chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Checking recent merges: adding Database::escape_string()

Browse Source
1.9.x
Julio Montoya 12 years ago
parent 6ae01713b5
commit ae7c37c20c
1 changed files with 36 additions and 44 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 80
      main/inc/ajax/course.ajax.php

80
main/inc/ajax/course.ajax.php
Unescape View File

@ -57,7 +57,7 @@ switch ($action) {
if (!empty($_GET['session_id']) && intval($_GET['session_id'])) {
//if session is defined, lets find only courses of this session
$courseList = SessionManager::get_course_list_by_session_id(
intval($_GET['session_id']),
$_GET['session_id'],
$_GET['q']
);
} else {
@ -101,8 +101,7 @@ switch ($action) {
}
break;
case 'search_course_by_session':
if (api_is_platform_admin())
{
if (api_is_platform_admin()) {
$results = SessionManager::get_course_list_by_session_id($_GET['session_id'], $_GET['q']);
//$results = SessionManager::get_sessions_list(array('s.name LIKE' => "%".$_REQUEST['q']."%"));
@ -127,15 +126,12 @@ switch ($action) {
}
break;
case 'search_course_by_session_all':
if (api_is_platform_admin())
{
if (api_is_platform_admin()) {
if ($_GET['session_id'] == 'TODOS' || $_GET['session_id'] == 'T') {
$_GET['session_id'] = '%';
}
$results = SessionManager::get_course_list_by_session_id_like($_GET['session_id'], $_GET['q']);
//$results = SessionManager::get_sessions_list(array('s.name LIKE' => "%".$_REQUEST['q']."%"));
$results = SessionManager::get_course_list_by_session_id_like($_GET['session_id'], $_GET['q']);
$results2 = array();
if (!empty($results)) {
foreach ($results as $item) {
@ -155,16 +151,15 @@ switch ($action) {
echo json_encode(array());
}
}
break;
break;
case 'search_user_by_course':
if (api_is_platform_admin())
{
if (api_is_platform_admin()) {
$user = Database :: get_main_table(TABLE_MAIN_USER);
$session_course_user = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
$course = api_get_course_info_by_id($_GET['course_id']);
$sql = "SELECT u.user_id as id, u.username, u.lastname, u.firstname
$sql = "SELECT u.user_id as id, u.username, u.lastname, u.firstname
FROM $user u
INNER JOIN $session_course_user r ON u.user_id = r.id_user
WHERE id_session = %d AND course_code = '%s'
@ -173,66 +168,63 @@ switch ($action) {
$sql_query = sprintf($sql, $_GET['session_id'], $course['code'], $needle, $needle, $needle);
$result = Database::query($sql_query);
while ($user = Database::fetch_assoc($result))
{
while ($user = Database::fetch_assoc($result)) {
$data[] = array('id' => $user['id'], 'text' => $user['username'] . ' (' . $user['firstname'] . ' ' . $user['lastname'] . ')');
}
if (!empty($data))
{
if (!empty($data)) {
echo json_encode($data);
} else
{
} else {
echo json_encode(array());
}
}
break;
case 'search_exercise_by_course':
if (api_is_platform_admin()) {
$course = api_get_course_info_by_id($_GET['course_id']);
require_once api_get_path(SYS_CODE_PATH).'exercice/exercise.lib.php';
$session_id = (!empty($_GET['session_id'])) ? intval($_GET['session_id']) : 0 ;
$exercises = get_all_exercises($course, $session_id, false, $_GET['q'], true, 3);
foreach ($exercises as $exercise) {
//if (api_get_item_visibility($course, 'quiz', $exercise['id'])) {
$data[] = array('id' => $exercise['id'], 'text' => html_entity_decode($exercise['title']) );
//}
$data[] = array('id' => $exercise['id'], 'text' => html_entity_decode($exercise['title']) );
}
if (!empty($data))
{
if (!empty($data)) {
$data[] = array('id' => 'T', 'text' => 'TODOS');
echo json_encode($data);
} else
{
} else {
echo json_encode(array(array('id' => 'T', 'text' => 'TODOS')));
}
}
break;
case 'search_survey_by_course':
if (api_is_platform_admin())
{
$survey = Database :: get_course_table(TABLE_SURVEY);
$sql = "SELECT survey_id as id, title, anonymous
FROM $survey
WHERE c_id = %d
AND session_id = %d
AND title LIKE '%s'";
if (api_is_platform_admin()) {
$survey = Database :: get_course_table(TABLE_SURVEY);
$sql_query = sprintf($sql, intval($_GET['course_id']), intval($_GET['session_id']), '%' . $_GET['q'] .'%');
$sql = "SELECT survey_id as id, title, anonymous
FROM $survey
WHERE
c_id = %d AND
session_id = %d AND
title LIKE '%s'";
$sql_query = sprintf(
$sql,
intval($_GET['course_id']),
intval($_GET['session_id']),
'%' . Database::escape_string($_GET['q']).'%'
);
$result = Database::query($sql_query);
while ($survey = Database::fetch_assoc($result))
{
$survey['title'] .= ($survey['anonymous'] == 1) ? ' (' . get_lang('Anonymous') . ')': '';
$data[] = array('id' => $survey['id'], 'text' => strip_tags(html_entity_decode($survey['title'])));
while ($survey = Database::fetch_assoc($result)) {
$survey['title'] .= ($survey['anonymous'] == 1) ? ' (' . get_lang('Anonymous') . ')' : '';
$data[] = array(
'id' => $survey['id'],
'text' => strip_tags(html_entity_decode($survey['title']))
);
}
if (!empty($data))
{
if (!empty($data)) {
echo json_encode($data);
} else
{
} else {
echo json_encode(array());
}
}

Write Preview
Loading…
Cancel
Save