chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add function api_get_cidreq_params, remove $_SESSION calls#7678

Browse Source
pull/2487/head
Julio 9 years ago
parent f7ce628c84
commit aa9aabc59e
29 changed files with 117 additions and 103 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      main/admin/course_intro_pdf_import.php
  2. 11
      main/admin/course_list.php
  3. 8
      main/chat/chat.php
  4. 8
      main/chat/chat_hidden.php
  5. 4
      main/course_info/infocours.php
  6. 3
      main/create_course/add_course.php
  7. 9
      main/document/document.php
  8. 2
      main/document/download.php
  9. 42
      main/document/remote.php
  10. 5
      main/exercice/exercise_history.php
  11. 2
      main/exercice/exercise_result.php
  12. 6
      main/forum/forumfunction.inc.php
  13. 3
      main/forum/viewforum.php
  14. 6
      main/gradebook/exercise_jump.php
  15. 2
      main/gradebook/gradebook.php
  16. 2
      main/gradebook/gradebook_display_certificate.php
  17. 4
      main/gradebook/gradebook_edit_all.php
  18. 2
      main/gradebook/index.php
  19. 34
      main/gradebook/lib/GradebookUtils.php
  20. 2
      main/gradebook/lib/be/attendancelink.class.php
  21. 5
      main/gradebook/lib/be/forumthreadlink.class.php
  22. 7
      main/gradebook/lib/be/learnpathlink.class.php
  23. 3
      main/gradebook/lib/be/studentpublicationlink.class.php
  24. 2
      main/gradebook/lib/be/surveylink.class.php
  25. 31
      main/inc/lib/api.lib.php
  26. 2
      main/newscorm/aicc_api.php
  27. 2
      main/newscorm/learnpath.class.php
  28. 2
      main/newscorm/lp_add.php
  29. 4
      main/survey/survey.lib.php

7
main/admin/course_intro_pdf_import.php
Unescape View File

@ -127,9 +127,10 @@ function import_pdfs($file, $subDir = '/')
api_set_default_visibility($docId, TOOL_DOCUMENT);
$errors[] = array('Line' => 0, 'Code' => $course['code'], 'Title' => $course['title']);
// Now add a link to the file from the Course description tool
$link = '<p>Sílabo de la asignatura <a href="'.api_get_path(WEB_CODE_PATH).'document/document.php?cidReq='.$course['code'].'&id_session=0&gidReq=0&action=download&id='.$docId.'" target="_blank">
'.Display::return_icon('pdf.png').'
</a></p>';
$link = '<p>Sílabo de la asignatura
<a href="'.api_get_path(WEB_CODE_PATH).'document/document.php?'.api_get_cidreq_params($course['code']).'&action=download&id='.$docId.'" target="_blank">
'.Display::return_icon('pdf.png').'
</a></p>';
$course_description = new CourseDescription();
$session_id = api_get_session_id();
$course_description->set_course_id($course['real_id']);

11
main/admin/course_list.php
Unescape View File

@ -232,21 +232,20 @@ function get_course_data_by_session($from, $number_of_items, $column, $direction
function modify_filter($code)
{
$icourse = api_get_course_info($code);
$path = api_get_path(WEB_CODE_PATH);
return
'<a href="course_information.php?code='.$code.'">'.
Display::return_icon('synthese_view.gif', get_lang('Info')).'</a>&nbsp;'.
//'<a href="../course_home/course_home.php?cidReq='.$code.'">'.
//Display::return_icon('course_home.gif', get_lang('CourseHomepage')).'</a>&nbsp;'. // This is not the preferable way to go to the homepage.
'<a href="'.api_get_path(WEB_COURSE_PATH).$icourse['path'].'/index.php">'.
Display::return_icon('course_home.gif', get_lang('CourseHomepage')).'</a>&nbsp;'.
'<a href="../tracking/courseLog.php?cidReq='.$code.'">'.
'<a href="'.$path.'tracking/courseLog.php?'.api_get_cidreq_params($code).'">'.
Display::return_icon('statistics.gif', get_lang('Tracking')).'</a>&nbsp;'.
'<a href="course_edit.php?id='.$icourse['real_id'].'">'.
'<a href="'.$path.'admin/course_edit.php?id='.$icourse['real_id'].'">'.
Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL).'</a>&nbsp;'.
'<a href="../coursecopy/create_backup.php?cidReq='.$code.'">'.
'<a href="'.$path.'coursecopy/create_backup.php?'.api_get_cidreq_params($code).'">'.
Display::return_icon('backup.gif', get_lang('CreateBackup')).'</a>&nbsp;'.
'<a href="course_list.php?delete_course='.$code.'" onclick="javascript: if (!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;">'.
'<a href="'.$path.'admin/course_list.php?delete_course='.$code.'" onclick="javascript: if (!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;">'.
Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL).'</a>';
}

8
main/chat/chat.php
Unescape View File

@ -1,6 +1,8 @@
<?php
/* For licensing terms, see /license.txt */
use ChamiloSession as Session;
/**
* Chat tool
* @package chamilo.chat
@ -17,10 +19,8 @@ $target = isset($_GET["target"]) ? Security::remove_XSS($_GET["target"]) : null;
if ($origin != 'whoisonline') {
api_protect_course_script(true);
} else {
$origin = $_SESSION['origin'];
$target = $_SESSION['target'];
$_SESSION['origin']= $origin;
$_SESSION['target']= $target;
$origin = Session::read('origin');
$target = Session::read('target');
}
api_protect_course_group(GroupManager::GROUP_TOOL_CHAT, false);

8
main/chat/chat_hidden.php
Unescape View File

@ -110,9 +110,13 @@ require 'header_frame.inc.php';
</form>
<?php
if (isset($_SESSION["origin"]) && $_SESSION["origin"] == 'whoisonline') {
$origin = Session::read('origin');
$target = Session::read('target');
if ($origin == 'whoisonline') {
//check if our target has denied our request or not
$talk_to = $_SESSION["target"];
$talk_to = (int) $target;
$track_user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "select chatcall_text from $track_user_table where ( user_id = $talk_to )";
$result = Database::query($sql);

4
main/course_info/infocours.php
Unescape View File

@ -572,7 +572,7 @@ if ($form->validate() && is_settings_editable()) {
if ($num >= $_configuration[$urlId]['hosting_limit_active_courses']) {
api_warn_hosting_contact('hosting_limit_active_courses');
api_set_failure(get_lang('PortalActiveCoursesLimitReached'));
$url = api_get_path(WEB_CODE_PATH).'course_info/infocours.php?action=course_active_warning&cidReq='.$course_code;
$url = api_get_path(WEB_CODE_PATH).'course_info/infocours.php?action=course_active_warning&'.api_get_cidreq();
header("Location: $url");
exit;
}
@ -639,7 +639,7 @@ if ($form->validate() && is_settings_editable()) {
$cidReset = true;
$cidReq = $course_code;
require '../inc/local.inc.php';
$url = api_get_path(WEB_CODE_PATH).'course_info/infocours.php?action=show_message&cidReq='.$course_code;
$url = api_get_path(WEB_CODE_PATH).'course_info/infocours.php?action=show_message&'.api_get_cidreq();
header("Location: $url");
exit;
}

3
main/create_course/add_course.php
Unescape View File

@ -308,8 +308,7 @@ if ($form->validate()) {
$message = $tpl->fetch($add_course_tpl);*/
$url = api_get_path(WEB_CODE_PATH);
$url .= 'course_info/start.php?cidReq=';
$url .= $course_info['code'];
$url .= 'course_info/start.php?'.api_get_cidreq_params($course_info['code']);
$url .= '&first=1';
header('Location: ' . $url);
exit;

9
main/document/document.php
Unescape View File

@ -378,9 +378,8 @@ switch ($action) {
}
$file_link = Display::url(
get_lang('SeeFile'),
api_get_path(WEB_CODE_PATH).'social/myfiles.php?'.
'cidReq='.$cidReq.'&amp;id_session='.$id_session.'&amp;'.
'gidReq='.$gidReq.'&amp;parent_id='.$parent_id
api_get_path(WEB_CODE_PATH).'social/myfiles.php?'.api_get_cidreq_params($cidReq, $id_session, $gidReq).
'&parent_id='.$parent_id
);
if (api_get_setting('allow_my_files') === 'false') {
@ -499,9 +498,7 @@ switch ($action) {
$file_link = Display::url(
get_lang('SeeFile'),
api_get_path(WEB_CODE_PATH) .
'document/showinframes.php?' . 'cidReq=' . $cidReq .
'&id_session=' . $id_session . '&' .
'gidReq=' . $gidReq . '&id=' . current($result)
'document/showinframes.php?'.api_get_cidreq_params($cidReq, $id_session, $gidReq).'&id=' . current($result)
);
Display::addFlash(Display::return_message(
get_lang('CopyMade') . ' ' . $file_link,

2
main/document/download.php
Unescape View File

@ -56,7 +56,7 @@ if (substr($refer_script, 0, 15) == '/fillsurvey.php') {
// Group folder?
$gid_req = ($_GET['gidReq']) ? '&gidReq='.Security::remove_XSS($_GET['gidReq']) : '';
// Create the path
$document_explorer = api_get_path(WEB_CODE_PATH).'document/document.php?curdirpath='.urlencode($doc_url).'&cidReq='.Security::remove_XSS($_GET['cidReq']).$gid_req;
$document_explorer = api_get_path(WEB_CODE_PATH).'document/document.php?curdirpath='.urlencode($doc_url).'&'.api_get_cidreq_params(Security::remove_XSS($_GET['cidReq'], 0, $gid_req);
// Redirect
header('Location: '.$document_explorer);
}

42
main/document/remote.php
Unescape View File

@ -14,37 +14,26 @@
*/
/* FIX for IE cache when using https */
session_cache_limiter('none');
/*==== DEBUG ====*/
$debug=0;
if ($debug>0) {
// dump the request
$v = array_keys(get_defined_vars());
error_log(var_export($v, true),3, '/tmp/log');
foreach (array_keys(get_defined_vars()) as $k) {
if ($k == 'GLOBALS') {
continue;
}
error_log($k, 3, '/tmp/log');
error_log(var_export($$k, true), 3, '/tmp/log');
}
}
/*==== INCLUDE ====*/
require_once '../inc/global.inc.php';
api_block_anonymous_users();
/*==== Variables initialisation ====*/
$action = $_REQUEST['action']; //safe as only used in if()'s
$seek = array('/','%2F','..');
$destroy = array('','','');
$cidReq = str_replace($seek,$destroy,$_REQUEST["cidReq"]);
$seek = array('/', '%2F', '..');
$destroy = array('', '', '');
$cidReq = str_replace($seek, $destroy, $_REQUEST["cidReq"]);
$cidReq = Security::remove_XSS($cidReq);
$user_id = api_get_user_id();
$coursePath = api_get_path(SYS_COURSE_PATH).$cidReq.'/document';
$_course = CourseManager::get_course_information($cidReq);
if ($_course == null) die ("problem when fetching course information");
if ($_course == null) {
die ("problem when fetching course information");
}
// stupid variable initialisation for old version of DocumentManager functions.
$_course['path'] = $_course['directory'];
$is_manager = (CourseManager::get_user_in_course_status($user_id, $cidReq) == COURSEMANAGER);
if ($debug>0) { error_log($coursePath, 0); }
if ($debug > 0) {
error_log($coursePath, 0);
}
// FIXME: check security around $_REQUEST["cwd"]
$cwd = $_REQUEST['cwd'];
// treat /..
@ -55,11 +44,13 @@ while (substr($cwd, -3, 3) == '/..') {
if (strlen($cwd) == 0) { $cwd='/'; }
$nParent++;
}
for (;$nParent >0; $nParent--) {
$cwd = (strrpos($cwd,'/')>-1 ? substr($cwd, 0, strrpos($cwd,'/')) : $cwd);
for (; $nParent > 0; $nParent--) {
$cwd = (strrpos($cwd, '/') > -1 ? substr($cwd, 0, strrpos($cwd, '/')) : $cwd);
}
if (strlen($cwd) == 0) {
$cwd = '/';
}
if (strlen($cwd) == 0) { $cwd='/'; }
if (Security::check_abs_path($cwd,api_get_path(SYS_PATH))) {
if (Security::check_abs_path($cwd, api_get_path(SYS_PATH))) {
die();
}
if ($action == 'list') {
@ -70,9 +61,8 @@ if ($action == 'list') {
$files = DocumentManager::get_all_document_data($_course, $cwd, 0, NULL, false);
// adding download link to files
foreach ($files as $k=>$f) {
foreach ($files as $k => $f) {
if ($f['filetype'] == 'file') {
//$files[$k]['download'] = api_get_path(WEB_CODE_PATH)."/document/document.php?cidReq=$cidReq&action=download&id=".urlencode($f['path']);
$files[$k]['download'] = api_get_path(WEB_COURSE_PATH).$cidReq."/document".$f['path'];
}
print json_encode($files);

5
main/exercice/exercise_history.php
Unescape View File

@ -14,14 +14,15 @@ require_once '../inc/global.inc.php';
$this_section=SECTION_COURSES;
api_protect_course_script(true);
$show=(isset($_GET['show']) && $_GET['show'] == 'result')?'result':'test'; // moved down to fix bug: http://www.dokeos.com/forum/viewtopic.php?p=18609#18609
// moved down to fix bug: http://www.dokeos.com/forum/viewtopic.php?p=18609#18609
$show = (isset($_GET['show']) && $_GET['show'] == 'result') ? 'result' : 'test';
/* Constants and variables */
$is_allowedToEdit = api_is_allowed_to_edit(null,true);
$is_tutor = api_is_allowed_to_edit(true);
if (!$is_allowedToEdit){
header('Location: /main/exercice/exercise.php?cidReq='.Security::remove_XSS($_GET['cidReq']));
header('Location: /main/exercice/exercise.php?'.api_get_cidreq());
exit;
}

2
main/exercice/exercise_result.php
Unescape View File

@ -204,7 +204,7 @@ if ($origin != 'learnpath') {
Display::display_footer();
} else {
$lp_mode = isset($_SESSION['lp_mode']) ? $_SESSION['lp_mode'] : null;
$url = '../newscorm/lp_controller.php?cidReq='.api_get_course_id().'&action=view&lp_id='.$learnpath_id.'&lp_item_id='.$learnpath_item_id.'&exeId='.$exercise_stat_info['exe_id'].'&fb_type='.$objExercise->feedback_type;
$url = '../newscorm/lp_controller.php?'.api_get_cidreq().'&action=view&lp_id='.$learnpath_id.'&lp_item_id='.$learnpath_item_id.'&exeId='.$exercise_stat_info['exe_id'].'&fb_type='.$objExercise->feedback_type;
$href = ($lp_mode == 'fullscreen')?' window.opener.location.href="'.$url.'" ':' top.location.href="'.$url.'"';
if (api_is_allowed_to_session_edit()) {

6
main/forum/forumfunction.inc.php
Unescape View File

@ -5478,8 +5478,10 @@ function get_all_post_from_user($user_id, $course_code)
$forum_results .='<div id="social-forum-title">'.
Display::return_icon('forum.gif', get_lang('Forum')).'&nbsp;'.Security::remove_XSS($forum['forum_title'], STUDENT).
'<div style="float:right;margin-top:-35px">
<a href="../forum/viewforum.php?cidReq='.$course_code.'&gidReq=&forum='.$forum['forum_id'].' " >'.get_lang('SeeForum').'</a>
</div></div>';
<a href="../forum/viewforum.php?'.api_get_cidreq_params($course_code).'&forum='.$forum['forum_id'].' " >'.
get_lang('SeeForum').'
</a>
</div></div>';
$forum_results .='<br / >';
if ($post_counter > 0) {
$forum_results .=$hand_forums;

3
main/forum/viewforum.php
Unescape View File

@ -246,8 +246,7 @@ if (
$table_list = Display::page_subheader(get_lang('ThreadUsersList') . ': ' . get_name_thread_by_id($_GET['id']));
if ($nrorow3 > 0 || $nrorow3 == -2) {
$url = 'cidReq=' . Security::remove_XSS($_GET['cidReq']) .
'&forum=' . Security::remove_XSS($my_forum) . '&action='
$url = api_get_cidreq() .'&forum=' . intval($my_forum) . '&action='
. Security::remove_XSS($_GET['action']) . '&content='
. Security::remove_XSS($_GET['content'], STUDENT) . '&id=' . intval($_GET['id']);
$tabs = array(

6
main/gradebook/exercise_jump.php
Unescape View File

@ -12,16 +12,14 @@
require_once '../inc/global.inc.php';
api_block_anonymous_users();
$this_section=SECTION_COURSES;
$this_section = SECTION_COURSES;
$gradebook = Security::remove_XSS($_GET['gradebook']);
$session_id = api_get_session_id();
$cidReq = Security::remove_XSS($_GET['cidReq']);
$type = Security::remove_XSS($_GET['type']);
$doExerciseUrl = null;
$doExerciseUrl = '';
if (isset($_GET['doexercise'])) {
$doExerciseUrl = api_get_path(WEB_CODE_PATH) . 'exercise/overview.php?' . http_build_query([

2
main/gradebook/gradebook.php
Unescape View File

@ -381,7 +381,7 @@ if (!isset($_GET['exportpdf']) && !isset($_GET['export_certificate'])) {
Display :: display_header(get_lang('FlatView'));
} elseif (isset ($_GET['search'])) {
if ($_SESSION['gradebook_dest'] == 'index.php') {
$gradebook_dest = Security::remove_XSS($_SESSION['gradebook_dest']).'?cidReq='.Security::remove_XSS($_GET['course']).'&amp;';
$gradebook_dest = Security::remove_XSS($_SESSION['gradebook_dest']).'?'.api_get_cidreq().'&amp;';
} else {
$gradebook_dest = Security::remove_XSS($_SESSION['gradebook_dest']);
}

2
main/gradebook/gradebook_display_certificate.php
Unescape View File

@ -218,7 +218,7 @@ if (count($certificate_list) == 0 ) {
$url = api_get_path(WEB_PATH).'certificates/index.php?id='.$value_certificate['id'];
$certificates = Display::url(get_lang('Certificate'), $url, array('target'=>'_blank', 'class' => 'btn btn-default'));
echo $certificates;
echo '<a onclick="return confirmation();" href="gradebook_display_certificate.php?sec_token='.$token.'&cidReq='.$course_code.'&action=delete&cat_id='.$cat_id.'&certificate_id='.$value_certificate['id'].'">
echo '<a onclick="return confirmation();" href="gradebook_display_certificate.php?sec_token='.$token.'&'.api_get_cidreq().'&action=delete&cat_id='.$cat_id.'&certificate_id='.$value_certificate['id'].'">
'.Display::return_icon('delete.png',get_lang('Delete')).'
</a>';
echo '</td></tr>';

4
main/gradebook/gradebook_edit_all.php
Unescape View File

@ -167,10 +167,6 @@ foreach ($evaluations as $evaluationRow) {
}
$my_api_cidreq = api_get_cidreq();
if ($my_api_cidreq == '') {
$my_api_cidreq = 'cidReq='.$my_category['course_code'];
}
$currentUrl = api_get_self().'?'.api_get_cidreq().'&selectcat='.$my_selectcat;
$form = new FormValidator('auto_weight', 'post', $currentUrl);

2
main/gradebook/index.php
Unescape View File

@ -816,7 +816,7 @@ if (api_is_allowed_to_edit(null, true)) {
}
if (isset($first_time) && $first_time==1 && api_is_allowed_to_edit(null,true)) {
echo '<meta http-equiv="refresh" content="0;url='.api_get_self().'?cidReq='.$course_code.'" />';
echo '<meta http-equiv="refresh" content="0;url='.api_get_self().'?'.api_get_cidreq().'" />';
} else {
$cats = Category::load(null, null, $course_code, null, null, $session_id, false);

34
main/gradebook/lib/GradebookUtils.php
Unescape View File

@ -216,6 +216,8 @@ class GradebookUtils
);
}
$courseParams = api_get_cidreq_params($cat->get_course_code(), $cat->get_session_id());
if (api_is_allowed_to_edit(null, true)) {
// Locking button
@ -239,7 +241,7 @@ class GradebookUtils
if ($cat->is_locked() && !api_is_platform_admin()) {
$modify_icons .= Display::return_icon('edit_na.png', get_lang('Modify'), '', ICON_SIZE_SMALL);
} else {
$modify_icons .= '<a href="gradebook_edit_cat.php?' .'editcat=' . $cat->get_id() . '&cidReq=' .$cat->get_course_code() . '&id_session='.$cat->get_session_id().'">' .
$modify_icons .= '<a href="gradebook_edit_cat.php?editcat=' . $cat->get_id() . '&'.$courseParams.'">' .
Display::return_icon(
'edit.png',
get_lang('Modify'),
@ -249,7 +251,7 @@ class GradebookUtils
}
}
$modify_icons .= '<a href="gradebook_edit_all.php?selectcat=' .$cat->get_id() . '&cidReq=' . $cat->get_course_code() . '&id_session='.$cat->get_session_id().'">' .
$modify_icons .= '<a href="gradebook_edit_all.php?selectcat=' .$cat->get_id() . '&' . $courseParams.'">' .
Display::return_icon(
'percentage.png',
get_lang('EditAllWeights'),
@ -257,14 +259,14 @@ class GradebookUtils
ICON_SIZE_SMALL
) . '</a>';
$modify_icons .= '<a href="gradebook_flatview.php?selectcat=' .$cat->get_id() . '&cidReq=' . $cat->get_course_code() . '&id_session='.$cat->get_session_id(). '">' .
$modify_icons .= '<a href="gradebook_flatview.php?selectcat=' .$cat->get_id() . '&' . $courseParams. '">' .
Display::return_icon(
'stats.png',
get_lang('FlatView'),
'',
ICON_SIZE_SMALL
) . '</a>';
$modify_icons .= '&nbsp;<a href="' . api_get_self() .'?visiblecat=' . $cat->get_id() . '&' .$visibility_command . '=&selectcat=' . $selectcat .'&cidReq=' . $cat->get_course_code() . '&id_session='.$cat->get_session_id(). '">' .
$modify_icons .= '&nbsp;<a href="' . api_get_self() .'?visiblecat=' . $cat->get_id() . '&' .$visibility_command . '=&selectcat=' . $selectcat .'&' . $courseParams. '">' .
Display::return_icon(
$visibility_icon . '.png',
get_lang('Visible'),
@ -275,7 +277,7 @@ class GradebookUtils
if ($cat->is_locked() && !api_is_platform_admin()) {
$modify_icons .= Display::return_icon('delete_na.png', get_lang('DeleteAll'), '', ICON_SIZE_SMALL);
} else {
$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?deletecat=' . $cat->get_id() . '&selectcat=' . $selectcat . '&cidReq=' . $cat->get_course_code() . '&id_session='.$cat->get_session_id(). '" onclick="return confirmation();">' .
$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?deletecat=' . $cat->get_id() . '&selectcat=' . $selectcat . '&' . $courseParams. '" onclick="return confirmation();">' .
Display::return_icon('delete.png', get_lang('DeleteAll'), '', ICON_SIZE_SMALL) . '</a>';
}
}
@ -297,27 +299,30 @@ class GradebookUtils
$cat = new Category();
$message_eval = $cat->show_message_resource_delete($eval->get_course_code());
$courseParams = api_get_cidreq_params($eval->get_course_code(), $eval->getSessionId());
if ($message_eval === false && api_is_allowed_to_edit(null, true)) {
$visibility_icon = ($eval->is_visible() == 0) ? 'invisible' : 'visible';
$visibility_command = ($eval->is_visible() == 0) ? 'set_visible' : 'set_invisible';
if ($is_locked && !api_is_platform_admin()) {
$modify_icons = Display::return_icon('edit_na.png', get_lang('Modify'), '', ICON_SIZE_SMALL);
} else {
$modify_icons = '<a href="gradebook_edit_eval.php?editeval=' . $eval->get_id() . '&cidReq=' . $eval->get_course_code() . '&id_session='.$eval->getSessionId(). '">' .
$modify_icons = '<a href="gradebook_edit_eval.php?editeval=' . $eval->get_id() . '&' . $courseParams. '">' .
Display::return_icon('edit.png', get_lang('Modify'), '', ICON_SIZE_SMALL) . '</a>';
}
$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?visibleeval=' . $eval->get_id() . '&' . $visibility_command . '=&selectcat=' . $selectcat . '&id_session='.$eval->getSessionId(). ' ">' .
$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?visibleeval=' . $eval->get_id() . '&' . $visibility_command . '=&selectcat=' . $selectcat . '&'.$courseParams. ' ">' .
Display::return_icon($visibility_icon . '.png', get_lang('Visible'), '', ICON_SIZE_SMALL) . '</a>';
if (api_is_allowed_to_edit(null, true)) {
$modify_icons .= '&nbsp;<a href="gradebook_showlog_eval.php?visiblelog=' . $eval->get_id() . '&selectcat=' . $selectcat . ' &cidReq=' . $eval->get_course_code() . '&id_session='.$eval->getSessionId(). '">' .
$modify_icons .= '&nbsp;<a href="gradebook_showlog_eval.php?visiblelog=' . $eval->get_id() . '&selectcat=' . $selectcat . ' &' . $courseParams. '">' .
Display::return_icon('history.png', get_lang('GradebookQualifyLog'), '', ICON_SIZE_SMALL) . '</a>';
}
if ($is_locked && !api_is_platform_admin()) {
$modify_icons .= '&nbsp;' . Display::return_icon('delete_na.png', get_lang('Delete'), '', ICON_SIZE_SMALL);
} else {
$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?deleteeval=' . $eval->get_id() . '&selectcat=' . $selectcat . ' &cidReq=' . $eval->get_course_code() . '&id_session='.$eval->getSessionId(). '" onclick="return confirmation();">' . Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL) . '</a>';
$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?deleteeval=' . $eval->get_id() . '&selectcat=' . $selectcat . ' &' . $courseParams. '" onclick="return confirmation();">' .
Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL) . '</a>';
}
return $modify_icons;
}
@ -340,6 +345,8 @@ class GradebookUtils
return null;
}
$courseParams = api_get_cidreq_params($link->get_course_code(), $link->get_session_id());
if ($message_link === false) {
$visibility_icon = ($link->is_visible() == 0) ? 'invisible' : 'visible';
$visibility_command = ($link->is_visible() == 0) ? 'set_visible' : 'set_invisible';
@ -347,12 +354,12 @@ class GradebookUtils
if ($is_locked && !api_is_platform_admin()) {
$modify_icons = Display::return_icon('edit_na.png', get_lang('Modify'), '', ICON_SIZE_SMALL);
} else {
$modify_icons = '<a href="gradebook_edit_link.php?editlink=' . $link->get_id() . '&cidReq=' . $link->get_course_code() . '&id_session='.$link->get_session_id().'">' .
$modify_icons = '<a href="gradebook_edit_link.php?editlink=' . $link->get_id() . '&' . $courseParams.'">' .
Display::return_icon('edit.png', get_lang('Modify'), '', ICON_SIZE_SMALL) . '</a>';
}
$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?visiblelink=' . $link->get_id() . '&' . $visibility_command . '=&selectcat=' . $selectcat . '&id_session='.$link->get_session_id(). ' ">' .
$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?visiblelink=' . $link->get_id() . '&' . $visibility_command . '=&selectcat=' . $selectcat . '&'.$courseParams. ' ">' .
Display::return_icon($visibility_icon . '.png', get_lang('Visible'), '', ICON_SIZE_SMALL) . '</a>';
$modify_icons .= '&nbsp;<a href="gradebook_showlog_link.php?visiblelink=' . $link->get_id() . '&selectcat=' . $selectcat . '&cidReq=' . $link->get_course_code() . '&id_session='.$link->get_session_id(). '">' .
$modify_icons .= '&nbsp;<a href="gradebook_showlog_link.php?visiblelink=' . $link->get_id() . '&selectcat=' . $selectcat . '&' . $courseParams. '">' .
Display::return_icon('history.png', get_lang('GradebookQualifyLog'), '', ICON_SIZE_SMALL) . '</a>';
//If a work is added in a gradebook you can only delete the link in the work tool
@ -360,9 +367,10 @@ class GradebookUtils
if ($is_locked && !api_is_platform_admin()) {
$modify_icons .= '&nbsp;' . Display::return_icon('delete_na.png', get_lang('Delete'), '', ICON_SIZE_SMALL);
} else {
$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?deletelink=' . $link->get_id() . '&selectcat=' . $selectcat . ' &cidReq=' . $link->get_course_code() . '&id_session='.$link->get_session_id(). '" onclick="return confirmation();">' .
$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?deletelink=' . $link->get_id() . '&selectcat=' . $selectcat . ' &' . $courseParams. '" onclick="return confirmation();">' .
Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL) . '</a>';
}
return $modify_icons;
}
}

2
main/gradebook/lib/be/attendancelink.class.php
Unescape View File

@ -281,7 +281,7 @@ class AttendanceLink extends AbstractLink
$result = Database::query($sql);
$row = Database::fetch_array($result,'ASSOC');
$attendance_id = $row['id'];
$url = api_get_path(WEB_PATH).'main/attendance/index.php?action=attendance_sheet_list&gradebook=view&attendance_id='.$attendance_id.'&session_id='.$session_id.'&cidReq='.$this->get_course_code();
$url = api_get_path(WEB_PATH).'main/attendance/index.php?action=attendance_sheet_list&gradebook=view&attendance_id='.$attendance_id.'&'.api_get_cidreq_params($this->get_course_code(), $session_id);
return $url;
}

5
main/gradebook/lib/be/forumthreadlink.class.php
Unescape View File

@ -306,14 +306,15 @@ class ForumThreadLink extends AbstractLink
public function get_link()
{
$sessionId = api_get_session_id();
//it was extracts the forum id
$sql = 'SELECT * FROM '.$this->get_forum_thread_table()."
WHERE c_id = '.$this->course_id.' AND thread_id = '".$this->get_ref_id()."' AND session_id = ".api_get_session_id()."";
WHERE c_id = '.$this->course_id.' AND thread_id = '".$this->get_ref_id()."' AND session_id = ".$sessionId."";
$result = Database::query($sql);
$row = Database::fetch_array($result,'ASSOC');
$forum_id=$row['forum_id'];
$url = api_get_path(WEB_PATH).'main/forum/viewthread.php?cidReq='.$this->get_course_code().'&thread='.$this->get_ref_id().'&gradebook=view&forum='.$forum_id;
$url = api_get_path(WEB_PATH).'main/forum/viewthread.php?'.api_get_cidreq_params($this->get_course_code(), $sessionId).'&thread='.$this->get_ref_id().'&gradebook=view&forum='.$forum_id;
return $url;
}

7
main/gradebook/lib/be/learnpathlink.class.php
Unescape View File

@ -172,12 +172,13 @@ class LearnpathLink extends AbstractLink
*/
public function get_link()
{
$url = api_get_path(WEB_PATH).'main/newscorm/lp_controller.php?cidReq='.$this->get_course_code().'&gradebook=view';
$session_id = api_get_session_id();
$url = api_get_path(WEB_PATH).'main/newscorm/lp_controller.php?'.api_get_cidreq_params($this->get_course_code(), $session_id).'&gradebook=view';
if (!api_is_allowed_to_edit() || $this->calc_score(api_get_user_id()) == null) {
$url .= '&action=view&session_id='.$session_id.'&lp_id='.$this->get_ref_id();
$url .= '&action=view&lp_id='.$this->get_ref_id();
} else {
$url .= '&action=build&session_id='.$session_id.'&lp_id='.$this->get_ref_id();
$url .= '&action=build&lp_id='.$this->get_ref_id();
}
return $url;
}

3
main/gradebook/lib/be/studentpublicationlink.class.php
Unescape View File

@ -299,7 +299,8 @@ class StudentPublicationLink extends AbstractLink
public function get_link()
{
$session_id = api_get_session_id();
$url = api_get_path(WEB_PATH).'main/work/work.php?session_id='.$session_id.'&cidReq='.$this->get_course_code().'&id='.$this->exercise_data['id'].'&gradebook=view';
$url = api_get_path(WEB_PATH).'main/work/work.php?'.api_get_cidreq_params($this->get_course_code(), $session_id).'&id='.$this->exercise_data['id'].'&gradebook=view';
return $url;
}

2
main/gradebook/lib/be/surveylink.class.php
Unescape View File

@ -268,7 +268,7 @@ class SurveyLink extends AbstractLink
$result = Database::query($sql);
$row = Database::fetch_array($result, 'ASSOC');
$survey_id = $row['survey_id'];
return api_get_path(WEB_PATH).'main/survey/reporting.php?cidReq='.$this->get_course_code().'&survey_id='.$survey_id;
return api_get_path(WEB_PATH).'main/survey/reporting.php?'.api_get_cidreq_params($this->get_course_code(), $session_id).'&survey_id='.$survey_id;
}
}
return null;

31
main/inc/lib/api.lib.php
Unescape View File

@ -1565,8 +1565,26 @@ function api_get_anonymous_id()
}
/**
* Returns the cidreq parameter name + current course id taken from
* $GLOBALS['_cid'] and returns a string like 'cidReq=ABC&id_session=123
* @param string $courseCode
* @param int $sessionId
* @param int $groupId
* @return string
*/
function api_get_cidreq_params($courseCode, $sessionId = 0, $groupId = 0)
{
$courseCode = !empty($courseCode) ? htmlspecialchars($courseCode) : '';
$sessionId = !empty($sessionId) ? (int) $sessionId : 0;
$groupId = !empty($groupId) ? (int) $groupId : 0;
$url = 'cidReq='.$courseCode;
$url .= '&id_session='.$sessionId;
$url .= '&gidReq='.$groupId;
return $url;
}
/**
* Returns the current course url part including session, group, and gradebook params
*
* @param bool $addSessionId
* @param bool $addGroupId
@ -1575,7 +1593,8 @@ function api_get_anonymous_id()
*/
function api_get_cidreq($addSessionId = true, $addGroupId = true)
{
$url = empty($GLOBALS['_cid']) ? '' : 'cidReq='.htmlspecialchars($GLOBALS['_cid']);
$courseCode = api_get_course_id();
$url = empty($courseCode) ? '' : 'cidReq='.htmlspecialchars($courseCode);
$origin = api_get_origin();
if ($addSessionId) {
@ -1590,8 +1609,10 @@ function api_get_cidreq($addSessionId = true, $addGroupId = true)
}
}
$url .= '&gradebook='.intval(api_is_in_gradebook());
$url .= '&origin='.$origin;
if (!empty($url)) {
$url .= '&gradebook='.intval(api_is_in_gradebook());
$url .= '&origin='.$origin;
}
return $url;
}

2
main/newscorm/aicc_api.php
Unescape View File

@ -285,7 +285,7 @@ function savedata(origin) { //origin can be 'commit', 'finish' or 'terminate'
$url = $_SERVER['HTTP_HOST'].$self;
$url = substr($url, 0, -14); // 14 is the length of this file's name (/scorm_api.php).
echo $url;
?>/lp_controller.php?cidReq=<?php echo api_get_course_id();?>&action=save&lp_id=<?php echo $oLP->get_id();?>&" + param + "";
?>/lp_controller.php?<?php echo api_get_cidreq(); ?>&action=save&lp_id=<?php echo $oLP->get_id();?>&" + param + "";
logit_lms('saving data (status='+lesson_status+')',1);
xajax_save_item(lms_lp_id, lms_user_id, lms_view_id, lms_item_id, score, max, min, lesson_status, session_time, suspend_data, lesson_location);
//xajax_update_pgs();

2
main/newscorm/learnpath.class.php
Unescape View File

@ -8430,7 +8430,7 @@ class learnpath
</script>';
}
$url = api_get_self().'?cidReq='.Security::remove_XSS($_GET['cidReq']).'&view=build&id='.$item_id .'&lp_id='.$this->lp_id;
$url = api_get_self().'?cidReq='.api_get_cidreq().'&view=build&id='.$item_id .'&lp_id='.$this->lp_id;
$return .= Display::url(
Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL),

2
main/newscorm/lp_add.php
Unescape View File

@ -84,7 +84,7 @@ $interbreadcrumb[] = array('url' => 'lp_controller.php?action=list', 'name' => g
Display::display_header(get_lang('LearnpathAddLearnpath'), 'Path');
echo '<div class="actions">';
echo '<a href="lp_controller.php?cidReq='.$_course['sysCode'].'">'.
echo '<a href="lp_controller.php?'.api_get_cidreq().'">'.
Display::return_icon('back.png', get_lang('ReturnToLearningPaths'),'',ICON_SIZE_MEDIUM).'</a>';
echo '</div>';

4
main/survey/survey.lib.php
Unescape View File

@ -4598,10 +4598,6 @@ class SurveyUtil
$current_user_id = api_get_user_id();
}
$link_available = self::show_link_available(api_get_user_id(),$row['code'],$current_user_id);
//todo check this link
if ($link_add === true && $link_available === true) {
//echo '<tr><td><a href="fillsurvey.php?user_id='.api_get_user_id().'&course='.$_course['sysCode'].'&invitationcode='.$row['invitation_code'].'&cidReq='.$_course['sysCode'].'">'.get_lang('CompleteTheSurveysQuestions').'</a></td><td></td></tr>';
}
}
echo '</table>';
}

Write Preview
Loading…
Cancel
Save