chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

LPs: Add remove_Xss

Browse Source
pull/3937/head^2
Julio Montoya 4 years ago
parent 78f74d31ea
commit ac1b4725c7
2 changed files with 19 additions and 11 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 21
      main/inc/lib/document.lib.php
  2. 9
      main/lp/learnpath.class.php

21
main/inc/lib/document.lib.php
Unescape View File

@ -6962,7 +6962,7 @@ class DocumentManager
$icon = choose_image($path); $icon = choose_image($path);
$position = strrpos($icon, '.'); $position = strrpos($icon, '.');
$icon = substr($icon, 0, $position).'_small.gif'; $icon = substr($icon, 0, $position).'_small.gif';
$my_file_title = $resource['title']; $my_file_title = Security::remove_XSS($resource['title']);
$visibility = $resource['visibility']; $visibility = $resource['visibility'];
// If title is empty we try to use the path // If title is empty we try to use the path
@ -7083,7 +7083,6 @@ class DocumentManager
return null; return null;
} }
//$onclick = '';
// if in LP, hidden folder are displayed in grey // if in LP, hidden folder are displayed in grey
$folder_class_hidden = ''; $folder_class_hidden = '';
if ($lp_id) { if ($lp_id) {
@ -7098,15 +7097,27 @@ class DocumentManager
$return = '<ul class="lp_resource">'; $return = '<ul class="lp_resource">';
} }
$return .= '<li class="doc_folder'.$folder_class_hidden.'" id="doc_id_'.$resource['id'].'" style="margin-left:'.($num * 18).'px; ">'; $return .= '<li
class="doc_folder'.$folder_class_hidden.'"
id="doc_id_'.$resource['id'].'"
style="margin-left:'.($num * 18).'px;"
>';
$image = Display::returnIconPath('nolines_plus.gif'); $image = Display::returnIconPath('nolines_plus.gif');
if (empty($path)) { if (empty($path)) {
$image = Display::returnIconPath('nolines_minus.gif'); $image = Display::returnIconPath('nolines_minus.gif');
} }
$return .= '<img style="cursor: pointer;" src="'.$image.'" align="absmiddle" id="img_'.$resource['id'].'" '.$onclick.'>'; $return .= '<img
style="cursor: pointer;"
src="'.$image.'"
align="absmiddle"
id="img_'.$resource['id'].'" '.$onclick.'
>';
$return .= Display::return_icon('lp_folder.gif').'&nbsp;'; $return .= Display::return_icon('lp_folder.gif').'&nbsp;';
$return .= '<span '.$onclick.' style="cursor: pointer;" >'.$title.'</span>'; $return .= '<span '.$onclick.' style="cursor: pointer;" >'.
Security::remove_XSS($title).
'</span>';
$return .= '</li>'; $return .= '</li>';
if (empty($path)) { if (empty($path)) {

9
main/lp/learnpath.class.php
Unescape View File

@ -3539,7 +3539,7 @@ class learnpath
*/ */
public function getNameNoTags() public function getNameNoTags()
{ {
return strip_tags($this->get_name()); return Security::remove_XSS(strip_tags($this->get_name()));
} }
/** /**
@ -6642,7 +6642,7 @@ class learnpath
$list .= '</ul>'; $list .= '</ul>';
$return = Display::panelCollapse( $return = Display::panelCollapse(
$this->name, $this->getNameNoTags(),
$list, $list,
'scorm-list', 'scorm-list',
null, null,
@ -7585,7 +7585,6 @@ class learnpath
]; ];
$xApiPlugin = XApiPlugin::create(); $xApiPlugin = XApiPlugin::create();
if ($xApiPlugin->isEnabled()) { if ($xApiPlugin->isEnabled()) {
$headers[] = Display::return_icon( $headers[] = Display::return_icon(
'import_scorm.png', 'import_scorm.png',
@ -13171,9 +13170,7 @@ EOD;
$form->addHidden('action', 'add_final_item'); $form->addHidden('action', 'add_final_item');
$form->addHidden('path', Session::read('pathItem')); $form->addHidden('path', Session::read('pathItem'));
$form->addHidden('previous', $this->get_last()); $form->addHidden('previous', $this->get_last());
$form->setDefaults( $form->setDefaults(['title' => $title, 'content_lp_certificate' => $content]);
['title' => $title, 'content_lp_certificate' => $content]
);
if ($form->validate()) { if ($form->validate()) {
$values = $form->exportValues(); $values = $form->exportValues();

Write Preview
Loading…
Cancel
Save