From b8e40248593871dc79e915da15ad5d14f1cb1e22 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 10 Oct 2012 15:29:18 +0200
Subject: [PATCH] Fixing SQL error when editing groups see #5625

---
 main/group/group.php              | 8 ++++----
 main/group/group_edit.php         | 7 +++----
 main/inc/lib/groupmanager.lib.php | 9 ++++++---
 main/inc/local.inc.php            | 1 -
 4 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/main/group/group.php b/main/group/group.php
index d5be82149a..2734d31c2a 100644
--- a/main/group/group.php
+++ b/main/group/group.php
@@ -307,10 +307,10 @@ foreach ($group_cats as $index => $category) {
 
 			// Edit-links
 			if (api_is_allowed_to_edit(false, true)  && !(api_is_course_coach() && intval($this_group['session_id']) != intval($_SESSION['id_session']))) {
-				$edit_actions = '<a href="group_edit.php?'.api_get_cidreq().'&gidReq='.$this_group['id'].'"  title="'.get_lang('Edit').'">'.Display::return_icon('edit.png', get_lang('EditGroup'),'',ICON_SIZE_SMALL).'</a>&nbsp;';								
-				$edit_actions .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&category='.$category['id'].'&amp;action=empty_one&amp;id='.$this_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;" title="'.get_lang('EmptyGroup').'">'.Display::return_icon('clean.png',get_lang('EmptyGroup'),'',ICON_SIZE_SMALL).'</a>&nbsp;';				
-				$edit_actions .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&category='.$category['id'].'&amp;action=fill_one&amp;id='.$this_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;" title="'.get_lang('FillGroup').'">'.Display::return_icon('fill.png',get_lang('FillGroup'),'',ICON_SIZE_SMALL).'</a>&nbsp;';
-				$edit_actions .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&category='.$category['id'].'&amp;action=delete_one&amp;id='.$this_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;" title="'.get_lang('Delete').'">'.Display::return_icon('delete.png', get_lang('Delete'),'',ICON_SIZE_SMALL).'</a>&nbsp;';
+				$edit_actions = '<a href="group_edit.php?'.api_get_cidreq(true, false).'&gidReq='.$this_group['id'].'"  title="'.get_lang('Edit').'">'.Display::return_icon('edit.png', get_lang('EditGroup'),'',ICON_SIZE_SMALL).'</a>&nbsp;';								
+				$edit_actions .= '<a href="'.api_get_self().'?'.api_get_cidreq(true, false).'&category='.$category['id'].'&amp;action=empty_one&amp;id='.$this_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;" title="'.get_lang('EmptyGroup').'">'.Display::return_icon('clean.png',get_lang('EmptyGroup'),'',ICON_SIZE_SMALL).'</a>&nbsp;';				
+				$edit_actions .= '<a href="'.api_get_self().'?'.api_get_cidreq(true, false).'&category='.$category['id'].'&amp;action=fill_one&amp;id='.$this_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;" title="'.get_lang('FillGroup').'">'.Display::return_icon('fill.png',get_lang('FillGroup'),'',ICON_SIZE_SMALL).'</a>&nbsp;';
+				$edit_actions .= '<a href="'.api_get_self().'?'.api_get_cidreq(true, false).'&category='.$category['id'].'&amp;action=delete_one&amp;id='.$this_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;" title="'.get_lang('Delete').'">'.Display::return_icon('delete.png', get_lang('Delete'),'',ICON_SIZE_SMALL).'</a>&nbsp;';
 				$row[] = $edit_actions;
 			}
 			if (!empty($this_group['nbMember'])) {
diff --git a/main/group/group_edit.php b/main/group/group_edit.php
index c393c99336..f07e590e3d 100644
--- a/main/group/group_edit.php
+++ b/main/group/group_edit.php
@@ -113,9 +113,9 @@ function check_group_members($value) {
 /*	MAIN CODE */
 
 // Build form
-$form = new FormValidator('group_edit');
+$form = new FormValidator('group_edit', 'post', api_get_self().'?'.api_get_cidreq());
 
-$form->addElement('header', '', $nameTools);
+$form->addElement('header', $nameTools);
 $form->addElement('hidden', 'action');
 $form->addElement('hidden', 'referer');
 
@@ -137,8 +137,7 @@ foreach ($complete_user_list as $index => $user) {
 $group_tutor_list = GroupManager :: get_subscribed_tutors($current_group['id']);
 $selected_users = array();
 $selected_tutors = array();
-foreach ($group_tutor_list as $index => $user) {
-    //$possible_users[$user['user_id']] = api_get_person_name($user['firstname'], .$user['lastname']);
+foreach ($group_tutor_list as $index => $user) {    
     $selected_tutors[] = $user['user_id'];
 }
 
diff --git a/main/inc/lib/groupmanager.lib.php b/main/inc/lib/groupmanager.lib.php
index 79f188acbe..ef084358f5 100644
--- a/main/inc/lib/groupmanager.lib.php
+++ b/main/inc/lib/groupmanager.lib.php
@@ -1111,11 +1111,14 @@ class GroupManager {
 	 * @return array An array with information of all users from the given group.
 	 *               (user_id, firstname, lastname, email)
 	 */
-	public static function get_subscribed_users ($group_id) {
+	public static function get_subscribed_users($group_id) {
 		$table_user = Database :: get_main_table(TABLE_MAIN_USER);
 		$table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
 		$order_clause = api_sort_by_first_name() ? ' ORDER BY u.firstname, u.lastname' : ' ORDER BY u.lastname, u.firstname';
-		$group_id = Database::escape_string($group_id);
+        if (empty($group_id)) {
+            return array();
+        }
+		$group_id = intval($group_id);
 		$course_id = api_get_course_int_id();
 		
 		$sql = "SELECT ug.id, u.user_id, u.lastname, u.firstname, u.email, u.username 
@@ -1124,7 +1127,7 @@ class GroupManager {
 					  ug.group_id = $group_id 
                 $order_clause";
 		$db_result = Database::query($sql);
-		$users = array ();
+		$users = array();
 		while ($user = Database::fetch_object($db_result)) {
 			$member['user_id']   = $user->user_id;
 			$member['firstname'] = $user->firstname;
diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php
index eae071a7d8..e3e5a49b40 100644
--- a/main/inc/local.inc.php
+++ b/main/inc/local.inc.php
@@ -823,7 +823,6 @@ if (isset($cidReset) && $cidReset) {
 
 // if the requested group is different from the group in session
 $gid = isset($_SESSION['_gid']) ? $_SESSION['_gid'] : '';
-var_dump($gid);
 if (isset($gidReq) && $gidReq != $gid) {
     $gidReset = true;
 }