merge

16 years ago · c18d531ae6
parent ad430e9bf4 ea112baa0f
commit c18d531ae6
17 changed files with 679 additions and 672 deletions
--- a/main/forum/forumfunction.inc.php
+++ b/main/forum/forumfunction.inc.php
@ -2229,8 +2229,8 @@ function store_reply($values) {
 	if ($upload_ok) {
 		// We first store an entry in the forum_post table
 		$sql="INSERT INTO $table_posts (post_title, post_text, thread_id, forum_id, poster_id, post_date, post_notification, post_parent_id, visible)
-				VALUES ('".Database::escape_string(Security::remove_XSS($values['post_title']))."',
+				VALUES ('".Database::escape_string($values['post_title'])."',
-						'".Database::escape_string(isset($values['post_text']) ? Security::remove_XSS(stripslashes(api_html_entity_decode($values['post_text'])),COURSEMANAGERLOWSECURITY) : null)."',
+						'".Database::escape_string(isset($values['post_text']) ? (api_html_entity_decode($values['post_text'])) : null)."',
 						'".Database::escape_string($values['thread_id'])."',
 						'".Database::escape_string($values['forum_id'])."',
 						'".Database::escape_string($_user['user_id'])."',
@ -2265,7 +2265,7 @@ function store_reply($values) {
 				// Storing the attachments if any
 				if ($result) {
 					$sql='INSERT INTO '.$forum_table_attachment.'(filename,comment, path, post_id,size) '.
-						 "VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$new_post_id."', '".$_FILES['user_upload']['size']."' )";
+						 "VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$new_post_id."', '".intval($_FILES['user_upload']['size'])."' )";
 					$result=Database::query($sql);
 					$message.=' / '.get_lang('FileUploadSucces');
 					$last_id=Database::insert_id();
--- a/main/forum/reply.php
+++ b/main/forum/reply.php
@ -215,7 +215,7 @@ $my_elements = isset($_SESSION['formelements']) ? $_SESSION['formelements'] : ''
 $values=show_add_post_form(Security::remove_XSS($my_action,$my_post, $my_elements)); // note: this has to be cleaned first
 if (!empty($values) AND isset($_POST['SubmitPost'])) {
-	store_reply(Security::remove_XSS($values));
+	store_reply($values);
 }
 /*
--- a/main/forum/viewthread_flat.inc.php
+++ b/main/forum/viewthread_flat.inc.php
@ -107,17 +107,12 @@ foreach ($rows as $row) {
 		$post_image.=icon('../img/forumnotification.gif',get_lang('YouWillBeNotified'));
 	}
 	// The post title
-	echo "\t\t<td class=\"$titleclass\">".prepare4display($row['post_title'])."</td>\n";
+	echo "\t\t<td class=\"$titleclass\">".prepare4display(Security::remove_XSS($row['post_title'], STUDENT))."</td>\n";
 	echo "\t</tr>\n";
 	// The post message
 	//we can see now the html tags
 	$row['post_text']= Security::remove_XSS($row['post_text'], STUDENT);
 	echo "\t<tr>\n";
-	echo "\t\t<td class=\"$messageclass\">".prepare4display($row['post_text'])."</td>\n";
+	echo "\t\t<td class=\"$messageclass\">".prepare4display(Security::remove_XSS($row['post_text'], STUDENT))."</td>\n";
 	echo "\t</tr>\n";
 	// The check if there is an attachment
--- a/main/forum/viewthread_nested.inc.php
+++ b/main/forum/viewthread_nested.inc.php
@ -105,15 +105,12 @@ foreach ($rows as $post) {
 		$post_image.=icon('../img/forumnotification.gif',get_lang('YouWillBeNotified'));
 	}
 	// The post title
-	echo "\t\t<td class=\"$titleclass\">".prepare4display($post['post_title'])."</td>\n";
+	echo "\t\t<td class=\"$titleclass\">".prepare4display(Security::remove_XSS($post['post_title'], STUDENT))."</td>\n";
 	echo "\t</tr>\n";
 	// The post message		
 	$post['post_text']= Security::remove_XSS($post['post_text'], STUDENT);
 	echo "\t<tr>\n";
-	echo "\t\t<td class=\"$messageclass\">".prepare4display($post['post_text'])."</td>\n";
+	echo "\t\t<td class=\"$messageclass\">".prepare4display(Security::remove_XSS($post['post_text'], STUDENT))."</td>\n";
 	echo "\t</tr>\n";
--- a/main/forum/viewthread_threaded.inc.php
+++ b/main/forum/viewthread_threaded.inc.php
@ -36,6 +36,7 @@
 $rows	= get_posts($_GET['thread']); // note: this has to be cleaned first
 $rows	= calculate_children($rows);
 if ($_GET['post']) {
 	$display_post_id	= intval($_GET['post']); // note: this has to be cleaned first
 } else {
@ -62,8 +63,7 @@ $thread_structure="<div class=\"structure\">".get_lang('Structure')."</div>";
 $counter=0;
 $count=0;
 $prev_next_array=array();
-foreach ($rows as $post)
+foreach ($rows as $post) {
 {
 	$counter++;
 	$indent=$post['indent_cnt']*'20';
 	$thread_structure.= "<div style=\"margin-left: ".$indent."px;\">";
@ -79,7 +79,7 @@ foreach ($rows as $post)
 	$thread_structure.= $post_image;
 	if ($_GET['post']==$post['post_id'] OR ($counter==1 AND !isset($_GET['post'])))
 	{
-		$thread_structure.='<strong>'.prepare4display($post['post_title']).'</strong></div>';
+		$thread_structure.='<strong>'.prepare4display(Security::remove_XSS($post['post_title'],STUDENT)).'</strong></div>';
 		$prev_next_array[]=$post['post_id'];
 	}
 	else
@ -93,7 +93,7 @@ foreach ($rows as $post)
 			$class='';
 		}
 		$count_loop=($count==0)?'&id=1' : '';
-		$thread_structure.= "<a href=\"viewthread.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;post=".$post['post_id']."&amp;origin=$origin$count_loop\" $class>".prepare4display($post['post_title'])."</a></div>\n";
+		$thread_structure.= "<a href=\"viewthread.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;post=".$post['post_id']."&amp;origin=$origin$count_loop\" $class>".prepare4display(Security::remove_XSS($post['post_title'],STUDENT))."</a></div>\n";
 		$prev_next_array[]=$post['post_id'];
 	}
 	$count++;
@ -159,8 +159,7 @@ echo '</center>';
 //--------------------------------------------------------------------------------------------
 // the style depends on the status of the message: approved or not
-if ($rows[$display_post_id]['visible']=='0')
+if ($rows[$display_post_id]['visible']=='0') {
 {
 	$titleclass='forum_message_post_title_2_be_approved';
 	$messageclass='forum_message_post_text_2_be_approved';
 	$leftclass='forum_message_left_2_be_approved';
@ -277,13 +276,12 @@ if ($rows[$display_post_id]['post_notification']=='1' AND $rows[$display_post_id
 	$post_image.=icon('../img/forumnotification.gif',get_lang('YouWillBeNotified'));
 }
 // The post title
-echo "\t\t<td class=\"$titleclass\">".prepare4display(Security::remove_XSS($rows[$display_post_id]['post_title']))."</td>\n";
+echo "\t\t<td class=\"$titleclass\">".prepare4display(Security::remove_XSS($rows[$display_post_id]['post_title'], STUDENT))."</td>\n";
 echo "\t</tr>\n";
 // The post message
 echo "\t<tr>\n";
-echo "\t\t<td class=\"$messageclass\">".prepare4display(Security::remove_XSS($rows[$display_post_id]['post_text']), STUDENT)."</td>\n";
+echo "\t\t<td class=\"$messageclass\">".prepare4display(Security::remove_XSS($rows[$display_post_id]['post_text'], STUDENT))."</td>\n";
 echo "\t</tr>\n";
 // The check if there is an attachment
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -4036,13 +4036,14 @@ function api_get_access_url_from_user($user_id) {
 }
 /**
- * @author florespaz@bidsoftperu.com
+ * Gets the status of a user in a course
- * @param integer $user_id
+ * @param	int 	user_id
- * @param string $course_code
+ * @param	string 	course_code
- * @return integer status
+ * @return	int 	user status
 */
 function api_get_status_of_user_in_course ($user_id, $course_code) {
 	$tbl_rel_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
 	if (!empty($user_id) && !empty($course_code)) {
 		$user_id 	 = Database::escape_string(intval($user_id));
 		$course_code = Database::escape_string($course_code);
 		$sql = 'SELECT status FROM '.$tbl_rel_course_user.'
@ -4050,6 +4051,9 @@ function api_get_status_of_user_in_course ($user_id, $course_code) {
 		$result = Database::query($sql);
 		$row_status = Database::fetch_array($result, 'ASSOC');
 		return $row_status['status'];
 	} else {
 		return 0;
 	}
 }
 /**
--- a/main/install/install.lib.php
+++ b/main/install/install.lib.php
--- a/main/install/update-db-1.6.x-1.8.0.inc.php
+++ b/main/install/update-db-1.6.x-1.8.0.inc.php
@ -26,7 +26,8 @@
 // Check if we come from index.php or update_courses.php - otherwise display error msg
 if (defined('SYSTEM_INSTALLATION') || defined('DOKEOS_COURSE_UPDATE')) {
-	// Check if the current Dokeos install is elligible for update
+
 	// Check if the current Dokeos install is eligible for update
 	if (empty($updateFromConfigFile) || !file_exists($_POST['updatePath'].$updateFromConfigFile) || !in_array(get_config_param('clarolineVersion'), $update_from_version_6)) {
 		echo '<strong>'.get_lang('Error').' !</strong> Dokeos '.implode('|', $updateFromVersion).' '.get_lang('HasNotBeenFound').'.<br /><br />
--- a/main/install/update-db-1.8.0-1.8.2.inc.php
+++ b/main/install/update-db-1.8.0-1.8.2.inc.php
@ -27,7 +27,7 @@
 // Check if we come from index.php or update_courses.php - otherwise display error msg
 if (defined('SYSTEM_INSTALLATION') || defined('DOKEOS_COURSE_UPDATE')) {
-	//check if the current Dokeos install is elligible for update
+	// Check if the current Dokeos install is eligible for update
 	if (!file_exists('../inc/conf/configuration.php')) {
 		echo '<strong>'.get_lang('Error').' !</strong> Dokeos '.implode('|', $updateFromVersion).' '.get_lang('HasNotBeenFound').'.<br /><br />
 								'.get_lang('PleasGoBackToStep1').'.
--- a/main/install/update-db-1.8.2-1.8.3.inc.php
+++ b/main/install/update-db-1.8.2-1.8.3.inc.php
@ -24,10 +24,10 @@
 ==============================================================================
 */
-//check if we come from index.php or update_courses.php - otherwise display error msg
+// Check if we come from index.php or update_courses.php - otherwise display error msg
 if (defined('SYSTEM_INSTALLATION') || defined('DOKEOS_COURSE_UPDATE')) {
-	// Check if the current Dokeos install is elligible for update
+	// Check if the current Dokeos install is eligible for update
 	if (!file_exists('../inc/conf/configuration.php')) {
 		echo '<strong>'.get_lang('Error').' !</strong> Dokeos '.implode('|', $updateFromVersion).' '.get_lang('HasNotBeenFound').'.<br /><br />
 								'.get_lang('PleasGoBackToStep1').'.
--- a/main/install/update-db-1.8.3-1.8.4.inc.php
+++ b/main/install/update-db-1.8.3-1.8.4.inc.php
@ -26,7 +26,8 @@
 // Check if we come from index.php or update_courses.php - otherwise display error msg
 if (defined('SYSTEM_INSTALLATION') || defined('DOKEOS_COURSE_UPDATE')) {
-	//check if the current Dokeos install is elligible for update
+
 	// Check if the current Dokeos install is eligible for update
 	if (!file_exists('../inc/conf/configuration.php')) {
 		echo '<strong>'.get_lang('Error').' !</strong> Dokeos '.implode('|', $updateFromVersion).' '.get_lang('HasNotBeenFound').'.<br /><br />
 								'.get_lang('PleasGoBackToStep1').'.
--- a/main/install/update-db-1.8.4-1.8.5.inc.php
+++ b/main/install/update-db-1.8.4-1.8.5.inc.php
@ -29,7 +29,8 @@ $new_file_version = '1.8.5';
 // Check if we come from index.php or update_courses.php - otherwise display error msg
 if (defined('SYSTEM_INSTALLATION') || defined('DOKEOS_COURSE_UPDATE')) {
-	//check if the current Dokeos install is elligible for update
+
 	// Check if the current Dokeos install is eligible for update
 	if (!file_exists('../inc/conf/configuration.php')) {
 		echo '<strong>'.get_lang('Error').' !</strong> Dokeos '.implode('|', $updateFromVersion).' '.get_lang('HasNotBeenFound').'.<br /><br />
 								'.get_lang('PleasGoBackToStep1').'.
--- a/main/install/update-db-1.8.5-1.8.6.inc.php
+++ b/main/install/update-db-1.8.5-1.8.6.inc.php
@ -30,7 +30,7 @@ $new_file_version = '1.8.6';
 // Check if we come from index.php or update_courses.php - otherwise display error msg
 if (defined('SYSTEM_INSTALLATION') || defined('DOKEOS_COURSE_UPDATE')) {
-	// Check if the current Dokeos install is elligible for update
+	// Check if the current Dokeos install is eligible for update
 	if (!file_exists('../inc/conf/configuration.php')) {
 		echo '<strong>'.get_lang('Error').' !</strong> Dokeos '.implode('|', $updateFromVersion).' '.get_lang('HasNotBeenFound').'.<br /><br />
 								'.get_lang('PleasGoBackToStep1').'.
--- a/main/install/update-db-1.8.6-1.8.6.1.inc.php
+++ b/main/install/update-db-1.8.6-1.8.6.1.inc.php
@ -30,7 +30,7 @@ $new_file_version = '1.8.6.1';
 //check if we come from index.php or update_courses.php - otherwise display error msg
 if (defined('SYSTEM_INSTALLATION') || defined('DOKEOS_COURSE_UPDATE')) {
-	//check if the current Dokeos install is elligible for update
+	// Check if the current Dokeos install is eligible for update
 	if (!file_exists('../inc/conf/configuration.php')) {
 		echo '<strong>'.get_lang('Error').' !</strong> Dokeos '.implode('|', $updateFromVersion).' '.get_lang('HasNotBeenFound').'.<br /><br />
 								'.get_lang('PleasGoBackToStep1').'.
--- a/main/install/update-db-1.8.6.1-1.8.6.2.inc.php
+++ b/main/install/update-db-1.8.6.1-1.8.6.2.inc.php
@ -30,7 +30,7 @@ $new_file_version = '1.8.6.2';
 // Check if we come from index.php or update_courses.php - otherwise display error msg
 if (defined('SYSTEM_INSTALLATION') || defined('DOKEOS_COURSE_UPDATE')) {
-	// Check if the current Dokeos install is elligible for update
+	// Check if the current Dokeos install is eligible for update
 	if (!file_exists('../inc/conf/configuration.php')) {
 		echo '<strong>'.get_lang('Error').' !</strong> Dokeos '.implode('|', $updateFromVersion).' '.get_lang('HasNotBeenFound').'.<br /><br />
 								'.get_lang('PleasGoBackToStep1').'.
--- a/main/install/update-db-1.8.6.2-1.8.7.inc.php
+++ b/main/install/update-db-1.8.6.2-1.8.7.inc.php
@ -30,7 +30,7 @@ $new_file_version = '1.8.7';
 // Check if we come from index.php or update_courses.php - otherwise display error msg
 if (defined('SYSTEM_INSTALLATION') || defined('DOKEOS_COURSE_UPDATE')) {
-    // Check if the current Dokeos install is elligible for update
+    // Check if the current Dokeos install is eligible for update
    if (!file_exists('../inc/conf/configuration.php')) {
        echo '<strong>'.get_lang('Error').' !</strong> Dokeos '.implode('|', $updateFromVersion).' '.get_lang('HasNotBeenFound').'.<br /><br />
                                '.get_lang('PleasGoBackToStep1').'.
--- a/main/work/work.php
+++ b/main/work/work.php
@ -1259,6 +1259,8 @@ if ($is_course_member) {
 		if (!empty ($error_message)) {
 			Display :: display_error_message($error_message);
 		}
 		$show_progress_bar = false;
 		if ($submitGroupWorkUrl) { 
 			// For user comming from group space to publish his work
 			$realUrl = str_replace($_configuration['root_sys'], $_configuration['root_web'], str_replace("\\", "/", realpath($submitGroupWorkUrl)));
@ -1281,6 +1283,7 @@ if ($is_course_member) {
 		} else {
 			// else standard upload option
 			$form->addElement('file', 'file', get_lang('UploadADocument'), 'size="40" onchange="updateDocumentTitle(this.value)"');
 			$show_progress_bar = true;			
 		}
 		$titleWork = $form->addElement('text', 'title', get_lang("TitleWork"), 'id="file_upload"  style="width: 350px;"');
@ -1335,7 +1338,10 @@ if ($is_course_member) {
 			$form->addElement('style_submit_button', 'cancelForm', get_lang('Cancel'),'class="cancel"');
 		}
-		$form->add_real_progress_bar('uploadWork', 'DownloadFile');
+		if ($show_progress_bar) {		
 			$form->add_real_progress_bar('uploadWork', 'file');
 		}
 		$form->setDefaults($defaults);
 		//$form->addRule('file', '<div class="required">'.get_lang('ThisFieldIsRequired'), 'required');
 		$form->display();