From a5124e57c609e20b58e348ac9fea8e2e1290052f Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 14 Oct 2009 11:18:24 -0500
Subject: [PATCH 1/6] Some security fixes see DT#4389

---
 main/course_home/activity.php | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/main/course_home/activity.php b/main/course_home/activity.php
index 3cfe92eca6..ce5f13410e 100644
--- a/main/course_home/activity.php
+++ b/main/course_home/activity.php
@@ -191,17 +191,17 @@ function show_tools_category($course_tool_category)
 				{
 					$sql_blogs = "
 						SELECT *
-						FROM " . $tbl_blogs_rel_user . " `blogs_rel_user`
-						WHERE `blog_id` = " . $blog_id;
+						FROM " . $tbl_blogs_rel_user . " blogs_rel_user
+						WHERE blog_id = " . $blog_id;
 				}
 				else
 				{
 					$sql_blogs = "
 						SELECT *
-						FROM " . $tbl_blogs_rel_user . " `blogs_rel_user`
+						FROM " . $tbl_blogs_rel_user . " blogs_rel_user
 						WHERE
-							`blog_id` = " . $blog_id . " AND
-							`user_id` = " . api_get_user_id();
+							blog_id = " . $blog_id . " AND
+							user_id = " . api_get_user_id();
 				}
 
 				$result_blogs = Database::query($sql_blogs, __FILE__, __LINE__);
@@ -392,7 +392,8 @@ function show_tools_category($course_tool_category)
 */
 
 if (isset($_GET['sent_http_request']) && $_GET['sent_http_request']==1) {
-	if(api_is_allowed_to_edit()) {
+	if(api_is_allowed_to_edit()) { 
+
 		$tool_table = Database::get_course_table(TABLE_TOOL_LIST);
 		$tool_id = Security::remove_XSS($_GET["id"]);
 		$tool_info = api_get_tool_information($tool_id);
@@ -435,7 +436,7 @@ if (isset($_GET['sent_http_request']) && $_GET['sent_http_request']==1) {
 			'image'   => $requested_image,
 			'tclass'  => $requested_clase,
 			'message' => $requested_message,
-      'view'    => $requested_view
+      		'view'    => $requested_view
 		);
 		print(json_encode($response_data));
 		exit;
@@ -481,7 +482,7 @@ if(api_is_platform_admin())
 			<?php echo get_lang("DelLk")?>
 			<br />&nbsp;&nbsp;&nbsp;
 			<a href="<?php echo api_get_self()?>"><?php echo get_lang("No")?></a>&nbsp;|&nbsp;
-			<a href="<?php echo api_get_self()?>?delete=yes&id=<?php echo $_GET["id"]?>"><?php echo get_lang("Yes")?></a>
+			<a href="<?php echo api_get_self()?>?delete=yes&id=<?php echo Security::remove_XSS($_GET['id'])?>"><?php echo get_lang("Yes")?></a>
 			</div>
 		<?php
 	}
@@ -490,8 +491,9 @@ if(api_is_platform_admin())
 	 * Process hiding a tools from available tools.
 	 */
 
-	elseif(isset($_GET["delete"]) && $_GET["delete"])
-	{
+	elseif(isset($_GET["delete"]) && $_GET["delete"]) {
+		//where $id is set?
+		$id = intval($id);
 		Database::query("DELETE FROM $tool_table WHERE id='$id' AND added_tool=1",__FILE__,__LINE__);
 	}
 }
@@ -514,7 +516,13 @@ function show_session_data($id_session) {
 	$session_table = Database::get_main_table(TABLE_MAIN_SESSION);
 	$user_table = Database::get_main_table(TABLE_MAIN_USER);
 	$session_category_table = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY);
-
+	
+	if ($id_session!=strval(intval($id_session))) {
+		return '';
+	} else {
+		$id_session = intval($id_session);
+	}
+	
 	$sql = 'SELECT name, nbr_courses, nbr_users, nbr_classes, DATE_FORMAT(date_start,"%d-%m-%Y") as date_start, DATE_FORMAT(date_end,"%d-%m-%Y") as date_end, lastname, firstname, username, session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end, session_category_id, visibility
 				FROM '.$session_table.'
 			LEFT JOIN '.$user_table.'
@@ -572,7 +580,7 @@ if(api_is_allowed_to_edit())
     }
 
 ?>
-	<div class="courseadminview" style="border:0px;">
+	<div class="courseadminview" style="border:0px; margin-top: 0px;padding:5px 0px;">
 		<div class="normal-message" id="id_normal_message" style="display:none">		
 		<?php			
 			echo '<img src="'.$server_protocol.$current_host.'/'.$path_work.'main/inc/lib/javascript/indicator.gif"/>'."&nbsp;&nbsp;";

From 4c12818d5ecbb02423f680c4b717428db1d420c5 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 14 Oct 2009 11:25:53 -0500
Subject: [PATCH 2/6] Adding some intval and escape_string functions see
 DT#4389

---
 main/inc/lib/usermanager.lib.php | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)
 mode change 100755 => 100644 main/inc/lib/usermanager.lib.php

diff --git a/main/inc/lib/usermanager.lib.php b/main/inc/lib/usermanager.lib.php
old mode 100755
new mode 100644
index d52c9a90af..157a7b76a8
--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@@ -1287,6 +1287,8 @@ class UserManager {
 		// A sanity check.
 		if (empty($user_id)) {
 			$user_id = 0;
+		} else {
+			if ($user_id != strval(intval($user_id))) return array();
 		}
 		$extra_data = array();
 		$t_uf = Database::get_main_table(TABLE_MAIN_USER_FIELD);
@@ -1349,6 +1351,8 @@ class UserManager {
 		// A sanity check.
 		if (empty($user_id)) {
 			$user_id = 0;
+		} else {
+			if ($user_id != strval(intval($user_id))) return array();
 		}
 		$extra_data = array();
 		$t_uf = Database::get_main_table(TABLE_MAIN_USER_FIELD);
@@ -1505,7 +1509,7 @@ class UserManager {
 		$tbl_session				= Database :: get_main_table(TABLE_MAIN_SESSION);
 		$tbl_session_course			= Database :: get_main_table(TABLE_MAIN_SESSION_COURSE);
 		$tbl_session_course_user	= Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
-		$user_id = intval($user_id);
+		if ($user_id != strval(intval($user_id))) return array();
 
 		$categories = array();
 		if ($fill_first) {
@@ -1539,8 +1543,10 @@ class UserManager {
 								ORDER BY session_category_id, date_start, date_end";
 
 		$result = Database::query($sessions_sql,__FILE__,__LINE__);
-		while ($row = Database::fetch_array($result)) {
-			$categories[$row['session_category_id']][] = $row['id'];
+		if (Database::num_rows($result)>0) {			 
+			while ($row = Database::fetch_array($result)) {
+				$categories[$row['session_category_id']][] = $row['id'];
+			}
 		}
 
 		// get the list of sessions where the user is subscribed as coach in a course $tbl_session_course_user
@@ -1560,8 +1566,10 @@ class UserManager {
 								ORDER BY session_category_id, date_start, date_end";
 
 		$result = Database::query($sessions_sql,__FILE__,__LINE__);
-		while ($row = Database::fetch_array($result)) {
-			$categories[$row['session_category_id']][] = $row['id'];
+		if (Database::num_rows($result)>0) {
+			while ($row = Database::fetch_array($result)) {
+				$categories[$row['session_category_id']][] = $row['id'];
+			}
 		}
 
 		// get the list of sessions where the user is subscribed as coach
@@ -1571,8 +1579,10 @@ class UserManager {
 								ORDER BY session_category_id, date_start, date_end";
 
 		$result = Database::query($sessions_sql,__FILE__,__LINE__);
-		while ($row = Database::fetch_array($result)) {
-			$categories[$row['session_category_id']][] = $row['id'];
+		if (Database::num_rows($result)>0) {
+			while ($row = Database::fetch_array($result)) {
+				$categories[$row['session_category_id']][] = $row['id'];
+			}
 		}
 		return $categories;
 	}
@@ -1592,8 +1602,9 @@ class UserManager {
 		$tbl_course_user 			= Database :: get_main_table(TABLE_MAIN_COURSE_USER);
 		$tbl_session_course 		= Database :: get_main_table(TABLE_MAIN_SESSION_COURSE);
 		$tbl_session_course_user 	= Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
-
-		$user_id = Database::escape_string($user_id);
+		
+		if ($user_id != strval(intval($user_id))) return array();
+		
 		//we filter the courses from the URL
 		$join_access_url = $where_access_url = '';
 		global $_configuration;

From 5302b963def9f7bdeda3ee1c8499f1b4e5ce9e81 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 14 Oct 2009 11:37:47 -0500
Subject: [PATCH 3/6] Adding session_rel_course_rel_user.status field in main
 database, also fixing latest modification to implement the session category
 feature

---
 main/install/dokeos_main.sql                    | 6 +++---
 main/install/migrate-db-1.8.6.1-1.8.6.2-pre.sql | 5 +++--
 2 files changed, 6 insertions(+), 5 deletions(-)
 mode change 100755 => 100644 main/install/dokeos_main.sql

diff --git a/main/install/dokeos_main.sql b/main/install/dokeos_main.sql
old mode 100755
new mode 100644
index 9c4a6824cd..3787e3ec74
--- a/main/install/dokeos_main.sql
+++ b/main/install/dokeos_main.sql
@@ -451,10 +451,12 @@ CREATE TABLE session (
   nb_days_access_after_end TINYINT UNSIGNED NULL default '0',
   session_admin_id INT UNSIGNED NOT NULL,
   visibility int NOT NULL default 1,
+  session_category_id int NOT NULL,
   PRIMARY KEY  (id),
   INDEX (session_admin_id),
   UNIQUE KEY name (name)
 );
+
 -- --------------------------------------------------------
 
 --
@@ -481,6 +483,7 @@ CREATE TABLE session_rel_course_rel_user (
   course_code char(40) NOT NULL default '',
   id_user int unsigned NOT NULL default '0',
   visibility int NOT NULL default 1,
+  status int NOT NULL default 0,
   PRIMARY KEY  (id_session,course_code,id_user),
   KEY id_user (id_user),
   KEY course_code (course_code)
@@ -2256,6 +2259,3 @@ CREATE TABLE session_category (
   date_end date default NULL,
   PRIMARY KEY  (id)
 );
-
-ALTER TABLE session ADD COLUMN session_category_id INT NOT NULL;
-ALTER TABLE session_rel_course_rel_user ADD status TINYINT NOT NULL DEFAULT 0;
diff --git a/main/install/migrate-db-1.8.6.1-1.8.6.2-pre.sql b/main/install/migrate-db-1.8.6.1-1.8.6.2-pre.sql
index 5bbdb47558..2c9e94d9c3 100755
--- a/main/install/migrate-db-1.8.6.1-1.8.6.2-pre.sql
+++ b/main/install/migrate-db-1.8.6.1-1.8.6.2-pre.sql
@@ -14,9 +14,11 @@
 -- xxMAINxx
 ALTER TABLE gradebook_evaluation ADD COLUMN type varchar(40) NOT NULL;
 ALTER TABLE session ADD COLUMN visibility int NOT NULL default 1;
+ALTER TABLE session ADD COLUMN session_category_id INT NOT NULL;
+
 ALTER TABLE session_rel_course_rel_user ADD COLUMN visibility int NOT NULL default 1;
+ALTER TABLE session_rel_course_rel_user ADD COLUMN status int NOT NULL default 0;
 CREATE TABLE session_category (id int(11) NOT NULL auto_increment, name varchar(100) default NULL, date_start date default NULL, date_end date default NULL, PRIMARY KEY  (id));
-ALTER TABLE session ADD COLUMN session_category_id INT NOT NULL;
 
 
 INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url_changeable) VALUES ('allow_coach_to_edit_course_session', NULL, 'radio', 'Course', 'false', 'AllowCoachsToEditInsideTrainingSessions', 'AllowCoachsToEditInsideTrainingSessionsComment', NULL, NULL, 0);
@@ -42,6 +44,5 @@ ALTER TABLE link ADD COLUMN session_id smallint DEFAULT 0, ADD INDEX (session_id
 ALTER TABLE wiki ADD COLUMN session_id smallint DEFAULT 0, ADD INDEX (session_id);
 ALTER TABLE tool ADD COLUMN session_id smallint DEFAULT 0, ADD INDEX (session_id);
 ALTER TABLE link_category ADD COLUMN session_id smallint DEFAULT 0, ADD INDEX (session_id);
-ALTER TABLE session_rel_course_rel_user ADD status TINYINT NOT NULL DEFAULT 0;
 ALTER TABLE item_property ADD id_session INT NOT NULL DEFAULT 0;
 ALTER TABLE item_property DROP INDEX idx_item_property_toolref, ADD INDEX idx_item_property_toolref (tool, ref, id_session); 
\ No newline at end of file

From 0b484277e0d7d66921edf905574b73731aca0632 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 14 Oct 2009 12:27:57 -0500
Subject: [PATCH 4/6] Minor - change input order

---
 main/admin/course_add.php  | 37 +++++++++----------------------------
 main/admin/course_edit.php | 11 +++++++----
 2 files changed, 16 insertions(+), 32 deletions(-)
 mode change 100755 => 100644 main/admin/course_add.php
 mode change 100755 => 100644 main/admin/course_edit.php

diff --git a/main/admin/course_add.php b/main/admin/course_add.php
old mode 100755
new mode 100644
index 53d11ce865..f5eb6cf355
--- a/main/admin/course_add.php
+++ b/main/admin/course_add.php
@@ -1,29 +1,6 @@
 <?php
 // $Id: course_add.php 20441 2009-05-10 07:39:15Z ivantcholakov $
-/*
-==============================================================================
-	Dokeos - elearning and course management software
-
-	Copyright (c) 2004-2009 Dokeos SPRL
-	Copyright (c) 2003 Ghent University (UGent)
-	Copyright (c) 2001 Universite catholique de Louvain (UCL)
-	Copyright (c) Olivier Brouckaert
-	Copyright (c) Bart Mollet, Hogeschool Gent
-
-	For a full list of contributors, see "credits.txt".
-	The full license can be read in "license.txt".
-
-	This program is free software; you can redistribute it and/or
-	modify it under the terms of the GNU General Public License
-	as published by the Free Software Foundation; either version 2
-	of the License, or (at your option) any later version.
-
-	See the GNU General Public License for more details.
-
-	Contact: Dokeos, rue du Corbeau, 108, B-1030 Brussels
-		 Belgium, info@dokeos.com
-==============================================================================
-*/
+/* For licensing terms, see /dokeos_license.txt */
 /**
 ==============================================================================
 *	@package dokeos.admin
@@ -87,6 +64,13 @@ $maxlength = 40 - $dbnamelength;
 // Build the form
 $form = new FormValidator('update_course');
 $form->addElement('header', '', $tool_name);
+
+//Title
+$form->add_textfield('title', get_lang('Title'),true, array ('size' => '60'));
+$form->applyFilter('title','html_filter');
+$form->applyFilter('title','trim');
+
+// code
 $form->add_textfield( 'visual_code', get_lang('CourseCode'),false,array('size'=>'20','maxlength'=>20));
 $form->applyFilter('visual_code','api_strtoupper');
 $form->applyFilter('visual_code','html_filter');
@@ -98,10 +82,7 @@ $form->applyFilter('tutor_id','html_filter');
 $form->addElement('select', 'course_teachers', get_lang('CourseTeachers'), $teachers, 'multiple=multiple size=5');
 $form->applyFilter('course_teachers','html_filter');
 
-//Title
-$form->add_textfield('title', get_lang('Title'),true, array ('size' => '60'));
-$form->applyFilter('title','html_filter');
-$form->applyFilter('title','trim');
+
 
 $categories_select = $form->addElement('select', 'category_code', get_lang('CourseFaculty'), $categories);
 $form->applyFilter('category_code','html_filter');
diff --git a/main/admin/course_edit.php b/main/admin/course_edit.php
old mode 100755
new mode 100644
index be3efd3805..b2c23b28c1
--- a/main/admin/course_edit.php
+++ b/main/admin/course_edit.php
@@ -101,6 +101,12 @@ if(count($course_teachers)==0){
 // Build the form
 $form = new FormValidator('update_course');
 $form->addElement('hidden','code',$course_code);
+
+//title
+$form->add_textfield( 'title', get_lang('Title'),true, array ('size' => '60'));
+$form->applyFilter('title','html_filter');
+$form->applyFilter('title','trim');
+// code
 $form->add_textfield('visual_code', get_lang('CourseCode'));
 $form->applyFilter('visual_code','strtoupper');
 $form->applyFilter('visual_code','html_filter');
@@ -132,10 +138,7 @@ EOT;
 $renderer = $form->defaultRenderer();
 $renderer -> setElementTemplate($element_template, 'group');
 $form -> addGroup($group,'group',get_lang('CourseTeachers'),'</td><td width="50" align="center"><input type="button" onclick="moveItem(document.getElementById(\'platform_teachers\'), document.getElementById(\'course_teachers\'))" value=">>"><br><br><input type="button" onclick="moveItem(document.getElementById(\'course_teachers\'), document.getElementById(\'platform_teachers\'))" value="<<"></td><td>');
-//title
-$form->add_textfield( 'title', get_lang('Title'),true, array ('size' => '60'));
-$form->applyFilter('title','html_filter');
-$form->applyFilter('title','trim');
+
 
 $categories_select = $form->addElement('select', 'category_code', get_lang('CourseFaculty'), $categories);
 CourseManager::select_and_sort_categories($categories_select);

From cf6aa35ef03b91c9e88e069679fd373f13793b34 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 14 Oct 2009 13:14:17 -0500
Subject: [PATCH 5/6] Minor - changing action menu position

---
 main/coursecopy/copy_course_session.php | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/main/coursecopy/copy_course_session.php b/main/coursecopy/copy_course_session.php
index 3223937aac..788c923eb0 100644
--- a/main/coursecopy/copy_course_session.php
+++ b/main/coursecopy/copy_course_session.php
@@ -27,14 +27,12 @@ $xajax = new xajax();
 $xajax -> registerFunction('search_courses');
 
 
-if (!api_is_allowed_to_edit())
-{
+if (!api_is_allowed_to_edit()) {
 	api_not_allowed(true);
 }
 
 //remove memory and time limits as much as possible as this might be a long process...
-if(function_exists('ini_set'))
-{
+if(function_exists('ini_set')) {
 	ini_set('memory_limit','256M');
 	ini_set('max_execution_time',1800);
 }
@@ -87,6 +85,13 @@ function display_form() {
 	$html  = '';
 	$sessions = SessionManager::get_sessions_list();
 
+	// actions
+	$html .= '<div class="sectiontitle">';
+	// link back to the documents overview
+	$html .= '<a href="../admin/index.php">'.Display::return_icon('back.png',get_lang('Back').' '.get_lang('To').' '.get_lang('PlatformAdmin'),array('style'=>'vertical-align:middle')).get_lang('Back').' '.get_lang('To').' '.get_lang('PlatformAdmin').'</a>';
+	$html .= '</div>';
+
+
 	$html .= '<form name="formulaire" method="post" action="'.api_get_self().'" >';
 
 	$html .= '<table border="0" cellpadding="5" cellspacing="0" width="100%" align="center">';
@@ -112,11 +117,7 @@ function display_form() {
 	$html .= '<label for="copy_option_2"><span id="title_option2" style="color:#aaa">'.get_lang('LetMeSelectItems').'</span></label><br/><br/>';
 	$html .= '<button class="save" type="submit" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset))."'".')) return false;">'.get_lang('CopyCourse').'</button></div>';
 
-	// actions
-	$html .= '<div class="sectiontitle">';
-	// link back to the documents overview
-	$html .= '<a href="../admin/index.php">'.Display::return_icon('back.png',get_lang('Back').' '.get_lang('To').' '.get_lang('PlatformAdmin'),array('style'=>'vertical-align:middle')).get_lang('Back').' '.get_lang('To').' '.get_lang('PlatformAdmin').'</a>';
-	$html .= '</div>';
+
 
 
 	$html .= '</td><td width="30%" align="center">';
@@ -407,4 +408,4 @@ if ((isset ($_POST['action']) && $_POST['action'] == 'course_select_form') || (i
 
 /*  FOOTER  */
 
-Display::display_footer();
\ No newline at end of file
+Display::display_footer();

From 0a0c342768d9604325e37d94a492f98efeb16e6b Mon Sep 17 00:00:00 2001
From: Ivan Tcholakov <ivantcholakov@gmail.com>
Date: Wed, 14 Oct 2009 22:51:07 +0300
Subject: [PATCH 6/6] Feature #306 - Deprecation of the functions
 replace_accents() and remove_accents().

---
 main/inc/lib/fileUpload.lib.php | 62 +++++++++++++++++++++------------
 1 file changed, 39 insertions(+), 23 deletions(-)

diff --git a/main/inc/lib/fileUpload.lib.php b/main/inc/lib/fileUpload.lib.php
index 096cd8654a..00f17ff326 100644
--- a/main/inc/lib/fileUpload.lib.php
+++ b/main/inc/lib/fileUpload.lib.php
@@ -71,26 +71,6 @@ function api_replace_parameter($upload_path, $buffer, $param_name="src")
 ==============================================================================
 */
 
-/**
- * Replaces all accentuated characters by non-accentuated characters for filenames, as
- * well as special HTML characters by their HTML entity's first letter.
- *
- * Although this method is not absolute, it gives good results in general. It first
- * transforms the string to HTML entities (&ocirc;, @oslash;, etc) then removes the
- * HTML character part to result in simple characters (o, o, etc).
- * In the case of special characters (out of alphabetical value) like &nbsp; and &lt;,
- * it will still replace them by the first letter of the HTML entity (n, l, ...) but it
- * is still an acceptable method, knowing we're filtering filenames here...
- * @param	string	The accentuated string
- * @return	string	The escaped string, not absolutely correct but satisfying
- */
-function replace_accents($string){
-	global $charset;
-	$string = api_htmlentities($string,ENT_QUOTES,$charset);
-	$res = preg_replace("/&([a-z])[a-z]+;/i","$1",$string);
-	return $res;
-}
-
 //------------------------------------------------------------------------------
 
 /**
@@ -1903,9 +1883,45 @@ $handle=opendir($path);
 	}
 }
 
-// could be usefull in some cases...
-function remove_accents($string){
+
+/*
+==============================================================================
+		DEPRECATED FUNCTIONS
+==============================================================================
+*/
+
+/**
+ * @deprecated Use transliteration instead, it is applicable for all languages.
+ *
+ * Replaces all accentuated characters by non-accentuated characters for filenames, as
+ * well as special HTML characters by their HTML entity's first letter.
+ *
+ * Although this method is not absolute, it gives good results in general. It first
+ * transforms the string to HTML entities (&ocirc;, @oslash;, etc) then removes the
+ * HTML character part to result in simple characters (o, o, etc).
+ * In the case of special characters (out of alphabetical value) like &nbsp; and &lt;,
+ * it will still replace them by the first letter of the HTML entity (n, l, ...) but it
+ * is still an acceptable method, knowing we're filtering filenames here...
+ * @param	string	The accentuated string
+ * @return	string	The escaped string, not absolutely correct but satisfying
+ */
+function replace_accents($string, $encoding = null){
+	/*
+	global $charset;
+	$string = api_htmlentities($string,ENT_QUOTES,$charset);
+	$res = preg_replace("/&([a-z])[a-z]+;/i","$1",$string);
+	return $res;
+	*/
+	return api_transliterate($string, 'x', $encoding);
+}
+
+/**
+ *  @deprecated Use transliteration instead, it is applicable for all languages.
+ */
+function remove_accents($string, $encoding = null){
+	/*
 	$string = strtr ( $string, "�����������������������������������������������������", "AAAAAAaaaaaaOOOOOOooooooEEEEeeeeCcIIIIiiiiUUUUuuuuyNn");
 	return $string;
+	*/
+	return api_transliterate($string, 'x', $encoding);
 }
-?>