Skip to content

Commit dc86adc

Browse files
committed
Add int casting + Database::escape_string + format code
1 parent 32e6cbf commit dc86adc

File tree

4 files changed

+154
-114
lines changed

4 files changed

+154
-114
lines changed

plugin/sepe/src/formative-action-edit.php

Lines changed: 54 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -41,43 +41,43 @@
4141
$endDate = $yearEnd."-".$monthEnd."-".$dayEnd;
4242

4343
if (!empty($actionId) && $actionId != '0') {
44-
$sql = "UPDATE plugin_sepe_actions SET
45-
action_origin='".$actionOrigin."',
46-
action_code='".$actionCode."',
47-
situation='".$situation."',
48-
specialty_origin='".$specialtyOrigin."',
49-
professional_area='".$professionalArea."',
50-
specialty_code='".$specialtyCode."',
51-
duration='".$duration."',
52-
start_date='".$startDate."',
53-
end_date='".$endDate."',
54-
full_itinerary_indicator='".$fullItineraryIndicator."',
55-
financing_type='".$financingType."',
56-
attendees_count='".$attendeesCount."',
57-
action_name='".$actionName."',
58-
global_info='".$globalInfo."',
59-
schedule='".$schedule."',
60-
requirements='".$requirements."',
61-
contact_action='".$contactAction."'
44+
$sql = "UPDATE plugin_sepe_actions SET
45+
action_origin='".$actionOrigin."',
46+
action_code='".$actionCode."',
47+
situation='".$situation."',
48+
specialty_origin='".$specialtyOrigin."',
49+
professional_area='".$professionalArea."',
50+
specialty_code='".$specialtyCode."',
51+
duration='".$duration."',
52+
start_date='".$startDate."',
53+
end_date='".$endDate."',
54+
full_itinerary_indicator='".$fullItineraryIndicator."',
55+
financing_type='".$financingType."',
56+
attendees_count='".$attendeesCount."',
57+
action_name='".$actionName."',
58+
global_info='".$globalInfo."',
59+
schedule='".$schedule."',
60+
requirements='".$requirements."',
61+
contact_action='".$contactAction."'
6262
WHERE id='".$actionId."';";
6363
} else {
6464
$sql = "INSERT INTO plugin_sepe_actions (
65-
action_origin,
66-
action_code,
67-
situation,
68-
specialty_origin,
69-
professional_area,
70-
specialty_code,
71-
duration,
72-
start_date,
73-
end_date,
74-
full_itinerary_indicator,
75-
financing_type,
76-
attendees_count,
77-
action_name,
78-
global_info,
79-
schedule,
80-
requirements,
65+
action_origin,
66+
action_code,
67+
situation,
68+
specialty_origin,
69+
professional_area,
70+
specialty_code,
71+
duration,
72+
start_date,
73+
end_date,
74+
full_itinerary_indicator,
75+
financing_type,
76+
attendees_count,
77+
action_name,
78+
global_info,
79+
schedule,
80+
requirements,
8181
contact_action
8282
) VALUES (
8383
'".$actionOrigin."',
@@ -145,8 +145,14 @@
145145
if (api_is_platform_admin()) {
146146
if (isset($_GET['new_action']) && intval($_GET['new_action']) == 1) {
147147
$info = [];
148-
$interbreadcrumb[] = ["url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')];
149-
$interbreadcrumb[] = ["url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')];
148+
$interbreadcrumb[] = [
149+
"url" => "/plugin/sepe/src/sepe-administration-menu.php",
150+
"name" => $plugin->get_lang('MenuSepe'),
151+
];
152+
$interbreadcrumb[] = [
153+
"url" => "formative-actions-list.php",
154+
"name" => $plugin->get_lang('FormativesActionsList'),
155+
];
150156
$templateName = $plugin->get_lang('formativeActionNew');
151157
$tpl = new Template($templateName);
152158
$yearStart = $yearEnd = date("Y");
@@ -155,9 +161,18 @@
155161
$tpl->assign('course_id', intval($_GET['cid']));
156162
} else {
157163
$courseId = getCourse($_GET['action_id']);
158-
$interbreadcrumb[] = ["url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')];
159-
$interbreadcrumb[] = ["url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')];
160-
$interbreadcrumb[] = ["url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')];
164+
$interbreadcrumb[] = [
165+
"url" => "/plugin/sepe/src/sepe-administration-menu.php",
166+
"name" => $plugin->get_lang('MenuSepe'),
167+
];
168+
$interbreadcrumb[] = [
169+
"url" => "formative-actions-list.php",
170+
"name" => $plugin->get_lang('FormativesActionsList'),
171+
];
172+
$interbreadcrumb[] = [
173+
"url" => "formative-action.php?cid=".$courseId,
174+
"name" => $plugin->get_lang('FormativeAction'),
175+
];
161176
$info = getActionInfo($_GET['action_id']);
162177
$templateName = $plugin->get_lang('formativeActionEdit');
163178
$tpl = new Template($templateName);

plugin/sepe/src/participant-specialty-edit.php

Lines changed: 30 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -44,19 +44,19 @@
4444
$endDate = $yearEnd."-".$monthEnd."-".$dayEnd;
4545

4646
if (isset($newSpecialty) && $newSpecialty != 1) {
47-
$sql = "UPDATE $tableSepeParticipantsSpecialty SET
48-
specialty_origin = '".$specialtyOrigin."',
49-
professional_area = '".$professionalArea."',
50-
specialty_code = '".$specialtyCode."',
51-
registration_date = '".$registrationDate."',
52-
leaving_date = '".$leavingDate."',
53-
center_origin = '".$centerOrigin."',
54-
center_code = '".$centerCode."',
55-
start_date = '".$startDate."',
56-
end_date = '".$endDate."',
57-
final_result = '".$finalResult."',
58-
final_qualification = '".$finalQualification."',
59-
final_score = '".$finalScore."'
47+
$sql = "UPDATE $tableSepeParticipantsSpecialty SET
48+
specialty_origin = '".$specialtyOrigin."',
49+
professional_area = '".$professionalArea."',
50+
specialty_code = '".$specialtyCode."',
51+
registration_date = '".$registrationDate."',
52+
leaving_date = '".$leavingDate."',
53+
center_origin = '".$centerOrigin."',
54+
center_code = '".$centerCode."',
55+
start_date = '".$startDate."',
56+
end_date = '".$endDate."',
57+
final_result = '".$finalResult."',
58+
final_qualification = '".$finalQualification."',
59+
final_score = '".$finalScore."'
6060
WHERE id = $specialtyId";
6161
} else {
6262
$sql = "INSERT INTO $tableSepeParticipantsSpecialty (
@@ -119,7 +119,7 @@
119119
);";
120120
} else {
121121
if ($finalResult == "1" || $finalResult == "2") {
122-
$sql = "UPDATE $tableSepeLogParticipant
122+
$sql = "UPDATE $tableSepeLogParticipant
123123
SET leaving_date = '".date("Y-m-d H:i:s")."'
124124
WHERE platform_user_id = '".$platformUserId."' AND action_id = '".$actionId."';";
125125
} else {
@@ -156,17 +156,27 @@
156156
}
157157

158158
if (api_is_platform_admin()) {
159-
$actionId = intval($_GET['action_id']);
159+
$actionId = (int) $_GET['action_id'];
160160
$courseId = getCourse($actionId);
161-
$interbreadcrumb[] = ["url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')];
161+
$participantId = (int) $_GET['participant_id'];
162+
$interbreadcrumb[] = [
163+
"url" => "/plugin/sepe/src/sepe-administration-menu.php",
164+
"name" => $plugin->get_lang('MenuSepe'),
165+
];
162166
$interbreadcrumb[] = ["url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')];
163-
$interbreadcrumb[] = ["url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')];
164-
$interbreadcrumb[] = ["url" => "participant-action-edit.php?new_participant=0&participant_id=".intval($_GET['participant_id'])."&action_id=".$_GET['action_id'], "name" => $plugin->get_lang('FormativeActionParticipant')];
167+
$interbreadcrumb[] = [
168+
"url" => "formative-action.php?cid=".$courseId,
169+
"name" => $plugin->get_lang('FormativeAction'),
170+
];
171+
$interbreadcrumb[] = [
172+
"url" => "participant-action-edit.php?new_participant=0&participant_id=".$participantId."&action_id=".$actionId,
173+
"name" => $plugin->get_lang('FormativeActionParticipant'),
174+
];
165175
if (isset($_GET['new_specialty']) && intval($_GET['new_specialty']) == 1) {
166176
$templateName = $plugin->get_lang('NewSpecialtyParticipant');
167177
$tpl = new Template($templateName);
168178
$tpl->assign('action_id', $actionId);
169-
$tpl->assign('participant_id', intval($_GET['participant_id']));
179+
$tpl->assign('participant_id', $participantId);
170180
$info = [];
171181
$tpl->assign('info', $info);
172182
$tpl->assign('new_specialty', '1');
@@ -177,7 +187,7 @@
177187
$tpl = new Template($templateName);
178188
$tpl->assign('action_id', $actionId);
179189
$tpl->assign('specialty_id', intval($_GET['specialty_id']));
180-
$tpl->assign('participant_id', intval($_GET['participant_id']));
190+
$tpl->assign('participant_id', $participantId);
181191
$info = getInfoSpecialtyParticipant($_GET['specialty_id']);
182192
$tpl->assign('info', $info);
183193
$tpl->assign('new_specialty', '0');

plugin/sepe/src/sepe.lib.php

Lines changed: 29 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
<?php
2+
23
/**
34
* Functions.
45
*
@@ -51,9 +52,9 @@ function checkIdentificationData()
5152
$result = Database::query($sql);
5253
if (Database::affected_rows($result) > 0) {
5354
return true;
54-
} else {
55-
return false;
5655
}
56+
57+
return false;
5758
}
5859

5960
function getActionId($courseId)
@@ -142,9 +143,9 @@ function getInfoSpecialtyClassroom($classroomId)
142143
global $tableSepeSpecialtyClassroom;
143144
global $tableCenters;
144145
$classroomId = (int) $classroomId;
145-
$sql = "SELECT a.*, center_origin, center_code
146-
FROM $tableSepeSpecialtyClassroom a
147-
LEFT JOIN $tableCenters b ON a.center_id = b.id
146+
$sql = "SELECT a.*, center_origin, center_code
147+
FROM $tableSepeSpecialtyClassroom a
148+
LEFT JOIN $tableCenters b ON a.center_id = b.id
148149
WHERE a.id = $classroomId";
149150
$res = Database::query($sql);
150151
$row = false;
@@ -163,7 +164,6 @@ function getInfoSpecialtyTutorial($tutorialId)
163164
$tutorialId = (int) $tutorialId;
164165
$sql = "SELECT * FROM $tableSepeParticipantsSpecialtyTutorials WHERE id = $tutorialId";
165166
$res = Database::query($sql);
166-
$aux = [];
167167
if (Database::num_rows($res) > 0) {
168168
$row = Database::fetch_assoc($res);
169169
} else {
@@ -235,8 +235,8 @@ function getTutorsSpecialty($specialtyId)
235235
while ($tmp = Database::fetch_assoc($rs)) {
236236
$tutorsList[] = $tmp['tutor_id'];
237237
}
238-
$sql = "SELECT a.*, b.firstname AS firstname, b.lastname AS lastname
239-
FROM $tableSepeTutors AS a
238+
$sql = "SELECT a.*, b.firstname AS firstname, b.lastname AS lastname
239+
FROM $tableSepeTutors AS a
240240
LEFT JOIN $tableUser AS b ON a.platform_user_id=b.user_id;";
241241
$res = Database::query($sql);
242242
$aux = [];
@@ -261,12 +261,11 @@ function getInfoSpecialtyTutor($tutorId)
261261
global $tableSepeSpecialtyTutors;
262262
global $tableSepeTutors;
263263
$tutorId = (int) $tutorId;
264-
$sql = "SELECT a.*,platform_user_id,document_type, document_number,document_letter
264+
$sql = "SELECT a.*,platform_user_id,document_type, document_number,document_letter
265265
FROM $tableSepeSpecialtyTutors a
266-
INNER JOIN $tableSepeTutors b ON a.tutor_id=b.id
266+
INNER JOIN $tableSepeTutors b ON a.tutor_id=b.id
267267
WHERE a.id = $tutorId;";
268268
$res = Database::query($sql);
269-
$aux = [];
270269
if (Database::num_rows($res) > 0) {
271270
$row['tutor_accreditation'] = Security::remove_XSS(stripslashes($row['tutor_accreditation']));
272271
$row['teaching_competence'] = Security::remove_XSS(stripslashes($row['teaching_competence']));
@@ -393,7 +392,7 @@ function participantList($actionId)
393392
global $tableUser;
394393
$actionId = (int) $actionId;
395394
$sql = "SELECT $tableSepeParticipants.id AS id, document_type, document_number, document_letter, firstname, lastname
396-
FROM $tableSepeParticipants
395+
FROM $tableSepeParticipants
397396
LEFT JOIN $tableUser ON $tableSepeParticipants.platform_user_id=$tableUser.user_id
398397
WHERE action_id = $actionId";
399398
$res = Database::query($sql);
@@ -434,8 +433,8 @@ function classroomList($specialtyId)
434433
global $tableCenters;
435434
$specialtyId = (int) $specialtyId;
436435
$sql = "SELECT a.*, center_origin, center_code
437-
FROM $tableSepeSpecialtyClassroom a
438-
LEFT JOIN $tableCenters b ON a.center_id=b.id
436+
FROM $tableSepeSpecialtyClassroom a
437+
LEFT JOIN $tableCenters b ON a.center_id=b.id
439438
WHERE specialty_id = $specialtyId";
440439
$res = Database::query($sql);
441440
$aux = [];
@@ -453,10 +452,10 @@ function tutorsList($specialtyId)
453452
global $tableUser;
454453
$specialtyId = (int) $specialtyId;
455454
$aux = [];
456-
$sql = "SELECT a.*,document_type,document_number,document_letter, firstname, lastname
457-
FROM $tableSepeSpecialtyTutors a
458-
INNER JOIN $tableSepeTutors b ON a.tutor_id=b.id
459-
LEFT JOIN $tableUser c ON b.platform_user_id=c.user_id
455+
$sql = "SELECT a.*,document_type,document_number,document_letter, firstname, lastname
456+
FROM $tableSepeSpecialtyTutors a
457+
INNER JOIN $tableSepeTutors b ON a.tutor_id=b.id
458+
LEFT JOIN $tableUser c ON b.platform_user_id=c.user_id
460459
WHERE a.specialty_id = $specialtyId";
461460
$res = Database::query($sql);
462461
while ($row = Database::fetch_assoc($res)) {
@@ -470,7 +469,7 @@ function getListSpecialtyTutorial($specialtyId)
470469
{
471470
global $tableSepeParticipantsSpecialtyTutorials;
472471
$specialtyId = (int) $specialtyId;
473-
$sql = "SELECT * FROM $tableSepeParticipantsSpecialtyTutorials
472+
$sql = "SELECT * FROM $tableSepeParticipantsSpecialtyTutorials
474473
WHERE participant_specialty_id = $specialtyId";
475474
$res = Database::query($sql);
476475
$aux = [];
@@ -489,9 +488,12 @@ function listCourseAction()
489488
global $tableSepeActions;
490489
global $tableSepeCourseActions;
491490

492-
$sql = "SELECT $tableSepeCourseActions.*, course.title AS title, $tableSepeActions.action_origin AS action_origin, $tableSepeActions.action_code AS action_code
493-
FROM $tableSepeCourseActions, course, $tableSepeActions
494-
WHERE $tableSepeCourseActions.course_id=course.id
491+
$sql = "SELECT
492+
$tableSepeCourseActions.*, course.title AS title,
493+
$tableSepeActions.action_origin AS action_origin,
494+
$tableSepeActions.action_code AS action_code
495+
FROM $tableSepeCourseActions, course, $tableSepeActions
496+
WHERE $tableSepeCourseActions.course_id=course.id
495497
AND $tableSepeActions.id=$tableSepeCourseActions.action_id";
496498
$res = Database::query($sql);
497499
$aux = [];
@@ -508,7 +510,7 @@ function listCourseFree()
508510
global $tableSepeCourseActions;
509511
$sql = "SELECT id, title FROM $tableCourse
510512
WHERE NOT EXISTS (
511-
SELECT * FROM $tableSepeCourseActions
513+
SELECT * FROM $tableSepeCourseActions
512514
WHERE $tableCourse.id = $tableSepeCourseActions.course_id)
513515
;";
514516
$res = Database::query($sql);
@@ -544,8 +546,8 @@ function getSpecialtyTutorId($specialtyId, $tutorId)
544546
$specialtyId = (int) $specialtyId;
545547
$tutorId = (int) $tutorId;
546548

547-
$sql = "SELECT id
548-
FROM $tableSepeSpecialtyTutors
549+
$sql = "SELECT id
550+
FROM $tableSepeSpecialtyTutors
549551
WHERE specialty_id = $specialtyId AND tutor_id = $tutorId";
550552
$res = Database::query($sql);
551553
$row = Database::fetch_assoc($res);
@@ -558,7 +560,8 @@ function checkInsertNewLog($platformUserId, $actionId)
558560
global $tableSepeLogParticipant;
559561
$platformUserId = (int) $platformUserId;
560562
$actionId = (int) $actionId;
561-
$sql = "SELECT * FROM $tableSepeLogParticipant WHERE platform_user_id = $platformUserId AND action_id = $actionId";
563+
$sql = "SELECT * FROM $tableSepeLogParticipant
564+
WHERE platform_user_id = $platformUserId AND action_id = $actionId";
562565
$res = Database::query($sql);
563566
if (Database::num_rows($res) > 0) {
564567
return false;

0 commit comments

Comments
 (0)