chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add intval, fix PHP warnings.

Browse Source
1.10.x
Julio Montoya 11 years ago
parent b253e61452
commit e952291c18
3 changed files with 49 additions and 36 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 35
      main/admin/course_request_accepted.php
  2. 36
      main/admin/course_request_rejected.php
  3. 14
      main/admin/course_request_review.php

35
main/admin/course_request_accepted.php
Unescape View File

@ -23,8 +23,8 @@ api_protect_admin_script();
$course_validation_feature = api_get_setting('course_validation') == 'true';
// Filltering passed to this page parameters.
$delete_course_request = intval($_GET['delete_course_request']);
$message = trim(Security::remove_XSS(stripslashes(urldecode($_GET['message']))));
$delete_course_request = isset($_GET['delete_course_request']) ? intval($_GET['delete_course_request']) : '';
$message = isset($_GET['message']) ? trim(Security::remove_XSS(stripslashes(urldecode($_GET['message'])))) : '';
$is_error_message = !empty($_GET['is_error_message']);
if ($course_validation_feature) {
@ -84,17 +84,28 @@ function get_request_data($from, $number_of_items, $column, $direction)
$keyword = isset($_GET['keyword']) ? Database::escape_string(trim($_GET['keyword'])) : null;
$course_request_table = Database :: get_main_table(TABLE_MAIN_COURSE_REQUEST);
$sql = "SELECT id AS col0,
code AS col1,
title AS col2,
category_code AS col3,
tutor_name AS col4,
request_date AS col5,
id AS col6
FROM $course_request_table WHERE status = ".COURSE_REQUEST_ACCEPTED;
$from = intval($from);
$number_of_items = intval($number_of_items);
$column = intval($column);
$direction = !in_array(strtolower(trim($direction)), ['asc','desc']) ? 'asc' : $direction;
$sql = "SELECT
id AS col0,
code AS col1,
title AS col2,
category_code AS col3,
tutor_name AS col4,
request_date AS col5,
id AS col6
FROM $course_request_table
WHERE status = ".COURSE_REQUEST_ACCEPTED;
if ($keyword != '') {
$sql .= " AND (title LIKE '%".$keyword."%' OR code LIKE '%".$keyword."%' OR visual_code LIKE '%".$keyword."%')";
$sql .= " AND (
title LIKE '%".$keyword."%' OR
code LIKE '%".$keyword."%' OR
visual_code LIKE '%".$keyword."%'
)";
}
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
@ -149,7 +160,6 @@ $form->addButtonSearch(get_lang('Search'));
// The action bar.
echo '<div style="float: right; margin-top: 5px; margin-right: 5px;">';
//echo '<a href="course_list.php">'.Display::return_icon('courses.gif', get_lang('CourseList')).get_lang('CourseList').'</a>';
echo ' <a href="course_request_review.php">'.Display::return_icon('course_request_pending.png', get_lang('ReviewCourseRequests')).get_lang('ReviewCourseRequests').'</a>';
echo ' <a href="course_request_rejected.php">'.Display::return_icon('course_request_rejected.gif', get_lang('RejectedCourseRequests')).get_lang('RejectedCourseRequests').'</a>';
echo '</div>';
@ -159,7 +169,6 @@ echo '</div>';
// Create a sortable table with the course data.
$table = new SortableTable('course_requests_accepted', 'get_number_of_requests', 'get_request_data', 5, 20, 'DESC');
//$table->set_additional_parameters($parameters);
$table->set_header(0, '', false);
$table->set_header(1, get_lang('Code'));
$table->set_header(2, get_lang('Title'));

36
main/admin/course_request_rejected.php
Unescape View File

@ -23,12 +23,12 @@ api_protect_admin_script();
$course_validation_feature = api_get_setting('course_validation') == 'true';
// Filltering passed to this page parameters.
$accept_course_request = intval($_GET['accept_course_request']);
$delete_course_request = intval($_GET['delete_course_request']);
$request_info = intval($_GET['request_info']);
$message = trim(Security::remove_XSS(stripslashes(urldecode($_GET['message']))));
$accept_course_request = isset($_GET['accept_course_request']) ? intval($_GET['accept_course_request']) : '';
$delete_course_request = isset($_GET['delete_course_request']) ? intval($_GET['delete_course_request']) : '';
$request_info = isset($_GET['request_info']) ? intval($_GET['request_info']) : '';
$message = isset($_GET['message']) ? trim(Security::remove_XSS(stripslashes(urldecode($_GET['message'])))) : '';
$is_error_message = !empty($_GET['is_error_message']);
$keyword = Database::escape_string(trim($_GET['keyword']));
$keyword = isset($_GET['keyword']) ? Database::escape_string(trim($_GET['keyword'])) : '';
if ($course_validation_feature) {
@ -109,17 +109,23 @@ function get_number_of_requests() {
*/
function get_request_data($from, $number_of_items, $column, $direction) {
global $keyword;
$course_request_table = Database :: get_main_table(TABLE_MAIN_COURSE_REQUEST);
$sql = "SELECT id AS col0,
code AS col1,
title AS col2,
category_code AS col3,
tutor_name AS col4,
request_date AS col5,
id AS col6
FROM $course_request_table WHERE status = ".COURSE_REQUEST_REJECTED;
$from = intval($from);
$number_of_items = intval($number_of_items);
$column = intval($column);
$direction = !in_array(strtolower(trim($direction)), ['asc','desc']) ? 'asc' : $direction;
$sql = "SELECT
id AS col0,
code AS col1,
title AS col2,
category_code AS col3,
tutor_name AS col4,
request_date AS col5,
id AS col6
FROM $course_request_table
WHERE status = ".COURSE_REQUEST_REJECTED;
if ($keyword != '') {
$sql .= " AND (title LIKE '%".$keyword."%' OR code LIKE '%".$keyword."%' OR visual_code LIKE '%".$keyword."%')";
@ -182,7 +188,6 @@ $form->addButtonSearch(get_lang('Search'));
// The action bar.
echo '<div style="float: right; margin-top: 5px; margin-right: 5px;">';
//echo '<a href="course_list.php">'.Display::return_icon('courses.gif', get_lang('CourseList')).get_lang('CourseList').'</a>';
echo ' <a href="course_request_review.php">'.Display::return_icon('course_request_pending.png', get_lang('ReviewCourseRequests')).get_lang('ReviewCourseRequests').'</a>';
echo ' <a href="course_request_accepted.php">'.Display::return_icon('course_request_accepted.gif', get_lang('AcceptedCourseRequests')).get_lang('AcceptedCourseRequests').'</a>';
echo '</div>';
@ -192,7 +197,6 @@ echo '</div>';
// Create a sortable table with the course data.
$table = new SortableTable('course_requests_rejected', 'get_number_of_requests', 'get_request_data', 5, 20, 'DESC');
//$table->set_additional_parameters($parameters);
$table->set_header(0, '', false);
$table->set_header(1, get_lang('Code'));
$table->set_header(2, get_lang('Title'));

14
main/admin/course_request_review.php
Unescape View File

@ -24,13 +24,13 @@ api_protect_admin_script();
$course_validation_feature = api_get_setting('course_validation') == 'true';
// Filltering passed to this page parameters.
$accept_course_request = intval($_GET['accept_course_request']);
$reject_course_request = intval($_GET['reject_course_request']);
$request_info = intval($_GET['request_info']);
$delete_course_request = intval($_GET['delete_course_request']);
$message = trim(Security::remove_XSS(stripslashes(urldecode($_GET['message']))));
$is_error_message = !empty($_GET['is_error_message']);
$keyword = Database::escape_string(trim($_GET['keyword']));
$accept_course_request = isset($_GET['accept_course_request']) ? intval($_GET['accept_course_request']) : '';
$reject_course_request = isset($_GET['reject_course_request']) ? intval($_GET['reject_course_request']) : '';
$request_info = isset($_GET['request_info']) ? intval($_GET['request_info']) : '';
$delete_course_request = isset($_GET['delete_course_request']) ? intval($_GET['delete_course_request']) : '';
$message = isset($_GET['message']) ? trim(Security::remove_XSS(stripslashes(urldecode($_GET['message'])))) : '';
$is_error_message = isset($_GET['is_error_message']) ? !empty($_GET['is_error_message']) : '';
$keyword = isset($_GET['keyword']) ? Database::escape_string(trim($_GET['keyword'])) : '';
if ($course_validation_feature) {

Write Preview
Loading…
Cancel
Save