From b2e8ccc1f6f6c84cd2d64180c8f120dc842e45da Mon Sep 17 00:00:00 2001 From: Julio Date: Fri, 25 Aug 2017 08:21:46 +0200 Subject: [PATCH] Fix no access to exercise see BT#13236 --- main/exercise/exercise_reminder.php | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/main/exercise/exercise_reminder.php b/main/exercise/exercise_reminder.php index 0da789a5c6..4df891e081 100755 --- a/main/exercise/exercise_reminder.php +++ b/main/exercise/exercise_reminder.php @@ -22,13 +22,8 @@ if ($debug > 0) { } // general parameters passed via POST/GET -if (empty($origin)) { - if (!empty($_REQUEST['origin'])) { - $origin = Security::remove_XSS($_REQUEST['origin']); - } else { - $origin = ''; - } -} +$origin = api_get_origin(); + if (empty($learnpath_id)) { if (!empty($_REQUEST['learnpath_id'])) { $learnpath_id = intval($_REQUEST['learnpath_id']); @@ -97,9 +92,16 @@ if ($time_control) { $htmlHeadXtra[] = $objExercise->show_time_control_js($time_left); } +$exe_id = 0; +if (isset($_GET['exe_id'])) { + $exe_id = (int) $_GET['exe_id']; + $_SESSION['exe_id'] = $exe_id; +} + if (isset($_SESSION['exe_id'])) { $exe_id = intval($_SESSION['exe_id']); } + $exercise_stat_info = $objExercise->get_stat_track_exercise_info_by_exe_id($exe_id); if (!empty($exercise_stat_info['data_tracking'])) { $question_list = explode(',', $exercise_stat_info['data_tracking']); @@ -124,8 +126,10 @@ if ($origin != 'learnpath') { // I'm in a preview mode as course admin. Display the action menu. if (api_is_course_admin() && $origin != 'learnpath') { echo '
'; - echo ''.Display::return_icon('back.png', get_lang('GoBackToQuestionList'), array(), 32).''; - echo ''.Display::return_icon('edit.png', get_lang('ModifyExercise'), array(), 32).''; + echo ''. + Display::return_icon('back.png', get_lang('GoBackToQuestionList'), array(), 32).''; + echo ''. + Display::return_icon('edit.png', get_lang('ModifyExercise'), array(), 32).''; echo '
'; } echo Display::page_header(get_lang('QuestionsToReview')); @@ -156,7 +160,7 @@ echo '