Should fix BT#7603 / #6803

1.9.x
Julio Montoya 11 years ago
parent c485cb0b7c
commit c3c64778f4
  1. 13
      main/announcements/announcement_email.class.php
  2. 154
      main/announcements/announcements.inc.php
  3. 8
      main/inc/lib/mail.lib.inc.php
  4. 7
      main/inc/lib/message.lib.php

@ -1,9 +1,8 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Announcement Email
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
* @author Julio Montoya <gugli100@gmail.com> Adding session support
*/
@ -12,6 +11,7 @@ class AnnouncementEmail
protected $course = null;
protected $announcement = null;
public $session_id = null;
/**
*
* @param int|array $course
@ -23,6 +23,7 @@ class AnnouncementEmail
{
return new self($course, $announcement);
}
/**
* @param int $course
* @param int $announcement
@ -208,17 +209,17 @@ class AnnouncementEmail
/**
* Email message
*
* @param int $receiverUserId
* @return string
*/
public function message()
public function message($receiverUserId)
{
$title = $this->announcement('title');
$title = stripslashes($title);
$content = $this->announcement('content');
$content = stripslashes($content);
$content = AnnouncementManager::parseEmailContent($content, $this->course('code'));
$content = AnnouncementManager::parse_content($receiverUserId, $content, $this->course('code'));
$user_email = $this->sender('mail');
$course_param = api_get_cidreq();
@ -271,12 +272,12 @@ class AnnouncementEmail
{
$sender = $this->sender();
$subject = $this->subject();
$message = $this->message();
// Send email one by one to avoid antispam
$users = $this->sent_to();
foreach ($users as $user) {
$message = $this->message($user['user_id']);
MessageManager::send_message_simple(
$user['user_id'],
$subject,

@ -1,5 +1,4 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Include file with functions for the announcements module.
@ -39,11 +38,11 @@ class AnnouncementManager
* @param string $course_code
* @return mixed
*/
public static function parse_content($content, $course_code)
public static function parse_content($userId, $content, $course_code)
{
$reader_info = api_get_user_info(api_get_user_id());
$course_info = api_get_course_info($course_code);
$teacher_list = CourseManager::get_teacher_list_from_course_code($course_info['code']);
$readerInfo = api_get_user_info($userId);
$courseInfo = api_get_course_info($course_code);
$teacher_list = CourseManager::get_teacher_list_from_course_code($courseInfo['code']);
$teacher_name = '';
if (!empty($teacher_list)) {
@ -53,51 +52,17 @@ class AnnouncementManager
break;
}
}
$course_link = api_get_course_url();
$data['user_name'] = $reader_info['username'];
$data['user_firstname'] = $reader_info['firstname'];
$data['user_lastname'] = $reader_info['lastname'];
$courseLink = api_get_course_url();
$data['user_name'] = $readerInfo['username'];
$data['user_firstname'] = $readerInfo['firstname'];
$data['user_lastname'] = $readerInfo['lastname'];
$data['teacher_name'] = $teacher_name;
$data['teacher_email'] = $teacher_email;
$data['course_title'] = $course_info['name'];
$data['course_link'] = Display::url($course_link, $course_link);
$content = str_replace(self::get_tags(), $data, $content);
return $content;
}
/**
* parse announcement content when sending an email. It parses only teacher data
* @author yoselyn castillo
* @param string content
* @param string course code
* @return string with the parsed content
*/
public static function parseEmailContent($content, $courseCode)
{
$readerInfo = api_get_user_info(api_get_user_id());
$courseInfo = api_get_course_info($courseCode);
$teacherList = CourseManager::get_teacher_list_from_course_code($courseInfo['code']);
$teacherName = '';
if (!empty($teacherList)) {
foreach ($teacherList as $teacherData) {
$teacherName = api_get_person_name($teacherData['firstname'], $teacherData['lastname']);
$teacherEmail = $teacherData['email'];
break;
}
}
$data['user_name'] = '((user_name))';
$data['user_firstname'] = '((user_firstname))';
$data['user_lastname'] = '((user_lastname))';
$data['teacher_name'] = $teacherName;
$data['teacher_email'] = $teacherEmail;
$data['course_title'] = $courseInfo['name'];
$data['course_link'] = Display::url($course_link, $course_link);
$data['course_link'] = Display::url($courseLink, $courseLink);
$content = str_replace(self::get_tags(), $data, $content);
return $content;
}
@ -172,25 +137,27 @@ class AnnouncementManager
public static function delete_all_announcements($_course)
{
$announcements = self::get_all_annoucement_by_course($_course, api_get_session_id());
foreach ($announcements as $annon) {
api_item_property_update($_course, TOOL_ANNOUNCEMENT, $annon['id'], 'delete', api_get_user_id());
if (!empty($announcements)) {
foreach ($announcements as $annon) {
api_item_property_update($_course, TOOL_ANNOUNCEMENT, $annon['id'], 'delete', api_get_user_id());
}
}
}
/**
* Displays one specific announcement
* @param $announcement_id, the id of the announcement you want to display
* @param int $announcement_id, the id of the announcement you want to display
*/
public static function display_announcement($announcement_id)
{
if ($announcement_id != strval(intval($announcement_id))) {
return false;
} // potencial sql injection
}
global $charset;
$tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT);
$tbl_item_property = Database::get_course_table(TABLE_ITEM_PROPERTY);
$course_id = api_get_course_int_id();
if (api_is_allowed_to_edit(false, true) || (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) {
@ -263,7 +230,7 @@ class AnnouncementManager
echo "<tr><th style='text-align:right'>$modify_icons</th></tr>";
}
$content = self::parse_content($content, api_get_course_id());
$content = self::parse_content($result['to_user_id'], $content, api_get_course_id());
echo "<tr><td>$content</td></tr>";
@ -275,11 +242,8 @@ class AnnouncementManager
$sent_to_icon = Display::return_icon('group.gif', get_lang('AnnounceSentToUserSelection'));
}
$sent_to = self::sent_to('announcement', $announcement_id);
$sent_to_form = self::sent_to_form($sent_to);
echo Display::tag('td', get_lang('SentTo') . ' : ' . $sent_to_form, array('class' => 'announcements_datum'));
$attachment_list = self::get_attachment($announcement_id);
if (count($attachment_list) > 0) {
@ -302,6 +266,9 @@ class AnnouncementManager
}
}
/**
* @return int
*/
public static function get_last_announcement_order()
{
$tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT);
@ -389,15 +356,20 @@ class AnnouncementManager
}
}
/*
STORE ANNOUNCEMENT GROUP ITEM
/**
* @param $emailTitle
* @param $newContent
* @param $to
* @param $to_users
* @param array $file
* @param string $file_comment
* @return bool|int
*/
public static function add_group_announcement($emailTitle, $newContent, $to, $to_users, $file = array(), $file_comment = '')
{
global $_course;
// database definitions
// Database definitions
$tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT);
$emailTitle = Database::escape_string($emailTitle);
@ -448,10 +420,6 @@ class AnnouncementManager
return $last_id;
}
/*
EDIT ANNOUNCEMENT
*/
/**
* This function stores the announcement item in the announcement table
* and updates the item_property table
@ -462,7 +430,6 @@ class AnnouncementManager
* @param array users that will receive the announcement
* @param mixed attachment
* @param string file comment
*
*/
public static function edit_announcement($id, $emailTitle, $newContent, $to, $file = array(), $file_comment = '')
{
@ -478,7 +445,7 @@ class AnnouncementManager
// store the modifications in the table announcement
$sql = "UPDATE $tbl_announcement SET content = '$newContent', title = '$emailTitle' WHERE c_id = $course_id AND id='$id'";
$result = Database::query($sql);
Database::query($sql);
// save attachment file
$row_attach = self::get_attachment($id);
@ -494,7 +461,7 @@ class AnnouncementManager
// we remove everything from item_property for this
$sql_delete = "DELETE FROM $tbl_item_property WHERE c_id = $course_id AND ref='$id' AND tool='announcement'";
$result = Database::query($sql_delete);
Database::query($sql_delete);
// store in item_property (first the groups, then the users
@ -521,10 +488,10 @@ class AnnouncementManager
}
}
/*
MAIL FUNCTIONS
/**
* @param int $insert_id
* @return bool
*/
public static function update_mail_sent($insert_id)
{
$tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT);
@ -563,7 +530,10 @@ class AnnouncementManager
toolitemproperties.c_id = $course_id AND
announcement.id = toolitemproperties.ref AND
toolitemproperties.tool='announcement' AND
(toolitemproperties.insert_user_id='$user_id' AND (toolitemproperties.to_group_id='0' OR toolitemproperties.to_group_id is null))
(
toolitemproperties.insert_user_id='$user_id' AND
(toolitemproperties.to_group_id='0' OR toolitemproperties.to_group_id is null)
)
AND toolitemproperties.visibility='1'
AND announcement.session_id = 0
ORDER BY display_order DESC";
@ -587,12 +557,9 @@ class AnnouncementManager
return false;
}
/*
SHOW_TO_FORM
*/
/**
* this function shows the form for sending a message to a specific group or user.
* This function shows the form for sending a message to a specific group or user.
* @param $to_already_selected
*/
public static function show_to_form($to_already_selected)
{
@ -661,10 +628,6 @@ class AnnouncementManager
echo "</table>";
}
/*
CONSTRUCT_NOT_SELECT_SELECT_FORM
*/
/**
* this function shows the form for sending a message to a specific group or user.
*/
@ -702,10 +665,6 @@ class AnnouncementManager
echo "</select>";
}
/*
CONSTRUCT_SELECTED_SELECT_FORM
*/
/**
* this function shows the form for sending a message to a specific group or user.
*/
@ -832,11 +791,6 @@ class AnnouncementManager
return $new_group_list;
}
/*
*
LOAD_EDIT_USERS
*/
/**
* This tools loads all the users and all the groups who have received
* a specific item (in this case an announcement item)
@ -869,10 +823,6 @@ class AnnouncementManager
return $to;
}
/*
USER_GROUP_FILTER_JAVASCRIPT
*/
/**
* returns the javascript for setting a filter
* this goes into the $htmlHeadXtra[] array
@ -890,10 +840,6 @@ class AnnouncementManager
</script>";
}
/*
TO_JAVASCRIPT
*/
/**
* returns all the javascript that is required for easily
* setting the target people/groups
@ -918,10 +864,6 @@ class AnnouncementManager
return $result;
}
/*
SENT_TO_FORM
*/
/**
* constructs the form to display all the groups and users the message has been sent to
* input: $sent_to_array is a 2 dimensional array containing the groups and the users
@ -992,10 +934,6 @@ class AnnouncementManager
}
}
/*
SEPARATE_USERS_GROUPS
*/
/**
* This function separates the users from the groups
* users have a value USER:XXX (with XXX the dokeos id
@ -1022,10 +960,6 @@ class AnnouncementManager
return $send_to;
}
/*
SENT_TO()
*/
/**
* Returns all the users and all the groups a specific announcement item
* has been sent to
@ -1069,8 +1003,6 @@ class AnnouncementManager
return $sent_to;
}
/* ATTACHMENT FUNCTIONS */
/**
* Show a list with all the attachments according to the post's id
* @param int announcement id
@ -1202,7 +1134,7 @@ class AnnouncementManager
}
/**
* @param $id
* @param int $id
*/
public static function send_email($id)
{

@ -55,7 +55,8 @@ function api_mail($recipient_name, $recipient_email, $subject, $message, $sender
* @return returns true if mail was sent
* @see class.phpmailer.php
*/
function api_mail_html($recipient_name, $recipient_email, $subject, $message, $sender_name = '', $sender_email = '', $extra_headers = null, $data_file = array(), $embedded_image = false) {
function api_mail_html($recipient_name, $recipient_email, $subject, $message, $sender_name = '', $sender_email = '', $extra_headers = array(), $data_file = array(), $embedded_image = false)
{
global $platform_email;
$mail = new PHPMailer();
@ -174,6 +175,11 @@ function api_mail_html($recipient_name, $recipient_email, $subject, $message, $s
case 'content-type':
$mail->ContentType = $value;
break;
case 'reply_to':
if (isset($value['mail']) && isset($value['name'])) {
$mail->AddReplyTo($value['mail'], $value['name']);
}
break;
default:
$mail->AddCustomHeader($key.':'.$value);
break;

@ -810,13 +810,14 @@ class MessageManager
$user_con = self::users_connected_by_id();
$band = 0;
for ($i = 0; $i < count($user_con); $i++)
if ($user_sender_id == $user_con[$i])
for ($i = 0; $i < count($user_con); $i++) {
if ($user_sender_id == $user_con[$i]) {
$band = 1;
}
}
$title = Security::remove_XSS($row['title'], STUDENT, true);
$content = Security::remove_XSS($row['content'], STUDENT, true);
$content = AnnouncementManager::parse_content($content);
$from_user = UserManager::get_user_info_by_id($user_sender_id);
$name = api_get_person_name($from_user['firstname'], $from_user['lastname']);
$user_image = UserManager::get_picture_user($row['user_sender_id'], $from_user['picture_uri'], 80);

Loading…
Cancel
Save