diff --git a/main/inc/lib/link.lib.php b/main/inc/lib/link.lib.php index 9799a4520f..29a9f2f00c 100755 --- a/main/inc/lib/link.lib.php +++ b/main/inc/lib/link.lib.php @@ -565,7 +565,7 @@ function editlinkcategory($type) if (empty ($mytarget)) { $mytarget = '_self'; } - $mytarget = ",target='" . $target . "'"; + $mytarget = ", target='" . $target . "'"; // Finding the old category_id. $sql = "SELECT * FROM " . $tbl_link . " @@ -592,7 +592,7 @@ function editlinkcategory($type) "description='" . Database :: escape_string($_POST['description']) . "', " . "category_id='" . Database :: escape_string($_POST['selectcategory']) . "', " . "display_order='" . $max_display_order . "', " . - "on_homepage='" . Database :: escape_string($onhomepage) . " ' $mytarget " . + "on_homepage= '" . Database :: escape_string($onhomepage) ."' $mytarget " . " WHERE c_id = $course_id AND id='" . intval($_POST['id']) . "'"; Database :: query($sql); diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php index 9c6b86557e..303ce8d15d 100755 --- a/main/inc/lib/main_api.lib.php +++ b/main/inc/lib/main_api.lib.php @@ -3348,6 +3348,7 @@ function api_item_property_update( // Definition of variables. $tool = Database::escape_string($tool); $item_id = intval($item_id); + $lastEditTypeNoFilter = $lastedit_type; $lastedit_type = Database::escape_string($lastedit_type); $user_id = intval($user_id); $to_group_id = intval($to_group_id); @@ -3415,7 +3416,7 @@ function api_item_property_update( // Update if possible $set_type = ''; - switch ($lastedit_type) { + switch ($lastEditTypeNoFilter) { case 'delete': // delete = make item only visible for the platform admin. $visibility = '2'; @@ -3448,17 +3449,18 @@ function api_item_property_update( lastedit_user_id = '$user_id', visibility='$visibility' $set_type WHERE $filter"; - } break; case 'visible' : // Change item to visible. $visibility = '1'; - if (!empty($session_id)) { - // Check whether session id already exist into item_properties for updating visibility or add it. $sql = "SELECT id_session FROM $TABLE_ITEMPROPERTY - WHERE c_id = $course_id AND tool = '$tool' AND ref = '$item_id' AND id_session = '$session_id'"; + WHERE + c_id = $course_id AND + tool = '$tool' AND + ref = '$item_id' AND + id_session = '$session_id'"; $rs = Database::query($sql); if (Database::num_rows($rs) > 0) { $sql = "UPDATE $TABLE_ITEMPROPERTY @@ -3488,7 +3490,11 @@ function api_item_property_update( if (!empty($session_id)) { // Check whether session id already exist into item_properties for updating visibility or add it $sql = "SELECT id_session FROM $TABLE_ITEMPROPERTY - WHERE c_id=$course_id AND tool = '$tool' AND ref='$item_id' AND id_session = '$session_id'"; + WHERE + c_id = $course_id AND + tool = '$tool' AND + ref='$item_id' AND + id_session = '$session_id'"; $rs = Database::query($sql); if (Database::num_rows($rs) > 0) { $sql = "UPDATE $TABLE_ITEMPROPERTY diff --git a/main/inc/lib/usermanager.lib.php b/main/inc/lib/usermanager.lib.php index fa1cc8b552..e9721d696a 100755 --- a/main/inc/lib/usermanager.lib.php +++ b/main/inc/lib/usermanager.lib.php @@ -1303,7 +1303,7 @@ class UserManager /** * Update User extra field file type into {user_folder}/{$extra_field} - * @param $user_id The user internal identification number + * @param int $user_id The user internal identification number * @param string $extra_field The $extra_field The extra field name * @param null $file The filename * @param null $source_file The temporal filename @@ -1318,6 +1318,7 @@ class UserManager if (empty($user_id)) { return false; } + if (empty($source_file)) { $source_file = $file; } @@ -1495,9 +1496,10 @@ class UserManager /** * Update an extra field value for a given user - * @param integer User ID - * @param string Field variable name - * @param string Field value + * @param integer $user_id User ID + * @param string $fname Field variable name + * @param string $fvalue Field value + * * @return boolean true if field updated, false otherwise */ public static function update_extra_field_value($user_id, $fname, $fvalue = '') @@ -1508,24 +1510,28 @@ class UserManager $t_ufv = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES); $fname = Database::escape_string($fname); - if ($user_id != strval(intval($user_id))) + if ($user_id != strval(intval($user_id))) { return false; - if ($user_id === false) + } + + if ($user_id === false) { return false; + } $fvalues = ''; - - //echo '
'; print_r($fvalue);
         if (is_array($fvalue)) {
             foreach ($fvalue as $val) {
-                $fvalues .= Database::escape_string($val).';';
+                $fvalues .= $val.';';
             }
             if (!empty($fvalues)) {
                 $fvalues = substr($fvalues, 0, -1);
             }
         } else {
-            $fvalues = Database::escape_string($fvalue);
+            $fvalues = $fvalue;
         }
+
+        $fvalues = Database::escape_string($fvalues);
+
         $sqluf = "SELECT * FROM $t_uf WHERE field_variable='$fname'";
         $resuf = Database::query($sqluf);
         $is_extra_file = false;
@@ -1571,7 +1577,12 @@ class UserManager
                         $fvalue['name'] = Security::filter_filename($fvalue['name']);
                         $fvalue['tmp_name'] = Security::filter_filename($fvalue['tmp_name']);
                         // Update and recover the filename
-                        $fvalues = UserManager::update_user_extra_file($user_id, $rowuf['field_variable'], $fvalue['name'], $fvalue['tmp_name']);
+                        $fvalues = UserManager::update_user_extra_file(
+                            $user_id,
+                            $rowuf['field_variable'],
+                            $fvalue['name'],
+                            $fvalue['tmp_name']
+                        );
                     } else {
                         // Set empty string to $fvalues to delete it
                         $fvalues = '';
@@ -1583,7 +1594,9 @@ class UserManager
                     break;
             }
             $tms = time();
-            $sqlufv = "SELECT * FROM $t_ufv WHERE user_id = $user_id AND field_id = ".$rowuf['id']." ORDER BY id";
+            $sqlufv = "SELECT * FROM $t_ufv
+                       WHERE user_id = $user_id AND field_id = ".$rowuf['id']."
+                       ORDER BY id";
             $resufv = Database::query($sqlufv);
             $n = Database::num_rows($resufv);
             if ($n > 1) {
@@ -1596,9 +1609,12 @@ class UserManager
                     }
                     $rowufv = Database::fetch_array($resufv);
                     if ($rowufv['field_value'] != $fvalues) {
-                        $sqlu = "UPDATE $t_ufv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowufv['id'];
+                        $sqlu = "UPDATE $t_ufv SET
+                                    field_value = '$fvalues',
+                                    tms = FROM_UNIXTIME($tms)
+                                WHERE id = ".$rowufv['id'];
                         $resu = Database::query($sqlu);
-                        return($resu ? true : false);
+                        return ($resu ? true : false);
                     }
                     return true;
                 }
@@ -1612,29 +1628,35 @@ class UserManager
                     }
                     // If the new field is empty, delete it
                     if ($fvalues == '') {
-                        $sql_query = "DELETE FROM $t_ufv WHERE id = ".$rowufv['id'].";";
+                        $sql_query = "DELETE FROM $t_ufv
+                                      WHERE id = ".$rowufv['id'].";";
                     } else {
                         // Otherwise update it
-                        $sql_query = "UPDATE $t_ufv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowufv['id'];
+                        $sql_query = "UPDATE $t_ufv SET
+                                        field_value = '$fvalues',
+                                        tms = FROM_UNIXTIME($tms)
+                                      WHERE id = ".$rowufv['id'];
                     }
 
                     $resu = Database::query($sql_query);
-                    return($resu ? true : false);
+                    return ($resu ? true : false);
                 }
+
                 return true;
             } else {
-                $sqli = "INSERT INTO $t_ufv (user_id,field_id,field_value,tms) ".
-                    "VALUES ($user_id,".$rowuf['id'].",'$fvalues',FROM_UNIXTIME($tms))";
+                $sqli = "INSERT INTO $t_ufv (user_id,field_id,field_value,tms)
+                         VALUES ( $user_id, ".$rowuf['id'].", '$fvalues', FROM_UNIXTIME($tms))";
                 $resi = Database::query($sqli);
-                return($resi ? true : false);
+                return ($resi ? true : false);
             }
         } else {
-            return false; //field not found
+            // Field not found
+            return false;
         }
     }
 
     /**
-     * Get an array of extra fieds with field details (type, default value and options)
+     * Get an array of extra fields with field details (type, default value and options)
      * @param    integer    Offset (from which row)
      * @param    integer    Number of items
      * @param    integer    Column on which sorting is made
@@ -3573,8 +3595,13 @@ class UserManager
      * @param bool $getCount get count or not
      * @return array
      */
-    public static function get_all_user_tags($tag, $field_id = 0, $from = 0, $number_of_items = 10, $getCount = false)
-    {
+    public static function get_all_user_tags(
+        $tag,
+        $field_id = 0,
+        $from = 0,
+        $number_of_items = 10,
+        $getCount = false
+    ) {
         $user_table = Database::get_main_table(TABLE_MAIN_USER);
         $table_user_tag = Database::get_main_table(TABLE_MAIN_TAG);
         $table_user_tag_values = Database::get_main_table(TABLE_MAIN_USER_REL_TAG);
@@ -3609,8 +3636,8 @@ class UserManager
                         u.firstname LIKE '".Database::escape_string("%".$tag."%")."' OR
                         u.lastname LIKE '".Database::escape_string("%".$tag."%")."' OR
                         u.username LIKE '".Database::escape_string("%".$tag."%")."' OR
-                        concat(u.firstname,' ',u.lastname) LIKE '".Database::escape_string("%".$tag."%")."' OR
-                        concat(u.lastname,' ',u.firstname) LIKE '".Database::escape_string("%".$tag."%")."'
+                        concat(u.firstname, ' ', u.lastname) LIKE '".Database::escape_string("%".$tag."%")."' OR
+                        concat(u.lastname, ' ', u.firstname) LIKE '".Database::escape_string("%".$tag."%")."'
                      )
                      ".(!empty($where_extra_fields) ? $where_extra_fields : '')."
                      AND
@@ -3635,8 +3662,14 @@ class UserManager
                 return $row['count'];
             }
             while ($row = Database::fetch_array($result, 'ASSOC')) {
-                if (isset($return[$row['user_id']]) && !empty($return[$row['user_id']]['tag'])) {
-                    $url = Display::url($row['tag'], api_get_path(WEB_PATH).'main/social/search.php?q='.$row['tag'], array('class' => 'tag'));
+                if (isset($return[$row['user_id']]) &&
+                    !empty($return[$row['user_id']]['tag'])
+                ) {
+                    $url = Display::url(
+                        $row['tag'],
+                        api_get_path(WEB_PATH).'main/social/search.php?q='.$row['tag'],
+                        array('class' => 'tag')
+                    );
                     $row['tag'] = $url;
                 }
                 $return[$row['user_id']] = $row;
diff --git a/main/social/search.php b/main/social/search.php
index bc5907a8c6..5f83164ccf 100755
--- a/main/social/search.php
+++ b/main/social/search.php
@@ -135,7 +135,7 @@ $this_section      = SECTION_SOCIAL;
 $tool_name         = get_lang('Search');
 $interbreadcrumb[] = array('url' => 'profile.php', 'name' => get_lang('SocialNetwork'));
 
-$query = isset($_GET['q']) ? Database::escape_string($_GET['q']) : null;
+$query = isset($_GET['q']) ? Security::remove_XSS($_GET['q']): null;
 $query_search_type = isset($_GET['search_type']) && in_array($_GET['search_type'], array('0','1','2')) ? $_GET['search_type'] : null;
 $extra_fields = UserManager::get_extra_filtrable_fields();
 $query_vars = array('q' => $query, 'search_type' => $query_search_type);
@@ -152,6 +152,9 @@ $social_avatar_block = SocialManager::show_social_avatar_block('search');
 $social_menu_block = SocialManager::show_social_menu('search');
 $social_right_content = '
'.UserManager::get_search_form($query).'
';
 
+$groups = array();
+$totalGroups = array();
+
 // I'm searching something
 if ($query != '' || ($query_vars['search_type']=='1' && count($query_vars)>2) ) {
     $itemPerPage = 9;
@@ -169,7 +172,6 @@ if ($query != '' || ($query_vars['search_type']=='1' && count($query_vars)>2) )
         $pageGroup = isset($_GET['groups_page_nr']) ? intval($_GET['groups_page_nr']) : 1;
         // Groups
         $fromGroups = intval(($pageGroup - 1) * $itemPerPage);
-
         $totalGroups = GroupPortalManager::get_all_group_tags($_GET['q'], 0, $itemPerPage, true);
         $groups = GroupPortalManager::get_all_group_tags($_GET['q'], $fromGroups, $itemPerPage);
     }
diff --git a/main/wiki/wiki.inc.php b/main/wiki/wiki.inc.php
index f4264cb955..956663668d 100755
--- a/main/wiki/wiki.inc.php
+++ b/main/wiki/wiki.inc.php
@@ -1,15 +1,16 @@
 
  * @author Patrick Cool , Ghent University, Belgium
  * @author Julio Montoya  using the pdf.lib.php library
  * @package chamilo.wiki
  */
-
-use \ChamiloSession as Session;
-
 class Wiki
 {
     public $tbl_wiki;
@@ -29,6 +30,9 @@ class Wiki
     public $wikiData = array();
     public $url;
 
+    /**
+     * Constructor
+     */
     public function __construct()
     {
         // Database table definition
@@ -239,6 +243,7 @@ class Wiki
     /**
      * This function saves a change in a wiki page
      * @author Patrick Cool , Ghent University
+     * @param array $values
      * @return language string saying that the changes are stored
      **/
     public function save_wiki($values)
@@ -267,20 +272,20 @@ class Wiki
         // NOTE: visibility, visibility_disc and ratinglock_disc changes are not made here, but through the interce buttons
 
         // cleaning the variables
-        $_clean['page_id']		= Database::escape_string($values['page_id']);
-        $_clean['reflink']		= Database::escape_string(trim($values['reflink']));
-        $_clean['title']		= Database::escape_string(trim($values['title']));
-        $_clean['content']		= Database::escape_string($values['content']);
+        $_clean['page_id'] = intval($values['page_id']);
+        $_clean['reflink'] = Database::escape_string(trim($values['reflink']));
+        $_clean['title'] = Database::escape_string(trim($values['title']));
+        $_clean['content'] = Database::escape_string($values['content']);
         if (api_get_setting('htmlpurifier_wiki') == 'true'){
             $purifier = new HTMLPurifier();
             $_clean['content'] = $purifier->purify($_clean['content']);
         }
-        $_clean['user_id']		= api_get_user_id();
-        $_clean['assignment']	= Database::escape_string($values['assignment']);
-        $_clean['comment']		= Database::escape_string($values['comment']);
-        $_clean['progress']		= Database::escape_string($values['progress']);
-        $_clean['version']		= intval($values['version']) + 1 ;
-        $_clean['linksto'] 		= self::links_to($_clean['content']); //and check links content
+        $_clean['user_id'] = api_get_user_id();
+        $_clean['assignment']= Database::escape_string($values['assignment']);
+        $_clean['comment'] = Database::escape_string($values['comment']);
+        $_clean['progress']	= Database::escape_string($values['progress']);
+        $_clean['version'] = intval($values['version']) + 1 ;
+        $_clean['linksto'] = self::links_to($_clean['content']); //and check links content
 
         //cleaning config variables
         if (!empty($values['task'])) {
@@ -321,22 +326,30 @@ class Wiki
         $sql = "INSERT INTO ".$tbl_wiki." (c_id, page_id, reflink, title, content, user_id, group_id, dtime, assignment, comment, progress, version, linksto, user_ip, session_id)
                 VALUES ($course_id, '".$_clean['page_id']."','".$_clean['reflink']."','".$_clean['title']."','".$_clean['content']."','".$_clean['user_id']."','".$groupId."','".$dtime."','".$_clean['assignment']."','".$_clean['comment']."','".$_clean['progress']."','".$_clean['version']."','".$_clean['linksto']."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."', '".Database::escape_string($session_id)."')";
         Database::query($sql);
-        $Id = Database::insert_id();
 
-        if ($Id > 0) {
+        $id = Database::insert_id();
+
+        if ($id > 0) {
             //insert into item_property
-            api_item_property_update(api_get_course_info(), TOOL_WIKI, $Id, 'WikiAdded', api_get_user_id(), $groupId);
+            api_item_property_update(
+                api_get_course_info(),
+                TOOL_WIKI,
+                $id,
+                'WikiAdded',
+                api_get_user_id(),
+                $groupId
+            );
         }
 
-        if ($_clean['page_id']	==0) {
-            $sql='UPDATE '.$tbl_wiki.' SET page_id="'.$Id.'" WHERE c_id = '.$course_id.' AND id="'.$Id.'"';
+        if ($_clean['page_id']	== 0) {
+            $sql='UPDATE '.$tbl_wiki.' SET page_id="'.$id.'" WHERE c_id = '.$course_id.' AND id="'.$id.'"';
             Database::query($sql);
         }
 
         //update wiki config
-        if ($_clean['reflink']=='index' && $_clean['version']==1) {
-            $sql="INSERT INTO ".$tbl_wiki_conf." (c_id, page_id, task, feedback1, feedback2, feedback3, fprogress1, fprogress2, fprogress3, max_text, max_version, startdate_assig, enddate_assig, delayedsubmit)
-                  VALUES ($course_id, '".$Id."','".$_clean['task']."','".$_clean['feedback1']."','".$_clean['feedback2']."','".$_clean['feedback3']."','".$_clean['fprogress1']."','".$_clean['fprogress2']."','".$_clean['fprogress3']."','".$_clean['max_text']."','".$_clean['max_version']."','".$_clean['startdate_assig']."','".$_clean['enddate_assig']."','".$_clean['delayedsubmit']."')";
+        if ($values['reflink'] == 'index' && $_clean['version'] == 1 ) {
+            $sql = "INSERT INTO ".$tbl_wiki_conf." (c_id, page_id, task, feedback1, feedback2, feedback3, fprogress1, fprogress2, fprogress3, max_text, max_version, startdate_assig, enddate_assig, delayedsubmit)
+                  VALUES ($course_id, '".$id."','".$_clean['task']."','".$_clean['feedback1']."','".$_clean['feedback2']."','".$_clean['feedback3']."','".$_clean['fprogress1']."','".$_clean['fprogress2']."','".$_clean['fprogress3']."','".$_clean['max_text']."','".$_clean['max_version']."','".$_clean['startdate_assig']."','".$_clean['enddate_assig']."','".$_clean['delayedsubmit']."')";
         } else {
             $sql = 'UPDATE '.$tbl_wiki_conf.' SET
                         task="'.$_clean['task'].'",
@@ -355,10 +368,11 @@ class Wiki
                         page_id = "'.$_clean['page_id'].'" AND
                         c_id = '.$course_id;
         }
+
         Database::query($sql);
-        api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $groupId);
+        api_item_property_update($_course, 'wiki', $id, 'WikiAdded', api_get_user_id(), $groupId);
         self::check_emailcue($_clean['reflink'], 'P', $dtime, $_clean['user_id']);
-        $this->setWikiData($Id);
+        $this->setWikiData($id);
 
         return get_lang('Saved');
     }
@@ -403,8 +417,8 @@ class Wiki
         ($course_id, '".$r_page_id."','".$r_reflink."','".$r_title."','".$r_content."','".$r_user_id."','".$r_group_id."','".$r_dtime."','".$r_assignment."','".$r_comment."','".$r_progress."','".$r_version."','".$r_linksto."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."','".Database::escape_string($session_id)."')";
 
         Database::query($sql);
-        $Id = Database::insert_id();
-        api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $r_group_id);
+        $id = Database::insert_id();
+        api_item_property_update($_course, 'wiki', $id, 'WikiAdded', api_get_user_id(), $r_group_id);
         self::check_emailcue($r_reflink, 'P', $r_dtime, $r_user_id);
 
         return get_lang('PageRestored');
@@ -739,18 +753,17 @@ class Wiki
         $KeyVisibility=$row['visibility'];
 
         // second, show the last version
-        $sql = 'SELECT * FROM '.$tbl_wiki.' w , '.$tbl_wiki_conf.' wc
+        $sql = 'SELECT * FROM '.$tbl_wiki.' w INNER JOIN '.$tbl_wiki_conf.' wc
+                ON (wc.page_id = w.page_id AND wc.c_id = w.c_id)
                 WHERE
-                    wc.c_id 	  = '.$course_id.' AND
                     w.c_id 		  = '.$course_id.' AND
-                    wc.page_id	  = w.page_id AND
                     w.reflink	  = "'.Database::escape_string($pageMIX).'" AND
                     w.session_id  = '.$session_id.' AND
                     w.'.$groupfilter.'  '.$filter.'
                 ORDER BY id DESC';
 
         $result = Database::query($sql);
-        $row    = Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version
+        $row = Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version
 
         //log users access to wiki (page_id)
         if (!empty($row['page_id'])) {
@@ -1286,7 +1299,7 @@ class Wiki
                         c_id = '.$course_id.' AND
                         reflink="'.Database::escape_string($page).'" AND
                         '.$groupfilter.$condition_session;
-             //Visibility. Value to all,not only for the first
+            //Visibility. Value to all,not only for the first
             Database::query($sql);
 
             //Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page
@@ -2375,7 +2388,7 @@ class Wiki
                 WHERE
                     c_id = '.$course_id.' AND
                     is_editing="'.$isEditing.'" '.
-                    $condition_session;
+            $condition_session;
         Database::query($sql);
     }
 
@@ -3545,25 +3558,26 @@ class Wiki
             //fix index to title Main page into linksto
 
             if ($page == 'index') {
-                $page=str_replace(' ','_',get_lang('DefaultTitle'));
+                $page = str_replace(' ','_',get_lang('DefaultTitle'));
             }
 
             //table
-            if (api_is_allowed_to_edit(false,true) || api_is_platform_admin()) { //only by professors if page is hidden
+            if (api_is_allowed_to_edit(false,true) || api_is_platform_admin()) {
+                //only by professors if page is hidden
                 $sql = "SELECT * FROM ".$tbl_wiki." s1
-                        WHERE s1.c_id = $course_id AND linksto LIKE '%".Database::escape_string($page)." %' AND id=(
+                        WHERE s1.c_id = $course_id AND linksto LIKE '%".Database::escape_string($page)."%' AND id=(
                         SELECT MAX(s2.id) FROM ".$tbl_wiki." s2
                         WHERE s2.c_id = $course_id AND s1.reflink = s2.reflink AND ".$groupfilter.$condition_session.")";
                 //add blank space after like '%" " %' to identify each word
             } else {
                 $sql = "SELECT * FROM ".$tbl_wiki." s1
-                        WHERE s1.c_id = $course_id AND visibility=1 AND linksto LIKE '%".Database::escape_string($page)." %' AND id=(
+                        WHERE s1.c_id = $course_id AND visibility=1 AND linksto LIKE '%".Database::escape_string($page)."%' AND id=(
                         SELECT MAX(s2.id) FROM ".$tbl_wiki." s2
                         WHERE s2.c_id = $course_id AND s1.reflink = s2.reflink AND ".$groupfilter.$condition_session.")";
                 //add blank space after like '%" " %' to identify each word
             }
 
-            $allpages=Database::query($sql);
+            $allpages = Database::query($sql);
 
             //show table
             if (Database::num_rows($allpages) > 0) {
@@ -3900,22 +3914,22 @@ class Wiki
                         self::setMessage(Display::display_normal_message($is_being_edited, false, true));
                     } else {
                         self::setMessage(Display::display_confirmation_message(
-                                self::restore_wikipage(
-                                    $current_row['page_id'],
-                                    $current_row['reflink'],
-                                    $current_row['title'],
-                                    $current_row['content'],
-                                    $current_row['group_id'],
-                                    $current_row['assignment'],
-                                    $current_row['progress'],
-                                    $current_row['version'],
-                                    $last_row['version'],
-                                    $current_row['linksto']
-                                ).': '.
-                                api_htmlentities($last_row['title']).'',
-                                false,
-                                true
-                            ));
+                            self::restore_wikipage(
+                                $current_row['page_id'],
+                                $current_row['reflink'],
+                                $current_row['title'],
+                                $current_row['content'],
+                                $current_row['group_id'],
+                                $current_row['assignment'],
+                                $current_row['progress'],
+                                $current_row['version'],
+                                $last_row['version'],
+                                $current_row['linksto']
+                            ).': '.
+                            api_htmlentities($last_row['title']).'',
+                            false,
+                            true
+                        ));
                     }
                 }
             }
@@ -4440,27 +4454,28 @@ class Wiki
         $groupId = $this->group_id;
         $userId = api_get_user_id();
 
-        if (api_get_session_id()!=0 && api_is_allowed_to_session_edit(false,true)==false) {
+        if (api_get_session_id() != 0 && api_is_allowed_to_session_edit(false,true)==false) {
             api_not_allowed();
         }
 
         $sql = 'SELECT *
-                FROM '.$tbl_wiki.', '.$tbl_wiki_conf.'
-    		    WHERE
-                    '.$tbl_wiki.'.c_id = '.$course_id.' AND
-                    '.$tbl_wiki_conf.'.c_id = '.$course_id.' AND
-                    '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND
-                    '.$tbl_wiki.'.reflink= "'.Database::escape_string($page).'" AND
-                    '.$tbl_wiki.'.'.$groupfilter.$condition_session.'
+                FROM '.$tbl_wiki.' w INNER JOIN '.$tbl_wiki_conf.' c
+                ON  (w.c_id = c.c_id AND w.page_id = c.page_id)
+                WHERE
+    		        w.c_id = '.$course_id.' AND
+                    w.reflink= "'.Database::escape_string($page).'" AND
+                    w.'.$groupfilter.$condition_session.'
                 ORDER BY id DESC';
         $result = Database::query($sql);
         $row = Database::fetch_array($result);
+
         // we do not need a while loop since we are always displaying the last version
 
         if ($row['content']=='' AND $row['title']=='' AND $page=='') {
             self::setMessage(Display::display_error_message(get_lang('MustSelectPage'), false, true));
             return;
         } elseif ($row['content']=='' AND $row['title']=='' AND $page=='index') {
+
             //Table structure for better export to pdf
             $default_table_for_content_Start='
';
             $default_table_for_content_End='
';
@@ -4474,7 +4489,9 @@ class Wiki
         }
 
         //Only teachers and platform admin can edit the index page. Only teachers and platform admin can edit an assignment teacher. And users in groups
-        if (($row['reflink']=='index' || $row['reflink']=='' || $row['assignment']==1) && (!api_is_allowed_to_edit(false,true) && intval($_GET['group_id'])==0)) {
+        if (($row['reflink']=='index' || $row['reflink']=='' || $row['assignment']==1) &&
+            (!api_is_allowed_to_edit(false,true) && intval($_GET['group_id'])==0)
+        ) {
             self::setMessage(Display::display_error_message(get_lang('OnlyEditPagesCourseManager'), false, true));
         } else {
             $PassEdit=false;
@@ -4535,7 +4552,7 @@ class Wiki
                         $row['enddate_assig']!='0000-00-00 00:00:00' &&
                         $row['delayedsubmit']==0
                     ) {
-                        $message=get_lang('TheDeadlineHasBeenCompleted').': '.api_get_local_time($row['enddate_assig'], null, date_default_timezone_get());
+                        $message = get_lang('TheDeadlineHasBeenCompleted').': '.api_get_local_time($row['enddate_assig'], null, date_default_timezone_get());
                         self::setMessage(Display::display_warning_message($message, false, true));
                         if (!api_is_allowed_to_edit(false,true)) {
                             return;
@@ -4644,6 +4661,7 @@ class Wiki
                     $row['title'] = $title;
                     $row['page_id'] = $page_id;
                     $row['reflink'] = $page;
+                    $row['content'] = $content;
 
                     $form->setDefaults($row);
                     $form->display();
@@ -4659,6 +4677,7 @@ class Wiki
                             //prevent concurrent users and double version
                             self::setMessage(Display::display_error_message(get_lang("EditedByAnotherUser"), false, true));
                         } else {
+
                             $return_message = self::save_wiki($form->exportValues());
                             self::setMessage(Display::display_confirmation_message($return_message, false, true));
                         }