diff --git a/main/forum/editpost.php b/main/forum/editpost.php index 8d82f38425..5eea3b37e6 100644 --- a/main/forum/editpost.php +++ b/main/forum/editpost.php @@ -1,5 +1,4 @@ -\n"; echo ''; // the form for the reply -$values=show_edit_post_form($current_post, $current_thread, $current_forum, $_SESSION['formelements']); +$values=show_edit_post_form($current_post, $current_thread, $current_forum, isset($_SESSION['formelements'])?$_SESSION['formelements']:''); if (!empty($values) and $_POST['SubmitPost']) { store_edit_post($values); - $option_chek=$values['thread_qualify_gradebook'];// values 1 or 0 + $option_chek=isset($values['thread_qualify_gradebook'])?$values['thread_qualify_gradebook']:null;// values 1 or 0 if ( 1== $option_chek ) { $id=$values['thread_id']; $title_gradebook=$values['calification_notebook_title']; diff --git a/main/forum/forumfunction.inc.php b/main/forum/forumfunction.inc.php index 62585a055e..aba7b8221d 100644 --- a/main/forum/forumfunction.inc.php +++ b/main/forum/forumfunction.inc.php @@ -1639,9 +1639,9 @@ function store_thread($values) { VALUES ('".$clean_post_title."', '".Database::escape_string($values['forum_id'])."', '".Database::escape_string($_user['user_id'])."', - '".Database::escape_string($values['poster_name'])."', + '".Database::escape_string(isset($values['poster_name'])?$values['poster_name']:null)."', '".Database::escape_string($post_date)."', - '".Database::escape_string($values['thread_sticky'])."'," . + '".Database::escape_string(isset($values['thread_sticky'])?$values['thread_sticky']:null)."'," . "'".Database::escape_string($values['calification_notebook_title'])."'," . "'".Database::escape_string($values['numeric_calification'])."'," . "'".Database::escape_string($values['weight_calification'])."'," . @@ -1651,7 +1651,7 @@ function store_thread($values) { //add option gradebook qualify - if( 1==$values['thread_qualify_gradebook']) { + if(isset($values['thread_qualify_gradebook']) && 1==$values['thread_qualify_gradebook']) { //add function gradebook $coursecode=api_get_course_id(); $resourcetype=5; @@ -1683,9 +1683,9 @@ function store_thread($values) { '".Database::escape_string($last_thread_id)."', '".Database::escape_string($values['forum_id'])."', '".Database::escape_string($_user['user_id'])."', - '".Database::escape_string($values['poster_name'])."', + '".Database::escape_string(isset($values['poster_name'])?$values['poster_name']:null)."', '".Database::escape_string($post_date)."', - '".Database::escape_string($values['post_notification'])."','0', + '".Database::escape_string(isset($values['post_notification'])?$values['post_notification']:null)."','0', '".Database::escape_string($visible)."')"; api_sql_query($sql, __FILE__,__LINE__); $last_post_id=Database::insert_id(); @@ -1738,8 +1738,8 @@ function store_thread($values) { $message.=get_lang('ReturnTo').' '.get_lang('Message').''; } $reply_info['new_post_id'] = $last_post_id; - - if ($values['post_notification'] == 1) { + $my_post_notification=isset($values['post_notification']) ? $values['post_notification'] : null; + if ($my_post_notification == 1) { set_notification('thread',$last_thread_id, true); } @@ -1775,13 +1775,18 @@ function show_add_post_form($action='', $id='', $form_values='') { global $charset; // initiate the object - $form = new FormValidator('thread', 'post', api_get_self().'?forum='.Security::remove_XSS($_GET['forum']).'&thread='.Security::remove_XSS($_GET['thread']).'&post='.Security::remove_XSS($_GET['post']).'&action='.Security::remove_XSS($_GET['action']).'&origin='.$origin); + $my_thread = isset($_GET['thread']) ? $_GET['thread']:''; + $my_forum = isset($_GET['forum']) ? $_GET['forum']:''; + $my_action = isset($_GET['action']) ? $_GET['action']:''; + $my_post = isset($_GET['post']) ? $_GET['post']:''; + $my_gradebook = isset($_GET['gradebook']) ? $_GET['gradebook']:''; + $form = new FormValidator('thread', 'post', api_get_self().'?forum='.Security::remove_XSS($my_forum).'&thread='.Security::remove_XSS($my_thread).'&post='.Security::remove_XSS($my_post).'&action='.Security::remove_XSS($my_action).'&origin='.$origin); $form->setConstants(array('forum' => '5')); // settting the form elements - $form->addElement('hidden', 'forum_id', strval(intval($_GET['forum']))); - $form->addElement('hidden', 'thread_id', strval(intval($_GET['thread']))); - $form->addElement('hidden', 'gradebook', $_GET['gradebook']); + $form->addElement('hidden', 'forum_id', strval(intval($my_forum))); + $form->addElement('hidden', 'thread_id', strval(intval($my_thread))); + $form->addElement('hidden', 'gradebook', $my_gradebook); // if anonymous posts are allowed we also display a form to allow the user to put his name or username in if ($current_forum['allow_anonymous']==1 AND !isset($_user['user_id'])) { @@ -1813,7 +1818,7 @@ function show_add_post_form($action='', $id='', $form_values='') { $info =api_get_user_info($userid); $courseid=api_get_course_id(); - if( (api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && !($_GET['thread']) ){ + if( (api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && !($my_thread) ){ // thread qualify $form->addElement('static','Group', '
'.get_lang('QualifyThread').''); $form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook')); @@ -1838,12 +1843,12 @@ function show_add_post_form($action='', $id='', $form_values='') { // if we are quoting a message we have to retrieve the information of the post we are quoting so that // we can add this as default to the textarea - if (($action=='quote' || $action=='replymessage') && isset($_GET['post'])) { + if (($action=='quote' || $action=='replymessage') && isset($my_post)) { // we also need to put the parent_id of the post in a hidden form when we are quoting or replying to a message (<> reply to a thread !!!) - $form->addElement('hidden', 'post_parent_id', strval(intval($_GET['post']))); // note this has to be cleaned first + $form->addElement('hidden', 'post_parent_id', strval(intval($my_post))); // note this has to be cleaned first // if we are replying or are quoting then we display a default title. - $values=get_post_information($_GET['post']); // note: this has to be cleaned first + $values=get_post_information($my_post); // note: this has to be cleaned first $defaults['post_title']=get_lang('ReplyShort').html_entity_decode($values['post_title'],ENT_QUOTES,$charset); // When we are quoting a message then we have to put that message into the wysiwyg editor. // note: the style has to be hardcoded here because using class="quote" didn't work @@ -1851,7 +1856,7 @@ function show_add_post_form($action='', $id='', $form_values='') { $defaults['post_text']='
 
'.get_lang('Quoting').' '.$values['firstname'].' '.$values['lastname'].':
'.prepare4display($values['post_text']).'
 
 
'; } } - $form->setDefaults($defaults); + $form->setDefaults(isset($defaults)?$defaults:null); // the course admin can make a thread sticky (=appears with special icon and always on top) $form->addRule('post_title', '
'.get_lang('ThisFieldIsRequired'), 'required'); @@ -1875,7 +1880,7 @@ function show_add_post_form($action='', $id='', $form_values='') { $form->display(); echo '
'; if ($forum_setting['show_thread_iframe_on_reply'] and $action<>'newthread') { - echo ""; + echo ""; } } } @@ -2062,13 +2067,13 @@ function store_reply($values) { // We first store an entry in the forum_post table $sql="INSERT INTO $table_posts (post_title, post_text, thread_id, forum_id, poster_id, post_date, post_notification, post_parent_id, visible) VALUES ('".Database::escape_string($values['post_title'])."', - '".Database::escape_string($values['post_text'])."', + '".Database::escape_string(isset($values['post_text']) ? $values['post_text'] : null)."', '".Database::escape_string($values['thread_id'])."', '".Database::escape_string($values['forum_id'])."', '".Database::escape_string($_user['user_id'])."', '".Database::escape_string($post_date)."', - '".Database::escape_string($values['post_notification'])."', - '".Database::escape_string($values['post_parent_id'])."', + '".Database::escape_string(isset($values['post_notification'])?$values['post_notification']:null)."', + '".Database::escape_string(isset($values['post_parent_id'])?$values['post_parent_id']:null)."', '".Database::escape_string($visible)."')"; $result=api_sql_query($sql, __LINE__, __FILE__); $new_post_id=Database::insert_id(); @@ -2124,7 +2129,8 @@ function store_reply($values) { $message.=get_lang('ReturnTo').' '.get_lang('Message').''; // setting the notification correctly - if ($values['post_notification'] == 1) { + $my_post_notification=isset($values['post_notification']) ? $values['post_notification'] :null; + if ($my_post_notification == 1) { set_notification('thread',$values['thread_id'], true); } @@ -2171,7 +2177,7 @@ function show_edit_post_form($current_post, $current_thread, $current_forum, $fo } $form->addElement('text', 'post_title', get_lang('Title'),'class="input_titles"'); $form->addElement('html_editor', 'post_text', get_lang('Text')); - if (!$_GET['edit']) { + if (!isset($_GET['edit'])) { $form->addElement('static','Group', '
'.get_lang('AlterQualifyThread').''); $form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook')); $defaults['thread_qualify_gradebook']=is_resource_in_course_gradebook(api_get_course_id(),5,$_GET['thread'],api_get_session_id()); @@ -2192,7 +2198,7 @@ function show_edit_post_form($current_post, $current_thread, $current_forum, $fo } } if ($current_forum['allow_attachments']=='1' OR api_is_allowed_to_edit()) { - if (empty($form_values) AND !$_POST['SubmitPost']) { + if (empty($form_values) AND !isset($_POST['SubmitPost'])) { //edit_added_resources('forum_post',$current_post['post_id']); } //$form->add_resource_button(); @@ -2245,7 +2251,7 @@ function store_edit_post($values) { // first we check if the change affects the thread and if so we commit the changes (sticky and post_title=thread_title are relevant) if (array_key_exists('is_first_post_of_thread',$values) AND $values['is_first_post_of_thread']=='1') { $sql="UPDATE $table_threads SET thread_title='".Database::escape_string($values['post_title'])."', - thread_sticky='".Database::escape_string($values['thread_sticky'])."'," . + thread_sticky='".Database::escape_string(isset($values['thread_sticky']) ? $values['thread_sticky'] : null)."'," . "thread_title_qualify='".Database::escape_string($values['calification_notebook_title'])."'," . "thread_qualify_max='".Database::escape_string($values['numeric_calification'])."',". "thread_weight='".Database::escape_string($values['weight_calification'])."'". @@ -2257,7 +2263,7 @@ function store_edit_post($values) { // update the post_title and the post_text $sql="UPDATE $table_posts SET post_title='".Database::escape_string($values['post_title'])."', post_text='".Database::escape_string($values['post_text'])."', - post_notification='".Database::escape_string($values['post_notification'])."' + post_notification='".Database::escape_string(isset($values['post_notification'])?$values['post_notification']:null)."' WHERE post_id='".Database::escape_string($values['post_id'])."'"; //error_log($sql); api_sql_query($sql,__FILE__, __LINE__); @@ -2266,7 +2272,8 @@ function store_edit_post($values) { $ccode = api_get_course_id(); $sid = api_get_session_id(); $link_id = is_resource_in_course_gradebook($ccode,5,$values['thread_id'],$sid); - if ($values['thread_qualify_gradebook']!=1) { + $thread_qualify_gradebook=isset($values['thread_qualify_gradebook']) ? $values['thread_qualify_gradebook'] : null; + if ($thread_qualify_gradebook!=1) { if ($link_id !== false) { remove_resource_from_course_gradebook($link_id); } @@ -3103,10 +3110,11 @@ function delete_attachment($id) { $sql = 'DELETE FROM '. $forum_table_attachment.' WHERE post_id ="'.$id.'"'; $result=api_sql_query($sql, __FILE__, __LINE__); - $courseDir = $_course['path'].'/upload/forum'; + $courseDir = $_course['path'].'/upload/forum'; $sys_course_path = api_get_path(SYS_COURSE_PATH); - $updir = $sys_course_path.$courseDir; - $file=$updir.'/'.$attach_list['path']; + $updir = $sys_course_path.$courseDir; + $my_path =isset($attach_list['path']) ? $attach_list['path'] : null; + $file =$updir.'/'.$my_path; api_item_property_update($_course, TOOL_FORUM_ATTACH, $id ,'ForumAttachmentDelete', api_get_user_id()); @@ -3314,7 +3322,9 @@ function send_notifications($forum_id=0, $thread_id=0, $post_id=0) { // the content of the mail $email_subject = get_lang('NewForumPost')." - ".$_course['official_code']; $thread_link= api_get_path('WEB_CODE_PATH').'forum/viewthread.php?'.api_get_cidreq().'&forum='.$forum_id.'&thread='.$thread_id; - $message .= $link; + $my_link=isset($link)?$link:''; + $my_message=isset($message)?$message:''; + $my_message .= $my_link; // users who subscribed to the forum if ($forum_id<>0) { diff --git a/main/forum/iframe_thread.php b/main/forum/iframe_thread.php index 9d0d31f4e1..fe68b2789b 100644 --- a/main/forum/iframe_thread.php +++ b/main/forum/iframe_thread.php @@ -65,7 +65,7 @@ */ // name of the language file that needs to be included $language_file = 'forum'; -$this_section=SECTION_COURSES; +//$this_section=SECTION_COURSES; require_once '../inc/global.inc.php'; /* ------------ ACCESS RIGHTS ------------ */ // notice for unauthorized people. diff --git a/main/forum/index.php b/main/forum/index.php index 5a187bb78a..f638cb7435 100644 --- a/main/forum/index.php +++ b/main/forum/index.php @@ -251,7 +251,7 @@ if ($get_actions!='add' && $get_actions!='edit' ) { // Here we clean the whatnew_post_info array a little bit because to display the icon we // test if $whatsnew_post_info[$forum['forum_id']] is empty or not. if (!empty($whatsnew_post_info)) { - if (is_array($whatsnew_post_info[$forum['forum_id']])) { + if (is_array(isset($whatsnew_post_info[$forum['forum_id']])?$whatsnew_post_info[$forum['forum_id']]:null)) { foreach ($whatsnew_post_info[$forum['forum_id']] as $key_thread_id => $new_post_array) { if (empty($whatsnew_post_info[$forum['forum_id']][$key_thread_id])) { unset($whatsnew_post_info[$forum['forum_id']][$key_thread_id]); @@ -323,6 +323,7 @@ if ($get_actions!='add' && $get_actions!='edit' ) { echo "\t\t"; + if ($forum['forum_of_group']!=='0') { if (is_array($whatsnew_post_info[$forum['forum_id']]) and !empty($whatsnew_post_info[$forum['forum_id']])) { echo icon('../img/forumgroupnew.gif'); @@ -330,8 +331,9 @@ if ($get_actions!='add' && $get_actions!='edit' ) { echo icon('../img/forumgroup.gif', get_lang('GroupForum')); } } else { - if (!empty($whatsnew_post_info)) { - if (is_array($whatsnew_post_info[$forum['forum_id']]) and !empty($whatsnew_post_info[$forum['forum_id']])) { + $my_whatsnew_post_info=isset($my_whatsnew_post_info[$forum['forum_id']])?$my_whatsnew_post_info[$forum['forum_id']]:'';; + if (!empty($my_whatsnew_post_info)) { + if (is_array($my_whatsnew_post_info) and !empty($my_whatsnew_post_info)) { echo icon('../img/forum.gif', get_lang('Forum')); } else { echo icon('../img/forum.gif'); diff --git a/main/forum/newthread.php b/main/forum/newthread.php index 0a62dfdd64..1de4564b81 100644 --- a/main/forum/newthread.php +++ b/main/forum/newthread.php @@ -1,4 +1,4 @@ -'; -$values=show_add_post_form('newthread','', $_SESSION['formelements']); +$values=show_add_post_form('newthread','', isset($_SESSION['formelements'])?$_SESSION['formelements']:null); if (!empty($values) and isset($values['SubmitPost'])) { //add new thread in table forum_thread diff --git a/main/forum/reply.php b/main/forum/reply.php index d1f533aba3..4308ae1c3e 100644 --- a/main/forum/reply.php +++ b/main/forum/reply.php @@ -186,7 +186,10 @@ echo "\t\n"; echo ''; // the form for the reply -$values=show_add_post_form($_GET['action'], $_GET['post'], $_SESSION['formelements']); // note: this has to be cleaned first +$my_action = isset($_GET['action']) ? $_GET['action'] : ''; +$my_post = isset($_GET['post']) ? $_GET['post'] : ''; +$my_elements = isset($_SESSION['formelements']) ? $_SESSION['formelements'] : ''; +$values=show_add_post_form($my_action,$my_post, $my_elements); // note: this has to be cleaned first if (!empty($values) AND $_POST['SubmitPost']) { store_reply($values); diff --git a/main/forum/viewforum.php b/main/forum/viewforum.php index b2013fcbfe..7a8087ce6c 100644 --- a/main/forum/viewforum.php +++ b/main/forum/viewforum.php @@ -64,6 +64,7 @@ $nameTools=get_lang('Forum'); //are we in a lp ? $origin = ''; +$origin_string=''; if (isset($_GET['origin'])) { $origin = Security::remove_XSS($_GET['origin']); $origin_string = '&origin='.$origin; @@ -95,7 +96,8 @@ $userinf=api_get_user_info($userid); // we are getting all the information about the current forum and forum category. // note pcool: I tried to use only one sql statement (and function) for this // but the problem is that the visibility of the forum AND forum cateogory are stored in the item_property table -$current_forum=get_forum_information($_GET['forum']); // note: this has to be validated that it is an existing forum. +$my_forum=isset($_GET['forum'])?$_GET['forum']:''; +$current_forum=get_forum_information($my_forum); // note: this has to be validated that it is an existing forum. $current_forum_category=get_forumcategory_information($current_forum['forum_category']); @@ -105,9 +107,11 @@ $current_forum_category=get_forumcategory_information($current_forum['forum_cate Header and Breadcrumbs ----------------------------------------------------------- */ -$interbreadcrumb[]=array("url" => "index.php?search=".Security::remove_XSS($_GET['search']),"name" => $nameTools); -$interbreadcrumb[]=array("url" => "viewforumcategory.php?forumcategory=".$current_forum_category['cat_id']."&search=".Security::remove_XSS(urlencode($_GET['search'])),"name" => prepare4display($current_forum_category['cat_title'])); -$interbreadcrumb[]=array("url" => "viewforum.php?forum=".Security::remove_XSS($_GET['forum'])."&search=".Security::remove_XSS(urlencode($_GET['search'])),"name" => prepare4display($current_forum['forum_title'])); +$my_search=isset($_GET['search'])?$_GET['search']:''; +$my_action=isset($_GET['action'])?$_GET['action']:''; +$interbreadcrumb[]=array("url" => "index.php?search=".Security::remove_XSS($my_search),"name" => $nameTools); +$interbreadcrumb[]=array("url" => "viewforumcategory.php?forumcategory=".$current_forum_category['cat_id']."&search=".Security::remove_XSS(urlencode($my_search)),"name" => prepare4display($current_forum_category['cat_title'])); +$interbreadcrumb[]=array("url" => "viewforum.php?forum=".Security::remove_XSS($my_forum)."&search=".Security::remove_XSS(urlencode($my_search)),"name" => prepare4display($current_forum['forum_title'])); if ($origin=='learnpath') { include(api_get_path(INCLUDE_PATH).'reduced_header.inc.php'); @@ -124,35 +128,35 @@ if ($origin=='learnpath') { */ $table_link = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK); // Change visibility of a forum or a forum category -if (($_GET['action']=='invisible' OR $_GET['action']=='visible') AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true)) { +if (($my_action=='invisible' OR $my_action=='visible') AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true)) { $message=change_visibility($_GET['content'], $_GET['id'],$_GET['action']);// note: this has to be cleaned first } // locking and unlocking -if (($_GET['action']=='lock' OR $_GET['action']=='unlock') AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true)) { - $message=change_lock_status($_GET['content'], $_GET['id'],$_GET['action']);// note: this has to be cleaned first +if (($my_action=='lock' OR $my_action=='unlock') AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true)) { + $message=change_lock_status($_GET['content'], $_GET['id'],$my_action);// note: this has to be cleaned first } // deleting -if ($_GET['action']=='delete' AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true)) { +if ($my_action=='delete' AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true)) { $message=delete_forum_forumcategory_thread($_GET['content'],$_GET['id']); // note: this has to be cleaned first //delete link $sql_link='DELETE FROM '.$table_link.' WHERE ref_id='.Security::remove_XSS($_GET['id']).' and type=5 and course_code="'.api_get_course_id().'";'; api_sql_query($sql_link); } // moving -if ($_GET['action']=='move' and isset($_GET['thread']) AND api_is_allowed_to_edit(false,true)) { +if ($my_action=='move' and isset($_GET['thread']) AND api_is_allowed_to_edit(false,true)) { $message=move_thread_form(); } // notification -if ($_GET['action'] == 'notify' AND isset($_GET['content']) AND isset($_GET['id'])) { +if ($my_action == 'notify' AND isset($_GET['content']) AND isset($_GET['id'])) { $return_message = set_notification($_GET['content'],$_GET['id']); Display :: display_confirmation_message($return_message,false); } // student list -if ($_GET['action'] == 'liststd' AND isset($_GET['content']) AND isset($_GET['id']) AND $userinf['status']=='1') { +if ($my_action == 'liststd' AND isset($_GET['content']) AND isset($_GET['id']) AND $userinf['status']=='1') { - switch($_GET['list']) { + switch(isset($_GET['list'])) { case "qualify": $student_list=get_thread_users_qualify($_GET['id']); $nrorow3 =-2; @@ -168,7 +172,7 @@ if ($_GET['action'] == 'liststd' AND isset($_GET['content']) AND isset($_GET['id } $table_list = '


'.get_lang('ThreadUsersList').' :'.get_name_thread_by_id($_GET['id']).'

'; if ($nrorow3>0 || $nrorow3==-2) { - $url = 'cidReq='.Security::remove_XSS($_GET['cidReq']).'&forum='.Security::remove_XSS($_GET['forum']).'&action='.Security::remove_XSS($_GET['action']).'&content='.Security::remove_XSS($_GET['content']).'&id='.Security::remove_XSS($_GET['id']); + $url = 'cidReq='.Security::remove_XSS($_GET['cidReq']).'&forum='.Security::remove_XSS($my_forum).'&action='.Security::remove_XSS($_GET['action']).'&content='.Security::remove_XSS($_GET['content']).'&id='.Security::remove_XSS($_GET['id']); $table_list.= '
@@ -194,7 +198,7 @@ if ($_GET['action'] == 'liststd' AND isset($_GET['content']) AND isset($_GET['id $table_list.= ''; } $table_list.= ''; - $max_qualify=show_qualify('2',$_GET['cidReq'],$_GET['forum'],$userid,$_GET['id']); + $max_qualify=show_qualify('2',$_GET['cidReq'],$my_forum,$userid,$_GET['id']); $counter_stdlist=0; while ($row_student_list=Database::fetch_array($student_list)) { if ($counter_stdlist%2==0) { @@ -203,13 +207,13 @@ if ($_GET['action'] == 'liststd' AND isset($_GET['content']) AND isset($_GET['id $class_stdlist="row_even"; } $name_user_theme = $row_student_list['firstname'].' '.$row_student_list['lastname']; - $table_list.= ''; + $table_list.= ''; if ($_GET['list']=='qualify') { $table_list.= ''; } if ($userinf['status']=='1') { - $current_qualify_thread=show_qualify('1',$_GET['cidReq'],$_GET['forum'],$row_student_list['user_id'],$_GET['id']); - $table_list.= ''; + $current_qualify_thread=show_qualify('1',$_GET['cidReq'],$my_forum,$row_student_list['user_id'],$_GET['id']); + $table_list.= ''; } $counter_stdlist++; } @@ -257,7 +261,7 @@ echo ''.search_link().''; // 3. a visitor is here and new threads AND allowed AND anonymous posts are allowed if (api_is_allowed_to_edit(false,true) OR ($current_forum['allow_new_threads']==1 AND isset($_user['user_id'])) OR ($current_forum['allow_new_threads']==1 AND !isset($_user['user_id']) AND $current_forum['allow_anonymous']==1)) { if ($current_forum['locked'] <> 1 AND $current_forum['locked'] <> 1) { - echo ''.Display::return_icon('forumthread_new.gif',get_lang('NewTopic')).' '.get_lang('NewTopic').''; + echo ''.Display::return_icon('forumthread_new.gif',get_lang('NewTopic')).' '.get_lang('NewTopic').''; } else { echo get_lang('ForumLocked'); } @@ -302,9 +306,9 @@ echo "\t\t\n"; echo "\t\n"; // getting al the threads -$threads=get_threads($_GET['forum']); // note: this has to be cleaned first +$threads=get_threads($my_forum); // note: this has to be cleaned first -$whatsnew_post_info=$_SESSION['whatsnew_post_info']; +$whatsnew_post_info=isset($_SESSION['whatsnew_post_info'])?$_SESSION['whatsnew_post_info']:null; $counter=0; if(is_array($threads)) { @@ -318,7 +322,8 @@ if(is_array($threads)) { } echo "\t\n"; echo "\t\t\n"; echo "\t\t\n"; + echo "".prepare4display($row['thread_title'])."\n"; echo "\t\t\n"; if ($row['user_id']=='0') { $name=prepare4display($row['thread_poster_name']); @@ -368,22 +373,22 @@ if(is_array($threads)) { echo "\t\t\n"; echo "\t\t\n"; echo "\t\n"; @@ -394,7 +399,7 @@ if(is_array($threads)) { } } echo "
'.get_lang('Qualify').'
'.$name_user_theme.'
'.$name_user_theme.''.$row_student_list['qualify'].'/'.$max_qualify.''.icon('../img/'.$icon_qualify,get_lang('Qualify')).'
'.icon('../img/'.$icon_qualify,get_lang('Qualify')).'
".get_lang('Actions')."
"; - if (is_array($whatsnew_post_info[$_GET['forum']][$row['thread_id']]) and !empty($whatsnew_post_info[$_GET['forum']][$row['thread_id']])) { + $my_whatsnew_post_info=isset($whatsnew_post_info[$my_forum][$row['thread_id']])?$whatsnew_post_info[$my_forum][$row['thread_id']]:null; + if (is_array($my_whatsnew_post_info) and !empty($my_whatsnew_post_info)) { echo icon('../img/forumthread.gif'); } else { echo icon('../img/forumthread.gif'); @@ -329,7 +334,7 @@ if(is_array($threads)) { } echo ""; - echo "".prepare4display($row['thread_title'])."".$row['thread_replies']."".$last_post.""; if (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) { - echo "".icon('../img/edit.gif',get_lang('Edit'))."\n"; - echo "".icon('../img/delete.gif',get_lang('Delete')).""; - display_visible_invisible_icon('thread', $row['thread_id'], $row['visibility'], array("forum"=>$_GET['forum'],'origin'=>$origin)); - display_lock_unlock_icon('thread',$row['thread_id'], $row['locked'], array("forum"=>$_GET['forum'],'origin'=>$origin)); - echo "".icon('../img/deplacer_fichier.gif',get_lang('MoveThread')).""; + echo "".icon('../img/edit.gif',get_lang('Edit'))."\n"; + echo "".icon('../img/delete.gif',get_lang('Delete')).""; + display_visible_invisible_icon('thread', $row['thread_id'], $row['visibility'], array("forum"=>$my_forum,'origin'=>$origin)); + display_lock_unlock_icon('thread',$row['thread_id'], $row['locked'], array("forum"=>$my_forum,'origin'=>$origin)); + echo "".icon('../img/deplacer_fichier.gif',get_lang('MoveThread')).""; } $iconnotify = 'send_mail.gif'; - if (is_array($_SESSION['forum_notification']['thread'])) { + if (is_array(isset($_SESSION['forum_notification']['thread'])?$_SESSION['forum_notification']['thread']:null)) { if (in_array($row['thread_id'],$_SESSION['forum_notification']['thread'])) { $iconnotify = 'send_mail_checked.gif'; } } $icon_liststd = 'group.gif'; - echo "".icon('../img/'.$iconnotify,get_lang('NotifyMe')).""; + echo "".icon('../img/'.$iconnotify,get_lang('NotifyMe')).""; if ($userinf['status']=='1') { - echo ''.icon('../img/'.$icon_liststd,get_lang('StudentList')).''; + echo ''.icon('../img/'.$icon_liststd,get_lang('StudentList')).''; } echo "
"; -echo $table_list; +echo isset($table_list)?$table_list:''; /* ============================================================================== FOOTER diff --git a/main/forum/viewforumcategory.php b/main/forum/viewforumcategory.php index 1dc350d789..ffcf2ac863 100644 --- a/main/forum/viewforumcategory.php +++ b/main/forum/viewforumcategory.php @@ -258,19 +258,20 @@ if ($action_forums!='add') { } } //echo '
'; - + $form_count=isset($form_count)?$form_count:0; if ($show_forum === true) { $form_count++; echo "\t\n"; echo "\t\t"; + $my_whatsnew_post_info=isset($whatsnew_post_info[$forum['forum_id']])?$whatsnew_post_info[$forum['forum_id']]:null; if ($forum['forum_of_group']!=='0') { - if (is_array($whatsnew_post_info[$forum['forum_id']]) and !empty($whatsnew_post_info[$forum['forum_id']])) { + if (is_array($my_whatsnew_post_info) and !empty($my_whatsnew_post_info)) { echo icon('../img/forumgroupnew.gif'); } else { echo icon('../img/forumgroup.gif', get_lang('GroupForum')); } } else { - if (is_array($whatsnew_post_info[$forum['forum_id']]) and !empty($whatsnew_post_info[$forum['forum_id']])) { + if (is_array($my_whatsnew_post_info) and !empty($my_whatsnew_post_info)) { echo icon('../img/forum.gif', get_lang('Forum')); } else { echo icon('../img/forum.gif'); @@ -282,11 +283,13 @@ if ($action_forums!='add') { } else { $session_displayed = ''; } - echo "\t\t".prepare4display($forum['forum_title']).$session_displayed.'
'.prepare4display($forum['forum_comment'])."\n"; + echo "\t\t".prepare4display($forum['forum_title']).$session_displayed.'
'.prepare4display($forum['forum_comment'])."\n"; //$number_forum_topics_and_posts=get_post_topics_of_forum($forum['forum_id']); // deprecated // the number of topics and posts - echo "\t\t".$forum['number_of_threads']."\n"; - echo "\t\t".$forum['number_of_posts']."\n"; + $my_number_threads=isset($forum['number_of_threads']) ? $forum['number_of_threads'] : ''; + $my_number_posts=isset($forum['number_of_posts']) ? $forum['number_of_posts'] : ''; + echo "\t\t".$my_number_threads."\n"; + echo "\t\t".$my_number_posts."\n"; // the last post in the forum if ($forum['last_poster_name']<>'') { $name=$forum['last_poster_name']; @@ -301,7 +304,7 @@ if ($action_forums!='add') { } echo "\n"; echo "\t\t"; - if (api_is_allowed_to_edit(false,true) && !($forum['session_id']==0 && intval($_SESSION['id_session'])!=0)) { + if (api_is_allowed_to_edit(false,true) && !($forum['session_id']==0 && intval(isset($_SESSION['id_session'])?$_SESSION['id_session']:null)!=0)) { echo "".icon('../img/edit.gif',get_lang('Edit')).""; echo "".icon('../img/delete.gif',get_lang('Delete')).""; display_visible_invisible_icon('forum',$forum['forum_id'], $forum['visibility'], array("forumcategory"=>$_GET['forumcategory'])); @@ -309,7 +312,7 @@ if ($action_forums!='add') { display_up_down_icon('forum',$forum['forum_id'], $forums_in_category); } $iconnotify = 'send_mail.gif'; - if (is_array($_SESSION['forum_notification']['forum'])) { + if (is_array(isset($_SESSION['forum_notification']['forum'])?$_SESSION['forum_notification']['forum']:null)) { if (in_array($forum['forum_id'],$_SESSION['forum_notification']['forum'])) { $iconnotify = 'send_mail_checked.gif'; } diff --git a/main/forum/viewthread.php b/main/forum/viewthread.php index 8a50bab10e..7dd8eddb5d 100644 --- a/main/forum/viewthread.php +++ b/main/forum/viewthread.php @@ -1,4 +1,4 @@ - get_lang('Gradebook') ); } +$my_search=isset($_GET['search']) ? $_GET['search'] : ''; if ($origin=='learnpath') { include(api_get_path(INCLUDE_PATH).'reduced_header.inc.php'); } else { - $interbreadcrumb[]=array("url" => "index.php?search=".Security::remove_XSS(urlencode($_GET['search'])),"name" => $nameTools); - $interbreadcrumb[]=array("url" => "viewforumcategory.php?forumcategory=".$current_forum_category['cat_id']."&search=".Security::remove_XSS(urlencode($_GET['search'])),"name" => prepare4display($current_forum_category['cat_title'])); + $interbreadcrumb[]=array("url" => "index.php?search=".Security::remove_XSS(urlencode($my_search)),"name" => $nameTools); + $interbreadcrumb[]=array("url" => "viewforumcategory.php?forumcategory=".$current_forum_category['cat_id']."&search=".Security::remove_XSS(urlencode($my_search)),"name" => prepare4display($current_forum_category['cat_title'])); if (isset($_GET['gradebook']) and $_GET['gradebook']=='view') { $info_thread=get_thread_information(Security::remove_XSS($_GET['thread'])); - $interbreadcrumb[]=array("url" => "viewforum.php?forum=".$info_thread['forum_id']."&search=".Security::remove_XSS(urlencode($_GET['search'])),"name" => prepare4display($current_forum['forum_title'])); + $interbreadcrumb[]=array("url" => "viewforum.php?forum=".$info_thread['forum_id']."&search=".Security::remove_XSS(urlencode($my_search)),"name" => prepare4display($current_forum['forum_title'])); } else { - $interbreadcrumb[]=array("url" => "viewforum.php?forum=".Security::remove_XSS($_GET['forum'])."&search=".Security::remove_XSS(urlencode($_GET['search'])),"name" => prepare4display($current_forum['forum_title'])); + $interbreadcrumb[]=array("url" => "viewforum.php?forum=".Security::remove_XSS($_GET['forum'])."&search=".Security::remove_XSS(urlencode($my_search)),"name" => prepare4display($current_forum['forum_title'])); } - if ($message<>'PostDeletedSpecial') { + if (isset($message) && $message<>'PostDeletedSpecial') { if (isset($_GET['gradebook']) and $_GET['gradebook']=='view') { $info_thread=get_thread_information(Security::remove_XSS($_GET['thread'])); $interbreadcrumb[]=array("url" => "viewthread.php?forum=".$info_thread['forum_id']."&gradebook=".Security::remove_XSS($_GET['gradebook'])."&thread=".Security::remove_XSS($_GET['thread']),"name" => prepare4display($current_thread['thread_title'])); @@ -136,13 +137,14 @@ if (!api_is_allowed_to_edit(false,true) AND ($current_forum['visibility']==0 OR Actions ----------------------------------------------------------- */ -if ($_GET['action']=='delete' AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true)) { +$my_action = isset($_GET['action']) ? $_GET['action'] : ''; +if ($my_action=='delete' AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true)) { $message=delete_post($_GET['id']); // note: this has to be cleaned first } -if (($_GET['action']=='invisible' OR $_GET['action']=='visible') AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true)) { +if (($my_action=='invisible' OR $my_action=='visible') AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true)) { $message=approve_post($_GET['id'],$_GET['action']); // note: this has to be cleaned first } -if ($_GET['action']=='move' and isset($_GET['post'])) { +if ($my_action=='move' and isset($_GET['post'])) { $message=move_post_form(); } @@ -151,11 +153,12 @@ if ($_GET['action']=='move' and isset($_GET['post'])) { Display the action messages ----------------------------------------------------------- */ -if (isset($message)) { - Display :: display_confirmation_message(get_lang($message)); +$my_message = isset($message) ? $message : ''; +if ($my_message) { + Display :: display_confirmation_message(get_lang($my_message)); } -if ($message<>'PostDeletedSpecial') { +if ($my_message<>'PostDeletedSpecial') { // in this case the first and only post of the thread is removed // this increases the number of times the thread has been viewed increase_thread_view($_GET['thread']); @@ -166,7 +169,7 @@ if ($message<>'PostDeletedSpecial') { */ echo '
'; echo '
'; - $my_url = ''.get_lang('FlatView').' | '; echo $my_url.'&view=threaded&origin='.$origin.'">'.get_lang('ThreadedView').' | '; echo $my_url.'&view=nested&origin='.$origin.'">'.get_lang('NestedView').''; @@ -205,7 +208,7 @@ if ($message<>'PostDeletedSpecial') { ----------------------------------------------------------- */ - if (!$_SESSION['view']) { + if (!isset($_SESSION['view'])) { $viewmode=$current_forum['default_view']; } else { $viewmode=$_SESSION['view']; @@ -241,7 +244,7 @@ if ($message<>'PostDeletedSpecial') { echo prepare4display($current_forum['forum_title']).'
'; echo "\n"; echo "\t\n"; - echo ''.prepare4display($current_thread['thread_comment']).''; + echo ''.prepare4display(isset($current_thread['thread_comment'])?$current_thread['thread_comment']:'').''; echo ""; switch ($viewmode) {