chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove Database::escape_string() without quotes to avoid SQL injections - partial + a few parse warnings - refs #7440

Browse Source
1.9.x
Yannick Warnier 10 years ago
parent da68aae224
commit e4ba3c923f
55 changed files with 265 additions and 268 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      main/admin/access_url_add_courses_to_url.php
  2. 4
      main/admin/access_url_add_users_to_url.php
  3. 2
      main/admin/access_url_edit.php
  4. 2
      main/admin/access_urls.php
  5. 1
      main/admin/add_courses_to_usergroup.php
  6. 1
      main/admin/add_sessions_to_promotion.php
  7. 1
      main/admin/add_sessions_to_usergroup.php
  8. 1
      main/admin/add_users_to_group.php
  9. 33
      main/admin/calendar.lib.php
  10. 10
      main/admin/class_list.php
  11. 2
      main/admin/group_list.php
  12. 4
      main/admin/languages.php
  13. 2
      main/admin/session_course_user_list.php
  14. 2
      main/admin/session_import.php
  15. 8
      main/admin/settings.lib.php
  16. 16
      main/admin/sub_language.class.php
  17. 4
      main/admin/sub_language_add.php
  18. 8
      main/admin/user_fields.php
  19. 12
      main/admin/user_fields_options.php
  20. 10
      main/announcements/announcements.inc.php
  21. 2
      main/auth/inscription.php
  22. 14
      main/blog/blog.php
  23. 6
      main/blog/blog_admin.php
  24. 51
      main/calendar/agenda.inc.php
  25. 6
      main/calendar/agenda.lib.php
  26. 4
      main/calendar/myagenda.inc.php
  27. 2
      main/document/document.php
  28. 2
      main/document/document_lite.php
  29. 4
      main/document/edit_document.php
  30. 22
      main/dropbox/dropbox_class.inc.php
  31. 24
      main/dropbox/dropbox_functions.inc.php
  32. 6
      main/exercice/addlimits.php
  33. 2
      main/exercice/answer.class.php
  34. 2
      main/exercice/answer_admin.inc.php
  35. 70
      main/exercice/exercise.class.php
  36. 4
      main/exercice/exercise_show.php
  37. 4
      main/exercice/hotspot_actionscript.as.php
  38. 4
      main/exercice/hotspot_answers.as.php
  39. 2
      main/exercice/hotspot_save.inc.php
  40. 10
      main/exercice/hotspot_savescore.inc.php
  41. 2
      main/exercice/hotspot_updatescore.inc.php
  42. 8
      main/exercice/mark_free_answer.php
  43. 38
      main/exercice/question.class.php
  44. 2
      main/exercice/savescores.php
  45. 20
      main/exercice/testcategory.class.php
  46. 58
      main/forum/forumfunction.inc.php
  47. 4
      main/gradebook/lib/be/abstractlink.class.php
  48. 8
      main/gradebook/lib/be/category.class.php
  49. 2
      main/gradebook/lib/be/evaluation.class.php
  50. 6
      main/gradebook/lib/be/result.class.php
  51. 3
      main/gradebook/lib/fe/linkform.class.php
  52. 6
      main/gradebook/lib/gradebook_functions.inc.php
  53. 2
      main/inc/introductionSection.inc.php
  54. 3
      main/inc/lib/urlmanager.lib.php
  55. 2
      main/inc/local.inc.php

5
main/admin/access_url_add_courses_to_url.php
Unescape View File

@ -82,9 +82,10 @@ if (empty($first_letter_user)) {
unset($result);
}
$first_letter_course = Database::escape_string($first_letter_course);
$first_letter_course_lower = Database::escape_string(api_strtolower($first_letter_course));
$sql = "SELECT code, title FROM $tbl_course
WHERE title LIKE '".$first_letter_course."%' OR title LIKE '".api_strtolower($first_letter_course)."%'
WHERE title LIKE '".$first_letter_course_lower."%' OR title LIKE '".$first_letter_course_lower."%'
ORDER BY title, code DESC ";
$result = Database::query($sql);

4
main/admin/access_url_add_users_to_url.php
Unescape View File

@ -79,12 +79,12 @@ if (empty($first_letter_user)) {
}
unset($result);
}
$first_letter_user = Database::escape_string($first_letter_user);
$first_letter_user_lower = Database::escape_string(api_strtolower($first_letter_user));
$target_name = api_sort_by_first_name() ? 'firstname' : 'lastname';
$target_name = 'lastname';
$sql = "SELECT user_id,lastname,firstname,username FROM $tbl_user
WHERE ".$target_name." LIKE '".$first_letter_user."%' OR ".$target_name." LIKE '".api_strtolower($first_letter_user)."%'
WHERE ".$target_name." LIKE '".$first_letter_user_lower."%' OR ".$target_name." LIKE '".$first_letter_user_lower."%'
ORDER BY ". (count($users) > 0 ? "(user_id IN(".implode(',', $users).")) DESC," : "")." ".$target_name;
$result = Database::query($sql);
$db_users = Database::store_result($result);

2
main/admin/access_url_edit.php
Unescape View File

@ -120,7 +120,7 @@ $form->setDefaults($defaults);
$submit_name = get_lang('AddUrl');
if (isset($_GET['url_id'])) {
$url_id = Database::escape_string($_GET['url_id']);
$url_id = intval($_GET['url_id']);
$num_url_id = UrlManager::url_id_exist($url_id);
if($num_url_id != 1) {
header('Location: access_urls.php');

2
main/admin/access_urls.php
Unescape View File

@ -40,7 +40,7 @@ if (isset ($_GET['action'])) {
$check = Security::check_token('get');
if ($check) {
$url_id = Database::escape_string($_GET['url_id']);
$url_id = intval($_GET['url_id']);
switch ($_GET['action']) {
case 'delete_url':

1
main/admin/add_courses_to_usergroup.php
Unescape View File

@ -156,7 +156,6 @@ function search($needle,$type)
// xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_system_encoding();
$needle = Database::escape_string($needle);
$needle = api_convert_encoding($needle, $charset, 'utf-8');
if ($type == 'single') {

1
main/admin/add_sessions_to_promotion.php
Unescape View File

@ -123,7 +123,6 @@ function search_sessions($needle, $type)
// xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_system_encoding();
$needle = Database::escape_string($needle);
$needle = api_convert_encoding($needle, $charset, 'utf-8');
$session_list = SessionManager::get_sessions_list(

1
main/admin/add_sessions_to_usergroup.php
Unescape View File

@ -133,7 +133,6 @@ function search_sessions($needle,$type) {
// xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_system_encoding();
$needle = Database::escape_string($needle);
$needle = api_convert_encoding($needle, $charset, 'utf-8');
if ($type == 'single') {

1
main/admin/add_users_to_group.php
Unescape View File

@ -107,7 +107,6 @@ function search_users($needle, $type, $relation_type)
// xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_system_encoding();
$needle = Database::escape_string($needle);
$needle = api_convert_encoding($needle, $charset, 'utf-8');
$user_anonymous = api_get_anonymous_id();
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';

33
main/admin/calendar.lib.php
Unescape View File

@ -539,7 +539,7 @@ function store_edited_agenda_item() {
function save_edit_agenda_item($id, $title, $content, $start_date, $end_date) {
$TABLEAGENDA = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR);
$id=Database::escape_string($id);
$id=intval($id);
$title=Database::escape_string($title);
$content=Database::escape_string($content);
@ -902,7 +902,7 @@ function display_one_agenda_item($agenda_id)
$TABLEAGENDA = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR);
$TABLE_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
$agenda_id=Database::escape_string($agenda_id);
$agenda_id = intval($agenda_id);
//echo "displaying agenda items";
// getting the name of the groups
@ -2642,7 +2642,7 @@ function is_repeated_event($id,$course=null)
$course = $course_info['dbName'];
}
$id = (int) $id;
//$t_agenda_repeat = Database::get_course_table(TABLE_AGENDA_REPEAT,$course);
$t_agenda_repeat = Database::get_course_table(TABLE_AGENDA_REPEAT);
$sql = "SELECT * FROM $t_agenda_repeat WHERE cal_id = $id";
$res = Database::query($sql);
if(Database::num_rows($res)>0)
@ -2733,24 +2733,21 @@ function agenda_add_item($title, $content, $db_start_date, $db_end_date) {
return $last_id;
}
/**
* Adds a repetitive item to the database
* @param array Course info
* @param int The original event's id
* @param string Type of repetition
* @param int Timestamp of end of repetition (repeating until that date)
* @param array Original event's destination
* @return boolean False if error, True otherwise
* Gets calendar items
* @param int Month
* @param int Year
* @return array Array of events
*/
function get_calendar_items($month, $year) {
global $_user, $_course;
global $is_allowed_to_edit;
function get_calendar_items($month, $year)
{
global $_user, $_course;
global $is_allowed_to_edit;
$month=Database::escape_string($month);
$year=Database::escape_string($year);
$month = intval($month);
$year = intval($year);
// database variables
$TABLEAGENDA = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR);
//$TABLE_ITEM_PROPERTY=Database::get_course_table(TABLE_ITEM_PROPERTY);
// database variables
$TABLEAGENDA = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR);
$month_first_day = mktime(0,0,0,$month,1,$year);
$month_last_day = mktime(0,0,0,$month+1,1,$year)-1;

10
main/admin/class_list.php
Unescape View File

@ -34,13 +34,13 @@ function get_number_of_classes() {
* @param int $number_of_items
* @param string $direction
*/
function get_class_data($from, $number_of_items, $column, $direction) {
function get_class_data($from, $number_of_items, $column, $direction = 'ASC') {
$tbl_class_user = Database::get_main_table(TABLE_MAIN_CLASS_USER);
$tbl_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$from = Database::escape_string($from);
$number_of_items = Database::escape_string($number_of_items);
$column = Database::escape_string($column);
$direction = Database::escape_string($direction);
$from = intval($from);
$number_of_items = intval($number_of_items);
$column = intval($column);
$direction = ($direction == 'ASC'?'ASC':'DESC');
$sql = "SELECT id AS col0, name AS col1, COUNT(user_id) AS col2, id AS col3
FROM $tbl_class

2
main/admin/group_list.php
Unescape View File

@ -231,7 +231,7 @@ function lock_unlock_user($status, $user_id) {
}
if (($status_db == '1' OR $status_db == '0') AND is_numeric($user_id)) {
$sql = "UPDATE $user_table SET active='".Database::escape_string($status_db)."' WHERE user_id='".Database::escape_string($user_id)."'";
$sql = "UPDATE $user_table SET active=".intval($status_db)." WHERE user_id=".intval($user_id)."";
$result = Database::query($sql);
}

4
main/admin/languages.php
Unescape View File

@ -160,7 +160,7 @@ if (isset($_POST['Submit']) && $_POST['Submit']) {
if (count($_POST['id']) > 0) {
$ids = array();
foreach ($_POST['id'] as $index => $id) {
$ids[] = Database::escape_string($id);
$ids[] = intval($id);
}
$sql = "UPDATE $tbl_admin_languages SET available='1' WHERE id IN ('" . implode("','", $ids) . "')";
Database::query($sql);
@ -170,7 +170,7 @@ if (isset($_POST['Submit']) && $_POST['Submit']) {
if (count($_POST['id']) > 0) {
$ids = array();
foreach ($_POST['id'] as $index => $id) {
$ids[] = Database::escape_string($id);
$ids[] = intval($id);
}
$sql = "UPDATE $tbl_admin_languages SET available='0' WHERE id IN ('" . implode("','", $ids) . "')";
Database::query($sql);

2
main/admin/session_course_user_list.php
Unescape View File

@ -44,7 +44,7 @@ $sql = "SELECT s.name, c.title
FROM $tbl_session_rel_course src
INNER JOIN $tbl_session s ON s.id = src.id_session
INNER JOIN $tbl_course c ON c.code = src.course_code
WHERE src.id_session='$id_session' AND src.course_code='".Database::escape_string($course_code)."' ";
WHERE src.id_session='$id_session' AND src.course_code='$course_code' ";
$result = Database::query($sql);
if (!list($session_name,$course_title) = Database::fetch_row($result)) {

2
main/admin/session_import.php
Unescape View File

@ -134,7 +134,7 @@ if (isset($_POST['formSent']) && $_POST['formSent']) {
email = '".Database::escape_string($email)."',
official_code = '".Database::escape_string($official_code)."',
phone = '".Database::escape_string($phone)."',
status = '".Database::escape_string($status)."'
status = '".intval($status)."'
WHERE username = '".Database::escape_string($username)."'";
Database::query($sql);

8
main/admin/settings.lib.php
Unescape View File

@ -901,7 +901,7 @@ function add_edit_template() {
if ($_GET['action'] == 'edit') {
// Database table definition.
$table_system_template = Database :: get_main_table('system_template');
$sql = "SELECT * FROM $table_system_template WHERE id = '".Database::escape_string($_GET['id'])."'";
$sql = "SELECT * FROM $table_system_template WHERE id = ".intval($_GET['id'])."";
$result = Database::query($sql);
$row = Database::fetch_array($result);
@ -988,7 +988,7 @@ function add_edit_template() {
if (!empty($new_file_name)) {
$sql .= ", image = '".Database::escape_string($new_file_name)."'";
}
$sql .= " WHERE id='".Database::escape_string($_GET['id'])."'";
$sql .= " WHERE id = ".intval($_GET['id'])."";
Database::query($sql);
// Display a feedback message.
@ -1021,7 +1021,7 @@ function add_edit_template() {
function delete_template($id) {
// First we remove the image.
$table_system_template = Database :: get_main_table('system_template');
$sql = "SELECT * FROM $table_system_template WHERE id = '".Database::escape_string($id)."'";
$sql = "SELECT * FROM $table_system_template WHERE id = ".intval($id)."";
$result = Database::query($sql);
$row = Database::fetch_array($result);
if (!empty($row['image'])) {
@ -1029,7 +1029,7 @@ function delete_template($id) {
}
// Now we remove it from the database.
$sql = "DELETE FROM $table_system_template WHERE id = '".Database::escape_string($id)."'";
$sql = "DELETE FROM $table_system_template WHERE id = ".intval($id)."";
Database::query($sql);
// Display a feedback message.

16
main/admin/sub_language.class.php
Unescape View File

@ -53,7 +53,7 @@ class SubLanguageManager
{
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql = 'SELECT * FROM ' . $tbl_admin_languages . '
WHERE parent_id="' . Database::escape_string($parent_id) . '" AND id="' . Database::escape_string($sub_language_id) . '"';
WHERE parent_id= ' . intval($parent_id) . ' AND id= ' . intval($sub_language_id) . '';
$rs = Database::query($sql);
$all_information = array();
while ($row = Database::fetch_array($rs, 'ASSOC')) {
@ -185,7 +185,7 @@ class SubLanguageManager
return false;
} //can't delete dir, so do not delete language record
$sql = 'DELETE FROM ' . $tbl_admin_languages . '
WHERE id="' . Database::escape_string($sub_language_id) . '" ';
WHERE id= ' . intval($sub_language_id) . ' ';
$res = Database::query($sql);
return $res;
@ -247,7 +247,7 @@ class SubLanguageManager
public static function get_name_of_language_by_id($language_id)
{
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql = 'SELECT original_name FROM ' . $tbl_admin_languages . ' WHERE id="' . Database::escape_string($language_id) . '"';
$sql = 'SELECT original_name FROM ' . $tbl_admin_languages . ' WHERE id= ' . intval($language_id) . '';
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0) {
return Database::result($rs, 0, 'original_name');
@ -265,7 +265,7 @@ class SubLanguageManager
{
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql = 'SELECT count(*) AS count FROM ' . $tbl_admin_languages . '
WHERE id="' . Database::escape_string($language_id) . '" AND NOT ISNULL(parent_id)';
WHERE id = ' . intval($language_id) . ' AND NOT ISNULL(parent_id)';
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0 && Database::result($rs, '0', 'count') == 1) {
@ -302,7 +302,7 @@ class SubLanguageManager
{
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql = 'SELECT count(*) AS count FROM ' . $tbl_admin_languages . '
WHERE parent_id="' . Database::escape_string($language_id) . '" AND NOT ISNULL(parent_id);';
WHERE parent_id= ' . intval($language_id) . ' AND NOT ISNULL(parent_id);';
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0 && Database::result($rs, '0', 'count') == 1) {
@ -320,7 +320,7 @@ class SubLanguageManager
public static function make_unavailable_language($language_id)
{
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql_make_unavailable = "UPDATE $tbl_admin_languages SET available='0' WHERE id='" . Database::escape_string($language_id) . "'";
$sql_make_unavailable = "UPDATE $tbl_admin_languages SET available='0' WHERE id = " . intval($language_id) . "";
$result = Database::query($sql_make_unavailable);
return $result !== false; //only return false on sql error
}
@ -333,7 +333,7 @@ class SubLanguageManager
public static function make_available_language($language_id)
{
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql_make_available = "UPDATE $tbl_admin_languages SET available='1' WHERE id='" . Database::escape_string($language_id) . "'";
$sql_make_available = "UPDATE $tbl_admin_languages SET available='1' WHERE id = " . intval($language_id) . "";
$result = Database::query($sql_make_available);
return $result !== false; //only return false on sql error
}
@ -350,7 +350,7 @@ class SubLanguageManager
}
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$tbl_settings_current = Database :: get_main_table(TABLE_MAIN_SETTINGS_CURRENT);
$sql_update = "SELECT english_name FROM " . $tbl_admin_languages . " WHERE id='" . Database::escape_string($language_id) . "'";
$sql_update = "SELECT english_name FROM " . $tbl_admin_languages . " WHERE id= " . intval($language_id) . "";
$result = Database::query($sql_update);
$lang = Database::fetch_array($result);
$sql_update_2 = "UPDATE " . $tbl_settings_current . " SET selected_value='" . $lang['english_name'] . "' WHERE variable='platformLanguage'";

4
main/admin/sub_language_add.php
Unescape View File

@ -39,7 +39,7 @@ function add_sub_language ($original_name,$english_name,$isocode,$sublanguage_av
$english_name = Database::escape_string($english_name);
$isocode = Database::escape_string($isocode);
$sublanguage_available = Database::escape_string($sublanguage_available);
$parent_id = Database::escape_string($parent_id);
$parent_id = intval($parent_id);
$sql='INSERT INTO '.$tbl_admin_languages.'(original_name,english_name,isocode,dokeos_folder,available,parent_id) VALUES ("'.$original_name.'","'.$english_name.'","'.$isocode.'","'.$english_name.'","'.$sublanguage_available.'","'.$parent_id.'")';
$res = Database::query($sql);
@ -119,7 +119,7 @@ function check_if_exist_language_by_id ($language_id) {
* @return bool True if this language has children, false otherwise
*/
function ckeck_if_is_parent_of_sub_language ($parent_id) {
$sql='SELECT count(*) AS count FROM language WHERE parent_id="'.Database::escape_string($parent_id).'"';
$sql='SELECT count(*) AS count FROM language WHERE parent_id= '.intval($parent_id).'';
$rs=Database::query($sql);
if (Database::num_rows($rs)>0 && Database::result($rs,0,'count')==1) {
return true;

8
main/admin/user_fields.php
Unescape View File

@ -354,16 +354,16 @@ function delete_user_fields($field_id)
$table_user_field_values = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
// delete the fields
$sql = "DELETE FROM $table_user_field WHERE id = '".Database::escape_string($field_id)."'";
$sql = "DELETE FROM $table_user_field WHERE id = ".intval($field_id)." ";
$result = Database::query($sql);
if (Database::affected_rows() == 1)
{
// delete the field options
$sql = "DELETE FROM $table_user_field_options WHERE field_id = '".Database::escape_string($field_id)."'";
$sql = "DELETE FROM $table_user_field_options WHERE field_id = ".intval($field_id)."";
$result = Database::query($sql);
// delete the field values
$sql = "DELETE FROM $table_user_field_values WHERE field_id = '".Database::escape_string($field_id)."'";
$sql = "DELETE FROM $table_user_field_values WHERE field_id = ".intval($field_id)."";
$result = Database::query($sql);
// recalculate the field_order because the value is used to show/hide the up/down icon
@ -373,7 +373,7 @@ function delete_user_fields($field_id)
$i = 1;
while($row = Database::fetch_array($result))
{
$sql_reorder = "UPDATE $table_user_field SET field_order = '".Database::escape_string($i)."' WHERE id = '".Database::escape_string($row['id'])."'";
$sql_reorder = "UPDATE $table_user_field SET field_order = '".Database::escape_string($i)."' WHERE id = ".intval($row['id'])."";
$result_reorder = Database::query($sql_reorder);
$i++;
}

12
main/admin/user_fields_options.php
Unescape View File

@ -105,7 +105,7 @@ function get_options_data($from, $number_of_items, $column, $direction)
option_order AS col0,
option_display_text AS col1,
id AS col2
FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ORDER BY option_order ASC";
FROM $table_userfields_options WHERE field_id = ".intval($_GET['field_id'])." ORDER BY option_order ASC";
$sql .= " LIMIT $from,$number_of_items";
$res = Database::query($sql);
$return = array ();
@ -122,7 +122,7 @@ function get_number_of_options($from=null, $number_of_items=null, $column=null,
$table_userfields_options = Database :: get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS);
// The sql statement
$sql = "SELECT count(id) as total FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ";
$sql = "SELECT count(id) as total FROM $table_userfields_options WHERE field_id= ".intval($_GET['field_id'])." ";
$res = Database::query($sql);
$row = Database::fetch_row($res);
return $row[0];
@ -131,7 +131,7 @@ function get_number_of_options($from=null, $number_of_items=null, $column=null,
function actions_filter($option_id,$url_params,$row)
{
global $number_of_options;
$return = '';
if ($row[0]<>1)
{
$return .= '<a href="'.api_get_self().'?action=moveup&amp;option_id='.$option_id.'&amp;field_id='.Security::remove_XSS($_GET['field_id']).'&amp;sec_token='.$_SESSION['sec_token'].'">'.Display::return_icon('up.gif', get_lang('Up')).'</a>';
@ -182,7 +182,7 @@ function move_user_field_option($direction,$option_id)
$found = false;
$sql = "SELECT id, option_order FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ORDER BY option_order $sortdirection";
$sql = "SELECT id, option_order FROM $table_userfields_options WHERE field_id = ".intval($_GET['field_id'])." ORDER BY option_order $sortdirection";
$result = Database::query($sql);
while($row = Database::fetch_array($result))
{
@ -201,8 +201,8 @@ function move_user_field_option($direction,$option_id)
}
}
$sql1 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($next_order)."' WHERE id = '".Database::escape_string($this_id)."'";
$sql2 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($this_order)."' WHERE id = '".Database::escape_string($next_id)."'";
$sql1 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($next_order)."' WHERE id = ".intval($this_id)."";
$sql2 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($this_order)."' WHERE id = ".intval($next_id)."";
Database::query($sql1);
Database::query($sql2);

10
main/announcements/announcements.inc.php
Unescape View File

@ -566,10 +566,10 @@ class AnnouncementManager
if ($insert_id != strval(intval($insert_id))) {
return false;
}
$insert_id = Database::escape_string($insert_id);
$insert_id = intval($insert_id);
$course_id = api_get_course_int_id();
// store the modifications in the table tbl_annoucement
$sql = "UPDATE $tbl_announcement SET email_sent='1' WHERE c_id = $course_id AND id='$insert_id'";
$sql = "UPDATE $tbl_announcement SET email_sent='1' WHERE c_id = $course_id AND id = $insert_id";
Database::query($sql);
}
@ -793,7 +793,7 @@ class AnnouncementManager
// adding the individual users to the select form
foreach ($ref_array_users as $this_user) {
if (!is_array($to_already_selected) || !in_array("USER:" . $this_user['user_id'], $to_already_selected)) { // $to_already_selected is the array containing the users (and groups) that are already selected
echo "<option value=\"USER:", $this_user['user_id'], "\" title='" . sprintf(get_lang('LoginX'), $user['username']) . "'>",
echo "<option value=\"USER:", $this_user['user_id'], "\" title='" . sprintf(get_lang('LoginX'), $this_user['username']) . "'>",
"", api_get_person_name($this_user['firstname'], $this_user['lastname']),
"</option>";
}
@ -873,10 +873,10 @@ class AnnouncementManager
{
$tbl_item_property = Database::get_course_table(TABLE_ITEM_PROPERTY);
$tool = Database::escape_string($tool);
$id = Database::escape_string($id);
$id = intval($id);
$course_id = api_get_course_int_id();
$sql = "SELECT * FROM $tbl_item_property WHERE c_id = $course_id AND tool='$tool' AND ref='$id'";
$sql = "SELECT * FROM $tbl_item_property WHERE c_id = $course_id AND tool='$tool' AND ref = $id";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
$to_group = $row['to_group_id'];

2
main/auth/inscription.php
Unescape View File

@ -482,7 +482,7 @@ if ($form->validate()) {
}
if ($store_extended) {
$sql .= implode(',', $sql_set);
$sql .= " WHERE user_id = '".Database::escape_string($user_id)."'";
$sql .= " WHERE user_id = ".intval($user_id)."";
Database::query($sql);
}

14
main/blog/blog.php
Unescape View File

@ -136,7 +136,7 @@ if (isset($_GET['action']) && $_GET['action'] == 'manage_tasks') {
}
if (isset($_GET['do']) && $_GET['do'] == 'delete_assignment') {
Blog :: delete_assigned_task($blog_id, Database::escape_string((int)$_GET['task_id']), Database::escape_string((int)$_GET['user_id']));
Blog :: delete_assigned_task($blog_id, intval($_GET['task_id']), intval($_GET['user_id']));
$return_message = array('type' => 'confirmation', 'message' => get_lang('TaskAssignmentDeleted'));
}
@ -363,7 +363,7 @@ switch ($current_page) {
}
break;
case 'view_post' :
Blog :: display_post($blog_id, Database::escape_string((int)$_GET['post_id']));
Blog :: display_post($blog_id, intval($_GET['post_id']));
break;
case 'edit_post' :
$task_id = (isset ($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0;
@ -377,7 +377,7 @@ switch ($current_page) {
if ($_POST) {
Display::display_error_message(get_lang('FormHasErrorsPleaseComplete'));
}
Blog :: display_form_edit_post($blog_id, Database::escape_string((int)$_GET['post_id']));
Blog :: display_form_edit_post($blog_id, intval($_GET['post_id']));
} else {
if (isset ($_GET['filter']) && !empty ($_GET['filter'])) {
Blog :: display_day_results($blog_id, Database::escape_string($_GET['filter']));
@ -415,11 +415,11 @@ switch ($current_page) {
}
if (isset($_GET['do']) && $_GET['do'] == 'edit')
{
Blog :: display_edit_task_form($blog_id, Database::escape_string($_GET['task_id']));
Blog :: display_edit_task_form($blog_id, intval($_GET['task_id']));
}
if (isset($_GET['do']) && $_GET['do'] == 'edit_assignment')
{
Blog :: display_edit_assigned_task_form($blog_id, Database::escape_string((int)$_GET['task_id']), Database::escape_string((int)$_GET['user_id']));
Blog :: display_edit_assigned_task_form($blog_id, intval($_GET['task_id']), intval($_GET['user_id']));
}
Blog :: display_task_list($blog_id);
echo '<br /><br />';
@ -432,9 +432,9 @@ switch ($current_page) {
break;
case 'execute_task' :
if (isset ($_GET['post_id']))
Blog :: display_post($blog_id, Database::escape_string((int)$_GET['post_id']));
Blog :: display_post($blog_id, intval($_GET['post_id']));
else
Blog :: display_select_task_post($blog_id, Database::escape_string((int)$_GET['task_id']));
Blog :: display_select_task_post($blog_id, intval($_GET['task_id']));
break;
case 'view_search_result' :

6
main/blog/blog_admin.php
Unescape View File

@ -75,11 +75,11 @@ if (api_is_allowed_to_edit()) {
}
}
if (isset($_GET['action']) && $_GET['action'] == 'visibility') {
Blog::change_blog_visibility(Database::escape_string((int)$_GET['blog_id']));
Blog::change_blog_visibility(intval($_GET['blog_id']));
Display::display_confirmation_message(get_lang('VisibilityChanged'));
}
if (isset($_GET['action']) && $_GET['action'] == 'delete') {
Blog::delete_blog(Database::escape_string((int)$_GET['blog_id']));
Blog::delete_blog(intval($_GET['blog_id']));
Display::display_confirmation_message(get_lang('BlogDeleted'));
}
@ -115,7 +115,7 @@ if (api_is_allowed_to_edit()) {
if ($_POST) {
Display::display_error_message(get_lang('FormHasErrorsPleaseComplete'));
}
Blog::display_edit_blog_form(Database::escape_string((int)$_GET['blog_id']));
Blog::display_edit_blog_form(intval($_GET['blog_id']));
}
}
Blog::display_blog_list();

51
main/calendar/agenda.inc.php
Unescape View File

@ -166,8 +166,7 @@ function get_calendar_items($select_month, $select_year, $select_day = false)
AND ip.tool='".TOOL_CALENDAR_EVENT."'
AND ip.visibility='1'
$session_condition
GROUP BY ip.ref
ORDER $sort_item $sort";
GROUP BY ip.ref";
}
// A.3.b you are a course admin or a student
else {
@ -1139,7 +1138,7 @@ function store_agenda_item_as_announcement($item_id)
}
//get the agenda item
$item_id = Database::escape_string($item_id);
$item_id = intval($item_id);
$sql = "SELECT * FROM $table_agenda WHERE id = ".$item_id;
$res = Database::query($sql);
$course_id = api_get_course_int_id();
@ -1244,9 +1243,9 @@ function sent_to($tool, $id)
{
$TABLE_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
$tool = Database::escape_string($tool);
$id = Database::escape_string($id);
$id = intval($id);
$sql = "SELECT * FROM $TABLE_ITEM_PROPERTY WHERE tool='".$tool."' AND ref='".$id."'";
$sql = "SELECT * FROM $TABLE_ITEM_PROPERTY WHERE tool='".$tool."' AND ref= ".$id."";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
// if to_group_id is null then it is sent to a specific user
@ -1310,7 +1309,7 @@ function sent_to_form($sent_to_array)
if (isset($sent_to_array['users'])) {
if (is_array($sent_to_array['users'])) {
foreach ($sent_to_array['users'] as $user_id) {
// @todo add username as tooltip - is this fucntion still used ?
// @todo add username as tooltip - is this function still used ?
// $user_info= api_get_user_info($user_id);
// $username = api_htmlentities(sprintf(get_lang('LoginX'), $user_info['username']), ENT_QUOTES);
$output[] = api_get_person_name($user_info['firstName'], $user_info['lastName']);
@ -1443,12 +1442,12 @@ function show_user_group_filter_form()
function load_edit_users($tool, $id)
{
$tool = Database::escape_string($tool);
$id = Database::escape_string($id);
$id = intval($id);
$TABLE_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
$course_id = api_get_course_int_id();
$sql = "SELECT * FROM $TABLE_ITEM_PROPERTY
WHERE c_id = $course_id AND tool='$tool' AND ref='$id'";
WHERE c_id = $course_id AND tool='$tool' AND ref= $id ";
$result = Database::query($sql);
$to = array();
@ -1480,13 +1479,13 @@ function change_visibility($tool, $id, $visibility)
$_course = api_get_course_info();
$TABLE_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
$tool = Database::escape_string($tool);
$id = Database::escape_string($id);
$id = intval($id);
if ($visibility == 0) {
$sql_visibility = "UPDATE $TABLE_ITEM_PROPERTY SET visibility='0' WHERE tool='$tool' AND ref='$id'";
$sql_visibility = "UPDATE $TABLE_ITEM_PROPERTY SET visibility='0' WHERE tool='$tool' AND ref= $id ";
api_item_property_update($_course, TOOL_CALENDAR_EVENT, $id, "invisible", api_get_user_id());
} else {
$sql_visibility = "UPDATE $TABLE_ITEM_PROPERTY SET visibility='1' WHERE tool='$tool' AND ref='$id'";
$sql_visibility = "UPDATE $TABLE_ITEM_PROPERTY SET visibility='1' WHERE tool='$tool' AND ref= $id ";
api_item_property_update($_course, TOOL_CALENDAR_EVENT, $id, "visible", api_get_user_id());
}
}
@ -1553,18 +1552,18 @@ function get_agenda_item($id)
global $TABLEAGENDA;
$t_agenda_repeat = Database::get_course_table(TABLE_AGENDA_REPEAT);
$id = Database::escape_string($id);
$id = intval($id);
$item = array();
if (empty($id)) {
$id = intval(Database::escape_string(($_GET['id'])));
$id = intval($_GET['id']);
} else {
$id = (int) $id;
$id = intval($id);
}
$course_id = api_get_course_int_id();
if (empty($id)) {
return $item;
}
$sql = "SELECT * FROM ".$TABLEAGENDA." WHERE id='".$id."' AND c_id = $course_id ";
$sql = "SELECT * FROM ".$TABLEAGENDA." WHERE id = ".$id." AND c_id = $course_id ";
$result = Database::query($sql);
$entry_to_edit = Database::fetch_array($result);
$item['title'] = $entry_to_edit["title"];
@ -1665,7 +1664,7 @@ function store_edited_agenda_item($event_id, $id_attach, $file_comment)
function save_edit_agenda_item($id, $title, $content, $start_date, $end_date)
{
$TABLEAGENDA = Database::get_course_table(TABLE_AGENDA);
$id = Database::escape_string($id);
$id = intval($id);
$title = Database::escape_string($title);
$content = Database::escape_string($content);
$start_date = Database::escape_string($start_date);
@ -1694,7 +1693,7 @@ function save_edit_agenda_item($id, $title, $content, $start_date, $end_date)
function delete_agenda_item($id)
{
$_course = api_get_course_info();
$id = Database::escape_string($id);
$id = intval($id);
if (api_is_allowed_to_edit(false, true) OR (api_get_course_setting('allow_user_edit_agenda') && !api_is_anonymous())) {
if (!empty($_GET['id']) && isset($_GET['action']) && $_GET['action'] == "delete") {
$t_agenda = Database::get_course_table(TABLE_AGENDA);
@ -1949,9 +1948,9 @@ function get_attachment($agenda_id, $course_id = null)
} else {
$course_id = intval($course_id);
}
$agenda_id = Database::escape_string($agenda_id);
$agenda_id = intval($agenda_id);
$row = array();
$sql = 'SELECT id,path, filename,comment FROM '.$agenda_table_attachment.' WHERE c_id = '.$course_id.' AND agenda_id = '.(int) $agenda_id.'';
$sql = 'SELECT id,path, filename,comment FROM '.$agenda_table_attachment.' WHERE c_id = '.$course_id.' AND agenda_id = '.$agenda_id.'';
$result = Database::query($sql);
if (Database::num_rows($result) != 0) {
$row = Database::fetch_array($result);
@ -3417,8 +3416,8 @@ function show_add_form($id = '', $type = null)
$safe_file_comment = Database::escape_string($file_comment);
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
$safe_agenda_id = (int) $agenda_id;
$safe_id_attach = (int) $id_attach;
$safe_agenda_id = intval($agenda_id);
$safe_id_attach = intval($id_attach);
// Storing the attachments if any
if ($result) {
$sql = "UPDATE $agenda_table_attachment SET filename = '$safe_file_name', comment = '$safe_file_comment', path = '$safe_new_file_name', agenda_id = '$safe_agenda_id', size ='".intval($_FILES['user_upload']['size'])."'
@ -3737,17 +3736,17 @@ function show_add_form($id = '', $type = null)
function get_global_agenda_items($agendaitems, $day = "", $month = "", $year = "", $week = "", $type)
{
$tbl_global_agenda = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR);
$month = Database::escape_string($month);
$year = Database::escape_string($year);
$week = Database::escape_string($week);
$day = Database::escape_string($day);
$month = intval($month);
$year = intval($year);
$week = intval($week);
$day = intval($day);
// 1. creating the SQL statement for getting the personal agenda items in MONTH view
$current_access_url_id = api_get_current_access_url_id();
if ($type == "month_view" or $type == "") {
// We are in month view
$sql = "SELECT * FROM ".$tbl_global_agenda." WHERE MONTH(start_date)='".$month."' AND YEAR(start_date) = '".$year."' AND access_url_id = $current_access_url_id ORDER BY start_date ASC";
$sql = "SELECT * FROM ".$tbl_global_agenda." WHERE MONTH(start_date) = ".$month." AND YEAR(start_date) = ".$year." AND access_url_id = $current_access_url_id ORDER BY start_date ASC";
}
// 2. creating the SQL statement for getting the personal agenda items in WEEK view
if ($type == "week_view") { // we are in week view

6
main/calendar/agenda.lib.php
Unescape View File

@ -497,7 +497,7 @@ class Agenda
}
// Get the agenda item.
$item_id = Database::escape_string($item_id);
$item_id = intval($item_id);
$sql = "SELECT * FROM $table_agenda WHERE c_id = $course_id AND id = ".$item_id;
$res = Database::query($sql);
@ -1913,7 +1913,7 @@ class Agenda
*/
public static function changeVisibility($id, $visibility, $courseInfo, $userId = null)
{
$id = Database::escape_string($id);
$id = intval($id);
if (empty($userId)) {
$userId = api_get_user_id();
} else {
@ -1953,7 +1953,7 @@ class Agenda
{
$tableAttachment = Database::get_course_table(TABLE_AGENDA_ATTACHMENT);
$courseId = intval($courseInfo['real_id']);
$eventId = Database::escape_string($eventId);
$eventId = intval($eventId);
$row = array();
$sql = "SELECT id, path, filename, comment
FROM $tableAttachment

4
main/calendar/myagenda.inc.php
Unescape View File

@ -709,7 +709,7 @@ function get_personal_agenda_items($user_id, $agendaitems, $day = "", $month = "
*/
function get_personal_agenda_item($id) {
$tbl_personal_agenda = Database :: get_user_personal_table(TABLE_PERSONAL_AGENDA);
$id = Database::escape_string($id);
$id = intval($id);
// make sure events of the personal agenda can only be seen by the user himself
$user = api_get_user_id();
$sql = " SELECT * FROM ".$tbl_personal_agenda." WHERE id=".$id." AND user = ".$user;
@ -983,6 +983,8 @@ function get_personal_agenda_items_between_dates($user_id, $date_start='', $date
$result = Database::query($sqlquery);
while ($item = Database::fetch_array($result)) {
$agendaday = date("j",strtotime($item['start_date']));
$month = date("n",strtotime($item['start_date']));
$year = date("Y",strtotime($item['start_date']));
$URL = api_get_path(WEB_PATH)."main/calendar/agenda.php?cidReq=".urlencode($course["code"])."&amp;day=$agendaday&amp;month=$month&amp;year=$year#$agendaday";
list($year,$month,$day,$hour,$min,$sec) = split('[-: ]',$item['start_date']);
$start_date = $year.$month.$day.$hour.$min;

2
main/document/document.php
Unescape View File

@ -1367,7 +1367,7 @@ if ($is_allowed_to_edit ||
$templateForm .= '</form>';
} elseif (isset($_GET['add_as_template']) && isset($_POST['create_template'])) {
$document_id_for_template = intval(Database::escape_string($_GET['add_as_template']));
$document_id_for_template = intval($_GET['add_as_template']);
$title = Security::remove_XSS($_POST['template_title']);
//$description = Security::remove_XSS($_POST['template_description']);

2
main/document/document_lite.php
Unescape View File

@ -619,7 +619,7 @@ if ($is_allowed_to_edit || $group_member_with_upload_rights || is_my_shared_fold
} elseif (isset($_GET['add_as_template']) && isset($_POST['create_template'])) {
$document_id_for_template = intval(Database::escape_string($_GET['add_as_template']));
$document_id_for_template = intval($_GET['add_as_template']);
$title = Security::remove_XSS($_POST['template_title']);
//$description = Security::remove_XSS($_POST['template_description']);

4
main/document/edit_document.php
Unescape View File

@ -223,8 +223,8 @@ if (!is_allowed_to_edit()) {
if (isset($_POST['comment'])) {
// Fixing the path if it is wrong
$comment = trim(Database::escape_string($_POST['comment']));
$title = trim(Database::escape_string($_POST['title']));
$comment = Database::escape_string(trim($_POST['comment']));
$title = Database::escape_string(trim($_POST['title']));
//Just in case see BT#3525
if (empty($title)) {
$title = $documen_data['title'];

22
main/dropbox/dropbox_class.inc.php
Unescape View File

@ -121,20 +121,20 @@ class Dropbox_Work
$this->id = $res['id'];
$this->upload_date = $res['upload_date'];
$sql = "UPDATE ".$dropbox_cnf["tbl_file"]." SET
filesize = '".Database::escape_string($this->filesize)."' ,
filesize = '".intval($this->filesize)."' ,
title = '".Database::escape_string($this->title)."',
description = '".Database::escape_string($this->description)."',
author = '".Database::escape_string($this->author)."',
last_upload_date = '".Database::escape_string($this->last_upload_date)."'
WHERE c_id = $course_id AND id='".Database::escape_string($this->id)."'";
WHERE c_id = $course_id AND id = ".intval($this->id)."";
Database::query($sql);
} else {
$this->upload_date = $this->last_upload_date;
$sql = "INSERT INTO ".$dropbox_cnf['tbl_file']." (c_id, uploader_id, filename, filesize, title, description, author, upload_date, last_upload_date, session_id)
VALUES ( $course_id,
'".Database::escape_string($this->uploader_id)."'
'".intval($this->uploader_id)."'
, '".Database::escape_string($this->filename)."'
, '".Database::escape_string($this->filesize)."'
, '".intval($this->filesize)."'
, '".Database::escape_string($this->title)."'
, '".Database::escape_string($this->description)."'
, '".Database::escape_string($this->author)."'
@ -148,7 +148,7 @@ class Dropbox_Work
}
$sql = "SELECT count(file_id) as count FROM ".$dropbox_cnf['tbl_person']."
WHERE c_id = $course_id AND file_id = '".Database::escape_string($this->id)."' AND user_id = ".$this->uploader_id;
WHERE c_id = $course_id AND file_id = ".intval($this->id)." AND user_id = ".$this->uploader_id;
$result = Database::query($sql);
$row = Database::fetch_array($result);
if ($row['count'] == 0) {
@ -156,8 +156,8 @@ class Dropbox_Work
// Insert entries into person table
$sql = "INSERT INTO ".$dropbox_cnf['tbl_person']." (c_id, file_id, user_id)
VALUES ($course_id,
'".Database::escape_string($this->id)."'
, '".Database::escape_string($this->uploader_id)."'
".intval($this->id)."
, ".intval($this->uploader_id)."
)";
Database::query($sql);
}
@ -181,7 +181,7 @@ class Dropbox_Work
// Get the data from DB
$sql = "SELECT uploader_id, filename, filesize, title, description, author, upload_date, last_upload_date, cat_id
FROM ".$dropbox_cnf['tbl_file']."
WHERE c_id = $course_id AND id = '".Database::escape_string($id)."'";
WHERE c_id = $course_id AND id = ".intval($id)."";
$result = Database::query($sql);
$res = Database::fetch_array($result, 'ASSOC');
@ -351,7 +351,7 @@ class Dropbox_SentWork extends Dropbox_Work
$this->recipients = array();
$sql = "SELECT dest_user_id, feedback_date, feedback
FROM ".$dropbox_cnf['tbl_post']."
WHERE c_id = $course_id AND file_id='".Database::escape_string($id)."'";
WHERE c_id = $course_id AND file_id = ".intval($id)."";
$result = Database::query($sql);
while ($res = Database::fetch_array($result, 'ASSOC')) {
@ -430,8 +430,8 @@ class Dropbox_Person
FROM $file_tbl f INNER JOIN $person_tbl p
ON (f.id = p.file_id AND f.c_id = $course_id AND p.c_id = $course_id)
WHERE
f.uploader_id = '".Database::escape_string($this->userId)."' AND
p.user_id = '".Database::escape_string($this->userId)."'
f.uploader_id = ".intval($this->userId)." AND
p.user_id = ".intval($this->userId)."
$condition_session
";
$result = Database::query($sql);

24
main/dropbox/dropbox_functions.inc.php
Unescape View File

@ -221,16 +221,16 @@ function store_move($id, $target, $part)
if ((isset($id) AND $id != '') AND (isset($target) AND $target != '') AND (isset($part) AND $part != '')) {
if ($part == 'received') {
$sql = "UPDATE ".$dropbox_cnf["tbl_post"]." SET cat_id='".Database::escape_string($target)."'
WHERE c_id = $course_id AND dest_user_id='".Database::escape_string($_user['user_id'])."'
AND file_id='".Database::escape_string($id)."'";
$sql = "UPDATE ".$dropbox_cnf["tbl_post"]." SET cat_id = ".intval($target)."
WHERE c_id = $course_id AND dest_user_id = ".intval($_user['user_id'])."
AND file_id = ".intval($id)."";
Database::query($sql);
$return_message = get_lang('ReceivedFileMoved');
}
if ($part == 'sent') {
$sql = "UPDATE ".$dropbox_cnf["tbl_file"]." SET cat_id='".Database::escape_string($target)."'
WHERE c_id = $course_id AND uploader_id='".Database::escape_string($_user['user_id'])."'
AND id='".Database::escape_string($id)."'";
$sql = "UPDATE ".$dropbox_cnf["tbl_file"]." SET cat_id = ".intval($target)."
WHERE c_id = $course_id AND uploader_id = ".intval($_user['user_id'])."
AND id = ".intval($id)."";
Database::query($sql);
$return_message = get_lang('SentFileMoved');
}
@ -386,7 +386,7 @@ function store_addcategory()
// step 3b, we add the category if it does not exist yet.
if (Database::num_rows($result) == 0) {
$sql = "INSERT INTO ".$dropbox_cnf['tbl_category']." (c_id, cat_name, received, sent, user_id, session_id)
VALUES ($course_id, '".Database::escape_string($_POST['category_name'])."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', '".Database::escape_string($_user['user_id'])."',$session_id)";
VALUES ($course_id, '".Database::escape_string($_POST['category_name'])."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', ".intval($_user['user_id']).", $session_id)";
Database::query($sql);
return array('type' => 'confirmation', 'message' => get_lang('CategoryStored'));
} else {
@ -394,8 +394,8 @@ function store_addcategory()
}
} else {
$sql = "UPDATE ".$dropbox_cnf['tbl_category']." SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
WHERE c_id = $course_id AND user_id='".Database::escape_string($_user['user_id'])."'
AND cat_id='".Database::escape_string($_POST['edit_id'])."'";
WHERE c_id = $course_id AND user_id = ".intval($_user['user_id'])."
AND cat_id = ".intval($_POST['edit_id'])."";
Database::query($sql);
return array('type' => 'confirmation', 'message' => get_lang('CategoryModified'));
}
@ -420,7 +420,7 @@ function display_addcategory_form($category_name = '', $id = '', $action)
if (isset($id) AND $id != '') {
// retrieve the category we are editing
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND cat_id='".Database::escape_string($id)."'";
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND cat_id = ".intval($id)."";
$result = Database::query($sql);
$row = Database::fetch_array($result);
@ -938,7 +938,7 @@ function display_user_link_work($user_id, $name = '') {
if ($user_id != 0) {
if (empty($name)) {
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT * FROM $table_user WHERE user_id='".Database::escape_string($user_id)."'";
$sql = "SELECT * FROM $table_user WHERE user_id = ".intval($user_id)."";
$result = Database::query($sql);
$row = Database::fetch_array($result);
return '<a href="../user/userInfo.php?uInfo='.$row['user_id'].'">'.api_get_person_name($row['firstname'], $row['lastname']).'</a>';
@ -1264,7 +1264,7 @@ function get_last_tool_access($tool, $course_code = '', $user_id='')
$sql = "SELECT access_date FROM $table_last_access
WHERE
access_user_id='".Database::escape_string($user_id)."' AND
access_user_id = ".intval($user_id)." AND
access_cours_code='".Database::escape_string($course_code)."' AND
access_tool='".Database::escape_string($tool)."'
ORDER BY access_date DESC

6
main/exercice/addlimits.php
Unescape View File

@ -169,9 +169,9 @@ Time :
* @todo shouldn't this be moved to the part above (around line 111: action handling)
*/
if (isset($_POST['ok'])) {
$exercise_id = Database::escape_string($_POST['exe_id']);
$exercise_id = intval($_POST['exe_id']);
if ($_POST['limit']==1) {
$minutes = Database::escape_string($_POST['minutes']);
$minutes = intval($_POST['minutes']);
$query = "UPDATE ".$TBL_EXERCICES." SET ques_time_limit= $minutes WHERE id= $exercise_id";
Database::query($query);
} else {
@ -180,7 +180,7 @@ if (isset($_POST['ok'])) {
}
if ($_POST['attempt']==1) {
$attempts = Database::escape_string($_POST['attempts']);
$attempts = intval($_POST['attempts']);
$query = "UPDATE ".$TBL_EXERCICES." SET num_attempts = $attempts WHERE id= $exercise_id";
Database::query($query);
} else {

2
main/exercice/answer.class.php
Unescape View File

@ -495,7 +495,7 @@ class Answer
hotspot_coordinates = '".Database::escape_string($hotspot_coordinates)."',
hotspot_type = '".Database::escape_string($hotspot_type)."'
WHERE c_id = {$this->course_id} AND id = '$id'
AND question_id = '".Database::escape_string($questionId)."'";
AND question_id = ".intval($questionId)."";
Database::query($sql);
}

2
main/exercice/answer_admin.inc.php
Unescape View File

@ -1013,7 +1013,7 @@ if ($modifyAnswers) {
?>
<h3>
<?php echo $questionName; ?></h3><?php
$sql = "select description from " . $TBL_QUESTIONS . " WHERE id = '" . Database::escape_string($questionId) . "'";
$sql = "select description from " . $TBL_QUESTIONS . " WHERE id = " . intval($questionId) . "";
$res = Database::query($sql, _FILE_, _LINE_);
?>
&nbsp; &nbsp; &nbsp;

70
main/exercice/exercise.class.php
Unescape View File

@ -446,7 +446,7 @@ class Exercise
$sql = "SELECT DISTINCT e.question_order
FROM $TBL_EXERCICE_QUESTION e INNER JOIN $TBL_QUESTIONS q
ON (e.question_id = q.id AND e.c_id = ".$this->course_id." AND q.c_id = ".$this->course_id.")
WHERE e.exercice_id = '".Database::escape_string($this->id)."'";
WHERE e.exercice_id = ".intval($this->id)."";
$result = Database::query($sql);
$count_question_orders = Database::num_rows($result);
@ -454,7 +454,7 @@ class Exercise
$sql = "SELECT e.question_id, e.question_order
FROM $TBL_EXERCICE_QUESTION e INNER JOIN $TBL_QUESTIONS q
ON (e.question_id= q.id AND e.c_id = ".$this->course_id." AND q.c_id = ".$this->course_id.")
WHERE e.exercice_id = '".Database::escape_string($this->id)."'
WHERE e.exercice_id = ".intval($this->id)."
ORDER BY question_order";
$result = Database::query($sql);
@ -816,28 +816,28 @@ class Exercise
if ($type_e != 'simple') {
$sql .= ",sound='".Database::escape_string($sound)."',
type ='".Database::escape_string($type)."',
random ='".Database::escape_string($random)."',
random_answers ='".Database::escape_string($random_answers)."',
active ='".Database::escape_string($active)."',
feedback_type ='".Database::escape_string($feedback_type)."',
type = ".intval($type).",
random = ".intval($random).",
random_answers = ".intval($random_answers).",
active = ".intval($active).",
feedback_type = ".intval($feedback_type).",
start_time = '$start_time',
end_time = '$end_time',
max_attempt ='".Database::escape_string($attempts)."',
expired_time ='".Database::escape_string($expired_time)."',
propagate_neg ='".Database::escape_string($propagate_neg)."',
review_answers ='".Database::escape_string($review_answers)."',
random_by_category='".Database::escape_string($randomByCat)."',
max_attempt = ".intval($attempts).",
expired_time = ".intval($expired_time).",
propagate_neg = ".intval($propagate_neg).",
review_answers = ".intval($review_answers).",
random_by_category= ".intval($randomByCat).",
text_when_finished = '".Database::escape_string($text_when_finished)."',
display_category_name = '".Database::escape_string($display_category_name)."',
pass_percentage = '".Database::escape_string($pass_percentage)."',
results_disabled='".Database::escape_string($results_disabled)."'";
display_category_name = ".intval($display_category_name).",
pass_percentage = ".intval($pass_percentage).",
results_disabled= ".intval($results_disabled)."";
}
$sql .= " WHERE c_id = ".$this->course_id." AND id='".Database::escape_string($id)."'";
$sql .= " WHERE c_id = ".$this->course_id." AND id = ".intval($id)."";
Database::query($sql);
// update into the item_property table
api_item_property_update($_course, TOOL_QUIZ, $id,'QuizUpdated',api_get_user_id());
api_item_property_update($_course, TOOL_QUIZ, $id, 'QuizUpdated', api_get_user_id());
if (api_get_setting('search_enabled')=='true') {
$this->search_engine_edit();
@ -871,20 +871,20 @@ class Exercise
'".Database::escape_string($exercise)."',
'".Database::escape_string($description)."',
'".Database::escape_string($sound)."',
'".Database::escape_string($type)."',
'".Database::escape_string($random)."',
'".Database::escape_string($random_answers)."',
'".Database::escape_string($active)."',
'".Database::escape_string($results_disabled)."',
'".Database::escape_string($attempts)."',
'".Database::escape_string($feedback_type)."',
'".Database::escape_string($expired_time)."',
'".Database::escape_string($session_id)."',
'".Database::escape_string($review_answers)."',
'".Database::escape_string($randomByCat)."',
".intval($type).",
".intval($random).",
".intval($random_answers).",
".intval($active).",
".intval($results_disabled).",
".intval($attempts).",
".intval($feedback_type).",
".intval($expired_time).",
".intval($session_id).",
".intval($review_answers).",
".intval($randomByCat).",
'".Database::escape_string($text_when_finished)."',
'".Database::escape_string($display_category_name)."',
'".Database::escape_string($pass_percentage)."'
".intval($display_category_name).",
".intval($pass_percentage)."
)";
Database::query($sql);
$this->id = Database::insert_id();
@ -986,7 +986,7 @@ class Exercise
{
$TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST);
$sql = "UPDATE $TBL_EXERCICES SET active='-1'
WHERE c_id = ".$this->course_id." AND id='".Database::escape_string($this->id)."'";
WHERE c_id = ".$this->course_id." AND id = ".intval($this->id)."";
Database::query($sql);
api_item_property_update($this->course, TOOL_QUIZ, $this->id, 'QuizDeleted', api_get_user_id());
api_item_property_update($this->course, TOOL_QUIZ, $this->id, 'delete', api_get_user_id());
@ -1914,7 +1914,7 @@ class Exercise
buttons: {
'".addslashes(get_lang("EndTest"))."': function() {
$('#clock_warning').dialog('close');
},
}
},
close: function() {
send_form();
@ -2515,7 +2515,7 @@ class Exercise
$queryfill = "SELECT answer FROM ".$TBL_TRACK_ATTEMPT."
WHERE
exe_id = '".$exeId."' AND
question_id= '".Database::escape_string($questionId)."'";
question_id= ".intval($questionId)."";
$resfill = Database::query($queryfill);
$str = Database::result($resfill, 0, 'answer');
@ -2641,7 +2641,7 @@ class Exercise
$queryfill = "SELECT answer FROM ".$TBL_TRACK_ATTEMPT."
WHERE
exe_id = '".$exeId."' AND
question_id= '".Database::escape_string($questionId)."'";
question_id= ".intval($questionId)."";
$resfill = Database::query($queryfill);
$str = Database::result($resfill, 0, 'answer');
api_preg_match_all('#\[([^[]*)\]#', $str, $arr);
@ -2832,7 +2832,7 @@ class Exercise
WHERE
hotspot_exe_id = '".$exeId."' AND
hotspot_question_id= '".$questionId."' AND
hotspot_answer_id = '".Database::escape_string($answerId)."'";
hotspot_answer_id = ".intval($answerId)."";
$result = Database::query($sql);
$studentChoice = Database::result($result, 0, "hotspot_correct");

4
main/exercice/exercise_show.php
Unescape View File

@ -243,7 +243,7 @@ $sql = "SELECT attempts.question_id, answer
ON
questions.id=quizz_rel_questions.question_id AND
questions.c_id = ".api_get_course_int_id()."
WHERE attempts.exe_id='".Database::escape_string($id)."' $user_restriction
WHERE attempts.exe_id = ".intval($id)." $user_restriction
GROUP BY quizz_rel_questions.question_order, attempts.question_id";
$result = Database::query($sql);
@ -487,7 +487,7 @@ foreach ($questionList as $questionId) {
}
//showing the score
$queryfree = "select marks from ".$TBL_TRACK_ATTEMPT." WHERE exe_id = '".Database::escape_string($id)."' and question_id= '".Database::escape_string($questionId)."'";
$queryfree = "select marks from ".$TBL_TRACK_ATTEMPT." WHERE exe_id = ".intval($id)." and question_id= ".intval($questionId)."";
$resfree = Database::query($queryfree);
$questionScore= Database::result($resfree,0,"marks");
$totalScore+=$questionScore;

4
main/exercice/hotspot_actionscript.as.php
Unescape View File

@ -37,10 +37,10 @@ $course_id = api_get_course_int_id();
// Query db for answers
if ($answer_type==HOT_SPOT_DELINEATION) {
$sql = "SELECT id, answer, hotspot_coordinates, hotspot_type, ponderation FROM $TBL_ANSWERS
WHERE c_id = $course_id AND question_id = '".Database::escape_string($questionId)."' AND hotspot_type = 'delineation' ORDER BY id";
WHERE c_id = $course_id AND question_id = ".intval($questionId)." AND hotspot_type = 'delineation' ORDER BY id";
} else {
$sql = "SELECT id, answer, hotspot_coordinates, hotspot_type, ponderation FROM $TBL_ANSWERS
WHERE c_id = $course_id AND question_id = '".Database::escape_string($questionId)."' ORDER BY id";
WHERE c_id = $course_id AND question_id = ".intval($questionId)." ORDER BY id";
}
$result = Database::query($sql);
// Init

4
main/exercice/hotspot_answers.as.php
Unescape View File

@ -39,10 +39,10 @@ $course_id = api_get_course_int_id();
if ($answer_type == HOT_SPOT_DELINEATION) {
// Query db for answers
$sql = "SELECT id, answer, hotspot_coordinates, hotspot_type FROM $TBL_ANSWERS
WHERE c_id = $course_id AND question_id = '".Database::escape_string($questionId)."' AND hotspot_type <> 'noerror' ORDER BY id";
WHERE c_id = $course_id AND question_id = ".intval($questionId)." AND hotspot_type <> 'noerror' ORDER BY id";
} else {
$sql = "SELECT id, answer, hotspot_coordinates, hotspot_type FROM $TBL_ANSWERS
WHERE c_id = $course_id AND question_id = '".Database::escape_string($questionId)."' ORDER BY id";
WHERE c_id = $course_id AND question_id = ".intval($questionId)." ORDER BY id";
}
$result = Database::query($sql);
// Init

2
main/exercice/hotspot_save.inc.php
Unescape View File

@ -40,6 +40,6 @@ if ($_GET['type'] == "poly" || $_GET['type'] == "delineation" || $_GET['type'] =
}
$course_id = api_get_course_int_id();
$sql = "UPDATE $TBL_ANSWER SET hotspot_coordinates = '".Database::escape_string($hotspot_coordinates)."',hotspot_type = '".Database::escape_string($hotspot_type)."'
WHERE c_id = $course_id AND id = '".Database::escape_string($answerId)."' AND question_id ='".Database::escape_string($questionId)."' LIMIT 1 ;";
WHERE c_id = $course_id AND id = ".intval($answerId)." AND question_id = ".intval($questionId)." LIMIT 1 ;";
$result = Database::query($sql);
echo "done=done";

10
main/exercice/hotspot_savescore.inc.php
Unescape View File

@ -45,12 +45,12 @@ $coordinates = substr($coordinates,0,-1);
$TBL_TRACK_E_HOTSPOT = Database::get_statistic_table(STATISTIC_TRACK_E_HOTSPOTS);
// Save into db
$sql = "INSERT INTO $TBL_TRACK_E_HOTSPOT (user_id , course_id , quiz_id , question_id , answer_id , correct , coordinate ) VALUES (
'".Database::escape_string($_user['user_id'])."',
".intval($_user['user_id']).",
'".Database::escape_string($courseCode)."',
'".Database::escape_string($exerciseId)."',
'".Database::escape_string($questionId)."',
'".Database::escape_string($answerId)."',
'".Database::escape_string($hit)."',
".intval($exerciseId).",
".intval($questionId).",
".intval($answerId).",
".intval($hit)."',
'".Database::escape_string($coordinates)."')";
$result = Database::query($sql);
// Save insert id into session if users changes answer.

2
main/exercice/hotspot_updatescore.inc.php
Unescape View File

@ -53,5 +53,5 @@ $TBL_TRACK_E_HOTSPOT = Database::get_statistic_table(STATISTIC_TRACK_E_HOTSPOT
// update db
$update_id = $_SESSION['exerciseResult'][$questionId]['ids'][$answerId];
$sql = "UPDATE $TBL_TRACK_E_HOTSPOT SET coordinate = '".Database::escape_string($coordinates)."' WHERE id ='".Database::escape_string($update_id)."' LIMIT 1 ;;";
$sql = "UPDATE $TBL_TRACK_E_HOTSPOT SET coordinate = '".Database::escape_string($coordinates)."' WHERE id = ".intval($update_id)." LIMIT 1 ;;";
$result = Database::query($sql);

8
main/exercice/mark_free_answer.php
Unescape View File

@ -91,7 +91,7 @@ if ($action == 'mark') {
$exercise_table = Database::get_statistic_table('track_e_exercices');
#global $origin, $tbl_learnpath_user, $learnpath_id, $learnpath_item_id;
$sql = "SELECT * FROM $exercise_table
WHERE exe_user_id = '".Database::escape_string($my_usr)."' AND exe_cours_id = '".Database::escape_string($my_cid)."' AND exe_exo_id = '".Database::escape_string($my_exe)."'
WHERE exe_user_id = ".intval($my_usr)." AND exe_cours_id = '".Database::escape_string($my_cid)."' AND exe_exo_id = ".intval($my_exe)."
ORDER BY exe_date DESC";
#echo $sql;
$res = Database::query($sql);
@ -116,9 +116,9 @@ if ($action == 'mark') {
exe_weighting,
exe_date
) VALUES (
'".Database::escape_string($my_usr)."',
".intval($my_usr).",
'".Database::escape_string($my_cid)."',
'".Database::escape_string($my_exe)."',
".intval($my_exe).",
'".Database::escape_string($my_score)."',
'".Database::escape_string($obj_question->selectWeighting())."',
FROM_UNIXTIME(".$reallyNow.")
@ -148,7 +148,7 @@ Display::display_header($nameTools,"Exercise");
// 1a - result of previous marking then exit suggestion
// 1b - user answer and marking box + submit button
$objAnswerTmp = new Answer();
$objAnswerTmp = new Answer($my_qst);
$objAnswerTmp->selectAnswer($answerId);
if($action == 'mark'){

38
main/exercice/question.class.php
Unescape View File

@ -366,7 +366,7 @@ abstract class Question
// update or add category for a question
foreach ($category_list as $category_id) {
$category_id = intval($category_id);
$question_id = Database::escape_string($this->id);
$question_id = intval($this->id);
$sql = "SELECT count(*) AS nb FROM $TBL_QUESTION_REL_CATEGORY
WHERE category_id = $category_id AND question_id = $question_id AND c_id=".api_get_course_int_id();
$res = Database::query($sql);
@ -397,8 +397,8 @@ abstract class Question
// update or add category for a question
$TBL_QUESTION_REL_CATEGORY = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY);
$category_id = Database::escape_string($in_category);
$question_id = Database::escape_string($this->id);
$category_id = intval($in_category);
$question_id = intval($this->id);
$sql = "SELECT count(*) AS nb FROM $TBL_QUESTION_REL_CATEGORY
WHERE question_id=$question_id AND c_id=".api_get_course_int_id();
$res = Database::query($sql);
@ -422,7 +422,7 @@ abstract class Question
function deleteCategory()
{
$TBL_QUESTION_REL_CATEGORY = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY);
$question_id = Database::escape_string($this->id);
$question_id = intval($this->id);
$sql = "DELETE FROM $TBL_QUESTION_REL_CATEGORY
WHERE question_id=$question_id AND c_id=".api_get_course_int_id();
Database::query($sql);
@ -470,7 +470,7 @@ abstract class Question
// if we don't change from "unique answer" to "multiple answers" (or conversely)
if(!in_array($this->type,array(UNIQUE_ANSWER,MULTIPLE_ANSWER)) || !in_array($type,array(UNIQUE_ANSWER,MULTIPLE_ANSWER))) {
// removes old answers
$sql="DELETE FROM $TBL_REPONSES WHERE c_id = $course_id AND question_id='".Database::escape_string($this->id)."'";
$sql="DELETE FROM $TBL_REPONSES WHERE c_id = $course_id AND question_id = ".intval($this->id)."";
Database::query($sql);
}
@ -735,7 +735,7 @@ abstract class Question
picture ='".Database::escape_string($picture)."',
extra ='".Database::escape_string($extra)."',
level ='".Database::escape_string($level)."'
WHERE c_id = $c_id AND id='".Database::escape_string($id)."'";
WHERE c_id = $c_id AND id = ".intval($id)."";
Database::query($sql);
$this->saveCategory($category);
if (!empty($exerciseId)) {
@ -755,7 +755,7 @@ abstract class Question
// creates a new question
$sql = "SELECT max(position) FROM $TBL_QUESTIONS as question, $TBL_EXERCICE_QUESTION as test_question
WHERE question.id = test_question.question_id AND
test_question.exercice_id = '".Database::escape_string($exerciseId)."' AND
test_question.exercice_id = ".intval($exerciseId)." AND
question.c_id = $c_id AND
test_question.c_id = $c_id ";
$result = Database::query($sql);
@ -783,14 +783,14 @@ abstract class Question
if ($type == HOT_SPOT || $type == HOT_SPOT_ORDER) {
$TBL_ANSWERS = Database::get_course_table(TABLE_QUIZ_ANSWER);
$sql = "INSERT INTO $TBL_ANSWERS (c_id, id, question_id , answer , correct , comment , ponderation , position , hotspot_coordinates , hotspot_type )
VALUES (".$c_id.", '1', '".Database::escape_string($this->id)."', '', NULL , '', '10' , '1', '0;0|0|0', 'square')";
VALUES (".$c_id.", '1', ".intval($this->id).", '', NULL , '', '10' , '1', '0;0|0|0', 'square')";
Database::query($sql);
}
if ($type == HOT_SPOT_DELINEATION ) {
$TBL_ANSWERS = Database::get_course_table(TABLE_QUIZ_ANSWER);
$sql="INSERT INTO $TBL_ANSWERS (c_id, id, question_id , answer , correct , comment , ponderation , position , hotspot_coordinates , hotspot_type )
VALUES (".$c_id.", '1', '".Database::escape_string($this->id)."', '', NULL , '', '10' , '1', '0;0|0|0', 'delineation')";
VALUES (".$c_id.", '1', ".intval($this->id).", '', NULL , '', '10' , '1', '0;0|0|0', 'delineation')";
Database::query($sql);
}
@ -944,7 +944,7 @@ abstract class Question
$count = $new_exercise->selectNbrQuestions();
$count++;
$sql="INSERT INTO $TBL_EXERCICE_QUESTION (c_id, question_id, exercice_id, question_order) VALUES
({$this->course['real_id']}, '".Database::escape_string($id)."','".Database::escape_string($exerciseId)."', '$count' )";
({$this->course['real_id']}, ".intval($id).", ".intval($exerciseId).", '$count' )";
Database::query($sql);
// we do not want to reindex if we had just saved adnd indexed the question
@ -979,18 +979,18 @@ abstract class Question
// deletes the position in the array containing the wanted exercise ID
unset($this->exerciseList[$pos]);
//update order of other elements
$sql = "SELECT question_order FROM $TBL_EXERCICE_QUESTION WHERE c_id = $course_id AND question_id='".Database::escape_string($id)."' AND exercice_id='".Database::escape_string($exerciseId)."'";
$sql = "SELECT question_order FROM $TBL_EXERCICE_QUESTION WHERE c_id = $course_id AND question_id = ".intval($id)." AND exercice_id = ".intval($exerciseId)."";
$res = Database::query($sql);
if (Database::num_rows($res)>0) {
$row = Database::fetch_array($res);
if (!empty($row['question_order'])) {
$sql = "UPDATE $TBL_EXERCICE_QUESTION SET question_order = question_order-1
WHERE c_id = $course_id AND exercice_id='".Database::escape_string($exerciseId)."' AND question_order > ".$row['question_order'];
WHERE c_id = $course_id AND exercice_id = ".intval($exerciseId)." AND question_order > ".$row['question_order'];
$res = Database::query($sql);
}
}
$sql="DELETE FROM $TBL_EXERCICE_QUESTION WHERE c_id = $course_id AND question_id='".Database::escape_string($id)."' AND exercice_id='".Database::escape_string($exerciseId)."'";
$sql="DELETE FROM $TBL_EXERCICE_QUESTION WHERE c_id = $course_id AND question_id = ".intval($id)." AND exercice_id = ".intval($exerciseId)."";
Database::query($sql);
return true;
@ -1019,7 +1019,7 @@ abstract class Question
// if the question must be removed from all exercises
if (!$deleteFromEx) {
//update the question_order of each question to avoid inconsistencies
$sql = "SELECT exercice_id, question_order FROM $TBL_EXERCICE_QUESTION WHERE c_id = $course_id AND question_id='".Database::escape_string($id)."'";
$sql = "SELECT exercice_id, question_order FROM $TBL_EXERCICE_QUESTION WHERE c_id = $course_id AND question_id = ".intval($id)."";
$res = Database::query($sql);
if (Database::num_rows($res) > 0) {
@ -1027,23 +1027,23 @@ abstract class Question
if (!empty($row['question_order'])) {
$sql = "UPDATE $TBL_EXERCICE_QUESTION
SET question_order = question_order-1
WHERE c_id = $course_id AND exercice_id='".Database::escape_string($row['exercice_id'])."' AND question_order > ".$row['question_order'];
WHERE c_id = $course_id AND exercice_id = ".intval($row['exercice_id'])." AND question_order > ".$row['question_order'];
Database::query($sql);
}
}
}
$sql = "DELETE FROM $TBL_EXERCICE_QUESTION WHERE c_id = $course_id AND question_id='".Database::escape_string($id)."'";
$sql = "DELETE FROM $TBL_EXERCICE_QUESTION WHERE c_id = $course_id AND question_id = ".intval($id)."";
Database::query($sql);
$sql = "DELETE FROM $TBL_QUESTIONS WHERE c_id = $course_id AND id='".Database::escape_string($id)."'";
$sql = "DELETE FROM $TBL_QUESTIONS WHERE c_id = $course_id AND id = ".intval($id)."";
Database::query($sql);
$sql = "DELETE FROM $TBL_REPONSES WHERE c_id = $course_id AND question_id='".Database::escape_string($id)."'";
$sql = "DELETE FROM $TBL_REPONSES WHERE c_id = $course_id AND question_id = ".intval($id)."";
Database::query($sql);
// remove the category of this question in the question_rel_category table
$sql = "DELETE FROM $TBL_QUIZ_QUESTION_REL_CATEGORY WHERE c_id = $course_id AND question_id='".Database::escape_string($id)."' AND c_id=".api_get_course_int_id();
$sql = "DELETE FROM $TBL_QUIZ_QUESTION_REL_CATEGORY WHERE c_id = $course_id AND question_id = ".intval($id)." AND c_id=".api_get_course_int_id();
Database::query($sql);
api_item_property_update($this->course, TOOL_QUIZ, $id,'QuizQuestionDeleted',api_get_user_id());

2
main/exercice/savescores.php
Unescape View File

@ -67,7 +67,7 @@ function save_scores($file, $score)
}
$sql = "INSERT INTO $TABLETRACK_HOTPOTATOES (exe_name, exe_user_id, exe_date, exe_cours_id, exe_result, exe_weighting) VALUES (
'".Database::escape_string($file)."',
'".Database::escape_string($user_id)."',
".intval($user_id).",
'".Database::escape_string($date)."',
'".Database::escape_string($_cid)."',
'".Database::escape_string($score)."',

20
main/exercice/testcategory.class.php
Unescape View File

@ -45,8 +45,8 @@ class Testcategory
public function getCategory($in_id)
{
$t_cattable = Database::get_course_table(TABLE_QUIZ_QUESTION_CATEGORY);
$in_id = Database::escape_string($in_id);
$sql = "SELECT * FROM $t_cattable WHERE id=$in_id AND c_id=".api_get_course_int_id();
$in_id = intval($in_id);
$sql = "SELECT * FROM $t_cattable WHERE id = $in_id AND c_id=".api_get_course_int_id();
$res = Database::query($sql);
$numrows = Database::num_rows($res);
if ($numrows > 0) {
@ -104,7 +104,7 @@ class Testcategory
{
$t_cattable = Database :: get_course_table(TABLE_QUIZ_QUESTION_CATEGORY);
$tbl_question_rel_cat = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY);
$v_id = Database::escape_string($this->id);
$v_id = intval($this->id);
$sql = "DELETE FROM $t_cattable WHERE id=$v_id AND c_id=".api_get_course_int_id();
Database::query($sql);
if (Database::affected_rows() <= 0) {
@ -127,11 +127,11 @@ class Testcategory
public function modifyCategory()
{
$t_cattable = Database :: get_course_table(TABLE_QUIZ_QUESTION_CATEGORY);
$v_id = Database::escape_string($this->id);
$v_id = intval($this->id);
$v_name = Database::escape_string($this->name);
$v_description = Database::escape_string($this->description);
$sql = "UPDATE $t_cattable SET title='$v_name', description='$v_description'
WHERE id='$v_id' AND c_id=".api_get_course_int_id();
WHERE id = $v_id AND c_id=".api_get_course_int_id();
Database::query($sql);
if (Database::affected_rows() <= 0) {
return false;
@ -156,7 +156,7 @@ class Testcategory
public function getCategoryQuestionsNumber()
{
$t_reltable = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY);
$in_id = Database::escape_string($this->id);
$in_id = intval($this->id);
$sql = "SELECT count(*) AS nb FROM $t_reltable
WHERE category_id=$in_id AND c_id=".api_get_course_int_id();
$res = Database::query($sql);
@ -221,9 +221,9 @@ class Testcategory
$courseId = api_get_course_int_id();
}
$table = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY);
$questionId = Database::escape_string($questionId);
$questionId = intval($questionId);
$sql = "SELECT category_id FROM $table
WHERE question_id='$questionId' AND c_id = $courseId";
WHERE question_id = $questionId AND c_id = $courseId";
$res = Database::query($sql);
if (Database::num_rows($res) > 0) {
$data = Database::fetch_array($res);
@ -256,8 +256,8 @@ class Testcategory
$catid = Testcategory::getCategoryForQuestion($in_questionid, $in_courseid);
$result = ""; // result
$t_cattable = Database::get_course_table(TABLE_QUIZ_QUESTION_CATEGORY);
$catid = Database::escape_string($catid);
$sql = "SELECT title FROM $t_cattable WHERE id='$catid' AND c_id=$in_courseid";
$catid = intval($catid);
$sql = "SELECT title FROM $t_cattable WHERE id = $catid AND c_id = $in_courseid";
$res = Database::query($sql);
$data = Database::fetch_array($res);
if (Database::num_rows($res) > 0) {

58
main/forum/forumfunction.inc.php
Unescape View File

@ -542,7 +542,7 @@ function store_forumcategory($values)
$sql = "UPDATE ".$table_categories." SET
cat_title='".$clean_cat_title."',
cat_comment='".Database::escape_string($values['forum_category_comment'])."'
WHERE c_id = $course_id AND cat_id='".Database::escape_string($values['forum_category_id'])."'";
WHERE c_id = $course_id AND cat_id= ".intval($values['forum_category_id'])."";
Database::query($sql);
Database::insert_id();
api_item_property_update(
@ -676,7 +676,7 @@ function store_forum($values)
forum_group_public_private='".Database::escape_string($values['public_private_group_forum_group']['public_private_group_forum'])."',
default_view='".Database::escape_string($values['default_view_type_group']['default_view_type'])."',
forum_of_group='".Database::escape_string($values['group_forum'])."'
WHERE c_id = $course_id AND forum_id='".Database::escape_string($values['forum_id'])."'";
WHERE c_id = $course_id AND forum_id = ".intval($values['forum_id'])."";
Database::query($sql);
api_item_property_update(
@ -845,7 +845,7 @@ function delete_post($post_id)
// Note: This has to be a recursive function that deletes all of the posts in this block.
$sql = "DELETE FROM $table_posts
WHERE c_id = $course_id AND post_id='".Database::escape_string($post_id)."'";
WHERE c_id = $course_id AND post_id = ".intval($post_id)."";
Database::query($sql);
// Delete attachment file about this post id.
@ -857,16 +857,16 @@ function delete_post($post_id)
if (is_array($last_post_of_thread)) {
// Decreasing the number of replies for this thread and also changing the last post information.
$sql = "UPDATE $table_threads SET thread_replies=thread_replies-1,
thread_last_post='".Database::escape_string($last_post_of_thread['post_id'])."',
thread_last_post = ".intval($last_post_of_thread['post_id']).",
thread_date='".Database::escape_string($last_post_of_thread['post_date'])."'
WHERE c_id = $course_id AND thread_id='".intval($_GET['thread'])."'";
WHERE c_id = $course_id AND thread_id = ".intval($_GET['thread'])."";
Database::query($sql);
return 'PostDeleted';
}
if (!$last_post_of_thread) {
// We deleted the very single post of the thread so we need to delete the entry in the thread table also.
$sql = "DELETE FROM $table_threads
WHERE c_id = $course_id AND thread_id='".intval($_GET['thread'])."'";
WHERE c_id = $course_id AND thread_id = ".intval($_GET['thread'])."";
Database::query($sql);
return 'PostDeletedSpecial';
}
@ -887,7 +887,7 @@ function check_if_last_post_of_thread($thread_id)
$table_posts = Database :: get_course_table(TABLE_FORUM_POST);
$course_id = api_get_course_int_id();
$sql = "SELECT * FROM $table_posts
WHERE c_id = $course_id AND thread_id='".Database::escape_string($thread_id)."'
WHERE c_id = $course_id AND thread_id = ".intval($thread_id)."
ORDER BY post_date DESC";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
@ -1150,7 +1150,7 @@ function move_up_down($content, $direction, $id)
$sort_column = 'forum_order';
// We also need the forum_category of this forum.
$sql = "SELECT forum_category FROM $table_forums
WHERE c_id = $course_id AND forum_id=".Database::escape_string($id);
WHERE c_id = $course_id AND forum_id = ".intval($id);
$result = Database::query($sql);
$row = Database::fetch_array($result);
$forum_category = $row['forum_category'];
@ -1283,7 +1283,7 @@ function get_forum_categories($id = '')
WHERE
forum_categories.cat_id=item_properties.ref AND
item_properties.tool='".TOOL_FORUM_CATEGORY."' AND
forum_categories.cat_id='".Database::escape_string($id)."'
forum_categories.cat_id = ".intval($id)."
$condition_session
ORDER BY forum_categories.cat_order ASC";
}
@ -1502,7 +1502,7 @@ function get_forums(
$sql = "SELECT * FROM $table_forums forum, ".$table_item_property." item_properties
WHERE
forum.forum_id=item_properties.ref AND
forum_id='".Database::escape_string($id)."' AND
forum_id = ".intval($id)." AND
item_properties.visibility<>2 AND
item_properties.tool='".TOOL_FORUM."'
$condition_session AND
@ -1514,7 +1514,7 @@ function get_forums(
$sql2 = "SELECT count(*) AS number_of_threads, forum_id
FROM $table_threads
WHERE
forum_id=".Database::escape_string($id)." AND
forum_id = ".intval($id)." AND
c_id = $course_id
GROUP BY forum_id";
@ -1522,7 +1522,7 @@ function get_forums(
$sql3 = "SELECT count(*) AS number_of_posts, forum_id
FROM $table_posts
WHERE
forum_id=".Database::escape_string($id)." AND
forum_id = ".intval($id)." AND
c_id = $course_id
GROUP BY forum_id";
@ -1531,7 +1531,7 @@ function get_forums(
post.post_id, post.forum_id, post.poster_id, post.poster_name, post.post_date, users.lastname, users.firstname
FROM $table_posts post, $table_users users
WHERE
forum_id=".Database::escape_string($id)." AND
forum_id = ".intval($id)." AND
post.poster_id=users.user_id AND
post.c_id = $course_id
GROUP BY post.forum_id
@ -1666,7 +1666,7 @@ function get_last_post_information($forum_id, $show_invisibles = false, $course_
$table_item_property thread_properties,
$table_item_property forum_properties
WHERE
post.forum_id=".Database::escape_string($forum_id)."
post.forum_id = ".intval($forum_id)."
AND post.poster_id=users.user_id
AND post.thread_id=thread_properties.ref
AND thread_properties.tool='".TOOL_FORUM_THREAD."'
@ -1751,7 +1751,7 @@ function get_threads($forum_id, $course_code = null)
ON thread.thread_poster_id=users.user_id
WHERE
item_properties.visibility='1' AND
thread.forum_id='".Database::escape_string($forum_id)."'
thread.forum_id = ".intval($forum_id)."
ORDER BY thread.thread_sticky DESC, thread.thread_date DESC";
if (is_allowed_to_edit()) {
@ -1778,7 +1778,7 @@ function get_threads($forum_id, $course_code = null)
ON thread.thread_poster_id=users.user_id
WHERE
item_properties.visibility<>2 AND
thread.forum_id='".Database::escape_string($forum_id)."'
thread.forum_id = ".intval($forum_id)."
ORDER BY thread.thread_sticky DESC, thread.thread_date DESC";
}
$result = Database::query($sql);
@ -1818,7 +1818,7 @@ function get_posts($thread_id)
ON posts.poster_id = users.user_id
WHERE
posts.c_id = $course_id AND
posts.thread_id='".Database::escape_string($thread_id)."'
posts.thread_id = ".intval($thread_id)."
ORDER BY posts.post_id ASC";
} else {
@ -1828,7 +1828,7 @@ function get_posts($thread_id)
ON posts.poster_id=users.user_id
WHERE
posts.c_id = $course_id AND
posts.thread_id = '".Database::escape_string($thread_id)."' AND
posts.thread_id = ".intval($thread_id)." AND
posts.visible='1'
ORDER BY posts.post_id ASC";
}
@ -1860,7 +1860,7 @@ function get_post_information($post_id)
WHERE
c_id = $course_id AND
posts.poster_id=users.user_id AND
posts.post_id='".Database::escape_string($post_id)."'";
posts.post_id = ".intval($post_id)."";
$result = Database::query($sql);
$row = Database::fetch_array($result);
@ -1886,8 +1886,8 @@ function get_thread_information($thread_id)
WHERE
item_properties.tool= '".TOOL_FORUM_THREAD."' AND
item_properties.c_id = $course_id AND
item_properties.ref = '".Database::escape_string($thread_id)."' AND
threads.thread_id = '".Database::escape_string($thread_id)."' AND
item_properties.ref = ".intval($thread_id)." AND
threads.thread_id = ".intval($thread_id)." AND
threads.c_id = $course_id
";
$result = Database::query($sql);
@ -1934,8 +1934,8 @@ function get_thread_users_details($thread_id)
user.user_id = session_rel_user_rel_course.id_user AND
session_rel_user_rel_course.status<>'2' AND
session_rel_user_rel_course.id_user NOT IN ($user_to_avoid) AND
thread_id = '".Database::escape_string($thread_id)."' AND
id_session = '".api_get_session_id()."' AND
thread_id = ".intval($thread_id)." AND
id_session = ".api_get_session_id()." AND
c_id = $course_id AND
course_code = '".$course_code."' $orderby ";
} else {
@ -1944,7 +1944,7 @@ function get_thread_users_details($thread_id)
WHERE poster_id = user.user_id
AND user.user_id = course_user.user_id
AND course_user.relation_type<>".COURSE_RELATION_TYPE_RRHH."
AND thread_id = '".Database::escape_string($thread_id)."'
AND thread_id = ".intval($thread_id)."
AND course_user.status NOT IN('1') AND
c_id = $course_id AND
course_code = '".$course_code."' $orderby";
@ -3408,7 +3408,7 @@ function handle_mail_cue($content, $id)
if ($content == 'post') {
// Getting the information about the post (need the thread_id).
$post_info = get_post_information($id);
$thread_id = Database::escape_string($post_info['thread_id']);
$thread_id = intval($post_info['thread_id']);
// Sending the mail to all the users that wanted to be informed for replies on this thread.
$sql = "SELECT users.firstname, users.lastname, users.user_id, users.email
@ -3434,9 +3434,9 @@ function handle_mail_cue($content, $id)
WHERE
posts.c_id = $course_id AND
mailcue.c_id = $course_id AND
posts.thread_id='".Database::escape_string($id)."'
posts.thread_id = ".intval($id)."
AND posts.post_notification='1'
AND mailcue.thread_id='".Database::escape_string($id)."'
AND mailcue.thread_id = ".intval($id)."
AND users.user_id=posts.poster_id
AND users.active=1
GROUP BY users.email";
@ -4490,8 +4490,8 @@ function count_number_of_post_for_user_thread($thread_id, $user_id)
$course_id = api_get_course_int_id();
$sql = "SELECT count(*) as count FROM $table_posts
WHERE c_id = $course_id AND
thread_id=".Database::escape_string($thread_id)." AND
poster_id = ".Database::escape_string($user_id)." AND visible = 1 ";
thread_id=".intval($thread_id)." AND
poster_id = ".intval($user_id)." AND visible = 1 ";
$result = Database::query($sql);
$count = 0;
if (Database::num_rows($result) > 0) {

4
main/gradebook/lib/be/abstractlink.class.php
Unescape View File

@ -172,13 +172,13 @@ abstract class AbstractLink implements GradebookItem
$sql = 'SELECT * FROM '.$tbl_grade_links;
$paramcount = 0;
if (isset ($id)) {
$sql.= ' WHERE id = '.Database::escape_string($id);
$sql.= ' WHERE id = '.intval($id);
$paramcount ++;
}
if (isset ($type)) {
if ($paramcount != 0) $sql .= ' AND';
else $sql .= ' WHERE';
$sql .= ' type = '.Database::escape_string($type);
$sql .= ' type = '.intval($type);
$paramcount ++;
}
if (isset ($ref_id)) {

8
main/gradebook/lib/be/category.class.php
Unescape View File

@ -441,7 +441,7 @@ class Category implements GradebookItem
$sql .= ', '.intval($this->get_grade_model_id());
}
if (isset($this->certificate_min_score) && !empty($this->certificate_min_score)) {
$sql .= ', '.Database::escape_string($this->get_certificate_min_score());
$sql .= ', '.intval($this->get_certificate_min_score());
}
$sql .= ')';
Database::query($sql);
@ -516,15 +516,15 @@ class Category implements GradebookItem
}
$sql .= ', certif_min_score = ';
if (isset($this->certificate_min_score) && !empty($this->certificate_min_score)) {
$sql .= Database::escape_string($this->get_certificate_min_score());
$sql .= intval($this->get_certificate_min_score());
} else {
$sql .= 'null';
}
if (isset($this->grade_model_id)) {
$sql .= ', grade_model_id = '.intval($this->get_grade_model_id());
}
$sql .= ', weight = '.Database::escape_string($this->get_weight())
.', visible = '.intval($this->is_visible())
$sql .= ', weight = "'.Database::escape_string($this->get_weight())
.'", visible = '.intval($this->is_visible())
.' WHERE id = '.intval($this->id);
Database::query($sql);

2
main/gradebook/lib/be/evaluation.class.php
Unescape View File

@ -328,7 +328,7 @@ class Evaluation implements GradebookItem
$sql .= 'null';
}
$sql .= ', weight = "'.Database::escape_string($this->get_weight()).'" '
.', max = '.Database::escape_string($this->get_max())
.', max = '.intval($this->get_max())
.', visible = '.intval($this->is_visible())
.' WHERE id = '.intval($this->id);
//recorded history

6
main/gradebook/lib/be/result.class.php
Unescape View File

@ -125,7 +125,7 @@ class Result
LEFT JOIN $tbl_user u ON gr.user_id = u.user_id ";
$paramcount = 0;
if (!empty($id)) {
$sql.= ' WHERE gr.id = ' . Database::escape_string($id);
$sql.= ' WHERE gr.id = ' . intval($id);
$paramcount ++;
}
if (!empty($user_id)) {
@ -133,7 +133,7 @@ class Result
$sql .= ' AND';
else
$sql .= ' WHERE';
$sql .= ' gr.user_id = ' . Database::escape_string($user_id);
$sql .= ' gr.user_id = ' . intval($user_id);
$paramcount ++;
}
if (!empty($evaluation_id)) {
@ -142,7 +142,7 @@ class Result
} else {
$sql .= ' WHERE';
}
$sql .= ' gr.evaluation_id = ' . Database::escape_string($evaluation_id);
$sql .= ' gr.evaluation_id = ' . intval($evaluation_id);
$paramcount ++;
}
$sql .= ' ORDER BY u.lastname, u.firstname';

3
main/gradebook/lib/fe/linkform.class.php
Unescape View File

@ -57,6 +57,7 @@ class LinkForm extends FormValidator
$this->addElement('static',null,null,'"'.$this->link_object->get_name().'" ');
$this->addElement('static',null,null,get_lang('MoveTo').' : ');
$select = $this->addElement('select','move_cat',null,null);
$line = '';
foreach ($this->link_object->get_target_categories() as $cat) {
for ($i=0;$i<$cat[2];$i++) {
$line .= '&mdash;';
@ -120,7 +121,7 @@ class LinkForm extends FormValidator
if (!empty($courseCode)) {
$link->set_course_code($courseCode);
} elseif(!empty($_GET['course_code'])) {
$link->set_course_code(Database::escape_string($_GET['course_code']));
$link->set_course_code(Database::escape_string($_GET['course_code'], null, false));
}
return $link;

6
main/gradebook/lib/gradebook_functions.inc.php
Unescape View File

@ -645,7 +645,7 @@ function get_list_users_certificates($cat_id = null, $userList = array())
FROM ' . $table_user . ' u
INNER JOIN ' . $table_certificate . ' gc ON u.user_id=gc.user_id ';
if (!is_null($cat_id) && $cat_id > 0) {
$sql.=' WHERE cat_id=' . Database::escape_string($cat_id);
$sql.=' WHERE cat_id=' . intval($cat_id);
}
if (!empty($userList)) {
$userList = array_map('intval', $userList);
@ -674,9 +674,9 @@ function get_list_gradebook_certificates_by_user_id($user_id, $cat_id = null)
$table_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
$sql = 'SELECT gc.score_certificate, gc.created_at, gc.path_certificate, gc.cat_id, gc.user_id, gc.id
FROM ' . $table_certificate . ' gc
WHERE gc.user_id="' . Database::escape_string($user_id) . '" ';
WHERE gc.user_id="' . intval($user_id) . '" ';
if (!is_null($cat_id) && $cat_id > 0) {
$sql.=' AND cat_id=' . Database::escape_string($cat_id);
$sql.=' AND cat_id=' . intval($cat_id);
}
$rs = Database::query($sql);

2
main/inc/introductionSection.inc.php
Unescape View File

@ -91,7 +91,7 @@ $form->addElement('style_submit_button', 'intro_cmdUpdate', get_lang('SaveIntroT
$course_id = api_get_course_int_id();
if ($intro_editAllowed) {
$moduleId = Database::escape_string($moduleId);
$moduleId = intval($moduleId);
/* Replace command */
if ($intro_cmdUpdate) {

3
main/inc/lib/urlmanager.lib.php
Unescape View File

@ -93,8 +93,9 @@ class UrlManager
*/
public static function url_id_exist($url)
{
if (empty($url)) { return false; }
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT id FROM $table_access_url WHERE id = '".Database::escape_string($url)."' ";
$sql = "SELECT id FROM $table_access_url WHERE id = ".intval($url)."";
$res = Database::query($sql);
$num = Database::num_rows($res);
return $num;

2
main/inc/local.inc.php
Unescape View File

@ -133,7 +133,7 @@ if (isset($_SESSION['conditional_login']['uid']) && $_SESSION['conditional_login
// parameters passed via GET
$logout = isset($_GET["logout"]) ? $_GET["logout"] : '';
$gidReq = isset($_GET["gidReq"]) ? Database::escape_string($_GET["gidReq"]) : '';
$gidReq = isset($_GET["gidReq"]) ? intval($_GET["gidReq"]) : '';
//this fixes some problems with generic functionalities like
//My Agenda & What's New icons linking to courses

Write Preview
Loading…
Cancel
Save