[svn r20795] minor - logic changes - replace COURSEMANAGER by COURSEMANAGERLOWSECURITY in test tool - (partial FS#3909)

main/exercice/answer.class.php

@@ -23,7 +23,7 @@
 *	5 arrays are created to receive the attributes of each answer belonging to a specified question
 * 	@package dokeos.exercise
 * 	@author Olivier Brouckaert
-* 	@version $Id: answer.class.php 20776 2009-05-18 12:43:44Z pcool $
+* 	@version $Id: answer.class.php 20795 2009-05-18 18:05:02Z iflorespaz $
 */
 
 
@@ -401,8 +401,8 @@ class Answer
 		$questionId=$this->questionId;
 
 		$sql = "UPDATE $TBL_REPONSES SET " .
-				"answer = '".Database::escape_string(Security::remove_XSS(api_html_entity_decode($answer),COURSEMANAGER))."', " .
-				"comment = '".Database::escape_string(Security::remove_XSS(api_html_entity_decode($comment),COURSEMANAGER))."', " .
+				"answer = '".Database::escape_string(Security::remove_XSS(api_html_entity_decode($answer),COURSEMANAGERLOWSECURITY))."', " .
+				"comment = '".Database::escape_string(Security::remove_XSS(api_html_entity_decode($comment),COURSEMANAGERLOWSECURITY))."', " .
 				"ponderation = '".Database::escape_string($weighting)."', " .
 				"position = '".Database::escape_string($position)."', " .
 				"destination = '".Database::escape_string($destination)."' " .
@@ -434,9 +434,9 @@ class Answer
 
 		for($i=1;$i <= $this->new_nbrAnswers;$i++)
 		{
-			$answer					= Database::escape_string(Security::remove_XSS(api_html_entity_decode($this->new_answer[$i]),COURSEMANAGER));
+			$answer					= Database::escape_string(Security::remove_XSS(api_html_entity_decode($this->new_answer[$i]),COURSEMANAGERLOWSECURITY));
 			$correct				= Database::escape_string($this->new_correct[$i]);
-			$comment				= Database::escape_string(Security::remove_XSS(api_html_entity_decode($this->new_comment[$i]),COURSEMANAGER));
+			$comment				= Database::escape_string(Security::remove_XSS(api_html_entity_decode($this->new_comment[$i]),COURSEMANAGERLOWSECURITY));
 			$weighting				= Database::escape_string($this->new_weighting[$i]);
 			$position				= Database::escape_string($this->new_position[$i]);
 			$hotspot_coordinates	= Database::escape_string($this->new_hotspot_coordinates[$i]);
@@ -484,9 +484,9 @@ class Answer
 
 			for($i=1;$i <= $this->nbrAnswers;$i++)
 			{
-				$answer					= Database::escape_string(Security::remove_XSS(api_html_entity_decode($this->answer[$i]),COURSEMANAGER));
+				$answer					= Database::escape_string(Security::remove_XSS(api_html_entity_decode($this->answer[$i]),COURSEMANAGERLOWSECURITY));
 				$correct				= Database::escape_string($this->correct[$i]);
-				$comment				= Database::escape_string(Security::remove_XSS(api_html_entity_decode($this->comment[$i]),COURSEMANAGER));
+				$comment				= Database::escape_string(Security::remove_XSS(api_html_entity_decode($this->comment[$i]),COURSEMANAGERLOWSECURITY));
 				$weighting				= Database::escape_string($this->weighting[$i]);
 				$position				= Database::escape_string($this->position[$i]);
 				$hotspot_coordinates	= Database::escape_string($this->hotspot_coordinates[$i]);

main/exercice/exercise.class.php

@@ -25,7 +25,7 @@
 *	Exercise class: This class allows to instantiate an object of type Exercise
 *	@package dokeos.exercise
 * 	@author Olivier Brouckaert
-* 	@version $Id: exercise.class.php 20788 2009-05-18 16:18:01Z iflorespaz $
+* 	@version $Id: exercise.class.php 20795 2009-05-18 18:05:02Z iflorespaz $
 */
 
 
@@ -540,7 +540,7 @@ class Exercise
 		if($id) {
 		/*
 		title='".Database::escape_string(Security::remove_XSS($exercise))."',
-		description='".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGER))."'";
+		description='".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGERLOWSECURITY))."'";
 		*/
 			$sql="UPDATE $TBL_EXERCICES SET 
 						title='".Database::escape_string($exercise)."',
@@ -578,7 +578,7 @@ class Exercise
 		} else {
 			//is anonymous user
 			$cond1=Database::escape_string(Security::remove_XSS($exercise));
-			$cond2=Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGER));		
+			$cond2=Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGERLOWSECURITY));		
 		}*/
 			$sql="INSERT INTO $TBL_EXERCICES(start_time,end_time,title,description,sound,type,random,active, results_disabled, max_attempt,feedback_type) 
 					VALUES(

main/exercice/exercise_result.php

@@ -29,7 +29,7 @@
 *	@author Olivier Brouckaert, main author
 *	@author Roan Embrechts, some refactoring
 * 	@author Julio Montoya Armas switchable fill in blank option added
-* 	@version $Id: exercise_result.php 20776 2009-05-18 12:43:44Z pcool $
+* 	@version $Id: exercise_result.php 20795 2009-05-18 18:05:02Z iflorespaz $
 *
 *	@todo	split more code up in functions, move functions to library?
 */
@@ -370,7 +370,7 @@ function display_fill_in_blanks_answer($answer)
 	?>
 		<tr>
 		<td>
-			<?php echo Security::remove_XSS($answer,COURSEMANAGER); ?>
+			<?php echo Security::remove_XSS($answer,COURSEMANAGERLOWSECURITY); ?>
 		</td>
 		</tr>
 	<?php
@@ -381,7 +381,7 @@ function display_free_answer($answer)
 	?>
 		<tr>
 		<td width="55%">
-			<?php echo nl2br(Security::remove_XSS($answer,COURSEMANAGER)); ?>
+			<?php echo nl2br(Security::remove_XSS($answer,COURSEMANAGERLOWSECURITY)); ?>
 		</td>
    <td width="45%">
     <?php echo get_lang('notCorrectedYet');?>

main/exercice/exercise_show.php

@@ -4,7 +4,7 @@
 *
 *	@package dokeos.exercise
 * 	@author Julio Montoya Armas Added switchable fill in blank option added
-* 	@version $Id: exercise_show.php 20776 2009-05-18 12:43:44Z pcool $
+* 	@version $Id: exercise_show.php 20795 2009-05-18 18:05:02Z iflorespaz $
 *
 * 	@todo remove the debug code and use the general debug library
 * 	@todo use the Database:: functions
@@ -263,7 +263,7 @@ function display_fill_in_blanks_answer($answer,$id,$questionId)
 	?>
 		<tr>
 		<td>
-			<?php echo Security::remove_XSS($answer,COURSEMANAGER); ?>
+			<?php echo Security::remove_XSS($answer,COURSEMANAGERLOWSECURITY); ?>
 		</td><?php
 		if(!api_is_allowed_to_edit()) {?>
 			<td>
@@ -286,7 +286,7 @@ function display_free_answer($answer,$id,$questionId) {
 	?>
 		<tr>
 		<td>
-			<?php echo nl2br(Security::remove_XSS($answer,COURSEMANAGER)); ?>
+			<?php echo nl2br(Security::remove_XSS($answer,COURSEMANAGERLOWSECURITY)); ?>
 		</td> <?php if(!api_is_allowed_to_edit()) {?>
         <td>
         <?php        

main/exercice/question.class.php

@@ -1,4 +1,4 @@
-<?php // $Id: question.class.php 20776 2009-05-18 12:43:44Z pcool $
+<?php // $Id: question.class.php 20795 2009-05-18 18:05:02Z iflorespaz $
  
 /*
 ==============================================================================
@@ -28,7 +28,7 @@
 *	File containing the Question class.
 *	@package dokeos.exercise
 * 	@author Olivier Brouckaert
-* 	@version $Id: question.class.php 20776 2009-05-18 12:43:44Z pcool $
+* 	@version $Id: question.class.php 20795 2009-05-18 18:05:02Z iflorespaz $
 */
 
 
@@ -591,7 +591,7 @@ abstract class Question
 		if(!empty($id)) {
 			$sql="UPDATE $TBL_QUESTIONS SET 
 					question 	='".Database::escape_string(Security::remove_XSS($question))."',
-					description	='".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGER))."',
+					description	='".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGERLOWSECURITY))."',
 					ponderation	='".Database::escape_string($weighting)."',
 					position	='".Database::escape_string($position)."',
 					type		='".Database::escape_string($type)."',
@@ -622,7 +622,7 @@ abstract class Question
 			
 			$sql="INSERT INTO $TBL_QUESTIONS(question,description,ponderation,position,type,picture,level) VALUES(
 					'".Database::escape_string(Security::remove_XSS($question))."',
-					'".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGER))."',
+					'".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGERLOWSECURITY))."',
 					'".Database::escape_string($weighting)."',
 					'".Database::escape_string($position)."',
 					'".Database::escape_string($type)."',