chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove Database::escape_string() without quotes to avoid SQL injections - partial - refs #7440

Browse Source
1.9.x
Yannick Warnier 11 years ago
parent c5dccb4a6a
commit e01f044d58
13 changed files with 66 additions and 66 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/inc/lib/add_courses_to_session_functions.lib.php
  2. 28
      main/inc/lib/blog.lib.php
  3. 4
      main/inc/lib/classmanager.lib.php
  4. 10
      main/inc/lib/course.lib.php
  5. 10
      main/inc/lib/course_category.lib.php
  6. 2
      main/inc/lib/course_request.lib.php
  7. 22
      main/inc/lib/document.lib.php
  8. 4
      main/inc/lib/events.lib.inc.php
  9. 6
      main/inc/lib/extra_field_value.lib.php
  10. 14
      main/inc/lib/glossary.lib.php
  11. 2
      main/inc/lib/group_portal_manager.lib.php
  12. 24
      main/inc/lib/groupmanager.lib.php
  13. 2
      whoisonline.php

4
main/inc/lib/add_courses_to_session_functions.lib.php
Unescape View File

@ -31,10 +31,10 @@ class AddCourseToSession
$cond_course_code = '';
if (!empty($id_session)) {
$id_session = Database::escape_string($id_session);
$id_session = intval($id_session);
// check course_code from session_rel_course table
$sql = 'SELECT course_code FROM '.$tbl_session_rel_course.'
WHERE id_session ="'.(int)$id_session.'"';
WHERE id_session = '.$id_session;
$res = Database::query($sql);
$course_codes = '';
if (Database::num_rows($res) > 0) {

28
main/inc/lib/blog.lib.php
Unescape View File

@ -165,7 +165,7 @@ class Blog {
$this_blog_id = Database::insert_id();
//update item_property (update)
api_item_property_update(api_get_course_info(), TOOL_BLOGS, Database::escape_string($blog_id), 'BlogUpdated', api_get_user_id());
api_item_property_update(api_get_course_info(), TOOL_BLOGS, intval($blog_id), 'BlogUpdated', api_get_user_id());
// Update course homepage link
$sql = "UPDATE $tbl_tool SET name = '".Database::escape_string($title)."' WHERE c_id = $course_id AND link = 'blog/blog.php?blog_id=".Database::escape_string((int)$blog_id)."' LIMIT 1";
@ -217,7 +217,7 @@ class Blog {
Database::query($sql);
//update item_property (delete)
api_item_property_update(api_get_course_info(), TOOL_BLOGS, Database::escape_string($blog_id), 'delete', api_get_user_id());
api_item_property_update(api_get_course_info(), TOOL_BLOGS, intval($blog_id), 'delete', api_get_user_id());
}
/**
@ -278,7 +278,7 @@ class Blog {
// Storing the attachments if any
if ($result) {
$sql='INSERT INTO '.$blog_table_attachment.'(c_id, filename,comment, path, post_id,size, blog_id,comment_id) '.
"VALUES ($course_id, '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$last_post_id."', '".intval($_FILES['user_upload']['size'])."', '".$blog_id."', '0' )";
"VALUES ($course_id, '".Database::escape_string($file_name)."', '".$comment."', '".Database::escape_string($new_file_name)."' , '".$last_post_id."', '".intval($_FILES['user_upload']['size'])."', '".$blog_id."', '0' )";
$result=Database::query($sql);
$message.=' / '.get_lang('AttachmentUpload');
}
@ -404,7 +404,7 @@ class Blog {
if ($result)
{
$sql='INSERT INTO '.$blog_table_attachment.'(c_id, filename,comment, path, post_id,size,blog_id,comment_id) '.
"VALUES ($course_id, '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$post_id."', '".$_FILES['user_upload']['size']."', '".$blog_id."', '".$last_id."' )";
"VALUES ($course_id, '".Database::escape_string($file_name)."', '".$comment."', '".Database::escape_string($new_file_name)."' , '".$post_id."', '".$_FILES['user_upload']['size']."', '".$blog_id."', '".$last_id."' )";
$result=Database::query($sql);
$message.=' / '.get_lang('AttachmentUpload');
}
@ -423,9 +423,9 @@ class Blog {
// Init
$tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS);
$tbl_blogs_rating = Database::get_course_table(TABLE_BLOGS_RATING);
$blog_id = Database::escape_string($blog_id);
$post_id = Database::escape_string($post_id);
$comment_id = Database::escape_string($comment_id);
$blog_id = intval($blog_id);
$post_id = intval($post_id);
$comment_id = intval($comment_id);
$course_id = api_get_course_int_id();
@ -2713,9 +2713,9 @@ function get_blog_attachment($blog_id, $post_id=null,$comment_id=null)
{
$blog_table_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT);
$blog_id = Database::escape_string($blog_id);
$comment_id = Database::escape_string($comment_id);
$post_id = Database::escape_string($post_id);
$blog_id = intval($blog_id);
$comment_id = intval($comment_id);
$post_id = intval($post_id);
$row=array();
$where='';
if (!empty ($post_id) && is_numeric($post_id)) {
@ -2754,9 +2754,9 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
global $_course;
$blog_table_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT);
$blog_id = Database::escape_string($blog_id);
$comment_id = Database::escape_string($comment_id);
$post_id = Database::escape_string($post_id);
$blog_id = intval($blog_id);
$comment_id = intval($comment_id);
$post_id = intval($post_id);
$course_id = api_get_course_int_id();
@ -2836,7 +2836,7 @@ function get_blog_post_from_user($course_code, $user_id) {
function get_blog_comment_from_user($course_code, $user_id) {
$tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$tbl_blog_comment = Database::get_course_table(TABLE_BLOGS_COMMENTS);
$user_id = Database::escape_string($user_id);
$user_id = intval($user_id);
$course_info = api_get_course_info($course_code);
$course_id = $course_info['real_id'];

4
main/inc/lib/classmanager.lib.php
Unescape View File

@ -160,7 +160,7 @@ class ClassManager
$tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$sql = "INSERT IGNORE INTO $tbl_course_class SET course_code = '".Database::escape_string($course_code)."', class_id = '".Database::escape_string($class_id)."'";
Database::query($sql);
$sql = "SELECT user_id FROM $tbl_class_user WHERE class_id = '".Database::escape_string($class_id)."'";
$sql = "SELECT user_id FROM $tbl_class_user WHERE class_id = '".intval($class_id)."'";
$res = Database::query($sql);
while ($user = Database::fetch_object($res)) {
CourseManager :: subscribe_user($user->user_id, $course_code);
@ -181,7 +181,7 @@ class ClassManager
$single_class_users = Database::query($sql);
while ($single_class_user = Database::fetch_object($single_class_users))
{
$sql = "SELECT * FROM $tbl_class_user WHERE class_id = '".Database::escape_string($class_id)."' AND user_id = '".Database::escape_string($single_class_user->user_id)."'";
$sql = "SELECT * FROM $tbl_class_user WHERE class_id = '".intval($class_id)."' AND user_id = '".Database::escape_string($single_class_user->user_id)."'";
$res = Database::query($sql);
if (Database::num_rows($res) > 0)
{

10
main/inc/lib/course.lib.php
Unescape View File

@ -253,7 +253,7 @@ class CourseManager
if (!in_array($orderdirection, array('ASC', 'DESC'))) {
$sql .= 'ASC';
} else {
$sql .= Database::escape_string($orderdirection);
$sql .= ($orderdirection == 'ASC'?'ASC':'DESC');
}
if (!empty($howmany) && is_int($howmany) and $howmany > 0) {
@ -263,7 +263,7 @@ class CourseManager
}
if (!empty($from)) {
$from = intval($from);
$sql .= ' OFFSET '.Database::escape_string($from);
$sql .= ' OFFSET '.intval($from);
} else {
$sql .= ' OFFSET 0';
}
@ -301,7 +301,7 @@ class CourseManager
{
$result = Database::fetch_array(Database::query(
"SELECT status FROM ".Database::get_main_table(TABLE_MAIN_COURSE_USER)."
WHERE course_code = '".Database::escape_string($course_code)."' AND user_id = ".Database::escape_string($user_id))
WHERE course_code = '".Database::escape_string($course_code)."' AND user_id = ".intval($user_id))
);
return $result['status'];
@ -316,7 +316,7 @@ class CourseManager
{
$result = Database::fetch_array(Database::query(
"SELECT tutor_id FROM ".Database::get_main_table(TABLE_MAIN_COURSE_USER)."
WHERE course_code = '".Database::escape_string($course_code)."' AND user_id = ".Database::escape_string($user_id))
WHERE course_code = '".Database::escape_string($course_code)."' AND user_id = ".intval($user_id))
);
return $result['tutor_id'];
@ -3868,7 +3868,7 @@ class CourseManager
global $_user;
$output = array();
$table_category = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$sql = "SELECT * FROM ".$table_category." WHERE user_id='".Database::escape_string($_user['user_id'])."'";
$sql = "SELECT * FROM ".$table_category." WHERE user_id='".intval($_user['user_id'])."'";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
$output[$row['id']] = $row['title'];

10
main/inc/lib/course_category.lib.php
Unescape View File

@ -101,7 +101,7 @@ function addNode($code, $name, $canHaveCourses, $parent_id)
$tbl_category = Database::get_main_table(TABLE_MAIN_CATEGORY);
$code = trim(Database::escape_string($code));
$name = trim(Database::escape_string($name));
$parent_id = Database::escape_string($parent_id);
$parent_id = intval($parent_id);
$canHaveCourses = Database::escape_string($canHaveCourses);
$code = generate_course_code($code);
@ -220,7 +220,7 @@ function moveNodeUp($code, $tree_pos, $parent_id)
$tbl_category = Database::get_main_table(TABLE_MAIN_CATEGORY);
$code = Database::escape_string($code);
$tree_pos = Database::escape_string($tree_pos);
$parent_id = Database::escape_string($parent_id);
$parent_id = intval($parent_id);
$sql = "SELECT code,tree_pos
FROM $tbl_category
WHERE parent_id " . (empty($parent_id) ? "IS NULL" : "='$parent_id'") . " AND tree_pos<'$tree_pos'
@ -246,11 +246,11 @@ function moveNodeUp($code, $tree_pos, $parent_id)
* @param $cpt
* @return mixed
*/
function compterFils($pere, $cpt)
function compterFils($parent, $cpt)
{
$tbl_category = Database::get_main_table(TABLE_MAIN_CATEGORY);
$pere = Database::escape_string($pere);
$result = Database::query("SELECT code FROM $tbl_category WHERE parent_id='$pere'");
$parent = intval($parent);
$result = Database::query("SELECT code FROM $tbl_category WHERE parent_id='$parent'");
while ($row = Database::fetch_array($result)) {
$cpt = compterFils($row['code'], $cpt);

2
main/inc/lib/course_request.lib.php
Unescape View File

@ -299,7 +299,7 @@ class CourseRequestManager
objetives = "%s", target_audience = "%s", status = "%s", info = "%s", exemplary_content = "%s"
WHERE id = '.$id, Database::get_main_table(TABLE_MAIN_COURSE_REQUEST),
Database::escape_string($code),
Database::escape_string($user_id),
intval($user_id),
Database::escape_string($directory),
Database::escape_string($db_name),
Database::escape_string($course_language),

22
main/inc/lib/document.lib.php
Unescape View File

@ -983,7 +983,7 @@ class DocumentManager
{
$TABLE_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
$course_id = $_course['real_id'];
$document_id = Database::escape_string($document_id);
$document_id = intval($document_id);
$sql = "SELECT filetype FROM $TABLE_DOCUMENT
WHERE c_id = $course_id AND id= $document_id";
$result = Database::fetch_array(Database::query($sql), 'ASSOC');
@ -1467,7 +1467,7 @@ class DocumentManager
'" . Database::escape_string($title) . "',
'" . Database::escape_string($description) . "',
'" . Database::escape_string($course_code) . "',
'" . Database::escape_string($user_id) . "',
'" . intval($user_id) . "',
'" . Database::escape_string($document_id_for_template) . "',
'" . Database::escape_string($image) . "')";
Database::query($sql);
@ -1486,8 +1486,8 @@ class DocumentManager
{
$table_template = Database::get_main_table(TABLE_MAIN_TEMPLATES);
$course_code = Database::escape_string($course_code);
$user_id = Database::escape_string($user_id);
$document_id = Database::escape_string($document_id);
$user_id = intval($user_id);
$document_id = intval($document_id);
$sql = 'SELECT id FROM ' . $table_template . '
WHERE
@ -1718,13 +1718,13 @@ class DocumentManager
$tbl_category = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY);
$session_id = api_get_session_id();
if ($session_id == 0 || is_null($session_id)) {
$sql_session = 'AND (session_id=' . Database::escape_string($session_id) . ' OR isnull(session_id)) ';
$sql_session = 'AND (session_id=' . intval($session_id) . ' OR isnull(session_id)) ';
} elseif ($session_id > 0) {
$sql_session = 'AND session_id=' . Database::escape_string($session_id);
$sql_session = 'AND session_id=' . intval($session_id);
} else {
$sql_session = '';
}
$sql = 'UPDATE ' . $tbl_category . ' SET document_id="' . Database::escape_string($document_id) . '"
$sql = 'UPDATE ' . $tbl_category . ' SET document_id="' . intval($document_id) . '"
WHERE course_code="' . Database::escape_string($course_id) . '" ' . $sql_session;
Database::query($sql);
}
@ -1739,9 +1739,9 @@ class DocumentManager
$tbl_category = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY);
$session_id = api_get_session_id();
if ($session_id == 0 || is_null($session_id)) {
$sql_session = 'AND (session_id=' . Database::escape_string($session_id) . ' OR isnull(session_id)) ';
$sql_session = 'AND (session_id=' . intval($session_id) . ' OR isnull(session_id)) ';
} elseif ($session_id > 0) {
$sql_session = 'AND session_id=' . Database::escape_string($session_id);
$sql_session = 'AND session_id=' . intval($session_id);
} else {
$sql_session = '';
}
@ -1911,9 +1911,9 @@ class DocumentManager
$tbl_category = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY);
$session_id = api_get_session_id();
if ($session_id == 0 || is_null($session_id)) {
$sql_session = 'AND (session_id=' . Database::escape_string($session_id) . ' OR isnull(session_id)) ';
$sql_session = 'AND (session_id=' . intval($session_id) . ' OR isnull(session_id)) ';
} elseif ($session_id > 0) {
$sql_session = 'AND session_id=' . Database::escape_string($session_id);
$sql_session = 'AND session_id=' . intval($session_id);
} else {
$sql_session = '';
}

4
main/inc/lib/events.lib.inc.php
Unescape View File

@ -1613,8 +1613,8 @@ function event_send_mail($event_name, $params)
*/
function check_if_mail_already_sent($event_name, $user_from, $user_to = null) {
$event_name = Database::escape_string($event_name);
$user_to = Database::escape_string($user_to);
$user_from = Database::escape_string($user_from);
$user_to = intval($user_to);
$user_from = intval($user_from);
if ($user_to == null) {
$sql = 'SELECT COUNT(*) as total FROM ' . Database::get_main_table(TABLE_EVENT_SENT) . '
WHERE user_from = '.$user_from.' AND event_type_name = "'.$event_name.'"';

6
main/inc/lib/extra_field_value.lib.php
Unescape View File

@ -384,7 +384,7 @@ class ExtraFieldValue extends Model
public function get_values_by_handler_and_field_id($item_id, $field_id, $transform = false)
{
$field_id = intval($field_id);
$item_id = Database::escape_string($item_id);
$item_id = intval($item_id);
$sql = "SELECT s.*, field_type FROM {$this->table} s
INNER JOIN {$this->table_handler_field} sf ON (s.field_id = sf.id)
@ -466,7 +466,7 @@ class ExtraFieldValue extends Model
*/
public function get_values_by_handler_and_field_variable($item_id, $field_variable, $transform = false)
{
$item_id = Database::escape_string($item_id);
$item_id = intval($item_id);
$field_variable = Database::escape_string($field_variable);
$sql = "SELECT s.*, field_type FROM {$this->table} s
@ -637,7 +637,7 @@ class ExtraFieldValue extends Model
public function delete_values_by_handler_and_field_id($item_id, $field_id)
{
$field_id = intval($field_id);
$item_id = Database::escape_string($item_id);
$item_id = intval($item_id);
$sql = "DELETE FROM {$this->table}
WHERE {$this->handler_id} = '$item_id' AND field_id = '".$field_id."' ";
Database::query($sql);

14
main/inc/lib/glossary.lib.php
Unescape View File

@ -44,7 +44,7 @@ class GlossaryManager
$glossary_table = Database::get_course_table(TABLE_GLOSSARY);
$course_id = api_get_course_int_id();
$sql = "SELECT description FROM $glossary_table
WHERE c_id = $course_id AND glossary_id =".Database::escape_string($glossary_id);
WHERE c_id = $course_id AND glossary_id =".intval($glossary_id);
$rs=Database::query($sql);
if (Database::num_rows($rs) > 0) {
$row = Database::fetch_array($rs);
@ -63,7 +63,7 @@ class GlossaryManager
public static function get_glossary_term_by_glossary_name ($glossary_name)
{
$glossary_table = Database::get_course_table(TABLE_GLOSSARY);
$session_id = intval($session_id);
$session_id = api_get_session_id();
$course_id = api_get_course_int_id();
$sql_filter = api_get_session_condition($session_id);
$sql = 'SELECT description FROM '.$glossary_table.'
@ -161,7 +161,7 @@ class GlossaryManager
description = '".Database::escape_string($values['glossary_comment'])."'
WHERE
c_id = $course_id AND
glossary_id = ".Database::escape_string($values['glossary_id']);
glossary_id = ".intval($values['glossary_id']);
$result = Database::query($sql);
if ($result === false) {
return false;
@ -170,7 +170,7 @@ class GlossaryManager
api_item_property_update(
api_get_course_info(),
TOOL_GLOSSARY,
Database::escape_string($values['glossary_id']),
intval($values['glossary_id']),
'GlossaryUpdated',
api_get_user_id()
);
@ -287,11 +287,11 @@ class GlossaryManager
if (empty($glossary_id)) { return false; }
$sql = "DELETE FROM $t_glossary WHERE c_id = $course_id AND glossary_id='".Database::escape_string($glossary_id)."'";
$sql = "DELETE FROM $t_glossary WHERE c_id = $course_id AND glossary_id='".intval($glossary_id)."'";
$result = Database::query($sql);
if ($result === false or Database::affected_rows() < 1) { return false; }
//update item_property (delete)
api_item_property_update(api_get_course_info(), TOOL_GLOSSARY, Database::escape_string($glossary_id), 'delete', api_get_user_id());
api_item_property_update(api_get_course_info(), TOOL_GLOSSARY, intval($glossary_id), 'delete', api_get_user_id());
// reorder the remaining terms
GlossaryManager::reorder_glossary();
@ -538,7 +538,7 @@ class GlossaryManager
$i = 1;
while ($data = Database::fetch_array($res)) {
$sql = "UPDATE $t_glossary SET display_order = $i
WHERE c_id = $course_id AND glossary_id = '".Database::escape_string($data['glossary_id'])."'";
WHERE c_id = $course_id AND glossary_id = '".intval($data['glossary_id'])."'";
Database::query($sql);
$i++;
}

2
main/inc/lib/group_portal_manager.lib.php
Unescape View File

@ -113,7 +113,7 @@ class GroupPortalManager
{
$id = intval($id);
$table = Database :: get_main_table(TABLE_MAIN_GROUP);
$sql = "DELETE FROM $table WHERE id = ".Database::escape_string($id);
$sql = "DELETE FROM $table WHERE id = ".intval($id);
$result = Database::query($sql);
// Deleting all relationship with users and groups
self::delete_users($id);

24
main/inc/lib/groupmanager.lib.php
Unescape View File

@ -116,7 +116,7 @@ class GroupManager
$sql .= " WHERE 1=1 ";
if ($category != null) {
$sql .= " AND g.category_id = '".Database::escape_string($category)."' ";
$sql .= " AND g.category_id = '".intval($category)."' ";
$session_condition = api_get_session_condition($session_id);
if (!empty($session_condition)) {
$sql .= $session_condition;
@ -595,7 +595,7 @@ class GroupManager
$table_forum = Database :: get_course_table(TABLE_FORUM);
$categoryId = intval($categoryId);
$group_id = Database::escape_string($group_id);
$group_id = intval($group_id);
$course_id = api_get_course_int_id();
$sql = "UPDATE ".$table_group." SET
@ -680,7 +680,7 @@ class GroupManager
}
$course_info = api_get_course_info($course_code);
$course_id = $course_info['real_id'];
$id = Database::escape_string($id);
$id = intval($id);
$table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY);
$sql = "SELECT * FROM $table_group_cat
WHERE c_id = $course_id AND id = $id LIMIT 1";
@ -735,7 +735,7 @@ class GroupManager
$course_info = api_get_course_info($course_code);
$course_id = $course_info['real_id'];
$group_id = Database::escape_string($group_id);
$group_id = intval($group_id);
$sql = "SELECT gc.* FROM $table_group_cat gc, $table_group g
WHERE
gc.c_id = $course_id AND
@ -763,7 +763,7 @@ class GroupManager
$table_group = Database:: get_course_table(TABLE_GROUP);
$table_group_cat = Database:: get_course_table(TABLE_GROUP_CATEGORY);
$cat_id = Database::escape_string($cat_id);
$cat_id = intval($cat_id);
$sql = "SELECT id FROM $table_group
WHERE c_id = $course_id AND category_id='".$cat_id."'";
$res = Database::query($sql);
@ -878,7 +878,7 @@ class GroupManager
$groups_per_user
) {
$table_group_category = Database::get_course_table(TABLE_GROUP_CATEGORY);
$id = Database::escape_string($id);
$id = intval($id);
$course_id = api_get_course_int_id();
@ -940,7 +940,7 @@ class GroupManager
AND gu.c_id = g.c_id
AND gu.group_id = g.id ';
if ($category_id != null) {
$category_id = Database::escape_string($category_id);
$category_id = intval($category_id);
$sql .= ' AND g.category_id = '.$category_id;
}
$sql .= ' GROUP BY gu.user_id ORDER BY current_max DESC LIMIT 1';
@ -957,8 +957,8 @@ class GroupManager
public static function swap_category_order($id1, $id2)
{
$table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY);
$id1 = Database::escape_string($id1);
$id2 = Database::escape_string($id2);
$id1 = intval($id1);
$id2 = intval($id2);
$course_id = api_get_course_int_id();
$sql = "SELECT id,display_order FROM $table_group_cat
@ -997,7 +997,7 @@ class GroupManager
$group_user_table = Database :: get_course_table(TABLE_GROUP_USER);
$user_table = Database :: get_main_table(TABLE_MAIN_USER);
$group_id = Database::escape_string($group_id);
$group_id = intval($group_id);
if (empty($courseId)) {
$courseId = api_get_course_int_id();
} else {
@ -1266,7 +1266,7 @@ class GroupManager
public static function number_of_students($group_id, $course_id = null)
{
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
$group_id = Database::escape_string($group_id);
$group_id = intval($group_id);
if (empty($course_id)) {
$course_id = api_get_course_int_id();
} else {
@ -1287,7 +1287,7 @@ class GroupManager
public static function maximum_number_of_students($group_id)
{
$table_group = Database :: get_course_table(TABLE_GROUP);
$group_id = Database::escape_string($group_id);
$group_id = intval($group_id);
$course_id = api_get_course_int_id();
$db_result = Database::query("SELECT max_student FROM $table_group WHERE c_id = $course_id AND id = $group_id");
$db_object = Database::fetch_object($db_result);

2
whoisonline.php
Unescape View File

@ -100,7 +100,7 @@ if ($_GET['chatid'] != '') {
$time = date("Y-m-d H:i:s", $time);
$chatid = intval($_GET['chatid']);
if ($_GET['chatid'] == strval(intval($_GET['chatid']))) {
$sql = "update $track_user_table set chatcall_user_id = '".Database::escape_string($_user['user_id'])."', chatcall_date = '".Database::escape_string($time)."', chatcall_text = '' where (user_id = ".(int)Database::escape_string($chatid).")";
$sql = "update $track_user_table set chatcall_user_id = ".intval($_user['user_id']).", chatcall_date = '".Database::escape_string($time)."', chatcall_text = '' where (user_id = ".(int)Database::escape_string($chatid).")";
$result = Database::query($sql);
//redirect caller to chat
header("Location: ".api_get_path(WEB_CODE_PATH)."chat/chat.php?".api_get_cidreq()."&origin=whoisonline&target=".Security::remove_XSS($chatid));

Write Preview
Loading…
Cancel
Save