Cleaning wiki code

skala
Julio Montoya 15 years ago
parent cd69a1ca8e
commit df95075491
  1. 125
      main/wiki/index.php
  2. 65
      main/wiki/wiki.inc.php

@ -1,39 +1,17 @@
<?php <?php
/* For licensing terms, see /license.txt */
/*
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2004-2008 Dokeos SPRL
Copyright (c) 2003 Ghent University (UGent)
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact address: Dokeos, rue du Corbeau, 108, B-1030 Brussels, Belgium
Mail: info@dokeos.com
==============================================================================
*/
/** /**
* The Dokeos wiki is a further development of the CoolWiki plugin. * The Chamilo wiki is a further development of the CoolWiki plugin.
* *
* @Author Patrick Cool <patrick.cool@UGent.be>, Ghent University, Belgium * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University, Belgium
* @Author Juan Carlos Raña <herodoto@telefonica.net> * @author Juan Carlos Raña <herodoto@telefonica.net>
* @Copyright Ghent University * @copyright Ghent University
* @Copyright Patrick Cool * @copyright Patrick Cool
* *
* @package dokeos.wiki * @package chamilo.wiki
*/ */
// name of the language file that needs to be included // name of the language file that needs to be included
$language_file = 'wiki'; $language_file = 'wiki';
@ -90,9 +68,7 @@ $tbl_wiki_discuss = Database::get_course_table(TABLE_WIKI_DISCUSS);
$tbl_wiki_mailcue = Database::get_course_table(TABLE_WIKI_MAILCUE); $tbl_wiki_mailcue = Database::get_course_table(TABLE_WIKI_MAILCUE);
$tbl_wiki_conf = Database::get_course_table(TABLE_WIKI_CONF); $tbl_wiki_conf = Database::get_course_table(TABLE_WIKI_CONF);
/* /*
-----------------------------------------------------------
Constants and variables Constants and variables
-----------------------------------------------------------
*/ */
$tool_name = get_lang('ToolWiki'); $tool_name = get_lang('ToolWiki');
@ -103,58 +79,45 @@ $MonthsLong = array (get_lang("JanuaryLong"), get_lang("FebruaryLong"), get_lang
$condition_session = api_get_session_condition($session_id); $condition_session = api_get_session_condition($session_id);
/* /*
----------------------------------------------------------
ACCESS ACCESS
-----------------------------------------------------------
*/ */
api_protect_course_script(); api_protect_course_script();
api_block_anonymous_users(); api_block_anonymous_users();
/* /*
-----------------------------------------------------------
TRACKING TRACKING
-----------------------------------------------------------
*/ */
event_access_tool(TOOL_WIKI); event_access_tool(TOOL_WIKI);
/* /*
-----------------------------------------------------------
HEADER & TITLE HEADER & TITLE
-----------------------------------------------------------
*/ */
// If it is a group wiki then the breadcrumbs will be different. // If it is a group wiki then the breadcrumbs will be different.
if ($_SESSION['_gid'] OR $_GET['group_id']) { if ($_SESSION['_gid'] OR $_GET['group_id']) {
if (isset($_SESSION['_gid'])) { if (isset($_SESSION['_gid'])) {
$_clean['group_id']=(int)$_SESSION['_gid']; $_clean['group_id']=intval($_SESSION['_gid']);
} }
if (isset($_GET['group_id'])) { if (isset($_GET['group_id'])) {
$_clean['group_id']=(int)Database::escape_string($_GET['group_id']); $_clean['group_id']=intval($_GET['group_id']);
} }
$group_properties = GroupManager :: get_group_properties($_clean['group_id']); $group_properties = GroupManager :: get_group_properties($_clean['group_id']);
$interbreadcrumb[] = array ("url" => "../group/group.php", "name" => get_lang('Groups')); $interbreadcrumb[] = array ("url" => "../group/group.php", "name" => get_lang('Groups'));
$interbreadcrumb[] = array ("url"=>"../group/group_space.php?gidReq=".$_SESSION['_gid'], "name"=> get_lang('GroupSpace').' ('.$group_properties['name'].')'); $interbreadcrumb[] = array ("url"=>"../group/group_space.php?gidReq=".$_clean['group_id'], "name"=> get_lang('GroupSpace').' ('.$group_properties['name'].')');
$add_group_to_title = ' ('.$group_properties['name'].')'; $add_group_to_title = ' ('.$group_properties['name'].')';
$groupfilter='group_id="'.$_clean['group_id'].'"'; $groupfilter='group_id="'.$_clean['group_id'].'"';
//ensure this tool in groups whe it's private or deactivated //ensure this tool in groups whe it's private or deactivated
if ($group_properties['wiki_state']==0) if ($group_properties['wiki_state']==0) {
{
echo api_not_allowed(); echo api_not_allowed();
} } elseif ($group_properties['wiki_state']==2) {
elseif ($group_properties['wiki_state']==2) if (!api_is_allowed_to_edit(false,true) and !GroupManager :: is_user_in_group($_user['user_id'], $_SESSION['_gid'])) {
{
if (!api_is_allowed_to_edit(false,true) and !GroupManager :: is_user_in_group($_user['user_id'], $_SESSION['_gid']))
{
echo api_not_allowed(); echo api_not_allowed();
} }
} }
} else {
}
else
{
$groupfilter='group_id=0'; $groupfilter='group_id=0';
} }
@ -165,82 +128,58 @@ $is_allowed_to_edit = api_is_allowed_to_edit(false,true);
//api_display_tool_title($tool_name.$add_group_to_title); //api_display_tool_title($tool_name.$add_group_to_title);
/* /*
-----------------------------------------------------------
INITIALISATION INITIALISATION
-----------------------------------------------------------
*/ */
//the page we are dealing with //the page we are dealing with
if (!isset($_GET['title'])){ if (!isset($_GET['title'])) {
$page = 'index';
$page='index'; } else {
} $page = Security::remove_XSS($_GET['title']);
else
{
$page=Security::remove_XSS($_GET['title']);
} }
// some titles are not allowed // some titles are not allowed
// $not_allowed_titles=array("Index", "RecentChanges","AllPages", "Categories"); //not used for now // $not_allowed_titles=array("Index", "RecentChanges","AllPages", "Categories"); //not used for now
/* /*
==============================================================================
MAIN CODE MAIN CODE
==============================================================================
*/ */
// Tool introduction // Tool introduction
Display::display_introduction_section(TOOL_WIKI); Display::display_introduction_section(TOOL_WIKI);
/* /*
-----------------------------------------------------------
ACTIONS ACTIONS
-----------------------------------------------------------
*/ */
//release of blocked pages to prevent concurrent editions //release of blocked pages to prevent concurrent editions
$sql='SELECT * FROM '.$tbl_wiki.'WHERE is_editing!="0" '.$condition_session; $sql='SELECT * FROM '.$tbl_wiki.'WHERE is_editing!="0" '.$condition_session;
$result=Database::query($sql); $result=Database::query($sql);
while ($is_editing_block=Database::fetch_array($result)) while ($is_editing_block=Database::fetch_array($result)) {
{ $max_edit_time = 1200; // 20 minutes
$max_edit_time=1200; // 20 minutes $timestamp_edit = strtotime($is_editing_block['time_edit']);
$timestamp_edit=strtotime($is_editing_block['time_edit']); $time_editing = time()-$timestamp_edit;
$time_editing=time()-$timestamp_edit;
//first prevent concurrent users and double version //first prevent concurrent users and double version
if($is_editing_block['is_editing']==$_user['user_id']) if($is_editing_block['is_editing']==$_user['user_id']) {
{
$_SESSION['_version']=$is_editing_block['version']; $_SESSION['_version']=$is_editing_block['version'];
} } else {
else
{
unset ( $_SESSION['_version'] ); unset ( $_SESSION['_version'] );
} }
//second checks if has exceeded the time that a page may be available or if a page was edited and saved by its author //second checks if has exceeded the time that a page may be available or if a page was edited and saved by its author
if ($time_editing>$max_edit_time || ($is_editing_block['is_editing']==$_user['user_id'] && $_GET['action']!='edit')) if ($time_editing>$max_edit_time || ($is_editing_block['is_editing']==$_user['user_id'] && $_GET['action']!='edit')) {
{
$sql='UPDATE '.$tbl_wiki.' SET is_editing="0", time_edit="0000-00-00 00:00:00" WHERE is_editing="'.$is_editing_block['is_editing'].'" '.$condition_session; $sql='UPDATE '.$tbl_wiki.' SET is_editing="0", time_edit="0000-00-00 00:00:00" WHERE is_editing="'.$is_editing_block['is_editing'].'" '.$condition_session;
Database::query($sql); Database::query($sql);
} }
} }
// saving a change // saving a change
if (isset($_POST['SaveWikiChange']) AND $_POST['title']<>'') if (isset($_POST['SaveWikiChange']) AND $_POST['title']<>'') {
{ if(empty($_POST['title'])) {
if(empty($_POST['title']))
{
Display::display_error_message(get_lang("NoWikiPageTitle")); Display::display_error_message(get_lang("NoWikiPageTitle"));
} } elseif(!double_post($_POST['wpost_id'])) {
elseif(!double_post($_POST['wpost_id']))
{
//double post //double post
} } elseif ($_POST['version']!='' && $_SESSION['_version']!=0 && $_POST['version']!=$_SESSION['_version']) {
elseif ($_POST['version']!='' && $_SESSION['_version']!=0 && $_POST['version']!=$_SESSION['_version'])
{
//prevent concurrent users and double version //prevent concurrent users and double version
Display::display_error_message(get_lang("EditedByAnotherUser")); Display::display_error_message(get_lang("EditedByAnotherUser"));
} }
@ -404,8 +343,7 @@ if ($_GET['action']=='deletewiki'){
} }
if ($_GET['action']=='discuss' && $_POST['Submit']) if ($_GET['action']=='discuss' && $_POST['Submit']) {
{
Display::display_confirmation_message(get_lang('CommentAdded')); Display::display_confirmation_message(get_lang('CommentAdded'));
} }
@ -2266,8 +2204,7 @@ if ($_GET['action']=='discuss')
</form> </form>
<?php <?php
if (isset($_POST['Submit']) && double_post($_POST['wpost_id'])) if (isset($_POST['Submit']) && double_post($_POST['wpost_id'])) {
{
$dtime = date( "Y-m-d H:i:s" ); $dtime = date( "Y-m-d H:i:s" );
$message_author=api_get_user_id(); $message_author=api_get_user_id();

@ -1,25 +1,5 @@
<?php <?php
/* /* For licensing terms, see /license.txt */
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2004-2008 Dokeos SPRL
Copyright (c) 2003 Ghent University (UGent)
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact address: Dokeos, rue du Corbeau, 108, B-1030 Brussels, Belgium
Mail: info@dokeos.com
==============================================================================
*/
/** /**
* The Dokeos wiki is a further development of the CoolWiki plugin. * The Dokeos wiki is a further development of the CoolWiki plugin.
@ -29,13 +9,11 @@
* @Copyright Ghent University * @Copyright Ghent University
* @Copyright Patrick Cool * @Copyright Patrick Cool
* *
* @package dokeos.wiki * @package chamilo.wiki
*/ */
/* /*
==============================================================================
FUNCTIONS FOR WIKI FUNCTIONS FOR WIKI
==============================================================================
*/ */
@ -330,25 +308,25 @@ function save_wiki() {
$_clean['fprogress3']=Database::escape_string(Security::remove_XSS($_POST['fprogress3'])); $_clean['fprogress3']=Database::escape_string(Security::remove_XSS($_POST['fprogress3']));
} }
if(Security::remove_XSS($_POST['initstartdate']==1)) if(Security::remove_XSS($_POST['initstartdate']==1))
{ {
$_clean['startdate_assig']=Database::escape_string(Security::remove_XSS(get_date_from_select('startdate_assig'))); $_clean['startdate_assig']=Database::escape_string(Security::remove_XSS(get_date_from_select('startdate_assig')));
} }
else else
{ {
$_clean['startdate_assig']=Database::escape_string(Security::remove_XSS($_POST['startdate_assig'])); $_clean['startdate_assig']=Database::escape_string(Security::remove_XSS($_POST['startdate_assig']));
} }
if(Security::remove_XSS($_POST['initenddate']==1)) if(Security::remove_XSS($_POST['initenddate']==1))
{ {
$_clean['enddate_assig']=Database::escape_string(Security::remove_XSS(get_date_from_select('enddate_assig'))); $_clean['enddate_assig']=Database::escape_string(Security::remove_XSS(get_date_from_select('enddate_assig')));
} }
else else
{ {
$_clean['enddate_assig']=Database::escape_string(Security::remove_XSS($_POST['enddate_assig'])); $_clean['enddate_assig']=Database::escape_string(Security::remove_XSS($_POST['enddate_assig']));
} }
$_clean['delayedsubmit']=Database::escape_string(Security::remove_XSS($_POST['delayedsubmit'])); $_clean['delayedsubmit']=Database::escape_string(Security::remove_XSS($_POST['delayedsubmit']));
if(!empty($_POST['max_text']) || !empty($_POST['max_version'])) if(!empty($_POST['max_text']) || !empty($_POST['max_version']))
{ {
@ -383,11 +361,8 @@ function save_wiki() {
$sql='UPDATE'.$tbl_wiki_conf.' SET task="'.$_clean['task'].'", feedback1="'.$_clean['feedback1'].'", feedback2="'.$_clean['feedback2'].'", feedback3="'.$_clean['feedback3'].'", fprogress1="'.$_clean['fprogress1'].'", fprogress2="'.$_clean['fprogress2'].'", fprogress3="'.$_clean['fprogress3'].'", max_text="'.$_clean['max_text'].'", max_version="'.$_clean['max_version'].'", startdate_assig="'.$_clean['startdate_assig'].'", enddate_assig="'.$_clean['enddate_assig'].'", delayedsubmit="'.$_clean['delayedsubmit'].'" WHERE page_id="'.$_clean['page_id'].'"'; $sql='UPDATE'.$tbl_wiki_conf.' SET task="'.$_clean['task'].'", feedback1="'.$_clean['feedback1'].'", feedback2="'.$_clean['feedback2'].'", feedback3="'.$_clean['feedback3'].'", fprogress1="'.$_clean['fprogress1'].'", fprogress2="'.$_clean['fprogress2'].'", fprogress3="'.$_clean['fprogress3'].'", max_text="'.$_clean['max_text'].'", max_version="'.$_clean['max_version'].'", startdate_assig="'.$_clean['startdate_assig'].'", enddate_assig="'.$_clean['enddate_assig'].'", delayedsubmit="'.$_clean['delayedsubmit'].'" WHERE page_id="'.$_clean['page_id'].'"';
} }
Database::query($sql); Database::query($sql);
api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $_clean['group_id']); api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $_clean['group_id']);
check_emailcue($_clean['reflink'], 'P', $dtime, $_clean['user_id']); check_emailcue($_clean['reflink'], 'P', $dtime, $_clean['user_id']);
return get_lang('ChangesStored'); return get_lang('ChangesStored');
} }
@ -397,9 +372,7 @@ function save_wiki() {
**/ **/
function restore_wikipage($r_page_id, $r_reflink, $r_title, $r_content, $r_group_id, $r_assignment, $r_progress, $c_version, $r_version, $r_linksto) function restore_wikipage($r_page_id, $r_reflink, $r_title, $r_content, $r_group_id, $r_assignment, $r_progress, $c_version, $r_version, $r_linksto)
{ {
global $tbl_wiki, $_course; global $tbl_wiki, $_course;
$r_user_id= api_get_user_id(); $r_user_id= api_get_user_id();
$r_dtime = date( "Y-m-d H:i:s" ); $r_dtime = date( "Y-m-d H:i:s" );
$r_version = $r_version+1; $r_version = $r_version+1;

Loading…
Cancel
Save