chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge

Browse Source
skala
Julio Montoya 15 years ago
parent 08774d20bf c1d7006c24
commit b89cfe988b
6 changed files with 3846 additions and 3830 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7641
      main/css/chamilo/default.css
  2. 2
      main/forum/viewforum.php
  3. 14
      main/inc/lib/message.lib.php
  4. 2
      main/messages/new_message.php
  5. 6
      main/messages/view_message.php
  6. 11
      main/social/invitations.php

7641
main/css/chamilo/default.css
View File

File diff suppressed because it is too large Load Diff

2
main/forum/viewforum.php
Unescape View File

@ -448,7 +448,7 @@ if(is_array($threads)) {
$attachment_list=get_attachment($row['post_id']);
$id_attach = !empty($attachment_list)?$attachment_list['id']:'';
$sql_post_id="SELECT post_id FROM $table_posts WHERE post_title='".$row['thread_title']."'";
$sql_post_id="SELECT post_id FROM $table_posts WHERE post_title='".Database::escape_string($row['thread_title'])."'";
$result_post_id=Database::query($sql_post_id, __FILE__, __LINE__);
$row_post_id=Database::fetch_array($result_post_id);

14
main/inc/lib/message.lib.php
Unescape View File

@ -153,6 +153,8 @@ class MessageManager
$message[0] = ($result[0]);
}
$result[2] = Security::remove_XSS($result[2]);
if ($request===true) {
/*if($result[4]==0) {
@ -210,6 +212,8 @@ class MessageManager
$parent_id = intval($parent_id);
$user_sender_id = api_get_user_id();
//var_dump($subject,$content);exit;
$total_filesize = 0;
if (is_array($file_attachments)) {
foreach ($file_attachments as $file_attach) {
@ -602,6 +606,8 @@ class MessageManager
$class = 'class = "read"';
$result[2] = Security::remove_XSS($result[2]);
if ($request===true) {
$message[1] = '<a onclick="show_sent_message('.$result[0].')" href="javascript:void(0)">'.GetFullUserName($result[4]).'</a>';
$message[2] = '<a onclick="show_sent_message('.$result[0].')" href="javascript:void(0)">'.str_replace("\\","",$result[2]).'</a>';
@ -680,6 +686,8 @@ class MessageManager
for ($i=0;$i<count($user_con);$i++)
if ($row[1]==$user_con[$i])
$band=1;
$row[5] = Security::remove_XSS($row[5]);
$message_content = '
<table class="message_view_table" >
@ -879,7 +887,7 @@ class MessageManager
$html .= '<a href="#" class="head" id="head_'.$topic['id'].'">';
$html .= '<span class="message-group-title-topic">'.(((isset($_GET['anchor_topic']) && $_GET['anchor_topic'] == 'topic_'.$topic['id']) || in_array('items_'.$topic['id'].'_page_nr',$param_names))?Display::return_icon('div_hide.gif',get_lang('Hide'),array('style'=>'vertical-align: middle')):
Display::return_icon('div_show.gif',get_lang('Show'),array('style'=>'vertical-align: middle'))).'
'.$topic['title'].'</span>';
'.Security::remove_XSS($topic['title']).'</span>';
$html .= '</a>';
if ($topic['send_date']!=$topic['update_date']) {
@ -930,7 +938,7 @@ class MessageManager
$html_items.= '&nbsp;&nbsp;<a href="'.api_get_path(WEB_CODE_PATH).'social/message_for_group_form.inc.php?view_panel=1&height=390&width=610&&user_friend='.$current_user_id.'&group_id='.$group_id.'&message_id='.$item['id'].'&action=edit_message_group&anchor_topic=topic_'.$topic['id'].'&topics_page_nr='.intval($_GET['topics_page_nr']).'&items_page_nr='.intval($items_page_nr).'&topic_id='.$topic['id'].'" class="thickbox" title="'.get_lang('Edit').'">'.Display :: return_icon('edit.gif', get_lang('Edit')).'</a>';
}
$html_items.= '</div>';
$html_items.= '<div class="message-group-title">'.$item['title'].'&nbsp;</div>';
$html_items.= '<div class="message-group-title">'.Security::remove_XSS($item['title']).'&nbsp;</div>';
$html_items.= '<div class="message-group-author">'.get_lang('From').'&nbsp;<a href="'.api_get_path(WEB_PATH).'main/social/profile.php?u='.$item['user_sender_id'].'">'.$name.'&nbsp;</a></div>';
$html_items.= '<div class="message-group-content">'.$item['content'].'</div>';
@ -1103,7 +1111,7 @@ function inbox_display() {
// display sortable table with messages of the current user
$table = new SortableTable('messages', 'get_number_of_messages_mask', 'get_message_data_mask', 3, get_number_of_messages_mask(),'DESC');
$table->set_header(0, '', false,array ('style' => 'width:20px;'));
$title=api_xml_http_response_encode(get_lang('Title'));
$title=api_xml_http_response_encode(get_lang('Title'));
$action=api_xml_http_response_encode(get_lang('Actions'));
$table->set_header(1,api_xml_http_response_encode(get_lang('From')),false);

2
main/messages/new_message.php
Unescape View File

@ -192,6 +192,7 @@ function manage_form ($default, $select_from_user_list = null) {
$form->addElement('hidden','group_id',$group_id);
$form->addElement('hidden','parent_id',$message_id);
}
$form->add_textfield('title', get_lang('Title'),true ,array('size' => 77));
$form->add_html_editor('content', get_lang('Message'), false, false, array('ToolbarSet' => 'Messages', 'Width' => '95%', 'Height' => '250'));
@ -228,6 +229,7 @@ function manage_form ($default, $select_from_user_list = null) {
$file_comments = $_POST['legend'];
$title = $values['title'];
$content = $values['content'];
$group_id = $values['group_id'];
$parent_id = $values['parent_id'];

6
main/messages/view_message.php
Unescape View File

@ -86,8 +86,12 @@ echo '<div id="social-content">';
}
echo '<div id="'.$id_content_right.'">';
//MAIN CONTENT
//MAIN CONTENT
$message = MessageManager::show_message_box($id_message,$source);
if (!empty($message)) {
echo $message;
} else {

11
main/social/invitations.php
Unescape View File

@ -145,10 +145,13 @@ echo '<div id="social-content">';
<?php
$picture = UserManager::get_user_picture_path_by_id($sender_user_id,'web',false,true);
$friends_profile = SocialManager::get_picture_user($sender_user_id, $picture['file'], 92);
$user_info = api_get_user_info($sender_user_id);
$title = api_convert_encoding($invitation['title'],$charset);
$content = api_convert_encoding($invitation['content'],$charset);
$date = $invitation['send_date'];
$user_info = api_get_user_info($sender_user_id);
$title = Security::remove_XSS($invitation['title']);
$title = api_convert_encoding($title,$charset);
$content = Security::remove_XSS($invitation['content']);
$content = api_convert_encoding($content,$charset);
$date = $invitation['send_date'];
?>
<table cellspacing="0" border="0">
<tbody>

Write Preview
Loading…
Cancel
Save