Add intval + Security::remove_XSS

Author: jmontoyaa

main/admin/ldap_users_list.php

@@ -78,7 +78,7 @@
 				}
 				if (isset($_GET['id_session']) && ($_GET['id_session'] == strval(intval($_GET['id_session']))) && ($_GET['id_session']>0)) {
 					ldap_add_user_to_session($UserList, $_GET['id_session']);
-					header('Location: resume_session.php?id_session='.$_GET['id_session']);
+					header('Location: resume_session.php?id_session='.intval($_GET['id_session']));
 				} else {
 					Display :: display_header($tool_name);
 					if(count($userid_match_login)>0)

main/coursecopy/copy_course.php

@@ -61,7 +61,9 @@
     $cr->set_file_option($_POST['same_file_name_option']);
     $cr->restore($_POST['destination_course']);
     Display::display_normal_message(
-        get_lang('CopyFinished').': <a href="'.api_get_course_url($_POST['destination_course']).'">'.$_POST['destination_course'].'</a>',
+        get_lang('CopyFinished').': <a href="'.api_get_course_url($_POST['destination_course']).'">'.
+        Security::remove_XSS($_POST['destination_course']).
+        '</a>',
         false
     );
 } elseif (Security::check_token('post') && (

main/dropbox/index.php

@@ -32,15 +32,15 @@
 // Build URL-parameters for table-sorting
 $sort_params = array();
 if (isset($_GET['dropbox_column'])) {
-    $sort_params[] = 'dropbox_column='.$_GET['dropbox_column'];
+    $sort_params[] = 'dropbox_column='.intval($_GET['dropbox_column']);
 }
 if (isset($_GET['dropbox_page_nr'])) {
     $sort_params[] = 'page_nr='.intval($_GET['page_nr']);
 }
 if (isset($_GET['dropbox_per_page'])) {
     $sort_params[] = 'dropbox_per_page='.intval($_GET['dropbox_per_page']);
 }
-if (isset($_GET['dropbox_direction'])) {
+if (isset($_GET['dropbox_direction']) && in_array($_GET['dropbox_direction'], ['ASC', 'DESC'])) {
     $sort_params[] = 'dropbox_direction='.$_GET['dropbox_direction'];
 }
 

main/gradebook/index.php

@@ -104,27 +104,18 @@ function confirmation() {
 $_GET['selectcat'] = $cats[0]->get_id();
 
 if (isset($_GET['isStudentView'])) {
-    if ( (isset($_GET['selectcat']) && $_GET['selectcat']>0) && (isset($_SESSION['studentview']) && $_SESSION['studentview']=='studentview') ) {
-        $interbreadcrumb[]= array ('url' => 'index.php'.'?selectcat=0&isStudentView='.$_GET['isStudentView'],'name' => get_lang('ToolGradebook'));
+    if ((isset($_GET['selectcat']) && $_GET['selectcat'] > 0) && (isset($_SESSION['studentview']) && $_SESSION['studentview'] == 'true')) {
+        $interbreadcrumb[] = array(
+            'url' => 'index.php'.'?selectcat=0&isStudentView=true',
+            'name' => get_lang('ToolGradebook'),
+        );
     }
 }
 
 if ((isset($_GET['selectcat']) && $_GET['selectcat']>0) &&
-    (isset($_SESSION['studentview']) && $_SESSION['studentview']=='studentview')
+    (isset($_SESSION['studentview']) && $_SESSION['studentview']=='true')
 ) {
-    /*Display :: display_header();
-    //Introduction tool: student view
-    Display::display_introduction_section(TOOL_GRADEBOOK, array('ToolbarSet' => 'AssessmentsIntroduction'));
-    $category = $_GET['selectcat'];
-    $cats = Category :: load ($category, null, null, null, null, null, false);
-    $allcat = $cats[0]->get_subcategories($stud_id, $course_code, $session_id);
-    $alleval = $cats[0]->get_evaluations($stud_id);
-    $alllink = $cats[0]->get_links($stud_id);
-    $addparams = array();
-    $gradebooktable= new GradebookTable($cats[0], $allcat, $alleval,$alllink, $addparams);
-    $gradebooktable->display();
-    Display :: display_footer();
-    exit;*/
+
 } else {
     if (!isset($_GET['selectcat']) &&
         ($_SESSION['studentview']=='studentview') ||

main/inc/lib/course_home.lib.php

@@ -1184,7 +1184,7 @@ public static function show_navigation_menu()
                 }
 
                 if (stristr($url_item['path'], $url_current['path'])) {
-                    if (!isset($_GET['learnpath_id']) || strpos($url_item['query'], 'learnpath_id='.$_GET['learnpath_id']) === 0) {
+                    if (!isset($_GET['learnpath_id']) || strpos($url_item['query'], 'learnpath_id='.intval($_GET['learnpath_id'])) === 0) {
                         $html .= ' id="here"';
                     }
                 }

main/mySpace/student.php

@@ -56,6 +56,7 @@ function get_users($from, $limit, $column, $direction)
     $active = isset($_GET['active']) ? $_GET['active'] : 1;
     $keyword = isset($_GET['keyword']) ? Security::remove_XSS($_GET['keyword']) : null;
     $sleepingDays = isset($_GET['sleeping_days']) ? intval($_GET['sleeping_days']) : null;
+    $sessionId = isset($_GET['id_session']) ? (int) $_GET['id_session'] : 0;
 
     $lastConnectionDate = null;
     if (!empty($sleepingDays)) {
@@ -111,7 +112,7 @@ function get_users($from, $limit, $column, $direction)
     foreach ($students as $student_data) {
         $student_id = $student_data['user_id'];
         if (isset($_GET['id_session'])) {
-            $courses = Tracking :: get_course_list_in_session_from_student($student_id, $_GET['id_session']);
+            $courses = Tracking :: get_course_list_in_session_from_student($student_id, $sessionId);
         }
 
         $avg_time_spent = $avg_student_score = $avg_student_progress = $total_assignments = $total_messages = 0;
@@ -121,8 +122,8 @@ function get_users($from, $limit, $column, $direction)
                 $courseInfo = api_get_course_info($course_code);
                 $courseId = $courseInfo['real_id'];
                 if (CourseManager :: is_user_subscribed_in_course($student_id, $course_code, true)) {
-                    $avg_time_spent 	+= Tracking :: get_time_spent_on_the_course($student_id, $courseId, $_GET['id_session']);
-                    $my_average 		 = Tracking :: get_avg_student_score($student_id, $course_code);
+                    $avg_time_spent += Tracking :: get_time_spent_on_the_course($student_id, $courseId, $sessionId);
+                    $my_average = Tracking :: get_avg_student_score($student_id, $course_code);
                     if (is_numeric($my_average)) {
                         $avg_student_score += $my_average;
                     }
@@ -158,7 +159,7 @@ function get_users($from, $limit, $column, $direction)
         $row[] = $string_date;
 
         if (isset($_GET['id_coach']) && intval($_GET['id_coach']) != 0) {
-            $detailsLink = '<a href="myStudents.php?student='.$student_id.'&id_coach='.$coach_id.'&id_session='.$_GET['id_session'].'">
+            $detailsLink = '<a href="myStudents.php?student='.$student_id.'&id_coach='.$coach_id.'&id_session='.$sessionId.'">
 				            '.Display::return_icon('2rightarrow.png').'</a>';
         } else {
             $detailsLink =  '<a href="myStudents.php?student='.$student_id.'">

main/mySpace/teachers.php

@@ -58,6 +58,7 @@ function get_users($from, $limit, $column, $direction)
     $active = isset($_GET['active']) ? $_GET['active'] : 1;
     $keyword = isset($_GET['keyword']) ? Security::remove_XSS($_GET['keyword']) : null;
     $sleepingDays = isset($_GET['sleeping_days']) ? intval($_GET['sleeping_days']) : null;
+    $sessionId = isset($_GET['id_session']) ? (int) $_GET['id_session'] : 0;
 
     $lastConnectionDate = null;
     if (!empty($sleepingDays)) {
@@ -159,7 +160,7 @@ function get_users($from, $limit, $column, $direction)
         $row[] = $string_date;
 
         if (isset($_GET['id_coach']) && intval($_GET['id_coach']) != 0) {
-            $detailsLink = '<a href="myStudents.php?student='.$student_id.'&id_coach='.$coach_id.'&id_session='.$_GET['id_session'].'">
+            $detailsLink = '<a href="myStudents.php?student='.$student_id.'&id_coach='.$coach_id.'&id_session='.$sessionId.'">
 				          '.Display::return_icon('2rightarrow.png', get_lang('Details')).'</a>';
         } else {
             $detailsLink =  '<a href="myStudents.php?student='.$student_id.'">

main/mySpace/users.php

@@ -57,7 +57,7 @@ function get_users($from, $limit, $column, $direction)
     $keyword = isset($_GET['keyword']) ? Security::remove_XSS($_GET['keyword']) : null;
     $sleepingDays = isset($_GET['sleeping_days']) ? intval($_GET['sleeping_days']) : null;
     $status = isset($_GET['status']) ? Security::remove_XSS($_GET['status']) : null;
-
+    $sessionId = isset($_GET['id_session']) ? (int) $_GET['id_session'] : 0;
 
     $lastConnectionDate = null;
     if (!empty($sleepingDays)) {
@@ -160,7 +160,7 @@ function get_users($from, $limit, $column, $direction)
         $row[] = $string_date;
 
         if (isset($_GET['id_coach']) && intval($_GET['id_coach']) != 0) {
-            $detailsLink = '<a href="myStudents.php?student='.$student_id.'&id_coach='.$coach_id.'&id_session='.$_GET['id_session'].'">
+            $detailsLink = '<a href="myStudents.php?student='.$student_id.'&id_coach='.$coach_id.'&id_session='.$sessionId.'">
 				            '.Display::return_icon('2rightarrow.png', get_lang('Details')).'</a>';
         } else {
             $detailsLink =  '<a href="myStudents.php?student='.$student_id.'">

main/resourcelinker/resourcelinker.inc.php

@@ -1275,41 +1275,8 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
 				$link .= "../phpbb/viewtopic.php?topic=".$myrow["topic_id"]."&forum=".$myrow["forum_id"]."&md5=".$myrow["md5"];
 			}
 			break;
-
 		case "Post":
-			/* todo REVIEW THIS SECTION - NOT USING VALID TABLES ANYMORE
-			$tbl_posts       = $_course['dbNameGlu'].'bb_posts';
-			$tbl_posts_text  = $_course['dbNameGlu'].'bb_posts_text';
-			$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
-			$result= Database::query("SELECT * FROM $tbl_posts where post_id=$id");
-			$myrow=Database::fetch_array($result);
-			// grabbing the title of the post
-			$sql_titel="SELECT * FROM $tbl_posts_text WHERE post_id=".$myrow["post_id"];
-			$result_titel=Database::query($sql_titel);
-			$myrow_titel=Database::fetch_array($result_titel);
-
-			$sql="select * from $tbl_learnpath_item where id=$id_in_path";
-			$result=Database::query($sql);	$row=Database::fetch_array($result);
-			if ($row['title'] != '') { $myrow_titel["post_title"]=$row['title']; }
-			$desc=$row['description'];
-    		$link .= str_repeat(" >",$level);
-
-			$posternom=$myrow['nom'];				$posterprenom=$myrow['prenom'];
-			$posttime=$myrow['post_time'];			$posttext=$myrow_titel['post_text'];
-			$posttitle=$myrow_titel['post_title'];
-			$posttext = str_replace('"',"'",$posttext);
-
-			if ($builder != 'builder')
-			{
-				$link .= api_get_self()."?action=closelesson&source_forum=".$_GET['source_forum']."&how=complete&id_in_path=$id_in_path&learnpath_id=$learnpath_id&type=Post&origin=$origin&posternom=$posternom&posterprenom=$posterprenom&posttime=$posttime&posttext=$posttext&posttitle=$posttitle#$id_in_path";
-			}
-			else
-			{
-				$link .= "../phpbb/viewtopic.php?topic=".$myrow["topic_id"]."&forum=".$myrow["forum_id"]."&md5=".$myrow["md5"];
-			}
-			*/
 			break;
-
 		case "Document":
 			$dbTable  = Database::get_course_table(TABLE_DOCUMENT);
 			$result=Database::query("SELECT * FROM $dbTable WHERE id=$id",__FILE__,__LINE);

main/social/profile.php

@@ -38,7 +38,7 @@
     $messageId = 0;
     $messageContent = $_POST['social_wall_new_msg_main'];
     if (!empty($_POST['url_content'])) {
-        $messageContent = $_POST['social_wall_new_msg_main'].'<br><br>'.$_POST['url_content'];
+        $messageContent = $_POST['social_wall_new_msg_main'].'<br /><br />'.$_POST['url_content'];
     }
     $idMessage = SocialManager::sendWallMessage(
         api_get_user_id(),