Cleaning code, adding Security::remove_XSS, intval functions

main/gradebook/gradebook_edit_all.php

@@ -157,7 +157,7 @@ if ($my_api_cidreq=='') {
 }
 ?>
 <div class="actions">
-<a href="<?php echo $_SESSION['gradebook_dest'].'?id_session='.$_SESSION['id_session'].'&amp;'.$my_api_cidreq ?>&selectcat=<?php echo $category_id ?>"> <?php echo Display::return_icon('back.png',get_lang('FolderView')) . get_lang('FolderView') ?></a>
+<a href="<?php echo Security::remove_XSS($_SESSION['gradebook_dest']).'?id_session='.api_get_session_id().'&amp;'.$my_api_cidreq ?>&selectcat=<?php echo $category_id ?>"> <?php echo Display::return_icon('back.png',get_lang('FolderView')) . get_lang('FolderView') ?></a>
 </div>
 <form method="post" action="gradebook_edit_all.php?id_session=<?php echo $_SESSION['id_session'].'&amp;'.$my_api_cidreq ?>&selectcat=<?php echo $category_id?>">
 <table class="data_table">

main/gradebook/index.php

@@ -714,7 +714,7 @@ if (isset ($_GET['studentoverview'])) {
 		$pdf->ezText($organization_name,22,array('justification'=>'left'));
 		$pdf->ezSetY(580);
 		$pdf->ezText($portal_name,22,array('justification'=>'right'));
-		$pdf->ezStream();
+		$pdf->ezStream();*/
 	}
 	exit;
 } else { //in any other case (no search, no pdf), print the available gradebooks

main/gradebook/lib/be/abstractlink.class.php

@@ -166,7 +166,7 @@ abstract class AbstractLink implements GradebookItem
 			$sql .= ' visible = '.intval($visible);
 			$paramcount ++;
 		}
-
+		
 		$result = Database::query($sql);
 		$links = AbstractLink::create_objects_from_sql_result($result);
 		return $links;

main/gradebook/lib/be/evaluation.class.php

@@ -131,7 +131,7 @@ class Evaluation implements GradebookItem
 	public function load ($id = null, $user_id = null, $course_code = null, $category_id = null, $visible = null)
 	{
     	$tbl_grade_evaluations = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_EVALUATION);
-		$sql='SELECT id,name,description,user_id,course_code,category_id,date,weight,max,visible,type FROM '.$tbl_grade_evaluations;
+		$sql='SELECT id,name,description,user_id,course_code,category_id,created_at,weight,max,visible,type FROM '.$tbl_grade_evaluations;
 		$paramcount = 0;
 		if (isset ($id)) {
 			$sql.= ' WHERE id = '.intval($id);
@@ -161,7 +161,7 @@ class Evaluation implements GradebookItem
 			$sql .= ' visible = '.intval($visible);
 			$paramcount ++;
 		}
-
+		
 		$result = Database::query($sql);
 		$alleval = Evaluation::create_evaluation_objects_from_sql_result($result);
 		return $alleval;

main/gradebook/lib/be/linkfactory.class.php

@@ -6,13 +6,14 @@
 // - add include
 // - change create() and get_all_types()
 // Please do not change existing values, they are used in the database !
-define('LINK_EXERCISE',		1);
-define('LINK_DROPBOX',2);
-define('LINK_STUDENTPUBLICATION',3);
-define('LINK_LEARNPATH',4);
-define('LINK_FORUM_THREAD',5);
+define('LINK_EXERCISE',				1);
+define('LINK_DROPBOX',				2);
+define('LINK_STUDENTPUBLICATION',	3);
+define('LINK_LEARNPATH',			4);
+define('LINK_FORUM_THREAD',			5);
 //define('LINK_WORK',6);
-define('LINK_ATTENDANCE',7);
+define('LINK_ATTENDANCE',			7);
+
 require_once 'gradebookitem.class.php';
 require_once 'abstractlink.class.php';
 require_once 'exerciselink.class.php';
@@ -22,6 +23,7 @@ require_once 'studentpublicationlink.class.php';
 require_once 'learnpathlink.class.php';
 require_once 'forumthreadlink.class.php';
 require_once 'attendancelink.class.php';
+
 /**
  * Factory for link objects
  * @author Bert Steppé