do them
 * 	@todo check if the news management works as expected
 */
@@ -98,14 +98,11 @@ $track_login_table 		= Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_L
 $_setting['display_courses_to_anonymous_users'] = 'true';
 
 /** @todo remove this piece of code because this is not used */
-if (isset ($_user['user_id'])) {
+if (isset($_user['user_id'])) {
 	$nameTools = api_get_setting('siteName');
 }
 
 
-
-
-
 /*
 ==============================================================================
 		LOGIN
@@ -390,51 +387,11 @@ function display_anonymous_right_menu() {
 		}
 	}
 
-	/*** hide right menu "general" and other parts on anonymous right menu  *****/
-	 echo "<div class=\"menusection\">", "<span class=\"menusectioncaption\">".get_lang("MenuGeneral")."</span>";
-	 echo "<ul class=\"menulist\">";
-
-	$user_selected_language = api_get_interface_language();
-	global $home, $home_old;
-	if (!isset ($user_selected_language))
-		$user_selected_language = $platformLanguage; 
-	if (!file_exists($home.'home_menu_'.$user_selected_language.'.html')) {
-		if (file_exists($home.'home_menu.html'))
-			include ($home.'home_menu.html');
-		else {
-			include ($home_old.'home_menu.html');
-		}		
-	} else {
-		include($home.'home_menu_'.$user_selected_language.'.html');
-	}
-	echo '</ul>';
-	echo '</div>';
-
-	if ($_user['user_id'] && api_number_of_plugins('campushomepage_menu') > 0) {
-		echo '<div class="note" style="background: none">';
-		api_plugin('campushomepage_menu');
-		echo '</div>';
-	}
 
-	/**
-	 * User section
-	 */
+	// My Account section
 	if (isset($_SESSION['_user']['user_id']) && $_SESSION['_user']['user_id']!=0) {
 		// tabs that are deactivated are added here
-		if (!empty($menu_navigation)) {
-			echo "<div class=\"menusection\">";
-			echo "<span class=\"menusectioncaption\">".get_lang("MainNavigation")."</span>";
-			echo "<ul class=\"menulist\">";
-			foreach($menu_navigation as $section => $navigation_info) {
-				$current = ($section == $GLOBALS['this_section'] ? ' id="current"' : '');
-				echo '<li'.$current.'>';
-				echo '<a href="'.$navigation_info['url'].'" target="_top">'.$navigation_info['title'].'</a>';
-				echo '</li>';
-				echo "\n";
-			}
-			echo "</ul>";
-			echo '</div>';
-		}
+
 
 		$show_menu=false;
 		$show_create_link=false;
@@ -469,8 +426,50 @@ function display_anonymous_right_menu() {
 			echo "</ul>";
 			echo "</div>";			
 		}
-	}
 		
+		if (!empty($menu_navigation)) {
+			echo "<div class=\"menusection\">";
+			echo "<span class=\"menusectioncaption\">".get_lang("MainNavigation")."</span>";
+			echo "<ul class=\"menulist\">";
+			foreach($menu_navigation as $section => $navigation_info) {
+				$current = ($section == $GLOBALS['this_section'] ? ' id="current"' : '');
+				echo '<li'.$current.'>';
+				echo '<a href="'.$navigation_info['url'].'" target="_top">'.$navigation_info['title'].'</a>';
+				echo '</li>';
+				echo "\n";
+			}
+			echo "</ul>";
+			echo '</div>';
+		}
+	}
+	
+	// help ection
+	/*** hide right menu "general" and other parts on anonymous right menu  *****/
+	 echo "<div class=\"menusection\">", "<span class=\"menusectioncaption\">".get_lang("MenuGeneral")."</span>";
+	 echo "<ul class=\"menulist\">";
+
+	$user_selected_language = api_get_interface_language();
+	global $home, $home_old;
+	if (!isset ($user_selected_language))
+		$user_selected_language = $platformLanguage; 
+	if (!file_exists($home.'home_menu_'.$user_selected_language.'.html')) {
+		if (file_exists($home.'home_menu.html'))
+			include ($home.'home_menu.html');
+		else {
+			include ($home_old.'home_menu.html');
+		}		
+	} else {
+		include($home.'home_menu_'.$user_selected_language.'.html');
+	}
+	echo '</ul>';
+	echo '</div>';
+
+	if ($_user['user_id'] && api_number_of_plugins('campushomepage_menu') > 0) {
+		echo '<div class="note" style="background: none">';
+		api_plugin('campushomepage_menu');
+		echo '</div>';
+	}
+			
 	// includes for any files to be displayed below anonymous right menu
 	
 	if (!file_exists($home.'home_notice_'.$user_selected_language.'.html') && file_exists($home.'home_notice.html') && file_get_contents($home.'home_notice.html')!='') {
@@ -565,7 +564,7 @@ function display_anonymous_course_list() {
 	//init
 	$user_identified = (api_get_user_id()>0 && !api_is_anonymous());
 	$web_course_path = api_get_path(WEB_COURSE_PATH);
-	$category = $_GET["category"];
+	$category = Databas::escape_string($_GET['category']);
 	global $setting_show_also_closed_courses;
 
 	// Database table definitions
diff --git a/user_portal.php b/user_portal.php
index 4676659850..4d0ce922b3 100644
--- a/user_portal.php
+++ b/user_portal.php
@@ -1,4 +1,4 @@
-<?php // $Id: user_portal.php 18379 2009-02-09 20:42:34Z juliomontoya $
+<?php // $Id: user_portal.php 20297 2009-05-04 20:32:16Z juliomontoya $
   
 /* For licensing terms, see /dokeos_license.txt */
 /**
@@ -204,6 +204,7 @@ function get_personal_course_list($user_id) {
 	$tbl_session_course_user= Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
 	$tbl_session 			= Database :: get_main_table(TABLE_MAIN_SESSION);
 
+	$user_id = Database::escape_string($user_id);
 	$personal_course_list = array ();
 
 	//Courses in which we suscribed out of any session
@@ -637,7 +638,7 @@ function get_user_course_categories() {
 
 	$output = array();
 	$table_category = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
-	$sql = "SELECT * FROM ".$table_category." WHERE user_id='".$_user['user_id']."'";
+	$sql = "SELECT * FROM ".$table_category." WHERE user_id='".Database::escape_string($_user['user_id'])."'";
 	$result = api_sql_query($sql,__FILE__,__LINE__);
 	while ($row = Database::fetch_array($result)) {
 		$output[$row['id']] = $row['title'];
@@ -804,8 +805,7 @@ if ( is_array($list) ) {
 		if ( empty($value[2]) ) { //if out of any session
 
 			$userdefined_categories = get_user_course_categories();
-			echo '	
-	<ul class="courseslist">';
+			echo '<ul class="courseslist">';
 
 			if ($old_user_category<>$value[0]) {
 				if ($key<>0 OR $value[0]<>0) {// there are courses in the previous category
@@ -903,22 +903,6 @@ api_session_register('status');
 */
 echo '	<div class="menu">';
 
-// tabs that are deactivated are added here
-if (!empty($menu_navigation)) {
-	echo '<div class="menusection">';
-	echo '<span class="menusectioncaption">'.get_lang('MainNavigation').'</span>';
-	echo '<ul class="menulist">';
-	foreach ($menu_navigation as $section => $navigation_info) {
-		$current = ($section == $GLOBALS['this_section'] ? ' id="current"' : '');
-		echo '<li'.$current.'>';
-		echo '<a href="'.$navigation_info['url'].'" target="_top">'.$navigation_info['title'].'</a>';
-		echo '</li>';
-		echo "\n";
-	}
-	echo '</ul>';
-	echo '</div>';
-}
-
 // api_display_language_form(); // moved to the profile page.
 
 $show_menu=false;
@@ -947,6 +931,7 @@ if(isset($toolsList) and is_array($toolsList) and isset($digest)) {
 	$show_menu=true;	
 }
 
+// My account section
 if ($show_menu){
 	echo '<div class="menusection">';
 	echo '<span class="menusectioncaption">'.get_lang('MenuUser').'</span>';
@@ -961,6 +946,23 @@ if ($show_menu){
 	echo '</div>';
 }	
 
+// Main navigation section
+// tabs that are deactivated are added here
+if (!empty($menu_navigation)) {
+	echo '<div class="menusection">';
+	echo '<span class="menusectioncaption">'.get_lang('MainNavigation').'</span>';
+	echo '<ul class="menulist">';
+	foreach ($menu_navigation as $section => $navigation_info) {
+		$current = ($section == $GLOBALS['this_section'] ? ' id="current"' : '');
+		echo '<li'.$current.'>';
+		echo '<a href="'.$navigation_info['url'].'" target="_top">'.$navigation_info['title'].'</a>';
+		echo '</li>';
+		echo "\n";
+	}
+	echo '</ul>';
+	echo '</div>';
+}
+
 
 // plugins for the my courses menu
 if (isset($_plugins['mycourses_menu']) && is_array($_plugins['mycourses_menu'])) {