chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add int casting + Database::escape_string + format code

Browse Source
pull/3883/head
Julio Montoya 4 years ago
parent 32e6cbfe76
commit dc86adc7d5
4 changed files with 154 additions and 114 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 93
      plugin/sepe/src/formative-action-edit.php
  2. 50
      plugin/sepe/src/participant-specialty-edit.php
  3. 55
      plugin/sepe/src/sepe.lib.php
  4. 70
      plugin/sepe/src/specialty-tutor-edit.php

93
plugin/sepe/src/formative-action-edit.php
Unescape View File

@ -41,43 +41,43 @@ if (!empty($_POST)) {
$endDate = $yearEnd."-".$monthEnd."-".$dayEnd;
if (!empty($actionId) && $actionId != '0') {
$sql = "UPDATE plugin_sepe_actions SET
action_origin='".$actionOrigin."',
action_code='".$actionCode."',
situation='".$situation."',
specialty_origin='".$specialtyOrigin."',
professional_area='".$professionalArea."',
specialty_code='".$specialtyCode."',
duration='".$duration."',
start_date='".$startDate."',
end_date='".$endDate."',
full_itinerary_indicator='".$fullItineraryIndicator."',
financing_type='".$financingType."',
attendees_count='".$attendeesCount."',
action_name='".$actionName."',
global_info='".$globalInfo."',
schedule='".$schedule."',
requirements='".$requirements."',
contact_action='".$contactAction."'
$sql = "UPDATE plugin_sepe_actions SET
action_origin='".$actionOrigin."',
action_code='".$actionCode."',
situation='".$situation."',
specialty_origin='".$specialtyOrigin."',
professional_area='".$professionalArea."',
specialty_code='".$specialtyCode."',
duration='".$duration."',
start_date='".$startDate."',
end_date='".$endDate."',
full_itinerary_indicator='".$fullItineraryIndicator."',
financing_type='".$financingType."',
attendees_count='".$attendeesCount."',
action_name='".$actionName."',
global_info='".$globalInfo."',
schedule='".$schedule."',
requirements='".$requirements."',
contact_action='".$contactAction."'
WHERE id='".$actionId."';";
} else {
$sql = "INSERT INTO plugin_sepe_actions (
action_origin,
action_code,
situation,
specialty_origin,
professional_area,
specialty_code,
duration,
start_date,
end_date,
full_itinerary_indicator,
financing_type,
attendees_count,
action_name,
global_info,
schedule,
requirements,
action_origin,
action_code,
situation,
specialty_origin,
professional_area,
specialty_code,
duration,
start_date,
end_date,
full_itinerary_indicator,
financing_type,
attendees_count,
action_name,
global_info,
schedule,
requirements,
contact_action
) VALUES (
'".$actionOrigin."',
@ -145,8 +145,14 @@ if (!empty($_POST)) {
if (api_is_platform_admin()) {
if (isset($_GET['new_action']) && intval($_GET['new_action']) == 1) {
$info = [];
$interbreadcrumb[] = ["url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')];
$interbreadcrumb[] = ["url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')];
$interbreadcrumb[] = [
"url" => "/plugin/sepe/src/sepe-administration-menu.php",
"name" => $plugin->get_lang('MenuSepe'),
];
$interbreadcrumb[] = [
"url" => "formative-actions-list.php",
"name" => $plugin->get_lang('FormativesActionsList'),
];
$templateName = $plugin->get_lang('formativeActionNew');
$tpl = new Template($templateName);
$yearStart = $yearEnd = date("Y");
@ -155,9 +161,18 @@ if (api_is_platform_admin()) {
$tpl->assign('course_id', intval($_GET['cid']));
} else {
$courseId = getCourse($_GET['action_id']);
$interbreadcrumb[] = ["url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')];
$interbreadcrumb[] = ["url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')];
$interbreadcrumb[] = ["url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')];
$interbreadcrumb[] = [
"url" => "/plugin/sepe/src/sepe-administration-menu.php",
"name" => $plugin->get_lang('MenuSepe'),
];
$interbreadcrumb[] = [
"url" => "formative-actions-list.php",
"name" => $plugin->get_lang('FormativesActionsList'),
];
$interbreadcrumb[] = [
"url" => "formative-action.php?cid=".$courseId,
"name" => $plugin->get_lang('FormativeAction'),
];
$info = getActionInfo($_GET['action_id']);
$templateName = $plugin->get_lang('formativeActionEdit');
$tpl = new Template($templateName);

50
plugin/sepe/src/participant-specialty-edit.php
Unescape View File

@ -44,19 +44,19 @@ if (!empty($_POST)) {
$endDate = $yearEnd."-".$monthEnd."-".$dayEnd;
if (isset($newSpecialty) && $newSpecialty != 1) {
$sql = "UPDATE $tableSepeParticipantsSpecialty SET
specialty_origin = '".$specialtyOrigin."',
professional_area = '".$professionalArea."',
specialty_code = '".$specialtyCode."',
registration_date = '".$registrationDate."',
leaving_date = '".$leavingDate."',
center_origin = '".$centerOrigin."',
center_code = '".$centerCode."',
start_date = '".$startDate."',
end_date = '".$endDate."',
final_result = '".$finalResult."',
final_qualification = '".$finalQualification."',
final_score = '".$finalScore."'
$sql = "UPDATE $tableSepeParticipantsSpecialty SET
specialty_origin = '".$specialtyOrigin."',
professional_area = '".$professionalArea."',
specialty_code = '".$specialtyCode."',
registration_date = '".$registrationDate."',
leaving_date = '".$leavingDate."',
center_origin = '".$centerOrigin."',
center_code = '".$centerCode."',
start_date = '".$startDate."',
end_date = '".$endDate."',
final_result = '".$finalResult."',
final_qualification = '".$finalQualification."',
final_score = '".$finalScore."'
WHERE id = $specialtyId";
} else {
$sql = "INSERT INTO $tableSepeParticipantsSpecialty (
@ -119,7 +119,7 @@ if (!empty($_POST)) {
);";
} else {
if ($finalResult == "1" || $finalResult == "2") {
$sql = "UPDATE $tableSepeLogParticipant
$sql = "UPDATE $tableSepeLogParticipant
SET leaving_date = '".date("Y-m-d H:i:s")."'
WHERE platform_user_id = '".$platformUserId."' AND action_id = '".$actionId."';";
} else {
@ -156,17 +156,27 @@ if (!empty($_POST)) {
}
if (api_is_platform_admin()) {
$actionId = intval($_GET['action_id']);
$actionId = (int) $_GET['action_id'];
$courseId = getCourse($actionId);
$interbreadcrumb[] = ["url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')];
$participantId = (int) $_GET['participant_id'];
$interbreadcrumb[] = [
"url" => "/plugin/sepe/src/sepe-administration-menu.php",
"name" => $plugin->get_lang('MenuSepe'),
];
$interbreadcrumb[] = ["url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')];
$interbreadcrumb[] = ["url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')];
$interbreadcrumb[] = ["url" => "participant-action-edit.php?new_participant=0&participant_id=".intval($_GET['participant_id'])."&action_id=".$_GET['action_id'], "name" => $plugin->get_lang('FormativeActionParticipant')];
$interbreadcrumb[] = [
"url" => "formative-action.php?cid=".$courseId,
"name" => $plugin->get_lang('FormativeAction'),
];
$interbreadcrumb[] = [
"url" => "participant-action-edit.php?new_participant=0&participant_id=".$participantId."&action_id=".$actionId,
"name" => $plugin->get_lang('FormativeActionParticipant'),
];
if (isset($_GET['new_specialty']) && intval($_GET['new_specialty']) == 1) {
$templateName = $plugin->get_lang('NewSpecialtyParticipant');
$tpl = new Template($templateName);
$tpl->assign('action_id', $actionId);
$tpl->assign('participant_id', intval($_GET['participant_id']));
$tpl->assign('participant_id', $participantId);
$info = [];
$tpl->assign('info', $info);
$tpl->assign('new_specialty', '1');
@ -177,7 +187,7 @@ if (api_is_platform_admin()) {
$tpl = new Template($templateName);
$tpl->assign('action_id', $actionId);
$tpl->assign('specialty_id', intval($_GET['specialty_id']));
$tpl->assign('participant_id', intval($_GET['participant_id']));
$tpl->assign('participant_id', $participantId);
$info = getInfoSpecialtyParticipant($_GET['specialty_id']);
$tpl->assign('info', $info);
$tpl->assign('new_specialty', '0');

55
plugin/sepe/src/sepe.lib.php
Unescape View File

@ -1,4 +1,5 @@
<?php
/**
* Functions.
*
@ -51,9 +52,9 @@ function checkIdentificationData()
$result = Database::query($sql);
if (Database::affected_rows($result) > 0) {
return true;
} else {
return false;
}
return false;
}
function getActionId($courseId)
@ -142,9 +143,9 @@ function getInfoSpecialtyClassroom($classroomId)
global $tableSepeSpecialtyClassroom;
global $tableCenters;
$classroomId = (int) $classroomId;
$sql = "SELECT a.*, center_origin, center_code
FROM $tableSepeSpecialtyClassroom a
LEFT JOIN $tableCenters b ON a.center_id = b.id
$sql = "SELECT a.*, center_origin, center_code
FROM $tableSepeSpecialtyClassroom a
LEFT JOIN $tableCenters b ON a.center_id = b.id
WHERE a.id = $classroomId";
$res = Database::query($sql);
$row = false;
@ -163,7 +164,6 @@ function getInfoSpecialtyTutorial($tutorialId)
$tutorialId = (int) $tutorialId;
$sql = "SELECT * FROM $tableSepeParticipantsSpecialtyTutorials WHERE id = $tutorialId";
$res = Database::query($sql);
$aux = [];
if (Database::num_rows($res) > 0) {
$row = Database::fetch_assoc($res);
} else {
@ -235,8 +235,8 @@ function getTutorsSpecialty($specialtyId)
while ($tmp = Database::fetch_assoc($rs)) {
$tutorsList[] = $tmp['tutor_id'];
}
$sql = "SELECT a.*, b.firstname AS firstname, b.lastname AS lastname
FROM $tableSepeTutors AS a
$sql = "SELECT a.*, b.firstname AS firstname, b.lastname AS lastname
FROM $tableSepeTutors AS a
LEFT JOIN $tableUser AS b ON a.platform_user_id=b.user_id;";
$res = Database::query($sql);
$aux = [];
@ -261,12 +261,11 @@ function getInfoSpecialtyTutor($tutorId)
global $tableSepeSpecialtyTutors;
global $tableSepeTutors;
$tutorId = (int) $tutorId;
$sql = "SELECT a.*,platform_user_id,document_type, document_number,document_letter
$sql = "SELECT a.*,platform_user_id,document_type, document_number,document_letter
FROM $tableSepeSpecialtyTutors a
INNER JOIN $tableSepeTutors b ON a.tutor_id=b.id
INNER JOIN $tableSepeTutors b ON a.tutor_id=b.id
WHERE a.id = $tutorId;";
$res = Database::query($sql);
$aux = [];
if (Database::num_rows($res) > 0) {
$row['tutor_accreditation'] = Security::remove_XSS(stripslashes($row['tutor_accreditation']));
$row['teaching_competence'] = Security::remove_XSS(stripslashes($row['teaching_competence']));
@ -393,7 +392,7 @@ function participantList($actionId)
global $tableUser;
$actionId = (int) $actionId;
$sql = "SELECT $tableSepeParticipants.id AS id, document_type, document_number, document_letter, firstname, lastname
FROM $tableSepeParticipants
FROM $tableSepeParticipants
LEFT JOIN $tableUser ON $tableSepeParticipants.platform_user_id=$tableUser.user_id
WHERE action_id = $actionId";
$res = Database::query($sql);
@ -434,8 +433,8 @@ function classroomList($specialtyId)
global $tableCenters;
$specialtyId = (int) $specialtyId;
$sql = "SELECT a.*, center_origin, center_code
FROM $tableSepeSpecialtyClassroom a
LEFT JOIN $tableCenters b ON a.center_id=b.id
FROM $tableSepeSpecialtyClassroom a
LEFT JOIN $tableCenters b ON a.center_id=b.id
WHERE specialty_id = $specialtyId";
$res = Database::query($sql);
$aux = [];
@ -453,10 +452,10 @@ function tutorsList($specialtyId)
global $tableUser;
$specialtyId = (int) $specialtyId;
$aux = [];
$sql = "SELECT a.*,document_type,document_number,document_letter, firstname, lastname
FROM $tableSepeSpecialtyTutors a
INNER JOIN $tableSepeTutors b ON a.tutor_id=b.id
LEFT JOIN $tableUser c ON b.platform_user_id=c.user_id
$sql = "SELECT a.*,document_type,document_number,document_letter, firstname, lastname
FROM $tableSepeSpecialtyTutors a
INNER JOIN $tableSepeTutors b ON a.tutor_id=b.id
LEFT JOIN $tableUser c ON b.platform_user_id=c.user_id
WHERE a.specialty_id = $specialtyId";
$res = Database::query($sql);
while ($row = Database::fetch_assoc($res)) {
@ -470,7 +469,7 @@ function getListSpecialtyTutorial($specialtyId)
{
global $tableSepeParticipantsSpecialtyTutorials;
$specialtyId = (int) $specialtyId;
$sql = "SELECT * FROM $tableSepeParticipantsSpecialtyTutorials
$sql = "SELECT * FROM $tableSepeParticipantsSpecialtyTutorials
WHERE participant_specialty_id = $specialtyId";
$res = Database::query($sql);
$aux = [];
@ -489,9 +488,12 @@ function listCourseAction()
global $tableSepeActions;
global $tableSepeCourseActions;
$sql = "SELECT $tableSepeCourseActions.*, course.title AS title, $tableSepeActions.action_origin AS action_origin, $tableSepeActions.action_code AS action_code
FROM $tableSepeCourseActions, course, $tableSepeActions
WHERE $tableSepeCourseActions.course_id=course.id
$sql = "SELECT
$tableSepeCourseActions.*, course.title AS title,
$tableSepeActions.action_origin AS action_origin,
$tableSepeActions.action_code AS action_code
FROM $tableSepeCourseActions, course, $tableSepeActions
WHERE $tableSepeCourseActions.course_id=course.id
AND $tableSepeActions.id=$tableSepeCourseActions.action_id";
$res = Database::query($sql);
$aux = [];
@ -508,7 +510,7 @@ function listCourseFree()
global $tableSepeCourseActions;
$sql = "SELECT id, title FROM $tableCourse
WHERE NOT EXISTS (
SELECT * FROM $tableSepeCourseActions
SELECT * FROM $tableSepeCourseActions
WHERE $tableCourse.id = $tableSepeCourseActions.course_id)
;";
$res = Database::query($sql);
@ -544,8 +546,8 @@ function getSpecialtyTutorId($specialtyId, $tutorId)
$specialtyId = (int) $specialtyId;
$tutorId = (int) $tutorId;
$sql = "SELECT id
FROM $tableSepeSpecialtyTutors
$sql = "SELECT id
FROM $tableSepeSpecialtyTutors
WHERE specialty_id = $specialtyId AND tutor_id = $tutorId";
$res = Database::query($sql);
$row = Database::fetch_assoc($res);
@ -558,7 +560,8 @@ function checkInsertNewLog($platformUserId, $actionId)
global $tableSepeLogParticipant;
$platformUserId = (int) $platformUserId;
$actionId = (int) $actionId;
$sql = "SELECT * FROM $tableSepeLogParticipant WHERE platform_user_id = $platformUserId AND action_id = $actionId";
$sql = "SELECT * FROM $tableSepeLogParticipant
WHERE platform_user_id = $platformUserId AND action_id = $actionId";
$res = Database::query($sql);
if (Database::num_rows($res) > 0) {
return false;

70
plugin/sepe/src/specialty-tutor-edit.php
Unescape View File

@ -35,7 +35,7 @@ if (!empty($_POST)) {
$tmp = Database::fetch_assoc($rs);
$sql = "INSERT INTO $tableSepeSpecialtyTutors (
specialty_id,
specialty_id,
tutor_id,
tutor_accreditation,
professional_experience,
@ -53,22 +53,22 @@ if (!empty($_POST)) {
);";
$res = Database::query($sql);
} else {
$sql = "SELECT id
FROM $tableSepeTutors
WHERE
$sql = "SELECT id
FROM $tableSepeTutors
WHERE
document_type = '".$documentType."'
AND document_number = '".$documentNumber."'
AND document_number = '".$documentNumber."'
AND document_letter = '".$documentLetter."';";
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0) {
$aux = Database::fetch_assoc($rs);
$sql = "UPDATE $tableSepeTutors SET
platform_user_id = $platformUserId,
tutor_accreditation = '".$tutorAccreditation."',
professional_experience = $professionalExperience,
teaching_competence = '".$teachingCompetence."',
experience_teleforming = $experienceTeleforming,
training_teleforming = '".$trainingTeleforming."'
$sql = "UPDATE $tableSepeTutors SET
platform_user_id = $platformUserId,
tutor_accreditation = '".$tutorAccreditation."',
professional_experience = $professionalExperience,
teaching_competence = '".$teachingCompetence."',
experience_teleforming = $experienceTeleforming,
training_teleforming = '".$trainingTeleforming."'
WHERE id = '".$aux['id']."';";
$res = Database::query($sql);
if (!$res) {
@ -78,8 +78,8 @@ if (!empty($_POST)) {
$tutorId = $aux['id'];
$specialtyTutorId = getSpecialtyTutorId($specialtyId, $tutorId);
} else {
$sql = "UPDATE $tableSepeTutors
SET platform_user_id=''
$sql = "UPDATE $tableSepeTutors
SET platform_user_id=''
WHERE platform_user_id='".$platformUserId."'";
Database::query($sql);
$sql = "INSERT INTO $tableSepeTutors (
@ -112,13 +112,13 @@ if (!empty($_POST)) {
}
if (isset($newTutor) && $newTutor != 1) {
$sql = "UPDATE $tableSepeSpecialtyTutors SET
tutor_id = $tutorId,
tutor_accreditation = '".$tutorAccreditation."',
professional_experience = $professionalExperience,
teaching_competence = '".$teachingCompetence."',
experience_teleforming = $experienceTeleforming,
training_teleforming='".$trainingTeleforming."'
$sql = "UPDATE $tableSepeSpecialtyTutors SET
tutor_id = $tutorId,
tutor_accreditation = '".$tutorAccreditation."',
professional_experience = $professionalExperience,
teaching_competence = '".$teachingCompetence."',
experience_teleforming = $experienceTeleforming,
training_teleforming='".$trainingTeleforming."'
WHERE id = $specialtyTutorId;";
} else {
$sql = "INSERT INTO $tableSepeSpecialtyTutors (
@ -169,16 +169,28 @@ if (!empty($_POST)) {
}
if (api_is_platform_admin()) {
$courseId = getCourse(intval($_GET['action_id']));
$interbreadcrumb[] = ["url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')];
$actionId = (int) $_GET['action_id'];
$specialtyId = (int) $_GET['specialty_id'];
$courseId = getCourse($actionId);
$interbreadcrumb[] = [
"url" => "/plugin/sepe/src/sepe-administration-menu.php",
"name" => $plugin->get_lang('MenuSepe'),
];
$interbreadcrumb[] = ["url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')];
$interbreadcrumb[] = ["url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')];
$interbreadcrumb[] = ["url" => "specialty-action-edit.php?new_specialty=0&specialty_id=".intval($_GET['specialty_id'])."&action_id=".$_GET['action_id'], "name" => $plugin->get_lang('SpecialtyFormativeAction')];
$interbreadcrumb[] = [
"url" => "formative-action.php?cid=".$courseId,
"name" => $plugin->get_lang('FormativeAction'),
];
$interbreadcrumb[] = [
"url" => "specialty-action-edit.php?new_specialty=0&specialty_id=".$specialtyId."&action_id=".$actionId,
"name" => $plugin->get_lang('SpecialtyFormativeAction'),
];
if (isset($_GET['new_tutor']) && intval($_GET['new_tutor']) == 1) {
$templateName = $plugin->get_lang('NewSpecialtyTutor');
$tpl = new Template($templateName);
$tpl->assign('action_id', intval($_GET['action_id']));
$tpl->assign('specialty_id', intval($_GET['specialty_id']));
$tpl->assign('action_id', $actionId);
$tpl->assign('specialty_id', $specialtyId);
$info = [];
$tpl->assign('info', $info);
$tpl->assign('new_tutor', '1');
@ -186,8 +198,8 @@ if (api_is_platform_admin()) {
} else {
$templateName = $plugin->get_lang('EditSpecialtyTutor');
$tpl = new Template($templateName);
$tpl->assign('action_id', intval($_GET['action_id']));
$tpl->assign('specialty_id', intval($_GET['specialty_id']));
$tpl->assign('action_id', $actionId);
$tpl->assign('specialty_id', $specialtyId);
$tpl->assign('tutor_id', intval($_GET['tutor_id']));
$info = getInfoSpecialtyTutor($_GET['tutor_id']);
$tpl->assign('info', $info);

Write Preview
Loading…
Cancel
Save