From e952291c189a90b56ea67d7d947b989f55a0333c Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Wed, 1 Apr 2015 12:41:28 +0200 Subject: [PATCH] Add intval, fix PHP warnings. --- main/admin/course_request_accepted.php | 35 +++++++++++++++---------- main/admin/course_request_rejected.php | 36 ++++++++++++++------------ main/admin/course_request_review.php | 14 +++++----- 3 files changed, 49 insertions(+), 36 deletions(-) diff --git a/main/admin/course_request_accepted.php b/main/admin/course_request_accepted.php index c5a461caf4..35cc259023 100755 --- a/main/admin/course_request_accepted.php +++ b/main/admin/course_request_accepted.php @@ -23,8 +23,8 @@ api_protect_admin_script(); $course_validation_feature = api_get_setting('course_validation') == 'true'; // Filltering passed to this page parameters. -$delete_course_request = intval($_GET['delete_course_request']); -$message = trim(Security::remove_XSS(stripslashes(urldecode($_GET['message'])))); +$delete_course_request = isset($_GET['delete_course_request']) ? intval($_GET['delete_course_request']) : ''; +$message = isset($_GET['message']) ? trim(Security::remove_XSS(stripslashes(urldecode($_GET['message'])))) : ''; $is_error_message = !empty($_GET['is_error_message']); if ($course_validation_feature) { @@ -84,17 +84,28 @@ function get_request_data($from, $number_of_items, $column, $direction) $keyword = isset($_GET['keyword']) ? Database::escape_string(trim($_GET['keyword'])) : null; $course_request_table = Database :: get_main_table(TABLE_MAIN_COURSE_REQUEST); - $sql = "SELECT id AS col0, - code AS col1, - title AS col2, - category_code AS col3, - tutor_name AS col4, - request_date AS col5, - id AS col6 - FROM $course_request_table WHERE status = ".COURSE_REQUEST_ACCEPTED; + $from = intval($from); + $number_of_items = intval($number_of_items); + $column = intval($column); + $direction = !in_array(strtolower(trim($direction)), ['asc','desc']) ? 'asc' : $direction; + + $sql = "SELECT + id AS col0, + code AS col1, + title AS col2, + category_code AS col3, + tutor_name AS col4, + request_date AS col5, + id AS col6 + FROM $course_request_table + WHERE status = ".COURSE_REQUEST_ACCEPTED; if ($keyword != '') { - $sql .= " AND (title LIKE '%".$keyword."%' OR code LIKE '%".$keyword."%' OR visual_code LIKE '%".$keyword."%')"; + $sql .= " AND ( + title LIKE '%".$keyword."%' OR + code LIKE '%".$keyword."%' OR + visual_code LIKE '%".$keyword."%' + )"; } $sql .= " ORDER BY col$column $direction "; $sql .= " LIMIT $from,$number_of_items"; @@ -149,7 +160,6 @@ $form->addButtonSearch(get_lang('Search')); // The action bar. echo '
'; -//echo ''.Display::return_icon('courses.gif', get_lang('CourseList')).get_lang('CourseList').''; echo ' '.Display::return_icon('course_request_pending.png', get_lang('ReviewCourseRequests')).get_lang('ReviewCourseRequests').''; echo ' '.Display::return_icon('course_request_rejected.gif', get_lang('RejectedCourseRequests')).get_lang('RejectedCourseRequests').''; echo '
'; @@ -159,7 +169,6 @@ echo ''; // Create a sortable table with the course data. $table = new SortableTable('course_requests_accepted', 'get_number_of_requests', 'get_request_data', 5, 20, 'DESC'); -//$table->set_additional_parameters($parameters); $table->set_header(0, '', false); $table->set_header(1, get_lang('Code')); $table->set_header(2, get_lang('Title')); diff --git a/main/admin/course_request_rejected.php b/main/admin/course_request_rejected.php index d9b27ce6ac..d780af15c6 100755 --- a/main/admin/course_request_rejected.php +++ b/main/admin/course_request_rejected.php @@ -23,12 +23,12 @@ api_protect_admin_script(); $course_validation_feature = api_get_setting('course_validation') == 'true'; // Filltering passed to this page parameters. -$accept_course_request = intval($_GET['accept_course_request']); -$delete_course_request = intval($_GET['delete_course_request']); -$request_info = intval($_GET['request_info']); -$message = trim(Security::remove_XSS(stripslashes(urldecode($_GET['message'])))); +$accept_course_request = isset($_GET['accept_course_request']) ? intval($_GET['accept_course_request']) : ''; +$delete_course_request = isset($_GET['delete_course_request']) ? intval($_GET['delete_course_request']) : ''; +$request_info = isset($_GET['request_info']) ? intval($_GET['request_info']) : ''; +$message = isset($_GET['message']) ? trim(Security::remove_XSS(stripslashes(urldecode($_GET['message'])))) : ''; $is_error_message = !empty($_GET['is_error_message']); -$keyword = Database::escape_string(trim($_GET['keyword'])); +$keyword = isset($_GET['keyword']) ? Database::escape_string(trim($_GET['keyword'])) : ''; if ($course_validation_feature) { @@ -109,17 +109,23 @@ function get_number_of_requests() { */ function get_request_data($from, $number_of_items, $column, $direction) { global $keyword; - $course_request_table = Database :: get_main_table(TABLE_MAIN_COURSE_REQUEST); - $sql = "SELECT id AS col0, - code AS col1, - title AS col2, - category_code AS col3, - tutor_name AS col4, - request_date AS col5, - id AS col6 - FROM $course_request_table WHERE status = ".COURSE_REQUEST_REJECTED; + $from = intval($from); + $number_of_items = intval($number_of_items); + $column = intval($column); + $direction = !in_array(strtolower(trim($direction)), ['asc','desc']) ? 'asc' : $direction; + + $sql = "SELECT + id AS col0, + code AS col1, + title AS col2, + category_code AS col3, + tutor_name AS col4, + request_date AS col5, + id AS col6 + FROM $course_request_table + WHERE status = ".COURSE_REQUEST_REJECTED; if ($keyword != '') { $sql .= " AND (title LIKE '%".$keyword."%' OR code LIKE '%".$keyword."%' OR visual_code LIKE '%".$keyword."%')"; @@ -182,7 +188,6 @@ $form->addButtonSearch(get_lang('Search')); // The action bar. echo '
'; -//echo ''.Display::return_icon('courses.gif', get_lang('CourseList')).get_lang('CourseList').''; echo ' '.Display::return_icon('course_request_pending.png', get_lang('ReviewCourseRequests')).get_lang('ReviewCourseRequests').''; echo ' '.Display::return_icon('course_request_accepted.gif', get_lang('AcceptedCourseRequests')).get_lang('AcceptedCourseRequests').''; echo '
'; @@ -192,7 +197,6 @@ echo ''; // Create a sortable table with the course data. $table = new SortableTable('course_requests_rejected', 'get_number_of_requests', 'get_request_data', 5, 20, 'DESC'); -//$table->set_additional_parameters($parameters); $table->set_header(0, '', false); $table->set_header(1, get_lang('Code')); $table->set_header(2, get_lang('Title')); diff --git a/main/admin/course_request_review.php b/main/admin/course_request_review.php index eb3bb572ef..3c02851924 100755 --- a/main/admin/course_request_review.php +++ b/main/admin/course_request_review.php @@ -24,13 +24,13 @@ api_protect_admin_script(); $course_validation_feature = api_get_setting('course_validation') == 'true'; // Filltering passed to this page parameters. -$accept_course_request = intval($_GET['accept_course_request']); -$reject_course_request = intval($_GET['reject_course_request']); -$request_info = intval($_GET['request_info']); -$delete_course_request = intval($_GET['delete_course_request']); -$message = trim(Security::remove_XSS(stripslashes(urldecode($_GET['message'])))); -$is_error_message = !empty($_GET['is_error_message']); -$keyword = Database::escape_string(trim($_GET['keyword'])); +$accept_course_request = isset($_GET['accept_course_request']) ? intval($_GET['accept_course_request']) : ''; +$reject_course_request = isset($_GET['reject_course_request']) ? intval($_GET['reject_course_request']) : ''; +$request_info = isset($_GET['request_info']) ? intval($_GET['request_info']) : ''; +$delete_course_request = isset($_GET['delete_course_request']) ? intval($_GET['delete_course_request']) : ''; +$message = isset($_GET['message']) ? trim(Security::remove_XSS(stripslashes(urldecode($_GET['message'])))) : ''; +$is_error_message = isset($_GET['is_error_message']) ? !empty($_GET['is_error_message']) : ''; +$keyword = isset($_GET['keyword']) ? Database::escape_string(trim($_GET['keyword'])) : ''; if ($course_validation_feature) {