From b25d4a64543f20b3cfb162f40cc10569c4b9b179 Mon Sep 17 00:00:00 2001 From: Yannick Warnier Date: Tue, 12 Dec 2017 17:18:03 -0500 Subject: [PATCH] Learnpath: Replace references to c_lp_view.id by c_lp_view.iid #dangerous - refs #2016 --- main/lp/learnpath.class.php | 4 ++-- main/lp/learnpathItem.class.php | 2 +- main/lp/lp_build.php | 6 +++--- main/lp/lp_edit_item_prereq.php | 4 ---- main/lp/lp_move_item.php | 7 +------ main/lp/lp_view_item.php | 7 +------ 6 files changed, 8 insertions(+), 22 deletions(-) diff --git a/main/lp/learnpath.class.php b/main/lp/learnpath.class.php index c957ecceb5..f5189ac5b8 100755 --- a/main/lp/learnpath.class.php +++ b/main/lp/learnpath.class.php @@ -3776,7 +3776,7 @@ class learnpath $course_id = api_get_course_int_id(); $sessionId = api_get_session_id(); - $sql = "SELECT id, view_count FROM $lp_view_table + $sql = "SELECT iid, view_count FROM $lp_view_table WHERE c_id = $course_id AND lp_id = " . $this->get_id()." AND @@ -3787,7 +3787,7 @@ class learnpath $res = Database::query($sql); if (Database::num_rows($res) > 0) { $row = Database::fetch_array($res); - $this->lp_view_id = $row['id']; + $this->lp_view_id = $row['iid']; } elseif (!api_is_invitee()) { // There is no database record, create one. $sql = "INSERT INTO $lp_view_table (c_id, lp_id, user_id, view_count, session_id) VALUES diff --git a/main/lp/learnpathItem.class.php b/main/lp/learnpathItem.class.php index 4570f1e571..93c6f57631 100755 --- a/main/lp/learnpathItem.class.php +++ b/main/lp/learnpathItem.class.php @@ -2523,7 +2523,7 @@ class learnpathItem TABLE_LP_VIEW ); - $sql = 'SELECT id FROM '.$lp_view.' + $sql = 'SELECT iid FROM '.$lp_view.' WHERE c_id = ' . $course_id.' AND user_id = ' . $user_id.' AND diff --git a/main/lp/lp_build.php b/main/lp/lp_build.php index 8ceb1a6922..c9803b2068 100755 --- a/main/lp/lp_build.php +++ b/main/lp/lp_build.php @@ -39,15 +39,15 @@ $course_id = api_get_course_int_id(); if ($learnpath_id == 0) { $is_new = true; - $sql = "SELECT id FROM $tbl_lp + $sql = "SELECT iid FROM $tbl_lp WHERE c_id = $course_id ORDER BY id DESC LIMIT 0, 1"; $result = Database::query($sql); $row = Database::fetch_array($result); - $learnpath_id = $row['id']; + $learnpath_id = $row['iid']; } -$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id"; +$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND iid = $learnpath_id"; $result = Database::query($sql_query); $therow = Database::fetch_array($result); diff --git a/main/lp/lp_edit_item_prereq.php b/main/lp/lp_edit_item_prereq.php index 768ef238b6..fb940c15a4 100755 --- a/main/lp/lp_edit_item_prereq.php +++ b/main/lp/lp_edit_item_prereq.php @@ -19,10 +19,6 @@ api_protect_course_script(); /* Constants and variables */ $is_allowed_to_edit = api_is_allowed_to_edit(null, true); -$tbl_lp = Database::get_course_table(TABLE_LP_MAIN); -$tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM); -$tbl_lp_view = Database::get_course_table(TABLE_LP_VIEW); - $isStudentView = isset($_REQUEST['isStudentView']) ? (int) $_REQUEST['isStudentView'] : null; $learnpath_id = isset($_REQUEST['lp_id']) ? (int) $_REQUEST['lp_id'] : null; $submit = isset($_POST['submit_button']) ? $_POST['submit_button'] : null; diff --git a/main/lp/lp_move_item.php b/main/lp/lp_move_item.php index c64986c90a..d2b939c446 100755 --- a/main/lp/lp_move_item.php +++ b/main/lp/lp_move_item.php @@ -53,10 +53,6 @@ $_SESSION['oLP']->get_js_dropdown_array(). $is_allowed_to_edit = api_is_allowed_to_edit(null, true); -$tbl_lp = Database::get_course_table(TABLE_LP_MAIN); -$tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM); -$tbl_lp_view = Database::get_course_table(TABLE_LP_VIEW); - $isStudentView = isset($_REQUEST['isStudentView']) ? (int) $_REQUEST['isStudentView'] : ''; $learnpath_id = (int) $_REQUEST['lp_id']; $submit = isset($_POST['submit_button']) ? $_POST['submit_button'] : ''; @@ -68,8 +64,7 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) { // From here on, we are admin because of the previous condition, so don't check anymore. $course_id = api_get_course_int_id(); -$sql = "SELECT * FROM $tbl_lp - WHERE c_id = $course_id AND id = $learnpath_id"; +$sql = "SELECT * FROM $tbl_lp WHERE iid = $learnpath_id"; $result = Database::query($sql); $therow = Database::fetch_array($result); diff --git a/main/lp/lp_view_item.php b/main/lp/lp_view_item.php index 249fc00f8d..81be1c2d83 100755 --- a/main/lp/lp_view_item.php +++ b/main/lp/lp_view_item.php @@ -50,10 +50,6 @@ $this_section = SECTION_COURSES; /* Constants and variables */ $is_allowed_to_edit = api_is_allowed_to_edit(null, true); -$tbl_lp = Database::get_course_table(TABLE_LP_MAIN); -$tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM); -$tbl_lp_view = Database::get_course_table(TABLE_LP_VIEW); - $isStudentView = (empty($_REQUEST['isStudentView']) ? 0 : (int) $_REQUEST['isStudentView']); $learnpath_id = (int) $_REQUEST['lp_id']; @@ -65,8 +61,7 @@ if ((!$is_allowed_to_edit) || $isStudentView) { // From here on, we are admin because of the previous condition, so don't check anymore. $course_id = api_get_course_int_id(); -$sql = "SELECT * FROM $tbl_lp - WHERE c_id = $course_id AND id = $learnpath_id"; +$sql = "SELECT * FROM $tbl_lp WHERE iid = $learnpath_id"; $result = Database::query($sql); $therow = Database::fetch_array($result);