[svn r18576] Logic changes - Implemented possibility to remove or to edit an attachment file into a thread in forum tool - see FS#3658

17 years ago · b8bab78d12
parent a12dca3f3d
commit b8bab78d12
8 changed files with 246 additions and 84 deletions
--- a/main/forum/editpost.php
+++ b/main/forum/editpost.php
@ -233,25 +233,24 @@ echo "\t</tr>\n";
 echo '</table>';
 // the form for the reply
-$values=show_edit_post_form($current_post, $current_thread, $current_forum, isset($_SESSION['formelements'])?$_SESSION['formelements']:'');
+$id_attach = isset($_GET['id_attach'])?(int)$_GET['id_attach']:0;
 $values=show_edit_post_form($current_post, $current_thread, $current_forum, isset($_SESSION['formelements'])?$_SESSION['formelements']:'',$id_attach);
 if (!empty($values) and $_POST['SubmitPost']) {					
 	store_edit_post($values);
 	$option_chek=isset($values['thread_qualify_gradebook'])?$values['thread_qualify_gradebook']:null;// values 1 or 0
-		if ( 1== $option_chek ) {
+	if ( 1== $option_chek ) {
-			$id=$values['thread_id'];
+		$id=$values['thread_id'];
-			$title_gradebook=$values['calification_notebook_title'];
+		$title_gradebook=$values['calification_notebook_title'];
-			$value_calification=$values['numeric_calification'];
+		$value_calification=$values['numeric_calification'];
-			$weight_calification=$values['weight_calification'];
+		$weight_calification=$values['weight_calification'];
-			$description="";
+		$description="";
-			$session_id=api_get_session_id();
+		$session_id=api_get_session_id();
-			$link_id=is_resource_in_course_gradebook(api_get_course_id(),5,$id,$session_id);
+		$link_id=is_resource_in_course_gradebook(api_get_course_id(),5,$id,$session_id);
-			if ( $link_id==false ) {
+		if ( $link_id==false ) {
-				add_resource_to_course_gradebook(api_get_course_id(), 5, $id, $title_gradebook,$weight_calification,$value_calification,$description,time(),1,api_get_session_id());	
+			add_resource_to_course_gradebook(api_get_course_id(), 5, $id, $title_gradebook,$weight_calification,$value_calification,$description,time(),1,api_get_session_id());	
-			} else {
+		} else {
-				api_sql_query('UPDATE '.$table_link.' SET weight='.$weight_calification.' WHERE id='.$link_id.'');
+			api_sql_query('UPDATE '.$table_link.' SET weight='.$weight_calification.' WHERE id='.$link_id.'');
-			}
+		}				
 	}
 }
--- a/main/forum/forumfunction.inc.php
+++ b/main/forum/forumfunction.inc.php
@ -636,8 +636,16 @@ function store_forum($values) {
 function delete_forum_forumcategory_thread($content, $id) {
 	global $_course;
 	$table_forums = Database::get_course_table(TABLE_FORUM);
 	$table_forums_post = Database::get_course_table(TABLE_FORUM_POST);
 	$table_forum_thread = Database::get_course_table(TABLE_FORUM_THREAD);
 	// delete all attachment file about this tread id	
 	$sql = "SELECT post_id FROM $table_forums_post WHERE thread_id = '".(int)$id."' ";
 	$res = api_sql_query($sql,__FILE__,__LINE__);
 	while ($poster_id = Database::fetch_row($res)) {
 		delete_attachment($poster_id[0]);	
 	}	
 	if ($content=='forumcategory') {
 		$tool_constant=TOOL_FORUM_CATEGORY;
 		$return_message=get_lang('ForumCategoryDeleted');
@ -671,7 +679,6 @@ function delete_forum_forumcategory_thread($content, $id) {
 		$return_message=get_lang('ThreadDeleted');
 	}
 	api_item_property_update($_course,$tool_constant,$id,'delete',api_get_user_id()); // note: check if this returns a true and if so => return $return_message, if not => return false;
 	//delete_attachment($post_id);
 	return $return_message;
 }
@ -695,6 +702,7 @@ function delete_post($post_id) {
 	$sql="DELETE FROM $table_posts WHERE post_id='".Database::escape_string($post_id)."'"; // note: this has to be a recursive function that deletes all of the posts in this block.
 	api_sql_query($sql,__FILE__,__LINE__);
 	//delete attachment file about this post id
 	delete_attachment($post_id);	
 	$last_post_of_thread=check_if_last_post_of_thread(strval(intval($_GET['thread'])));
@ -1774,21 +1782,9 @@ function store_thread($values) {
 			if (!filter_extension($new_file_name))  {
 				Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));				
 			} else {
 				$new_file_name = uniqid('');						
 				$new_path=$updir.'/'.$new_file_name;
 				$result= @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
 				$comment=$values['file_comment'];				
 				// Storing the attachments if any
 				if ($result) {
-					$sql='INSERT INTO '.$forum_table_attachment.'(filename,comment, path, post_id,size) '.
+					$comment = Database::escape_string($comment);				
-						 "VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$last_post_id."', '".$_FILES['user_upload']['size']."' )";						
+					add_forum_attachment_file($comment,$last_post_id);
 					$result=api_sql_query($sql, __LINE__, __FILE__);					
 					$message.=' / '.get_lang('FileUploadSucces').'<br />';
 					$last_id=Database::insert_id();
 					api_item_property_update($_course, TOOL_FORUM_ATTACH, $last_id ,'ForumAttachmentAdded', api_get_user_id());
 				}										
 			}			 
 		} else {
@ -1860,6 +1856,20 @@ function show_add_post_form($action='', $id='', $form_values='') {
 	$form->addElement('text', 'post_title', get_lang('Title'),'class="input_titles"');
 	$form->addElement('html_editor', 'post_text', get_lang('Text'));
 	$form->addElement('static','Group','<a href="javascript://" onclick="return advanced_parameters()"><span id="img_plus_and_minus"><img src="../img/nolines_plus.gif" alt="" />'.get_lang('AdvancedParameters').'</span></a>');
 	$form->addElement('html','<div id="id_qualify" style="display:none">');
 	if( (api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && !($my_thread) ){
 		// thread qualify
 		$form->addElement('static','Group', '<br /><strong>'.get_lang('AlterQualifyThread').'</strong>');
 		$form->addElement('text', 'numeric_calification', get_lang('QualifyNumeric'),'Style="width:40px"');
 		$form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook'),'onclick="javascript:if(this.checked==true){document.getElementById(\'options_field\').style.display = \'block\';}else{document.getElementById(\'options_field\').style.display = \'none\';}"');
 		$form -> addElement('html','<div id="options_field" style="display:none">');
 		$form->addElement('text', 'calification_notebook_title', get_lang('TitleColumnGradebook'));
 		$form->addElement('text', 'weight_calification', get_lang('QualifyWeight'),'value="0.00" Style="width:40px" onfocus="this.select();"');
 		$form->addElement('html','</div>'); 
 	}
 	if ($forum_setting['allow_post_notificiation'] AND isset($_user['user_id'])) {
 		$form->addElement('checkbox', 'post_notification', '', get_lang('NotifyByEmail').' ('.$_user['mail'].')');
@ -1878,28 +1888,11 @@ function show_add_post_form($action='', $id='', $form_values='') {
 	$form->addElement('html','<br /><b><div class="row"><div class="label">'.get_lang('AddAnAttachment').'</div></div></b><br /><br />');
 	$form->addElement('file','user_upload',get_lang('FileName'),'');		
 	$form->addElement('textarea','file_comment',get_lang('FileComment'),array ('rows' => 4, 'cols' => 34));
-	
+	$form->addElement('html','</div>');
 	$userid  =api_get_user_id();
 	$info    =api_get_user_info($userid);
 	$courseid=api_get_course_id();		
 	if( (api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && !($my_thread) ){
 		// thread qualify
 		$form->addElement('static','Group','<a href="javascript://" onclick="return advanced_parameters()"><span id="img_plus_and_minus"><img src="../img/nolines_plus.gif" alt="" />'.get_lang('AdvancedParameters').'</span></a>');
 		$form->addElement('html','<div id="id_qualify" style="display:none">');
 		$form->addElement('static','Group', '<br /><strong>'.get_lang('AlterQualifyThread').'</strong>');
 		$form->addElement('text', 'numeric_calification', get_lang('QualifyNumeric'),'Style="width:40px"');
 		$form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook'),'onclick="javascript:if(this.checked==true){document.getElementById(\'options_field\').style.display = \'block\';}else{document.getElementById(\'options_field\').style.display = \'none\';}"');
 		$form -> addElement('html','<div id="options_field" style="display:none">');
 		$form->addElement('text', 'calification_notebook_title', get_lang('TitleColumnGradebook'));
 		$form->addElement('text', 'weight_calification', get_lang('QualifyWeight'),'value="0.00" Style="width:40px" onfocus="this.select();"');
 		$form->addElement('html','</div>'); 
 		$form->addElement('html','</div>');
 	}
 	$form->addElement('submit', 'SubmitPost', get_lang('Ok'));	
 	$form->add_real_progress_bar('DocumentUpload','user_upload');
@ -2256,7 +2249,7 @@ function store_reply($values) {
 * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
 * @version february 2006, dokeos 1.8
 */
-function show_edit_post_form($current_post, $current_thread, $current_forum, $form_values='') {
+function show_edit_post_form($current_post, $current_thread, $current_forum, $form_values='',$id_attach=0) {
 	global $forum_setting;
 	global $_user;
 	global $origin;
@ -2267,15 +2260,17 @@ function show_edit_post_form($current_post, $current_thread, $current_forum, $fo
 	// settting the form elements
 	$form->addElement('hidden', 'post_id', $current_post['post_id']);
 	$form->addElement('hidden', 'thread_id', $current_thread['thread_id']);
 	$form->addElement('hidden', 'id_attach', $id_attach);
 	if ($current_post['post_parent_id']==0) {
 		$form->addElement('hidden', 'is_first_post_of_thread', '1');
 	}
 	$form->addElement('text', 'post_title', get_lang('Title'),'class="input_titles"');
 	$form->addElement('html_editor', 'post_text', get_lang('Text'));
 	if (!isset($_GET['edit'])) {
-		$form->addElement('static','Group','<a href="javascript://" onclick="return advanced_parameters()"><span id="img_plus_and_minus"><img src="../img/nolines_plus.gif" alt="" />'.get_lang('AdvancedParameters').'</span></a>');
+	$form->addElement('static','Group','<a href="javascript://" onclick="return advanced_parameters()"><span id="img_plus_and_minus"><img src="../img/nolines_plus.gif" alt="" />'.get_lang('AdvancedParameters').'</span></a>');
-		$form->addElement('html','<div id="id_qualify" style="display:none">');
+	$form->addElement('html','<div id="id_qualify" style="display:none">');
 	if (!isset($_GET['edit'])) {				
 		$form->addElement('static','Group','<strong>'.get_lang('AlterQualifyThread').'</strong>');
 		$form->addElement('text', 'numeric_calification', get_lang('QualifyNumeric'),'value="'.$current_thread['thread_qualify_max'].'" Style="width:40px"');
 		$form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook'),'onclick="javascript:if(this.checked==true){document.getElementById(\'options_field\').style.display = \'block\';}else{document.getElementById(\'options_field\').style.display = \'none\';}"');		
@ -2288,8 +2283,6 @@ function show_edit_post_form($current_post, $current_thread, $current_forum, $fo
 		}						
 		$form->addElement('text', 'calification_notebook_title', get_lang('TitleColumnGradebook'),'value="'.$current_thread['thread_title_qualify'].'"');
 		$form->addElement('text', 'weight_calification', get_lang('QualifyWeight'),'value="'.$current_thread['thread_weight'].'" Style="width:40px"');		
 		$form->addElement('html','</div>');
 		$form->addElement('html','</div>');				
 		//add gradebook
 	}
@ -2303,6 +2296,12 @@ function show_edit_post_form($current_post, $current_thread, $current_forum, $fo
 			$defaults['thread_sticky']=true;
 		}
 	}
 	// user upload
 	$form->addElement('html','<br /><b><div class="row"><div class="label">'.get_lang('AddAnAttachment').'</div></div></b><br /><br />');
 	$form->addElement('file','user_upload',get_lang('FileName'),'');		
 	$form->addElement('textarea','file_comment',get_lang('FileComment'),array ('rows' => 4, 'cols' => 34));		
 	$form->addElement('html','</div><br /><br />');
 	if ($current_forum['allow_attachments']=='1' OR api_is_allowed_to_edit()) {
 		if (empty($form_values) AND !isset($_POST['SubmitPost'])) {
 			//edit_added_resources('forum_post',$current_post['post_id']);
@ -2379,6 +2378,12 @@ function store_edit_post($values) {
 				//error_log($sql);
 	api_sql_query($sql,__FILE__, __LINE__);
 	if (empty($values['id_attach'])) {
 		add_forum_attachment_file($values['file_comment'],$values['post_id']);
 	} else {
 		edit_forum_attachment_file($values['file_comment'],$values['post_id'],$values['id_attach']);
 	}
    if (api_is_course_admin()==true) {
        $ccode = api_get_course_id();
        $sid = api_get_session_id();
@ -3193,6 +3198,105 @@ function search_link() {
 	}
 	return $return;
 }
 /**
 * This function add a attachment file into forum
 * @param string  a comment about file
 * @param int last id from forum_post table
 *
 */
 function add_forum_attachment_file($file_comment,$last_id) {
 	global $_course;
 	$agenda_forum_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
 	// Storing the attachments
    if(!empty($_FILES['user_upload']['name'])) {
 		$upload_ok = process_uploaded_file($_FILES['user_upload']);
 	}
 	if (!empty($upload_ok)) {
 			$courseDir   = $_course['path'].'/upload/forum';
 			$sys_course_path = api_get_path(SYS_COURSE_PATH);
 			$updir = $sys_course_path.$courseDir;
 			// Try to add an extension to the file if it hasn't one
 			$new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']);
 			// user's file name
 			$file_name =$_FILES['user_upload']['name'];
 			if (!filter_extension($new_file_name))  {
 				Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
 			} else {
 				$new_file_name = uniqid('');
 				$new_path=$updir.'/'.$new_file_name;
 				$result= @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
 				$safe_file_comment= Database::escape_string($file_comment);
 				$safe_file_name = Database::escape_string($file_name);
 				$safe_new_file_name = Database::escape_string($new_file_name);
 				// Storing the attachments if any
 				if ($result) {
 					$sql="INSERT INTO $agenda_forum_attachment(filename,comment, path,post_id,size) 
 						  VALUES ( '$safe_file_name', '$safe_file_comment', '$safe_new_file_name' , '$last_id', '".$_FILES['user_upload']['size']."' )";
 					$result=api_sql_query($sql, __LINE__, __FILE__);
 					$message.=' / '.get_lang('FileUploadSucces').'<br />';
 					$last_id_file=Database::insert_id();
 					api_item_property_update($_course, TOOL_FORUM_ATTACH, $last_id_file ,'ForumAttachmentAdded', api_get_user_id());
 				}
 			}
 		}
 }
 /**
 * This function edit a attachment file into forum
 * @param string  a comment about file
 * @param int Post Id
 *  @param int attachment file Id
 */
 function edit_forum_attachment_file($file_comment,$post_id,$id_attach) {
 	global $_course;
 	$table_forum_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
 	// Storing the attachments
    if(!empty($_FILES['user_upload']['name'])) {
 		$upload_ok = process_uploaded_file($_FILES['user_upload']);
 	}
 	if (!empty($upload_ok)) {
 			$courseDir   = $_course['path'].'/upload/forum';
 			$sys_course_path = api_get_path(SYS_COURSE_PATH);
 			$updir = $sys_course_path.$courseDir;
 			// Try to add an extension to the file if it hasn't one
 			$new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']);
 			// user's file name
 			$file_name =$_FILES['user_upload']['name'];
 			if (!filter_extension($new_file_name))  {
 				Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
 			} else {
 				$new_file_name = uniqid('');
 				$new_path=$updir.'/'.$new_file_name;
 				$result= @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
 				$safe_file_comment= Database::escape_string($file_comment);
 				$safe_file_name = Database::escape_string($file_name);
 				$safe_new_file_name = Database::escape_string($new_file_name);
 				$safe_post_id = (int)$post_id;
 				$safe_id_attach = (int)$id_attach;
 				// Storing the attachments if any
 				if ($result) {
 					$sql="UPDATE $table_forum_attachment SET filename = '$safe_file_name', comment = '$safe_file_comment', path = '$safe_new_file_name', post_id = '$safe_post_id', size ='".$_FILES['user_upload']['size']."'
 						   WHERE id = '$safe_id_attach'";
 					$result=api_sql_query($sql, __LINE__, __FILE__);
 					api_item_property_update($_course, TOOL_FORUM_ATTACH, $safe_id_attach ,'ForumAttachmentUpdated', api_get_user_id());
 				}
 			}
 		}
 }
 /**
 * Show a list with all the attachments according to the post's id
@ -3205,7 +3309,7 @@ function search_link() {
 function get_attachment($post_id) {	
 	global $forum_table_attachment;
 	$row=array();	
-	$sql = 'SELECT path, filename,comment FROM '. $forum_table_attachment.' WHERE post_id ="'.$post_id.'"';
+	$sql = 'SELECT id, path, filename,comment FROM '. $forum_table_attachment.' WHERE post_id ="'.$post_id.'"';
 	$result=api_sql_query($sql, __FILE__, __LINE__);
 	if (Database::num_rows($result)!=0) {
 		$row=Database::fetch_array($result);
@ -3213,19 +3317,30 @@ function get_attachment($post_id) {
 	return $row;	
 }
 /**
- * Delete the all the attachments from the DB and the file according to the post's id
+ * Delete the all the attachments from the DB and the file according to the post's id or attach id(optional)
 * @param post id
 * @param attach id (optional)
 * @author Julio Montoya Dokeos
 * @version avril 2008, dokeos 1.8.5
 */ 
-function delete_attachment($id) {	
+function delete_attachment($post_id,$id_attach=0) {		
 	global $forum_table_attachment;
 	global $_course;
 	$forum_table_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
-	$attach_list=get_attachment($id);
+	$cond = (!empty($id_attach))?" id = ".(int)$id_attach."" : " post_id = ".(int)$post_id."";
-	$sql = 'DELETE FROM '. $forum_table_attachment.' WHERE post_id ="'.$id.'"';
+	
-	$result=api_sql_query($sql, __FILE__, __LINE__);
+	$sql="DELETE FROM $forum_table_attachment WHERE $cond ";	
 	$result=api_sql_query($sql, __LINE__, __FILE__);
 	$last_id_file=Database::insert_id();
 	// update item_property
 	api_item_property_update($_course, TOOL_FORUM_ATTACH, $id_attach ,'ForumAttachmentDelete', api_get_user_id());
 	if (!empty($result) && !empty($id_attach)) {	
 	$message=get_lang(get_lang('AttachmentFileDeleteSuccess'));			
 	Display::display_confirmation_message($message);
 	}
 	$courseDir       = $_course['path'].'/upload/forum';
 	$sys_course_path = api_get_path(SYS_COURSE_PATH);		
@ -3233,8 +3348,6 @@ function delete_attachment($id) {
 	$my_path         =isset($attach_list['path']) ? $attach_list['path'] : null;
 	$file            =$updir.'/'.$my_path;
 	api_item_property_update($_course, TOOL_FORUM_ATTACH, $id ,'ForumAttachmentDelete', api_get_user_id());
 	if (Security::check_abs_path($file,$updir) ) {			
 		@ unlink($file);
 	}		
--- a/main/forum/reply.php
+++ b/main/forum/reply.php
@ -92,6 +92,19 @@ if(isset($_GET['origin'])) {
 require 'forumconfig.inc.php';
 require_once 'forumfunction.inc.php';
 // javascript
 $htmlHeadXtra[] = '<script>
 		function advanced_parameters() {
 			if(document.getElementById(\'id_qualify\').style.display == \'none\') {
 				document.getElementById(\'id_qualify\').style.display = \'block\';
 				document.getElementById(\'img_plus_and_minus\').innerHTML=\'&nbsp;<img src="../img/nolines_minus.gif" alt="" />&nbsp;'.get_lang('AdvancedParameters').'\';
 			} else {
 				document.getElementById(\'id_qualify\').style.display = \'none\';
 				document.getElementById(\'img_plus_and_minus\').innerHTML=\'&nbsp;<img src="../img/nolines_plus.gif" alt="" />&nbsp;'.get_lang('AdvancedParameters').'\';
 			}	
 		}
 </script>';	
 /*
 ==============================================================================
 		MAIN DISPLAY SECTION
--- a/main/forum/viewforum.php
+++ b/main/forum/viewforum.php
@ -407,20 +407,24 @@ if(is_array($threads)) {
 			} elseif ($origin!='learnpath') {
 				$last_post_sql="SELECT post.*, user.firstname, user.lastname FROM $table_posts post, $table_users user WHERE post.poster_id=user.user_id AND visible='1' AND thread_id='".$row['thread_id']."' ORDER BY post_id DESC";
 				$last_post_result=api_sql_query($last_post_sql, __FILE__, __LINE__);
-				$last_post_row=mysql_fetch_array($last_post_result);
+				$last_post_row=Database::fetch_array($last_post_result);
 				$name=$last_post_row['firstname'].' '.$last_post_row['lastname'];
 				$last_post=$last_post_row['post_date']." ".get_lang('By').' '.display_user_link($last_post_row['poster_id'], $name);
 			} else {
 				$last_post_sql="SELECT post.*, user.firstname, user.lastname FROM $table_posts post, $table_users user WHERE post.poster_id=user.user_id AND visible='1' AND thread_id='".$row['thread_id']."' ORDER BY post_id DESC";
 				$last_post_result=api_sql_query($last_post_sql, __FILE__, __LINE__);
-				$last_post_row=mysql_fetch_array($last_post_result);
+				$last_post_row=Database::fetch_array($last_post_result);
 				$name=$last_post_row['firstname'].' '.$last_post_row['lastname'];
 				$last_post=$last_post_row['post_date']." ".get_lang('By').' '.$name;
 			}
 			echo "\t\t<td>".$last_post."</td>\n";
 			echo "\t\t<td>";	
 			// get attach id
 			$attachment_list=get_attachment($row['post_id']);
 			$id_attach = !empty($attachment_list)?$attachment_list['id']:'';
 			if (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) {
-				echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($my_forum)."&amp;thread=".Security::remove_XSS($row['thread_id'])."&amp;post=".$row['post_id']."&amp;gidReq=".$_SESSION['toolgroup']."&origin=".$origin."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
+				echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($my_forum)."&amp;thread=".Security::remove_XSS($row['thread_id'])."&amp;post=".$row['post_id']."&amp;gidReq=".$_SESSION['toolgroup']."&origin=".$origin."&id_attach=".$id_attach."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
 				echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forum=".Security::remove_XSS($my_forum)."&amp;action=delete&amp;content=thread&amp;gidReq=".$_SESSION['toolgroup']."&amp;id=".$row['thread_id'].$origin_string."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeleteCompleteThread"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>";
 				display_visible_invisible_icon('thread', $row['thread_id'], $row['visibility'], array("forum"=>$my_forum,'origin'=>$origin,"gidReq"=>$_SESSION['toolgroup']));
 				display_lock_unlock_icon('thread',$row['thread_id'], $row['locked'], array("forum"=>$my_forum,'origin'=>$origin,"gidReq"=>$_SESSION['toolgroup']));
--- a/main/forum/viewforumcategory.php
+++ b/main/forum/viewforumcategory.php
@ -238,7 +238,7 @@ if ($action_forums!='add') {
 	echo "<table class=\"data_table\" width='100%'>\n";
 	$my_session=isset($_SESSION['id_session']) ? $_SESSION['id_session'] : null;
 	$forum_categories_list='';
-	echo "\t<tr>\n\t\t<th align=\"left\" colspan=\"5\">";
+	echo "\t<tr>\n\t\t<th align=\"left\" ".(api_is_allowed_to_edit()?"colspan='5'":"colspan='6'").">";
 	echo '<span class="forum_title">'.prepare4display($forum_category['cat_title']).'</span><br />';
 	echo '<span class="forum_description">'.prepare4display($forum_category['cat_comment']).'</span>';
 	echo "</th>\n";
--- a/main/forum/viewthread_flat.inc.php
+++ b/main/forum/viewthread_flat.inc.php
@ -23,6 +23,11 @@
 /**
 * 	@package dokeos.forum
 */
 //delete attachment file
 if ((isset($_GET['action']) && $_GET['action']=='delete_attach') && isset($_GET['id_attach'])) {	
 	delete_attachment(0,$_GET['id_attach']);
 }
 if (isset($current_thread['thread_id'])){
 $rows=get_posts($current_thread['thread_id']);
@ -56,10 +61,13 @@ foreach ($rows as $row) {
 		echo $name. '<br />';
 	}	
 	echo $row['post_date'].'<br /><br />';
 	// get attach id
 	$attachment_list=get_attachment($row['post_id']);
 	$id_attach = !empty($attachment_list)?$attachment_list['id']:'';
 	// The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum
 	// The course admin him/herself can do this off course always
 	if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true)  && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
-		echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;post=".$row['post_id']."&origin=".$origin."&edit=edition\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
+		echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;post=".$row['post_id']."&origin=".$origin."&edit=edition&id_attach=".$id_attach."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
 	}
 	if (api_is_allowed_to_edit(false,true)  && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) {
 		echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;action=delete&amp;content=post&amp;id=".$row['post_id']."&origin=".$origin."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeletePost"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>\n";
@ -133,7 +141,10 @@ foreach ($rows as $row) {
 		echo '<a href="download.php?file=';		
 		echo $realname;
 		echo ' "> '.$user_filename.' </a>';
-		echo '<span class="forum_attach_comment" >'.$attachment_list['comment'].'</span><br />';	
+		echo '<span class="forum_attach_comment" >'.$attachment_list['comment'].'</span>';
 		if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true)  && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])))	{
 		echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
 		}
 		echo '</td></tr>';		
 	}
--- a/main/forum/viewthread_nested.inc.php
+++ b/main/forum/viewthread_nested.inc.php
@ -35,6 +35,11 @@ if(isset($_GET['origin']))
    $origin =  Security::remove_XSS($_GET['origin']);
 }
 //delete attachment file
 if ((isset($_GET['action']) && $_GET['action']=='delete_attach') && isset($_GET['id_attach'])) {	
 	delete_attachment(0,$_GET['id_attach']);
 }
 $rows=get_posts($_GET['thread']); // note: this has to be cleaned first
 $rows=calculate_children($rows);
 $count=0;
@ -65,10 +70,13 @@ foreach ($rows as $post) {
 	}
 	echo display_user_link($post['user_id'], $name, $origin).'<br />';
 	echo $post['post_date'].'<br /><br />';
 	// get attach id
 	$attachment_list=get_attachment($post['post_id']);
 	$id_attach = !empty($attachment_list)?$attachment_list['id']:'';
 	// The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum
 	// The course admin him/herself can do this off course always
 	if (($current_forum['allow_edit']==1 AND $post['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
-		echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;origin=".$origin."&amp;post=".$post['post_id']."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
+		echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;origin=".$origin."&amp;post=".$post['post_id']."&id_attach=".$id_attach."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
 	}
 	if (api_is_allowed_to_edit(false,true)  && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) {
 		echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;action=delete&amp;content=post&amp;id=".$post['post_id']."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeletePost"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>\n";
@ -136,7 +144,10 @@ foreach ($rows as $post) {
 		echo '<a href="download.php?file=';		
 		echo $realname;
 		echo ' "> '.$user_filename.' </a>';
-		echo '<span class="forum_attach_comment" >'.$attachment_list['comment'].'</span><br />';	
+		echo '<span class="forum_attach_comment" >'.$attachment_list['comment'].'</span>';
 		if (($current_forum['allow_edit']==1 AND $post['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true)  && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])))	{
 		echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
 		}	
 		echo '</td></tr>';		
 	}
--- a/main/forum/viewthread_threaded.inc.php
+++ b/main/forum/viewthread_threaded.inc.php
@ -75,6 +75,10 @@ if(isset($_GET['origin']))
    $origin =  Security::remove_XSS($_GET['origin']);
 }
 //delete attachment file
 if ((isset($_GET['action']) && $_GET['action']=='delete_attach') && isset($_GET['id_attach'])) {	
 	delete_attachment(0,$_GET['id_attach']);
 }
 // --------------------------------------
 // 		Displaying the thread (structure)
 // --------------------------------------
@ -230,11 +234,15 @@ else
 if (api_get_course_setting('allow_user_image_forum')) {echo '<br />'.display_user_image($rows[$display_post_id]['user_id'],$name, $origin).'<br />';	}
 echo display_user_link($rows[$display_post_id]['user_id'], $name, $origin).'<br />';
 echo $rows[$display_post_id]['post_date'].'<br /><br />';
 // get attach id
 $attachment_list=get_attachment($display_post_id);
 $id_attach = !empty($attachment_list)?$attachment_list['id']:'';
 // The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum
 // The course admin him/herself can do this off course always
 if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])))
 {
-	echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;origin=".$origin."&amp;post=".$rows[$display_post_id]['post_id']."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
+	echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;origin=".$origin."&amp;post=".$rows[$display_post_id]['post_id']."&id_attach=".$id_attach."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
 }
 if (api_is_allowed_to_edit(false,true)  && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))
 {
@ -331,7 +339,10 @@ if (!empty($attachment_list))
 	echo '<a href="download.php?file=';		
 	echo $realname;
 	echo ' "> '.$user_filename.' </a>';
-	echo '<span class="forum_attach_comment" >'.$attachment_list['comment'].'</span><br />';	
+	echo '<span class="forum_attach_comment" >'.$attachment_list['comment'].'</span>';
 	if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true)  && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])))	{
 		echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
 	}	
 	echo '</td></tr>';		
 }