From b3f92b0885ef183a5aa6c587ab5e6a6f9780d850 Mon Sep 17 00:00:00 2001
From: Angel Fernando Quiroz Campos <angelfqc.18@gmail.com>
Date: Mon, 10 Apr 2023 12:29:51 -0500
Subject: [PATCH] Filter the code shown in course category form

---
 main/admin/course_category.php | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/main/admin/course_category.php b/main/admin/course_category.php
index 4fc1758b08..2aff5392f8 100755
--- a/main/admin/course_category.php
+++ b/main/admin/course_category.php
@@ -22,6 +22,9 @@ $action = $_GET['action'] ?? null;
 
 $myCourseListAsCategory = api_get_configuration_value('my_courses_list_as_category');
 
+$baseUrl = api_get_path(WEB_CODE_PATH).'admin/course_category.php?'
+    .http_build_query(['category' => $parentInfo['code'] ?? '']);
+
 if (!empty($action)) {
     if ('export' === $action) {
         $categoryInfo = CourseCategory::getCategoryById($categoryId);
@@ -48,10 +51,10 @@ if (!empty($action)) {
     if ($action === 'delete') {
         CourseCategory::deleteNode($categoryId);
         Display::addFlash(Display::return_message(get_lang('Deleted')));
-        header('Location: '.api_get_self().'?category='.Security::remove_XSS($category));
+        header('Location: '.$baseUrl);
         exit();
     } elseif (($action === 'add' || $action === 'edit') && isset($_POST['formSent']) && $_POST['formSent']) {
-        $newParentCategoryCode = $_POST['parent_id'] ?? $category;
+        $newParentCategoryCode = $_POST['parent_id'] ?? $parentInfo['code'] ?? '';
 
         if ($action === 'add') {
             $ret = CourseCategory::addNode(
@@ -69,7 +72,7 @@ if (!empty($action)) {
                 $_POST['auth_course_child'],
                 $categoryId,
                 $newParentCategoryCode,
-                $category
+                $parentInfo['code'] ?? ''
             );
             $categoryInfo = CourseCategory::getCategory($_POST['code']);
             $ret = $categoryInfo['id'];
@@ -90,8 +93,8 @@ if (!empty($action)) {
         header('Location: '.api_get_path(WEB_CODE_PATH).'admin/course_category.php');
         exit;
     } elseif ($action === 'moveUp') {
-        CourseCategory::moveNodeUp($categoryId, $_GET['tree_pos'], $category);
-        header('Location: '.api_get_self().'?category='.Security::remove_XSS($category));
+        CourseCategory::moveNodeUp($categoryId, $_GET['tree_pos'], $parentInfo['code'] ?? '');
+        header('Location: '.$baseUrl);
         Display::addFlash(Display::return_message(get_lang('Updated')));
         exit();
     }
@@ -137,15 +140,16 @@ if ($action === 'add' || $action === 'edit') {
     echo '<div class="actions">';
     echo Display::url(
         Display::return_icon('folder_up.png', get_lang('Back'), '', ICON_SIZE_MEDIUM),
-        api_get_path(WEB_CODE_PATH).'admin/course_category.php?category='.Security::remove_XSS($category)
+        $baseUrl
     );
     echo '</div>';
 
     $form_title = $action === 'add' ? get_lang('AddACategory') : get_lang('EditNode');
-    if (!empty($category)) {
-        $form_title .= ' '.get_lang('Into').' '.Security::remove_XSS($category);
+    if (!empty($categoryInfo['parent_id'])) {
+        $form_title .= ' '.get_lang('Into').' '.$categoryInfo['parent_id'];
     }
-    $url = api_get_self().'?action='.Security::remove_XSS($action).'&category='.Security::remove_XSS($category).'&id='.Security::remove_XSS($categoryId);
+    $url = $baseUrl.'&'
+        .http_build_query(['action' => Security::remove_XSS($action), 'id' => Security::remove_XSS($categoryId)]);
     $form = new FormValidator('course_category', 'post', $url);
     $form->addElement('header', '', $form_title);
     $form->addElement('hidden', 'formSent', 1);
@@ -230,7 +234,7 @@ if ($action === 'add' || $action === 'edit') {
         $form->setDefaults(
             [
                 'auth_course_child' => 'TRUE',
-                'parent_id' => $category,
+                'parent_id' => $parentInfo['code'] ?? '',
             ]
         );
         $form->addButtonCreate($text);
@@ -254,7 +258,7 @@ if ($action === 'add' || $action === 'edit') {
     if (empty($parentInfo) || $parentInfo['auth_cat_child'] === 'TRUE') {
         $newCategoryLink = Display::url(
             Display::return_icon('new_folder.png', get_lang('AddACategory'), '', ICON_SIZE_MEDIUM),
-            api_get_path(WEB_CODE_PATH).'admin/course_category.php?action=add&category='.Security::remove_XSS($category)
+            $baseUrl.'&action=add'
         );
 
         if (!empty($parentInfo) && $parentInfo['access_url_id'] != $urlId) {
@@ -266,7 +270,7 @@ if ($action === 'add' || $action === 'edit') {
     if (!empty($parentInfo)) {
         echo Display::page_subheader($parentInfo['name'].' ('.$parentInfo['code'].')');
     }
-    echo CourseCategory::listCategories($category);
+    echo CourseCategory::listCategories($parentInfo['code'] ?? '');
 }
 
 Display::display_footer();