Skip to content

Commit 6a98e32

Browse files
committed
Sepe plugin: Add Database::escape_string
1 parent 2d6ae83 commit 6a98e32

File tree

1 file changed

+12
-14
lines changed

1 file changed

+12
-14
lines changed

plugin/sepe/ws/service.php

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,7 @@
11
<?php
2+
23
/* For licensing terms, see /license.txt */
3-
/**
4-
* @package chamilo.webservices
5-
*/
4+
65
ini_set('log_errors_max_len', 0);
76
ini_set('soap.wsdl_cache_enabled', '0');
87
ini_set('soap.wsdl_cache_ttl', '0');
@@ -16,7 +15,6 @@
1615

1716
require_once $libpath.'nusoap/class.nusoap_base.php';
1817
require_once api_get_path(SYS_PLUGIN_PATH).'sepe/src/wsse/soap-server-wsse.php';
19-
//require_once api_get_path(SYS_PLUGIN_PATH).'sepe/src/wsse/soap-wsse.php';
2018

2119
$ns = api_get_path(WEB_PLUGIN_PATH)."sepe/ws/ProveedorCentroTFWS.wsdl";
2220
$wsdl = api_get_path(SYS_PLUGIN_PATH)."sepe/ws/ProveedorCentroTFWS.wsdl";
@@ -90,24 +88,24 @@ function authenticate($WSUser, $WSKey)
9088
$tUser = Database::get_main_table(TABLE_MAIN_USER);
9189
$tApi = Database::get_main_table(TABLE_MAIN_USER_API_KEY);
9290
$login = Database::escape_string($WSUser);
93-
$sql = "SELECT u.user_id, u.status FROM $tUser u, $tApi a
94-
WHERE
95-
u.username='".$login."' AND
96-
u.user_id = a.user_id AND
97-
a.api_service = 'dokeos' AND
91+
$WSKey = Database::escape_string($WSKey);
92+
93+
$sql = "SELECT u.user_id, u.status FROM $tUser u, $tApi a
94+
WHERE
95+
u.username='".$login."' AND
96+
u.user_id = a.user_id AND
97+
a.api_service = 'dokeos' AND
9898
a.api_key='".$WSKey."'";
9999
$result = Database::query($sql);
100100

101101
if (Database::num_rows($result) > 0) {
102102
$row = Database::fetch_row($result);
103-
if ($row[1] == '4') { //UserManager::is_admin($row[0])) {
103+
if ($row[1] == '4') {
104104
return true;
105-
} else {
106-
return false;
107105
}
108-
} else {
109-
return false;
110106
}
107+
108+
return false;
111109
}
112110

113111
$doc = new DOMDocument();

0 commit comments

Comments
 (0)