From ebca605eddfb628342225635b7e90a4fac392965 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Tue, 25 May 2010 14:52:15 +0200
Subject: [PATCH] Adding security::remove_XSS

---
 main/exercice/exercise_show.php |  2 +-
 main/user/subscribe_class.php   |  2 +-
 main/wiki/wiki.inc.php          | 10 ++++------
 3 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/main/exercice/exercise_show.php b/main/exercice/exercise_show.php
index f09f112ce8..4ca2833b06 100755
--- a/main/exercice/exercise_show.php
+++ b/main/exercice/exercise_show.php
@@ -1024,7 +1024,7 @@ if (is_array($arrid) && is_array($arrmarks)) {
 if ($is_allowedToEdit) {
 	if (in_array($origin, array('tracking_course','user_course'))) {
 
-		echo ' <form name="myform" id="myform" action="exercice.php?show=result&comments=update&exeid='.$id.'&test='.urlencode($test).'&emailid='.$emailId.'&origin='.$origin.'&student='.$_GET['student'].'&details=true&course='.$_GET['cidReq'].$fromlink.'" method="post">';
+		echo ' <form name="myform" id="myform" action="exercice.php?show=result&comments=update&exeid='.$id.'&test='.urlencode($test).'&emailid='.$emailId.'&origin='.$origin.'&student='.Security::remove_XSS($_GET['student']).'&details=true&course='.Security::remove_XSS($_GET['cidReq']).$fromlink.'" method="post">';
 		echo ' <input type = "hidden" name="totalWeighting" value="'.$totalWeighting.'">';
 		if (isset($_GET['myid']) && isset($_GET['my_lp_id']) && isset($_GET['student'])) {
 			?>
diff --git a/main/user/subscribe_class.php b/main/user/subscribe_class.php
index dafdf875dd..7a1373ce31 100755
--- a/main/user/subscribe_class.php
+++ b/main/user/subscribe_class.php
@@ -179,7 +179,7 @@ $form->addElement('submit', 'submit', get_lang('SearchButton'));
 
 // Build table
 $table = new SortableTable('users', 'get_number_of_classes', 'get_class_data', 1);
-$parameters['keyword'] = $_GET['keyword'];
+$parameters['keyword'] = Security::remove_XSS($_GET['keyword']);
 $table->set_additional_parameters($parameters);
 $col = 0;
 $table->set_header($col ++, '', false);
diff --git a/main/wiki/wiki.inc.php b/main/wiki/wiki.inc.php
index 1491e75252..e22e8db72a 100755
--- a/main/wiki/wiki.inc.php
+++ b/main/wiki/wiki.inc.php
@@ -185,13 +185,11 @@ function make_wiki_link_clickable($input)
 {
 	global $_course;
 
-	if (isset($_SESSION['_gid']))
-	{
-		$_clean['group_id']=(int)$_SESSION['_gid'];
+	if (isset($_SESSION['_gid'])) {
+		$_clean['group_id']=intval($_SESSION['_gid']);
 	}
-	if (isset($_GET['group_id']))
-	{
-		$_clean['group_id']=(int)Security::remove_XSS($_GET['group_id']);
+	if (isset($_GET['group_id'])) {
+		$_clean['group_id']=intval($_GET['group_id']);
 	}