Adding security::remove_XSS

main/exercice/exercise_show.php

@@ -1024,7 +1024,7 @@ if (is_array($arrid) && is_array($arrmarks)) {
 if ($is_allowedToEdit) {
 	if (in_array($origin, array('tracking_course','user_course'))) {
 
-		echo ' <form name="myform" id="myform" action="exercice.php?show=result&comments=update&exeid='.$id.'&test='.urlencode($test).'&emailid='.$emailId.'&origin='.$origin.'&student='.$_GET['student'].'&details=true&course='.$_GET['cidReq'].$fromlink.'" method="post">';
+		echo ' <form name="myform" id="myform" action="exercice.php?show=result&comments=update&exeid='.$id.'&test='.urlencode($test).'&emailid='.$emailId.'&origin='.$origin.'&student='.Security::remove_XSS($_GET['student']).'&details=true&course='.Security::remove_XSS($_GET['cidReq']).$fromlink.'" method="post">';
 		echo ' <input type = "hidden" name="totalWeighting" value="'.$totalWeighting.'">';
 		if (isset($_GET['myid']) && isset($_GET['my_lp_id']) && isset($_GET['student'])) {
 			?>

main/user/subscribe_class.php

@@ -179,7 +179,7 @@ $form->addElement('submit', 'submit', get_lang('SearchButton'));
 
 // Build table
 $table = new SortableTable('users', 'get_number_of_classes', 'get_class_data', 1);
-$parameters['keyword'] = $_GET['keyword'];
+$parameters['keyword'] = Security::remove_XSS($_GET['keyword']);
 $table->set_additional_parameters($parameters);
 $col = 0;
 $table->set_header($col ++, '', false);

main/wiki/wiki.inc.php

@@ -185,13 +185,11 @@ function make_wiki_link_clickable($input)
 {
 	global $_course;
 
-	if (isset($_SESSION['_gid']))
-	{
-		$_clean['group_id']=(int)$_SESSION['_gid'];
+	if (isset($_SESSION['_gid'])) {
+		$_clean['group_id']=intval($_SESSION['_gid']);
 	}
-	if (isset($_GET['group_id']))
-	{
-		$_clean['group_id']=(int)Security::remove_XSS($_GET['group_id']);
+	if (isset($_GET['group_id'])) {
+		$_clean['group_id']=intval($_GET['group_id']);
 	}