chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r20791] minor - logic changes - replace COURSEMANAGER by COURSEMANAGERLOWSECURITY

Browse Source
skala
Isaac Flores 17 years ago
parent f9d6209b23
commit e9779792a7
1 changed files with 4 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      main/announcements/announcements.inc.php

8
main/announcements/announcements.inc.php
Unescape View File

@ -1,4 +1,4 @@
<?php //$Id: announcements.inc.php 20567 2009-05-12 21:10:13Z cvargas1 $ <?php //$Id: announcements.inc.php 20791 2009-05-18 17:47:11Z iflorespaz $
/* /*
============================================================================== ==============================================================================
Dokeos - elearning and course management software Dokeos - elearning and course management software
@ -741,7 +741,7 @@ function store_advalvas_item($emailTitle,$newContent, $order, $to)
global $tbl_item_property; global $tbl_item_property;
$newContent=stripslashes($newContent); $newContent=stripslashes($newContent);
$emailTitle = Database::escape_string(Security::remove_XSS($emailTitle)); $emailTitle = Database::escape_string(Security::remove_XSS($emailTitle));
$newContent = Database::escape_string(Security::remove_XSS($newContent,COURSEMANAGER)); $newContent = Database::escape_string(Security::remove_XSS($newContent,COURSEMANAGERLOWSECURITY));
$order = intval($order); $order = intval($order);
// store in the table announcement // store in the table announcement
$sql = "INSERT INTO $tbl_announcement SET content = '$newContent', title = '$emailTitle', end_date = NOW(), display_order ='$order', session_id=".intval($_SESSION['id_session']); $sql = "INSERT INTO $tbl_announcement SET content = '$newContent', title = '$emailTitle', end_date = NOW(), display_order ='$order', session_id=".intval($_SESSION['id_session']);
@ -791,7 +791,7 @@ function store_advalvas_group_item($emailTitle,$newContent, $order, $to, $to_use
$newContent=stripslashes($newContent); $newContent=stripslashes($newContent);
$emailTitle = Database::escape_string(Security::remove_XSS($emailTitle)); $emailTitle = Database::escape_string(Security::remove_XSS($emailTitle));
$newContent = Database::escape_string(Security::remove_XSS($newContent,COURSEMANAGER)); $newContent = Database::escape_string(Security::remove_XSS($newContent,COURSEMANAGERLOWSECURITY));
$order = intval($order); $order = intval($order);
// store in the table announcement // store in the table announcement
$sql = "INSERT INTO $tbl_announcement SET content = '$newContent', title = '$emailTitle', end_date = NOW(), display_order ='$order', session_id=".intval($_SESSION['id_session']); $sql = "INSERT INTO $tbl_announcement SET content = '$newContent', title = '$emailTitle', end_date = NOW(), display_order ='$order', session_id=".intval($_SESSION['id_session']);
@ -847,7 +847,7 @@ function edit_advalvas_item($id,$emailTitle,$newContent,$to)
$newContent=stripslashes($newContent); $newContent=stripslashes($newContent);
$emailTitle = Database::escape_string(Security::remove_XSS($emailTitle)); $emailTitle = Database::escape_string(Security::remove_XSS($emailTitle));
$newContent = Database::escape_string(Security::remove_XSS($newContent,COURSEMANAGER)); $newContent = Database::escape_string(Security::remove_XSS($newContent,COURSEMANAGERLOWSECURITY));
// store the modifications in the table announcement // store the modifications in the table announcement
$sql = "UPDATE $tbl_announcement SET content='$newContent', title = '$emailTitle' WHERE id='$id'"; $sql = "UPDATE $tbl_announcement SET content='$newContent', title = '$emailTitle' WHERE id='$id'";

Write Preview
Loading…
Cancel
Save