From 178edb049a08ee9ac0098f725fcc4f273bfc304b Mon Sep 17 00:00:00 2001
From: Daniel Barreto <daniel.barreto@beeznest.com>
Date: Mon, 2 Feb 2015 10:50:27 -0500
Subject: [PATCH 1/3] Fix bug, audio was sent to root folder, text2audio tool -
 refs CT#7483

---
 main/document/create_audio.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/main/document/create_audio.php b/main/document/create_audio.php
index 32968dfaa7..4d1b14f62d 100755
--- a/main/document/create_audio.php
+++ b/main/document/create_audio.php
@@ -28,7 +28,7 @@ if (api_get_setting('enabled_text2audio') == 'false'){
 	api_not_allowed(true);
 }
 
-$document_data = DocumentManager::get_document_data_by_id($_GET['id'], api_get_course_id());
+$document_data = DocumentManager::get_document_data_by_id($_REQUEST['id'], api_get_course_id());
 if (empty($document_data)) {
     if (api_is_in_group()) {
         $group_properties   = GroupManager::get_group_properties(api_get_group_id());
@@ -212,7 +212,7 @@ $(document).ready(function(){
 		echo '<div>';
 		$form = new FormValidator('form1', 'post', null, '', array('id' => 'form1'));
 		$form->addElement('hidden', 'text2voice_mode', 'google');
-		$form->addElement('hidden', 'document_id', $document_id);
+		$form->addElement('hidden', 'id', $document_id);
 		$form->addElement('text', 'title', get_lang('Title'));
 		$form->addElement('select', 'lang', get_lang('Language'), $options);
 		$form->addElement('textarea', 'text', get_lang('InsertText2Audio'), array('id' => 'textarea_google', 'class' =>'span6' ));
@@ -235,7 +235,7 @@ $(document).ready(function(){
 
 		$form = new FormValidator('form2', 'post', null, '', array('id' => 'form2'));
 		$form->addElement('hidden', 'text2voice_mode','pediaphon');
-		$form->addElement('hidden', 'document_id', $document_id);
+		$form->addElement('hidden', 'id', $document_id);
 		$form->addElement('text', 'title', get_lang('Title'));
 		$form->addElement('select', 'lang', get_lang('Language'), $options_pedia, array('onclick' => 'update_voices(this.selectedIndex);'));
 		$form->addElement('select', 'voices', get_lang('Voice'), array(get_lang('FirstSelectALanguage')), array());
@@ -345,7 +345,7 @@ Display :: display_footer();
  */
 function downloadMP3_google($filepath, $dir)
 {
-	$location='create_audio.php?'.api_get_cidreq().'&id='.Security::remove_XSS($_POST['document_id']).'&dt2a=google';
+    $location='create_audio.php?'.api_get_cidreq().'&id='.Security::remove_XSS($_POST['id']).'&dt2a=google';
 
 	//security
 	if (!isset($_POST['lang']) && !isset($_POST['text']) && !isset($_POST['title']) && !isset($filepath) && !isset($dir)) {
@@ -420,7 +420,7 @@ function downloadMP3_google($filepath, $dir)
  * @version january 2011, chamilo 1.8.8
  */
 function downloadMP3_pediaphon($filepath, $dir){
-	$location='create_audio.php?'.api_get_cidreq().'&id='.Security::remove_XSS($_POST['document_id']).'&dt2a=pediaphon';
+	$location='create_audio.php?'.api_get_cidreq().'&id='.Security::remove_XSS($_POST['id']).'&dt2a=pediaphon';
 	//security
 	if(!isset($_POST['lang']) && !isset($_POST['text']) && !isset($_POST['title']) && !isset($filepath) && !isset($dir)) {
 		echo '<script>window.location.href="'.$location.'"</script>';

From 04ceaebe572eb5a3cedea6d5982539c6eefd9ac6 Mon Sep 17 00:00:00 2001
From: Daniel Barreto <daniel.barreto@beeznest.com>
Date: Mon, 2 Feb 2015 12:10:31 -0500
Subject: [PATCH 2/3] Fix, replace remove_xss by intval for id vars - refs
 CT7483

---
 main/document/create_audio.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main/document/create_audio.php b/main/document/create_audio.php
index 4d1b14f62d..d3ab88f191 100755
--- a/main/document/create_audio.php
+++ b/main/document/create_audio.php
@@ -345,7 +345,7 @@ Display :: display_footer();
  */
 function downloadMP3_google($filepath, $dir)
 {
-    $location='create_audio.php?'.api_get_cidreq().'&id='.Security::remove_XSS($_POST['id']).'&dt2a=google';
+    $location='create_audio.php?'.api_get_cidreq().'&id='.intval($_POST['id']).'&dt2a=google';
 
 	//security
 	if (!isset($_POST['lang']) && !isset($_POST['text']) && !isset($_POST['title']) && !isset($filepath) && !isset($dir)) {
@@ -420,7 +420,7 @@ function downloadMP3_google($filepath, $dir)
  * @version january 2011, chamilo 1.8.8
  */
 function downloadMP3_pediaphon($filepath, $dir){
-	$location='create_audio.php?'.api_get_cidreq().'&id='.Security::remove_XSS($_POST['id']).'&dt2a=pediaphon';
+	$location='create_audio.php?'.api_get_cidreq().'&id='.intval($_POST['id']).'&dt2a=pediaphon';
 	//security
 	if(!isset($_POST['lang']) && !isset($_POST['text']) && !isset($_POST['title']) && !isset($filepath) && !isset($dir)) {
 		echo '<script>window.location.href="'.$location.'"</script>';

From 277ae1e5b3fefc81c4739a41f75cf2550c04b1d5 Mon Sep 17 00:00:00 2001
From: Angel Fernando Quiroz Campos <angelfqc.18@gmail.com>
Date: Mon, 2 Feb 2015 15:30:55 -0500
Subject: [PATCH 3/3] Return to Teacher view in LP - refs #7420

---
 main/newscorm/lp_add_item.php   | 2 +-
 main/newscorm/lp_controller.php | 2 +-
 main/newscorm/lp_list.php       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/main/newscorm/lp_add_item.php b/main/newscorm/lp_add_item.php
index c67485f880..c184063e8e 100755
--- a/main/newscorm/lp_add_item.php
+++ b/main/newscorm/lp_add_item.php
@@ -140,7 +140,7 @@ $action = isset($_GET['action']) ? $_GET['action'] : null;
 if ($action == 'add' && $type == 'learnpathitem') {
      $htmlHeadXtra[] = "<script type='text/javascript'> window.location=\"../resourcelinker/resourcelinker.php?source_id=5&action=$action&learnpath_id=$learnpath_id&chapter_id=$chapter_id&originalresource=no\"; </script>";
 }
-if ((!$is_allowed_to_edit) || ($isStudentView)) {
+if ((!$is_allowed_to_edit)) {
     error_log('New LP - User not authorized in lp_add_item.php');
     header('location:lp_controller.php?action=view&lp_id='.$learnpath_id);
     exit;
diff --git a/main/newscorm/lp_controller.php b/main/newscorm/lp_controller.php
index 3c7f836610..4abfab5c8d 100755
--- a/main/newscorm/lp_controller.php
+++ b/main/newscorm/lp_controller.php
@@ -547,7 +547,7 @@ switch ($action) {
                     $_SESSION['oLP'] = new learnpath(api_get_course_id(),$new_lp_id,api_get_user_id());
                     //require 'lp_build.php';
                     $url = api_get_self().'?action=add_item&type=step&lp_id='.intval($new_lp_id);
-                    header('Location: '.$url);
+                    header("Location: $url&isStudentView=false");
                     exit;
                 }
             }
diff --git a/main/newscorm/lp_list.php b/main/newscorm/lp_list.php
index 9f53423d09..4050973aa5 100755
--- a/main/newscorm/lp_list.php
+++ b/main/newscorm/lp_list.php
@@ -263,7 +263,7 @@ if (!empty($flat_list)) {
             // BUILD
             if ($current_session == $details['lp_session']) {
                 if ($details['lp_type'] == 1 || $details['lp_type'] == 2) {
-                    $dsp_build = '<a href="lp_controller.php?'.api_get_cidreq().'&amp;action=add_item&amp;type=step&amp;lp_id='.$id.'">'.
+                    $dsp_build = '<a href="lp_controller.php?'.api_get_cidreq().'&amp;action=add_item&amp;type=step&amp;lp_id='.$id.'&isStudentView=false">'.
                         Display::return_icon('edit.png', get_lang('LearnpathEditLearnpath'), '', ICON_SIZE_SMALL).'</a>';
                 } else {
                     $dsp_build = Display::return_icon('edit_na.png', get_lang('LearnpathEditLearnpath'), '', ICON_SIZE_SMALL);