Adding c_id see #3910

main/survey/survey.download.inc.php

@@ -13,21 +13,20 @@
 
 function check_download_survey($course, $invitation, $doc_url) {
 
-	require_once 'survey.lib.php';	
+	require_once 'survey.lib.php';
 
 	// Getting all the course information
 	$_course = CourseManager::get_course_information($course);
+    $course_id = $_course['real_id'];
 
 	// Database table definitions
-	$table_survey 					= Database :: get_course_table(TABLE_SURVEY, $_course['db_name']);
-	$table_survey_question 			= Database :: get_course_table(TABLE_SURVEY_QUESTION, $_course['db_name']);
-	$table_survey_question_option 	= Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION, $_course['db_name']);
-	$table_course 					= Database :: get_main_table(TABLE_MAIN_COURSE);
-	$table_user 					= Database :: get_main_table(TABLE_MAIN_USER);
-	$table_survey_invitation 		= Database :: get_course_table(TABLE_SURVEY_INVITATION, $_course['db_name']);
+	$table_survey 					= Database :: get_course_table(TABLE_SURVEY);
+	$table_survey_question 			= Database :: get_course_table(TABLE_SURVEY_QUESTION);
+	$table_survey_question_option 	= Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);		
+	$table_survey_invitation 		= Database :: get_course_table(TABLE_SURVEY_INVITATION);
 
 	// Now we check if the invitationcode is valid
-	$sql = "SELECT * FROM $table_survey_invitation WHERE invitation_code = '".Database::escape_string($invitation)."'";
+	$sql = "SELECT * FROM $table_survey_invitation WHERE c_id = $course_id AND invitation_code = '".Database::escape_string($invitation)."'";
 	$result = Database::query($sql);
 	if (Database::num_rows($result) < 1) {
 		Display :: display_error_message(get_lang('WrongInvitationCode'), false);
@@ -48,7 +47,7 @@ function check_download_survey($course, $invitation, $doc_url) {
 	// Fetch survey ID
 
 	// If this is the case there will be a language choice
-	$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_invitation['survey_code'])."'";
+	$sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code='".Database::escape_string($survey_invitation['survey_code'])."'";
 	$result = Database::query($sql);
 	if (Database::num_rows($result) > 1) {
 		if ($_POST['language']) {
@@ -70,29 +69,27 @@ function check_download_survey($course, $invitation, $doc_url) {
 		$survey_invitation['survey_id'] = $row['survey_id'];
 	}
 
-	$sql = "select count(*) from $table_survey where survey_id = ".$survey_invitation['survey_id']."
+	$sql = "SELECT count(*) FROM $table_survey WHERE c_id = $course_id AND survey_id = ".$survey_invitation['survey_id']."
 								and (
 									title LIKE '%$doc_url%'
 									or subtitle LIKE '%$doc_url%'
 									or intro LIKE '%$doc_url%'
 									or surveythanks LIKE '%$doc_url%'
 								)
-		union select count(*) from $table_survey_question  where survey_id = ".$survey_invitation['survey_id']."
+		union select count(*) from $table_survey_question  where c_id = $course_id AND survey_id = ".$survey_invitation['survey_id']."
 								and (
 									survey_question LIKE '%$doc_url%'
 									or survey_question_comment LIKE '%$doc_url%'
 								)
-		union select count(*) from $table_survey_question_option where survey_id = ".$survey_invitation['survey_id']."
+		union select count(*) from $table_survey_question_option where c_id = $course_id AND survey_id = ".$survey_invitation['survey_id']."
 								and (
 									option_text LIKE '%$doc_url%'
 								)";
 	$result = Database::query($sql);
-
 	if (Database::num_rows($result) == 0) {
 		Display :: display_error_message(get_lang('WrongInvitationCode'), false);
 		Display :: display_footer();
 		exit;
 	}
-
 	return $_course;
-}
+}