Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

MDL-26158 fix form printing and processing

  • Loading branch information...
commit 31da70cce4a63d962466c20e693dc18536874823 1 parent 8cdc85a
Petr Skoda skodak authored
14 message/lib.php
@@ -140,7 +140,7 @@ function message_print_participants($context, $courseid, $contactselecturl=null,
140 140
141 141 $countparticipants = count_enrolled_users($context);
142 142 $participants = get_enrolled_users($context, '', 0, 'u.*', '', $page*MESSAGE_CONTACTS_PER_PAGE, MESSAGE_CONTACTS_PER_PAGE);
143   -
  143 +
144 144 $pagingbar = new paging_bar($countparticipants, $page, MESSAGE_CONTACTS_PER_PAGE, $PAGE->url, 'page');
145 145 echo $OUTPUT->render($pagingbar);
146 146
@@ -527,7 +527,11 @@ function message_print_search($advancedsearch = false, $user1=null) {
527 527
528 528 $doingsearch = false;
529 529 if ($frm) {
530   - $doingsearch = !empty($frm->combinedsubmit) || !empty($frm->keywords) || (!empty($frm->personsubmit) and !empty($frm->name));
  530 + if (confirm_sesskey()) {
  531 + $doingsearch = !empty($frm->combinedsubmit) || !empty($frm->keywords) || (!empty($frm->personsubmit) and !empty($frm->name));
  532 + } else {
  533 + $frm = false;
  534 + }
531 535 }
532 536
533 537 if (!empty($frm->combinedsearch)) {
@@ -1568,7 +1572,7 @@ function message_post_message($userfrom, $userto, $message, $format, $messagetyp
1568 1572 $eventdata->fullmessage = $message;
1569 1573 $eventdata->fullmessagehtml = '';
1570 1574 }
1571   -
  1575 +
1572 1576 $eventdata->fullmessageformat = $format;
1573 1577 $eventdata->smallmessage = strip_tags($message);//strip just in case there are is any html that would break the popup notification
1574 1578
@@ -1583,7 +1587,7 @@ function message_post_message($userfrom, $userto, $message, $format, $messagetyp
1583 1587 if (!empty($eventdata->fullmessagehtml)) {
1584 1588 $eventdata->fullmessagehtml .= "<br /><br />---------------------------------------------------------------------<br />".$emailtagline;
1585 1589 }
1586   -
  1590 +
1587 1591 $eventdata->timecreated = time();
1588 1592 return message_send($eventdata);
1589 1593 }
@@ -1769,7 +1773,7 @@ function message_mark_messages_read($touserid, $fromuserid){
1769 1773 */
1770 1774 function message_mark_message_read($message, $timeread, $messageworkingempty=false) {
1771 1775 global $DB;
1772   -
  1776 +
1773 1777 $message->timeread = $timeread;
1774 1778
1775 1779 $messageid = $message->id;
3  message/search.html
@@ -3,7 +3,8 @@
3 3 <table cellpadding="5" class="message_form">
4 4 <tr>
5 5 <td colspan="3" class="message_heading mdl-left">
6   - <input type="text" name="combinedsearch" size="40" id="combinedsearch" value="<?php echo $combinedsearchstring; ?>" />
  6 + <input type="hidden" name="sesskey" value="<?php p(sesskey()); ?>" />
  7 + <input type="text" name="combinedsearch" size="40" id="combinedsearch" value="<?php p($combinedsearchstring); ?>" />
7 8 <input type="submit" name="combinedsubmit" value="<?php print_string('searchcombined','message') ?>" />
8 9 <a href="index.php?usergroup=<?php echo VIEW_SEARCH ?>&advanced=1" id="advancedcontactsearchlink"><?php print_string('advanced') ?></a>
9 10 </td>
13 message/search_advanced.html
@@ -9,13 +9,14 @@
9 9 </tr>
10 10 <tr>
11 11 <td><label for="name"><?php print_string('name') ?></label></td>
12   - <td><input type="text" name="name" size="40" id="name" value="<? echo $personsearch ?>" /></td>
  12 + <td><input type="text" name="name" size="40" id="name" value="<?php p($personsearch) ?>" /></td>
13 13 <td><input type="submit" name="personsubmit" value="<?php print_string('searchforperson','message') ?>" /></td>
14 14 </tr>
15 15 <tr>
16 16 <td>&nbsp;</td>
17 17 <td colspan="2">
18 18 <input type="checkbox" name="mycourses" id="mycourses" /><label for="mycourses"><?php print_string('onlymycourses', 'message') ?></label></td>
  19 + <input type="hidden" name="sesskey" value="<?php p(sesskey()); ?>" />
19 20 </tr>
20 21
21 22 <tr><td colspan="3"></td></tr>
@@ -26,7 +27,7 @@
26 27 </tr>
27 28 <tr>
28 29 <td><label for="keywords"><?php print_string('keywords', 'message') ?></label></td>
29   - <td><input type="text" name="keywords" id="keywords" size="40" value="<? echo $messagesearch ?>" /></td>
  30 + <td><input type="text" name="keywords" id="keywords" size="40" value="<?php p($messagesearch) ?>" /></td>
30 31 <td><input type="submit" name="keywordssubmit" value="<?php print_string('searchmessages','message') ?>" /></td>
31 32 </tr>
32 33
@@ -44,14 +45,6 @@
44 45 <tr><td>&nbsp;</td><td colspan="2"><input type="radio" name="keywordsoption" id="keywordsoption4" value="allusers" /><label for="keywordsoption4"><?php print_string('allusers', 'message') ?></label></td></tr>
45 46 <?php } ?>
46 47
47   -<?php
48   -/* Potential abuse problems - temporarily disabled
49   - echo '<tr><td colspan="3"><input type="radio" name="keywordsoption" alt="'.get_string('allstudents', 'message').'" value="courseusers" />'.get_string('allstudents', 'message').'<br />&nbsp;&nbsp;&nbsp;'.$cs.'; </td></tr>';
50   -
51   -*/
52   -
53   -?>
54   -
55 48 </table>
56 49 </div>
57 50

0 comments on commit 31da70c

Please sign in to comment.
Something went wrong with that request. Please try again.