Learnpath: Replace references to c_lp_view.id by c_lp_view.iid #dangerous - refs #2016

7 years ago · b25d4a6454
parent c4d247af5c
commit b25d4a6454
6 changed files with 8 additions and 22 deletions
--- a/main/lp/learnpath.class.php
+++ b/main/lp/learnpath.class.php
@ -3776,7 +3776,7 @@ class learnpath
        $course_id = api_get_course_int_id();
        $sessionId = api_get_session_id();

-        $sql = "SELECT id, view_count FROM $lp_view_table
+        $sql = "SELECT iid, view_count FROM $lp_view_table
        		WHERE
        		    c_id = $course_id AND
        		    lp_id = " . $this->get_id()." AND
@ -3787,7 +3787,7 @@ class learnpath
        $res = Database::query($sql);
        if (Database::num_rows($res) > 0) {
            $row = Database::fetch_array($res);
-            $this->lp_view_id = $row['id'];
+            $this->lp_view_id = $row['iid'];
        } elseif (!api_is_invitee()) {
            // There is no database record, create one.
            $sql = "INSERT INTO $lp_view_table (c_id, lp_id, user_id, view_count, session_id) VALUES
--- a/main/lp/learnpathItem.class.php
+++ b/main/lp/learnpathItem.class.php
@ -2523,7 +2523,7 @@ class learnpathItem
                                                TABLE_LP_VIEW
                                            );

-                                            $sql = 'SELECT id FROM '.$lp_view.'
+                                            $sql = 'SELECT iid FROM '.$lp_view.'
                                                    WHERE
                                                        c_id = ' . $course_id.' AND
                                                        user_id = ' . $user_id.'  AND
--- a/main/lp/lp_build.php
+++ b/main/lp/lp_build.php
@ -39,15 +39,15 @@ $course_id = api_get_course_int_id();

 if ($learnpath_id == 0) {
    $is_new = true;
-    $sql = "SELECT id FROM $tbl_lp
+    $sql = "SELECT iid FROM $tbl_lp
            WHERE c_id = $course_id 
            ORDER BY id DESC LIMIT 0, 1";
    $result = Database::query($sql);
    $row = Database::fetch_array($result);
-    $learnpath_id = $row['id'];
+    $learnpath_id = $row['iid'];
 }

-$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
+$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND iid = $learnpath_id";

 $result = Database::query($sql_query);
 $therow = Database::fetch_array($result);
--- a/main/lp/lp_edit_item_prereq.php
+++ b/main/lp/lp_edit_item_prereq.php
@ -19,10 +19,6 @@ api_protect_course_script();
 /* Constants and variables */
 $is_allowed_to_edit = api_is_allowed_to_edit(null, true);

-$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
-$tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
-$tbl_lp_view = Database::get_course_table(TABLE_LP_VIEW);
-
 $isStudentView = isset($_REQUEST['isStudentView']) ? (int) $_REQUEST['isStudentView'] : null;
 $learnpath_id = isset($_REQUEST['lp_id']) ? (int) $_REQUEST['lp_id'] : null;
 $submit = isset($_POST['submit_button']) ? $_POST['submit_button'] : null;
--- a/main/lp/lp_move_item.php
+++ b/main/lp/lp_move_item.php
@ -53,10 +53,6 @@ $_SESSION['oLP']->get_js_dropdown_array().

 $is_allowed_to_edit = api_is_allowed_to_edit(null, true);

-$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
-$tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
-$tbl_lp_view = Database::get_course_table(TABLE_LP_VIEW);
-
 $isStudentView = isset($_REQUEST['isStudentView']) ? (int) $_REQUEST['isStudentView'] : '';
 $learnpath_id = (int) $_REQUEST['lp_id'];
 $submit = isset($_POST['submit_button']) ? $_POST['submit_button'] : '';
@ -68,8 +64,7 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
 // From here on, we are admin because of the previous condition, so don't check anymore.

 $course_id = api_get_course_int_id();
-$sql = "SELECT * FROM $tbl_lp
-        WHERE c_id = $course_id AND id = $learnpath_id";
+$sql = "SELECT * FROM $tbl_lp WHERE iid = $learnpath_id";

 $result = Database::query($sql);
 $therow = Database::fetch_array($result);
--- a/main/lp/lp_view_item.php
+++ b/main/lp/lp_view_item.php
@ -50,10 +50,6 @@ $this_section = SECTION_COURSES;
 /* Constants and variables */
 $is_allowed_to_edit = api_is_allowed_to_edit(null, true);

-$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
-$tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
-$tbl_lp_view = Database::get_course_table(TABLE_LP_VIEW);
-
 $isStudentView = (empty($_REQUEST['isStudentView']) ? 0 : (int) $_REQUEST['isStudentView']);
 $learnpath_id = (int) $_REQUEST['lp_id'];

@ -65,8 +61,7 @@ if ((!$is_allowed_to_edit) || $isStudentView) {
 // From here on, we are admin because of the previous condition, so don't check anymore.

 $course_id = api_get_course_int_id();
-$sql = "SELECT * FROM $tbl_lp 
-        WHERE c_id = $course_id AND id = $learnpath_id";
+$sql = "SELECT * FROM $tbl_lp WHERE iid = $learnpath_id";
 $result = Database::query($sql);
 $therow = Database::fetch_array($result);