diff --git a/main/admin/add_drh_to_user.php b/main/admin/add_drh_to_user.php index 6ddcb4e7c0..6a5177d4ce 100644 --- a/main/admin/add_drh_to_user.php +++ b/main/admin/add_drh_to_user.php @@ -89,7 +89,10 @@ if ($form->validate()) { $interbreadcrumb[] = ['name' => get_lang('PlatformAdmin'), 'url' => 'index.php']; $interbreadcrumb[] = ['name' => get_lang('UserList'), 'url' => 'user_list.php']; -$interbreadcrumb[] = ['name' => UserManager::formatUserFullName($user), 'url' => 'user_information.php?user_id='.$user->getId()]; +$interbreadcrumb[] = [ + 'name' => UserManager::formatUserFullName($user), + 'url' => 'user_information.php?user_id='.$user->getId(), +]; $toolName = get_lang('AssignHrmToUser'); diff --git a/main/exercise/MultipleAnswerTrueFalseDegreeCertainty.php b/main/exercise/MultipleAnswerTrueFalseDegreeCertainty.php index e07d0d8020..2db792414c 100644 --- a/main/exercise/MultipleAnswerTrueFalseDegreeCertainty.php +++ b/main/exercise/MultipleAnswerTrueFalseDegreeCertainty.php @@ -88,7 +88,7 @@ class MultipleAnswerTrueFalseDegreeCertainty extends Question if (!empty($this->id)) { $answer = new Answer($this->id); $answer->read(); - if (count($answer->nbrAnswers) > 0 && !$form->isSubmitted()) { + if ($answer->nbrAnswers > 0 && !$form->isSubmitted()) { $nbAnswers = $answer->nbrAnswers; } } @@ -130,11 +130,22 @@ class MultipleAnswerTrueFalseDegreeCertainty extends Question $defaults['correct['.$i.']'] = ''; if (is_object($answer)) { - $defaults['answer['.$i.']'] = $answer->answer[$i]; - $defaults['comment['.$i.']'] = $answer->comment[$i]; - $defaults['weighting['.$i.']'] = float_format($answer->weighting[$i], 1); - $correct = $answer->correct[$i]; + $defaults['answer['.$i.']'] = $answer->answer[$i] ?? ''; + if (isset($_POST['answer']) && isset($_POST['answer'][$i])) { + $defaults['answer['.$i.']'] = Security::remove_XSS($_POST['answer'][$i]); + } + + $defaults['comment['.$i.']'] = $answer->comment[$i] ?? ''; + if (isset($_POST['comment']) && isset($_POST['comment'][$i])) { + $defaults['comment['.$i.']'] = Security::remove_XSS($_POST['comment'][$i]); + } + + $defaults['weighting['.$i.']'] = isset($answer->weighting[$i]) ? float_format($answer->weighting[$i], 1) : ''; + $correct = $answer->correct[$i] ?? ''; $defaults['correct['.$i.']'] = $correct; + if (isset($_POST['correct']) && isset($_POST['correct'][$i])) { + $defaults['correct['.$i.']'] = Security::remove_XSS($_POST['correct'][$i]); + } $j = 1; if (!empty($optionData)) { foreach ($optionData as $id => $data) { diff --git a/src/ApiBundle/GraphQL/ApiGraphQLTrait.php b/src/ApiBundle/GraphQL/ApiGraphQLTrait.php index 0cf7e301db..69568f8cea 100644 --- a/src/ApiBundle/GraphQL/ApiGraphQLTrait.php +++ b/src/ApiBundle/GraphQL/ApiGraphQLTrait.php @@ -10,7 +10,8 @@ use Overblog\GraphQLBundle\Error\UserError; use Symfony\Component\DependencyInjection\ContainerAwareTrait; /** - * Trait ApiGraphQLTrait + * Trait ApiGraphQLTrait. + * * @package Chamilo\ApiBundle\GraphQL */ trait ApiGraphQLTrait @@ -29,6 +30,33 @@ trait ApiGraphQLTrait $this->em = $entityManager; } + /** + * @param \ArrayObject $context + * + * @throws \Exception + */ + public function checkAuthorization(\ArrayObject $context): void + { + $request = $this->container->get('request_stack')->getCurrentRequest(); + $header = $request->headers->get('Authorization'); + $token = str_replace(['Bearer ', 'bearer '], '', $header); + + if (empty($token)) { + throw new \Exception(get_lang('NotAllowed')); + } + + $tokenData = $this->decodeToken($token); + + /** @var User $user */ + $user = $this->em->find('ChamiloUserBundle:User', $tokenData['user']); + + if (!$user) { + throw new \Exception(get_lang('NotAllowed')); + } + + $context->offsetSet('user', $user); + } + /** * @param string $username * @param string $password @@ -81,33 +109,6 @@ trait ApiGraphQLTrait return JWT::encode($payload, $secret, 'HS384'); } - /** - * @param \ArrayObject $context - * - * @throws \Exception - */ - public function checkAuthorization(\ArrayObject $context): void - { - $request = $this->container->get('request_stack')->getCurrentRequest(); - $header = $request->headers->get('Authorization'); - $token = str_replace(['Bearer ', 'bearer '], '', $header); - - if (empty($token)) { - throw new \Exception(get_lang('NotAllowed')); - } - - $tokenData = $this->decodeToken($token); - - /** @var User $user */ - $user = $this->em->find('ChamiloUserBundle:User', $tokenData['user']); - - if (!$user) { - throw new \Exception(get_lang('NotAllowed')); - } - - $context->offsetSet('user', $user); - } - /** * @param string $token * @@ -124,7 +125,7 @@ trait ApiGraphQLTrait } /** - * Throw a UserError if current user doesn't match with context's user + * Throw a UserError if current user doesn't match with context's user. * * @param \ArrayObject $context Current context * @param User $user User to compare with the context's user diff --git a/src/ApiBundle/GraphQL/Resolver/RootResolver.php b/src/ApiBundle/GraphQL/Resolver/RootResolver.php index e3f116e251..55f38d8d02 100644 --- a/src/ApiBundle/GraphQL/Resolver/RootResolver.php +++ b/src/ApiBundle/GraphQL/Resolver/RootResolver.php @@ -59,10 +59,11 @@ class RootResolver implements ResolverInterface, AliasedInterface, ContainerAwar * @param int $courseId * @param \ArrayObject $context * - * @return Course|null * @throws \Doctrine\ORM\ORMException * @throws \Doctrine\ORM\OptimisticLockException * @throws \Doctrine\ORM\TransactionRequiredException + * + * @return Course|null */ public function resolveCourse($courseId, \ArrayObject $context) { diff --git a/src/ApiBundle/GraphQL/Resolver/UserResolver.php b/src/ApiBundle/GraphQL/Resolver/UserResolver.php index 8526187a4c..e44f6bf711 100644 --- a/src/ApiBundle/GraphQL/Resolver/UserResolver.php +++ b/src/ApiBundle/GraphQL/Resolver/UserResolver.php @@ -7,7 +7,6 @@ use Chamilo\ApiBundle\GraphQL\ApiGraphQLTrait; use Chamilo\CoreBundle\Entity\Course; use Chamilo\CoreBundle\Repository\MessageRepository; use Chamilo\UserBundle\Entity\User; -use GraphQL\Error\UserError; use Overblog\GraphQLBundle\Definition\Resolver\AliasedInterface; use Overblog\GraphQLBundle\Definition\Resolver\ResolverInterface; use Symfony\Component\DependencyInjection\ContainerAwareInterface; @@ -19,13 +18,12 @@ use Symfony\Component\DependencyInjection\ContainerAwareInterface; */ class UserResolver implements ResolverInterface, AliasedInterface, ContainerAwareInterface { + use ApiGraphQLTrait; public const IMAGE_SIZE_TINY = 16; public const IMAGE_SIZE_SMALL = 32; public const IMAGE_SIZE_MEDIUM = 64; public const IMAGE_SIZE_BIG = 128; - use ApiGraphQLTrait; - /** * Returns methods aliases. * diff --git a/src/CoreBundle/Resources/config/services.yml b/src/CoreBundle/Resources/config/services.yml index 5e0e5a1681..e9e1db6109 100644 --- a/src/CoreBundle/Resources/config/services.yml +++ b/src/CoreBundle/Resources/config/services.yml @@ -165,7 +165,7 @@ services: class: Chamilo\CoreBundle\EventListener\UserLocaleListener arguments: ['@session', '@chamilo.settings.manager'] tags: - - {name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin, priority: 15 } + - {name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin, priority: 15} # Settings listener chamilo_core.listener.settings: