Add variables filtering. Remove backticks - refs #7229

main/inc/ajax/skill.ajax.php

@@ -131,14 +131,14 @@ switch ($action) {
         break;
     case 'get_skills_tree_json':        
         $user_id    = isset($_REQUEST['load_user']) && $_REQUEST['load_user'] == 1 ? api_get_user_id() : 0;
-        $skill_id   = isset($_REQUEST['skill_id']) ? $_REQUEST['skill_id'] : 0;
-        $depth      = isset($_REQUEST['main_depth']) ? $_REQUEST['main_depth'] : 2;        
+        $skill_id   = isset($_REQUEST['skill_id']) ? intval($_REQUEST['skill_id']) : 0;
+        $depth      = isset($_REQUEST['main_depth']) ? intval($_REQUEST['main_depth']) : 2;        
         $all = $skill->get_skills_tree_json($user_id, $skill_id, false, $depth);
         echo $all;
         break;
     case 'get_user_skill':
         $userId = api_get_user_id();
-        $skillId = isset($_REQUEST['profile_id']) ? $_REQUEST['profile_id'] : 0;
+        $skillId = isset($_REQUEST['profile_id']) ? intval($_REQUEST['profile_id']) : 0;
         $skill = $skill->user_has_skill($userId, $skillId);
         if ($skill) {
             echo 1;
@@ -153,12 +153,12 @@ switch ($action) {
         echo Display::$global_template->fetch('default/skill/user_skills.tpl');
         break;
     case 'get_gradebook_info':
-        $id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
+        $id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : null;
         $info = $gradebook->get($id);                    
         echo json_encode($info);
         break;  
     case 'load_children':
-        $id             = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
+        $id             = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : null;
         $load_user_data = isset($_REQUEST['load_user_data']) ? $_REQUEST['load_user_data'] : null;
         $skills = $skill->get_children($id, $load_user_data);
         
@@ -166,9 +166,10 @@ switch ($action) {
         foreach ($skills as $skill) {
             if (isset($skill['data']) && !empty($skill['data'])) {
                 $return[$skill['data']['id']] = array(
-                                                    'id'    => $skill['data']['id'],
-                                                    'name'  => $skill['data']['name'], 
-                                                    'passed'=> $skill['data']['passed']);
+                    'id'    => $skill['data']['id'],
+                    'name'  => $skill['data']['name'], 
+                    'passed'=> $skill['data']['passed']
+                );
             }
         }
         $success = true;
@@ -183,15 +184,15 @@ switch ($action) {
         echo json_encode($result);
         break;
     case 'load_direct_parents':
-        $id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
+        $id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : null;
         $skills = $skill->get_direct_parents($id);        
         $return = array();
         foreach($skills as $skill) {
             $return [$skill['data']['id']] = array (
-                                                'id'        => $skill['data']['id'],
-                                                'parent_id' => $skill['data']['parent_id'],
-                                                'name'      => $skill['data']['name']
-                                                );
+                'id'        => $skill['data']['id'],
+                'parent_id' => $skill['data']['parent_id'],
+                'name'      => $skill['data']['name']
+            );
         }
         echo json_encode($return);        
         break;
@@ -285,7 +286,7 @@ switch ($action) {
         break;             
     case 'get_profile':
         $skillRelProfile = new SkillRelProfile();
-        $profileId = isset($_REQUEST['profile_id']) ? $_REQUEST['profile_id'] : null;
+        $profileId = isset($_REQUEST['profile_id']) ? intval($_REQUEST['profile_id']) : null;
         $profile = $skillRelProfile->getProfileInfo($profileId);
         echo json_encode($profile);
         break; 
@@ -295,7 +296,7 @@ switch ($action) {
             $params = $_REQUEST;
             //$params['skills'] = isset($_SESSION['skills']) ? $_SESSION['skills'] : null; 
             $params['skills'] = $params['skill_id'];
-            $profileId = isset($_REQUEST['profile']) ? $_REQUEST['profile'] : null;
+            $profileId = isset($_REQUEST['profile']) ? intval($_REQUEST['profile']) : null;
             if ($profileId > 0) {
                 $skill_data = $skill_profile->UpdateProfileInfo($profileId,$params['name'],$params['description']);
             } else {
@@ -319,4 +320,4 @@ switch ($action) {
     default:
         echo '';
 }
-exit;
+exit;

main/inc/lib/skill.lib.php

@@ -35,14 +35,19 @@ class SkillProfile extends Model
     * @param string $name
     * @param string $description
     */
-
     public function UpdateProfileInfo($profileId, $name, $description)
     {
-        $sql = "UPDATE $this->table SET `name` = '$name', `description` = '$description' WHERE id = $profileId ";
+        $sql = "UPDATE $this->table SET name = '$name', description = '$description' WHERE id = $profileId ";
         $result = Database::query($sql);
         return $result;
     }
 
+    /**
+     * Call the save method of the parent class and the SkillRelProfile object
+     * @param array Params
+     * @param bool Whether to show the query in parent save() method
+     * @return mixed Profile ID or false if incomplete params
+     */
     public function save($params, $show_query = false)
     {
         if (!empty($params)) {
@@ -91,7 +96,7 @@ class SkillRelProfile extends Model
 
     public function getProfileInfo($profileId)
     { 
-        $sql = "SELECT * FROM $this->table p INNER JOIN $this->tableProfile pr ON(pr.id = p.profile_id) WHERE p.profile_id = $profileId ";
+        $sql = "SELECT * FROM $this->table p INNER JOIN $this->tableProfile pr ON(pr.id = p.profile_id) WHERE p.profile_id = ".intval($profileId);
         $result = Database::query($sql);
         $profileData = Database::fetch_array($result, 'ASSOC');
         return $profileData;

main/template/default/skill/skill_wheel.js.tpl

@@ -496,7 +496,7 @@ function load_nodes(load_skill_id, main_depth, extra_parent_id) {
     //.size([1, 2])
     .value(function(d) {
         //return 5.8 - d.depth;
-        //When having more than 4 children seems that the code above doesnt work
+        //When having more than 4 children seems that the code above does not work
         return 1;
     });