Skip to content

Commit

Permalink
Blogs: fix URL cidReq added BT#18197
Browse files Browse the repository at this point in the history
  • Loading branch information
@jmontoyaa
jmontoyaa committed Dec 17, 2020
1 parent e7d09df commit 1ff4b21
Show file tree
Hide file tree
Showing 2 changed files with 147 additions and 85 deletions.
36 changes: 15 additions & 21 deletions main/blog/blog.php
View file
@@ -1,4 +1,5 @@
<?php

/* For licensing terms, see /license.txt */
/**
* BLOG HOMEPAGE
Expand Down Expand Up @@ -28,11 +29,6 @@
$MonthsLong = api_get_months_long();

$action = isset($_GET['action']) ? $_GET['action'] : null;

/*
PROCESSING
*/

$safe_post_file_comment = isset($_POST['post_file_comment']) ? Security::remove_XSS($_POST['post_file_comment']) : null;
$safe_comment_text = isset($_POST['comment_text']) ? Security::remove_XSS($_POST['comment_text']) : null;
$safe_comment_title = isset($_POST['comment_title']) ? Security::remove_XSS($_POST['comment_title']) : null;
Expand Down Expand Up @@ -134,26 +130,26 @@
Blog::unsubscribeUser($_GET['blog_id'], $_GET['user_id']);
}

if (isset($_GET['action']) && $_GET['action'] == 'manage_tasks') {
if (isset($_GET['do']) && $_GET['do'] == 'delete') {
if (isset($_GET['action']) && $_GET['action'] === 'manage_tasks') {
if (isset($_GET['do']) && $_GET['do'] === 'delete') {
Blog::deleteTask($blog_id, (int) $_GET['task_id']);
Display::addFlash(
Display::return_message(get_lang('TaskDeleted'), 'success')
);
}

if (isset($_GET['do']) && $_GET['do'] == 'delete_assignment') {
if (isset($_GET['do']) && $_GET['do'] === 'delete_assignment') {
Blog::deleteAssignedTask($blog_id, intval($_GET['task_id']), intval($_GET['user_id']));
Display::addFlash(
Display::return_message(get_lang('TaskAssignmentDeleted'), 'success')
);
}
}

if (isset($_GET['action']) && $_GET['action'] == 'view_post') {
if (isset($_GET['action']) && $_GET['action'] === 'view_post') {
$task_id = (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0;

if (isset($_GET['do']) && $_GET['do'] == 'delete_comment') {
if (isset($_GET['do']) && $_GET['do'] === 'delete_comment') {
if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_delete', $task_id)) {
Blog::deleteComment($blog_id, (int) $_GET['post_id'], (int) $_GET['comment_id']);
Display::addFlash(
Expand All @@ -166,7 +162,7 @@
}
}

if (isset($_GET['do']) && $_GET['do'] == 'delete_article') {
if (isset($_GET['do']) && $_GET['do'] === 'delete_article') {
if (api_is_allowed('BLOG_'.$blog_id, 'article_delete', $task_id)) {
Blog::deletePost($blog_id, (int) $_GET['article_id']);
$action = ''; // Article is gone, go to blog home
Expand All @@ -179,16 +175,16 @@
);
}
}
if (isset($_GET['do']) && $_GET['do'] == 'rate') {
if (isset($_GET['type']) && $_GET['type'] == 'post') {
if (isset($_GET['do']) && $_GET['do'] === 'rate') {
if (isset($_GET['type']) && $_GET['type'] === 'post') {
if (api_is_allowed('BLOG_'.$blog_id, 'article_rate')) {
Blog::addRating('post', $blog_id, (int) $_GET['post_id'], (int) $_GET['rating']);
Display::addFlash(
Display::return_message(get_lang('RatingAdded'), 'success')
);
}
}
if (isset($_GET['type']) && $_GET['type'] == 'comment') {
if (isset($_GET['type']) && $_GET['type'] === 'comment') {
if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_add')) {
Blog::addRating('comment', $blog_id, (int) $_GET['comment_id'], (int) $_GET['rating']);
Display::addFlash(
Expand Down Expand Up @@ -259,13 +255,11 @@
$titleBlog = Blog::getBlogTitle($blog_id);
$descriptionBlog = Blog::getBlogSubtitle($blog_id);
$idBlog = $blog_id;

$searchBlog = isset($_GET['q']) ? Security::remove_XSS($_GET['q']) : '';
//calendar blog
$month = isset($_GET['month']) ? (int) $_GET['month'] : (int) date('m');
$year = isset($_GET['year']) ? (int) $_GET['year'] : date('Y');
$calendarBlog = Blog::displayMiniMonthCalendar($month, $year, $blog_id);
//task blogs
$taskBlog = Blog::getPersonalTasksList();

if (isset($flag) && $flag == '1') {
Expand All @@ -274,7 +268,6 @@
}

$user_task = false;

$course_id = api_get_course_int_id();

if (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) {
Expand Down Expand Up @@ -307,6 +300,7 @@
$tpl->assign('calendar', $calendarBlog);
$tpl->assign('search', $searchBlog);
$tpl->assign('task', $taskBlog);
$tpl->assign('blog_url', $taskBlog);
$blogLayout = null;

switch ($action) {
Expand Down Expand Up @@ -367,19 +361,19 @@
case 'manage_tasks':
if (api_is_allowed('BLOG_'.$blog_id, 'task_management')) {
$task = null;
if (isset($_GET['do']) && $_GET['do'] == 'add') {
if (isset($_GET['do']) && $_GET['do'] === 'add') {
$task .= Blog::displayTaskCreateForm($blog_id);
}
if (isset($_GET['do']) && $_GET['do'] == 'assign') {
if (isset($_GET['do']) && $_GET['do'] === 'assign') {
$task .= Blog::displayTaskAssignmentForm($blog_id);
}
if (isset($_GET['do']) && $_GET['do'] == 'edit') {
if (isset($_GET['do']) && $_GET['do'] === 'edit') {
$task .= Blog::displayTaskEditForm(
$blog_id,
intval($_GET['task_id'])
);
}
if (isset($_GET['do']) && $_GET['do'] == 'edit_assignment') {
if (isset($_GET['do']) && $_GET['do'] === 'edit_assignment') {
$task .= Blog::displayAssignedTaskEditForm(
$blog_id,
intval($_GET['task_id']),
Expand Down

0 comments on commit 1ff4b21

Please sign in to comment.