chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Session: Add token to remove users or courses from a session - refs BT#19150

Browse Source
pull/3971/head
Christian 4 years ago
parent 008a2543a5
commit d6942ef1d6
1 changed files with 21 additions and 13 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 34
      main/session/resume_session.php

34
main/session/resume_session.php
Unescape View File

@ -79,13 +79,16 @@ switch ($action) {
$idChecked = isset($_GET['idChecked']) ? $_GET['idChecked'] : null; $idChecked = isset($_GET['idChecked']) ? $_GET['idChecked'] : null;
if (is_array($idChecked)) { if (is_array($idChecked)) {
$usersToDelete = []; $usersToDelete = [];
foreach ($idChecked as $courseCode) { $check = Security::check_token('get');
// forcing the escape_string if ($check) {
$courseInfo = api_get_course_info($courseCode); foreach ($idChecked as $courseCode) {
SessionManager::unsubscribe_course_from_session( // forcing the escape_string
$sessionId, $courseInfo = api_get_course_info($courseCode);
$courseInfo['real_id'] SessionManager::unsubscribe_course_from_session(
); $sessionId,
$courseInfo['real_id']
);
}
} }
} }
@ -104,10 +107,14 @@ switch ($action) {
} }
if (!empty($_GET['user'])) { if (!empty($_GET['user'])) {
SessionManager::unsubscribe_user_from_session( $check = Security::check_token('get');
$sessionId, if ($check) {
$_GET['user'] SessionManager::unsubscribe_user_from_session(
); $sessionId,
$_GET['user']
);
}
Security::clear_token();
} }
Display::addFlash(Display::return_message(get_lang('Updated'))); Display::addFlash(Display::return_message(get_lang('Updated')));
@ -156,6 +163,7 @@ if ($session->getNbrCourses() === 0) {
<td colspan="4">'.get_lang('NoCoursesForThisSession').'</td> <td colspan="4">'.get_lang('NoCoursesForThisSession').'</td>
</tr>'; </tr>';
} else { } else {
$secToken = Security::get_token();
$count = 0; $count = 0;
$courseItem = ''; $courseItem = '';
//$courses = $sessionRepository->getCoursesOrderedByPosition($session); //$courses = $sessionRepository->getCoursesOrderedByPosition($session);
@ -296,7 +304,7 @@ if ($session->getNbrCourses() === 0) {
); );
$courseItem .= Display::url( $courseItem .= Display::url(
Display::return_icon('delete.png', get_lang('Delete')), Display::return_icon('delete.png', get_lang('Delete')),
api_get_self()."?id_session=$sessionId&action=delete&idChecked[]={$course->getCode()}", api_get_self()."?id_session=$sessionId&action=delete&idChecked[]={$course->getCode()}&sec_token=".Security::getTokenFromSession(),
[ [
'onclick' => "javascript:if(!confirm('".get_lang('ConfirmYourChoice')."')) return false;", 'onclick' => "javascript:if(!confirm('".get_lang('ConfirmYourChoice')."')) return false;",
] ]
@ -367,7 +375,7 @@ if (!empty($userList)) {
$removeLink = Display::url( $removeLink = Display::url(
Display::return_icon('delete.png', get_lang('Delete')), Display::return_icon('delete.png', get_lang('Delete')),
api_get_self().'?id_session='.$sessionId.'&action=delete&user='.$user['user_id'], api_get_self().'?id_session='.$sessionId.'&action=delete&user='.$user['user_id'].'&sec_token='.Security::getTokenFromSession(),
['onclick' => "javascript:if(!confirm('".get_lang('ConfirmYourChoice')."')) return false;"] ['onclick' => "javascript:if(!confirm('".get_lang('ConfirmYourChoice')."')) return false;"]
); );

Write Preview
Loading…
Cancel
Save