Skip to content
Browse files

Merge branch 'MDL-26158'

  • Loading branch information...
2 parents 3e6d0ac + 2c1aa96 commit 299a3e70813f5a520e3339ca767bd06a5ea8636f Sam Hemelryk committed Jan 31, 2011
Showing with 16 additions and 17 deletions.
  1. +9 −5 message/lib.php
  2. +2 −1 message/search.html
  3. +5 −11 message/search_advanced.html
View
14 message/lib.php
@@ -140,7 +140,7 @@ function message_print_participants($context, $courseid, $contactselecturl=null,
$countparticipants = count_enrolled_users($context);
$participants = get_enrolled_users($context, '', 0, 'u.*', '', $page*MESSAGE_CONTACTS_PER_PAGE, MESSAGE_CONTACTS_PER_PAGE);
-
+
$pagingbar = new paging_bar($countparticipants, $page, MESSAGE_CONTACTS_PER_PAGE, $PAGE->url, 'page');
echo $OUTPUT->render($pagingbar);
@@ -527,7 +527,11 @@ function message_print_search($advancedsearch = false, $user1=null) {
$doingsearch = false;
if ($frm) {
- $doingsearch = !empty($frm->combinedsubmit) || !empty($frm->keywords) || (!empty($frm->personsubmit) and !empty($frm->name));
+ if (confirm_sesskey()) {
+ $doingsearch = !empty($frm->combinedsubmit) || !empty($frm->keywords) || (!empty($frm->personsubmit) and !empty($frm->name));
+ } else {
+ $frm = false;
+ }
}
if (!empty($frm->combinedsearch)) {
@@ -1568,7 +1572,7 @@ function message_post_message($userfrom, $userto, $message, $format, $messagetyp
$eventdata->fullmessage = $message;
$eventdata->fullmessagehtml = '';
}
-
+
$eventdata->fullmessageformat = $format;
$eventdata->smallmessage = strip_tags($message);//strip just in case there are is any html that would break the popup notification
@@ -1583,7 +1587,7 @@ function message_post_message($userfrom, $userto, $message, $format, $messagetyp
if (!empty($eventdata->fullmessagehtml)) {
$eventdata->fullmessagehtml .= "<br /><br />---------------------------------------------------------------------<br />".$emailtagline;
}
-
+
$eventdata->timecreated = time();
return message_send($eventdata);
}
@@ -1769,7 +1773,7 @@ function message_mark_messages_read($touserid, $fromuserid){
*/
function message_mark_message_read($message, $timeread, $messageworkingempty=false) {
global $DB;
-
+
$message->timeread = $timeread;
$messageid = $message->id;
View
3 message/search.html
@@ -3,7 +3,8 @@
<table cellpadding="5" class="message_form">
<tr>
<td colspan="3" class="message_heading mdl-left">
- <input type="text" name="combinedsearch" size="40" id="combinedsearch" value="<?php echo $combinedsearchstring; ?>" />
+ <input type="hidden" name="sesskey" value="<?php p(sesskey()); ?>" />
+ <input type="text" name="combinedsearch" size="40" id="combinedsearch" value="<?php p($combinedsearchstring); ?>" />
<input type="submit" name="combinedsubmit" value="<?php print_string('searchcombined','message') ?>" />
<a href="index.php?usergroup=<?php echo VIEW_SEARCH ?>&advanced=1" id="advancedcontactsearchlink"><?php print_string('advanced') ?></a>
</td>
View
16 message/search_advanced.html
@@ -9,13 +9,15 @@
</tr>
<tr>
<td><label for="name"><?php print_string('name') ?></label></td>
- <td><input type="text" name="name" size="40" id="name" value="<? echo $personsearch ?>" /></td>
+ <td><input type="text" name="name" size="40" id="name" value="<?php p($personsearch) ?>" /></td>
<td><input type="submit" name="personsubmit" value="<?php print_string('searchforperson','message') ?>" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td colspan="2">
- <input type="checkbox" name="mycourses" id="mycourses" /><label for="mycourses"><?php print_string('onlymycourses', 'message') ?></label></td>
+ <input type="checkbox" name="mycourses" id="mycourses" /><label for="mycourses"><?php print_string('onlymycourses', 'message') ?></label>
+ <input type="hidden" name="sesskey" value="<?php p(sesskey()); ?>" />
+ </td>
</tr>
<tr><td colspan="3"></td></tr>
@@ -26,7 +28,7 @@
</tr>
<tr>
<td><label for="keywords"><?php print_string('keywords', 'message') ?></label></td>
- <td><input type="text" name="keywords" id="keywords" size="40" value="<? echo $messagesearch ?>" /></td>
+ <td><input type="text" name="keywords" id="keywords" size="40" value="<?php p($messagesearch) ?>" /></td>
<td><input type="submit" name="keywordssubmit" value="<?php print_string('searchmessages','message') ?>" /></td>
</tr>
@@ -44,14 +46,6 @@
<tr><td>&nbsp;</td><td colspan="2"><input type="radio" name="keywordsoption" id="keywordsoption4" value="allusers" /><label for="keywordsoption4"><?php print_string('allusers', 'message') ?></label></td></tr>
<?php } ?>
-<?php
-/* Potential abuse problems - temporarily disabled
- echo '<tr><td colspan="3"><input type="radio" name="keywordsoption" alt="'.get_string('allstudents', 'message').'" value="courseusers" />'.get_string('allstudents', 'message').'<br />&nbsp;&nbsp;&nbsp;'.$cs.'; </td></tr>';
-
-*/
-
-?>
-
</table>
</div>

0 comments on commit 299a3e7

Please sign in to comment.
Something went wrong with that request. Please try again.