Project

General

Profile

Files » chamilo-1.8.8.6-vuln-8.patch

Julio Montoya, 08/03/2013 15:42

View differences:

main/announcements/announcements.php Thu Jul 19 22:44:03 2012 -0500 → main/announcements/announcements.php Fri Mar 08 15:26:31 2013 +0100
32 32
	$_SESSION['id_session'] = intval($_GET['id_session']);
33 33
}
34 34

  
35
$origin = empty($_GET['origin']) ? '' : Security::remove_XSS($_GET['origin']);
36

  
35 37
/* ACCESS RIGHTS */
36 38
api_protect_course_script();
37 39

  
......
255 257
			}
256 258
		}
257 259
	}
258
	
260

  
259 261
    //delete attachment file
260 262
    if (isset($_GET['action']) && $_GET['action'] == 'delete') {
261 263
        $id = $_GET['id_attach'];
262 264
        AnnouncementManager::delete_announcement_attachment_file($id);
263
    }    
265
    }
264 266

  
265 267
	/*
266 268
		Delete all announcements
......
278 280
	/*
279 281
		Modify announcement
280 282
	*/
281
	
283

  
282 284
	if (!empty($_GET['action']) and $_GET['action']=='modify' AND isset($_GET['id'])) {
283 285
		if (api_get_session_id()!=0 && api_is_allowed_to_session_edit(false,true)==false) {
284 286
			api_not_allowed();
......
295 297
			$myrow  = Database::fetch_array($rs);
296 298
			$last_id = $id;
297 299
			$edit_attachment = AnnouncementManager::edit_announcement_attachment_file($last_id, $_FILES['user_upload'], $file_comment);
298
			
300

  
299 301
			if ($myrow) {
300 302
				$announcement_to_modify 	= $myrow['id'];
301 303
				$content_to_modify 			= $myrow['content'];
......
415 417
				    //store_resources($_SESSION['source_type'],$insert_id);
416 418
				    $_SESSION['select_groupusers']="hide";
417 419
				    $message = get_lang('AnnouncementAdded');
418
				
420

  
419 421

  
420 422
				/*		MAIL FUNCTION	*/
421 423

  
......
500 502
                            	$data_file = array('path' => $path_attach,'filename' => $filename_attach);
501 503
                            }
502 504
                            @api_mail_html($recipient_name, $mailid, stripslashes($emailSubject), $mail_body, $sender_name, $sender_email, null, $data_file, true);
503
                            
505

  
504 506
							if ($_REQUEST['reminder']=="1") {
505 507
								$time=getdate();
506 508
								$time = $time['yday'];
......
666 668
if ((api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) and (empty($_GET['origin']) or $_GET['origin'] !== 'learnpath')) {
667 669
	echo '<div class="actions">';
668 670
	if (isset($_GET['action']) && in_array($_GET['action'], array('add', 'modify','view'))) {
669
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('back.png',get_lang('Back'),'','32')."</a>";
671
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'': $origin)."'>".Display::return_icon('back.png',get_lang('Back'),'','32')."</a>";
670 672
	} else {
671
	   echo "<a href='".api_get_self()."?".api_get_cidreq()."&action=add&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('new_announce.png',get_lang('AddAnnouncement'),'','32')."</a>";
673
	   echo "<a href='".api_get_self()."?".api_get_cidreq()."&action=add&origin=".(empty($_GET['origin'])?'': $origin)."'>".Display::return_icon('new_announce.png',get_lang('AddAnnouncement'),'','32')."</a>";
672 674
	}
673 675
	$show_actions = true;
674 676
} else {
675 677
    if (in_array($_GET['action'], array('view'))) {
676 678
        echo '<div class="actions">';
677
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('back.png',get_lang('Back'),'','32')."</a>";    
679
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'': $origin)."'>".Display::return_icon('back.png',get_lang('Back'),'','32')."</a>";
678 680
        echo '</div>';
679 681
    }
680 682
}
681 683

  
682 684
if (api_is_allowed_to_edit() && $announcement_number > 1) {
683 685
	if (api_get_group_id() == 0 ) {
684
		if (!$show_actions) 
686
		if (!$show_actions)
685 687
			echo '<div class="actions">';
686
			if (!in_array($_GET['action'], array('add', 'modify','view')))		    
687
                echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&action=delete_all\" onclick=\"javascript:if(!confirm('".get_lang("ConfirmYourChoice")."')) return false;\">".Display::return_icon('delete_announce.png',get_lang('AnnouncementDeleteAll'),'','32')."</a>";	
688
    	}	// if announcementNumber > 1    
688
			if (!in_array($_GET['action'], array('add', 'modify','view')))
689
                echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&action=delete_all\" onclick=\"javascript:if(!confirm('".get_lang("ConfirmYourChoice")."')) return false;\">".Display::return_icon('delete_announce.png',get_lang('AnnouncementDeleteAll'),'','32')."</a>";
690
    	}	// if announcementNumber > 1
689 691
}
690 692

  
691 693
if ($show_actions)
......
834 836
	$oFCKeditor->Value		= $content_to_modify;
835 837

  
836 838
	echo '<div class="row"><div class="formw">';
837
	
839

  
838 840
	echo Display::display_normal_message(get_lang('Tags').' <br /><br />'.implode('<br />', AnnouncementManager::get_tags()), false);
839
			
841

  
840 842
	echo $oFCKeditor->CreateHtml();
841 843
	echo '</div></div>';
842 844

  
......
863 865
			    </table>
864 866
			 </div>
865 867
			</div>';
866
	
868

  
867 869
	echo'<br />';
868 870
	echo '<div class="row"><div class="formw">';
869
	
871

  
870 872
	if (empty($_SESSION['toolgroup'])) {
871 873
		echo '<input type="hidden" name="submitAnnouncement" value="OK">';
872 874
		echo '<input type="hidden" name="sec_token" value="'.$stok.'" />';
......
1040 1042
	$result		= Database::query($sql);
1041 1043
	$num_rows 	= Database::num_rows($result);
1042 1044

  
1043
    // DISPLAY: NO ITEMS 
1045
    // DISPLAY: NO ITEMS
1044 1046

  
1045 1047
	if (!isset($_GET['action']) || !in_array($_GET['action'], array('add', 'modify','view')))
1046 1048
	if ($num_rows == 0) {
1047 1049
		Display::display_warning_message(get_lang('NoAnnouncements'));
1048
	} else {    
1050
	} else {
1049 1051
    	$iterator = 1;
1050 1052
    	$bottomAnnouncement = $announcement_number;
1051
    
1053

  
1052 1054
    	echo '<table width="100%" class="data_table">';
1053
    	
1055

  
1054 1056
        $ths = Display::tag('th', get_lang('Title'));
1055
        //$ths .= Display::tag('th', get_lang('Content'));        
1057
        //$ths .= Display::tag('th', get_lang('Content'));
1056 1058
        $ths .= Display::tag('th', get_lang('By') );
1057
        //$ths .= Display::tag('th', get_lang('AnnouncementPublishedOn') );    
1059
        //$ths .= Display::tag('th', get_lang('AnnouncementPublishedOn') );
1058 1060
        $ths .= Display::tag('th', get_lang('LastUpdateDate') );
1059
        if (api_is_allowed_to_edit(false,true) OR (api_is_course_coach() && api_is_element_in_the_session(TOOL_ANNOUNCEMENT,$myrow['id']))         
1061
        if (api_is_allowed_to_edit(false,true) OR (api_is_course_coach() && api_is_element_in_the_session(TOOL_ANNOUNCEMENT,$myrow['id']))
1060 1062
                 OR (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) {
1061 1063
            //$ths .= Display::tag('th', get_lang('SentTo'));
1062 1064
            $ths .= Display::tag('th', get_lang('Modify'));
1063 1065
        }
1064
        
1065
    	echo Display::tag('tr', $ths);    
1066
    	$displayed = array();    
1067
    	
1068
    	while ($myrow = Database::fetch_array($result, 'ASSOC')) {    
1066

  
1067
    	echo Display::tag('tr', $ths);
1068
    	$displayed = array();
1069

  
1070
    	while ($myrow = Database::fetch_array($result, 'ASSOC')) {
1069 1071
    		if (!in_array($myrow['id'], $displayed)) {
1070 1072
    		    $sent_to_icon = '';
1071 1073
		       // the email icon
1072 1074
                if ($myrow['email_sent'] == '1') {
1073 1075
                    $sent_to_icon = ' '.Display::return_icon('email.gif', get_lang('AnnounceSentByEmail'));
1074 1076
                }
1075
                
1077

  
1076 1078
    			$title		 = $myrow['title'].$sent_to_icon;
1077 1079
    			//$content	 = $myrow['content'];
1078
    
1079
    
1080
    			/* DATE */    
1081
    			$last_post_datetime = $myrow['end_date'];    
1082
    		
1080

  
1081

  
1082
    			/* DATE */
1083
    			$last_post_datetime = $myrow['end_date'];
1084

  
1083 1085
    			// the styles
1084 1086
    			if ($myrow['visibility'] == '0') {
1085 1087
    				$style='invisible';
1086 1088
    			} else {
1087 1089
    				$style = '';
1088 1090
    			}
1089
    
1091

  
1090 1092
    			echo "<tr>";
1091
    			
1093

  
1092 1094
    		    // show attachment list
1093 1095
                $attachment_list = array();
1094 1096
                $attachment_list = AnnouncementManager::get_attachment($myrow['id']);
1095
                
1096
                
1097

  
1098

  
1097 1099
                $attachment = '';
1098 1100
                $attachment_icon = '';
1099 1101
                if (count($attachment_list)>0) {
1100
                    $attachment_icon = ' '.Display::return_icon('attachment.gif',get_lang('Attachment'));                    
1102
                    $attachment_icon = ' '.Display::return_icon('attachment.gif',get_lang('Attachment'));
1101 1103
                }
1102
                
1104

  
1103 1105
                /* TITLE */
1104 1106
    		    $title = Display::url($title.$attachment_icon, '?action=view&id='.$myrow['id']);
1105
                echo Display::tag('td', Security::remove_XSS($title), array('class' => $style));                
1106
                //echo Display::tag('td', Security::remove_XSS($content).$attachment);    		
1107
                	
1108
                $user_info		= api_get_user_info($myrow['insert_user_id']);    						
1107
                echo Display::tag('td', Security::remove_XSS($title), array('class' => $style));
1108
                //echo Display::tag('td', Security::remove_XSS($content).$attachment);
1109

  
1110
                $user_info		= api_get_user_info($myrow['insert_user_id']);
1109 1111
    			echo Display::tag('td', api_get_person_name($user_info['firstName'], $user_info['lastName']));
1110
                echo Display::tag('td', api_convert_and_format_date($myrow['insert_date'], DATE_TIME_FORMAT_LONG));                			
1112
                echo Display::tag('td', api_convert_and_format_date($myrow['insert_date'], DATE_TIME_FORMAT_LONG));
1111 1113

  
1112 1114
    			// we can edit if : we are the teacher OR the element belongs to the session we are coaching OR the option to allow users to edit is on
1113 1115
    			$modify_icons = '';
1114
    			if (api_is_allowed_to_edit(false,true) OR (api_is_course_coach() && api_is_element_in_the_session(TOOL_ANNOUNCEMENT, $myrow['id'])) 
1116
    			if (api_is_allowed_to_edit(false,true) OR (api_is_course_coach() && api_is_element_in_the_session(TOOL_ANNOUNCEMENT, $myrow['id']))
1115 1117
    			     OR (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) {
1116
    
1118

  
1117 1119
    				$modify_icons = "<a href=\"".api_get_self()."?".api_get_cidreq()."&action=modify&id=".$myrow['id']."\">".Display::return_icon('edit.png', get_lang('Edit'),'',22)."</a>";
1118 1120
    				if ($myrow['visibility']==1) {
1119 1121
    					$image_visibility="visible";
......
1121 1123
    				} else {
1122 1124
    					$image_visibility="invisible";
1123 1125
    					$alt_visibility=get_lang('Visible');
1124
    				}    
1125
    				$modify_icons .=  "<a href=\"".api_get_self()."?".api_get_cidreq()."&origin=".(!empty($_GET['origin'])?Security::remove_XSS($_GET['origin']):'')."&action=showhide&id=".$myrow['id']."&sec_token=".$stok."\">".
1126
    				}
1127
    				$modify_icons .=  "<a href=\"".api_get_self()."?".api_get_cidreq()."&origin=".(!empty($_GET['origin'])? $origin :'')."&action=showhide&id=".$myrow['id']."&sec_token=".$stok."\">".
1126 1128
    						Display::return_icon($image_visibility.'.png', $alt_visibility,'',22)."</a>";
1127
    
1129

  
1128 1130
    				// DISPLAY MOVE UP COMMAND only if it is not the top announcement
1129 1131
    				if ($iterator != 1) {
1130 1132
    					$modify_icons .= "<a href=\"".api_get_self()."?".api_get_cidreq()."&up=".$myrow["id"]."&sec_token=".$stok."\">".Display::return_icon('up.gif', get_lang('Up'))."</a>";
1131 1133
    				} else {
1132 1134
    				    $modify_icons .= Display::return_icon('up_na.gif', get_lang('Up'));
1133
    				}    
1135
    				}
1134 1136
    				if ($iterator < $bottomAnnouncement) {
1135 1137
    					$modify_icons .= "<a href=\"".api_get_self()."?".api_get_cidreq()."&down=".$myrow["id"]."&sec_token=".$stok."\">".Display::return_icon('down.gif', get_lang('Down'))."</a>";
1136 1138
    				} else {
1137 1139
    				    $modify_icons .= Display::return_icon('down_na.gif', get_lang('Down'));
1138 1140
    				}
1139
    				    
1141

  
1140 1142
    			    if (api_is_allowed_to_edit(false,true)) {
1141 1143
                        $modify_icons .= "<a href=\"".api_get_self()."?".api_get_cidreq()."&action=delete&id=".$myrow['id']."&sec_token=".$stok."\" onclick=\"javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'),ENT_QUOTES,$charset))."')) return false;\">".
1142 1144
                            Display::return_icon('delete.png', get_lang('Delete'),'',22).
1143 1145
                            "</a>";
1144
                    }    	 
1146
                    }
1145 1147
    				$iterator ++;
1146 1148
    				echo Display::tag('td', $modify_icons);
1147 1149
    			}
main/blog/blog.php Thu Jul 19 22:44:03 2012 -0500 → main/blog/blog.php Fri Mar 08 15:26:31 2013 +0100
10 10
 */
11 11
// name of the language file that needs to be included
12 12
$language_file = "blog";
13
require_once '../inc/global.inc.php';
14

  
13 15
$blog_id = intval($_GET['blog_id']);
14 16

  
15
require_once '../inc/global.inc.php';
17
if (empty($blog_id)) {
18
    api_not_allowed(true);
19
}
20

  
16 21
$this_section=SECTION_COURSES;
17 22

  
18 23

  
......
289 294
					<form action="blog.php" method="get" enctype="multipart/form-data">
290 295
						<input type="hidden" name="blog_id" value="<?php echo $blog_id ?>" />
291 296
						<input type="hidden" name="action" value="view_search_result" />
292
						<input type="text" size="20" name="q" value="<?php echo (isset($_GET['q']) ? $_GET['q'] : ''); ?>" /><button class="search" type="submit"><?php echo get_lang('Search'); ?></button>
297
						<input type="text" size="20" name="q" value="<?php echo (isset($_GET['q']) ? Security::remove_XSS($_GET['q']) : ''); ?>" /><button class="search" type="submit"><?php echo get_lang('Search'); ?></button>
293 298
					</form>
294 299
				</td>
295 300
			</tr>
main/chat/chat.php Thu Jul 19 22:44:03 2012 -0500 → main/chat/chat.php Fri Mar 08 15:26:31 2013 +0100
20 20
} else {
21 21
	$origin = $_SESSION['origin'];
22 22
	$target = $_SESSION['target'];
23
	$_SESSION['origin']=$_GET["origin"];
24
	$_SESSION['target']=$_GET["target"];
23
	$_SESSION['origin']= Security::remove_XSS($_GET["origin"]);
24
	$_SESSION['target']= Security::remove_XSS($_GET["target"]);
25 25
}
26 26

  
27 27
/*  TRACKING */
main/chat/chat_chat.php Thu Jul 19 22:44:03 2012 -0500 → main/chat/chat_chat.php Fri Mar 08 15:26:31 2013 +0100
73 73
	} else {
74 74
		$filename_chat = 'messages-'.$date_now.'.log.html';
75 75
	}
76
	
76

  
77 77
	if (!file_exists($chat_path.$filename_chat)) {
78 78
		@fclose(fopen($chat_path.$filename_chat, 'w'));
79 79
		if (!api_is_anonymous()) {
......
114 114

  
115 115
		update_existing_document($_course, $doc_id, 0);
116 116
	}
117
	
117

  
118 118
	$remove = 0;
119 119
	$content = array();
120 120
	if (file_exists($chat_path.$basename_chat.'.log.html')) {
......
153 153
	if ($isMaster || $is_courseCoach) {
154 154
		$rand = mt_rand(1, 1000);
155 155
		echo '<div style="margin-left: 5px;">';
156
		echo '<a href="'.api_get_self().'?rand='.$rand.'&reset=1&cidReq='.$_GET['cidReq'].'#bottom" onclick="javascript: if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmReset'), ENT_QUOTES)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('ClearList')).' '.get_lang('ClearList').'</a>';
156
		echo '<a href="'.api_get_self().'?rand='.$rand.'&reset=1&'.api_get_cidreq().'#bottom" onclick="javascript: if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmReset'), ENT_QUOTES)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('ClearList')).' '.get_lang('ClearList').'</a>';
157 157
		echo '</div>';
158 158
	}
159 159
} else {
main/chat/chat_hidden.php Thu Jul 19 22:44:03 2012 -0500 → main/chat/chat_hidden.php Fri Mar 08 15:26:31 2013 +0100
113 113
}
114 114
?>
115 115

  
116
<form name="formHidden" method="post" action="<?php echo api_get_self().'?cidReq='.$_GET['cidReq']; ?>">
116
<form name="formHidden" method="post" action="<?php echo api_get_self().'?'.api_get_cidreq(); ?>">
117 117
<input type="hidden" name="chat_size_old" value="<?php echo $chat_size_new; ?>">
118 118
<input type="hidden" name="connected_old" value="<?php echo $connected_new; ?>">
119 119
</form>
main/chat/chat_message.php Thu Jul 19 22:44:03 2012 -0500 → main/chat/chat_message.php Fri Mar 08 15:26:31 2013 +0100
169 169
	$emoticon_img204  = '<img src="'.api_get_path(WEB_IMG_PATH).'smileys/flag_red_small.gif" alt="'.get_lang('Stop').'" title="'.get_lang('Stop').'" />';
170 170

  
171 171
	if ($sent) {
172
		$message = trim(htmlspecialchars(stripslashes($_POST['message']), ENT_QUOTES, $charset));
172
		$message = Security::remove_XSS(trim(htmlspecialchars(stripslashes($_POST['message']), ENT_QUOTES, $charset)));
173 173
		$message = str_replace($emoticon_text1, $emoticon_img1, $message);
174 174
		$message = str_replace($emoticon_text2, $emoticon_img2, $message);
175 175
		$message = str_replace($emoticon_text3, $emoticon_img3, $message);
main/chat/header_frame.inc.php Thu Jul 19 22:44:03 2012 -0500 → main/chat/header_frame.inc.php Fri Mar 08 15:26:31 2013 +0100
66 66
{
67 67
	if ('<?php echo $chat_size_old; ?>' != '<?php echo $chat_size_new; ?>')
68 68
	{
69
		parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size_new.'&cidReq='.$_GET['cidReq']; ?>#bottom';
69
		parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size_new.'&'.api_get_cidreq(); ?>#bottom';
70 70
	}
71 71
}
72 72

  
......
87 87
{
88 88
	<?php if($chat_size): ?>
89 89
	parent.chat_hidden.document.formHidden.chat_size_old.value='<?php echo $chat_size; ?>';
90
	parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size.'&cidReq='.$_GET['cidReq']; ?>#bottom';
90
	parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size.'&'.api_get_cidreq(); ?>#bottom';
91 91
	<?php endif; ?>
92 92

  
93 93
	document.formMessage.message.focus();
    (1-1/1)