diff --git a/main/inc/lib/CourseChatUtils.php b/main/inc/lib/CourseChatUtils.php index 35a58dc0bf..a9358a3ff3 100644 --- a/main/inc/lib/CourseChatUtils.php +++ b/main/inc/lib/CourseChatUtils.php @@ -90,6 +90,8 @@ class CourseChatUtils if (empty($message)) { return false; } + $friendId = (int) $friendId; + $user = api_get_user_entity($this->userId); $courseInfo = api_get_course_info_by_id($this->courseId); $isMaster = api_is_course_admin(); diff --git a/main/inc/lib/course_category.lib.php b/main/inc/lib/course_category.lib.php index 2c785c4a48..6e5374f1a8 100755 --- a/main/inc/lib/course_category.lib.php +++ b/main/inc/lib/course_category.lib.php @@ -482,8 +482,8 @@ class CourseCategory */ public static function listCategories($categorySource) { - $categorySource = isset($categorySource) ? $categorySource : null; $categories = self::getCategories($categorySource); + $categorySource = Security::remove_XSS($categorySource); if (count($categories) > 0) { $table = new HTML_Table(['class' => 'data_table']); @@ -676,51 +676,6 @@ class CourseCategory return (int) $row['count']; } - /** - * create recursively all categories as option of the select passed in parameter. - * - * @param HTML_QuickForm_Element $element - * @param string $defaultCode the option value to select by default (used mainly for edition of courses) - * @param string $parentCode the parent category of the categories added (default=null for root category) - * @param string $padding the indent param (you shouldn't indicate something here) - */ - public static function setCategoriesInForm( - $element, - $defaultCode = null, - $parentCode = null, - $padding = null - ) { - $tbl_category = Database::get_main_table(TABLE_MAIN_CATEGORY); - - $table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE_CATEGORY); - $conditions = " INNER JOIN $table a ON (c.id = a.course_category_id)"; - $whereCondition = " AND a.access_url_id = ".api_get_current_access_url_id(); - - $sql = "SELECT code, name, auth_course_child, auth_cat_child - FROM $tbl_category c - $conditions - WHERE parent_id ".(empty($parentCode) ? "IS NULL" : "='".Database::escape_string($parentCode)."'")." - $whereCondition - ORDER BY name, code"; - $res = Database::query($sql); - - while ($cat = Database::fetch_array($res, 'ASSOC')) { - $params = $cat['auth_course_child'] == 'TRUE' ? '' : 'disabled'; - $params .= ($cat['code'] == $defaultCode) ? ' selected' : ''; - $option = $padding.' '.$cat['name'].' ('.$cat['code'].')'; - - $element->addOption($option, $cat['code'], $params); - if ($cat['auth_cat_child'] == 'TRUE') { - self::setCategoriesInForm( - $element, - $defaultCode, - $cat['code'], - $padding.' - ' - ); - } - } - } - /** * @param array $list * @@ -778,33 +733,6 @@ class CourseCategory return Database::store_result($result, 'ASSOC'); } - /** - * @param array $list - * - * @return array - */ - public static function searchCategoryById($list) - { - if (empty($list)) { - return []; - } else { - $list = array_map('intval', $list); - $list = implode("','", $list); - } - - $tableCategory = Database::get_main_table(TABLE_MAIN_CATEGORY); - - $table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE_CATEGORY); - $conditions = " INNER JOIN $table a ON (c.id = a.course_category_id)"; - $whereCondition = " AND a.access_url_id = ".api_get_current_access_url_id(); - - $sql = "SELECT c.*, c.name as text FROM $tableCategory c $conditions - WHERE c.id IN $list $whereCondition"; - $result = Database::query($sql); - - return Database::store_result($result, 'ASSOC'); - } - /** * Get Pagination HTML div. * diff --git a/main/inc/lib/course_description.lib.php b/main/inc/lib/course_description.lib.php index 896500fd38..f0190fd0b8 100755 --- a/main/inc/lib/course_description.lib.php +++ b/main/inc/lib/course_description.lib.php @@ -248,44 +248,6 @@ class CourseDescription return $last_id > 0 ? 1 : 0; } - /** - * Insert a row like history inside track_e_item_property table - * first you must set description_type, title, content, progress and - * session_id properties with the object CourseDescription. - * - * @param int $description_type - * - * @return int affected rows - */ - public function insert_stats($description_type) - { - $table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ITEM_PROPERTY); - $description_id = $this->get_id_by_description_type($description_type); - $course_id = api_get_course_int_id(); - $course_code = api_get_course_id(); - $item_property_id = api_get_item_property_id( - $course_code, - TOOL_COURSE_DESCRIPTION, - $description_id - ); - - $params = [ - 'c_id' => api_get_course_int_id(), - 'course_id' => $course_id, - 'item_property_id' => $item_property_id, - 'title' => $this->title, - 'content' => $this->content, - 'progress' => $this->progress, - 'lastedit_date' => api_get_utc_datetime(), - 'lastedit_user_id' => api_get_user_id(), - 'session_id' => $this->session_id, - ]; - - $result = Database::insert($table, $params); - - return $result ? 1 : 0; - } - /** * Update a description, first you must set description_type, title, content, progress * and session_id properties with the object CourseDescription. @@ -358,29 +320,6 @@ class CourseDescription return $affected_rows; } - /** - * Get description id by description type. - * - * @param int $description_type - * - * @return int description id - */ - public function get_id_by_description_type($description_type) - { - $table = Database::get_course_table(TABLE_COURSE_DESCRIPTION); - $course_id = api_get_course_int_id(); - - $sql = "SELECT id FROM $table - WHERE - c_id = $course_id AND - description_type = '".intval($description_type)."'"; - $rs = Database::query($sql); - $row = Database::fetch_array($rs); - $description_id = $row['id']; - - return $description_id; - } - /** * Get description titles by default. * diff --git a/main/inc/lib/groupmanager.lib.php b/main/inc/lib/groupmanager.lib.php index b9579be174..9b8b4a9549 100755 --- a/main/inc/lib/groupmanager.lib.php +++ b/main/inc/lib/groupmanager.lib.php @@ -2052,32 +2052,6 @@ class GroupManager return $groups; } - /** - * Remove all users that are not students and all users who have tutor status - * from the list. - * - * @param array $user_array_in - * - * @return array - */ - public static function filter_only_students($user_array_in) - { - $user_array_out = []; - foreach ($user_array_in as $this_user) { - if (api_get_session_id()) { - if ($this_user['status_session'] == 0) { - $user_array_out[] = $this_user; - } - } else { - if ($this_user['status_rel'] == STUDENT) { - $user_array_out[] = $this_user; - } - } - } - - return $user_array_out; - } - /** * Check if a user has access to a certain group tool. * @@ -2278,45 +2252,6 @@ class GroupManager return $groups; } - /** - * @param array $userList - * @param array $groupInfo - * - * @return mixed - */ - public static function getNumberLeftFromGroupFromUserList($userList, $groupInfo) - { - $groupIid = (int) $groupInfo['iid']; - $category = self::get_category_from_group($groupIid); - $number_groups_per_user = $groupInfo['maximum_number_of_students']; - $categoryId = 0; - if ($category) { - $groups_per_user = $category['groups_per_user']; - $number_groups_per_user = $groups_per_user == self::GROUP_PER_MEMBER_NO_LIMIT ? self::INFINITE : $groups_per_user; - $categoryId = $category['id']; - } - - $usersAdded = []; - foreach ($userList as &$userInfo) { - // find # of groups the user is enrolled in - $numberOfGroups = self::user_in_number_of_groups( - $userInfo['user_id'], - $categoryId - ); - - if (in_array($userInfo['user_id'], $usersAdded)) { - continue; - } - - $usersAdded[] = $userInfo['user_id']; - - // add # of groups to user list - $userInfo['number_groups_left'] = $number_groups_per_user - $numberOfGroups; - } - - return $userList; - } - /** * @param array $group_list * @param int $category_id diff --git a/main/inc/lib/link.lib.php b/main/inc/lib/link.lib.php index d2a1254d44..7dc9ae447f 100755 --- a/main/inc/lib/link.lib.php +++ b/main/inc/lib/link.lib.php @@ -579,7 +579,6 @@ class Link extends Model 'display_order' => $max_display_order, 'on_homepage' => $values['on_homepage'], 'target' => $values['target'], - 'category_id' => $values['category_id'], ]; Database::update( @@ -861,7 +860,6 @@ class Link extends Model 'LinkCategoryAdded', api_get_user_id() ); - //api_set_default_visibility($category['id'], TOOL_LINK_CATEGORY); } } @@ -1433,81 +1431,6 @@ class Link extends Model return $rv; } - /** - * CSV file import functions. - * - * @author René Haentjens , Ghent University - */ - public static function import_link($linkdata) - { - // url, category_id, title, description, ... - // Field names used in the uploaded file - $known_fields = [ - 'url', - 'category', - 'title', - 'description', - 'on_homepage', - 'hidden', - ]; - - $hide_fields = [ - 'kw', - 'kwd', - 'kwds', - 'keyword', - 'keywords', - ]; - - // All other fields are added to description, as "name:value". - // Only one hide_field is assumed to be present, <> is removed from value. - if (!($url = trim($linkdata['url'])) || !($title = trim($linkdata['title']))) { - return 0; // 0 = fail - } - - $cat = ($catname = trim($linkdata['category'])) ? self::get_cat($catname) : 0; - - $regs = []; // Will be passed to ereg() - $d = ''; - foreach ($linkdata as $key => $value) { - if (!in_array($key, $known_fields)) { - if (in_array($key, $hide_fields) && ereg( - '^]*)>?$', - $value, - $regs - ) - ) { // possibly in <...> - if (($kwlist = trim($regs[1])) != '') { - $kw = ''; - } else { - $kw = ''; - } - // i.e. assume only one of the $hide_fields will be present - // and if found, hide the value as expando property of an tag - } elseif (trim($value)) { - $d .= ', '.$key.':'.$value; - } - } - } - if (!empty($d)) { - $d = substr($d, 2).' - '; - } - - return self::put_link( - $url, - $cat, - $title, - $kw.ereg_replace( - '\[((/?(b|big|i|small|sub|sup|u))|br/)\]', - '<\\1>', - htmlspecialchars($d.$linkdata['description']) - ).($kw ? '' : ''), - $linkdata['on_homepage'] ? '1' : '0', - $linkdata['hidden'] ? '1' : '0' - ); - // i.e. allow some BBcode tags, e.g. [b]...[/b] - } - /** * This function checks if the url is a vimeo link. * @@ -1517,7 +1440,7 @@ class Link extends Model */ public static function isVimeoLink($url) { - $isLink = strrpos($url, "vimeo.com"); + $isLink = strrpos($url, 'vimeo.com'); return $isLink; } @@ -1556,9 +1479,9 @@ class Link extends Model */ public static function is_youtube_link($url) { - $is_youtube_link = strrpos($url, "youtube") || strrpos( + $is_youtube_link = strrpos($url, 'youtube') || strrpos( $url, - "youtu.be" + 'youtu.be' ); return $is_youtube_link; @@ -1643,9 +1566,7 @@ class Link extends Model $show = 'none', $token = null ) { - $tbl_link = Database::get_course_table(TABLE_LINK); - $tblCIP = Database::get_course_table(TABLE_ITEM_PROPERTY); - $categoryId = intval($categoryId); + $categoryId = (int) $categoryId; /* Action Links */ echo '
'; @@ -1870,6 +1791,9 @@ class Link extends Model */ public static function getCategoryForm($id, $action) { + $id = (int) $id; + $action = Security::remove_XSS($action); + $form = new FormValidator( 'category', 'post', @@ -1902,7 +1826,7 @@ class Link extends Model public static function getCategory($id) { $table = Database::get_course_table(TABLE_LINK_CATEGORY); - $id = intval($id); + $id = (int) $id; $courseId = api_get_course_int_id(); if (empty($id) || empty($courseId)) { diff --git a/main/inc/lib/message.lib.php b/main/inc/lib/message.lib.php index d39de3fa62..be561dc9d8 100755 --- a/main/inc/lib/message.lib.php +++ b/main/inc/lib/message.lib.php @@ -971,35 +971,6 @@ class MessageManager } } - /** - * update messages by user id and message id. - * - * @param int $user_id - * @param int $message_id - * - * @return bool - */ - public static function update_message($user_id, $message_id) - { - $user_id = (int) $user_id; - $message_id = (int) $message_id; - - if (empty($user_id) || empty($message_id)) { - return false; - } - - $table = Database::get_main_table(TABLE_MESSAGE); - $sql = "UPDATE $table SET - msg_status = '".MESSAGE_STATUS_NEW."' - WHERE - msg_status <> ".MESSAGE_STATUS_OUTBOX." AND - user_receiver_id = ".$user_id." AND - id = '".$message_id."'"; - Database::query($sql); - - return true; - } - /** * @param int $user_id * @param int $message_id @@ -1026,31 +997,6 @@ class MessageManager Database::query($sql); } - /** - * get messages by user id and message id. - * - * @param int $user_id - * @param int $message_id - * - * @return array - */ - public static function get_message_by_user($user_id, $message_id) - { - $user_id = (int) $user_id; - $message_id = (int) $message_id; - - if (empty($user_id) || empty($message_id)) { - return false; - } - - $table = Database::get_main_table(TABLE_MESSAGE); - $query = "SELECT * FROM $table - WHERE user_receiver_id=".$user_id." AND id='".$message_id."'"; - $result = Database::query($query); - - return $row = Database::fetch_array($result); - } - /** * get messages by group id. * @@ -1988,19 +1934,6 @@ class MessageManager } } - /** - * Sort date by desc from a multi-dimensional array. - * - * @param array $array1 first array to compare - * @param array $array2 second array to compare - * - * @return bool - */ - public function order_desc_date($array1, $array2) - { - return strcmp($array2['send_date'], $array1['send_date']); - } - /** * @param int $messageId * @@ -2299,44 +2232,6 @@ class MessageManager return $html; } - /** - * Get the count of the last received messages for a user. - * - * @param int $userId The user id - * @param int $lastId The id of the last received message - * - * @return int The count of new messages - */ - public static function countMessagesFromLastReceivedMessage($userId, $lastId = 0) - { - $userId = intval($userId); - $lastId = intval($lastId); - - if (empty($userId)) { - return 0; - } - - $messagesTable = Database::get_main_table(TABLE_MESSAGE); - - $conditions = [ - 'where' => [ - 'user_receiver_id = ?' => $userId, - 'AND msg_status = ?' => MESSAGE_STATUS_UNREAD, - 'AND id > ?' => $lastId, - ], - ]; - - $result = Database::select('COUNT(1) AS qty', $messagesTable, $conditions); - - if (!empty($result)) { - $row = current($result); - - return $row['qty']; - } - - return 0; - } - /** * Get the data of the last received messages for a user. * diff --git a/main/inc/lib/notification.lib.php b/main/inc/lib/notification.lib.php index a2f870f544..5d5e384d41 100644 --- a/main/inc/lib/notification.lib.php +++ b/main/inc/lib/notification.lib.php @@ -450,25 +450,6 @@ class Notification extends Model $content = $content.'

'.$linkToNewMessage; } - /*$courseInfo = api_get_course_info(); - // Add course info - if (!empty($courseInfo)) { - $sessionId = api_get_session_id(); - if (empty($sessionId)) { - $courseNotification = sprintf(get_lang('ThisEmailWasSentViaCourseX'), $courseInfo['title']); - } else { - $sessionInfo = api_get_session_info($sessionId); - if (!empty($sessionInfo)) { - $courseNotification = sprintf( - get_lang('ThisEmailWasSentViaCourseXInSessionX'), - $courseInfo['title'], - $sessionInfo['title'] - ); - } - } - $content = $content.'

'.$courseNotification; - }*/ - // You have received this message because you are subscribed text $content = $content.'
'. sprintf(