chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use api_get_origin()

Browse Source 
- Remove 'origin' parameter from url (already added by api_get_cidreq)
- Remove double use of intval
- Use api_get_group_id() instead of $origin == 'group'
  to detect were are in a group space.
pull/2487/head
jmontoyaa 9 years ago
parent 6a3ee006f7
commit b3cd32a437
16 changed files with 55 additions and 108 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      main/forum/editpost.php
  2. 5
      main/forum/editthread.php
  3. 6
      main/forum/forumqualify.php
  4. 5
      main/forum/forumsearch.php
  5. 7
      main/forum/newthread.php
  6. 21
      main/forum/reply.php
  7. 46
      main/forum/viewforum.php
  8. 6
      main/forum/viewforumcategory.php
  9. 11
      main/forum/viewpost.php
  10. 7
      main/forum/viewthread.php
  11. 15
      main/forum/viewthread_flat.inc.php
  12. 6
      main/forum/viewthread_nested.inc.php
  13. 8
      main/forum/viewthread_threaded.inc.php
  14. 5
      main/group/group_overview.php
  15. 8
      main/group/group_space.php
  16. 2
      main/work/work.lib.php

5
main/forum/editpost.php
Unescape View File

@ -40,10 +40,7 @@ require_once 'forumconfig.inc.php';
require_once 'forumfunction.inc.php';
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$origin = api_get_origin();
/* MAIN DISPLAY SECTION */

5
main/forum/editthread.php
Unescape View File

@ -24,10 +24,7 @@ require_once 'forumconfig.inc.php';
require_once 'forumfunction.inc.php';
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$origin = api_get_origin();
/* MAIN DISPLAY SECTION */
$currentForum = get_forum_information($_GET['forum']);

6
main/forum/forumqualify.php
Unescape View File

@ -12,13 +12,9 @@ require_once 'forumfunction.inc.php';
$nameTools = get_lang('ToolForum');
$this_section = SECTION_COURSES;
$message = '';
//are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$origin = api_get_origin();
$currentUserId = api_get_user_id();
$userIdToQualify = isset($_GET['user_id']) ? intval($_GET['user_id']) : null;

5
main/forum/forumsearch.php
Unescape View File

@ -34,10 +34,7 @@ include 'forumfunction.inc.php';
include 'forumconfig.inc.php';
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$origin = api_get_origin();
// Name of the tool
$nameTools = get_lang('ToolForum');

7
main/forum/newthread.php
Unescape View File

@ -40,10 +40,7 @@ require_once 'forumconfig.inc.php';
require_once 'forumfunction.inc.php';
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$origin = api_get_origin();
/* MAIN DISPLAY SECTION */
$current_forum = get_forum_information($_GET['forum']);
@ -168,7 +165,7 @@ if ($form) {
$form->display();
}
if (isset($origin) && $origin == 'learnpath') {
if ($origin == 'learnpath') {
Display::display_reduced_footer();
} else {
Display::display_footer();

21
main/forum/reply.php
Unescape View File

@ -26,12 +26,7 @@ $this_section = SECTION_COURSES;
api_protect_course_script(true);
$nameTools = get_lang('ForumCategories');
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
$origin_string = '&origin='.$origin;
}
$origin = api_get_origin();
/* Including necessary files */
require_once 'forumconfig.inc.php';
@ -95,9 +90,9 @@ if (!empty($gradebook) && $gradebook == 'view') {
'name' => get_lang('ToolGradebook')
);
}
if ($origin == 'group') {
$_clean['toolgroup'] = api_get_group_id();
$groupId = api_get_group_id();
if (!empty($groupId)) {
$_clean['toolgroup'] = $groupId;
$group_properties = GroupManager :: get_group_properties($_clean['toolgroup']);
$interbreadcrumb[] = array(
'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(),
@ -110,11 +105,11 @@ if ($origin == 'group') {
);
$interbreadcrumb[] = array(
'url' => api_get_path(WEB_CODE_PATH).'forum/viewforum.php?origin='.$origin.'&forum='.$forumId.'&'.api_get_cidreq(),
'url' => api_get_path(WEB_CODE_PATH).'forum/viewforum.php?forum='.$forumId.'&'.api_get_cidreq(),
'name' => $current_forum['forum_title']
);
$interbreadcrumb[] = array(
'url' => api_get_path(WEB_CODE_PATH).'forum/viewthread.php?origin='.$origin.'&gradebook='.$gradebook.'&forum='.$forumId.'&thread='.$threadId.'&'.api_get_cidreq(),
'url' => api_get_path(WEB_CODE_PATH).'forum/viewthread.php?gradebook='.$gradebook.'&forum='.$forumId.'&thread='.$threadId.'&'.api_get_cidreq(),
'name' => $current_thread['thread_title']
);
@ -132,11 +127,11 @@ if ($origin == 'group') {
'name' => $current_forum_category['cat_title']
);
$interbreadcrumb[] = array(
'url' => api_get_path(WEB_CODE_PATH).'forum/viewforum.php?origin='.$origin.'&forum='.$forumId.'&'.api_get_cidreq(),
'url' => api_get_path(WEB_CODE_PATH).'forum/viewforum.php?forum='.$forumId.'&'.api_get_cidreq(),
'name' => $current_forum['forum_title']
);
$interbreadcrumb[] = array(
'url' => api_get_path(WEB_CODE_PATH).'forum/viewthread.php?origin='.$origin.'&gradebook='.$gradebook.'&forum='.$forumId.'&thread='.$threadId.'&'.api_get_cidreq(),
'url' => api_get_path(WEB_CODE_PATH).'forum/viewthread.php?gradebook='.$gradebook.'&forum='.$forumId.'&thread='.$threadId.'&'.api_get_cidreq(),
'name' => $current_thread['thread_title']
);
$interbreadcrumb[] = array('url' => '#', 'name' => get_lang('Reply'));

46
main/forum/viewforum.php
Unescape View File

@ -36,12 +36,7 @@ $this_section = SECTION_COURSES;
$nameTools = get_lang('ToolForum');
// Are we in a lp ?
$origin = '';
$origin_string = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
$origin_string = '&origin='.$origin;
}
$origin = api_get_origin();
/* Including necessary files */
require 'forumconfig.inc.php';
@ -57,7 +52,7 @@ $isTutor = GroupManager::is_tutor_of_group($userId, $groupInfo['iid'], $courseId
/* MAIN DISPLAY SECTION */
$my_forum = isset($_GET['forum']) ? $_GET['forum'] : '';
$my_forum = isset($_GET['forum']) ? (int) $_GET['forum'] : '';
// Note: This has to be validated that it is an existing forum.
$current_forum = get_forum_information($my_forum);
$isForumOpenByDateAccess = api_is_date_in_date_range($current_forum['start_time'], $current_forum['end_time']);
@ -131,7 +126,7 @@ if (!empty($gradebook) && $gradebook == 'view') {
$forumUrl = api_get_path(WEB_CODE_PATH).'forum/';
if ($origin == 'group') {
if (!empty($groupId)) {
$interbreadcrumb[] = array(
'url' => api_get_path(WEB_CODE_PATH) . 'group/group.php?'.api_get_cidreq(),
'name' => get_lang('Groups')
@ -262,21 +257,21 @@ if (
$table_list = Display::page_subheader(get_lang('ThreadUsersList') . ': ' . get_name_thread_by_id($_GET['id']));
if ($nrorow3 > 0 || $nrorow3 == -2) {
$url = api_get_cidreq() .'&forum=' . intval($my_forum) . '&action='
$url = api_get_cidreq() .'&forum=' . $my_forum . '&action='
. Security::remove_XSS($_GET['action']) . '&content='
. Security::remove_XSS($_GET['content'], STUDENT) . '&id=' . intval($_GET['id']);
$tabs = array(
array(
'content' => get_lang('AllStudents'),
'url' => $forumUrl . 'viewforum.php?' . $url . '&origin=' . $origin . '&list=all'
'url' => $forumUrl . 'viewforum.php?' . $url . '&list=all'
),
array(
'content' => get_lang('StudentsQualified'),
'url' => $forumUrl . 'viewforum.php?' . $url . '&origin=' . $origin . '&list=qualify'
'url' => $forumUrl . 'viewforum.php?' . $url . '&list=qualify'
),
array(
'content' => get_lang('StudentsNotQualified'),
'url' => $forumUrl . 'viewforum.php?' . $url . '&origin=' . $origin . '&list=notqualify'
'url' => $forumUrl . 'viewforum.php?' . $url . '&list=notqualify'
),
);
$table_list .= Display::tabsOnlyLink($tabs, $active);
@ -358,7 +353,7 @@ if (!empty($message)) {
echo '<div class="actions">';
if ($origin != 'learnpath') {
if ($origin=='group') {
if (!empty($groupId)) {
echo '<a href="' . api_get_path(WEB_CODE_PATH) . 'group/group_space.php?'
. api_get_cidreq() . '&gradebook=' . $gradebook . '">'
. Display::return_icon('back.png', get_lang('BackTo')
@ -384,13 +379,13 @@ if (
if (!api_is_anonymous() && !api_is_invitee()) {
if ($my_forum == strval(intval($my_forum))) {
echo '<a href="' . $forumUrl . 'newthread.php?' . api_get_cidreq() . '&forum='
. Security::remove_XSS($my_forum) . $origin_string . '">'
. Security::remove_XSS($my_forum).'">'
. Display::return_icon('new_thread.png', get_lang('NewTopic'), '', ICON_SIZE_MEDIUM)
. '</a>';
} else {
$my_forum = strval(intval($my_forum));
echo '<a href="' . $forumUrl . 'newthread.php?' . api_get_cidreq()
. '&forum=' . $my_forum . $origin_string . '">'
. '&forum='.$my_forum.'">'
. Display::return_icon('new_thread.png', get_lang('NewTopic'), '', ICON_SIZE_MEDIUM)
. '</a>';
}
@ -464,8 +459,8 @@ if (is_array($threads)) {
$name = api_get_person_name($row['firstname'], $row['lastname']);
$linkPostForum = '<a href="viewthread.php?' . api_get_cidreq() . '&forum=' . Security::remove_XSS($my_forum)
. "&origin=$origin&thread={$row['thread_id']}&search="
$linkPostForum = '<a href="viewthread.php?' . api_get_cidreq() . '&forum=' . $my_forum
. "&thread={$row['thread_id']}&search="
. Security::remove_XSS(urlencode($my_search)) . '">'
. $row['thread_title'] . '</a>';
$html = '';
@ -582,7 +577,7 @@ if (is_array($threads)) {
!(api_is_course_coach() && $current_forum['session_id'] != $sessionId)
) {
$iconsEdit .= '<a href="' . $forumUrl . 'editthread.php?' . $cidreq
. '&forum=' . intval($my_forum) . '&thread='
. '&forum=' . $my_forum . '&thread='
. intval($row['thread_id'])
. '&id_attach=' . $id_attach . '">'
. Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a>';
@ -595,9 +590,8 @@ if (is_array($threads)) {
);
} else {
$iconsEdit.= '<a href="' . api_get_self() . '?' . $cidreq . '&forum='
. intval($my_forum) . '&action=delete&content=thread&id='
. $row['thread_id'] . $origin_string
. "\" onclick=\"javascript:if(!confirm('"
. $my_forum . '&action=delete&content=thread&id='
. $row['thread_id'] . "\" onclick=\"javascript:if(!confirm('"
. addslashes(api_htmlentities(get_lang('DeleteCompleteThread'), ENT_QUOTES))
. "')) return false;\">"
. Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>';
@ -609,7 +603,6 @@ if (is_array($threads)) {
$row['visibility'],
array(
'forum' => $my_forum,
'origin' => $origin,
'gidReq' => $groupId
)
);
@ -619,13 +612,12 @@ if (is_array($threads)) {
$row['locked'],
array(
'forum' => $my_forum,
'origin' => $origin,
'gidReq' => api_get_group_id()
)
);
$iconsEdit .= '<a href="viewforum.php?' . $cidreq . '&forum='
. intval($my_forum)
. '&action=move&thread=' . $row['thread_id'] . $origin_string . '">'
. $my_forum
. '&action=move&thread=' . $row['thread_id'].'">'
. Display::return_icon('move.png', get_lang('MoveThread'), array(), ICON_SIZE_SMALL)
. '</a>';
}
@ -643,14 +635,14 @@ if (is_array($threads)) {
$icon_liststd = 'user.png';
if (!api_is_anonymous() && api_is_allowed_to_session_edit(false, true)) {
$iconsEdit .= '<a href="' . api_get_self() . '?' . $cidreq . '&forum='
. intval($my_forum)
. $my_forum
. "&action=notify&content=thread&id={$row['thread_id']}"
. '">' . Display::return_icon($iconnotify, get_lang('NotifyMe')) . '</a>';
}
if (api_is_allowed_to_edit(null, true) && $origin != 'learnpath') {
$iconsEdit .= '<a href="' . api_get_self() . '?' . $cidreq . '&forum='
. intval($my_forum)
. $my_forum
. "&action=liststd&content=thread&id={$row['thread_id']}"
. '">' . Display::return_icon($icon_liststd, get_lang('StudentList'), array(), ICON_SIZE_SMALL)
. '</a>';

6
main/forum/viewforumcategory.php
Unescape View File

@ -52,11 +52,7 @@ require 'forumconfig.inc.php';
require_once 'forumfunction.inc.php';
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$origin = api_get_origin();
/* Header and Breadcrumbs */
$gradebook = null;

11
main/forum/viewpost.php
Unescape View File

@ -27,10 +27,7 @@ $(document).ready(function(){ $(\'.hide-me\').slideUp() });
</script>';
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$origin = api_get_origin();
/* MAIN DISPLAY SECTION */
@ -119,7 +116,7 @@ if ($message != 'PostDeletedSpecial') {
/* Action Links */
echo '<div style="float:right;">';
$my_url = '<a href="viewthread.php?'.api_get_cidreq().'&forum='.intval($_GET['forum']).'&thread='.intval($_GET['thread']).'&origin='.$origin.'&gradebook='.$gradebook.'&search='.Security::remove_XSS(urlencode($_GET['search']));
$my_url = '<a href="viewthread.php?'.api_get_cidreq().'&forum='.intval($_GET['forum']).'&thread='.intval($_GET['thread']).'&gradebook='.$gradebook.'&search='.Security::remove_XSS(urlencode($_GET['search']));
echo $my_url.'&view=flat">'.get_lang('FlatView').'</a> | ';
echo $my_url.'&view=threaded">'.get_lang('ThreadedView').'</a> | ';
echo $my_url.'&view=nested">'.get_lang('NestedView').'</a>';
@ -134,7 +131,7 @@ if ($message != 'PostDeletedSpecial') {
// The link should only appear when the user is logged in or when anonymous posts are allowed.
if ($_user['user_id'] || ($current_forum['allow_anonymous'] == 1 && !$_user['user_id'])) {
// reply link
echo '<a href="reply.php?'.api_get_cidreq().'&forum='.intval($_GET['forum']).'&thread='.intval($_GET['thread']).'&action=replythread&origin='.$origin.'">'.get_lang('ReplyToThread').'</a>';
echo '<a href="reply.php?'.api_get_cidreq().'&forum='.intval($_GET['forum']).'&thread='.intval($_GET['thread']).'&action=replythread">'.get_lang('ReplyToThread').'</a>';
// new thread link
if (api_is_allowed_to_edit(false, true) ||
@ -191,7 +188,7 @@ if ($message != 'PostDeletedSpecial') {
echo '<span>'.prepare4display($current_thread['thread_comment']).'</span>';
echo "</table>";
include_once('viewpost.inc.php');
include_once 'viewpost.inc.php';
}
if ($origin != 'learnpath') {

7
main/forum/viewthread.php
Unescape View File

@ -21,10 +21,7 @@ $nameTools = get_lang('Forum');
$forumUrl = api_get_path(WEB_CODE_PATH).'forum/';
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$origin = api_get_origin();
$my_search = null;
$gradebook = null;
@ -78,7 +75,7 @@ $(function() {
</script>';
if ($origin == 'group') {
if (!empty($groupId)) {
$interbreadcrumb[] = array(
'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(),
'name' => get_lang('Groups')

15
main/forum/viewthread_flat.inc.php
Unescape View File

@ -16,11 +16,7 @@ if ((isset($_GET['action']) &&
}
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$origin = api_get_origin();
$sessionId = api_get_session_id();
$_user = api_get_user_info();
$userId = api_get_user_id();
@ -177,8 +173,8 @@ if (isset($current_thread['thread_id'])) {
if (api_is_allowed_to_session_edit(false, true)) {
if ($locked == false) {
$iconEdit .= "<a href=\"editpost.php?" . api_get_cidreq() . "&forum=" . $clean_forum_id
. "&thread=" . $clean_thread_id . "&post=" . $row['post_id'] . "&origin="
. $origin . "&edit=edition&id_attach=" . $id_attach . "\">"
. "&thread=" . $clean_thread_id . "&post=" . $row['post_id']
. "&edit=edition&id_attach=" . $id_attach . "\">"
. Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . "</a>";
}
}
@ -230,8 +226,7 @@ if (isset($current_thread['thread_id'])) {
if ($increment > 0) {
$iconEdit .= "<a href=\"viewthread.php?" . api_get_cidreq() . "&forum=" . $clean_forum_id
. "&thread=" . $clean_thread_id . "&action=move&post=" . $row['post_id']
. "&origin=" . $origin . "\">"
. "&thread=" . $clean_thread_id . "&action=move&post=" . $row['post_id']."\">"
. Display::return_icon('move.png', get_lang('MovePost'), array(), ICON_SIZE_SMALL)
. "</a>";
}
@ -257,7 +252,7 @@ if (isset($current_thread['thread_id'])) {
$iconEdit .= "<a href=\"forumqualify.php?" . api_get_cidreq() . "&forum=" . $my_forum_id
. "&thread=" . $clean_thread_id . "&action=list&post=" . $row['post_id']
. "&user=" . $row['poster_id'] . "&user_id=" . $row['poster_id']
. "&origin=" . $origin . "&idtextqualify=" . $current_qualify_thread . "\" >"
. "&idtextqualify=" . $current_qualify_thread . "\" >"
. Display::return_icon('quiz.png', get_lang('Qualify'))
. "</a> ";
}

6
main/forum/viewthread_nested.inc.php
Unescape View File

@ -11,11 +11,7 @@ use Chamilo\CourseBundle\Entity\CForumPost;
*/
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$origin = api_get_origin();
//delete attachment file
if (isset($_GET['action']) &&
$_GET['action'] == 'delete_attach' &&

8
main/forum/viewthread_threaded.inc.php
Unescape View File

@ -40,11 +40,7 @@ if (isset($_GET['post']) && $_GET['post']) {
}
// Are we in a lp ?
$origin = '';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$origin = api_get_origin();
// Delete attachment file.
if (
isset($_GET['action']) &&
@ -347,7 +343,7 @@ if ($userCanQualify) {
"&forum=" . $forumId . "&thread=" . $threadId .
"&action=list&post=" . $rows[$display_post_id]['post_id'] .
"&user=" . $rows[$display_post_id]['user_id'] . "&user_id=" .
$rows[$display_post_id]['user_id'] . "&origin=" . $origin .
$rows[$display_post_id]['user_id'].
"&idtextqualify=" . $current_qualify_thread .
"\" >" . Display::return_icon(
'quiz.png',

5
main/group/group_overview.php
Unescape View File

@ -65,7 +65,8 @@ if (isset($_GET['action'])) {
/* Header */
$interbreadcrumb[] = array('url' => 'group.php?'.api_get_cidreq(), 'name' => get_lang('Groups'));
if (!isset ($_GET['origin']) || $_GET['origin'] != 'learnpath') {
$origin = api_get_origin();
if ($origin != 'learnpath') {
// So we are not in learnpath tool
if (!api_is_allowed_in_course()) {
api_not_allowed(true);
@ -126,6 +127,6 @@ echo '</div>';
echo GroupManager::getOverview($courseId, $keyword);
if (!isset ($_GET['origin']) || $_GET['origin'] != 'learnpath') {
if ($origin != 'learnpath') {
Display::display_footer();
}

8
main/group/group_space.php
Unescape View File

@ -339,10 +339,10 @@ $table = new SortableTable(
'get_group_user_data',
(api_is_western_name_order() xor api_sort_by_first_name()) ? 2 : 1
);
$origin = api_get_origin();
$my_cidreq = isset($_GET['cidReq']) ? Security::remove_XSS($_GET['cidReq']) : '';
$my_origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : '';
$my_gidreq = isset($_GET['gidReq']) ? Security::remove_XSS($_GET['gidReq']) : '';
$parameters = array('cidReq' => $my_cidreq, 'origin'=> $my_origin, 'gidReq' => $my_gidreq);
$parameters = array('cidReq' => $my_cidreq, 'origin'=> $origin, 'gidReq' => $my_gidreq);
$table->set_additional_parameters($parameters);
$table->set_header(0, '');
@ -532,8 +532,6 @@ function user_name_filter($name, $url_params, $row)
return UserManager::getUserProfileLink($userInfo);
}
// Footer
$orig = isset($origin) ? $origin : '';
if ($orig != 'learnpath') {
if ($origin != 'learnpath') {
Display::display_footer();
}

2
main/work/work.lib.php
Unescape View File

@ -32,7 +32,7 @@ function display_action_links($id, $cur_dir_path, $action)
}
$display_output = '';
$origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : '';
$origin = api_get_origin();
if (!empty($id)) {
$display_output .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&gradebook='.$gradebook.'&id='.$my_back_id.'">'.

Write Preview
Loading…
Cancel
Save