From f6f9ceec86359f20798bfb1ee57ef851106fc5a5 Mon Sep 17 00:00:00 2001
From: Cristian Fasanando <cristian.fasanando@beeznest.com>
Date: Mon, 9 Feb 2009 17:21:43 +0100
Subject: [PATCH] [svn r18364] Minor - Fixed warning and notice into blogs
 management - see FS#3510

---
 main/blog/blog.php            | 70 ++++++++++++++++++-----------------
 main/blog/blog_admin.php      | 16 ++++----
 main/inc/lib/main_api.lib.php | 10 +++--
 3 files changed, 51 insertions(+), 45 deletions(-)

diff --git a/main/blog/blog.php b/main/blog/blog.php
index a0373c42c0..9f2d682d7d 100644
--- a/main/blog/blog.php
+++ b/main/blog/blog.php
@@ -75,78 +75,82 @@ $current_page = $_GET['action'];
 	PROCESSING
 ==============================================================================
 */
-if ($_POST['new_post_submit'])
+if (!empty($_POST['new_post_submit']))
 {	
 	Blog :: create_post($_POST['post_title'], $_POST['post_full_text'], $_POST['post_file_comment'],$blog_id);
 }
-if ($_POST['edit_post_submit'])
+if (!empty($_POST['edit_post_submit']))
 {
 	Blog :: edit_post($_POST['post_id'], $_POST['post_title'], $_POST['post_full_text'], $blog_id);
 }
-if ($_POST['new_comment_submit'])
+if (!empty($_POST['new_comment_submit']))
 {
 	Blog :: create_comment($_POST['comment_title'], $_POST['comment_text'], $_POST['post_file_comment'],$blog_id, (int)$_GET['post_id'], $_POST['comment_parent_id']);
 }
 
-if ($_POST['new_task_submit'])
+if (!empty($_POST['new_task_submit']))
 {
 	Blog :: create_task($blog_id, $_POST['task_name'], $_POST['task_description'], $_POST['chkArticleDelete'], $_POST['chkArticleEdit'], $_POST['chkCommentsDelete'], $_POST['task_color']);
 }
-if ($_POST['edit_task_submit'])
+if (!empty($_POST['edit_task_submit']))
 {
 	Blog :: edit_task($_POST['blog_id'], $_POST['task_id'], $_POST['task_name'], $_POST['task_description'], $_POST['chkArticleDelete'], $_POST['chkArticleEdit'],$_POST['chkCommentsDelete'], $_POST['task_color']);
 }
-if ($_POST['assign_task_submit'])
+if (!empty($_POST['assign_task_submit']))
 {
 	Blog :: assign_task($blog_id, $_POST['task_user_id'], $_POST['task_task_id'], $_POST['task_year']."-".$_POST['task_month']."-".$_POST['task_day']);
 }
 
-if ($_POST['assign_task_edit_submit'])
+if (!empty($_POST['assign_task_edit_submit']))
 {
 	Blog :: edit_assigned_task($blog_id, $_POST['task_user_id'], $_POST['task_task_id'], $_POST['task_year']."-".$_POST['task_month']."-".$_POST['task_day'], $_POST['old_user_id'], $_POST['old_task_id'], $_POST['old_target_date']);
 }
-if ($_POST['new_task_execution_submit'])
+if (!empty($_POST['new_task_execution_submit']))
 {
 	Blog :: create_comment($_POST['comment_title'], $_POST['comment_text'], $blog_id, (int)$_GET['post_id'], $_POST['comment_parent_id'], $_POST['task_id']);
 }
-if ($_POST['register'])
-{
-	foreach ($_POST['user'] as $index => $user_id)
-	{
-		Blog :: set_user_subscribed((int)$_GET['blog_id'], $user_id);
+if (!empty($_POST['register']))
+{	
+	if (is_array($_POST['user'])) {
+		foreach ($_POST['user'] as $index => $user_id)
+		{
+			Blog :: set_user_subscribed((int)$_GET['blog_id'], $user_id);
+		}
 	}
 }
-if ($_POST['unregister'])
-{
-	foreach ($_POST['user'] as $index => $user_id)
-	{
-		Blog :: set_user_unsubscribed((int)$_GET['blog_id'], $user_id);
+if (!empty($_POST['unregister']))
+{	
+	if (is_array($_POST['user'])) {
+		foreach ($_POST['user'] as $index => $user_id)
+		{
+			Blog :: set_user_unsubscribed((int)$_GET['blog_id'], $user_id);
+		}
 	}
 }
-if ($_GET['register'])
+if (!empty($_GET['register']))
 {
 	Blog :: set_user_subscribed((int)$_GET['blog_id'], (int)$_GET['user_id']);
 	$flag = 1;
 }
-if ($_GET['unregister'])
+if (!empty($_GET['unregister']))
 {
 	Blog :: set_user_unsubscribed((int)$_GET['blog_id'], (int)$_GET['user_id']);
 }
 
-if ($_GET['action'] == 'manage_tasks')
+if (isset($_GET['action']) && $_GET['action'] == 'manage_tasks')
 {
-	if ($_GET['do'] == 'delete')
+	if (isset($_GET['do']) && $_GET['do'] == 'delete')
 		Blog :: delete_task($blog_id, (int)$_GET['task_id']);
 
-	if ($_GET['do'] == 'delete_assignment')
+	if (isset($_GET['do']) && $_GET['do'] == 'delete_assignment')
 		Blog :: delete_assigned_task($blog_id, (int)$_GET['assignment_id']);
 }
 
-if ($_GET['action'] == 'view_post')
+if (isset($_GET['action']) && $_GET['action'] == 'view_post')
 {
 	$task_id = (isset ($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0;
 
-	if ($_GET['do'] == 'delete_comment')
+	if (isset($_GET['do']) && $_GET['do'] == 'delete_comment')
 	{
 		if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_delete', $task_id))
 		{		
@@ -159,7 +163,7 @@ if ($_GET['action'] == 'view_post')
 		}
 	}
 
-	if ($_GET['do'] == 'delete_article')
+	if (isset($_GET['do']) && $_GET['do'] == 'delete_article')
 	{
 		if (api_is_allowed('BLOG_'.$blog_id, 'article_delete', $task_id))
 		{
@@ -172,16 +176,16 @@ if ($_GET['action'] == 'view_post')
 			$message = get_lang('ActionNotAllowed');
 		}
 	}
-	if ($_GET['do'] == 'rate')
+	if (isset($_GET['do']) && $_GET['do'] == 'rate')
 	{
-		if ($_GET['type'] == 'post')
+		if (isset($_GET['type']) && $_GET['type'] == 'post')
 		{
 			if (api_is_allowed('BLOG_'.$blog_id, 'article_rate'))
 			{
 				Blog :: add_rating('post', $blog_id, (int)$_GET['post_id'], (int)$_GET['rating']);
 			}
 		}
-		if ($_GET['type'] == 'comment')
+		if (isset($_GET['type']) && $_GET['type'] == 'comment')
 		{
 			if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_add'))
 			{
@@ -417,19 +421,19 @@ switch ($current_page)
 	case 'manage_tasks' :
 		if (api_is_allowed('BLOG_'.$blog_id, 'task_management'))
 		{
-			if ($_GET['do'] == 'add')
+			if (isset($_GET['do']) && $_GET['do'] == 'add')
 			{
 				Blog :: display_new_task_form($blog_id);
 			}
-			if ($_GET['do'] == 'assign')
+			if (isset($_GET['do']) && $_GET['do'] == 'assign')
 			{
 				Blog :: display_assign_task_form($blog_id);
 			}
-			if ($_GET['do'] == 'edit')
+			if (isset($_GET['do']) && $_GET['do'] == 'edit')
 			{
 				Blog :: display_edit_task_form($blog_id, Database::escape_string($_GET['task_id']));
 			}
-			if ($_GET['do'] == 'edit_assignment')
+			if (isset($_GET['do']) && $_GET['do'] == 'edit_assignment')
 			{
 				Blog :: display_edit_assigned_task_form($blog_id, Database::escape_string((int)$_GET['assignment_id']));
 			}
diff --git a/main/blog/blog_admin.php b/main/blog/blog_admin.php
index 7363e44750..01537f2390 100644
--- a/main/blog/blog_admin.php
+++ b/main/blog/blog_admin.php
@@ -72,21 +72,21 @@ if (api_is_allowed_to_edit())
 		PROCESSING..
 	==============================================================================
 	*/
-	if ($_POST['new_blog_submit'])
+	if (!empty($_POST['new_blog_submit']))
 	{
 		Blog::create_blog($_POST['blog_name'],$_POST['blog_subtitle']);
 	}
-	if ($_POST['edit_blog_submit'])
+	if (!empty($_POST['edit_blog_submit']))
 	{
 		Blog::edit_blog($_POST['blog_id'],$_POST['blog_name'],$_POST['blog_subtitle']);
 	}
-	if ($_GET['action'] == 'visibility')
+	if (isset($_GET['action']) && $_GET['action'] == 'visibility')
 	{
-		Blog::change_blog_visibility(mysql_real_escape_string((int)$_GET['blog_id']));
+		Blog::change_blog_visibility(Database::scape_string((int)$_GET['blog_id']));
 	}
-	if ($_GET['action'] == 'delete')
+	if (isset($_GET['action']) && $_GET['action'] == 'delete')
 	{
-		Blog::delete_blog(mysql_real_escape_string((int)$_GET['blog_id']));
+		Blog::delete_blog(Database::scape_string((int)$_GET['blog_id']));
 	}
 	
 	
@@ -99,11 +99,11 @@ if (api_is_allowed_to_edit())
 	//api_introductionsection(TOOL_BLOG);
 	
 	
-		if ($_GET['action'] == 'add')
+		if (isset($_GET['action']) && $_GET['action'] == 'add')
 		{
 			Blog::display_new_blog_form();
 		}
-		if ($_GET['action'] == 'edit')
+		if (isset($_GET['action']) && $_GET['action'] == 'edit')
 		{
 			Blog::display_edit_blog_form(Database::escape_string((int)$_GET['blog_id']));
 		}
diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php
index a18d8efabc..e9e3ab6634 100644
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@@ -1521,10 +1521,12 @@ function api_is_allowed($tool, $action, $task_id = 0) {
 	// the session that contains all the permissions already exists for this course
 	// so there is no need to requery everything.
 	//my_print_r($_SESSION['total_permissions'][$_course['code']][$tool]);
-	if (in_array($action, $_SESSION['total_permissions'][$_course['code']][$tool])) {
-		return true;
-	} else {
-		return false;
+	if (is_array($_SESSION['total_permissions'][$_course['code']][$tool])) {
+		if (in_array($action, $_SESSION['total_permissions'][$_course['code']][$tool])) {
+			return true;
+		} else {
+			return false;
+		}
 	}
 }