chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Cleanning the forumqualify.php file + blocking a forum thread from the gradebook see BT#4080

Browse Source
skala
Julio Montoya 14 years ago
parent 3f4f274e1a
commit c574128940
11 changed files with 190 additions and 209 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      main/forum/forumbody.inc.php
  2. 81
      main/forum/forumfunction.inc.php
  3. 96
      main/forum/forumqualify.php
  4. 26
      main/forum/reply.php
  5. 18
      main/forum/viewforum.php
  6. 31
      main/forum/viewpost.inc.php
  7. 45
      main/forum/viewthread_flat.inc.php
  8. 33
      main/forum/viewthread_nested.inc.php
  9. 50
      main/forum/viewthread_threaded.inc.php
  10. 11
      main/inc/lib/display.lib.php
  11. 6
      tests/main/forum/forumfunction.inc.test.php

2
main/forum/forumbody.inc.php
Unescape View File

@ -12,7 +12,7 @@ $to_origin = Security::remove_XSS($_GET['origin']);
$output = <<<EOF
<div class="forum-body-form">
<table>
<table class="data_table">
<form id="forum-thread-qualify" name="forum-thread-qualify" action="forumqualify.php">
<input type="hidden" name="cidReq" value="{$my_cid_req}">
<input type="hidden" name="forum" value="{$my_forum}">

81
main/forum/forumfunction.inc.php
Unescape View File

@ -801,7 +801,7 @@ function display_visible_invisible_icon($content, $id, $current_visibility_statu
echo 'action=invisible&amp;content='.$content.'&amp;id='.$id.'&gradebook='.$gradebook.'&amp;origin='.$origin.'">'.Display::return_icon('visible.png', get_lang('MakeInvisible'), array(), ICON_SIZE_SMALL).'</a>';
}
if ($current_visibility_status == '0') {
echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;';
echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;';
if (is_array($additional_url_parameters)) {
foreach ($additional_url_parameters as $key => $value) {
echo $key.'='.$value.'&amp;';
@ -832,7 +832,7 @@ function display_lock_unlock_icon($content, $id, $current_lock_status, $addition
}
}
if ($current_lock_status == '1') {
echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;';
echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;';
if (is_array($additional_url_parameters)) {
foreach ($additional_url_parameters as $key => $value) {
echo $key.'='.$value.'&amp;';
@ -841,7 +841,7 @@ function display_lock_unlock_icon($content, $id, $current_lock_status, $addition
echo 'action=unlock&amp;content='.$content.'&amp;id='.$id.'">'.Display::return_icon('lock.png', get_lang('Unlock'), array(), ICON_SIZE_SMALL).'</a>';
}
if ($current_lock_status == '0') {
echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;gidReq='.api_get_group_id().'&amp;';
echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;';
if (is_array($additional_url_parameters)) {
foreach ($additional_url_parameters as $key => $value) {
echo $key.'='.$value.'&amp;';
@ -2155,17 +2155,16 @@ function show_add_post_form($action = '', $id = '', $form_values = '') {
$token = Security::get_token();
$form->addElement('hidden', 'sec_token');
$form->setConstants(array('sec_token' => $token));
$form->display();
echo '<br />';
$iframe = null;
if ($forum_setting['show_thread_iframe_on_reply'] && $action != 'newthread') {
echo '<div class="row">
<div class="label">'.get_lang('Thread').'
</div>
<div class="formw">';
echo "<iframe style=\"border: 1px solid black\" src=\"iframe_thread.php?forum=".Security::remove_XSS($my_forum)."&amp;thread=".Security::remove_XSS($my_thread)."#".Security::remove_XSS($my_post)."\" width=\"100%\"></iframe>";
echo ' </div>
</div>';
$iframe = "<iframe style=\"border: 1px solid black\" src=\"iframe_thread.php?forum=".Security::remove_XSS($my_forum)."&amp;thread=".Security::remove_XSS($my_thread)."#".Security::remove_XSS($my_post)."\" width=\"100%\"></iframe>";
}
if (!empty($iframe)) {
$form->addElement('label', get_lang('Thread'), $iframe);
}
$form->display();
}
}
@ -2227,27 +2226,29 @@ function store_theme_qualify($user_id, $thread_id, $thread_qualify = 0, $qualify
* @author Isaac Flores <isaac.flores@dokeos.com>, U.N.A.S University
* @version October 2008, dokeos 1.8.6
*/
function show_qualify($option, $couser_id, $forum_id, $user_id, $thread_id) {
function show_qualify($option, $user_id, $thread_id) {
$table_threads_qualify = Database::get_course_table(TABLE_FORUM_THREAD_QUALIFY);
$table_threads = Database::get_course_table(TABLE_FORUM_THREAD);
$course_id = api_get_course_int_id();
if ($user_id == strval(intval($user_id)) && $thread_id == strval(intval($thread_id)) && $option == 1) {
$sql = "SELECT qualify FROM ".$table_threads_qualify." WHERE c_id = $course_id AND user_id=".$user_id." and thread_id=".$thread_id.";";
$rs = Database::query($sql);
$row = Database::fetch_array($rs);
return $row[0];
}
if ($user_id == strval(intval($user_id)) && $option == 2) {
$sql = "SELECT thread_qualify_max FROM ".$table_threads." WHERE c_id = $course_id AND thread_id=".$thread_id.";";
$rs = Database::query($sql);
$row = Database::fetch_array($rs);
return $row[0];
$course_id = api_get_course_int_id();
$user_id = intval($user_id);
$thread_id = intval($thread_id);
if (empty($user_id) || empty($thread_id)) {
return false;
}
switch ($option) {
case 1:
$sql = "SELECT qualify FROM ".$table_threads_qualify." WHERE c_id = $course_id AND user_id=".$user_id." and thread_id=".$thread_id;
break;
case 2:
$sql = "SELECT thread_qualify_max FROM ".$table_threads." WHERE c_id = $course_id AND thread_id=".$thread_id.";";
break;
}
$rs = Database::query($sql);
$row = Database::fetch_array($rs);
return $row[0];
}
/**
@ -2261,12 +2262,10 @@ function show_qualify($option, $couser_id, $forum_id, $user_id, $thread_id) {
* @version October 2008, dokeos 1.8.6
*/
function get_historical_qualify($user_id, $thread_id, $opt) {
$table_threads_qualify_log = Database::get_course_table(TABLE_FORUM_THREAD_QUALIFY_LOG);
$table_threads_qualify_log = Database::get_course_table(TABLE_FORUM_THREAD_QUALIFY_LOG);
$course_id = api_get_course_int_id();
$my_qualify_log = array();
$opt = Database::escape_string($opt);
$my_qualify_log = array();
if ($opt == 'false') {
$sql = "SELECT * FROM ".$table_threads_qualify_log." WHERE c_id = $course_id AND thread_id='".Database::escape_string($thread_id)."' and user_id='".Database::escape_string($user_id)."' ORDER BY qualify_time";
} else {
@ -3934,7 +3933,7 @@ function send_notifications($forum_id = 0, $thread_id = 0, $post_id = 0) {
global $_course, $_user;
// The content of the mail
$thread_link = api_get_path(WEB_CODE_PATH).'forum/viewthread.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.$forum_id.'&amp;thread='.$thread_id;
$thread_link = api_get_path(WEB_CODE_PATH).'forum/viewthread.php?'.api_get_cidreq().'&amp;forum='.$forum_id.'&amp;thread='.$thread_id;
$my_link = isset($link) ? $link : '';
$my_message = isset($message) ? $message : '';
$my_message .= $my_link;
@ -4103,13 +4102,17 @@ function get_statistical_information($thread_id, $user_id, $course_id) {
* @author Jhon Hinojosa <jhon.hinojosa@dokeos.com>,
* @version octubre 2008, dokeos 1.8
*/
function get_thread_user_post($course_code, $thread_id, $user_id ) {
function get_thread_user_post($course_code, $thread_id, $user_id) {
$table_posts = Database::get_course_table(TABLE_FORUM_POST);
$table_users = Database::get_main_table(TABLE_MAIN_USER);
$thread_id = intval($thread_id);
$user_id = intval($user_id);
$course_id = api_get_course_int_id();
$course_info = api_get_user_info($course_code);
$course_id = $course_info['real_id'];
if (empty($course_id)) {
$course_id = api_get_course_int_id();
}
$sql = "SELECT * FROM $table_posts posts
LEFT JOIN $table_users users
ON posts.poster_id=users.user_id
@ -4120,7 +4123,7 @@ function get_thread_user_post($course_code, $thread_id, $user_id ) {
ORDER BY posts.post_id ASC";
$result = Database::query($sql);
$post_list = array();
while ($row = Database::fetch_array($result)) {
$row['status'] = '1';
$post_list[] = $row;

96
main/forum/forumqualify.php
Unescape View File

@ -11,6 +11,7 @@ $language_file = array('admin', 'forum');
require_once '../inc/global.inc.php';
require_once 'forumconfig.inc.php';
require_once 'forumfunction.inc.php';
$nameTools = get_lang('ToolForum');
$this_section = SECTION_COURSES;
@ -21,19 +22,21 @@ if (!$allowed_to_edit) {
//are we in a lp ?
$origin = '';
$origin_string='';
if (isset($_GET['origin'])) {
$origin = Security::remove_XSS($_GET['origin']);
}
$nameTools=get_lang('ToolForum');
$user_id = isset($_GET['user_id']) ? intval($_GET['user_id']) : null;
/* Including necessary files */
block_course_item_locked_by_gradebook($_GET['thread'], LINK_FORUM_THREAD);
$nameTools = get_lang('ToolForum');
/* Including necessary files */
$htmlHeadXtra[] = '<script type="text/javascript" language="javascript">
$(document).ready(function(){ $(\'.hide-me\').slideUp() });
function hidecontent(content){ $(content).slideToggle(\'normal\'); }
</script>';
$(document).ready(function(){ $(\'.hide-me\').slideUp() });
function hidecontent(content){ $(content).slideToggle(\'normal\'); }
</script>';
/* MAIN DISPLAY SECTION */
/*
Retrieving forum and forum categorie information
@ -44,8 +47,8 @@ $htmlHeadXtra[] = '<script type="text/javascript" language="javascript">
$current_thread=get_thread_information($_GET['thread']); // note: this has to be validated that it is an existing thread
$current_forum=get_forum_information($current_thread['forum_id']); // note: this has to be validated that it is an existing forum.
$current_forum_category=get_forumcategory_information($current_forum['forum_category']);
$whatsnew_post_info=$_SESSION['whatsnew_post_info'];
$group_id = api_get_group_id();
/*
Header and Breadcrumbs
*/
@ -63,12 +66,10 @@ if (!empty($gradebook) && $gradebook=='view') {
if ($origin=='learnpath') {
Display::display_reduced_header();
} else {
if (!empty($_SESSION['toolgroup'])) {
$_clean['toolgroup']=(int)$_SESSION['toolgroup'];
if (!empty($group_id)) {
$group_properties = GroupManager :: get_group_properties($_clean['toolgroup']);
$interbreadcrumb[] = array ("url" => "../group/group.php", "name" => get_lang('Groups'));
$interbreadcrumb[] = array ("url"=>"../group/group_space.php?gidReq=".$_SESSION['toolgroup'], "name"=> get_lang('GroupSpace').' ('.$group_properties['name'].')');
$interbreadcrumb[] = array ("url"=>"../group/group_space.php?gidReq=".$group_id, "name"=> get_lang('GroupSpace').' ('.$group_properties['name'].')');
$interbreadcrumb[]=array("url" => "viewforum.php?forum=".Security::remove_XSS($_GET['forum'])."&amp;origin=".$origin."&amp;search=".Security::remove_XSS(urlencode($_GET['search'])),"name" => prepare4display($current_forum['forum_title']));
if ($message<>'PostDeletedSpecial') {
$interbreadcrumb[]=array("url" => "viewthread.php?forum=".Security::remove_XSS($_GET['forum'])."&amp;gradebook=".$gradebook."&amp;thread=".Security::remove_XSS($_GET['thread']),"name" => prepare4display($current_thread['thread_title']));
@ -95,12 +96,11 @@ if ($origin=='learnpath') {
}
// the last element of the breadcrumb navigation is already set in interbreadcrumb, so give empty string
$interbreadcrumb[]=array("url" => "#","name" => get_lang('QualifyThread'));
Display :: display_header('');
api_display_tool_title($nameTools);
Display :: display_header('');
}
}
/*
Is the user allowed here?
*/
@ -124,7 +124,7 @@ if (($_GET['action']=='invisible' || $_GET['action']=='visible') && isset($_GET[
$message=approve_post($_GET['id'],$_GET['action']); // note: this has to be cleaned first
}
if ($_GET['action']=='move' and isset($_GET['post'])) {
$message=move_post_form();
$message = move_post_form();
}
/*
@ -141,13 +141,6 @@ if ($message<>'PostDeletedSpecial') {// in this case the first and only post of
/*
Action Links
*/
/* echo '<div style="float:right;">';
$my_url = '<a href="viewthread.php?'.api_get_cidreq().'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'&amp;origin='.$origin.'&amp;search='.Security::remove_XSS(urlencode($_GET['search']));
echo $my_url.'&amp;view=flat&amp;origin='.$origin.'">'.get_lang('FlatView').'</a> | ';
echo $my_url.'&amp;view=threaded&amp;origin='.$origin.'">'.get_lang('ThreadedView').'</a> | ';
echo $my_url.'&amp;view=nested&amp;origin='.$origin.'">'.get_lang('NestedView').'</a>';
$my_url = null;
echo '</div>';*/
// the reply to thread link should only appear when the forum_category is not locked AND the forum is not locked AND the thread is not locked.
// if one of the three levels is locked then the link should not be displayed
if (($current_forum_category && $current_forum_category['locked']==0) AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit(false,true)) {
@ -159,8 +152,7 @@ if ($message<>'PostDeletedSpecial') {// in this case the first and only post of
//new thread link
if (api_is_allowed_to_edit(false,true) OR ($current_forum['allow_new_threads']==1 AND isset($_user['user_id'])) OR ($current_forum['allow_new_threads']==1 AND !isset($_user['user_id']) AND $current_forum['allow_anonymous']==1)) {
if ($current_forum['locked'] <> 1 AND $current_forum['locked'] <> 1) {
echo '&nbsp;&nbsp;';
/*echo '<a href="newthread.php?'.api_get_cidreq().'&amp;forum='.Security::remove_XSS($_GET['forum']).$origin_string.'">'.Display::return_icon('new_thread.png','','',ICON_SIZE_MEDIUM).'</a>';*/
echo '&nbsp;&nbsp;';
} else {
echo get_lang('ForumLocked');
}
@ -194,7 +186,7 @@ if ($message<>'PostDeletedSpecial') {// in this case the first and only post of
// we are getting all the information about the current forum and forum category.
// note pcool: I tried to use only one sql statement (and function) for this
// but the problem is that the visibility of the forum AND forum cateogory are stored in the item_property table
echo "<table class=\"data_table\" width=\"100%\">";
echo "<table class=\"data_table\">";
// the thread
echo "<tr><th style=\"padding-left:5px;\" align=\"left\" colspan=\"6\">";
@ -213,23 +205,20 @@ if ($message<>'PostDeletedSpecial') {// in this case the first and only post of
include_once 'viewpost.inc.php';
} // if ($message<>'PostDeletedSpecial') // in this case the first and only post of the thread is removed
$userinf=api_get_user_info(api_get_user_id());
if ($allowed_to_edit) {
$current_thread=get_thread_information($_GET['thread']);
$userid=(int)$_GET['user_id'];
$current_thread=get_thread_information($_GET['thread']);
$threadid=$current_thread['thread_id'];
//show current qualify in my form
$qualify=current_qualify_of_thread($threadid, api_get_session_id());
//show max qualify in my form
$max_qualify=show_qualify('2',$_GET['cidReq'],$_GET['forum'],$userid,$threadid);
$max_qualify=show_qualify('2',$user_id,$threadid);
require_once 'forumbody.inc.php';
$value_return = store_theme_qualify($userid,$threadid,$_REQUEST['idtextqualify'],api_get_user_id(),date("Y-m-d H:i:s"),api_get_session_id());
$value_return = store_theme_qualify($user_id,$threadid,$_REQUEST['idtextqualify'],api_get_user_id(),date("Y-m-d H:i:s"),api_get_session_id());
$url='cidReq='.Security::remove_XSS($_GET['cidReq']).'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'&amp;post='.Security::remove_XSS($_GET['post']).'&amp;origin='.$origin.'&amp;user_id='.Security::remove_XSS($_GET['user_id']);
$current_qualify_thread=show_qualify('1',$_GET['cidReq'],$_GET['forum'],$userid,$threadid);
$current_qualify_thread=show_qualify('1',$user_id,$threadid);
if ($value_return[0]!=$_REQUEST['idtextqualify'] && $value_return[1]=='update') {
store_qualify_historical('1','',$_GET['forum'],$userid,$threadid,$_REQUEST['idtextqualify'],api_get_user_id());
store_qualify_historical('1','',$_GET['forum'],$user_id,$threadid,$_REQUEST['idtextqualify'],api_get_user_id());
}
if (!empty($_REQUEST['idtextqualify']) && $_REQUEST['idtextqualify'] > $max_qualify) {
@ -237,12 +226,10 @@ if ($allowed_to_edit) {
Display :: display_error_message($return_message,false);
}
// show qualifications history
$user_id_thread = (int)$_GET['user_id'];
$opt=Database::escape_string($_GET['type']);
$qualify_historic = get_historical_qualify($user_id_thread, $threadid, $opt);
// show qualifications history
$qualify_historic = get_historical_qualify($user_id, $threadid, $_GET['type']);
$counter = count($qualify_historic);
$counter= count($qualify_historic);
$act_qualify = $_REQUEST['idtextqualify'];
if ($counter>0) {
if (isset($_GET['gradebook'])){
@ -250,34 +237,33 @@ if ($allowed_to_edit) {
}
echo '<h4>'.get_lang('QualificationChangesHistory').'</h4>';
if ($_GET['type'] == 'false') {
echo '<div style="float:left; clear:left">'.get_lang('OrderBy').'&nbsp;:<a href="forumqualify.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;origin='.$origin.'&amp;thread='.$threadid.'&amp;user='.Security::remove_XSS($_GET['user']).'&amp;user_id='.Security::remove_XSS($_GET['user_id']).'&amp;type=true&amp;idtextqualify='.$act_qualify.$view_gradebook.'#history">'.get_lang('MoreRecent').'</a>&nbsp;|
'.get_lang('Older').'
</div>';
$buttons = '<a class="btn" href="forumqualify.php?'.api_get_cidreq().'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;origin='.$origin.'&amp;thread='.$threadid.'&amp;user='.Security::remove_XSS($_GET['user']).'&amp;user_id='.Security::remove_XSS($_GET['user_id']).'&amp;type=true&amp;idtextqualify='.$act_qualify.$view_gradebook.'#history">'.
get_lang('MoreRecent').'</a> <a class="btn disabled" >'.get_lang('Older').'</a>';
} else {
echo '<div style="float:left; clear:left">'.get_lang('OrderBy').'&nbsp;:'.get_lang('MoreRecent').' |
<a href="forumqualify.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;origin='.$origin.'&amp;thread='.$threadid.'&amp;user='.Security::remove_XSS($_GET['user']).'&amp;user_id='.Security::remove_XSS($_GET['user_id']).'&amp;type=false&amp;idtextqualify='.$act_qualify.$view_gradebook.'#history">'.get_lang('Older').'</a>&nbsp;
</div>';
$buttons = '<a class="btn disabled">'.get_lang('MoreRecent').'</a>
<a class="btn" href="forumqualify.php?'.api_get_cidreq().'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;origin='.$origin.'&amp;thread='.$threadid.'&amp;user='.Security::remove_XSS($_GET['user']).'&amp;user_id='.Security::remove_XSS($_GET['user_id']).'&amp;type=false&amp;idtextqualify='.$act_qualify.$view_gradebook.'#history">'.
get_lang('Older').'</a>';
}
$table_list.= '<a name="history" /><br /><br /><table class="data_table" style="width:100%">';
$table_list.= '<br /><div class="btn-group">'.$buttons.'</div>';
$table_list.= '<br /><table class="data_table">';
$table_list.= '<tr>';
$table_list.= '<th width="50%">'.get_lang('WhoChanged').'</th>';
$table_list.= '<th width="10%">'.get_lang('NoteChanged').'</th>';
$table_list.= '<th width="40%">'.get_lang('DateChanged').'</th>';
$table_list.= '</tr>';
for($i=0;$i<count($qualify_historic);$i++) {
$my_user_info=api_get_user_info($qualify_historic[$i]['qualify_user_id']);
$name = api_get_person_name($my_user_info['firstName'], $my_user_info['lastName']);
$table_list.= '<tr class="'.$class.'"><td>'.$name.'</td>';
$table_list.= '<td>'.$qualify_historic[$i]['qualify'].'</td>';
$table_list.= '<td>'.$qualify_historic[$i]['qualify_time'].'</td></tr>';
for ($i=0;$i<count($qualify_historic);$i++) {
$my_user_info=api_get_user_info($qualify_historic[$i]['qualify_user_id']);
$name = api_get_person_name($my_user_info['firstName'], $my_user_info['lastName']);
$table_list.= '<tr class="'.$class.'"><td>'.$name.'</td>';
$table_list.= '<td>'.$qualify_historic[$i]['qualify'].'</td>';
$table_list.= '<td>'.api_convert_and_format_date($qualify_historic[$i]['qualify_time'], DATE_TIME_FORMAT_LONG).'</td></tr>';
}
$table_list.= '</table>';
echo $table_list;
} else {
echo get_lang('NotChanged');
//echo get_lang('NotChanged');
}
} else {
api_not_allowed();

26
main/forum/reply.php
Unescape View File

@ -147,34 +147,12 @@ if ($origin == 'learnpath') {
if ($origin != 'learnpath') {
echo '<div class="actions">';
echo '<span style="float:right;">'.search_link().'</span>';
/*if ($origin == 'group') {
echo '<a href="../group/group_space.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;gradebook='.$gradebook.'">'.Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('Groups'), '', ICON_SIZE_MEDIUM).'</a>';
} else {
echo '<a href="index.php?gradebook='.$gradebook.'">'.Display::return_icon('back.png', get_lang('BackToForumOverview'), '', ICON_SIZE_MEDIUM).'</a>';
}
echo '<a href="viewforum.php?forum='.Security::remove_XSS($_GET['forum']).'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;origin='.$origin.'">'.Display::return_icon('forum.png', get_lang('BackToForum'), '', ICON_SIZE_MEDIUM).'</a>';*/
echo '<a href="viewthread.php?forum='.Security::remove_XSS($_GET['forum']).'&amp;gradebook='.$gradebook.'&amp;thread='.Security::remove_XSS($_GET['thread']).'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;origin='.$origin.'">'.Display::return_icon('back.png', get_lang('BackToThread'), '', ICON_SIZE_MEDIUM).'</a>';
echo '<a href="viewthread.php?forum='.Security::remove_XSS($_GET['forum']).'&amp;gradebook='.$gradebook.'&amp;thread='.Security::remove_XSS($_GET['thread']).'&amp;origin='.$origin.'">'.Display::return_icon('back.png', get_lang('BackToThread'), '', ICON_SIZE_MEDIUM).'</a>';
echo '</div>';
} else {
echo '<div style="height:15px">&nbsp;</div>';
}
/* Display Forum Category and the Forum information */
/*
echo "<table class=\"data_table\" width=\"100%\">";
// The forum category
echo "<tr><th style=\"padding-left:5px;\" align=\"left\" colspan=\"2\">";
echo '<span class="forum_title">'.prepare4display($current_thread['thread_title']).'</span><br />';
if (!empty ($current_forum_category['cat_title'])) {
echo '<span class="forum_low_description">'.prepare4display($current_forum_category['cat_title'])." - </span>";
}
echo "</th>";
echo "</tr>";
echo '</table>';
*/
// The form for the reply
$my_action = isset($_GET['action']) ? Security::remove_XSS($_GET['action']) : '';
$my_post = isset($_GET['post']) ? Security::remove_XSS($_GET['post']) : '';
@ -196,4 +174,4 @@ if (!empty($values) AND isset($_POST['SubmitPost'])) {
if ($origin != 'learnpath') {
Display :: display_footer();
}
}

18
main/forum/viewforum.php
Unescape View File

@ -210,7 +210,7 @@ if ($my_action == 'liststd' AND isset($_GET['content']) AND isset($_GET['id']) A
$table_list.= '<th>'.get_lang('Qualify').'</th>';
}
$table_list .= '</tr>';
$max_qualify = show_qualify('2', $_GET['cidReq'], $my_forum, $userid, $_GET['id']);
$max_qualify = show_qualify('2', $userid, $_GET['id']);
$counter_stdlist = 0;
if (Database::num_rows($student_list) > 0) {
@ -221,13 +221,13 @@ if ($my_action == 'liststd' AND isset($_GET['content']) AND isset($_GET['id']) A
$class_stdlist = 'row_even';
}
$name_user_theme = api_get_person_name($row_student_list['firstname'], $row_student_list['lastname']);
$table_list .= '<tr class="'.$class_stdlist.'"><td><a href="../user/userInfo.php?uInfo='.$row_student_list['user_id'].'&amp;tipo=sdtlist&amp;'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.Security::remove_XSS($my_forum).$origin_string.'">'.$name_user_theme.'</a></td>';
$table_list .= '<tr class="'.$class_stdlist.'"><td><a href="../user/userInfo.php?uInfo='.$row_student_list['user_id'].'&amp;tipo=sdtlist&amp;'.api_get_cidreq().'&amp;forum='.Security::remove_XSS($my_forum).$origin_string.'">'.$name_user_theme.'</a></td>';
if ($_GET['list'] == 'qualify') {
$table_list .= '<td>'.$row_student_list['qualify'].'/'.$max_qualify.'</td>';
}
if (api_is_allowed_to_edit(null, true)) {
$current_qualify_thread = show_qualify('1', $_GET['cidReq'], $my_forum, $row_student_list['user_id'], $_GET['id']);
$table_list .= '<td><a href="forumqualify.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.Security::remove_XSS($my_forum).'&amp;thread='.Security::remove_XSS($_GET['id']).'&amp;user='.$row_student_list['user_id'].'&amp;user_id='.$row_student_list['user_id'].'&amp;idtextqualify='.$current_qualify_thread.'&amp;origin='.$origin.'">'.Display::return_icon($icon_qualify, get_lang('Qualify')).'</a></td></tr>';
$current_qualify_thread = show_qualify('1', $row_student_list['user_id'], $_GET['id']);
$table_list .= '<td><a href="forumqualify.php?'.api_get_cidreq().'&amp;forum='.Security::remove_XSS($my_forum).'&amp;thread='.Security::remove_XSS($_GET['id']).'&amp;user='.$row_student_list['user_id'].'&amp;user_id='.$row_student_list['user_id'].'&amp;idtextqualify='.$current_qualify_thread.'&amp;origin='.$origin.'">'.Display::return_icon($icon_qualify, get_lang('Qualify')).'</a></td></tr>';
}
$counter_stdlist++;
}
@ -263,7 +263,7 @@ echo '<div class="actions">';
if ($origin != 'learnpath') {
if ($origin=='group') {
echo '<a href="../group/group_space.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;gradebook='.$gradebook.'">'.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('Groups'),'',ICON_SIZE_MEDIUM).'</a>';
echo '<a href="../group/group_space.php?'.api_get_cidreq().'&amp;gradebook='.$gradebook.'">'.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('Groups'),'',ICON_SIZE_MEDIUM).'</a>';
} else {
echo '<span style="float:right;">'.search_link().'</span>';
echo '<a href="index.php">'.Display::return_icon('back.png', get_lang('BackToForumOverview'), '', ICON_SIZE_MEDIUM).'</a>';
@ -279,10 +279,10 @@ if (api_is_allowed_to_edit(false, true) OR ($current_forum['allow_new_threads']
if ($current_forum['locked'] <> 1 AND $current_forum['locked'] <> 1) {
if (!api_is_anonymous()) {
if ($my_forum == strval(intval($my_forum))) {
echo '<a href="newthread.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.Security::remove_XSS($my_forum).$origin_string.'">'.Display::return_icon('new_thread.png',get_lang('NewTopic'),'',ICON_SIZE_MEDIUM).'</a>';
echo '<a href="newthread.php?'.api_get_cidreq().'&amp;forum='.Security::remove_XSS($my_forum).$origin_string.'">'.Display::return_icon('new_thread.png',get_lang('NewTopic'),'',ICON_SIZE_MEDIUM).'</a>';
} else {
$my_forum = strval(intval($my_forum));
echo '<a href="newthread.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.$my_forum.$origin_string.'">'.Display::return_icon('new_thread.png',get_lang('NewTopic'),'',ICON_SIZE_MEDIUM).'</a>';
echo '<a href="newthread.php?'.api_get_cidreq().'&amp;forum='.$my_forum.$origin_string.'">'.Display::return_icon('new_thread.png',get_lang('NewTopic'),'',ICON_SIZE_MEDIUM).'</a>';
}
}
} else {
@ -351,7 +351,7 @@ if (is_array($threads)) {
}
echo '</td>';
echo '<td>';
echo '<a href="viewthread.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;gradebook='.Security::remove_XSS($_GET['gradebook']).'&amp;forum='.Security::remove_XSS($my_forum).'&amp;origin='.$origin.'&amp;thread='.$row['thread_id'].$origin_string.'&amp;search='.Security::remove_XSS(urlencode($my_search)).'" '.class_visible_invisible($row['visibility']).'>'.prepare4display($row['thread_title']).'</a></td>';
echo '<a href="viewthread.php?'.api_get_cidreq().'&amp;gradebook='.Security::remove_XSS($_GET['gradebook']).'&amp;forum='.Security::remove_XSS($my_forum).'&amp;origin='.$origin.'&amp;thread='.$row['thread_id'].$origin_string.'&amp;search='.Security::remove_XSS(urlencode($my_search)).'" '.class_visible_invisible($row['visibility']).'>'.prepare4display($row['thread_title']).'</a></td>';
echo '<td>'.$row['thread_replies'].'</td>';
echo '<td>'.$row['thread_views'].'</td>';
// display the author name
@ -404,7 +404,7 @@ if (is_array($threads)) {
if (api_is_allowed_to_edit(false, true) && !(api_is_course_coach() && $current_forum['session_id'] != $_SESSION['id_session'])) {
echo '<a href="editpost.php?'.api_get_cidreq().'&amp;forum='.Security::remove_XSS($my_forum).'&amp;thread='.Security::remove_XSS($row['thread_id']).'&amp;post='.$row_post_id['post_id'].'&amp;gidReq='.$_SESSION['toolgroup'].'&amp;origin='.$origin.'&amp;id_attach='.$id_attach.'">'.Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL).'</a>';
if (api_resource_is_locked_by_gradebook($row['thread_id'])) {
if (api_resource_is_locked_by_gradebook($row['thread_id'], LINK_FORUM_THREAD)) {
echo Display::return_icon('delete_na.png', get_lang('ResourceLockedByGradebook'), array(), ICON_SIZE_SMALL);
} else {
echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;forum='.Security::remove_XSS($my_forum).'&amp;action=delete&amp;content=thread&amp;gidReq='.$_SESSION['toolgroup'].'&amp;id='.$row['thread_id'].$origin_string."\" onclick=\"javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('DeleteCompleteThread'), ENT_QUOTES))."')) return false;\">".Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL).'</a>';

31
main/forum/viewpost.inc.php
Unescape View File

@ -4,11 +4,9 @@
* @package chamilo.forum
*/
$course = api_get_course_info();
$rows = get_thread_user_post($course['dbName'], $current_thread['thread_id'], $_GET['user']);
$sw = true;
if (isset($rows)){
$rows = get_thread_user_post($course['code'], $current_thread['thread_id'], $_GET['user']);
if (isset($rows)) {
$counter = 1;
foreach ($rows as $row) {
if ($row['status']=='0') {
$style =" id = 'post".$post_en."' class=\"hide-me\" style=\"border:1px solid red; display:none; background-color:#F7F7F7; width:95%; margin: 0px 0px 4px 40px; \" ";
@ -16,19 +14,18 @@ if (isset($rows)){
} else {
$style = "";
$post_en = $row['post_parent_id'];
//$url_post = '<a href="javascript:;" onclick="javascript:hidecontent(\'#post'.$row['post_parent_id'].'\')"> '.get_lang('ViewComentPost').'</a> ';
}
if ($row['user_id']=='0') {
if ($row['user_id'] == '0') {
$name=prepare4display($row['poster_name']);
} else {
$name=api_get_person_name($row['firstname'], $row['lastname']);
}
if ($sw === true) {
echo "<div style=\"border: 1px solid #000000; padding: 4px 0px 0px 4px; margin-top:5px;\" > <h3> $name </h3> </div>";
$sw = false;
if ($counter == 1) {
echo Display::page_subheader($name);
}
echo "<div ".$style."><table width=\"100%\" class=\"post\" cellspacing=\"5\" border=\"0\" >";
echo "<div ".$style."><table class=\"data_table\">";
// the style depends on the status of the message: approved or not
//echo 'dd'.$row['status'];
@ -46,7 +43,7 @@ if (isset($rows)){
echo "<tr>";
echo "<td rowspan=\"3\" class=\"$leftclass\">";
echo '<br /><b>'.$row['post_date'].'</b><br />';
echo '<br /><b>'. api_convert_and_format_date($row['post_date'], DATE_TIME_FORMAT_LONG).'</b><br />';
if (api_is_allowed_to_edit(null,true)) {
echo $url_post;
@ -85,6 +82,7 @@ if (isset($rows)){
unset($_SESSION['whatsnew_post_info'][$current_forum['forum_id']][$current_thread['thread_id']][$row['post_id']]);
unset($_SESSION['whatsnew_post_info'][$current_forum['forum_id']][$current_thread['thread_id']]);
echo "</table></div>";
$counter++;
}
}
@ -94,18 +92,15 @@ $current_thread = get_thread_information($_GET['thread']);
$threadid = $current_thread['thread_id'];
$qualify = (int)$_POST['idtextqualify'];
//return Max qualify thread
$max_qualify=show_qualify('2',$_GET['cidReq'],$_GET['forum'],$userid,$threadid);
$current_qualify_thread=show_qualify('1',$_GET['cidReq'],$_GET['forum'],$userid,$threadid);
$max_qualify=show_qualify('2', $userid,$threadid);
$current_qualify_thread=show_qualify('1',$userid,$threadid);
if (isset($_POST['idtextqualify'])) {
store_theme_qualify($userid,$threadid,$qualify,$_SESSION['_user']['user_id'],date('Y-m-d H:i:s'),'');
}
$result = get_statistical_information($current_thread['thread_id'], $_GET['user_id'], $_GET['cidReq']);
if($userinf['status']!='1') {
if ($userinf['status']!='1') {
echo '<div class="forum-qualification-input-box">';
require_once 'forumbody.inc.php';
//echo '<a href="forumqualify.php?'.api_get_cidreq().'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'&amp;origin='.$origin.'&amp;user_id='.$userid.'">'.get_lang('ViewHistoryChange').'</a>';
echo '</div>';
}

45
main/forum/viewthread_flat.inc.php
Unescape View File

@ -17,8 +17,10 @@ if (isset($current_thread['thread_id'])){
$clean_forum_id = intval($_GET['forum']);
$clean_thread_id = intval($_GET['thread']);
$locked = api_resource_is_locked_by_gradebook($clean_thread_id, LINK_FORUM_THREAD);
foreach ($rows as $row) {
echo '<table width="100%" class="forum_table" cellspacing="5" border="0">';
// the style depends on the status of the message: approved or not
if ($row['visible']=='0') {
@ -59,44 +61,47 @@ if (isset($current_thread['thread_id'])){
// The course admin him/herself can do this off course always
if ( GroupManager::is_tutor_of_group(api_get_user_id(), $group_id) OR ($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
if (api_is_allowed_to_session_edit(false,true)) {
echo "<a href=\"editpost.php?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;post=".$row['post_id']."&amp;origin=".$origin."&amp;edit=edition&amp;id_attach=".$id_attach."\">".Display::return_icon('edit.png',get_lang('Edit'), array(), ICON_SIZE_SMALL)."</a>";
if ($locked == false) {
echo "<a href=\"editpost.php?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;post=".$row['post_id']."&amp;origin=".$origin."&amp;edit=edition&amp;id_attach=".$id_attach."\">".Display::return_icon('edit.png',get_lang('Edit'), array(), ICON_SIZE_SMALL)."</a>";
}
}
}
if ($origin != 'learnpath') {
if (GroupManager::is_tutor_of_group(api_get_user_id(), $group_id) OR api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) {
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=delete&amp;content=post&amp;id=".$row['post_id']."&amp;origin=".$origin."\" onclick=\"javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('DeletePost'), ENT_QUOTES))."')) return false;\">".Display::return_icon('delete.png', get_lang('Delete'),array(), ICON_SIZE_SMALL)."</a>";
if ($locked == false) {
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=delete&amp;content=post&amp;id=".$row['post_id']."&amp;origin=".$origin."\" onclick=\"javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('DeletePost'), ENT_QUOTES))."')) return false;\">".Display::return_icon('delete.png', get_lang('Delete'),array(), ICON_SIZE_SMALL)."</a>";
}
}
if (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) {
display_visible_invisible_icon('post', $row['post_id'], $row['visible'],array('forum'=>$clean_forum_id,'thread'=>$clean_thread_id, 'origin'=>$origin ));
echo "";
if ($increment>0) {
echo "<a href=\"viewthread.php?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=move&amp;post=".$row['post_id']."&amp;origin=".$origin."\">".Display::return_icon('move.png',get_lang('MovePost'), array(), ICON_SIZE_SMALL)."</a>";
echo "<a href=\"viewthread.php?".api_get_cidreq()."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=move&amp;post=".$row['post_id']."&amp;origin=".$origin."\">".Display::return_icon('move.png',get_lang('MovePost'), array(), ICON_SIZE_SMALL)."</a>";
}
}
}
$userinf = api_get_user_info($row['user_id']);
$user_status = api_get_status_of_user_in_course($row['user_id'],api_get_course_id());
$current_qualify_thread = show_qualify('1',$_GET['cidReq'],$_GET['forum'],$row['poster_id'],$_GET['thread']);
$user_status = api_get_status_of_user_in_course($row['user_id'], api_get_course_id());
$current_qualify_thread = show_qualify('1', $row['poster_id'],$_GET['thread']);
if (api_is_allowed_to_edit(null,true) && $origin != 'learnpath') {
if( isset($_GET['gradebook'])){
if ($increment>0 && $user_status!=1 ) {
$info_thread=get_thread_information($clean_thread_id);
echo "<a href=\"forumqualify.php?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$info_thread['forum_id']."&amp;thread=".$clean_thread_id."&amp;action=list&amp;post=".$row['post_id']."&amp;user=".$row['poster_id']."&amp;user_id=".$row['poster_id']."&amp;origin=".$origin."&amp;idtextqualify=".$current_qualify_thread."&amp;gradebook=".Security::remove_XSS($_GET['gradebook'])."\" >".Display::return_icon('quiz.gif',get_lang('Qualify'))."</a> ";
}
} else {
if ($increment>0 && $user_status!=1 ) {
echo "<a href=\"forumqualify.php?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=list&amp;post=".$row['post_id']."&amp;user=".$row['poster_id']."&amp;user_id=".$row['poster_id']."&amp;origin=".$origin."&amp;idtextqualify=".$current_qualify_thread."\" >".Display::return_icon('new_test_small.gif',get_lang('Qualify'))."</a>";
}
}
$my_forum_id = $clean_forum_id;
if (isset($_GET['gradebook'])) {
$info_thread = get_thread_information($clean_thread_id);
$my_forum_id = $info_thread['forum_id'];
}
if ($increment > 0 && $locked == false) {
echo "<a href=\"forumqualify.php?".api_get_cidreq()."&amp;forum=".$my_forum_id."&amp;thread=".$clean_thread_id."&amp;action=list&amp;post=".$row['post_id']."&amp;user=".$row['poster_id']."&amp;user_id=".$row['poster_id']."&amp;origin=".$origin."&amp;idtextqualify=".$current_qualify_thread."&amp;gradebook=".Security::remove_XSS($_GET['gradebook'])."\" >".
Display::return_icon('quiz.gif',get_lang('Qualify'))."</a> ";
}
}
//echo '<br /><br />';
if (($current_forum_category && $current_forum_category['locked']==0) AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit(false,true)) {
if ($_user['user_id'] OR ($current_forum['allow_anonymous']==1 AND !$_user['user_id'])) {
if (!api_is_anonymous() && api_is_allowed_to_session_edit(false,true)) {
echo '<a href="reply.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;post='.$row['post_id'].'&amp;action=replymessage&amp;origin='.$origin.'">'.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage'))."</a>";
echo '<a href="reply.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;post='.$row['post_id'].'&amp;action=quote&amp;origin='.$origin.'">'.Display :: return_icon('quote.gif', get_lang('QuoteMessage'))."</a>";
echo '<a href="reply.php?'.api_get_cidreq().'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;post='.$row['post_id'].'&amp;action=replymessage&amp;origin='.$origin.'">'.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage'))."</a>";
echo '<a href="reply.php?'.api_get_cidreq().'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;post='.$row['post_id'].'&amp;action=quote&amp;origin='.$origin.'">'.Display :: return_icon('quote.gif', get_lang('QuoteMessage'))."</a>";
}
}
} else {

33
main/forum/viewthread_nested.inc.php
Unescape View File

@ -30,6 +30,8 @@ $clean_thread_id = intval($_GET['thread']);
$group_id = api_get_group_id();
$locked = api_resource_is_locked_by_gradebook($clean_thread_id, LINK_FORUM_THREAD);
foreach ($rows as $post) {
// The style depends on the status of the message: approved or not.
if ($post['visible']=='0') {
@ -66,12 +68,15 @@ foreach ($rows as $post) {
// The course admin him/herself can do this off course always
//if (($current_forum['allow_edit']==1 AND $post['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
if (GroupManager::is_tutor_of_group(api_get_user_id(), $group_id) OR ($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
echo "<a href=\"editpost.php?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;origin=".$origin."&amp;post=".$post['post_id']."&amp;id_attach=".$id_attach."\">".Display::return_icon('edit.png',get_lang('Edit'), array(), ICON_SIZE_SMALL)."</a>";
if ($locked == false) {
echo "<a href=\"editpost.php?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;origin=".$origin."&amp;post=".$post['post_id']."&amp;id_attach=".$id_attach."\">".Display::return_icon('edit.png',get_lang('Edit'), array(), ICON_SIZE_SMALL)."</a>";
}
}
if (GroupManager::is_tutor_of_group(api_get_user_id(), $group_id) OR api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) {
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=delete&amp;content=post&amp;id=".$post['post_id']."\" onclick=\"javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('DeletePost'), ENT_QUOTES))."')) return false;\">".Display::return_icon('delete.png',get_lang('Delete'), array(), ICON_SIZE_SMALL)."</a>";
if ($locked == false) {
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=delete&amp;content=post&amp;id=".$post['post_id']."\" onclick=\"javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('DeletePost'), ENT_QUOTES))."')) return false;\">".Display::return_icon('delete.png',get_lang('Delete'), array(), ICON_SIZE_SMALL)."</a>";
}
}
if (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) {
@ -83,10 +88,14 @@ foreach ($rows as $post) {
}
$userinf=api_get_user_info($post['user_id']);
$user_status=api_get_status_of_user_in_course($post['user_id'],api_get_course_id());
if (api_is_allowed_to_edit(null,true)) {
if ($count>0 && $user_status!=1) {
$current_qualify_thread=show_qualify('1',$_GET['cidReq'],$_GET['forum'],$post['user_id'],$_GET['thread']);
echo "<a href=\"forumqualify.php?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=list&amp;post=".$post['post_id']."&amp;user=".$post['user_id']."&amp;user_id=".$post['user_id']."&amp;origin=".$origin."&amp;idtextqualify=".$current_qualify_thread."\" >".Display::return_icon('new_test_small.gif',get_lang('Qualify'))."</a>";
if (api_is_allowed_to_edit(null,true)) {
//if ($count>0 && $user_status!=1) {
if ($count>0) {
$current_qualify_thread=show_qualify('1', $post['user_id'],$_GET['thread']);
if ($locked == false) {
echo "<a href=\"forumqualify.php?".api_get_cidreq()."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=list&amp;post=".$post['post_id']."&amp;user=".$post['user_id']."&amp;user_id=".$post['user_id']."&amp;origin=".$origin."&amp;idtextqualify=".$current_qualify_thread."\" >".Display::return_icon('new_test_small.gif',get_lang('Qualify'))."</a>";
}
}
}
//echo '<br /><br />';
@ -94,8 +103,8 @@ foreach ($rows as $post) {
if (($current_forum_category && $current_forum_category['locked']==0) AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit(false,true)) {
if ($_user['user_id'] OR ($current_forum['allow_anonymous']==1 AND !$_user['user_id'])) {
if (!api_is_anonymous() && api_is_allowed_to_session_edit(false,true)) {
echo '<a href="reply.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;post='.$post['post_id'].'&amp;action=replymessage&amp;origin='. $origin .'">'.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage'))."</a>";
echo '<a href="reply.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;post='.$post['post_id'].'&amp;action=quote&amp;origin='. $origin .'">'.Display :: return_icon('quote.gif', get_lang('QuoteMessage'))."</a>";
echo '<a href="reply.php?'.api_get_cidreq().'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;post='.$post['post_id'].'&amp;action=replymessage&amp;origin='. $origin .'">'.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage'))."</a>";
echo '<a href="reply.php?'.api_get_cidreq().'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;post='.$post['post_id'].'&amp;action=quote&amp;origin='. $origin .'">'.Display :: return_icon('quote.gif', get_lang('QuoteMessage'))."</a>";
}
}
} else {
@ -130,7 +139,7 @@ foreach ($rows as $post) {
// The check if there is an attachment
$attachment_list=get_attachment($post['post_id']);
$attachment_list = get_attachment($post['post_id']);
if (!empty($attachment_list)) {
echo '<tr><td height="50%">';
@ -143,7 +152,7 @@ foreach ($rows as $post) {
echo ' "> '.$user_filename.' </a>';
echo '<span class="forum_attach_comment" >'.$attachment_list['comment'].'</span>';
if (($current_forum['allow_edit']==1 AND $post['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
}
echo '</td></tr>';
}
@ -154,4 +163,4 @@ foreach ($rows as $post) {
echo "</table>";
echo "</div>";
$count++;
}
}

50
main/forum/viewthread_threaded.inc.php
Unescape View File

@ -57,6 +57,7 @@ $prev_next_array=array();
$clean_forum_id = intval($_GET['forum']);
$clean_thread_id = intval($_GET['thread']);
$group_id = api_get_group_id();
foreach ($rows as $post) {
@ -86,6 +87,8 @@ foreach ($rows as $post) {
$count++;
}
$locked = api_resource_is_locked_by_gradebook($clean_thread_id, LINK_FORUM_THREAD);
/* NAVIGATION CONTROLS */
$current_id=array_search($display_post_id,$prev_next_array);
@ -106,20 +109,17 @@ $prev_img = Display::return_icon('action_prev.png',get_lang('PrevMessage'), arr
$next_img = Display::return_icon('action_next.png',get_lang('NextMessage'), array('style' => 'vertical-align: middle;'));
// links
$first_href = 'viewthread.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;gradebook='.$gradebook.'&amp;origin='.$origin.'&amp;id=1&amp;post='.$prev_next_array[0];
$last_href = 'viewthread.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;gradebook='.$gradebook.'&amp;origin='.$origin.'&amp;post='.$prev_next_array[$max-1];
$prev_href = 'viewthread.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;gradebook='.$gradebook.'&amp;origin='.$origin.'&amp;post='.$prev_next_array[$prev_id];
$next_href = 'viewthread.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;gradebook='.$gradebook.'&amp;origin='.$origin.'&amp;post='.$prev_next_array[$next_id];
$first_href = 'viewthread.php?'.api_get_cidreq().'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;gradebook='.$gradebook.'&amp;origin='.$origin.'&amp;id=1&amp;post='.$prev_next_array[0];
$last_href = 'viewthread.php?'.api_get_cidreq().'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;gradebook='.$gradebook.'&amp;origin='.$origin.'&amp;post='.$prev_next_array[$max-1];
$prev_href = 'viewthread.php?'.api_get_cidreq().'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;gradebook='.$gradebook.'&amp;origin='.$origin.'&amp;post='.$prev_next_array[$prev_id];
$next_href = 'viewthread.php?'.api_get_cidreq().'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;gradebook='.$gradebook.'&amp;origin='.$origin.'&amp;post='.$prev_next_array[$next_id];
echo '<center style="margin-top: 10px; margin-bottom: 10px;">';
//go to: first and previous
if ((int)$current_id > 0)
{
if ((int)$current_id > 0) {
echo '<a href="'.$first_href.'" '.$class.' title='.$first_message.'>'.$first_img.' '.$first_message.'</a>';
echo '<a href="'.$prev_href.'" '.$class_prev.' title='.$prev_message.'>'.$prev_img.' '.$prev_message.'</a>';
}
else
{
} else {
echo '<b><span class="invisible">'.$first_img.' '.$first_message.'</b></span>';
echo '<b><span class="invisible">'.$prev_img.' '.$prev_message.'</b></span>';
}
@ -137,8 +137,6 @@ if (($current_id+1) < $max) {
}
echo '</center>';
//--------------------------------------------------------------------------------------------
// the style depends on the status of the message: approved or not
if ($rows[$display_post_id]['visible']=='0') {
$titleclass='forum_message_post_title_2_be_approved';
@ -176,12 +174,15 @@ $id_attach = !empty($attachment_list)?$attachment_list['id']:'';
// The course admin him/herself can do this off course always
//if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
if ( GroupManager::is_tutor_of_group(api_get_user_id(), $group_id) OR ($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
echo "<a href=\"editpost.php?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;origin=".$origin."&amp;post=".$rows[$display_post_id]['post_id']."&amp;id_attach=".$id_attach."\">".Display::return_icon('edit.png',get_lang('Edit'), array(), ICON_SIZE_SMALL)."</a>";
if ($locked == false) {
echo "<a href=\"editpost.php?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;origin=".$origin."&amp;post=".$rows[$display_post_id]['post_id']."&amp;id_attach=".$id_attach."\">".Display::return_icon('edit.png',get_lang('Edit'), array(), ICON_SIZE_SMALL)."</a>";
}
}
if (GroupManager::is_tutor_of_group(api_get_user_id(), $group_id) OR api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) {
//if (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) {
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=delete&amp;content=post&amp;id=".$rows[$display_post_id]['post_id']."\" onclick=\"javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('DeletePost'), ENT_QUOTES))."')) return false;\">".Display::return_icon('delete.png',get_lang('Delete'), array(), ICON_SIZE_SMALL)."</a>";
if ($locked == false) {
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=delete&amp;content=post&amp;id=".$rows[$display_post_id]['post_id']."\" onclick=\"javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('DeletePost'), ENT_QUOTES))."')) return false;\">".Display::return_icon('delete.png',get_lang('Delete'), array(), ICON_SIZE_SMALL)."</a>";
}
display_visible_invisible_icon('post', $rows[$display_post_id]['post_id'], $rows[$display_post_id]['visible'],array('forum'=>$clean_forum_id,'thread'=>$clean_thread_id, 'post'=>Security::remove_XSS($_GET['post']) ));
echo "";
//verified the post minor
@ -204,20 +205,21 @@ if (GroupManager::is_tutor_of_group(api_get_user_id(), $group_id) OR api_is_allo
$userinf=api_get_user_info($rows[$display_post_id]['user_id']);
$user_status=api_get_status_of_user_in_course($rows[$display_post_id]['user_id'],api_get_course_id());
if (api_is_allowed_to_edit(null,true)) {
if($post_id>$post_minor ) {
if($user_status!=1) {
$current_qualify_thread=show_qualify('1',$_GET['cidReq'],$_GET['forum'],$rows[$display_post_id]['user_id'],$_GET['thread']);
echo "<a href=\"forumqualify.php?".api_get_cidreq()."&amp;gidReq=".Security::remove_XSS($_GET['gidReq'])."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=list&amp;post=".$rows[$display_post_id]['post_id']."&amp;user=".$rows[$display_post_id]['user_id']."&amp;user_id=".$rows[$display_post_id]['user_id']."&amp;origin=".$origin."&amp;idtextqualify=".$current_qualify_thread."\" >".Display::return_icon('new_test_small.gif',get_lang('Qualify'))."</a>";
}
if ($post_id > $post_minor ) {
//if ($user_status!=1) {
$current_qualify_thread=show_qualify('1', $rows[$display_post_id]['user_id'],$_GET['thread']);
if ($locked == false) {
echo "<a href=\"forumqualify.php?".api_get_cidreq()."&amp;forum=".$clean_forum_id."&amp;thread=".$clean_thread_id."&amp;action=list&amp;post=".$rows[$display_post_id]['post_id']."&amp;user=".$rows[$display_post_id]['user_id']."&amp;user_id=".$rows[$display_post_id]['user_id']."&amp;origin=".$origin."&amp;idtextqualify=".$current_qualify_thread."\" >".Display::return_icon('new_test_small.gif',get_lang('Qualify'))."</a>";
}
//}
}
}
//echo '<br /><br />';
//if (($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0) OR api_is_allowed_to_edit())
if (($current_forum_category && $current_forum_category['locked']==0) AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit(false,true)) {
if ($_user['user_id'] OR ($current_forum['allow_anonymous']==1 AND !$_user['user_id'])) {
if (!api_is_anonymous() && api_is_allowed_to_session_edit(false,true)) {
echo '<a href="reply.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;post='.$rows[$display_post_id]['post_id'].'&amp;action=replymessage&amp;origin='. $origin .'">'.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage'))."</a>";
echo '<a href="reply.php?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;post='.$rows[$display_post_id]['post_id'].'&amp;action=quote&amp;origin='. $origin .'">'.Display :: return_icon('quote.gif', get_lang('QuoteMessage'))."</a>";
echo '<a href="reply.php?'.api_get_cidreq().'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;post='.$rows[$display_post_id]['post_id'].'&amp;action=replymessage&amp;origin='. $origin .'">'.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage'))."</a>";
echo '<a href="reply.php?'.api_get_cidreq().'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'&amp;post='.$rows[$display_post_id]['post_id'].'&amp;action=quote&amp;origin='. $origin .'">'.Display :: return_icon('quote.gif', get_lang('QuoteMessage'))."</a>";
}
}
} else {
@ -264,7 +266,7 @@ if (!empty($attachment_list)) {
echo ' "> '.$user_filename.' </a>';
echo '<span class="forum_attach_comment" >'.Security::remove_XSS($attachment_list['comment'], STUDENT).'</span>';
if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;gidReq='.Security::remove_XSS($_GET['gidReq']).'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTESt)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.$clean_forum_id.'&amp;thread='.$clean_thread_id.'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTESt)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
}
echo '</td></tr>';
}

11
main/inc/lib/display.lib.php
Unescape View File

@ -1350,11 +1350,16 @@ class Display {
return 'data_table';
}
function page_header($title) {
return '<div class="page-header"><h1>'.Security::remove_XSS($title).'</h1></div>';
public function page_header($title, $second_title = null) {
$title = Security::remove_XSS($title);
if (!empty($second_title)) {
$second_title = Security::remove_XSS($second_title);
$title .= "<small> $second_title<small>";
}
return '<div class="page-header"><h1>'.$title.'</h1></div>';
}
function page_subheader($title) {
public function page_subheader($title) {
return '<div class="page-header"><h2>'.Security::remove_XSS($title).'</h2></div>';
}

6
tests/main/forum/forumfunction.inc.test.php
Unescape View File

@ -1069,12 +1069,10 @@ class TestForumFunction extends UnitTestCase {
*/
public function testshow_qualify() {
$option = 1;
$couser_id = 1;
$forum_id = 1;
$option = 1;
$user_id = 1;
$thread_id = 1;
$res = show_qualify($option,$couser_id,$forum_id,$user_id,$thread_id);
$res = show_qualify($option,$user_id,$thread_id);
if(!is_numeric($res)){
$this->assertTrue(is_null($res));
} else {

Write Preview
Loading…
Cancel
Save