Add int casting + Database::escape_string + format code

4 years ago · dc86adc7d5
parent 32e6cbfe76
commit dc86adc7d5
4 changed files with 154 additions and 114 deletions
--- a/plugin/sepe/src/formative-action-edit.php
+++ b/plugin/sepe/src/formative-action-edit.php
@ -145,8 +145,14 @@ if (!empty($_POST)) {
 if (api_is_platform_admin()) {
    if (isset($_GET['new_action']) && intval($_GET['new_action']) == 1) {
        $info = [];
-        $interbreadcrumb[] = ["url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')];
-        $interbreadcrumb[] = ["url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')];
+        $interbreadcrumb[] = [
+            "url" => "/plugin/sepe/src/sepe-administration-menu.php",
+            "name" => $plugin->get_lang('MenuSepe'),
+        ];
+        $interbreadcrumb[] = [
+            "url" => "formative-actions-list.php",
+            "name" => $plugin->get_lang('FormativesActionsList'),
+        ];
        $templateName = $plugin->get_lang('formativeActionNew');
        $tpl = new Template($templateName);
        $yearStart = $yearEnd = date("Y");
@ -155,9 +161,18 @@ if (api_is_platform_admin()) {
        $tpl->assign('course_id', intval($_GET['cid']));
    } else {
        $courseId = getCourse($_GET['action_id']);
-        $interbreadcrumb[] = ["url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')];
-        $interbreadcrumb[] = ["url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')];
-        $interbreadcrumb[] = ["url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')];
+        $interbreadcrumb[] = [
+            "url" => "/plugin/sepe/src/sepe-administration-menu.php",
+            "name" => $plugin->get_lang('MenuSepe'),
+        ];
+        $interbreadcrumb[] = [
+            "url" => "formative-actions-list.php",
+            "name" => $plugin->get_lang('FormativesActionsList'),
+        ];
+        $interbreadcrumb[] = [
+            "url" => "formative-action.php?cid=".$courseId,
+            "name" => $plugin->get_lang('FormativeAction'),
+        ];
        $info = getActionInfo($_GET['action_id']);
        $templateName = $plugin->get_lang('formativeActionEdit');
        $tpl = new Template($templateName);
--- a/plugin/sepe/src/participant-specialty-edit.php
+++ b/plugin/sepe/src/participant-specialty-edit.php
@ -156,17 +156,27 @@ if (!empty($_POST)) {
 }

 if (api_is_platform_admin()) {
-    $actionId = intval($_GET['action_id']);
+    $actionId = (int) $_GET['action_id'];
    $courseId = getCourse($actionId);
-    $interbreadcrumb[] = ["url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')];
+    $participantId = (int) $_GET['participant_id'];
+    $interbreadcrumb[] = [
+        "url" => "/plugin/sepe/src/sepe-administration-menu.php",
+        "name" => $plugin->get_lang('MenuSepe'),
+    ];
    $interbreadcrumb[] = ["url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')];
-    $interbreadcrumb[] = ["url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')];
-    $interbreadcrumb[] = ["url" => "participant-action-edit.php?new_participant=0&participant_id=".intval($_GET['participant_id'])."&action_id=".$_GET['action_id'], "name" => $plugin->get_lang('FormativeActionParticipant')];
+    $interbreadcrumb[] = [
+        "url" => "formative-action.php?cid=".$courseId,
+        "name" => $plugin->get_lang('FormativeAction'),
+    ];
+    $interbreadcrumb[] = [
+        "url" => "participant-action-edit.php?new_participant=0&participant_id=".$participantId."&action_id=".$actionId,
+        "name" => $plugin->get_lang('FormativeActionParticipant'),
+    ];
    if (isset($_GET['new_specialty']) && intval($_GET['new_specialty']) == 1) {
        $templateName = $plugin->get_lang('NewSpecialtyParticipant');
        $tpl = new Template($templateName);
        $tpl->assign('action_id', $actionId);
-        $tpl->assign('participant_id', intval($_GET['participant_id']));
+        $tpl->assign('participant_id', $participantId);
        $info = [];
        $tpl->assign('info', $info);
        $tpl->assign('new_specialty', '1');
@ -177,7 +187,7 @@ if (api_is_platform_admin()) {
        $tpl = new Template($templateName);
        $tpl->assign('action_id', $actionId);
        $tpl->assign('specialty_id', intval($_GET['specialty_id']));
-        $tpl->assign('participant_id', intval($_GET['participant_id']));
+        $tpl->assign('participant_id', $participantId);
        $info = getInfoSpecialtyParticipant($_GET['specialty_id']);
        $tpl->assign('info', $info);
        $tpl->assign('new_specialty', '0');
--- a/plugin/sepe/src/sepe.lib.php
+++ b/plugin/sepe/src/sepe.lib.php
@ -1,4 +1,5 @@
 <?php
+
 /**
 * Functions.
 *
@ -51,9 +52,9 @@ function checkIdentificationData()
    $result = Database::query($sql);
    if (Database::affected_rows($result) > 0) {
        return true;
-    } else {
-        return false;
    }
+
+    return false;
 }

 function getActionId($courseId)
@ -163,7 +164,6 @@ function getInfoSpecialtyTutorial($tutorialId)
    $tutorialId = (int) $tutorialId;
    $sql = "SELECT * FROM $tableSepeParticipantsSpecialtyTutorials WHERE id = $tutorialId";
    $res = Database::query($sql);
-    $aux = [];
    if (Database::num_rows($res) > 0) {
        $row = Database::fetch_assoc($res);
    } else {
@ -266,7 +266,6 @@ function getInfoSpecialtyTutor($tutorId)
            INNER JOIN $tableSepeTutors b ON a.tutor_id=b.id
            WHERE a.id = $tutorId;";
    $res = Database::query($sql);
-    $aux = [];
    if (Database::num_rows($res) > 0) {
        $row['tutor_accreditation'] = Security::remove_XSS(stripslashes($row['tutor_accreditation']));
        $row['teaching_competence'] = Security::remove_XSS(stripslashes($row['teaching_competence']));
@ -489,7 +488,10 @@ function listCourseAction()
    global $tableSepeActions;
    global $tableSepeCourseActions;

-    $sql = "SELECT $tableSepeCourseActions.*, course.title AS title, $tableSepeActions.action_origin AS action_origin, $tableSepeActions.action_code AS action_code 
+    $sql = "SELECT
+            $tableSepeCourseActions.*, course.title AS title,
+            $tableSepeActions.action_origin AS action_origin,
+            $tableSepeActions.action_code AS action_code
            FROM $tableSepeCourseActions, course, $tableSepeActions
            WHERE $tableSepeCourseActions.course_id=course.id
            AND $tableSepeActions.id=$tableSepeCourseActions.action_id";
@ -558,7 +560,8 @@ function checkInsertNewLog($platformUserId, $actionId)
    global $tableSepeLogParticipant;
    $platformUserId = (int) $platformUserId;
    $actionId = (int) $actionId;
-    $sql = "SELECT * FROM $tableSepeLogParticipant WHERE platform_user_id = $platformUserId AND action_id = $actionId";
+    $sql = "SELECT * FROM $tableSepeLogParticipant
+            WHERE platform_user_id = $platformUserId AND action_id = $actionId";
    $res = Database::query($sql);
    if (Database::num_rows($res) > 0) {
        return false;
--- a/plugin/sepe/src/specialty-tutor-edit.php
+++ b/plugin/sepe/src/specialty-tutor-edit.php
@ -169,16 +169,28 @@ if (!empty($_POST)) {
 }

 if (api_is_platform_admin()) {
-    $courseId = getCourse(intval($_GET['action_id']));
-    $interbreadcrumb[] = ["url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')];
+    $actionId = (int) $_GET['action_id'];
+    $specialtyId = (int) $_GET['specialty_id'];
+
+    $courseId = getCourse($actionId);
+    $interbreadcrumb[] = [
+        "url" => "/plugin/sepe/src/sepe-administration-menu.php",
+        "name" => $plugin->get_lang('MenuSepe'),
+    ];
    $interbreadcrumb[] = ["url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')];
-    $interbreadcrumb[] = ["url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')];
-    $interbreadcrumb[] = ["url" => "specialty-action-edit.php?new_specialty=0&specialty_id=".intval($_GET['specialty_id'])."&action_id=".$_GET['action_id'], "name" => $plugin->get_lang('SpecialtyFormativeAction')];
+    $interbreadcrumb[] = [
+        "url" => "formative-action.php?cid=".$courseId,
+        "name" => $plugin->get_lang('FormativeAction'),
+    ];
+    $interbreadcrumb[] = [
+        "url" => "specialty-action-edit.php?new_specialty=0&specialty_id=".$specialtyId."&action_id=".$actionId,
+        "name" => $plugin->get_lang('SpecialtyFormativeAction'),
+    ];
    if (isset($_GET['new_tutor']) && intval($_GET['new_tutor']) == 1) {
        $templateName = $plugin->get_lang('NewSpecialtyTutor');
        $tpl = new Template($templateName);
-        $tpl->assign('action_id', intval($_GET['action_id']));
-        $tpl->assign('specialty_id', intval($_GET['specialty_id']));
+        $tpl->assign('action_id', $actionId);
+        $tpl->assign('specialty_id', $specialtyId);
        $info = [];
        $tpl->assign('info', $info);
        $tpl->assign('new_tutor', '1');
@ -186,8 +198,8 @@ if (api_is_platform_admin()) {
    } else {
        $templateName = $plugin->get_lang('EditSpecialtyTutor');
        $tpl = new Template($templateName);
-        $tpl->assign('action_id', intval($_GET['action_id']));
-        $tpl->assign('specialty_id', intval($_GET['specialty_id']));
+        $tpl->assign('action_id', $actionId);
+        $tpl->assign('specialty_id', $specialtyId);
        $tpl->assign('tutor_id', intval($_GET['tutor_id']));
        $info = getInfoSpecialtyTutor($_GET['tutor_id']);
        $tpl->assign('info', $info);