|
2 | 2 |
|
3 | 3 | /* For licensing terms, see /license.txt */ |
4 | 4 |
|
| 5 | +use Chamilo\CoreBundle\Component\HTMLPurifier\Filter\RemoveOnAttributes; |
5 | 6 | use Chamilo\CoreBundle\Entity\Course; |
6 | 7 | use Chamilo\CoreBundle\Entity\ExtraField; |
7 | 8 | use Chamilo\CoreBundle\Entity\Repository\SequenceResourceRepository; |
@@ -3066,7 +3067,10 @@ public static function create_category_session( |
3066 | 3067 | ) { |
3067 | 3068 | $tbl_session_category = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY); |
3068 | 3069 |
|
3069 | | - $name = Database::escape_string(trim($sname)); |
| 3070 | + $name = trim($sname); |
| 3071 | + $name = html_filter($name); |
| 3072 | + $name = RemoveOnAttributes::filter($name); |
| 3073 | + $name = Database::escape_string($name); |
3070 | 3074 |
|
3071 | 3075 | $year_start = intval($syear_start); |
3072 | 3076 | $month_start = intval($smonth_start); |
@@ -3150,7 +3154,9 @@ public static function edit_category_session( |
3150 | 3154 | $sday_end |
3151 | 3155 | ) { |
3152 | 3156 | $tbl_session_category = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY); |
3153 | | - $name = html_filter(trim($sname)); |
| 3157 | + $name = trim($sname); |
| 3158 | + $name = html_filter($name); |
| 3159 | + $name = RemoveOnAttributes::filter($name); |
3154 | 3160 | $year_start = intval($syear_start); |
3155 | 3161 | $month_start = intval($smonth_start); |
3156 | 3162 | $day_start = intval($sday_start); |
@@ -3463,7 +3469,12 @@ public static function get_all_session_category() |
3463 | 3469 | ORDER BY name ASC'; |
3464 | 3470 | $result = Database::query($sql); |
3465 | 3471 | if (Database::num_rows($result) > 0) { |
3466 | | - $data = Database::store_result($result, 'ASSOC'); |
| 3472 | + $data = []; |
| 3473 | + |
| 3474 | + while ($category = Database::fetch_assoc($result)) { |
| 3475 | + $category['name'] = Security::remove_XSS($category['name']); |
| 3476 | + $data[] = $category; |
| 3477 | + } |
3467 | 3478 |
|
3468 | 3479 | return $data; |
3469 | 3480 | } |
|
0 commit comments