Project

General

Profile

Download (17.5 KB)

Files » chamilo-1.8.8.6-vuln-8.patch

Julio Montoya, 08/03/2013 15:42

View differences:

main/announcements/announcements.php Thu Jul 19 22:44:03 2012 -0500 → main/announcements/announcements.php Fri Mar 08 15:26:31 2013 +0100
32 32 
	$_SESSION['id_session'] = intval($_GET['id_session']);
33 33 
}
34 34 

  		




  
  35
  
    
$origin = empty($_GET['origin']) ? '' : Security::remove_XSS($_GET['origin']);

  		




  
  36
  
    

  		




  35
  37
  
    
/* ACCESS RIGHTS */

  		




  36
  38
  
    
api_protect_course_script();

  		




  37
  39
  
    

  		




  ......




  255
  257
  
    
			}

  		




  256
  258
  
    
		}

  		




  257
  259
  
    
	}

  		




  258
  
  
    
	

  		




  
  260
  
    

  		




  259
  261
  
    
    //delete attachment file

  		




  260
  262
  
    
    if (isset($_GET['action']) && $_GET['action'] == 'delete') {

  		




  261
  263
  
    
        $id = $_GET['id_attach'];

  		




  262
  264
  
    
        AnnouncementManager::delete_announcement_attachment_file($id);

  		




  263
  
  
    
    }    

  		




  
  265
  
    
    }

  		




  264
  266
  
    

  		




  265
  267
  
    
	/*

  		




  266
  268
  
    
		Delete all announcements

  		




  ......




  278
  280
  
    
	/*

  		




  279
  281
  
    
		Modify announcement

  		




  280
  282
  
    
	*/

  		




  281
  
  
    
	

  		




  
  283
  
    

  		




  282
  284
  
    
	if (!empty($_GET['action']) and $_GET['action']=='modify' AND isset($_GET['id'])) {

  		




  283
  285
  
    
		if (api_get_session_id()!=0 && api_is_allowed_to_session_edit(false,true)==false) {

  		




  284
  286
  
    
			api_not_allowed();

  		




  ......




  295
  297
  
    
			$myrow  = Database::fetch_array($rs);

  		




  296
  298
  
    
			$last_id = $id;

  		




  297
  299
  
    
			$edit_attachment = AnnouncementManager::edit_announcement_attachment_file($last_id, $_FILES['user_upload'], $file_comment);

  		




  298
  
  
    
			

  		




  
  300
  
    

  		




  299
  301
  
    
			if ($myrow) {

  		




  300
  302
  
    
				$announcement_to_modify 	= $myrow['id'];

  		




  301
  303
  
    
				$content_to_modify 			= $myrow['content'];

  		




  ......




  415
  417
  
    
				    //store_resources($_SESSION['source_type'],$insert_id);

  		




  416
  418
  
    
				    $_SESSION['select_groupusers']="hide";

  		




  417
  419
  
    
				    $message = get_lang('AnnouncementAdded');

  		




  418
  
  
    
				

  		




  
  420
  
    

  		




  419
  421
  
    

  		




  420
  422
  
    
				/*		MAIL FUNCTION	*/

  		




  421
  423
  
    

  		




  ......




  500
  502
  
    
                            	$data_file = array('path' => $path_attach,'filename' => $filename_attach);

  		




  501
  503
  
    
                            }

  		




  502
  504
  
    
                            @api_mail_html($recipient_name, $mailid, stripslashes($emailSubject), $mail_body, $sender_name, $sender_email, null, $data_file, true);

  		




  503
  
  
    
                            

  		




  
  505
  
    

  		




  504
  506
  
    
							if ($_REQUEST['reminder']=="1") {

  		




  505
  507
  
    
								$time=getdate();

  		




  506
  508
  
    
								$time = $time['yday'];

  		




  ......




  666
  668
  
    
if ((api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) and (empty($_GET['origin']) or $_GET['origin'] !== 'learnpath')) {

  		




  667
  669
  
    
	echo '<div class="actions">';

  		




  668
  670
  
    
	if (isset($_GET['action']) && in_array($_GET['action'], array('add', 'modify','view'))) {

  		




  669
  
  
    
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('back.png',get_lang('Back'),'','32')."</a>";

  		




  
  671
  
    
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'': $origin)."'>".Display::return_icon('back.png',get_lang('Back'),'','32')."</a>";

  		




  670
  672
  
    
	} else {

  		




  671
  
  
    
	   echo "<a href='".api_get_self()."?".api_get_cidreq()."&action=add&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('new_announce.png',get_lang('AddAnnouncement'),'','32')."</a>";

  		




  
  673
  
    
	   echo "<a href='".api_get_self()."?".api_get_cidreq()."&action=add&origin=".(empty($_GET['origin'])?'': $origin)."'>".Display::return_icon('new_announce.png',get_lang('AddAnnouncement'),'','32')."</a>";

  		




  672
  674
  
    
	}

  		




  673
  675
  
    
	$show_actions = true;

  		




  674
  676
  
    
} else {

  		




  675
  677
  
    
    if (in_array($_GET['action'], array('view'))) {

  		




  676
  678
  
    
        echo '<div class="actions">';

  		




  677
  
  
    
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('back.png',get_lang('Back'),'','32')."</a>";    

  		




  
  679
  
    
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'': $origin)."'>".Display::return_icon('back.png',get_lang('Back'),'','32')."</a>";

  		




  678
  680
  
    
        echo '</div>';

  		




  679
  681
  
    
    }

  		




  680
  682
  
    
}

  		




  681
  683
  
    

  		




  682
  684
  
    
if (api_is_allowed_to_edit() && $announcement_number > 1) {

  		




  683
  685
  
    
	if (api_get_group_id() == 0 ) {

  		




  684
  
  
    
		if (!$show_actions) 

  		




  
  686
  
    
		if (!$show_actions)

  		




  685
  687
  
    
			echo '<div class="actions">';

  		




  686
  
  
    
			if (!in_array($_GET['action'], array('add', 'modify','view')))		    

  		




  687
  
  
    
                echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&action=delete_all\" onclick=\"javascript:if(!confirm('".get_lang("ConfirmYourChoice")."')) return false;\">".Display::return_icon('delete_announce.png',get_lang('AnnouncementDeleteAll'),'','32')."</a>";	

  		




  688
  
  
    
    	}	// if announcementNumber > 1    

  		




  
  688
  
    
			if (!in_array($_GET['action'], array('add', 'modify','view')))

  		




  
  689
  
    
                echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&action=delete_all\" onclick=\"javascript:if(!confirm('".get_lang("ConfirmYourChoice")."')) return false;\">".Display::return_icon('delete_announce.png',get_lang('AnnouncementDeleteAll'),'','32')."</a>";

  		




  
  690
  
    
    	}	// if announcementNumber > 1

  		




  689
  691
  
    
}

  		




  690
  692
  
    

  		




  691
  693
  
    
if ($show_actions)

  		




  ......




  834
  836
  
    
	$oFCKeditor->Value		= $content_to_modify;

  		




  835
  837
  
    

  		




  836
  838
  
    
	echo '<div class="row"><div class="formw">';

  		




  837
  
  
    
	

  		




  
  839
  
    

  		




  838
  840
  
    
	echo Display::display_normal_message(get_lang('Tags').' <br /><br />'.implode('<br />', AnnouncementManager::get_tags()), false);

  		




  839
  
  
    
			

  		




  
  841
  
    

  		




  840
  842
  
    
	echo $oFCKeditor->CreateHtml();

  		




  841
  843
  
    
	echo '</div></div>';

  		




  842
  844
  
    

  		




  ......




  863
  865
  
    
			    </table>

  		




  864
  866
  
    
			 </div>

  		




  865
  867
  
    
			</div>';

  		




  866
  
  
    
	

  		




  
  868
  
    

  		




  867
  869
  
    
	echo'<br />';

  		




  868
  870
  
    
	echo '<div class="row"><div class="formw">';

  		




  869
  
  
    
	

  		




  
  871
  
    

  		




  870
  872
  
    
	if (empty($_SESSION['toolgroup'])) {

  		




  871
  873
  
    
		echo '<input type="hidden" name="submitAnnouncement" value="OK">';

  		




  872
  874
  
    
		echo '<input type="hidden" name="sec_token" value="'.$stok.'" />';

  		




  ......




  1040
  1042
  
    
	$result		= Database::query($sql);

  		




  1041
  1043
  
    
	$num_rows 	= Database::num_rows($result);

  		




  1042
  1044
  
    

  		




  1043
  
  
    
    // DISPLAY: NO ITEMS 

  		




  
  1045
  
    
    // DISPLAY: NO ITEMS

  		




  1044
  1046
  
    

  		




  1045
  1047
  
    
	if (!isset($_GET['action']) || !in_array($_GET['action'], array('add', 'modify','view')))

  		




  1046
  1048
  
    
	if ($num_rows == 0) {

  		




  1047
  1049
  
    
		Display::display_warning_message(get_lang('NoAnnouncements'));

  		




  1048
  
  
    
	} else {    

  		




  
  1050
  
    
	} else {

  		




  1049
  1051
  
    
    	$iterator = 1;

  		




  1050
  1052
  
    
    	$bottomAnnouncement = $announcement_number;

  		




  1051
  
  
    
    

  		




  
  1053
  
    

  		




  1052
  1054
  
    
    	echo '<table width="100%" class="data_table">';

  		




  1053
  
  
    
    	

  		




  
  1055
  
    

  		




  1054
  1056
  
    
        $ths = Display::tag('th', get_lang('Title'));

  		




  1055
  
  
    
        //$ths .= Display::tag('th', get_lang('Content'));        

  		




  
  1057
  
    
        //$ths .= Display::tag('th', get_lang('Content'));

  		




  1056
  1058
  
    
        $ths .= Display::tag('th', get_lang('By') );

  		




  1057
  
  
    
        //$ths .= Display::tag('th', get_lang('AnnouncementPublishedOn') );    

  		




  
  1059
  
    
        //$ths .= Display::tag('th', get_lang('AnnouncementPublishedOn') );

  		




  1058
  1060
  
    
        $ths .= Display::tag('th', get_lang('LastUpdateDate') );

  		




  1059
  
  
    
        if (api_is_allowed_to_edit(false,true) OR (api_is_course_coach() && api_is_element_in_the_session(TOOL_ANNOUNCEMENT,$myrow['id']))         

  		




  
  1061
  
    
        if (api_is_allowed_to_edit(false,true) OR (api_is_course_coach() && api_is_element_in_the_session(TOOL_ANNOUNCEMENT,$myrow['id']))

  		




  1060
  1062
  
    
                 OR (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) {

  		




  1061
  1063
  
    
            //$ths .= Display::tag('th', get_lang('SentTo'));

  		




  1062
  1064
  
    
            $ths .= Display::tag('th', get_lang('Modify'));

  		




  1063
  1065
  
    
        }

  		




  1064
  
  
    
        

  		




  1065
  
  
    
    	echo Display::tag('tr', $ths);    

  		




  1066
  
  
    
    	$displayed = array();    

  		




  1067
  
  
    
    	

  		




  1068
  
  
    
    	while ($myrow = Database::fetch_array($result, 'ASSOC')) {    

  		




  
  1066
  
    

  		




  
  1067
  
    
    	echo Display::tag('tr', $ths);

  		




  
  1068
  
    
    	$displayed = array();

  		




  
  1069
  
    

  		




  
  1070
  
    
    	while ($myrow = Database::fetch_array($result, 'ASSOC')) {

  		




  1069
  1071
  
    
    		if (!in_array($myrow['id'], $displayed)) {

  		




  1070
  1072
  
    
    		    $sent_to_icon = '';

  		




  1071
  1073
  
    
		       // the email icon

  		




  1072
  1074
  
    
                if ($myrow['email_sent'] == '1') {

  		




  1073
  1075
  
    
                    $sent_to_icon = ' '.Display::return_icon('email.gif', get_lang('AnnounceSentByEmail'));

  		




  1074
  1076
  
    
                }

  		




  1075
  
  
    
                

  		




  
  1077
  
    

  		




  1076
  1078
  
    
    			$title		 = $myrow['title'].$sent_to_icon;

  		




  1077
  1079
  
    
    			//$content	 = $myrow['content'];

  		




  1078
  
  
    
    

  		




  1079
  
  
    
    

  		




  1080
  
  
    
    			/* DATE */    

  		




  1081
  
  
    
    			$last_post_datetime = $myrow['end_date'];    

  		




  1082
  
  
    
    		

  		




  
  1080
  
    

  		




  
  1081
  
    

  		




  
  1082
  
    
    			/* DATE */

  		




  
  1083
  
    
    			$last_post_datetime = $myrow['end_date'];

  		




  
  1084
  
    

  		




  1083
  1085
  
    
    			// the styles

  		




  1084
  1086
  
    
    			if ($myrow['visibility'] == '0') {

  		




  1085
  1087
  
    
    				$style='invisible';

  		




  1086
  1088
  
    
    			} else {

  		




  1087
  1089
  
    
    				$style = '';

  		




  1088
  1090
  
    
    			}

  		




  1089
  
  
    
    

  		




  
  1091
  
    

  		




  1090
  1092
  
    
    			echo "<tr>";

  		




  1091
  
  
    
    			

  		




  
  1093
  
    

  		




  1092
  1094
  
    
    		    // show attachment list

  		




  1093
  1095
  
    
                $attachment_list = array();

  		




  1094
  1096
  
    
                $attachment_list = AnnouncementManager::get_attachment($myrow['id']);

  		




  1095
  
  
    
                

  		




  1096
  
  
    
                

  		




  
  1097
  
    

  		




  
  1098
  
    

  		




  1097
  1099
  
    
                $attachment = '';

  		




  1098
  1100
  
    
                $attachment_icon = '';

  		




  1099
  1101
  
    
                if (count($attachment_list)>0) {

  		




  1100
  
  
    
                    $attachment_icon = ' '.Display::return_icon('attachment.gif',get_lang('Attachment'));                    

  		




  
  1102
  
    
                    $attachment_icon = ' '.Display::return_icon('attachment.gif',get_lang('Attachment'));

  		




  1101
  1103
  
    
                }

  		




  1102
  
  
    
                

  		




  
  1104
  
    

  		




  1103
  1105
  
    
                /* TITLE */

  		




  1104
  1106
  
    
    		    $title = Display::url($title.$attachment_icon, '?action=view&id='.$myrow['id']);

  		




  1105
  
  
    
                echo Display::tag('td', Security::remove_XSS($title), array('class' => $style));                

  		




  1106
  
  
    
                //echo Display::tag('td', Security::remove_XSS($content).$attachment);    		

  		




  1107
  
  
    
                	

  		




  1108
  
  
    
                $user_info		= api_get_user_info($myrow['insert_user_id']);    						

  		




  
  1107
  
    
                echo Display::tag('td', Security::remove_XSS($title), array('class' => $style));

  		




  
  1108
  
    
                //echo Display::tag('td', Security::remove_XSS($content).$attachment);

  		




  
  1109
  
    

  		




  
  1110
  
    
                $user_info		= api_get_user_info($myrow['insert_user_id']);

  		




  1109
  1111
  
    
    			echo Display::tag('td', api_get_person_name($user_info['firstName'], $user_info['lastName']));

  		




  1110
  
  
    
                echo Display::tag('td', api_convert_and_format_date($myrow['insert_date'], DATE_TIME_FORMAT_LONG));                			

  		




  
  1112
  
    
                echo Display::tag('td', api_convert_and_format_date($myrow['insert_date'], DATE_TIME_FORMAT_LONG));

  		




  1111
  1113
  
    

  		




  1112
  1114
  
    
    			// we can edit if : we are the teacher OR the element belongs to the session we are coaching OR the option to allow users to edit is on

  		




  1113
  1115
  
    
    			$modify_icons = '';

  		




  1114
  
  
    
    			if (api_is_allowed_to_edit(false,true) OR (api_is_course_coach() && api_is_element_in_the_session(TOOL_ANNOUNCEMENT, $myrow['id'])) 

  		




  
  1116
  
    
    			if (api_is_allowed_to_edit(false,true) OR (api_is_course_coach() && api_is_element_in_the_session(TOOL_ANNOUNCEMENT, $myrow['id']))

  		




  1115
  1117
  
    
    			     OR (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) {

  		




  1116
  
  
    
    

  		




  
  1118
  
    

  		




  1117
  1119
  
    
    				$modify_icons = "<a href=\"".api_get_self()."?".api_get_cidreq()."&action=modify&id=".$myrow['id']."\">".Display::return_icon('edit.png', get_lang('Edit'),'',22)."</a>";

  		




  1118
  1120
  
    
    				if ($myrow['visibility']==1) {

  		




  1119
  1121
  
    
    					$image_visibility="visible";

  		




  ......




  1121
  1123
  
    
    				} else {

  		




  1122
  1124
  
    
    					$image_visibility="invisible";

  		




  1123
  1125
  
    
    					$alt_visibility=get_lang('Visible');

  		




  1124
  
  
    
    				}    

  		




  1125
  
  
    
    				$modify_icons .=  "<a href=\"".api_get_self()."?".api_get_cidreq()."&origin=".(!empty($_GET['origin'])?Security::remove_XSS($_GET['origin']):'')."&action=showhide&id=".$myrow['id']."&sec_token=".$stok."\">".

  		




  
  1126
  
    
    				}

  		




  
  1127
  
    
    				$modify_icons .=  "<a href=\"".api_get_self()."?".api_get_cidreq()."&origin=".(!empty($_GET['origin'])? $origin :'')."&action=showhide&id=".$myrow['id']."&sec_token=".$stok."\">".

  		




  1126
  1128
  
    
    						Display::return_icon($image_visibility.'.png', $alt_visibility,'',22)."</a>";

  		




  1127
  
  
    
    

  		




  
  1129
  
    

  		




  1128
  1130
  
    
    				// DISPLAY MOVE UP COMMAND only if it is not the top announcement

  		




  1129
  1131
  
    
    				if ($iterator != 1) {

  		




  1130
  1132
  
    
    					$modify_icons .= "<a href=\"".api_get_self()."?".api_get_cidreq()."&up=".$myrow["id"]."&sec_token=".$stok."\">".Display::return_icon('up.gif', get_lang('Up'))."</a>";

  		




  1131
  1133
  
    
    				} else {

  		




  1132
  1134
  
    
    				    $modify_icons .= Display::return_icon('up_na.gif', get_lang('Up'));

  		




  1133
  
  
    
    				}    

  		




  
  1135
  
    
    				}

  		




  1134
  1136
  
    
    				if ($iterator < $bottomAnnouncement) {

  		




  1135
  1137
  
    
    					$modify_icons .= "<a href=\"".api_get_self()."?".api_get_cidreq()."&down=".$myrow["id"]."&sec_token=".$stok."\">".Display::return_icon('down.gif', get_lang('Down'))."</a>";

  		




  1136
  1138
  
    
    				} else {

  		




  1137
  1139
  
    
    				    $modify_icons .= Display::return_icon('down_na.gif', get_lang('Down'));

  		




  1138
  1140
  
    
    				}

  		




  1139
  
  
    
    				    

  		




  
  1141
  
    

  		




  1140
  1142
  
    
    			    if (api_is_allowed_to_edit(false,true)) {

  		




  1141
  1143
  
    
                        $modify_icons .= "<a href=\"".api_get_self()."?".api_get_cidreq()."&action=delete&id=".$myrow['id']."&sec_token=".$stok."\" onclick=\"javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'),ENT_QUOTES,$charset))."')) return false;\">".

  		




  1142
  1144
  
    
                            Display::return_icon('delete.png', get_lang('Delete'),'',22).

  		




  1143
  1145
  
    
                            "</a>";

  		




  1144
  
  
    
                    }    	 

  		




  
  1146
  
    
                    }

  		




  1145
  1147
  
    
    				$iterator ++;

  		




  1146
  1148
  
    
    				echo Display::tag('td', $modify_icons);

  		




  1147
  1149
  
    
    			}

  		












  

    
        main/blog/blog.php	Thu Jul 19 22:44:03 2012 -0500 →
      main/blog/blog.php	Fri Mar 08 15:26:31 2013 +0100
    
  





  10
  10
  
    
 */

  		




  11
  11
  
    
// name of the language file that needs to be included

  		




  12
  12
  
    
$language_file = "blog";

  		




  
  13
  
    
require_once '../inc/global.inc.php';

  		




  
  14
  
    

  		




  13
  15
  
    
$blog_id = intval($_GET['blog_id']);

  		




  14
  16
  
    

  		




  15
  
  
    
require_once '../inc/global.inc.php';

  		




  
  17
  
    
if (empty($blog_id)) {

  		




  
  18
  
    
    api_not_allowed(true);

  		




  
  19
  
    
}

  		




  
  20
  
    

  		




  16
  21
  
    
$this_section=SECTION_COURSES;

  		




  17
  22
  
    

  		




  18
  23
  
    

  		




  ......




  289
  294
  
    
					<form action="blog.php" method="get" enctype="multipart/form-data">

  		




  290
  295
  
    
						<input type="hidden" name="blog_id" value="<?php echo $blog_id ?>" />

  		




  291
  296
  
    
						<input type="hidden" name="action" value="view_search_result" />

  		




  292
  
  
    
						<input type="text" size="20" name="q" value="<?php echo (isset($_GET['q']) ? $_GET['q'] : ''); ?>" /><button class="search" type="submit"><?php echo get_lang('Search'); ?></button>

  		




  
  297
  
    
						<input type="text" size="20" name="q" value="<?php echo (isset($_GET['q']) ? Security::remove_XSS($_GET['q']) : ''); ?>" /><button class="search" type="submit"><?php echo get_lang('Search'); ?></button>

  		




  293
  298
  
    
					</form>

  		




  294
  299
  
    
				</td>

  		




  295
  300
  
    
			</tr>

  		












  

    
        main/chat/chat.php	Thu Jul 19 22:44:03 2012 -0500 →
      main/chat/chat.php	Fri Mar 08 15:26:31 2013 +0100
    
  





  20
  20
  
    
} else {

  		




  21
  21
  
    
	$origin = $_SESSION['origin'];

  		




  22
  22
  
    
	$target = $_SESSION['target'];

  		




  23
  
  
    
	$_SESSION['origin']=$_GET["origin"];

  		




  24
  
  
    
	$_SESSION['target']=$_GET["target"];

  		




  
  23
  
    
	$_SESSION['origin']= Security::remove_XSS($_GET["origin"]);

  		




  
  24
  
    
	$_SESSION['target']= Security::remove_XSS($_GET["target"]);

  		




  25
  25
  
    
}

  		




  26
  26
  
    

  		




  27
  27
  
    
/*  TRACKING */

  		












  

    
        main/chat/chat_chat.php	Thu Jul 19 22:44:03 2012 -0500 →
      main/chat/chat_chat.php	Fri Mar 08 15:26:31 2013 +0100
    
  





  73
  73
  
    
	} else {

  		




  74
  74
  
    
		$filename_chat = 'messages-'.$date_now.'.log.html';

  		




  75
  75
  
    
	}

  		




  76
  
  
    
	

  		




  
  76
  
    

  		




  77
  77
  
    
	if (!file_exists($chat_path.$filename_chat)) {

  		




  78
  78
  
    
		@fclose(fopen($chat_path.$filename_chat, 'w'));

  		




  79
  79
  
    
		if (!api_is_anonymous()) {

  		




  ......




  114
  114
  
    

  		




  115
  115
  
    
		update_existing_document($_course, $doc_id, 0);

  		




  116
  116
  
    
	}

  		




  117
  
  
    
	

  		




  
  117
  
    

  		




  118
  118
  
    
	$remove = 0;

  		




  119
  119
  
    
	$content = array();

  		




  120
  120
  
    
	if (file_exists($chat_path.$basename_chat.'.log.html')) {

  		




  ......




  153
  153
  
    
	if ($isMaster || $is_courseCoach) {

  		




  154
  154
  
    
		$rand = mt_rand(1, 1000);

  		




  155
  155
  
    
		echo '<div style="margin-left: 5px;">';

  		




  156
  
  
    
		echo '<a href="'.api_get_self().'?rand='.$rand.'&reset=1&cidReq='.$_GET['cidReq'].'#bottom" onclick="javascript: if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmReset'), ENT_QUOTES)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('ClearList')).' '.get_lang('ClearList').'</a>';

  		




  
  156
  
    
		echo '<a href="'.api_get_self().'?rand='.$rand.'&reset=1&'.api_get_cidreq().'#bottom" onclick="javascript: if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmReset'), ENT_QUOTES)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('ClearList')).' '.get_lang('ClearList').'</a>';

  		




  157
  157
  
    
		echo '</div>';

  		




  158
  158
  
    
	}

  		




  159
  159
  
    
} else {

  		












  

    
        main/chat/chat_hidden.php	Thu Jul 19 22:44:03 2012 -0500 →
      main/chat/chat_hidden.php	Fri Mar 08 15:26:31 2013 +0100
    
  





  113
  113
  
    
}

  		




  114
  114
  
    
?>

  		




  115
  115
  
    

  		




  116
  
  
    
<form name="formHidden" method="post" action="<?php echo api_get_self().'?cidReq='.$_GET['cidReq']; ?>">

  		




  
  116
  
    
<form name="formHidden" method="post" action="<?php echo api_get_self().'?'.api_get_cidreq(); ?>">

  		




  117
  117
  
    
<input type="hidden" name="chat_size_old" value="<?php echo $chat_size_new; ?>">

  		




  118
  118
  
    
<input type="hidden" name="connected_old" value="<?php echo $connected_new; ?>">

  		




  119
  119
  
    
</form>

  		












  

    
        main/chat/chat_message.php	Thu Jul 19 22:44:03 2012 -0500 →
      main/chat/chat_message.php	Fri Mar 08 15:26:31 2013 +0100
    
  





  169
  169
  
    
	$emoticon_img204  = '<img src="'.api_get_path(WEB_IMG_PATH).'smileys/flag_red_small.gif" alt="'.get_lang('Stop').'" title="'.get_lang('Stop').'" />';

  		




  170
  170
  
    

  		




  171
  171
  
    
	if ($sent) {

  		




  172
  
  
    
		$message = trim(htmlspecialchars(stripslashes($_POST['message']), ENT_QUOTES, $charset));

  		




  
  172
  
    
		$message = Security::remove_XSS(trim(htmlspecialchars(stripslashes($_POST['message']), ENT_QUOTES, $charset)));

  		




  173
  173
  
    
		$message = str_replace($emoticon_text1, $emoticon_img1, $message);

  		




  174
  174
  
    
		$message = str_replace($emoticon_text2, $emoticon_img2, $message);

  		




  175
  175
  
    
		$message = str_replace($emoticon_text3, $emoticon_img3, $message);

  		












  

    
        main/chat/header_frame.inc.php	Thu Jul 19 22:44:03 2012 -0500 →
      main/chat/header_frame.inc.php	Fri Mar 08 15:26:31 2013 +0100
    
  





  66
  66
  
    
{

  		




  67
  67
  
    
	if ('<?php echo $chat_size_old; ?>' != '<?php echo $chat_size_new; ?>')

  		




  68
  68
  
    
	{

  		




  69
  
  
    
		parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size_new.'&cidReq='.$_GET['cidReq']; ?>#bottom';

  		




  
  69
  
    
		parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size_new.'&'.api_get_cidreq(); ?>#bottom';

  		




  70
  70
  
    
	}

  		




  71
  71
  
    
}

  		




  72
  72
  
    

  		




  ......




  87
  87
  
    
{

  		




  88
  88
  
    
	<?php if($chat_size): ?>

  		




  89
  89
  
    
	parent.chat_hidden.document.formHidden.chat_size_old.value='<?php echo $chat_size; ?>';

  		




  90
  
  
    
	parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size.'&cidReq='.$_GET['cidReq']; ?>#bottom';

  		




  
  90
  
    
	parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size.'&'.api_get_cidreq(); ?>#bottom';

  		




  91
  91
  
    
	<?php endif; ?>

  		




  92
  92
  
    

  		




  93
  93
  
    
	document.formMessage.message.focus();

  		















  
    (1-1/1)