merge

main/admin/course_add.php

@@ -1,29 +1,6 @@
 <?php
 // $Id: course_add.php 20441 2009-05-10 07:39:15Z ivantcholakov $
-/*
+/* For licensing terms, see /dokeos_license.txt */
-==============================================================================
-	Dokeos - elearning and course management software
-
-	Copyright (c) 2004-2009 Dokeos SPRL
-	Copyright (c) 2003 Ghent University (UGent)
-	Copyright (c) 2001 Universite catholique de Louvain (UCL)
-	Copyright (c) Olivier Brouckaert
-	Copyright (c) Bart Mollet, Hogeschool Gent
-
-	For a full list of contributors, see "credits.txt".
-	The full license can be read in "license.txt".
-
-	This program is free software; you can redistribute it and/or
-	modify it under the terms of the GNU General Public License
-	as published by the Free Software Foundation; either version 2
-	of the License, or (at your option) any later version.
-
-	See the GNU General Public License for more details.
-
-	Contact: Dokeos, rue du Corbeau, 108, B-1030 Brussels
-		 Belgium, info@dokeos.com
-==============================================================================
-*/
 /**
 ==============================================================================
 *	@package dokeos.admin
@@ -87,6 +64,13 @@ $maxlength = 40 - $dbnamelength;
 // Build the form
 $form = new FormValidator('update_course');
 $form->addElement('header', '', $tool_name);
+
+//Title
+$form->add_textfield('title', get_lang('Title'),true, array ('size' => '60'));
+$form->applyFilter('title','html_filter');
+$form->applyFilter('title','trim');
+
+// code
 $form->add_textfield( 'visual_code', get_lang('CourseCode'),false,array('size'=>'20','maxlength'=>20));
 $form->applyFilter('visual_code','api_strtoupper');
 $form->applyFilter('visual_code','html_filter');
@@ -98,10 +82,7 @@ $form->applyFilter('tutor_id','html_filter');
 $form->addElement('select', 'course_teachers', get_lang('CourseTeachers'), $teachers, 'multiple=multiple size=5');
 $form->applyFilter('course_teachers','html_filter');
 
-//Title
+
-$form->add_textfield('title', get_lang('Title'),true, array ('size' => '60'));
-$form->applyFilter('title','html_filter');
-$form->applyFilter('title','trim');
 
 $categories_select = $form->addElement('select', 'category_code', get_lang('CourseFaculty'), $categories);
 $form->applyFilter('category_code','html_filter');

main/admin/course_edit.php

@@ -101,6 +101,12 @@ if(count($course_teachers)==0){
 // Build the form
 $form = new FormValidator('update_course');
 $form->addElement('hidden','code',$course_code);
+
+//title
+$form->add_textfield( 'title', get_lang('Title'),true, array ('size' => '60'));
+$form->applyFilter('title','html_filter');
+$form->applyFilter('title','trim');
+// code
 $form->add_textfield('visual_code', get_lang('CourseCode'));
 $form->applyFilter('visual_code','strtoupper');
 $form->applyFilter('visual_code','html_filter');
@@ -132,10 +138,7 @@ EOT;
 $renderer = $form->defaultRenderer();
 $renderer -> setElementTemplate($element_template, 'group');
 $form -> addGroup($group,'group',get_lang('CourseTeachers'),'</td><td width="50" align="center"><input type="button" onclick="moveItem(document.getElementById(\'platform_teachers\'), document.getElementById(\'course_teachers\'))" value=">>"><br><br><input type="button" onclick="moveItem(document.getElementById(\'course_teachers\'), document.getElementById(\'platform_teachers\'))" value="<<"></td><td>');
-//title
+
-$form->add_textfield( 'title', get_lang('Title'),true, array ('size' => '60'));
-$form->applyFilter('title','html_filter');
-$form->applyFilter('title','trim');
 
 $categories_select = $form->addElement('select', 'category_code', get_lang('CourseFaculty'), $categories);
 CourseManager::select_and_sort_categories($categories_select);

main/course_home/activity.php

@@ -191,17 +191,17 @@ function show_tools_category($course_tool_category)
 				{
 					$sql_blogs = "
 						SELECT *
-						FROM " . $tbl_blogs_rel_user . " `blogs_rel_user`
+						FROM " . $tbl_blogs_rel_user . " blogs_rel_user
-						WHERE `blog_id` = " . $blog_id;
+						WHERE blog_id = " . $blog_id;
 				}
 				else
 				{
 					$sql_blogs = "
 						SELECT *
-						FROM " . $tbl_blogs_rel_user . " `blogs_rel_user`
+						FROM " . $tbl_blogs_rel_user . " blogs_rel_user
 						WHERE
-							`blog_id` = " . $blog_id . " AND
+							blog_id = " . $blog_id . " AND
-							`user_id` = " . api_get_user_id();
+							user_id = " . api_get_user_id();
 				}
 
 				$result_blogs = Database::query($sql_blogs, __FILE__, __LINE__);
@@ -392,7 +392,8 @@ function show_tools_category($course_tool_category)
 */
 
 if (isset($_GET['sent_http_request']) && $_GET['sent_http_request']==1) {
-	if(api_is_allowed_to_edit()) {
+	if(api_is_allowed_to_edit()) { 
+
 		$tool_table = Database::get_course_table(TABLE_TOOL_LIST);
 		$tool_id = Security::remove_XSS($_GET["id"]);
 		$tool_info = api_get_tool_information($tool_id);
@@ -488,7 +489,7 @@ if(api_is_platform_admin())
 			<?php echo get_lang("DelLk")?>
 			<br />&nbsp;&nbsp;&nbsp;
 			<a href="<?php echo api_get_self()?>"><?php echo get_lang("No")?></a>&nbsp;|&nbsp;
-			<a href="<?php echo api_get_self()?>?delete=yes&id=<?php echo $_GET["id"]?>"><?php echo get_lang("Yes")?></a>
+			<a href="<?php echo api_get_self()?>?delete=yes&id=<?php echo Security::remove_XSS($_GET['id'])?>"><?php echo get_lang("Yes")?></a>
 			</div>
 		<?php
 	}
@@ -497,8 +498,9 @@ if(api_is_platform_admin())
 	 * Process hiding a tools from available tools.
 	 */
 
-	elseif(isset($_GET["delete"]) && $_GET["delete"])
+	elseif(isset($_GET["delete"]) && $_GET["delete"]) {
-	{
+		//where $id is set?
+		$id = intval($id);
 		Database::query("DELETE FROM $tool_table WHERE id='$id' AND added_tool=1",__FILE__,__LINE__);
 	}
 }
@@ -521,7 +523,13 @@ function show_session_data($id_session) {
 	$session_table = Database::get_main_table(TABLE_MAIN_SESSION);
 	$user_table = Database::get_main_table(TABLE_MAIN_USER);
 	$session_category_table = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY);
-
+	
+	if ($id_session!=strval(intval($id_session))) {
+		return '';
+	} else {
+		$id_session = intval($id_session);
+	}
+	
 	$sql = 'SELECT name, nbr_courses, nbr_users, nbr_classes, DATE_FORMAT(date_start,"%d-%m-%Y") as date_start, DATE_FORMAT(date_end,"%d-%m-%Y") as date_end, lastname, firstname, username, session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end, session_category_id, visibility
 				FROM '.$session_table.'
 			LEFT JOIN '.$user_table.'
@@ -579,7 +587,7 @@ if(api_is_allowed_to_edit())
     }
 
 ?>
-	<div class="courseadminview" style="border:0px;">
+	<div class="courseadminview" style="border:0px; margin-top: 0px;padding:5px 0px;">
 		<div class="normal-message" id="id_normal_message" style="display:none">		
 		<?php			
 			echo '<img src="'.$server_protocol.$current_host.'/'.$path_work.'main/inc/lib/javascript/indicator.gif"/>'."&nbsp;&nbsp;";

main/coursecopy/copy_course_session.php

@@ -27,14 +27,12 @@ $xajax = new xajax();
 $xajax -> registerFunction('search_courses');
 
 
-if (!api_is_allowed_to_edit())
+if (!api_is_allowed_to_edit()) {
-{
 	api_not_allowed(true);
 }
 
 //remove memory and time limits as much as possible as this might be a long process...
-if(function_exists('ini_set'))
+if(function_exists('ini_set')) {
-{
 	ini_set('memory_limit','256M');
 	ini_set('max_execution_time',1800);
 }
@@ -87,6 +85,13 @@ function display_form() {
 	$html  = '';
 	$sessions = SessionManager::get_sessions_list();
 
+	// actions
+	$html .= '<div class="sectiontitle">';
+	// link back to the documents overview
+	$html .= '<a href="../admin/index.php">'.Display::return_icon('back.png',get_lang('Back').' '.get_lang('To').' '.get_lang('PlatformAdmin'),array('style'=>'vertical-align:middle')).get_lang('Back').' '.get_lang('To').' '.get_lang('PlatformAdmin').'</a>';
+	$html .= '</div>';
+
+
 	$html .= '<form name="formulaire" method="post" action="'.api_get_self().'" >';
 
 	$html .= '<table border="0" cellpadding="5" cellspacing="0" width="100%" align="center">';
@@ -112,11 +117,7 @@ function display_form() {
 	$html .= '<label for="copy_option_2"><span id="title_option2" style="color:#aaa">'.get_lang('LetMeSelectItems').'</span></label><br/><br/>';
 	$html .= '<button class="save" type="submit" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset))."'".')) return false;">'.get_lang('CopyCourse').'</button></div>';
 
-	// actions
+
-	$html .= '<div class="sectiontitle">';
-	// link back to the documents overview
-	$html .= '<a href="../admin/index.php">'.Display::return_icon('back.png',get_lang('Back').' '.get_lang('To').' '.get_lang('PlatformAdmin'),array('style'=>'vertical-align:middle')).get_lang('Back').' '.get_lang('To').' '.get_lang('PlatformAdmin').'</a>';
-	$html .= '</div>';
 
 
 	$html .= '</td><td width="30%" align="center">';
@@ -407,4 +408,4 @@ if ((isset ($_POST['action']) && $_POST['action'] == 'course_select_form') || (i
 
 /*  FOOTER  */
 
-Display::display_footer();
+Display::display_footer();

main/inc/lib/fileUpload.lib.php

@@ -71,26 +71,6 @@ function api_replace_parameter($upload_path, $buffer, $param_name="src")
 ==============================================================================
 */
 
-/**
- * Replaces all accentuated characters by non-accentuated characters for filenames, as
- * well as special HTML characters by their HTML entity's first letter.
- *
- * Although this method is not absolute, it gives good results in general. It first
- * transforms the string to HTML entities (ô, @oslash;, etc) then removes the
- * HTML character part to result in simple characters (o, o, etc).
- * In the case of special characters (out of alphabetical value) like   and <,
- * it will still replace them by the first letter of the HTML entity (n, l, ...) but it
- * is still an acceptable method, knowing we're filtering filenames here...
- * @param	string	The accentuated string
- * @return	string	The escaped string, not absolutely correct but satisfying
- */
-function replace_accents($string){
-	global $charset;
-	$string = api_htmlentities($string,ENT_QUOTES,$charset);
-	$res = preg_replace("/&([a-z])[a-z]+;/i","$1",$string);
-	return $res;
-}
-
 //------------------------------------------------------------------------------
 
 /**
@@ -1903,9 +1883,45 @@ $handle=opendir($path);
 	}
 }
 
-// could be usefull in some cases...
+
-function remove_accents($string){
+/*
+==============================================================================
+		DEPRECATED FUNCTIONS
+==============================================================================
+*/
+
+/**
+ * @deprecated Use transliteration instead, it is applicable for all languages.
+ *
+ * Replaces all accentuated characters by non-accentuated characters for filenames, as
+ * well as special HTML characters by their HTML entity's first letter.
+ *
+ * Although this method is not absolute, it gives good results in general. It first
+ * transforms the string to HTML entities (ô, @oslash;, etc) then removes the
+ * HTML character part to result in simple characters (o, o, etc).
+ * In the case of special characters (out of alphabetical value) like   and <,
+ * it will still replace them by the first letter of the HTML entity (n, l, ...) but it
+ * is still an acceptable method, knowing we're filtering filenames here...
+ * @param	string	The accentuated string
+ * @return	string	The escaped string, not absolutely correct but satisfying
+ */
+function replace_accents($string, $encoding = null){
+	/*
+	global $charset;
+	$string = api_htmlentities($string,ENT_QUOTES,$charset);
+	$res = preg_replace("/&([a-z])[a-z]+;/i","$1",$string);
+	return $res;
+	*/
+	return api_transliterate($string, 'x', $encoding);
+}
+
+/**
+ *  @deprecated Use transliteration instead, it is applicable for all languages.
+ */
+function remove_accents($string, $encoding = null){
+	/*
 	$string = strtr ( $string, "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>", "AAAAAAaaaaaaOOOOOOooooooEEEEeeeeCcIIIIiiiiUUUUuuuuyNn");
 	return $string;
+	*/
+	return api_transliterate($string, 'x', $encoding);
 }
-?>

main/inc/lib/usermanager.lib.php

@@ -1287,6 +1287,8 @@ class UserManager {
 		// A sanity check.
 		if (empty($user_id)) {
 			$user_id = 0;
+		} else {
+			if ($user_id != strval(intval($user_id))) return array();
 		}
 		$extra_data = array();
 		$t_uf = Database::get_main_table(TABLE_MAIN_USER_FIELD);
@@ -1349,6 +1351,8 @@ class UserManager {
 		// A sanity check.
 		if (empty($user_id)) {
 			$user_id = 0;
+		} else {
+			if ($user_id != strval(intval($user_id))) return array();
 		}
 		$extra_data = array();
 		$t_uf = Database::get_main_table(TABLE_MAIN_USER_FIELD);
@@ -1505,7 +1509,7 @@ class UserManager {
 		$tbl_session				= Database :: get_main_table(TABLE_MAIN_SESSION);
 		$tbl_session_course			= Database :: get_main_table(TABLE_MAIN_SESSION_COURSE);
 		$tbl_session_course_user	= Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
-		$user_id = intval($user_id);
+		if ($user_id != strval(intval($user_id))) return array();
 
 		$categories = array();
 		if ($fill_first) {
@@ -1539,8 +1543,10 @@ class UserManager {
 								ORDER BY session_category_id, date_start, date_end";
 
 		$result = Database::query($sessions_sql,__FILE__,__LINE__);
-		while ($row = Database::fetch_array($result)) {
+		if (Database::num_rows($result)>0) {			 
-			$categories[$row['session_category_id']][] = $row['id'];
+			while ($row = Database::fetch_array($result)) {
+				$categories[$row['session_category_id']][] = $row['id'];
+			}
 		}
 
 		// get the list of sessions where the user is subscribed as coach in a course $tbl_session_course_user
@@ -1560,8 +1566,10 @@ class UserManager {
 								ORDER BY session_category_id, date_start, date_end";
 
 		$result = Database::query($sessions_sql,__FILE__,__LINE__);
-		while ($row = Database::fetch_array($result)) {
+		if (Database::num_rows($result)>0) {
-			$categories[$row['session_category_id']][] = $row['id'];
+			while ($row = Database::fetch_array($result)) {
+				$categories[$row['session_category_id']][] = $row['id'];
+			}
 		}
 
 		// get the list of sessions where the user is subscribed as coach
@@ -1571,8 +1579,10 @@ class UserManager {
 								ORDER BY session_category_id, date_start, date_end";
 
 		$result = Database::query($sessions_sql,__FILE__,__LINE__);
-		while ($row = Database::fetch_array($result)) {
+		if (Database::num_rows($result)>0) {
-			$categories[$row['session_category_id']][] = $row['id'];
+			while ($row = Database::fetch_array($result)) {
+				$categories[$row['session_category_id']][] = $row['id'];
+			}
 		}
 		return $categories;
 	}
@@ -1592,8 +1602,9 @@ class UserManager {
 		$tbl_course_user 			= Database :: get_main_table(TABLE_MAIN_COURSE_USER);
 		$tbl_session_course 		= Database :: get_main_table(TABLE_MAIN_SESSION_COURSE);
 		$tbl_session_course_user 	= Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
-
+		
-		$user_id = Database::escape_string($user_id);
+		if ($user_id != strval(intval($user_id))) return array();
+		
 		//we filter the courses from the URL
 		$join_access_url = $where_access_url = '';
 		global $_configuration;

main/install/dokeos_main.sql

@@ -451,10 +451,12 @@ CREATE TABLE session (
   nb_days_access_after_end TINYINT UNSIGNED NULL default '0',
   session_admin_id INT UNSIGNED NOT NULL,
   visibility int NOT NULL default 1,
+  session_category_id int NOT NULL,
   PRIMARY KEY  (id),
   INDEX (session_admin_id),
   UNIQUE KEY name (name)
 );
+
 -- --------------------------------------------------------
 
 --
@@ -481,6 +483,7 @@ CREATE TABLE session_rel_course_rel_user (
   course_code char(40) NOT NULL default '',
   id_user int unsigned NOT NULL default '0',
   visibility int NOT NULL default 1,
+  status int NOT NULL default 0,
   PRIMARY KEY  (id_session,course_code,id_user),
   KEY id_user (id_user),
   KEY course_code (course_code)
@@ -2256,6 +2259,3 @@ CREATE TABLE session_category (
   date_end date default NULL,
   PRIMARY KEY  (id)
 );
-
-ALTER TABLE session ADD COLUMN session_category_id INT NOT NULL;
-ALTER TABLE session_rel_course_rel_user ADD status TINYINT NOT NULL DEFAULT 0;

main/install/migrate-db-1.8.6.1-1.8.6.2-pre.sql

@@ -14,9 +14,11 @@
 -- xxMAINxx
 ALTER TABLE gradebook_evaluation ADD COLUMN type varchar(40) NOT NULL;
 ALTER TABLE session ADD COLUMN visibility int NOT NULL default 1;
+ALTER TABLE session ADD COLUMN session_category_id INT NOT NULL;
+
 ALTER TABLE session_rel_course_rel_user ADD COLUMN visibility int NOT NULL default 1;
+ALTER TABLE session_rel_course_rel_user ADD COLUMN status int NOT NULL default 0;
 CREATE TABLE session_category (id int(11) NOT NULL auto_increment, name varchar(100) default NULL, date_start date default NULL, date_end date default NULL, PRIMARY KEY  (id));
-ALTER TABLE session ADD COLUMN session_category_id INT NOT NULL;
 
 
 INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url_changeable) VALUES ('allow_coach_to_edit_course_session', NULL, 'radio', 'Course', 'false', 'AllowCoachsToEditInsideTrainingSessions', 'AllowCoachsToEditInsideTrainingSessionsComment', NULL, NULL, 0);
@@ -42,6 +44,5 @@ ALTER TABLE link ADD COLUMN session_id smallint DEFAULT 0, ADD INDEX (session_id
 ALTER TABLE wiki ADD COLUMN session_id smallint DEFAULT 0, ADD INDEX (session_id);
 ALTER TABLE tool ADD COLUMN session_id smallint DEFAULT 0, ADD INDEX (session_id);
 ALTER TABLE link_category ADD COLUMN session_id smallint DEFAULT 0, ADD INDEX (session_id);
-ALTER TABLE session_rel_course_rel_user ADD status TINYINT NOT NULL DEFAULT 0;
 ALTER TABLE item_property ADD id_session INT NOT NULL DEFAULT 0;
 ALTER TABLE item_property DROP INDEX idx_item_property_toolref, ADD INDEX idx_item_property_toolref (tool, ref, id_session);