chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixing queries see #7440

Browse Source
1.9.x
Julio Montoya 11 years ago
parent b666f82031
commit ddf30bfab7
5 changed files with 160 additions and 100 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/inc/lib/link.lib.php
  2. 18
      main/inc/lib/main_api.lib.php
  3. 89
      main/inc/lib/usermanager.lib.php
  4. 6
      main/social/search.php
  5. 143
      main/wiki/wiki.inc.php

4
main/inc/lib/link.lib.php
Unescape View File

@ -565,7 +565,7 @@ function editlinkcategory($type)
if (empty ($mytarget)) {
$mytarget = '_self';
}
$mytarget = ",target='" . $target . "'";
$mytarget = ", target='" . $target . "'";
// Finding the old category_id.
$sql = "SELECT * FROM " . $tbl_link . "
@ -592,7 +592,7 @@ function editlinkcategory($type)
"description='" . Database :: escape_string($_POST['description']) . "', " .
"category_id='" . Database :: escape_string($_POST['selectcategory']) . "', " .
"display_order='" . $max_display_order . "', " .
"on_homepage='" . Database :: escape_string($onhomepage) . " ' $mytarget " .
"on_homepage= '" . Database :: escape_string($onhomepage) ."' $mytarget " .
" WHERE c_id = $course_id AND id='" . intval($_POST['id']) . "'";
Database :: query($sql);

18
main/inc/lib/main_api.lib.php
Unescape View File

@ -3348,6 +3348,7 @@ function api_item_property_update(
// Definition of variables.
$tool = Database::escape_string($tool);
$item_id = intval($item_id);
$lastEditTypeNoFilter = $lastedit_type;
$lastedit_type = Database::escape_string($lastedit_type);
$user_id = intval($user_id);
$to_group_id = intval($to_group_id);
@ -3415,7 +3416,7 @@ function api_item_property_update(
// Update if possible
$set_type = '';
switch ($lastedit_type) {
switch ($lastEditTypeNoFilter) {
case 'delete':
// delete = make item only visible for the platform admin.
$visibility = '2';
@ -3448,17 +3449,18 @@ function api_item_property_update(
lastedit_user_id = '$user_id',
visibility='$visibility' $set_type
WHERE $filter";
}
break;
case 'visible' : // Change item to visible.
$visibility = '1';
if (!empty($session_id)) {
// Check whether session id already exist into item_properties for updating visibility or add it.
$sql = "SELECT id_session FROM $TABLE_ITEMPROPERTY
WHERE c_id = $course_id AND tool = '$tool' AND ref = '$item_id' AND id_session = '$session_id'";
WHERE
c_id = $course_id AND
tool = '$tool' AND
ref = '$item_id' AND
id_session = '$session_id'";
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0) {
$sql = "UPDATE $TABLE_ITEMPROPERTY
@ -3488,7 +3490,11 @@ function api_item_property_update(
if (!empty($session_id)) {
// Check whether session id already exist into item_properties for updating visibility or add it
$sql = "SELECT id_session FROM $TABLE_ITEMPROPERTY
WHERE c_id=$course_id AND tool = '$tool' AND ref='$item_id' AND id_session = '$session_id'";
WHERE
c_id = $course_id AND
tool = '$tool' AND
ref='$item_id' AND
id_session = '$session_id'";
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0) {
$sql = "UPDATE $TABLE_ITEMPROPERTY

89
main/inc/lib/usermanager.lib.php
Unescape View File

@ -1303,7 +1303,7 @@ class UserManager
/**
* Update User extra field file type into {user_folder}/{$extra_field}
* @param $user_id The user internal identification number
* @param int $user_id The user internal identification number
* @param string $extra_field The $extra_field The extra field name
* @param null $file The filename
* @param null $source_file The temporal filename
@ -1318,6 +1318,7 @@ class UserManager
if (empty($user_id)) {
return false;
}
if (empty($source_file)) {
$source_file = $file;
}
@ -1495,9 +1496,10 @@ class UserManager
/**
* Update an extra field value for a given user
* @param integer User ID
* @param string Field variable name
* @param string Field value
* @param integer $user_id User ID
* @param string $fname Field variable name
* @param string $fvalue Field value
*
* @return boolean true if field updated, false otherwise
*/
public static function update_extra_field_value($user_id, $fname, $fvalue = '')
@ -1508,24 +1510,28 @@ class UserManager
$t_ufv = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
$fname = Database::escape_string($fname);
if ($user_id != strval(intval($user_id)))
if ($user_id != strval(intval($user_id))) {
return false;
if ($user_id === false)
}
if ($user_id === false) {
return false;
}
$fvalues = '';
//echo '<pre>'; print_r($fvalue);
if (is_array($fvalue)) {
foreach ($fvalue as $val) {
$fvalues .= Database::escape_string($val).';';
$fvalues .= $val.';';
}
if (!empty($fvalues)) {
$fvalues = substr($fvalues, 0, -1);
}
} else {
$fvalues = Database::escape_string($fvalue);
$fvalues = $fvalue;
}
$fvalues = Database::escape_string($fvalues);
$sqluf = "SELECT * FROM $t_uf WHERE field_variable='$fname'";
$resuf = Database::query($sqluf);
$is_extra_file = false;
@ -1571,7 +1577,12 @@ class UserManager
$fvalue['name'] = Security::filter_filename($fvalue['name']);
$fvalue['tmp_name'] = Security::filter_filename($fvalue['tmp_name']);
// Update and recover the filename
$fvalues = UserManager::update_user_extra_file($user_id, $rowuf['field_variable'], $fvalue['name'], $fvalue['tmp_name']);
$fvalues = UserManager::update_user_extra_file(
$user_id,
$rowuf['field_variable'],
$fvalue['name'],
$fvalue['tmp_name']
);
} else {
// Set empty string to $fvalues to delete it
$fvalues = '';
@ -1583,7 +1594,9 @@ class UserManager
break;
}
$tms = time();
$sqlufv = "SELECT * FROM $t_ufv WHERE user_id = $user_id AND field_id = ".$rowuf['id']." ORDER BY id";
$sqlufv = "SELECT * FROM $t_ufv
WHERE user_id = $user_id AND field_id = ".$rowuf['id']."
ORDER BY id";
$resufv = Database::query($sqlufv);
$n = Database::num_rows($resufv);
if ($n > 1) {
@ -1596,9 +1609,12 @@ class UserManager
}
$rowufv = Database::fetch_array($resufv);
if ($rowufv['field_value'] != $fvalues) {
$sqlu = "UPDATE $t_ufv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowufv['id'];
$sqlu = "UPDATE $t_ufv SET
field_value = '$fvalues',
tms = FROM_UNIXTIME($tms)
WHERE id = ".$rowufv['id'];
$resu = Database::query($sqlu);
return($resu ? true : false);
return ($resu ? true : false);
}
return true;
}
@ -1612,29 +1628,35 @@ class UserManager
}
// If the new field is empty, delete it
if ($fvalues == '') {
$sql_query = "DELETE FROM $t_ufv WHERE id = ".$rowufv['id'].";";
$sql_query = "DELETE FROM $t_ufv
WHERE id = ".$rowufv['id'].";";
} else {
// Otherwise update it
$sql_query = "UPDATE $t_ufv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowufv['id'];
$sql_query = "UPDATE $t_ufv SET
field_value = '$fvalues',
tms = FROM_UNIXTIME($tms)
WHERE id = ".$rowufv['id'];
}
$resu = Database::query($sql_query);
return($resu ? true : false);
return ($resu ? true : false);
}
return true;
} else {
$sqli = "INSERT INTO $t_ufv (user_id,field_id,field_value,tms) ".
"VALUES ($user_id,".$rowuf['id'].",'$fvalues',FROM_UNIXTIME($tms))";
$sqli = "INSERT INTO $t_ufv (user_id,field_id,field_value,tms)
VALUES ( $user_id, ".$rowuf['id'].", '$fvalues', FROM_UNIXTIME($tms))";
$resi = Database::query($sqli);
return($resi ? true : false);
return ($resi ? true : false);
}
} else {
return false; //field not found
// Field not found
return false;
}
}
/**
* Get an array of extra fieds with field details (type, default value and options)
* Get an array of extra fields with field details (type, default value and options)
* @param integer Offset (from which row)
* @param integer Number of items
* @param integer Column on which sorting is made
@ -3573,8 +3595,13 @@ class UserManager
* @param bool $getCount get count or not
* @return array
*/
public static function get_all_user_tags($tag, $field_id = 0, $from = 0, $number_of_items = 10, $getCount = false)
{
public static function get_all_user_tags(
$tag,
$field_id = 0,
$from = 0,
$number_of_items = 10,
$getCount = false
) {
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$table_user_tag = Database::get_main_table(TABLE_MAIN_TAG);
$table_user_tag_values = Database::get_main_table(TABLE_MAIN_USER_REL_TAG);
@ -3609,8 +3636,8 @@ class UserManager
u.firstname LIKE '".Database::escape_string("%".$tag."%")."' OR
u.lastname LIKE '".Database::escape_string("%".$tag."%")."' OR
u.username LIKE '".Database::escape_string("%".$tag."%")."' OR
concat(u.firstname,' ',u.lastname) LIKE '".Database::escape_string("%".$tag."%")."' OR
concat(u.lastname,' ',u.firstname) LIKE '".Database::escape_string("%".$tag."%")."'
concat(u.firstname, ' ', u.lastname) LIKE '".Database::escape_string("%".$tag."%")."' OR
concat(u.lastname, ' ', u.firstname) LIKE '".Database::escape_string("%".$tag."%")."'
)
".(!empty($where_extra_fields) ? $where_extra_fields : '')."
AND
@ -3635,8 +3662,14 @@ class UserManager
return $row['count'];
}
while ($row = Database::fetch_array($result, 'ASSOC')) {
if (isset($return[$row['user_id']]) && !empty($return[$row['user_id']]['tag'])) {
$url = Display::url($row['tag'], api_get_path(WEB_PATH).'main/social/search.php?q='.$row['tag'], array('class' => 'tag'));
if (isset($return[$row['user_id']]) &&
!empty($return[$row['user_id']]['tag'])
) {
$url = Display::url(
$row['tag'],
api_get_path(WEB_PATH).'main/social/search.php?q='.$row['tag'],
array('class' => 'tag')
);
$row['tag'] = $url;
}
$return[$row['user_id']] = $row;

6
main/social/search.php
Unescape View File

@ -135,7 +135,7 @@ $this_section = SECTION_SOCIAL;
$tool_name = get_lang('Search');
$interbreadcrumb[] = array('url' => 'profile.php', 'name' => get_lang('SocialNetwork'));
$query = isset($_GET['q']) ? Database::escape_string($_GET['q']) : null;
$query = isset($_GET['q']) ? Security::remove_XSS($_GET['q']): null;
$query_search_type = isset($_GET['search_type']) && in_array($_GET['search_type'], array('0','1','2')) ? $_GET['search_type'] : null;
$extra_fields = UserManager::get_extra_filtrable_fields();
$query_vars = array('q' => $query, 'search_type' => $query_search_type);
@ -152,6 +152,9 @@ $social_avatar_block = SocialManager::show_social_avatar_block('search');
$social_menu_block = SocialManager::show_social_menu('search');
$social_right_content = '<div class="span9">'.UserManager::get_search_form($query).'</div>';
$groups = array();
$totalGroups = array();
// I'm searching something
if ($query != '' || ($query_vars['search_type']=='1' && count($query_vars)>2) ) {
$itemPerPage = 9;
@ -169,7 +172,6 @@ if ($query != '' || ($query_vars['search_type']=='1' && count($query_vars)>2) )
$pageGroup = isset($_GET['groups_page_nr']) ? intval($_GET['groups_page_nr']) : 1;
// Groups
$fromGroups = intval(($pageGroup - 1) * $itemPerPage);
$totalGroups = GroupPortalManager::get_all_group_tags($_GET['q'], 0, $itemPerPage, true);
$groups = GroupPortalManager::get_all_group_tags($_GET['q'], $fromGroups, $itemPerPage);
}

143
main/wiki/wiki.inc.php
Unescape View File

@ -1,15 +1,16 @@
<?php
/* For licensing terms, see /license.txt */
use \ChamiloSession as Session;
/**
* Class Wiki
* Functions library for the wiki tool
* @author Juan Carlos Raña <herodoto@telefonica.net>
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University, Belgium
* @author Julio Montoya <gugli100@gmail.com> using the pdf.lib.php library
* @package chamilo.wiki
*/
use \ChamiloSession as Session;
class Wiki
{
public $tbl_wiki;
@ -29,6 +30,9 @@ class Wiki
public $wikiData = array();
public $url;
/**
* Constructor
*/
public function __construct()
{
// Database table definition
@ -239,6 +243,7 @@ class Wiki
/**
* This function saves a change in a wiki page
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
* @param array $values
* @return language string saying that the changes are stored
**/
public function save_wiki($values)
@ -267,20 +272,20 @@ class Wiki
// NOTE: visibility, visibility_disc and ratinglock_disc changes are not made here, but through the interce buttons
// cleaning the variables
$_clean['page_id'] = Database::escape_string($values['page_id']);
$_clean['reflink'] = Database::escape_string(trim($values['reflink']));
$_clean['title'] = Database::escape_string(trim($values['title']));
$_clean['content'] = Database::escape_string($values['content']);
$_clean['page_id'] = intval($values['page_id']);
$_clean['reflink'] = Database::escape_string(trim($values['reflink']));
$_clean['title'] = Database::escape_string(trim($values['title']));
$_clean['content'] = Database::escape_string($values['content']);
if (api_get_setting('htmlpurifier_wiki') == 'true'){
$purifier = new HTMLPurifier();
$_clean['content'] = $purifier->purify($_clean['content']);
}
$_clean['user_id'] = api_get_user_id();
$_clean['assignment'] = Database::escape_string($values['assignment']);
$_clean['comment'] = Database::escape_string($values['comment']);
$_clean['progress'] = Database::escape_string($values['progress']);
$_clean['version'] = intval($values['version']) + 1 ;
$_clean['linksto'] = self::links_to($_clean['content']); //and check links content
$_clean['user_id'] = api_get_user_id();
$_clean['assignment']= Database::escape_string($values['assignment']);
$_clean['comment'] = Database::escape_string($values['comment']);
$_clean['progress'] = Database::escape_string($values['progress']);
$_clean['version'] = intval($values['version']) + 1 ;
$_clean['linksto'] = self::links_to($_clean['content']); //and check links content
//cleaning config variables
if (!empty($values['task'])) {
@ -321,22 +326,30 @@ class Wiki
$sql = "INSERT INTO ".$tbl_wiki." (c_id, page_id, reflink, title, content, user_id, group_id, dtime, assignment, comment, progress, version, linksto, user_ip, session_id)
VALUES ($course_id, '".$_clean['page_id']."','".$_clean['reflink']."','".$_clean['title']."','".$_clean['content']."','".$_clean['user_id']."','".$groupId."','".$dtime."','".$_clean['assignment']."','".$_clean['comment']."','".$_clean['progress']."','".$_clean['version']."','".$_clean['linksto']."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."', '".Database::escape_string($session_id)."')";
Database::query($sql);
$Id = Database::insert_id();
if ($Id > 0) {
$id = Database::insert_id();
if ($id > 0) {
//insert into item_property
api_item_property_update(api_get_course_info(), TOOL_WIKI, $Id, 'WikiAdded', api_get_user_id(), $groupId);
api_item_property_update(
api_get_course_info(),
TOOL_WIKI,
$id,
'WikiAdded',
api_get_user_id(),
$groupId
);
}
if ($_clean['page_id'] ==0) {
$sql='UPDATE '.$tbl_wiki.' SET page_id="'.$Id.'" WHERE c_id = '.$course_id.' AND id="'.$Id.'"';
if ($_clean['page_id'] == 0) {
$sql='UPDATE '.$tbl_wiki.' SET page_id="'.$id.'" WHERE c_id = '.$course_id.' AND id="'.$id.'"';
Database::query($sql);
}
//update wiki config
if ($_clean['reflink']=='index' && $_clean['version']==1) {
$sql="INSERT INTO ".$tbl_wiki_conf." (c_id, page_id, task, feedback1, feedback2, feedback3, fprogress1, fprogress2, fprogress3, max_text, max_version, startdate_assig, enddate_assig, delayedsubmit)
VALUES ($course_id, '".$Id."','".$_clean['task']."','".$_clean['feedback1']."','".$_clean['feedback2']."','".$_clean['feedback3']."','".$_clean['fprogress1']."','".$_clean['fprogress2']."','".$_clean['fprogress3']."','".$_clean['max_text']."','".$_clean['max_version']."','".$_clean['startdate_assig']."','".$_clean['enddate_assig']."','".$_clean['delayedsubmit']."')";
if ($values['reflink'] == 'index' && $_clean['version'] == 1 ) {
$sql = "INSERT INTO ".$tbl_wiki_conf." (c_id, page_id, task, feedback1, feedback2, feedback3, fprogress1, fprogress2, fprogress3, max_text, max_version, startdate_assig, enddate_assig, delayedsubmit)
VALUES ($course_id, '".$id."','".$_clean['task']."','".$_clean['feedback1']."','".$_clean['feedback2']."','".$_clean['feedback3']."','".$_clean['fprogress1']."','".$_clean['fprogress2']."','".$_clean['fprogress3']."','".$_clean['max_text']."','".$_clean['max_version']."','".$_clean['startdate_assig']."','".$_clean['enddate_assig']."','".$_clean['delayedsubmit']."')";
} else {
$sql = 'UPDATE '.$tbl_wiki_conf.' SET
task="'.$_clean['task'].'",
@ -355,10 +368,11 @@ class Wiki
page_id = "'.$_clean['page_id'].'" AND
c_id = '.$course_id;
}
Database::query($sql);
api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $groupId);
api_item_property_update($_course, 'wiki', $id, 'WikiAdded', api_get_user_id(), $groupId);
self::check_emailcue($_clean['reflink'], 'P', $dtime, $_clean['user_id']);
$this->setWikiData($Id);
$this->setWikiData($id);
return get_lang('Saved');
}
@ -403,8 +417,8 @@ class Wiki
($course_id, '".$r_page_id."','".$r_reflink."','".$r_title."','".$r_content."','".$r_user_id."','".$r_group_id."','".$r_dtime."','".$r_assignment."','".$r_comment."','".$r_progress."','".$r_version."','".$r_linksto."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."','".Database::escape_string($session_id)."')";
Database::query($sql);
$Id = Database::insert_id();
api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $r_group_id);
$id = Database::insert_id();
api_item_property_update($_course, 'wiki', $id, 'WikiAdded', api_get_user_id(), $r_group_id);
self::check_emailcue($r_reflink, 'P', $r_dtime, $r_user_id);
return get_lang('PageRestored');
@ -739,18 +753,17 @@ class Wiki
$KeyVisibility=$row['visibility'];
// second, show the last version
$sql = 'SELECT * FROM '.$tbl_wiki.' w , '.$tbl_wiki_conf.' wc
$sql = 'SELECT * FROM '.$tbl_wiki.' w INNER JOIN '.$tbl_wiki_conf.' wc
ON (wc.page_id = w.page_id AND wc.c_id = w.c_id)
WHERE
wc.c_id = '.$course_id.' AND
w.c_id = '.$course_id.' AND
wc.page_id = w.page_id AND
w.reflink = "'.Database::escape_string($pageMIX).'" AND
w.session_id = '.$session_id.' AND
w.'.$groupfilter.' '.$filter.'
ORDER BY id DESC';
$result = Database::query($sql);
$row = Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version
$row = Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version
//log users access to wiki (page_id)
if (!empty($row['page_id'])) {
@ -1286,7 +1299,7 @@ class Wiki
c_id = '.$course_id.' AND
reflink="'.Database::escape_string($page).'" AND
'.$groupfilter.$condition_session;
//Visibility. Value to all,not only for the first
//Visibility. Value to all,not only for the first
Database::query($sql);
//Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page
@ -2375,7 +2388,7 @@ class Wiki
WHERE
c_id = '.$course_id.' AND
is_editing="'.$isEditing.'" '.
$condition_session;
$condition_session;
Database::query($sql);
}
@ -3545,25 +3558,26 @@ class Wiki
//fix index to title Main page into linksto
if ($page == 'index') {
$page=str_replace(' ','_',get_lang('DefaultTitle'));
$page = str_replace(' ','_',get_lang('DefaultTitle'));
}
//table
if (api_is_allowed_to_edit(false,true) || api_is_platform_admin()) { //only by professors if page is hidden
if (api_is_allowed_to_edit(false,true) || api_is_platform_admin()) {
//only by professors if page is hidden
$sql = "SELECT * FROM ".$tbl_wiki." s1
WHERE s1.c_id = $course_id AND linksto LIKE '%".Database::escape_string($page)." %' AND id=(
WHERE s1.c_id = $course_id AND linksto LIKE '%".Database::escape_string($page)."%' AND id=(
SELECT MAX(s2.id) FROM ".$tbl_wiki." s2
WHERE s2.c_id = $course_id AND s1.reflink = s2.reflink AND ".$groupfilter.$condition_session.")";
//add blank space after like '%" " %' to identify each word
} else {
$sql = "SELECT * FROM ".$tbl_wiki." s1
WHERE s1.c_id = $course_id AND visibility=1 AND linksto LIKE '%".Database::escape_string($page)." %' AND id=(
WHERE s1.c_id = $course_id AND visibility=1 AND linksto LIKE '%".Database::escape_string($page)."%' AND id=(
SELECT MAX(s2.id) FROM ".$tbl_wiki." s2
WHERE s2.c_id = $course_id AND s1.reflink = s2.reflink AND ".$groupfilter.$condition_session.")";
//add blank space after like '%" " %' to identify each word
}
$allpages=Database::query($sql);
$allpages = Database::query($sql);
//show table
if (Database::num_rows($allpages) > 0) {
@ -3900,22 +3914,22 @@ class Wiki
self::setMessage(Display::display_normal_message($is_being_edited, false, true));
} else {
self::setMessage(Display::display_confirmation_message(
self::restore_wikipage(
$current_row['page_id'],
$current_row['reflink'],
$current_row['title'],
$current_row['content'],
$current_row['group_id'],
$current_row['assignment'],
$current_row['progress'],
$current_row['version'],
$last_row['version'],
$current_row['linksto']
).': <a href="index.php?cidReq='.$_course['code'].'&action=showpage&amp;title='.api_htmlentities(urlencode($last_row['reflink'])).'&session_id='.$last_row['session_id'].'&group_id='.$last_row['group_id'].'">'.
api_htmlentities($last_row['title']).'</a>',
false,
true
));
self::restore_wikipage(
$current_row['page_id'],
$current_row['reflink'],
$current_row['title'],
$current_row['content'],
$current_row['group_id'],
$current_row['assignment'],
$current_row['progress'],
$current_row['version'],
$last_row['version'],
$current_row['linksto']
).': <a href="index.php?cidReq='.$_course['code'].'&action=showpage&amp;title='.api_htmlentities(urlencode($last_row['reflink'])).'&session_id='.$last_row['session_id'].'&group_id='.$last_row['group_id'].'">'.
api_htmlentities($last_row['title']).'</a>',
false,
true
));
}
}
}
@ -4440,27 +4454,28 @@ class Wiki
$groupId = $this->group_id;
$userId = api_get_user_id();
if (api_get_session_id()!=0 && api_is_allowed_to_session_edit(false,true)==false) {
if (api_get_session_id() != 0 && api_is_allowed_to_session_edit(false,true)==false) {
api_not_allowed();
}
$sql = 'SELECT *
FROM '.$tbl_wiki.', '.$tbl_wiki_conf.'
WHERE
'.$tbl_wiki.'.c_id = '.$course_id.' AND
'.$tbl_wiki_conf.'.c_id = '.$course_id.' AND
'.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND
'.$tbl_wiki.'.reflink= "'.Database::escape_string($page).'" AND
'.$tbl_wiki.'.'.$groupfilter.$condition_session.'
FROM '.$tbl_wiki.' w INNER JOIN '.$tbl_wiki_conf.' c
ON (w.c_id = c.c_id AND w.page_id = c.page_id)
WHERE
w.c_id = '.$course_id.' AND
w.reflink= "'.Database::escape_string($page).'" AND
w.'.$groupfilter.$condition_session.'
ORDER BY id DESC';
$result = Database::query($sql);
$row = Database::fetch_array($result);
// we do not need a while loop since we are always displaying the last version
if ($row['content']=='' AND $row['title']=='' AND $page=='') {
self::setMessage(Display::display_error_message(get_lang('MustSelectPage'), false, true));
return;
} elseif ($row['content']=='' AND $row['title']=='' AND $page=='index') {
//Table structure for better export to pdf
$default_table_for_content_Start='<table align="center" border="0"><tr><td align="center">';
$default_table_for_content_End='</td></tr></table>';
@ -4474,7 +4489,9 @@ class Wiki
}
//Only teachers and platform admin can edit the index page. Only teachers and platform admin can edit an assignment teacher. And users in groups
if (($row['reflink']=='index' || $row['reflink']=='' || $row['assignment']==1) && (!api_is_allowed_to_edit(false,true) && intval($_GET['group_id'])==0)) {
if (($row['reflink']=='index' || $row['reflink']=='' || $row['assignment']==1) &&
(!api_is_allowed_to_edit(false,true) && intval($_GET['group_id'])==0)
) {
self::setMessage(Display::display_error_message(get_lang('OnlyEditPagesCourseManager'), false, true));
} else {
$PassEdit=false;
@ -4535,7 +4552,7 @@ class Wiki
$row['enddate_assig']!='0000-00-00 00:00:00' &&
$row['delayedsubmit']==0
) {
$message=get_lang('TheDeadlineHasBeenCompleted').': '.api_get_local_time($row['enddate_assig'], null, date_default_timezone_get());
$message = get_lang('TheDeadlineHasBeenCompleted').': '.api_get_local_time($row['enddate_assig'], null, date_default_timezone_get());
self::setMessage(Display::display_warning_message($message, false, true));
if (!api_is_allowed_to_edit(false,true)) {
return;
@ -4644,6 +4661,7 @@ class Wiki
$row['title'] = $title;
$row['page_id'] = $page_id;
$row['reflink'] = $page;
$row['content'] = $content;
$form->setDefaults($row);
$form->display();
@ -4659,6 +4677,7 @@ class Wiki
//prevent concurrent users and double version
self::setMessage(Display::display_error_message(get_lang("EditedByAnotherUser"), false, true));
} else {
$return_message = self::save_wiki($form->exportValues());
self::setMessage(Display::display_confirmation_message($return_message, false, true));
}

Write Preview
Loading…
Cancel
Save