Update from 1.11.x

4 years ago · c8885dc3d2
parent fd5dc537e0
commit c8885dc3d2
49 changed files with 155 additions and 124 deletions
--- a/.htaccess
+++ b/.htaccess
@ -14,6 +14,9 @@ RedirectMatch 403 ^/main/default_course_document/images/.*\.ph(p[3457]?|t|tml|ar
 RedirectMatch 403 ^/main/lang/.*\.ph(p[3457]?|t|tml|ar)$
 RedirectMatch 403 ^/web/(!app.php).*\.ph(p[3457]?|t|tml|ar)$

+RewriteRule ^/?app/config/.*\.yml$ - [F,L]
+RewriteRule ^/?app/config/.*\.yaml$ - [F,L]
+
 # http://my.chamilo.net/certificates/?id=123 to http://my.chamilo.net/certificates/index.php?id=123
 RewriteCond %{QUERY_STRING} ^id=(.*)$
 RewriteRule ^certificates/$ certificates/index.php?id=%1 [L]
@ -47,13 +50,13 @@ RewriteRule ^courses/([^/]+)/course-pic.png$ main/inc/ajax/course.ajax.php?a=get
 RewriteRule ^courses/([^/]+)/(.*)$ app/courses/$1/$2 [QSA,L]

 # About session
-RewriteRule ^session/(\d{1,})/about/?$ main/session/about.php?session_id=$1 [L]
+RewriteRule ^session/(\d{1,})/about/?$ main/session/about.php?session_id=$1 [QSA,L]

 # About course
-RewriteRule ^course/(\d{1,})/about/?$ main/course_info/about.php?course_id=$1 [L]
+RewriteRule ^course/(\d{1,})/about/?$ main/course_info/about.php?course_id=$1 [QSA,L]

 # Issued individual badge friendly URL
-RewriteRule ^badge/(\d{1,})/?$ main/badge/issued.php?issue=$1 [L]
+RewriteRule ^badge/(\d{1,})/?$ main/badge/issued.php?issue=$1 [QSA,L]

 # Issued badges friendly URL
 RewriteRule ^skill/(\d{1,})/user/(\d{1,})/?$ main/badge/issued_all.php?skill=$1&user=$2 [L]
--- a/index.php
+++ b/index.php
@ -61,7 +61,7 @@ if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {
    );
    echo 'Attempted breakin - sysadmins notified.';
    session_destroy();
-    die();
+    exit();
 }
 // Delete session item necessary to check for legal terms
 if (api_get_setting('allow_terms_conditions') === 'true') {
--- a/main/admin/course_information.php
+++ b/main/admin/course_information.php
@ -4,8 +4,6 @@
 * This script gives information about a course.
 *
 * @author Bart Mollet
- *
- * @package chamilo.admin
 */
 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';
@ -70,8 +68,8 @@ function get_course_usage($course, $session_id = 0)

    $usage = [];
    $conditionSession = '';
-    if ($session_id !== '') {
-        $session_id = intval($session_id);
+    if ('' !== $session_id) {
+        $session_id = (int) $session_id;
        $conditionSession = " AND session_id = '$session_id' ";
    }

@ -131,11 +129,11 @@ $sql = "SELECT *, cu.status as course_status
 if (api_is_multiple_url_enabled()) {
    $sql .= " INNER JOIN ".Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER)." url_rel_user
        ON 
-            u.user_id = url_rel_user.user_id AND 
+            u.id = url_rel_user.user_id AND
            url_rel_user.access_url_id = ".api_get_current_access_url_id();
 }
 $sql .= " WHERE
-            cu.user_id = u.user_id AND
+            cu.user_id = u.id AND
            cu.c_id = '".$courseId."' AND
            cu.relation_type <> ".COURSE_RELATION_TYPE_RRHH;
 $res = Database::query($sql);
--- a/main/admin/course_list.php
+++ b/main/admin/course_list.php
@ -444,9 +444,11 @@ if (isset($_GET['search']) && $_GET['search'] === 'advanced') {
    ];
    $tool_name = get_lang('CourseList');
    if (isset($_GET['delete_course'])) {
-        CourseManager::delete_course($_GET['delete_course']);
+        $result = CourseManager::delete_course($_GET['delete_course']);
+        if ($result) {
            Display::addFlash(Display::return_message(get_lang('Deleted')));
        }
+    }
    // Create a search-box
    $form = new FormValidator(
        'search_simple',
--- a/main/admin/gradebook_list.php
+++ b/main/admin/gradebook_list.php
@ -10,7 +10,7 @@ require_once __DIR__.'/../inc/global.inc.php';
 api_protect_admin_script();

 $allow = api_get_configuration_value('gradebook_dependency');
-if ($allow == false) {
+if (false == $allow) {
    api_not_allowed(true);
 }

--- a/main/admin/index.php
+++ b/main/admin/index.php
@ -6,6 +6,7 @@
 * Index page of the admin tools.
 */

+// Resetting the course id.
 $cidReset = true;

 // Including some necessary chamilo files.
--- a/main/admin/languages.php
+++ b/main/admin/languages.php
@ -12,8 +12,6 @@
 * @author Roan EMbrechts, code cleaning
 *
 * @since Dokeos 1.6
- *
- * @package chamilo.admin
 */

 // we are in the admin area so we do not need a course id
--- a/main/admin/ldap_import_students.php
+++ b/main/admin/ldap_import_students.php
@ -88,7 +88,7 @@ if (empty($annee) && empty($course)) {
    echo '<br />';
    echo '<h3>'.Display::return_icon('group.gif', get_lang('SelectStudents')).' '.get_lang('SelectStudents').'</h3>';
    //echo "Connection ...";
-    $ds = ldap_connect($ldap_host, $ldap_port) or die(get_lang('LDAPConnectionError'));
+    $ds = ldap_connect($ldap_host, $ldap_port) or exit(get_lang('LDAPConnectionError'));
    ldap_set_version($ds);

    if ($ds) {
--- a/main/admin/ldap_import_students_to_session.php
+++ b/main/admin/ldap_import_students_to_session.php
@ -94,7 +94,7 @@ elseif (!empty($annee) && !empty($id_session) && empty($_POST['confirmed'])) {
    echo '<br />';
    echo '<h3>'.Display::return_icon('group.gif', get_lang('SelectStudents')).' '.get_lang('SelectStudents').'</h3>';
    //echo "Connection ...";
-    $ds = ldap_connect($ldap_host, $ldap_port) or die(get_lang('LDAPConnectionError'));
+    $ds = ldap_connect($ldap_host, $ldap_port) or exit(get_lang('LDAPConnectionError'));
    ldap_set_version($ds);
    if ($ds) {
        $r = false;
--- a/main/admin/legal_list.php
+++ b/main/admin/legal_list.php
@ -5,8 +5,6 @@ use Chamilo\CoreBundle\Entity\Repository\LegalRepository;

 /**
 * Sessions list script.
- *
- * @package chamilo.admin
 */
 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';
--- a/main/admin/promotions.php
+++ b/main/admin/promotions.php
@ -1,9 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */

-/**
- *  @package chamilo.admin
- */
 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';

--- a/main/admin/questions.php
+++ b/main/admin/questions.php
@ -7,9 +7,6 @@ use ChamiloSession as Session;
 use Doctrine\Common\Collections\Criteria;
 use Knp\Component\Pager\Paginator;

-/**
- *  @package chamilo.admin
- */
 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';

--- a/main/admin/skill.php
+++ b/main/admin/skill.php
@ -5,8 +5,6 @@ use Chamilo\CoreBundle\Entity\Skill;

 /**
 * This script manages the skills, levels and profiles assignments.
- *
- * @package chamilo.skill
 */
 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';
--- a/main/admin/skill_badge.php
+++ b/main/admin/skill_badge.php
@ -4,8 +4,6 @@
 * Show information about Mozilla OpenBadges.
 *
 * @author Angel Fernando Quiroz Campos <angel.quiroz@beeznest.com>
- *
- * @package chamilo.admin.openbadges
 */
 $cidReset = true;

--- a/main/admin/skill_badge_create.php
+++ b/main/admin/skill_badge_create.php
@ -5,8 +5,6 @@
 * Show information about Mozilla OpenBadges.
 *
 * @author Angel Fernando Quiroz Campos <angel.quiroz@beeznest.com>
- *
- * @package chamilo.admin.openbadges
 */
 $cidReset = true;

--- a/main/admin/skill_level.php
+++ b/main/admin/skill_level.php
@ -5,8 +5,6 @@ use Chamilo\SkillBundle\Entity\Level;

 /**
 * Add a skill Level.
- *
- * @package chamilo.skill
 */
 $cidReset = true;

--- a/main/admin/skill_list.php
+++ b/main/admin/skill_list.php
@ -5,8 +5,6 @@
 * Skill list for management.
 *
 * @author Angel Fernando Quiroz Campos <angel.quiroz@beeznest.com>
- *
- * @package chamilo.admin
 */
 $cidReset = true;

--- a/main/admin/skills.php
+++ b/main/admin/skills.php
@ -1,9 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */

-/**
- *  @package chamilo.admin
- */
 $cidReset = true;

 require_once __DIR__.'/../inc/global.inc.php';
--- a/main/admin/skills_gradebook.php
+++ b/main/admin/skills_gradebook.php
@ -1,9 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */

-/**
- *  @package chamilo.admin
- */
 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';

--- a/main/admin/skills_import.php
+++ b/main/admin/skills_import.php
@ -3,7 +3,6 @@
 /**
 * This tool allows platform admins to add skills by uploading a CSV or XML file.
 *
- * @package chamilo.admin
 * @documentation Some interesting basic skills can be found in the "Skills"
 * section here: http://en.wikipedia.org/wiki/Personal_knowledge_management
 */
--- a/main/admin/skills_profile.php
+++ b/main/admin/skills_profile.php
@ -3,9 +3,6 @@

 use ChamiloSession as Session;

-/**
- *  @package chamilo.admin
- */
 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';
 $this_section = SECTION_PLATFORM_ADMIN;
--- a/main/admin/skills_wheel.php
+++ b/main/admin/skills_wheel.php
@ -1,9 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */

-/**
- *  @package chamilo.admin
- */
 $cidReset = true;

 require_once __DIR__.'/../inc/global.inc.php';
--- a/main/admin/specific_fields_add.php
+++ b/main/admin/specific_fields_add.php
@ -3,8 +3,6 @@

 /**
 * Add form.
- *
- * @package chamilo.admin
 */

 // Resetting the course id.
--- a/main/admin/statistics.php
+++ b/main/admin/statistics.php
@ -1,9 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */

-/**
- *   @package chamilo.admin
- */
 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';
 $this_section = SECTION_PLATFORM_ADMIN;
--- a/main/admin/system_status.php
+++ b/main/admin/system_status.php
@ -1,8 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 /**
- * @package chamilo.admin
- *
 * @author Julio Montoya <gugli100@gmail.com>
 */
 $cidReset = true;
--- a/main/admin/teacher_time_report.php
+++ b/main/admin/teacher_time_report.php
@ -354,7 +354,7 @@ if (isset($_GET['export'])) {
            Export::export_table_xls_html($dataToExport, $fileName);
            break;
    }
-    die;
+    exit;
 }

 $form->addSelect(
--- a/main/admin/teachers_time_by_session_report.php
+++ b/main/admin/teachers_time_by_session_report.php
@ -7,8 +7,6 @@ use Doctrine\Common\Collections\Criteria;

 /**
 * Generate a teacher time report in platform by session only.
- *
- * @package chamilo.admin
 */
 $cidReset = true;

--- a/main/attendance/attendance_sheet.php
+++ b/main/attendance/attendance_sheet.php
@ -208,7 +208,7 @@ if (api_is_allowed_to_edit(null, true) ||
        <form method="post" action="index.php?action=attendance_sheet_add&<?php echo api_get_cidreq().$param_filter; ?>&attendance_id=<?php echo $attendance_id; ?>" >
            <div class="attendance-sheet-content" style="width:100%;background-color:#E1E1E1;margin-top:20px;">
                <div class="divTableWithFloatingHeader attendance-users-table" style="width:45%;float:left;margin:0px;padding:0px;">
-                    <table class="tableWithFloatingHeader data_table" width="100%">
+                    <table class="tableWithFloatingHeader table table-hover table-striped data_table" width="100%">
                        <thead>
                        <tr class="tableFloatingHeader" style="position: absolute; top: 0px; left: 0px; visibility: hidden; margin:0px;padding:0px" >
                            <th width="10px"><?php echo '#'; ?></th>
@ -260,7 +260,7 @@ if (api_is_allowed_to_edit(null, true) ||
                <?php

                echo '<div class="divTableWithFloatingHeader attendance-calendar-table" style="margin:0px;padding:0px;float:left;width:55%;overflow:auto;overflow-y:hidden;">';
-        echo '<table class="tableWithFloatingHeader data_table" width="100%">';
+        echo '<table class="tableWithFloatingHeader table table-hover table-striped data_table" width="100%">';
        echo '<thead>';
        $result = null;
        if (count($attendant_calendar) > 0) {
@ -436,7 +436,7 @@ if (api_is_allowed_to_edit(null, true) ||
        </div>
    <?php
    } ?>
-    <table class="data_table">
+    <table class="table table-hover table-striped data_table">
        <tr class="row_odd" >
            <th><?php echo get_lang('Attendance'); ?></th>
        </tr>
--- a/main/blog/blog.php
+++ b/main/blog/blog.php
@ -3,8 +3,6 @@
 /**
 * BLOG HOMEPAGE
 * This file takes care of all blog navigation and displaying.
- *
- * @package chamilo.blogs
 */
 require_once __DIR__.'/../inc/global.inc.php';

@ -31,9 +29,6 @@ $MonthsLong = api_get_months_long();

 $action = isset($_GET['action']) ? $_GET['action'] : null;

-/*
-    PROCESSING
-*/

 $safe_post_file_comment = isset($_POST['post_file_comment']) ? Security::remove_XSS($_POST['post_file_comment']) : null;
 $safe_comment_text = isset($_POST['comment_text']) ? Security::remove_XSS($_POST['comment_text']) : null;
--- a/main/chat/chat.php
+++ b/main/chat/chat.php
@ -16,7 +16,6 @@ $logInfo = [
    'action_details' => 'start-chat',
 ];
 Event::registerLog($logInfo);
-// View
 $externalCSS = [
    'jquery-emojiarea/jquery.emojiarea.css',
    'jquery-textcomplete/jquery.textcomplete.css',
--- a/main/course_description/course_description_controller.php
+++ b/main/course_description/course_description_controller.php
@ -7,8 +7,6 @@
 * it should be included inside a dispatcher file (e.g: index.php).
 *
 * @author Christian Fasanando <christian1827@gmail.com>
- *
- * @package chamilo.course_description
 */
 class CourseDescriptionController
 {
--- a/main/coursecopy/copy_course.php
+++ b/main/coursecopy/copy_course.php
@ -7,8 +7,6 @@ use Chamilo\CourseBundle\Component\CourseCopy\CourseSelectForm;

 /**
 * @todo rework file in order to use addFlash
- *
- * @package chamilo.backup
 */

 // Setting the global file that gets the general configuration, the databases, the languages, ...
--- a/plugin/courseblock/install.php
+++ b/plugin/courseblock/install.php
@ -4,6 +4,6 @@
 require_once __DIR__.'/config.php';

 if (!api_is_platform_admin()) {
-    die('You must have admin permissions to install plugins');
+    exit('You must have admin permissions to install plugins');
 }
 CourseBlockPlugin::create()->install();
--- a/plugin/coursehomenotify/Entity/NotificationRelUser.php
+++ b/plugin/coursehomenotify/Entity/NotificationRelUser.php
@ -68,8 +68,6 @@ class NotificationRelUser
    }

    /**
-     * @param Notification $notification
-     *
     * @return NotificationRelUser
     */
    public function setNotification(Notification $notification)
--- a/plugin/courselegal/install.php
+++ b/plugin/courselegal/install.php
@ -4,6 +4,6 @@
 require_once __DIR__.'/config.php';

 if (!api_is_platform_admin()) {
-    die('You must have admin permissions to install plugins');
+    exit('You must have admin permissions to install plugins');
 }
 CourseLegalPlugin::create()->install();
--- a/plugin/courselegal/user_list.php
+++ b/plugin/courselegal/user_list.php
@ -39,7 +39,7 @@ switch ($action) {

 $order = " ORDER BY firstname, lastname";
 $userList = $legal->getUserAgreementList($courseId, $sessionId, $order);
-$table = new HTML_Table(['class' => 'data_table']);
+$table = new HTML_Table(['class' => 'table table-hover table-striped data_table']);
 $table->setHeaderContents(0, 0, get_lang('User'));
 $table->setHeaderContents(0, 1, $legal->get_lang('WebAgreement'));
 $table->setHeaderContents(0, 2, $legal->get_lang('MailAgreement'));
--- a/plugin/createdrupaluser/src/CreateDrupalUser.php
+++ b/plugin/createdrupaluser/src/CreateDrupalUser.php
@ -132,4 +132,24 @@ class CreateDrupalUser extends Plugin implements HookPluginInterface
            $extraField->delete($extraFieldInfo['id']);
        }
    }
+    /*
+    public function notifyDocumentAction(HookDocumentActionEventInterface $hook)
+    {
+        $data = $hook->getEventData();
+        if ($data['type'] === HOOK_EVENT_TYPE_PRE) {
+            $data['actions'][] = Display::return_icon('edit.png');
+        }
+
+        return $data;
+    }
+
+    public function notifyDocumentItemAction(HookDocumentItemActionEventInterface $hook)
+    {
+        $data = $hook->getEventData();
+        if ($data['type'] === HOOK_EVENT_TYPE_PRE) {
+            $data['actions'][] = $data['id'].' - '.$data['title'];
+        }
+
+        return $data;
+    }*/
 }
--- a/plugin/grading_electronic/generate.php
+++ b/plugin/grading_electronic/generate.php
@ -28,9 +28,7 @@ try {
    $form = $gradingElectronic->getForm();

    if (!$form->validate()) {
-        throw new Exception(
-            implode('<br>', $form->_errors)
-        );
+        throw new Exception(implode('<br>', $form->_errors));
    }

    $em = Database::getManager();
--- a/plugin/notebookteacher/install.php
+++ b/plugin/notebookteacher/install.php
@ -9,6 +9,6 @@
 */
 require_once __DIR__.'/config.php';
 if (!api_is_platform_admin()) {
-    die('You must have admin permissions to install plugins');
+    exit('You must have admin permissions to install plugins');
 }
 NotebookTeacherPlugin::create()->install();
--- a/plugin/questionoptionsevaluation/QuestionOptionsEvaluationPlugin.php
+++ b/plugin/questionoptionsevaluation/QuestionOptionsEvaluationPlugin.php
@ -88,7 +88,6 @@ class QuestionOptionsEvaluationPlugin extends Plugin

    /**
     * @param int      $formula
-     * @param Exercise $exercise
     */
    public function saveFormulaForExercise($formula, Exercise $exercise)
    {
@ -199,7 +198,6 @@ class QuestionOptionsEvaluationPlugin extends Plugin

    /**
     * @param int      $formula
-     * @param Exercise $exercise
     */
    private function recalculateQuestionScore($formula, Exercise $exercise)
    {
@ -234,7 +232,6 @@ class QuestionOptionsEvaluationPlugin extends Plugin
                    $questionPonderation += $ponderation;
                }

-                //error_log("question: $questionId -- i: $i -- w: $ponderation");
                Database::query("UPDATE $tblAnswer SET ponderation = $ponderation WHERE iid = $iid");
            }

--- a/plugin/redirection/admin.php
+++ b/plugin/redirection/admin.php
@ -51,7 +51,7 @@ if ($form->validate()) {
 $content = $form->returnForm();
 $content .= '
 <div class="table-responsive">
-    <table class="table table-bordered table-condensed">
+    <table class="table table-hover table-striped table-bordered table-condensed">
        <tr>
            <th>User</th>
            <th>URL</th>
--- a/plugin/sepe/install.php
+++ b/plugin/sepe/install.php
@ -8,7 +8,7 @@
 require_once __DIR__.'/config.php';

 if (!api_is_platform_admin()) {
-    die('You must have admin permissions to install plugins');
+    exit('You must have admin permissions to install plugins');
 }

 SepePlugin::create()->install();
--- a/plugin/sepe/src/sepe.lib.php
+++ b/plugin/sepe/src/sepe.lib.php
@ -51,9 +51,9 @@ function checkIdentificationData()
    $result = Database::query($sql);
    if (Database::affected_rows($result) > 0) {
        return true;
-    } else {
-        return false;
    }
+
+    return false;
 }

 function getActionId($courseId)
@ -163,7 +163,6 @@ function getInfoSpecialtyTutorial($tutorialId)
    $tutorialId = (int) $tutorialId;
    $sql = "SELECT * FROM $tableSepeParticipantsSpecialtyTutorials WHERE id = $tutorialId";
    $res = Database::query($sql);
-    $aux = [];
    if (Database::num_rows($res) > 0) {
        $row = Database::fetch_assoc($res);
    } else {
@ -266,7 +265,6 @@ function getInfoSpecialtyTutor($tutorId)
            INNER JOIN $tableSepeTutors b ON a.tutor_id=b.id 
            WHERE a.id = $tutorId;";
    $res = Database::query($sql);
-    $aux = [];
    if (Database::num_rows($res) > 0) {
        $row['tutor_accreditation'] = Security::remove_XSS(stripslashes($row['tutor_accreditation']));
        $row['teaching_competence'] = Security::remove_XSS(stripslashes($row['teaching_competence']));
@ -489,7 +487,10 @@ function listCourseAction()
    global $tableSepeActions;
    global $tableSepeCourseActions;

-    $sql = "SELECT $tableSepeCourseActions.*, course.title AS title, $tableSepeActions.action_origin AS action_origin, $tableSepeActions.action_code AS action_code 
+    $sql = "SELECT
+            $tableSepeCourseActions.*, course.title AS title,
+            $tableSepeActions.action_origin AS action_origin,
+            $tableSepeActions.action_code AS action_code
            FROM $tableSepeCourseActions, course, $tableSepeActions 
            WHERE $tableSepeCourseActions.course_id=course.id 
            AND $tableSepeActions.id=$tableSepeCourseActions.action_id";
@ -558,7 +559,8 @@ function checkInsertNewLog($platformUserId, $actionId)
    global $tableSepeLogParticipant;
    $platformUserId = (int) $platformUserId;
    $actionId = (int) $actionId;
-    $sql = "SELECT * FROM $tableSepeLogParticipant WHERE platform_user_id = $platformUserId AND action_id = $actionId";
+    $sql = "SELECT * FROM $tableSepeLogParticipant
+            WHERE platform_user_id = $platformUserId AND action_id = $actionId";
    $res = Database::query($sql);
    if (Database::num_rows($res) > 0) {
        return false;
--- a/plugin/sepe/src/specialty-tutor-edit.php
+++ b/plugin/sepe/src/specialty-tutor-edit.php
@ -169,16 +169,28 @@ if (!empty($_POST)) {
 }

 if (api_is_platform_admin()) {
-    $courseId = getCourse(intval($_GET['action_id']));
-    $interbreadcrumb[] = ["url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')];
+    $actionId = (int) $_GET['action_id'];
+    $specialtyId = (int) $_GET['specialty_id'];
+
+    $courseId = getCourse($actionId);
+    $interbreadcrumb[] = [
+        "url" => "/plugin/sepe/src/sepe-administration-menu.php",
+        "name" => $plugin->get_lang('MenuSepe'),
+    ];
    $interbreadcrumb[] = ["url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')];
-    $interbreadcrumb[] = ["url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')];
-    $interbreadcrumb[] = ["url" => "specialty-action-edit.php?new_specialty=0&specialty_id=".intval($_GET['specialty_id'])."&action_id=".$_GET['action_id'], "name" => $plugin->get_lang('SpecialtyFormativeAction')];
+    $interbreadcrumb[] = [
+        "url" => "formative-action.php?cid=".$courseId,
+        "name" => $plugin->get_lang('FormativeAction'),
+    ];
+    $interbreadcrumb[] = [
+        "url" => "specialty-action-edit.php?new_specialty=0&specialty_id=".$specialtyId."&action_id=".$actionId,
+        "name" => $plugin->get_lang('SpecialtyFormativeAction'),
+    ];
    if (isset($_GET['new_tutor']) && intval($_GET['new_tutor']) == 1) {
        $templateName = $plugin->get_lang('NewSpecialtyTutor');
        $tpl = new Template($templateName);
-        $tpl->assign('action_id', intval($_GET['action_id']));
-        $tpl->assign('specialty_id', intval($_GET['specialty_id']));
+        $tpl->assign('action_id', $actionId);
+        $tpl->assign('specialty_id', $specialtyId);
        $info = [];
        $tpl->assign('info', $info);
        $tpl->assign('new_tutor', '1');
@ -186,8 +198,8 @@ if (api_is_platform_admin()) {
    } else {
        $templateName = $plugin->get_lang('EditSpecialtyTutor');
        $tpl = new Template($templateName);
-        $tpl->assign('action_id', intval($_GET['action_id']));
-        $tpl->assign('specialty_id', intval($_GET['specialty_id']));
+        $tpl->assign('action_id', $actionId);
+        $tpl->assign('specialty_id', $specialtyId);
        $tpl->assign('tutor_id', intval($_GET['tutor_id']));
        $info = getInfoSpecialtyTutor($_GET['tutor_id']);
        $tpl->assign('info', $info);
--- a/plugin/sepe/update.php
+++ b/plugin/sepe/update.php
@ -8,7 +8,7 @@
 require_once __DIR__.'/config.php';

 if (!api_is_platform_admin()) {
-    die('You must have admin permissions to install plugins');
+    exit('You must have admin permissions to install plugins');
 }

 SepePlugin::create()->update();
--- a/plugin/sepe/view/formative-actions-list.tpl
+++ b/plugin/sepe/view/formative-actions-list.tpl
@ -20,7 +20,7 @@
        <div class="report_section">
            {% if course_action_list|length > 0 %}
                <input type="hidden" id="confirmDeleteUnlinkAction" value="{{ 'confirmDeleteAction' | get_plugin_lang('SepePlugin') }}" />
-                <table class="table table-bordered sepe-box-center" style="width:auto"> 
+                <table class="table table-hover table-striped table-bordered sepe-box-center" style="width:auto">
                {% for course in course_action_list %}
                    <tr>
                        <td class="sepe-vertical-align-middle">{{ 'Course' | get_lang }}: <strong>{{ course.title }}</strong> -> {{ 'ActionId' | get_plugin_lang('SepePlugin') | upper }}: <strong>{{ course.action_origin }} {{ course.action_code }}</strong></td>
--- a/plugin/sepe/ws/Sepe.php
+++ b/plugin/sepe/ws/Sepe.php
@ -246,6 +246,8 @@ class Sepe

        // Comprobamos si existen datos almacenados previamente
        $table = Database::get_main_table('plugin_sepe_actions');
+        $actionOrigin = Database::escape_string($actionOrigin);
+        $actionCode = Database::escape_string($actionCode);
        $sql = "SELECT action_origin FROM $table
                WHERE action_origin='".$actionOrigin."' AND action_code='".$actionCode."';";
        $rs = Database::query($sql);
@ -263,11 +265,29 @@ class Sepe
        $startDate = self::fixDate($startDate);
        $endDate = self::fixDate($endDate);

-        $sql = "INSERT INTO $table (action_origin, action_code, situation, specialty_origin, professional_area, specialty_code, duration, start_date, end_date, full_itinerary_indicator, financing_type, attendees_count, action_name, global_info, schedule, requirements, contact_action)
-                VALUES ('".$actionOrigin."','".$actionCode."','".$situation."','".$specialtyOrigin."','".$professionalArea."','".$specialtyCode."','".$duration."','".$startDate."','".$endDate."','".$fullItineraryIndicator."','".$financingType."','".$attendeesCount."','".$actionName."','".$globalInfo."','".$schedule."','".$requerements."','".$contactAction."')";
+        $params = [
+            'action_origin' => $actionOrigin,
+            'action_code' => $actionCode,
+            'situation' => $situation,
+            'specialty_origin' => $specialtyOrigin,
+            'professional_area' => $professionalArea,
+            'specialty_code' => $specialtyCode,
+            'duration' => $duration,
+            'start_date' => $startDate,
+            'end_date' => $endDate,
+            'full_itinerary_indicator' => $fullItineraryIndicator,
+            'financing_type' => $financingType,
+            'attendees_count' => $attendeesCount,
+            'action_name' => $actionName,
+            'global_info' => $globalInfo,
+            'schedule' => $schedule,
+            'requirements' => $requerements,
+            'contact_actio' => $contactAction,
+        ];

-        $rs = Database::query($sql);
-        if (!$rs) {
+        $actionId = Database::insert($table, $params);
+
+        if (!empty($actionId)) {
            return [
                "RESPUESTA_OBT_ACCION" => [
                    "CODIGO_RETORNO" => "-1",
@ -276,7 +296,6 @@ class Sepe
                ],
            ];
        }
-        $actionId = Database::insert_id();

        // DATOS ESPECIALIDADES DE LA ACCION
        $table = Database::get_main_table('plugin_sepe_specialty');
@ -397,6 +416,8 @@ class Sepe
                        foreach ($centroList as $centro) {
                            $centerOrigin = $centro->ORIGEN_CENTRO;
                            $centerCode = $centro->CODIGO_CENTRO;
+                            $centerOrigin = Database::escape_string($centerOrigin);
+                            $centerCode = Database::escape_string($centerCode);
                            $sql = "SELECT id FROM $tableCenters 
                                    WHERE center_origin='".$centerOrigin."' AND center_code='".$centerCode."';";
                            $res = Database::query($sql);
@ -446,8 +467,12 @@ class Sepe
                                $experienceTeleforming = $tutor->EXPERIENCIA_MODALIDAD_TELEFORMACION;
                                $trainingTeleforming = $tutor->FORMACION_MODALIDAD_TELEFORMACION;

+                                $documentType = Database::escape_string($documentType);
+                                $documentNumber = Database::escape_string($documentNumber);
+                                $documentLetter = Database::escape_string($documentLetter);
                                /* check tutor not exists */
-                                $sql = "SELECT id FROM $tableTutors WHERE 
+                                $sql = "SELECT id FROM $tableTutors
+                                        WHERE
                                          document_type='".$documentType."' AND 
                                          document_number='".$documentNumber."' AND 
                                          document_letter='".$documentLetter."';";
@ -470,9 +495,16 @@ class Sepe
                                        ],
                                    ];
                                }
-                                $sql = "INSERT INTO $tableSpecialityTutors (specialty_id, tutor_id, tutor_accreditation, professional_experience, teaching_competence, experience_teleforming, training_teleforming)
-                                        VALUES ('".$specialtyId."','".$tutorId."','".$tutorAccreditation."','".$professionalExperience."','".$teachingCompetence."','".$experienceTeleforming."','".$trainingTeleforming."');";
-                                Database::query($sql);
+                                $params = [
+                                    'specialty_id' => $specialtyId,
+                                    'tutor_id' => $tutorId,
+                                    'tutor_accreditation' => $tutorAccreditation,
+                                    'professional_experience' => $professionalExperience,
+                                    'teaching_competence' => $teachingCompetence,
+                                    'experience_teleforming' => $experienceTeleforming,
+                                    'training_teleforming' => $trainingTeleforming,
+                                ];
+                                Database::insert($tableSpecialityTutors, $params);
                            }
                        }
                    }
@ -532,6 +564,9 @@ class Sepe
                    $documentNumberTraining = isset($participant->CONTRATO_FORMACION->ID_TUTOR_FORMACION->NUM_DOCUMENTO) ? $participant->CONTRATO_FORMACION->ID_TUTOR_FORMACION->NUM_DOCUMENTO : null;
                    $documentLetterTraining = isset($participant->CONTRATO_FORMACION->ID_TUTOR_FORMACION->LETRA_NIF) ? $participant->CONTRATO_FORMACION->ID_TUTOR_FORMACION->LETRA_NIF : null;
                    if (!empty($documentTypeTraining) || !empty($documentNumberTraining) || !empty($documentLetterTraining)) {
+                        $documentTypeTraining = Database::escape_string($documentTypeTraining);
+                        $documentNumberTraining = Database::escape_string($documentNumberTraining);
+                        $documentLetterTraining = Database::escape_string($documentLetterTraining);
                        $tmp_f = Database::query(
                            '
                            SELECT id FROM '.$tableTutorsCompany.' 
@ -631,10 +666,23 @@ class Sepe
                        $endDate = self::fixDate($endDate);

                        $table_aux = Database::get_main_table('plugin_sepe_participants_specialty');
-                        $sql = "INSERT INTO $table_aux (participant_id,specialty_origin,professional_area,specialty_code,registration_date,leaving_date,center_origin,center_code,start_date,end_date,final_result,final_qualification,final_score)
-                                VALUES ('".$participantId."','".$specialtyOrigin."','".$professionalArea."','".$specialtyCode."','".$registrationDate."','".$leavingDate."','".$centerOrigin."','".$centerCode."','".$startDate."','".$endDate."','".$finalResult."','".$finalQualification."','".$finalScore."');";
-                        Database::query($sql);
-                        $participantSpecialtyId = Database::insert_id();
+                        $params = [
+                            'participant_id' => $participantId,
+                            'specialty_origin' => $specialtyOrigin,
+                            'professional_area' => $professionalArea,
+                            'specialty_code' => $specialtyCode,
+                            'registration_date' => $registrationDate,
+                            'leaving_date' => $leavingDate,
+                            'center_origin' => $centerOrigin,
+                            'center_code' => $centerCode,
+                            'start_date' => $startDate,
+                            'end_date' => $endDate,
+                            'final_result' => $finalResult,
+                            'final_qualification' => $finalQualification,
+                            'final_score' => $finalScore,
+                        ];
+
+                        $participantSpecialtyId = Database::insert($table_aux, $params);
                        if (empty($participantSpecialtyId)) {
                            return [
                                "RESPUESTA_OBT_ACCION" => [
@ -661,10 +709,16 @@ class Sepe
                                $endDate = self::fixDate($endDate);

                                $table_aux2 = Database::get_main_table('plugin_sepe_participants_specialty_tutorials');
-                                $sql = "INSERT INTO $table_aux2 (participant_specialty_id,center_origin,center_code,start_date,end_date)
-                                        VALUES ('".$participantSpecialtyId."','".$centerOrigin."','".$centerCode."','".$startDate."','".$endDate."');";
-                                $rs = Database::query($sql);
-                                if (!$rs) {
+                                $params = [
+                                    'participant_specialty_id' => $participantSpecialtyId,
+                                    'center_origin' => $centerOrigin,
+                                    'center_code' => $centerCode,
+                                    'start_date' => $startDate,
+                                    'end_date' => $endDate,
+                                ];
+                                $id = Database::insert($table_aux2, $params);
+
+                                if (!empty($id)) {
                                    return [
                                        "RESPUESTA_OBT_ACCION" => [
                                            "CODIGO_RETORNO" => "-1",
@ -685,9 +739,7 @@ class Sepe
        $obtenerAccionInput->ID_ACCION->ORIGEN_ACCION = $actionOrigin;
        $obtenerAccionInput->ID_ACCION->CODIGO_ACCION = $actionCode;

-        $result = self::obtenerAccion($obtenerAccionInput);
-
-        return $result;
+        return self::obtenerAccion($obtenerAccionInput);
    }

    public function obtenerAccion($obtenerAccionInput)
@ -724,6 +776,8 @@ class Sepe
        $participantsSpecialityTable = Database::get_main_table('plugin_sepe_participants_specialty');
        $participantsSpecialityTutorialsTable = Database::get_main_table('plugin_sepe_participants_specialty_tutorials');
        $tableTutorsCompany = Database::get_main_table('plugin_sepe_tutors_company');
+        $actionOrigin = Database::escape_string($actionOrigin);
+        $actionCode = Database::escape_string($actionCode);

        // Comprobamos si existen datos almacenados previamente
        $sql = "SELECT *
--- a/plugin/sepe/ws/service.php
+++ b/plugin/sepe/ws/service.php
@ -18,9 +18,6 @@ $ns = api_get_path(WEB_PLUGIN_PATH)."sepe/ws/ProveedorCentroTFWS.wsdl";
 $wsdl = api_get_path(SYS_PLUGIN_PATH)."sepe/ws/ProveedorCentroTFWS.wsdl";
 $serviceUrl = api_get_path(WEB_PLUGIN_PATH).'sepe/ws/service.php';

-/**
- * Class CustomServer.
- */
 class CustomServer extends Zend\Soap\Server
 {
    /**
--- a/plugin/surveyexportcsv/export.php
+++ b/plugin/surveyexportcsv/export.php
@ -136,6 +136,7 @@ function getQuestionOptions($user, $courseId, $surveyId, $questionId)
                    AND sqo.iid = sa.optionId
            WHERE sa.user = :user AND sa.cId = :course AND sa.surveyId = :survey AND sa.questionId = :question'
        )
+        ->setMaxResults(1)
        ->setParameters(
            [
                'user' => $user,