Format code, adding Database::escape_string() due recent merge.

11 years ago · e288b7776a
parent aa8b1517da
commit e288b7776a
17 changed files with 336 additions and 272 deletions
--- a/main/announcements/announcement_email.class.php
+++ b/main/announcements/announcement_email.class.php
@ -220,12 +220,16 @@ class AnnouncementEmail
     */
    public function message($receiverUserId)
    {
-
        $content = $this->announcement('content');
-        $content = stripslashes($content);
-        $content = AnnouncementManager::parse_content($content, $this->course('code'), $session_id);
        $session_id = $this->session_id;

+        $content = AnnouncementManager::parse_content(
+            $receiverUserId,
+            $content,
+            $this->course('code'),
+            $session_id
+        );
+
        $user_email = $this->sender('mail');
        //$course_param = api_get_cidreq();
        // Build the link by hand because api_get_cidreq() doesn't accept course params
@ -235,7 +239,7 @@ class AnnouncementEmail
        $result = "<div>$content</div>";

        // Adding attachment
-        $attachment = $this->attachement();
+        $attachment = $this->attachment();
        if (!empty($attachment)) {
            $result .= '<br />';
            $result .= Display::url(
@ -245,7 +249,11 @@ class AnnouncementEmail
        }

        $result .= '<hr />';
-        $sender_name = api_get_person_name($this->sender('firstName'), $this->sender('lastName'), PERSON_NAME_EMAIL_ADDRESS);
+        $sender_name = api_get_person_name(
+            $this->sender('firstName'),
+            $this->sender('lastName'),
+            PERSON_NAME_EMAIL_ADDRESS
+        );
        $result .= '<a href="mailto:'.$user_email.'">'.$sender_name.'</a><br/>';
        $result .= '<a href="'.api_get_path(WEB_CODE_PATH).'announcements/announcements.php?'.$course_param.'">'.$course_name.'</a><br/>';

@ -257,7 +265,7 @@ class AnnouncementEmail
     *
     * @return array
     */
-    public function attachement()
+    public function attachment()
    {
        $result = array();
        $tbl_announcement_attachment = Database::get_course_table(TABLE_ANNOUNCEMENT_ATTACHMENT);
--- a/main/announcements/announcements.inc.php
+++ b/main/announcements/announcements.inc.php
@ -35,6 +35,7 @@ class AnnouncementManager
     * @param int       $userId
     * @param string    $content
     * @param string    $course_code
+     * @param int       $session_id
     *
     * @return mixed
     */
@ -52,7 +53,8 @@ class AnnouncementManager
                break;
            }
        }
-        $course_link = api_get_course_url($course_code, $session_id);
+
+        $courseLink = api_get_course_url($course_code, $session_id);

        $data['user_name'] = $readerInfo['username'];
        $data['user_firstname'] = $readerInfo['firstname'];
--- a/main/inc/ajax/course.ajax.php
+++ b/main/inc/ajax/course.ajax.php
@ -131,7 +131,10 @@ switch ($action) {
                $_GET['session_id'] = '%';
            }

-            $results = SessionManager::get_course_list_by_session_id_like($_GET['session_id'], $_GET['q']);
+            $results = SessionManager::get_course_list_by_session_id_like(
+                $_GET['session_id'],
+                $_GET['q']
+            );
            $results2 = array();
            if (!empty($results)) {
                foreach ($results as $item) {
--- a/main/inc/ajax/course_home.ajax.php
+++ b/main/inc/ajax/course_home.ajax.php
@ -36,7 +36,7 @@ switch ($action) {
            $requested_view    = ($tool_visibility == 0 ) ? 'visible.gif' : 'invisible.gif';
            $requested_visible = ($tool_visibility == 0 ) ? 1 : 0;
 			//HIDE AND REACTIVATE TOOL
-			if ($_GET["id"]==strval(intval($_GET["id"]))) {
+            if ($_GET["id"] == strval(intval($_GET["id"]))) {

 				/* -- session condition for visibility
 				 if (!empty($session_id)) {
@ -66,15 +66,12 @@ switch ($action) {
 			echo json_encode($response_data);
        }
        break;
-
 	case 'show_course_information' :
-
 		$language_file = array('course_description');
 		require_once '../global.inc.php';

 		// Get the name of the database course.
 		$tbl_course_description = Database::get_course_table(TABLE_COURSE_DESCRIPTION);
-
 		$course_info = api_get_course_info($_GET['code']);

 		if ($course_info['visibility'] != COURSE_VISIBILITY_OPEN_WORLD) {
@ -85,22 +82,29 @@ switch ($action) {
 		echo Display::tag('h2', $course_info['name']);
 		echo '<br />';

-		$sql = "SELECT * FROM $tbl_course_description WHERE c_id = ".$course_info['real_id']." AND session_id = 0 ORDER BY id";
+		$sql = "SELECT * FROM $tbl_course_description
+		        WHERE c_id = ".$course_info['real_id']." AND session_id = 0
+		        ORDER BY id";
 		$result = Database::query($sql);
 		if (Database::num_rows($result) > 0 ) {
 		    while ($description = Database::fetch_object($result)) {
 			    $descriptions[$description->id] = $description;
 		    }
            // Function that displays the details of the course description in html.
-		    echo CourseManager::get_details_course_description_html($descriptions, api_get_system_encoding(), false);
+		    echo CourseManager::get_details_course_description_html(
+                $descriptions,
+                api_get_system_encoding(),
+                false
+            );
 		} else {
 		    echo get_lang('NoDescription');
 		}
 	    break;
+    case 'session_courses_lp_default':
        /**
-     * @todo this functions need to belong to a class or a special wrapper to process the AJAX petitions from the jqgrid
+         * @todo this functions need to belong to a class or a special
+         * wrapper to process the AJAX petitions from the jqgrid
         */
-    case 'session_courses_lp_default':

        require_once '../global.inc.php';
        require_once api_get_path(SYS_CODE_PATH).'newscorm/learnpathList.class.php';
@ -128,22 +132,15 @@ switch ($action) {
            }
        }

-        if(!$sidx) $sidx = 1;
+        if (!$sidx) {
+            $sidx = 1;
+        }

        $start = $limit*$page - $limit;
        $course_list    = SessionManager::get_course_list_by_session_id($session_id);
        $count = 0;

        foreach ($course_list as $item) {
-//           var_dump($course_list);Exit;
-//            if(!$item['visibility']) {
-//                echo "xxx";Exit;
-//            }
-//            if (isset($course_id) && !empty($course_id)) {
-//                if ($course_id != $item['id']) {
-//                    continue;
-//                }
-//            }
            $list               = new LearnpathList(api_get_user_id(), $item['code'], $session_id);
            $flat_list          = $list->get_flat_list();
            $lps[$item['code']] = $flat_list;
@ -334,7 +331,7 @@ switch ($action) {
            }
        }

-        if($count > 0 && $limit > 0) {
+        if ($count > 0 && $limit > 0) {
            $total_pages = ceil($count/$limit);
        } else {
            $total_pages = 0;
@ -348,10 +345,7 @@ switch ($action) {
        $response->records = $count;
        echo json_encode($response);
        break;
-
-
    case 'session_courses_lp_by_course':
-
        require_once '../global.inc.php';
        require_once api_get_path(SYS_CODE_PATH).'newscorm/learnpathList.class.php';

@ -378,10 +372,11 @@ switch ($action) {
            }
        }

-        if(!$sidx) $sidx =1;
+        if (!$sidx) {
+            $sidx = 1;
+        }

        $start = $limit*$page - $limit;
-
        $course_list = SessionManager::get_course_list_by_session_id($session_id);

        $count = 0;
@ -396,7 +391,10 @@ switch ($action) {
            $list = new LearnpathList(api_get_user_id(),$item['code'],$session_id);
            $flat_list = $list->get_flat_list();
            $lps[$item['code']] = $flat_list;
-            $item['title']      = Display::url($item['title'],api_get_path(WEB_COURSE_PATH).$item['directory'].'/?id_session='.$session_id, array('target'=>SESSION_LINK_TARGET));
+            $item['title']      = Display::url(
+                $item['title'],
+                api_get_path(WEB_COURSE_PATH).$item['directory'].'/?id_session='.$session_id, array('target'=>SESSION_LINK_TARGET)
+            );
            foreach($flat_list as $lp_id => $lp_item) {
                $temp[$count]['id']= $lp_id;
                $lp_url = api_get_path(WEB_CODE_PATH).'newscorm/lp_controller.php?cidReq='.$item['code'].'&id_session='.$session_id.'&lp_id='.$lp_id.'&action=view';
@ -430,7 +428,11 @@ switch ($action) {
                        continue;
                    }
                }
-                $temp[$count]['cell'] = array($date, $item['title'], Display::url($icons.' '.$lp_item['lp_name'], $lp_url, array('target'=>SESSION_LINK_TARGET)));
+                $temp[$count]['cell'] = array(
+                    $date,
+                    $item['title'],
+                    Display::url($icons.' '.$lp_item['lp_name'], $lp_url, array('target'=>SESSION_LINK_TARGET))
+                );
                $temp[$count]['course'] = strip_tags($item['title']);
                $temp[$count]['lp']     = $lp_item['lp_name'];
                $temp[$count]['date']   = $lp_item['publicated_on'];
@ -454,14 +456,14 @@ switch ($action) {
            }
        }

-        if($count > 0 && $limit > 0) {
-            $total_pages = ceil($count/$limit);
+        if ($count > 0 && $limit > 0) {
+            $total_pages = ceil($count / $limit);
        } else {
            $total_pages = 0;
        }
        $response->total = $total_pages;
        if ($page > $total_pages) {
-            $response->page= $total_pages;
+            $response->page = $total_pages;
        } else {
            $response->page = $page;
        }
--- a/main/inc/ajax/model.ajax.php
+++ b/main/inc/ajax/model.ajax.php
@ -761,7 +761,12 @@ switch ($action) {
            'correct',
        );

-        $result = Tracking::get_exercise_progress($sessionId, $courseId, $exerciseId, $date_from, $date_to,
+        $result = Tracking::get_exercise_progress(
+            $sessionId,
+            $courseId,
+            $exerciseId,
+            $date_from,
+            $date_to,
            array(
                'where' => $whereCondition,
                'order' => "$sidx $sord",
@ -788,8 +793,7 @@ switch ($action) {
        );
        require_once api_get_path(SYS_CODE_PATH).'newscorm/learnpathList.class.php';
        $lessons = LearnpathList::get_course_lessons($course['code'], $sessionId);
-        foreach ($lessons as $lesson_id => $lesson)
-        {
+        foreach ($lessons as $lesson_id => $lesson) {
            $columns[] = $lesson_id;
        }
        $columns[] = 'total';
@ -854,8 +858,6 @@ switch ($action) {
            'wikis',
            'surveys',
            //exercises
-            'course_description_progress',
-            //exercises
            'lessons_total' ,
            'lessons_done' ,
            'lessons_left' ,
--- a/main/inc/ajax/session.ajax.php
+++ b/main/inc/ajax/session.ajax.php
@ -26,7 +26,10 @@ switch ($action) {
        break;
    case 'search_session':
        if (api_is_platform_admin()) {
-            $results = SessionManager::get_sessions_list(array('s.name LIKE' => "%".$_REQUEST['q']."%"));
+            //$results = SessionManager::get_sessions_list(array('s.name LIKE' => "%".$_REQUEST['q']."%"));
+            $results = SessionManager::get_sessions_list(
+                array('s.name LIKE' => "%".$_REQUEST['q']."%")
+            );
            $results2 = array();
            if (!empty($results)) {
                foreach ($results as $item) {
--- a/main/inc/lib/course.lib.php
+++ b/main/inc/lib/course.lib.php
@ -1623,7 +1623,13 @@ class CourseManager
     *    @param date $date_to
     *    @return array with user id
     */
-    public static function get_student_list_from_course_code($course_code, $with_session = false, $session_id = 0, $date_from = null, $date_to = null) {
+    public static function get_student_list_from_course_code(
+        $course_code,
+        $with_session = false,
+        $session_id = 0,
+        $date_from = null,
+        $date_to = null
+    ) {
        $session_id = intval($session_id);
        $course_code = Database::escape_string($course_code);

--- a/main/inc/lib/display.lib.php
+++ b/main/inc/lib/display.lib.php
@ -1063,7 +1063,7 @@ class Display

        $json .= '});';

-        //Grouping headers option
+        // Grouping headers option
        if (isset($extra_params['groupHeaders'])) {
            $groups = '';
            foreach ($extra_params['groupHeaders'] as $group) {
--- a/main/inc/lib/events.lib.inc.php
+++ b/main/inc/lib/events.lib.inc.php
@ -1495,7 +1495,8 @@ function delete_attempt_hotspot($exe_id, $user_id, $course_code, $session_id = 0
 * @param int $user_id
 * @param int $session_id
 */
-function event_course_login($course_code, $user_id, $session_id) {
+function event_course_login($course_code, $user_id, $session_id)
+{
    global $course_tracking_table;

    //@todo use api_get_utc_datetime
@ -1506,16 +1507,16 @@ function event_course_login($course_code, $user_id, $session_id) {
    $session_id  = intval($session_id);
    $session_lifetime = 3600;

-
    //We select the last record for the current course in the course tracking table
-    $sql = "SELECT course_access_id FROM $course_tracking_table
-                            WHERE   user_id     = $user_id AND
+    $sql = "SELECT course_access_id
+            FROM $course_tracking_table
+            WHERE
+                user_id     = $user_id AND
                course_code = '$course_code' AND
                session_id  = $session_id AND
                login_course_date > '$time' - INTERVAL $session_lifetime SECOND
            ORDER BY login_course_date DESC LIMIT 0,1";
    $result = Database::query($sql);
-    //error_log(preg_replace('/\s+/',' ',$sql));

    if (Database::num_rows($result) > 0) {
        $i_course_access_id = Database::result($result,0,0);
@ -1523,12 +1524,10 @@ function event_course_login($course_code, $user_id, $session_id) {
        $sql = "UPDATE $course_tracking_table  SET logout_course_date = '$time', counter = counter+1
            WHERE course_access_id = ".intval($i_course_access_id)." AND session_id = ".$session_id;
        Database::query($sql);
-        //error_log(preg_replace('/\s+/',' ',$sql));
    } else {
        $sql="INSERT INTO $course_tracking_table (course_code, user_id, login_course_date, logout_course_date, counter, session_id)" .
            "VALUES('".$course_code."', '".$user_id."', '$time', '$time', '1','".$session_id."')";
        Database::query($sql);
-        //error_log(preg_replace('/\s+/',' ',$sql));
    }
    // Course catalog stats modifications see #4191
    CourseManager::update_course_ranking(null, null, null, null, true, false);
--- a/main/inc/lib/formvalidator/Element/select_ajax.php
+++ b/main/inc/lib/formvalidator/Element/select_ajax.php
@ -60,7 +60,7 @@ class HTML_QuickForm_Select_Ajax extends HTML_QuickForm_select
        }

        //Get the minimumInputLength for select2
-        $minimumInputLength = ($this->getAttribute('minimumInputLength') > 3)?
+        $minimumInputLength = $this->getAttribute('minimumInputLength') > 3 ?
            $this->getAttribute('minimumInputLength') :
            3
        ;
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -3223,7 +3223,7 @@ function api_get_datetime($time = null) {
 * @param int       The session ID (optional)
 * @return int      -1 on error, 0 if invisible, 1 if visible
 */
-function api_get_item_visibility($_course, $tool, $id, $session=0)
+function api_get_item_visibility($_course, $tool, $id, $session = 0)
 {
    if (!is_array($_course) || count($_course) == 0 || empty($tool) || empty($id)) {
        return -1;
@ -3242,8 +3242,11 @@ function api_get_item_visibility($_course, $tool, $id, $session=0)
            LIMIT 1";

    $res = Database::query($sql);
-    if ($res === false || Database::num_rows($res) == 0) { return -1; }
+    if ($res === false || Database::num_rows($res) == 0) {
+        return -1;
+    }
    $row = Database::fetch_array($res);
+
    return $row['visibility'];
 }

--- a/main/inc/lib/sessionmanager.lib.php
+++ b/main/inc/lib/sessionmanager.lib.php
@ -14,7 +14,6 @@
 */
 class SessionManager
 {
-
    public static $_debug = false;

    public function __construct()
@ -64,9 +63,23 @@ class SessionManager
     * @return mixed       Session ID on success, error message otherwise
     * */
    public static function create_session(
-    $sname, $syear_start, $smonth_start, $sday_start, $syear_end, $smonth_end, $sday_end, $snb_days_acess_before, $snb_days_acess_after, $nolimit, $coach_username, $id_session_category, $id_visibility, $start_limit = true, $end_limit = true, $fix_name = false
-    )
-    {
+        $sname,
+        $syear_start,
+        $smonth_start,
+        $sday_start,
+        $syear_end,
+        $smonth_end,
+        $sday_end,
+        $snb_days_acess_before,
+        $snb_days_acess_after,
+        $nolimit,
+        $coach_username,
+        $id_session_category,
+        $id_visibility,
+        $start_limit = true,
+        $end_limit = true,
+        $fix_name = false
+    ) {
        global $_configuration;

        //Check portal limits
@ -563,7 +576,7 @@ class SessionManager
        INNER JOIN $user u ON u.user_id = s.id_user
        $where $order $limit";

-        $sql_query = sprintf($sql, $course['code'], $sessionId);
+        $sql_query = sprintf($sql, Database::escape_string($course['code']), $sessionId);

        $rs = Database::query($sql_query);
        while ($user = Database::fetch_array($rs)) {
@ -594,7 +607,11 @@ class SessionManager
                    AND v.user_id = %d
            $sessionCond";

-            $sql_query = sprintf($sql, $courseId, $user['user_id'], $sessionId);
+            $sql_query = sprintf($sql,
+                intval($courseId),
+                Database::escape_string($user['user_id']),
+                $sessionId
+            );

            $result = Database::query($sql_query);

@ -678,7 +695,7 @@ class SessionManager
                INNER JOIN $user u ON u.user_id = s.id_user
                $where $order $limit";

-        $sql_query = sprintf($sql, $course['code'], $sessionId);
+        $sql_query = sprintf($sql, Database::escape_string($course['code']), $sessionId);
        $rs = Database::query($sql_query);
        while ($user = Database::fetch_array($rs)) {
            $users[$user['user_id']] = $user;
@ -703,12 +720,18 @@ class SessionManager
            //Get questions by user
            $sql = "SELECT sa.question_id, sa.option_id, sqo.option_text, sq.type
                    FROM $c_survey_answer sa
-            INNER JOIN $c_survey_question sq ON sq.question_id = sa.question_id
-            LEFT JOIN $c_survey_question_option sqo ON sqo.c_id = sa.c_id
-            AND sqo.question_id = sq.question_id
-            AND sqo.question_option_id = sa.option_id
-            AND sqo.survey_id = sq.survey_id
-            WHERE sa.survey_id = %d AND sa.c_id = %d AND sa.user = %d
+                    INNER JOIN $c_survey_question sq
+                    ON sq.question_id = sa.question_id
+                    LEFT JOIN $c_survey_question_option sqo
+                    ON
+                      sqo.c_id = sa.c_id AND
+                      sqo.question_id = sq.question_id AND
+                      sqo.question_option_id = sa.option_id AND
+                      sqo.survey_id = sq.survey_id
+                    WHERE
+                      sa.survey_id = %d AND
+                      sa.c_id = %d AND
+                      sa.user = %d
            "; //. $where_survey;
            $sql_query = sprintf($sql, $surveyId, $courseId, $user['user_id']);

@ -741,11 +764,14 @@ class SessionManager
     */
    public static function get_session_progress($sessionId, $courseId, $date_from, $date_to, $options)
    {
+        $sessionId = intval($sessionId);
+
        $getAllSessions = false;
        if (empty($sessionId)) {
            $sessionId = 0;
            $getAllSessions = true;
        }
+
        //tables
        $session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
        $user = Database::get_main_table(TABLE_MAIN_USER);
@ -771,8 +797,7 @@ class SessionManager
          // Registered students in session.
          $users = CourseManager :: get_student_list_from_course_code($course_code, true, $sessionId);
          } */
-        $where = " WHERE course_code = '%s'
-        AND s.status <> 2 ";
+        $where = " WHERE course_code = '%s' AND s.status <> 2 ";

        $limit = null;
        if (!empty($options['limit'])) {
@ -793,13 +818,16 @@ class SessionManager
        if (!empty($sessionId)) {
            $where .= ' AND id_session = %s';
            $queryVariables[] = $sessionId;
-            $sql = "SELECT u.user_id, u.lastname, u.firstname, u.username,
+            $sql = "SELECT
+                      u.user_id, u.lastname, u.firstname, u.username,
                      u.email, s.course_code, s.id_session
                    FROM $session_course_user s
-                INNER JOIN $user u ON u.user_id = s.id_user
+                    INNER JOIN $user u
+                    ON u.user_id = s.id_user
                    $where $order $limit";
        } else {
-            $sql = "SELECT u.user_id, u.lastname, u.firstname, u.username,
+            $sql = "SELECT
+                        u.user_id, u.lastname, u.firstname, u.username,
                        u.email, s.course_code, s.id_session
                    FROM $session_course_user s
                    INNER JOIN $user u ON u.user_id = s.id_user
@ -807,10 +835,6 @@ class SessionManager
        }

        $sql_query = vsprintf($sql, $queryVariables);
-
-        if (self::$_debug) {
-            error_log(preg_replace('/\s+/', ' ', $sql_query));
-        }
        $rs = Database::query($sql_query);
        while ($user = Database::fetch_array($rs)) {
            $users[$user['user_id']] = $user;
@ -819,12 +843,8 @@ class SessionManager
        /**
         *  Lessons
         */
-        $sql = "SELECT * FROM $tbl_course_lp
-        WHERE c_id = %s ";  //AND session_id = %s
+        $sql = "SELECT * FROM $tbl_course_lp WHERE c_id = %s ";  //AND session_id = %s
        $sql_query = sprintf($sql, $course['real_id']);
-        if (self::$_debug) {
-            error_log(preg_replace('/\s+/', ' ', $sql_query));
-        }
        $result = Database::query($sql_query);
        $arrLesson = array(array());
        while ($row = Database::fetch_array($result)) {
@ -867,9 +887,6 @@ class SessionManager
        }

        $sql_query = sprintf($sql, $course['real_id'], $sessionId);
-        if (self::$_debug) {
-            error_log(preg_replace('/\s+/', ' ', $sql_query));
-        }
        $result = Database::query($sql_query);
        $row = Database::fetch_array($result);
        $assignments_total = $row['count'];
@ -885,9 +902,6 @@ class SessionManager
                WHERE c_id = %s and session_id = %s";
        }
        $sql_query = sprintf($sql, $course['real_id'], $sessionId);
-        if (self::$_debug) {
-            error_log(preg_replace('/\s+/', ' ', $sql_query));
-        }
        $result = Database::query($sql_query);
        $row = Database::fetch_array($result);
        $wiki_total = $row['count'];
@ -920,14 +934,10 @@ class SessionManager
            where f.c_id = %s and f.session_id = %s";
        }
        $sql_query = sprintf($sql, $course['real_id'], $sessionId);
-        if (self::$_debug) {
-            error_log(preg_replace('/\s+/', ' ', $sql_query));
-        }
        $result = Database::query($sql_query);
        $row = Database::fetch_array($result);
        $forums_total = $row['count'];

-
        //process table info
        foreach ($users as $user) {
            //Course description
@ -938,9 +948,7 @@ class SessionManager
            AND access_session_id = %s
            AND access_user_id = %s ";
            $sql_query = sprintf($sql, $course['code'], $user['id_session'], $user['user_id']);
-            if (self::$_debug) {
-                error_log(preg_replace('/\s+/', ' ', $sql_query));
-            }
+
            $result = Database::query($sql_query);
            $row = Database::fetch_array($result);
            $course_description_progress = ($row['count'] > 0) ? 100 : 0;
@ -978,9 +986,6 @@ class SessionManager
            FROM $wiki
            where c_id = %s and session_id = %s and user_id = %s";
            $sql_query = sprintf($sql, $course['real_id'], $user['id_session'], $user['user_id']);
-            if (self::$_debug) {
-                error_log(preg_replace('/\s+/', ' ', $sql_query));
-            }
            $result = Database::query($sql_query);
            $row = Database::fetch_array($result);
            $wiki_revisions = $row['count'];
@ -993,9 +998,6 @@ class SessionManager
            AND default_value_type = 'wiki_page_id'
            AND c_id = %s";
            $sql_query = sprintf($sql, $user['user_id'], $course['code'], $course['real_id']);
-            if (self::$_debug) {
-                error_log(preg_replace('/\s+/', ' ', $sql_query));
-            }
            $result = Database::query($sql_query);
            $row = Database::fetch_array($result);

@ -1023,9 +1025,7 @@ class SessionManager
            INNER JOIN $forum f ON f.forum_id = p.forum_id
            WHERE p.poster_id = %s and f.session_id = %s and p.c_id = %s";
            $sql_query = sprintf($sql, $user['user_id'], $user['id_session'], $course['real_id']);
-            if (self::$_debug) {
-                error_log(preg_replace('/\s+/', ' ', $sql_query));
-            }
+
            $result = Database::query($sql_query);
            $row = Database::fetch_array($result);

@ -2182,7 +2182,6 @@ class SessionManager
     */
    public static function get_sessions_list($conditions = array(), $order_by = array())
    {
-
        $session_table = Database::get_main_table(TABLE_MAIN_SESSION);
        $session_category_table = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY);
        $user_table = Database::get_main_table(TABLE_MAIN_USER);
@ -2214,9 +2213,6 @@ class SessionManager
        if (count($order_by) > 0) {
            $sql_query .= ' ORDER BY ' . Database::escape_string(implode(',', $order_by));
        }
-        if (self::$_debug) {
-            error_log(preg_replace('/\s+/', ' ', $sql_query));
-        }
        $sql_result = Database::query($sql_query);
        if (Database::num_rows($sql_result) > 0) {
            while ($result = Database::fetch_array($sql_result)) {
@ -2661,7 +2657,8 @@ class SessionManager
        $course_name = Database::escape_string($course_name);

        // select the courses
-        $sql = "SELECT * FROM $tbl_course c INNER JOIN $tbl_session_rel_course src ON c.code = src.course_code
+        $sql = "SELECT * FROM $tbl_course c INNER JOIN $tbl_session_rel_course src
+                ON c.code = src.course_code
 		        WHERE src.id_session LIKE '$session_id'";
        if (!empty($course_name)) {
            $sql .= " AND UPPER(c.title) LIKE UPPER('%$course_name%') ";
--- a/main/inc/lib/tracking.lib.php
+++ b/main/inc/lib/tracking.lib.php
@ -564,15 +564,22 @@ class Tracking
     *                              1 for active <> -1
     *                              0 for active <> 0
     * @param int $into_lp  1 for all exercises
-     *                      0 for whitout LP
+     *                      0 for without LP
     * @internal param \Student $mixed id
     * @internal param \Course $string code
     * @internal param \Exercise $int id (optional), filtered by exercise
     * @internal param \Session $int id (optional), if param $session_id is null it'll return results including sessions, 0 = session is not filtered
     * @return   string    value (number %) Which represents a round integer about the score average.
     */
-    public static function get_avg_student_exercise_score($student_id, $course_code, $exercise_id = 0, $session_id = null)
-    {
+    public static function get_avg_student_exercise_score(
+        $student_id,
+        $course_code,
+        $exercise_id = 0,
+        $session_id = null,
+        $active_filter = 1,
+        $into_lp = 0
+    ) {
+        $course_code = Database::escape_string($course_code);
    	$course_info = api_get_course_info($course_code);
    	if (!empty($course_info)) {
    		// table definition
@ -613,8 +620,10 @@ class Tracking

    		if (!empty($count_quiz[0]) && !empty($student_id)) {
    			if (is_array($student_id)) {
-    				$condition_user = " AND exe_user_id IN (".implode(',',$student_id).") ";
+                    $student_id = array_map('intval', $student_id);
+    				$condition_user = " AND exe_user_id IN (".implode(',', $student_id).") ";
    			} else {
+                    $student_id = intval($student_id);
    				$condition_user = " AND exe_user_id = '$student_id' ";
    			}

@ -636,10 +645,13 @@ class Tracking

    			$count_quiz = Database::fetch_row(Database::query($sql));

-    			$sql = "SELECT SUM(exe_result/exe_weighting*100) as avg_score, COUNT(*) as num_attempts
+    			$sql = "SELECT
+    			        SUM(exe_result/exe_weighting*100) as avg_score,
+    			        COUNT(*) as num_attempts
    			        $select_lp_id
                        FROM $tbl_stats_exercise
-                        WHERE exe_exo_id IN ('".$exercise_id."')
+                        WHERE
+                            exe_exo_id IN ('".$exercise_id."')
                            $condition_user AND
                            status = '' AND
                            exe_cours_id = '$course_code'
@ -667,7 +679,9 @@ class Tracking
                    if (!empty($row['lp_id'])) {
                        $tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
                        $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
-                        $sql = "SELECT lp.name FROM $tbl_lp as lp, $tbl_course as c WHERE
+                        $sql = "SELECT lp.name
+                                FROM $tbl_lp as lp, $tbl_course as c
+                                WHERE
                                    c.code = '$course_code' AND
                                    lp.id = ".$row['lp_id']." AND
                                    lp.c_id = c.id
@ -704,17 +718,22 @@ class Tracking
     * @internal param \Learning $int path item id (optional), for showing attempts inside a learning path $lp_id and $lp_item_id params are required.
     * @return  int     count of attempts
     */
-    public static function count_student_exercise_attempts($student_id, $course_code, $exercise_id, $lp_id = 0, $lp_item_id = 0, $session_id = 0, $find_all_lp = 0) {
+    public static function count_student_exercise_attempts(
+        $student_id,
+        $course_code,
+        $exercise_id,
+        $lp_id = 0,
+        $lp_item_id = 0,
+        $session_id = 0,
+        $find_all_lp = 0
+    ) {
    	$course_code = Database::escape_string($course_code);
    	$student_id  = intval($student_id);
    	$exercise_id = intval($exercise_id);
    	$session_id  = intval($session_id);
-    	$count_attempts = 0;
-
-    	if (!empty($lp_id)) $lp_id = intval($lp_id);
-    	if (!empty($lp_item_id)) $lp_id = intval($lp_item_id);
-

+    	$lp_id = intval($lp_id);
+        $lp_item_id = intval($lp_item_id);
    	$tbl_stats_exercices = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES);

    	$sql = "SELECT COUNT(ex.exe_id) as essais FROM $tbl_stats_exercices AS ex
@ -811,10 +830,14 @@ class Tracking
    static function get_teachers_progress_by_course($courseId, $sessionId)
    {
        $course = api_get_course_info_by_id($courseId);
+        $sessionId = intval($sessionId);
+        $courseId = intval($courseId);
+
        //get teachers
        $sql = "SELECT scu.id_session, scu.id_user, s.name
                FROM session_rel_course_rel_user scu, session s
-                WHERE scu.id_session = s.id
+                WHERE
+                    scu.id_session = s.id
                    AND scu.status = 2
                    AND scu.visibility = 1
                    AND scu.course_code = '%s'
@ -838,7 +861,7 @@ class Tracking
                $teacher['id_user'],
                $teacher['id_session']
            );
-   //error_log($query);
+
            $rs = Database::query($query);
            $totalDocuments = 0;
            if ($rs) {
@ -954,6 +977,7 @@ class Tracking
                'announcements' => $totalAnnouncements,
            );
        }
+
        return $data;
    }

@ -971,6 +995,8 @@ class Tracking
    public static function get_avg_student_progress($student_id, $course_code = null, $lp_ids = array(), $session_id = null, $return_array = false)
    {
        $conditions = array();
+        $session_id = intval($session_id);
+
    	// Get the information of the course.
    	$course_info = api_get_course_info($course_code);
    	if (!empty($course_info)) {
@ -3823,8 +3849,14 @@ class Tracking
     * @param   array   $options    An array of options you can pass to the query (limit, where and order)
     * @return array An array with the data of exercise(s) progress
     */
-    public static function get_exercise_progress($sessionId = 0, $courseId = 0, $exerciseId = 0, $date_from, $date_to, $options = array())
-    {
+    public static function get_exercise_progress(
+        $sessionId = 0,
+        $courseId = 0,
+        $exerciseId = 0,
+        $date_from = null,
+        $date_to = null,
+        $options = array()
+    ) {
        $sessionId  = intval($sessionId);
        $courseId   = intval($courseId);
        $exerciseId = intval($exerciseId);
@ -3976,8 +4008,11 @@ class Tracking
            $sqlQuestions = "SELECT tq.c_id, tq.id as question_id, tq.question, tqa.id_auto,
                            tqa.answer, tqa.correct, tq.position, tqa.id_auto as answer_id
                            FROM $tquiz_question tq, $tquiz_answer tqa
-                               WHERE tqa.question_id =tq.id and tqa.c_id = tq.c_id
-                                 AND tq.c_id = $courseIdx AND tq.id IN (".implode(',',$questionIds).")";
+                            WHERE
+                                tqa.question_id = tq.id AND
+                                tqa.c_id = tq.c_id AND
+                                tq.c_id = $courseIdx AND
+                                tq.id IN (".implode(',', $questionIds).")";

            $resQuestions = Database::query($sqlQuestions);
            $answer = array();
@ -3992,7 +4027,6 @@ class Tracking
                    'correct' => $rowQuestion['correct']
                );
                $question[$questionId]['question'] = $rowQuestion['question'];
-                
            }

            // Now fill users data
--- a/main/inc/local.inc.php
+++ b/main/inc/local.inc.php
@ -374,7 +374,6 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
                                    }
                                }
                            } else {
-                                //error_log('Loggedin');
                                ConditionalLogin::check_conditions($uData);
                                $_user['user_id'] = $uData['user_id'];
                                $_user['status']  = $uData['status'];
@ -763,7 +762,6 @@ if (isset($cidReset) && $cidReset) {
                //Course login
                if (isset($_user['user_id'])) {
                    event_course_login($_course['code'], $_user['user_id'], api_get_session_id());
-                    error_log(__FILE__);
                }
            }
        } else {
@ -892,12 +890,10 @@ if (isset($cidReset) && $cidReset) {
                        $sql = "UPDATE $course_tracking_table  SET logout_course_date = '$time', counter = counter+1
                                WHERE course_access_id = ".intval($i_course_access_id)." AND session_id = ".api_get_session_id();
                        Database::query($sql);
-                        //error_log(preg_replace('/\s+/',' ',$sql));
                    } else {
                        $sql="INSERT INTO $course_tracking_table (course_code, user_id, login_course_date, logout_course_date, counter, session_id)" .
                            "VALUES('".$course_code."', '".$_user['user_id']."', '$time', '$time', '1','".api_get_session_id()."')";
                        Database::query($sql);
-                        //error_log(preg_replace('/\s+/',' ',$sql));
                    }
                }
            }
--- a/main/mySpace/myStudents.php
+++ b/main/mySpace/myStudents.php
@ -886,7 +886,7 @@ if (empty($_GET['details'])) {
 		if (Database :: num_rows($result_exercices) > 0) {
 			while ($exercices = Database :: fetch_array($result_exercices)) {
 				$exercise_id = intval($exercices['id']);
-                $lp_name = '';
+
 				$count_attempts   = Tracking::count_student_exercise_attempts($student_id, $course_code, $exercise_id, 0, 0, $session_id, 2);
 				$score_percentage = Tracking::get_avg_student_exercise_score($student_id, $course_code, $exercise_id, $session_id, 1, 0);

@ -897,19 +897,20 @@ if (empty($_GET['details'])) {
                } else {
                    $lp_name = '-';
                }
-                $lp_name = (!empty($lp_name))? $lp_name: get_lang('NoLearnpath');
+                $lp_name = !empty($lp_name) ? $lp_name : get_lang('NoLearnpath');
 				$csv_content[] = array (
 					$exercices['title'],
 					$score_percentage . '%',
 					$count_attempts
-
 				);

-				if ($i % 2) $css_class = 'row_odd';
-				else $css_class = 'row_even';
+                if ($i % 2) {
+                    $css_class = 'row_odd';
+                } else {
+                    $css_class = 'row_even';
+                }

 				echo '<tr class="'.$css_class.'"><td>'.$exercices['title'].'</td>';
-
                echo '<td>';

                if (!empty($lp_name)) {
@ -919,7 +920,6 @@ if (empty($_GET['details'])) {
                }

                echo '</td>';
-
                echo '<td>';

 				if ($count_attempts > 0) {
--- a/main/mySpace/myspace.lib.php
+++ b/main/mySpace/myspace.lib.php
@ -1,19 +1,15 @@
 <?php
 /* For licensing terms, see /license.txt */
-/**
- * MySpace class definition
- * @package chamilo.reporting
- */
-/**
- * Init
- */
+
 require_once api_get_path(LIBRARY_PATH).'export.lib.inc.php';
 require_once api_get_path(LIBRARY_PATH).'tracking.lib.php';
+
 /**
- * MySpace class definition
+ * Class MySpace
+ * @package chamilo.reporting
 */
-class MySpace {
-
+class MySpace
+{
 	/**
 	 * This function serves exporting data in CSV format.
 	 * @param array $header			The header labels.
@ -60,8 +56,8 @@ class MySpace {
 	 * @param	int		Session id (optional, default = 0)
 	 * @return 	array   Conections
 	 */
-	static function get_connections_to_course($user_id, $course_code, $session_id = 0) {
-
+	static function get_connections_to_course($user_id, $course_code, $session_id = 0)
+    {
 		// Database table definitions
 	    $tbl_track_course 	= Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS);

@ -351,7 +347,15 @@ class MySpace {
     * @return  string  HTML array of results formatted for gridJS
     * @author César Perales <cesar.perales@beeznest.com>, Beeznest Team
     */
-    static function display_tracking_exercise_progress_overview($sessionId = 0, $courseId = 0, $exerciseId = 0, $date_from, $date_to) {
+    static function display_tracking_exercise_progress_overview(
+        $sessionId = 0,
+        $courseId = 0,
+        $exerciseId = 0,
+        $date_from = null,
+        $date_to = null
+    ) {
+        $date_from = Security::remove_XSS($date_from);
+        $date_to = Security::remove_XSS($date_to);
        /**
         * Column names
         * The column order is important. Check $column variable in the main/inc/ajax/model.ajax.php file
@ -393,10 +397,10 @@ class MySpace {
        // jqgrid will use this URL to do the selects
        $url = api_get_path(WEB_AJAX_PATH).'model.ajax.php?a=get_exercise_progress&session_id=' . $sessionId . '&course_id=' . $courseId  . '&exercise_id=' . $exerciseId . '&date_to=' . $date_to . '&date_from=' . $date_from;

-        //Autowidth
+        // Autowidth
        $extra_params['autowidth'] = 'true';

-        //height auto
+        // height auto
        $extra_params['height'] = 'auto';

        $tableId = 'exerciseProgressOverview';
@ -534,9 +538,8 @@ class MySpace {
     * Display a sortable table that contains an overview off all the progress of the user in a session
     * @author César Perales <cesar.perales@beeznest.com>, Beeznest Team
     */
-    function display_survey_overview($sessionId = 0, $courseId = 0, $surveyId = 0, $date_from, $date_to) {
-
-        $course = api_get_course_info_by_id($courseId);
+    function display_survey_overview($sessionId = 0, $courseId = 0, $surveyId = 0, $date_from, $date_to)
+    {
        /**
         * Column name
         * The order is important you need to check the $column variable in the model.ajax.php file
@ -549,8 +552,7 @@ class MySpace {
        //add lessons of course
        $questions = survey_manager::get_questions($surveyId, $courseId);

-        foreach ($questions as $question_id => $question)
-        {
+        foreach ($questions as $question) {
            $columns[] = $question['question'];
        }

@ -563,9 +565,14 @@ class MySpace {
            array('name'=>'lastname',   'index'=>'lastname',    'align'=>'left', 'search' => 'true'),
        );
        //get dinamic column names
-        foreach ($questions as $question_id => $question)
-        {
-            $column_model[] = array('name'=> $question_id,   'index'=>$question_id,    'width'=>'70',   'align'=>'left', 'search' => 'true');
+        foreach ($questions as $question_id => $question) {
+            $column_model[] = array(
+                'name'=> $question_id,
+                'index'=>$question_id,
+                'width'=>'70',
+                'align'=>'left',
+                'search' => 'true'
+            );
        }

        $action_links = '';
@ -595,14 +602,16 @@ class MySpace {
                });
            });</script>';
        $return .= Display::grid_html($tableId);
+
        return $return;
    }
+
    /**
     * Display a sortable table that contains an overview off all the progress of the user in a session
     * @author César Perales <cesar.perales@beeznest.com>, Beeznest Team
     */
-    static function display_tracking_progress_overview($sessionId = 0, $courseId = 0,  $date_from, $date_to) {
-
+    static function display_tracking_progress_overview($sessionId = 0, $courseId = 0,  $date_from, $date_to)
+    {
       //The order is important you need to check the the $column variable in the model.ajax.php file
        $columns = array(
            get_lang('LastName'),
--- a/main/newscorm/lp_stats.php
+++ b/main/newscorm/lp_stats.php
@ -48,7 +48,7 @@ $course_id = $course_info['real_id'];
 if (isset($_GET['student_id'])) {
    $student_id = intval($_GET['student_id']);
 }
-$session_id = ($_GET['id_session'])? intval($_GET['id_session']) : api_get_session_id();
+$session_id = isset($_GET['id_session']) ? intval($_GET['id_session']) : api_get_session_id();
 $session_condition = api_get_session_condition($session_id);

 //When origin is not set that means that the lp_stats are viewed from the "man running" icon