chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r20765] improve security

Browse Source 
improve navigation
form consistency
skala
Patrick Cool 16 years ago
parent fdc318b54f
commit e43376d0a2
5 changed files with 30 additions and 22 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      main/newscorm/learnpath.class.php
  2. 2
      main/newscorm/lp_add.php
  3. 10
      main/newscorm/lp_build.php
  4. 32
      main/newscorm/lp_edit.php
  5. 2
      main/upload/form.scorm.php

6
main/newscorm/learnpath.class.php
Unescape View File

@ -4445,10 +4445,11 @@ class learnpath {
$gradebook=Security::remove_XSS($_GET['gradebook']);
$return .= '<div class="actions">';
$return .= '<a href="' .api_get_self(). '?cidReq=' . $_GET['cidReq'] . '&amp;gradebook='.$gradebook.'&amp;action=build&amp;lp_id=' . $this->lp_id . '" title="'.get_lang("Build").'">'.Display::return_icon('learnpath_build.gif', get_lang('Build')).' '.get_lang('Build').'</a>';
$return .= '<a href="' .api_get_self(). '?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&amp;gradebook='.$gradebook.'&amp;action=build&amp;lp_id=' . $this->lp_id . '" title="'.get_lang("Build").'">'.Display::return_icon('learnpath_build.gif', get_lang('Build')).' '.get_lang('Build').'</a>';
$return .= '<span>'.Display::return_icon('learnpath_organize_na.gif', get_lang("BasicOverview")).' <b>'.get_lang('BasicOverview').'</b></span>';
$return .= '<a href="lp_controller.php?cidReq='.$_GET['cidReq'].'&action=view&lp_id='.$this->lp_id.'">'.Display::return_icon('learnpath_view.gif', get_lang("Display")).' '.get_lang('Display').'</a> '.Display::return_icon('i.gif');
$return .= '<a href="lp_controller.php?cidReq=' . Security::remove_XSS($_GET['cidReq']).'&action=view&lp_id='.$this->lp_id.'">'.Display::return_icon('learnpath_view.gif', get_lang("Display")).' '.get_lang('Display').'</a> '.Display::return_icon('i.gif');
$return .= '<a href="lp_controller.php?cidReq='.Security::remove_XSS($_GET['cidReq']).'&amp;action=edit&amp;lp_id='.Security::remove_XSS($_GET['lp_id']).'">'.Display::return_icon('edit.gif', get_lang('CourseSettings')).' '.get_lang('CourseSettings').'</a>';
$return .= '<a href="'.api_get_self().'?cidReq='.Security::remove_XSS($_GET['cidReq']).'&amp;action='.Security::remove_XSS($_GET['action']).'&amp;lp_id='.Security::remove_XSS($_GET['lp_id']).'&amp;updateaudio=true">'.Display::return_icon('audio.gif', get_lang('UpdateAllAudioFragments')).' '.get_lang('UpdateAllAudioFragments').'</a>';
$return .= '<a href="' .api_get_self(). '?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&amp;gradebook='.$gradebook.'&amp;action=add_item&amp;type=chapter&amp;lp_id=' . $_SESSION['oLP']->lp_id . '" title="'.get_lang("NewChapter").'"><img alt="'.get_lang("NewChapter").'" src="../img/lp_dokeos_chapter_add.gif" title="'.get_lang("NewChapter").'" />'.get_lang("NewChapter").'</a>';
$return .= '<a href="' .api_get_self(). '?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&amp;gradebook='.$gradebook.'&amp;action=add_item&amp;type=step&amp;lp_id=' . $_SESSION['oLP']->lp_id . '" title="'.get_lang("NewStep").'"><img alt="'.get_lang("NewStep").'" src="../img/new_test.gif" title="'.get_lang("NewStep").'" />'.get_lang("NewStep").'</a>';
@ -4621,6 +4622,7 @@ class learnpath {
echo '<a href="' .api_get_self(). '?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&amp;gradebook='.$gradebook.'&amp;action=admin_view&amp;lp_id=' . $_SESSION['oLP']->lp_id . '" title="'.get_lang("BasicOverview").'">'.Display::return_icon('learnpath_organize.gif', get_lang('BasicOverview')).' '.get_lang('BasicOverview').'</a>';
echo '<a href="lp_controller.php?cidReq='.Security::remove_XSS($_GET['cidReq']).'&amp;gradebook='.$gradebook.'&action=view&lp_id='.$_SESSION['oLP']->lp_id.'">'.Display::return_icon('learnpath_view.gif', get_lang('Display')).' '.get_lang('Display').'</a>';
Display::display_icon('i.gif');
echo '<a href="lp_controller.php?cidReq='.Security::remove_XSS($_GET['cidReq']).'&amp;action=edit&amp;lp_id='.Security::remove_XSS($_GET['lp_id']).'">'.Display::return_icon('edit.gif', get_lang('CourseSettings')).' '.get_lang('CourseSettings').'</a>';
echo '<a href="'.api_get_self().'?cidReq='.Security::remove_XSS($_GET['cidReq']).'&amp;action=admin_view&amp;lp_id='.Security::remove_XSS($_GET['lp_id']).'&amp;updateaudio=true">'.Display::return_icon('audio.gif', get_lang('UpdateAllAudioFragments')).' '.get_lang('UpdateAllAudioFragments').'</a>';
echo '<a href="' .api_get_self(). '?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&amp;gradebook='.$gradebook.'&amp;action=add_item&amp;type=chapter&amp;lp_id=' . $_SESSION['oLP']->lp_id . '" title="'.get_lang("NewChapter").'"><img alt="'.get_lang("NewChapter").'" src="../img/lp_dokeos_chapter_add.gif" title="'.get_lang("NewChapter").'" />'.get_lang("NewChapter").'</a>';
echo '<a href="' .api_get_self(). '?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&amp;gradebook='.$gradebook.'&amp;action=add_item&amp;type=step&amp;lp_id=' . $_SESSION['oLP']->lp_id . '" title="'.get_lang("NewStep").'"><img alt="'.get_lang("NewStep").'" src="../img/new_test.gif" title="'.get_lang("NewStep").'" />'.get_lang("NewStep").'</a>';

2
main/newscorm/lp_add.php
Unescape View File

@ -124,7 +124,7 @@ $interbreadcrumb[]= array ("url"=>"#", "name"=> get_lang("_add_learnpath"));
Display::display_header(null,'Path');
echo '<div class="actions">';
echo Display::return_icon('scorm.gif',get_lang('ReturnToLearningPaths')).' <a href="lp_controller.php?cidReq='.$_course['sysCode'].'">'.get_lang('ReturnToLearningPaths').'</a>';
echo '<a href="lp_controller.php?cidReq='.$_course['sysCode'].'">'.Display::return_icon('scorm.gif',get_lang('ReturnToLearningPaths')).' '.get_lang('ReturnToLearningPaths').'</a>';
echo '</div>';
Display::display_normal_message(get_lang('AddLpIntro'),false);

10
main/newscorm/lp_build.php
Unescape View File

@ -219,17 +219,13 @@ echo '<table cellpadding="0" cellspacing="0" class="lp_build">';
echo '</div>';
} else {
if($is_new) {
echo '<div class="confirmation-message">';
echo get_lang("LearnPathAdded");
echo '</div>';
Display::display_normal_message(get_lang('LearnPathAdded'), false);
}
if($is_new) {
Display::display_normal_message(get_lang('LPCreatedToContinue'));
Display::display_normal_message(get_lang('LPCreatedToContinue'), false);
} else {
// Display::display_normal_message(get_lang('LPCreatedAddChapterStep'), false);
echo '<div class="normal-message">';
echo get_lang("LearnPathAdded");
echo '</div>';
Display::display_normal_message(get_lang('LearnPathAdded'), false);
}
}
echo '</td>';

32
main/newscorm/lp_edit.php
Unescape View File

@ -30,19 +30,34 @@ $interbreadcrumb[]= array ("url"=>api_get_self()."?action=admin_view&lp_id=$lear
Display::display_header(null,'Path');
//Page subtitle
echo '<h4>'.get_lang('EditLPSettings').'</h4>';
$fck_attribute['Width'] = '400px';
$fck_attribute['Height'] = '150px';
$fck_attribute['ToolbarSet'] = 'CommentLearningPath';
// actions link
echo '<div class="actions">';
$gradebook = Security::remove_XSS($_GET['gradebook']);
echo '<a href="lp_controller.php?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&amp;gradebook='.$gradebook.'&amp;action=build&amp;lp_id=' . Security::remove_XSS($_GET['lp_id']) . '" title="'.get_lang("Build").'">'.Display::return_icon('learnpath_build.gif', get_lang('Build')).' '.get_lang('Build').'</a>';
echo '<a href="lp_controller.php?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&amp;gradebook='.$gradebook.'&amp;action=admin_view&amp;lp_id=' . Security::remove_XSS($_GET['lp_id']) . '" title="'.get_lang("BasicOverview").'">'.Display::return_icon('learnpath_organize.gif', get_lang('BasicOverview')).' '.get_lang('BasicOverview').'</a>';
echo '<a href="lp_controller.php?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&amp;gradebook='.$gradebook.'&amp;action=view&lp_id='.Security::remove_XSS($_GET['lp_id']).'">'.Display::return_icon('learnpath_view.gif', get_lang("Display")).' '.get_lang('Display').'</a> '.Display::return_icon('i.gif');
echo '<a href="../newscorm/lp_controller.php?cidReq='.$_course['sysCode'].'">'.Display::return_icon('scorm.gif',get_lang('ReturnToLearningPaths')).' '.get_lang('ReturnToLearningPaths').'</a>';
echo '<a href="lp_controller.php?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&amp;gradebook='.$gradebook.'&amp;action='.Security::remove_XSS($_GET['action']).'&amp;lp_id='.Security::remove_XSS($_GET['lp_id']).'&amp;updateaudio=true">'.Display::return_icon('audio.gif', get_lang('UpdateAllAudioFragments')).' '.get_lang('UpdateAllAudioFragments').'</a>';
echo '<a href="lp_controller.php?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&amp;gradebook='.$gradebook.'&amp;action=add_item&amp;type=chapter&amp;lp_id=' . Security::remove_XSS($_GET['lp_id']) . '" title="'.get_lang("NewChapter").'"><img alt="'.get_lang("NewChapter").'" src="../img/lp_dokeos_chapter_add.gif" title="'.get_lang("NewChapter").'" />'.get_lang("NewChapter").'</a>';
echo '<a href="lp_controller.php?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&amp;gradebook='.$gradebook.'&amp;action=add_item&amp;type=step&amp;lp_id=' . Security::remove_XSS($_GET['lp_id']) . '" title="'.get_lang("NewStep").'"><img alt="'.get_lang("NewStep").'" src="../img/new_test.gif" title="'.get_lang("NewStep").'" />'.get_lang("NewStep").'</a>';
echo '</div>';
$defaults=array();
$form = new FormValidator('form1', 'post', 'lp_controller.php');
// form title
$form->addElement('header',null, get_lang('EditLPSettings'));
//Title
$form -> addElement('text', 'lp_name', api_ucfirst(get_lang('_title')),array('size'=>43));
$form-> applyFilter('lp_name', 'html_filter');
$form->addElement('text', 'lp_name', api_ucfirst(get_lang('_title')),array('size'=>43));
$form->applyFilter('lp_name', 'html_filter');
$form->addRule('lp_name', get_lang('ThisFieldIsRequired'), 'required');
//Encoding
$encoding_select = &$form->addElement('select', 'lp_encoding', get_lang('Charset'));
$encodings = array('UTF-8','ISO-8859-1','ISO-8859-15','cp1251','cp1252','KOI8-R','BIG5','GB2312','Shift_JIS','EUC-JP');
@ -116,12 +131,7 @@ if( strlen($_SESSION['oLP']->get_preview_image() ) > 0)
$form->addElement('file', 'lp_preview_image', ($_SESSION['oLP']->get_preview_image() != '' ? get_lang('UpdateImage') : get_lang('AddImage')));
$div = '<div class="row">
<div class="label"></div>
<div class="formw"> '.get_lang('ImageWillResizeMsg').'
</div>
</div>';
$form->addElement('html', $div);
$form->addElement('static', null, null, get_lang('ImageWillResizeMsg'));
/*
$form->addRule('lp_preview_image', get_lang('OnlyImagesAllowed'), 'mimetype', array('image/gif', 'image/jpeg', 'image/png'));

2
main/upload/form.scorm.php
Unescape View File

@ -43,7 +43,7 @@ include('../newscorm/content_makers.inc.php');
require_once(api_get_path(LIBRARY_PATH) . 'specific_fields_manager.lib.php');
echo '<div class="actions">';
echo Display::return_icon('scorm.gif',get_lang('ReturnToLearningPaths')).' <a href="../newscorm/lp_controller.php?cidReq='.$_course['sysCode'].'">'.get_lang('ReturnToLearningPaths').'</a>';
echo '<a href="../newscorm/lp_controller.php?cidReq='.$_course['sysCode'].'">'.Display::return_icon('scorm.gif',get_lang('ReturnToLearningPaths')).' '.get_lang('ReturnToLearningPaths').'</a>';
echo '</div>';

Write Preview
Loading…
Cancel
Save