Fixing Statistics::get_activities_data() function adding intval function to incoming parameters

16 years ago · bf1c1653cc
parent b74590c4fa
commit bf1c1653cc
1 changed files with 14 additions and 8 deletions
--- a/main/admin/statistics/statistics.lib.php
+++ b/main/admin/statistics/statistics.lib.php
@ -30,8 +30,7 @@ class Statistics
 	{
 		$course_table = Database :: get_main_table(TABLE_MAIN_COURSE);
 		$sql = "SELECT COUNT(*) AS number FROM ".$course_table." ";
-		if (isset ($category_code))
-		{
+		if (isset ($category_code)) {
 			$sql .= " WHERE category_code = '".Database::escape_string($category_code)."'";
 		}
 		$res = Database::query($sql);
@ -53,8 +52,7 @@ class Statistics
 		$user_table 		= Database :: get_main_table(TABLE_MAIN_USER);

 		$sql = "SELECT COUNT(DISTINCT(user_id)) AS number FROM $user_table WHERE status = ".intval(Database::escape_string($status))." ";
-		if (isset ($category_code))
-		{
+		if (isset ($category_code)) {
 			$sql = "SELECT COUNT(DISTINCT(cu.user_id)) AS number FROM $course_user_table cu, $course_table c WHERE cu.status = ".intval(Database::escape_string($status))." AND c.code = cu.course_code AND c.category_code = '".Database::escape_string($category_code)."'  ";
 		}
 		$res = Database::query($sql);
@ -92,6 +90,14 @@ class Statistics
 		$table_user = Database::get_main_table(TABLE_MAIN_USER);
 		$table_course = Database::get_main_table(TABLE_MAIN_COURSE);
 		
+		$column 		 = intval($column);
+		$from 			 = intval($from);
+		$number_of_items = intval($number_of_items);
+		
+		if(!in_array($direction, array('ASC','DESC'))){
+        	$direction = 'DESC';
+		}        	
+
 		$sql = "SELECT
 				 	default_event_type  as col0,
 					default_value_type	as col1,