Issues in blog.php (1.11.x) - Issues in 1.11.x - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2029)

main/blog/blog.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Angel Fernando Quiroz Campos 1

<?php

/* For licensing terms, see /license.txt */
/**
 * BLOG HOMEPAGE
 * This file takes care of all blog navigation and displaying.
 */
require_once __DIR__.'/../inc/global.inc.php';

$blog_id = isset($_GET['blog_id']) ? (int) $_GET['blog_id'] : 0;

if (empty($blog_id)) {
    api_not_allowed(true);
}

$this_section = SECTION_COURSES;
$current_course_tool = TOOL_BLOGS;

/* 	ACCESS RIGHTS */
// notice for unauthorized people.
api_protect_course_script(true);

$lib_path = api_get_path(LIBRARY_PATH);
$blog_table_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT);

$nameTools = get_lang('Blogs');
$DaysShort = api_get_week_days_short();
$DaysLong = api_get_week_days_long();
$MonthsLong = api_get_months_long();

$action = isset($_GET['action']) ? $_GET['action'] : null;
$safe_post_file_comment = isset($_POST['post_file_comment']) ? Security::remove_XSS($_POST['post_file_comment']) : null;
$safe_comment_text = isset($_POST['comment_text']) ? Security::remove_XSS($_POST['comment_text']) : null;
$safe_comment_title = isset($_POST['comment_title']) ? Security::remove_XSS($_POST['comment_title']) : null;
$safe_task_name = isset($_POST['task_name']) ? Security::remove_XSS($_POST['task_name']) : null;
$safe_task_description = isset($_POST['task_description']) ? Security::remove_XSS($_POST['task_description']) : null;

if (!empty($_POST['edit_post_submit'])) {
    Blog::editPost(
        $_POST['post_id'],
        $_POST['title'],
        $_POST['full_text'],
        $blog_id
    );
    Display::addFlash(
        Display::return_message(get_lang('BlogEdited'), 'success')
    );
}

if (!empty($_POST['new_task_submit'])) {
    Blog::addTask(
        $blog_id,
        $safe_task_name,
        $safe_task_description,
        (isset($_POST['chkArticleDelete']) ? $_POST['chkArticleDelete'] : null),
        (isset($_POST['chkArticleEdit']) ? $_POST['chkArticleEdit'] : null),
        (isset($_POST['chkCommentsDelete']) ? $_POST['chkCommentsDelete'] : null),
        (isset($_POST['task_color']) ? $_POST['task_color'] : null)
    );

    Display::addFlash(
        Display::return_message(get_lang('TaskCreated'), 'success')
    );
}

if (isset($_POST['edit_task_submit'])) {
    Blog::editTask(
        $_POST['blog_id'],
        $_POST['task_id'],
        $safe_task_name,
        $safe_task_description,
        $_POST['chkArticleDelete'],
        $_POST['chkArticleEdit'],
        $_POST['chkCommentsDelete'],
        $_POST['task_color']
    );
    Display::addFlash(
        Display::return_message(get_lang('TaskEdited'), 'success')
    );
}

if (!empty($_POST['assign_task_submit'])) {
    Blog::assignTask(
        $blog_id,
        $_POST['task_user_id'],
        $_POST['task_task_id'],
        $_POST['task_day']
    );
    Display::addFlash(
        Display::return_message(get_lang('TaskAssigned'), 'success')
    );
}

if (isset($_POST['assign_task_edit_submit'])) {
    Blog::updateAssignedTask(
        $blog_id,
        $_POST['task_user_id'],
        $_POST['task_task_id'],
        $_POST['task_day'],
        $_POST['old_user_id'],
        $_POST['old_task_id'],
        $_POST['old_target_date']
    );
    Display::addFlash(
        Display::return_message(get_lang('AssignedTaskEdited'), 'success')
    );
}
if (!empty($_POST['register'])) {
    if (isset($_POST['user']) && is_array($_POST['user'])) {
        foreach ($_POST['user'] as $index => $user_id) {
            Blog::subscribeUser((int) $_GET['blog_id'], $user_id);
        }
    }
}
if (!empty($_POST['unregister'])) {
    if (isset($_POST['user']) && is_array($_POST['user'])) {
        foreach ($_POST['user'] as $index => $user_id) {
            Blog::unsubscribeUser($_GET['blog_id'], $user_id);
        }
    }
}
if (!empty($_GET['register'])) {
    Blog::subscribeUser((int) $_GET['blog_id'], (int) $_GET['user_id']);
    Display::addFlash(
        Display::return_message(get_lang('UserRegistered'), 'success')
    );
    $flag = 1;
}
if (!empty($_GET['unregister'])) {
    Blog::unsubscribeUser($_GET['blog_id'], $_GET['user_id']);
}

if (isset($_GET['action']) && $_GET['action'] === 'manage_tasks') {
    if (isset($_GET['do']) && $_GET['do'] === 'delete') {
        Blog::deleteTask($blog_id, (int) $_GET['task_id']);
        Display::addFlash(
            Display::return_message(get_lang('TaskDeleted'), 'success')
        );
    }

    if (isset($_GET['do']) && $_GET['do'] === 'delete_assignment') {
        Blog::deleteAssignedTask($blog_id, intval($_GET['task_id']), intval($_GET['user_id']));
        Display::addFlash(
            Display::return_message(get_lang('TaskAssignmentDeleted'), 'success')
        );
    }
}

if (isset($_GET['action']) && $_GET['action'] === 'view_post') {
    $task_id = (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0;

    if (isset($_GET['do']) && $_GET['do'] === 'delete_comment') {
        if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_delete', $task_id)) {
            Blog::deleteComment($blog_id, (int) $_GET['post_id'], (int) $_GET['comment_id']);
            Display::addFlash(
                Display::return_message(get_lang('CommentDeleted'), 'success')
            );
        } else {
            Display::addFlash(
                Display::return_message(get_lang('ActionNotAllowed'), 'error')
            );
        }
    }

    if (isset($_GET['do']) && $_GET['do'] === 'delete_article') {
        if (api_is_allowed('BLOG_'.$blog_id, 'article_delete', $task_id)) {
            Blog::deletePost($blog_id, (int) $_GET['article_id']);
            $action = ''; // Article is gone, go to blog home
            Display::addFlash(
                Display::return_message(get_lang('BlogDeleted'), 'success')
            );
        } else {
            Display::addFlash(
                Display::return_message(get_lang('ActionNotAllowed'), 'error')
            );
        }
    }
    if (isset($_GET['do']) && $_GET['do'] === 'rate') {
        if (isset($_GET['type']) && $_GET['type'] === 'post') {
            if (api_is_allowed('BLOG_'.$blog_id, 'article_rate')) {
                Blog::addRating('post', $blog_id, (int) $_GET['post_id'], (int) $_GET['rating']);
                Display::addFlash(
                    Display::return_message(get_lang('RatingAdded'), 'success')
                );
            }
        }
        if (isset($_GET['type']) && $_GET['type'] === 'comment') {
            if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_add')) {
                Blog::addRating('comment', $blog_id, (int) $_GET['comment_id'], (int) $_GET['rating']);
                Display::addFlash(
                    Display::return_message(get_lang('RatingAdded'), 'success')
                );
            }
        }
    }
}
/*
    DISPLAY
*/

// Set breadcrumb
switch ($action) {
    case 'new_post':
        $nameTools = get_lang('NewPost');
        break;
    case 'view_post':
        $nameTools = '';
        break;
    case 'manage_tasks':
        $nameTools = get_lang('TaskManager');
        break;
    case 'manage_members':
        $nameTools = get_lang('MemberManager');
        break;
    case 'manage_rights':
        $nameTools = get_lang('RightsManager');
        break;
    case 'view_search_result':
        $nameTools = get_lang('SearchResults');
        break;
    case 'execute_task':
        $nameTools = get_lang('ExecuteThisTask');
        break;
    default:
        $nameTools = Blog::getBlogTitle($blog_id);
}
$interbreadcrumb[] = [
    'url' => "blog.php?blog_id=$blog_id&".api_get_cidreq(),
    'name' => Blog::getBlogTitle($blog_id),
];

$actionsLeft = Display::url(
    Display::return_icon('blog.png', get_lang('Home'), '', ICON_SIZE_MEDIUM),
    api_get_self().'?blog_id='.$blog_id.'&'.api_get_cidreq()
);
if (api_is_allowed('BLOG_'.$blog_id, 'article_add')) {
    $actionsLeft .= Display::url(
        Display::return_icon('new_article.png', get_lang('NewPost'), '', ICON_SIZE_MEDIUM),
        api_get_self().'?action=new_post&blog_id='.$blog_id.'&'.api_get_cidreq()
    );
}
if (api_is_allowed('BLOG_'.$blog_id, 'task_management')) {
    $actionsLeft .= Display::url(
        Display::return_icon('blog_tasks.png', get_lang('TaskManager'), '', ICON_SIZE_MEDIUM),
        api_get_self().'?action=manage_tasks&blog_id='.$blog_id.'&'.api_get_cidreq()
    );
}
if (api_is_allowed('BLOG_'.$blog_id, 'member_management')) {
    $actionsLeft .= Display::url(
        Display::return_icon('blog_admin_users.png', get_lang('MemberManager'), '', ICON_SIZE_MEDIUM),
        api_get_self().'?action=manage_members&blog_id='.$blog_id.'&'.api_get_cidreq()
    );
}

$titleBlog = Blog::getBlogTitle($blog_id);
$descriptionBlog = Blog::getBlogSubtitle($blog_id);
$idBlog = $blog_id;
$searchBlog = isset($_GET['q']) ? Security::remove_XSS($_GET['q']) : '';
//calendar blog
$month = isset($_GET['month']) ? (int) $_GET['month'] : (int) date('m');
$year = isset($_GET['year']) ? (int) $_GET['year'] : date('Y');
$calendarBlog = Blog::displayMiniMonthCalendar($month, $year, $blog_id);
$taskBlog = Blog::getPersonalTasksList();

if (isset($flag) && $flag == '1') {
    $action = "manage_tasks";
    Blog::displayTaskAssignmentForm($blog_id);
}

$user_task = false;
$course_id = api_get_course_int_id();

if (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) {
    $task_id = (int) $_GET['task_id'];
} else {
    $task_id = 0;
    $tbl_blogs_tasks_rel_user = Database::get_course_table(TABLE_BLOGS_TASKS_REL_USER);

    $sql = "SELECT COUNT(*) as number
			FROM ".$tbl_blogs_tasks_rel_user."
			WHERE
			    c_id = $course_id AND
				blog_id = ".$blog_id." AND
				user_id = ".api_get_user_id()." AND
				task_id = ".$task_id;

    $result = Database::query($sql);
    $row = Database::fetch_array($result);

    if ($row['number'] == 1) {
        $user_task = true;
    }
}

$tpl = new Template($nameTools);
$tpl->setHelp('Blogs');
$tpl->assign('title', $titleBlog);
$tpl->assign('description', $descriptionBlog);
$tpl->assign('id_blog', $idBlog);
$tpl->assign('calendar', $calendarBlog);
$tpl->assign('search', $searchBlog);
$tpl->assign('task', $taskBlog);
$tpl->assign('blog_url', $taskBlog);
$blogLayout = null;

switch ($action) {
    case 'new_post':
        $formAdd = '';
        if (api_is_allowed('BLOG_'.$blog_id, 'article_add', $user_task ? $task_id : 0)) {
            $formAdd = Blog::displayPostCreateForm($blog_id);
            $tpl->assign('content', $formAdd);
            $blogLayout = $tpl->get_template('blog/layout.tpl');
        } else {
            api_not_allowed();
        }
        break;
    case 'view_post':
        $postArticle = Blog::getSinglePost($blog_id, $_GET['post_id']);
        $tpl->assign('post', $postArticle);
        $blogLayout = $tpl->get_template('blog/post.tpl');
        break;
    case 'edit_post':
        $task_id = (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0;
        if (api_is_allowed('BLOG_'.$blog_id, 'article_edit', $task_id)) {
            // we show the form if
            // 1. no post data
            // 2. there is post data and the required field is empty
            if (!$_POST || (!empty($_POST) && empty($_POST['post_title']))) {
                // if there is post data there is certainly an error in the form
                $formEdit = Blog::displayPostEditForm($blog_id, intval($_GET['post_id']));
                $tpl->assign('content', $formEdit);
                $blogLayout = $tpl->get_template('blog/layout.tpl');

                if ($_POST) {
                    $post = Blog::getSinglePost($blog_id, intval($_GET['post_id']));
                    $tpl->assign('post', $post);
                    $blogLayout = $tpl->get_template('blog/post.tpl');
                }
            }
        } else {
            api_not_allowed();
        }

        break;
    case 'manage_members':
        $manage = null;
        if (api_is_allowed('BLOG_'.$blog_id, 'member_management')) {
            $manage .= Blog::displayUserSubscriptionForm($blog_id);
            $manage .= Blog::displayUserUnsubscriptionForm($blog_id);
        } else {
            api_not_allowed();
        }
        $tpl->assign('content', $manage);
        $blogLayout = $tpl->get_template('blog/layout.tpl');
        break;
    case 'manage_rights':
        $manage = Blog::displayUserRightsForm($blog_id);
        $tpl->assign('content', $manage);
        $blogLayout = $tpl->get_template('blog/layout.tpl');
        break;
    case 'manage_tasks':
        if (api_is_allowed('BLOG_'.$blog_id, 'task_management')) {
            $task = null;
            if (isset($_GET['do']) && $_GET['do'] === 'add') {
                $task .= Blog::displayTaskCreateForm($blog_id);
            }
            if (isset($_GET['do']) && $_GET['do'] === 'assign') {
                $task .= Blog::displayTaskAssignmentForm($blog_id);
            }
            if (isset($_GET['do']) && $_GET['do'] === 'edit') {
                $task .= Blog::displayTaskEditForm(
                    $blog_id,
                    intval($_GET['task_id'])
                );
            }
            if (isset($_GET['do']) && $_GET['do'] === 'edit_assignment') {
                $task .= Blog::displayAssignedTaskEditForm(
                    $blog_id,
                    intval($_GET['task_id']),
                    intval($_GET['user_id'])
                );
            }
            $task .= Blog::displayTasksList($blog_id);
            $task .= Blog::displayAssignedTasksList($blog_id);
            $tpl->assign('content', $task);
            $blogLayout = $tpl->get_template('blog/layout.tpl');
        } else {
            api_not_allowed();
        }
        break;
    case 'execute_task':
        if (isset($_GET['post_id'])) {
            $post = Blog::getSinglePost($blog_id, $_GET['post_id']);
            $tpl->assign('post', $post);
            $blogLayout = $tpl->get_template('blog/post.tpl');
        } else {
            $taskPost = Blog::displayPostSelectionForTask($blog_id, intval($_GET['task_id']));
            $tpl->assign('content', $taskPost);
            $blogLayout = $tpl->get_template('blog/layout.tpl');
        }
        break;
    case 'view_search_result':
        $listArticles = Blog::getSearchResults($blog_id, Database::escape_string($_GET['q']));
        $titleSearch = get_lang('SearchResults');
        $tpl->assign('search', $titleSearch);
        $tpl->assign('articles', $listArticles);
        $blogLayout = $tpl->get_template('blog/blog.tpl');
        break;
    case '':
    default:
        if (isset($_GET['filter']) && !empty($_GET['filter'])) {
            $listArticles = Blog::getDailyResults($blog_id, Database::escape_string($_GET['filter']));
            $dateSearch = api_format_date($_GET['filter'], DATE_FORMAT_LONG);
            $titleSearch = get_lang('PostsOf').' '.$dateSearch;
            $tpl->assign('search', $titleSearch);
            $tpl->assign('articles', $listArticles);
            $blogLayout = $tpl->get_template('blog/blog.tpl');
        } else {
            $listArticles = Blog::getPosts($blog_id);
            $tpl->assign('articles', $listArticles);
            $blogLayout = $tpl->get_template('blog/blog.tpl');
        }
        break;
}

$content = $tpl->fetch($blogLayout);
$tpl->assign('course_code', api_get_course_id());
$tpl->assign('session_id', api_get_session_id());
if ($actionsLeft) {
    $tpl->assign(
        'actions',
        Display::return_introduction_section(TOOL_BLOGS."_$blog_id")
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
            .Display::toolbarAction('toolbar', [$actionsLeft])
    );
}

$tpl->assign('content', $content);
$tpl->display_one_col_template();


1			<?php
2
3			/* For licensing terms, see /license.txt */
4			/**
5			* BLOG HOMEPAGE
6			* This file takes care of all blog navigation and displaying.
7			*/
8			require_once __DIR__.'/../inc/global.inc.php';
9
10			$blog_id = isset($_GET['blog_id']) ? (int) $_GET['blog_id'] : 0;
11
12			if (empty($blog_id)) {
13			api_not_allowed(true);
14			}
15
16			$this_section = SECTION_COURSES;
17			$current_course_tool = TOOL_BLOGS;
18
19			/* ACCESS RIGHTS */
20			// notice for unauthorized people.
21			api_protect_course_script(true);
22
23			$lib_path = api_get_path(LIBRARY_PATH);
24			$blog_table_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT);
25
26			$nameTools = get_lang('Blogs');
27			$DaysShort = api_get_week_days_short();
28			$DaysLong = api_get_week_days_long();
29			$MonthsLong = api_get_months_long();
30
31			$action = isset($_GET['action']) ? $_GET['action'] : null;
32			$safe_post_file_comment = isset($_POST['post_file_comment']) ? Security::remove_XSS($_POST['post_file_comment']) : null;
33			$safe_comment_text = isset($_POST['comment_text']) ? Security::remove_XSS($_POST['comment_text']) : null;
34			$safe_comment_title = isset($_POST['comment_title']) ? Security::remove_XSS($_POST['comment_title']) : null;
35			$safe_task_name = isset($_POST['task_name']) ? Security::remove_XSS($_POST['task_name']) : null;
36			$safe_task_description = isset($_POST['task_description']) ? Security::remove_XSS($_POST['task_description']) : null;
37
38			if (!empty($_POST['edit_post_submit'])) {
39			Blog::editPost(
40			$_POST['post_id'],
41			$_POST['title'],
42			$_POST['full_text'],
43			$blog_id
44			);
45			Display::addFlash(
46			Display::return_message(get_lang('BlogEdited'), 'success')
47			);
48			}
49
50			if (!empty($_POST['new_task_submit'])) {
51			Blog::addTask(
52			$blog_id,
53			$safe_task_name,
54			$safe_task_description,
55			(isset($_POST['chkArticleDelete']) ? $_POST['chkArticleDelete'] : null),
56			(isset($_POST['chkArticleEdit']) ? $_POST['chkArticleEdit'] : null),
57			(isset($_POST['chkCommentsDelete']) ? $_POST['chkCommentsDelete'] : null),
58			(isset($_POST['task_color']) ? $_POST['task_color'] : null)
59			);
60
61			Display::addFlash(
62			Display::return_message(get_lang('TaskCreated'), 'success')
63			);
64			}
65
66			if (isset($_POST['edit_task_submit'])) {
67			Blog::editTask(
68			$_POST['blog_id'],
69			$_POST['task_id'],
70			$safe_task_name,
71			$safe_task_description,
72			$_POST['chkArticleDelete'],
73			$_POST['chkArticleEdit'],
74			$_POST['chkCommentsDelete'],
75			$_POST['task_color']
76			);
77			Display::addFlash(
78			Display::return_message(get_lang('TaskEdited'), 'success')
79			);
80			}
81
82			if (!empty($_POST['assign_task_submit'])) {
83			Blog::assignTask(
84			$blog_id,
85			$_POST['task_user_id'],
86			$_POST['task_task_id'],
87			$_POST['task_day']
88			);
89			Display::addFlash(
90			Display::return_message(get_lang('TaskAssigned'), 'success')
91			);
92			}
93
94			if (isset($_POST['assign_task_edit_submit'])) {
95			Blog::updateAssignedTask(
96			$blog_id,
97			$_POST['task_user_id'],
98			$_POST['task_task_id'],
99			$_POST['task_day'],
100			$_POST['old_user_id'],
101			$_POST['old_task_id'],
102			$_POST['old_target_date']
103			);
104			Display::addFlash(
105			Display::return_message(get_lang('AssignedTaskEdited'), 'success')
106			);
107			}
108			if (!empty($_POST['register'])) {
109			if (isset($_POST['user']) && is_array($_POST['user'])) {
110			foreach ($_POST['user'] as $index => $user_id) {
111			Blog::subscribeUser((int) $_GET['blog_id'], $user_id);
112			}
113			}
114			}
115			if (!empty($_POST['unregister'])) {
116			if (isset($_POST['user']) && is_array($_POST['user'])) {
117			foreach ($_POST['user'] as $index => $user_id) {
118			Blog::unsubscribeUser($_GET['blog_id'], $user_id);
119			}
120			}
121			}
122			if (!empty($_GET['register'])) {
123			Blog::subscribeUser((int) $_GET['blog_id'], (int) $_GET['user_id']);
124			Display::addFlash(
125			Display::return_message(get_lang('UserRegistered'), 'success')
126			);
127			$flag = 1;
128			}
129			if (!empty($_GET['unregister'])) {
130			Blog::unsubscribeUser($_GET['blog_id'], $_GET['user_id']);
131			}
132
133			if (isset($_GET['action']) && $_GET['action'] === 'manage_tasks') {
134			if (isset($_GET['do']) && $_GET['do'] === 'delete') {
135			Blog::deleteTask($blog_id, (int) $_GET['task_id']);
136			Display::addFlash(
137			Display::return_message(get_lang('TaskDeleted'), 'success')
138			);
139			}
140
141			if (isset($_GET['do']) && $_GET['do'] === 'delete_assignment') {
142			Blog::deleteAssignedTask($blog_id, intval($_GET['task_id']), intval($_GET['user_id']));
143			Display::addFlash(
144			Display::return_message(get_lang('TaskAssignmentDeleted'), 'success')
145			);
146			}
147			}
148
149			if (isset($_GET['action']) && $_GET['action'] === 'view_post') {
150			$task_id = (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0;
151
152			if (isset($_GET['do']) && $_GET['do'] === 'delete_comment') {
153			if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_delete', $task_id)) {
154			Blog::deleteComment($blog_id, (int) $_GET['post_id'], (int) $_GET['comment_id']);
155			Display::addFlash(
156			Display::return_message(get_lang('CommentDeleted'), 'success')
157			);
158			} else {
159			Display::addFlash(
160			Display::return_message(get_lang('ActionNotAllowed'), 'error')
161			);
162			}
163			}
164
165			if (isset($_GET['do']) && $_GET['do'] === 'delete_article') {
166			if (api_is_allowed('BLOG_'.$blog_id, 'article_delete', $task_id)) {
167			Blog::deletePost($blog_id, (int) $_GET['article_id']);
168			$action = ''; // Article is gone, go to blog home
169			Display::addFlash(
170			Display::return_message(get_lang('BlogDeleted'), 'success')
171			);
172			} else {
173			Display::addFlash(
174			Display::return_message(get_lang('ActionNotAllowed'), 'error')
175			);
176			}
177			}
178			if (isset($_GET['do']) && $_GET['do'] === 'rate') {
179			if (isset($_GET['type']) && $_GET['type'] === 'post') {
180			if (api_is_allowed('BLOG_'.$blog_id, 'article_rate')) {
181			Blog::addRating('post', $blog_id, (int) $_GET['post_id'], (int) $_GET['rating']);
182			Display::addFlash(
183			Display::return_message(get_lang('RatingAdded'), 'success')
184			);
185			}
186			}
187			if (isset($_GET['type']) && $_GET['type'] === 'comment') {
188			if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_add')) {
189			Blog::addRating('comment', $blog_id, (int) $_GET['comment_id'], (int) $_GET['rating']);
190			Display::addFlash(
191			Display::return_message(get_lang('RatingAdded'), 'success')
192			);
193			}
194			}
195			}
196			}
197			/*
198			DISPLAY
199			*/
200
201			// Set breadcrumb
202			switch ($action) {
203			case 'new_post':
204			$nameTools = get_lang('NewPost');
205			break;
206			case 'view_post':
207			$nameTools = '';
208			break;
209			case 'manage_tasks':
210			$nameTools = get_lang('TaskManager');
211			break;
212			case 'manage_members':
213			$nameTools = get_lang('MemberManager');
214			break;
215			case 'manage_rights':
216			$nameTools = get_lang('RightsManager');
217			break;
218			case 'view_search_result':
219			$nameTools = get_lang('SearchResults');
220			break;
221			case 'execute_task':
222			$nameTools = get_lang('ExecuteThisTask');
223			break;
224			default:
225			$nameTools = Blog::getBlogTitle($blog_id);
226			}
227			$interbreadcrumb[] = [
228			'url' => "blog.php?blog_id=$blog_id&".api_get_cidreq(),
229			'name' => Blog::getBlogTitle($blog_id),
230			];
231
232			$actionsLeft = Display::url(
233			Display::return_icon('blog.png', get_lang('Home'), '', ICON_SIZE_MEDIUM),
234			api_get_self().'?blog_id='.$blog_id.'&'.api_get_cidreq()
235			);
236			if (api_is_allowed('BLOG_'.$blog_id, 'article_add')) {
237			$actionsLeft .= Display::url(
238			Display::return_icon('new_article.png', get_lang('NewPost'), '', ICON_SIZE_MEDIUM),
239			api_get_self().'?action=new_post&blog_id='.$blog_id.'&'.api_get_cidreq()
240			);
241			}
242			if (api_is_allowed('BLOG_'.$blog_id, 'task_management')) {
243			$actionsLeft .= Display::url(
244			Display::return_icon('blog_tasks.png', get_lang('TaskManager'), '', ICON_SIZE_MEDIUM),
245			api_get_self().'?action=manage_tasks&blog_id='.$blog_id.'&'.api_get_cidreq()
246			);
247			}
248			if (api_is_allowed('BLOG_'.$blog_id, 'member_management')) {
249			$actionsLeft .= Display::url(
250			Display::return_icon('blog_admin_users.png', get_lang('MemberManager'), '', ICON_SIZE_MEDIUM),
251			api_get_self().'?action=manage_members&blog_id='.$blog_id.'&'.api_get_cidreq()
252			);
253			}
254
255			$titleBlog = Blog::getBlogTitle($blog_id);
256			$descriptionBlog = Blog::getBlogSubtitle($blog_id);
257			$idBlog = $blog_id;
258			$searchBlog = isset($_GET['q']) ? Security::remove_XSS($_GET['q']) : '';
259			//calendar blog
260			$month = isset($_GET['month']) ? (int) $_GET['month'] : (int) date('m');
261			$year = isset($_GET['year']) ? (int) $_GET['year'] : date('Y');
262			$calendarBlog = Blog::displayMiniMonthCalendar($month, $year, $blog_id);
263			$taskBlog = Blog::getPersonalTasksList();
264
265			if (isset($flag) && $flag == '1') {
266			$action = "manage_tasks";
267			Blog::displayTaskAssignmentForm($blog_id);
268			}
269
270			$user_task = false;
271			$course_id = api_get_course_int_id();
272
273			if (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) {
274			$task_id = (int) $_GET['task_id'];
275			} else {
276			$task_id = 0;
277			$tbl_blogs_tasks_rel_user = Database::get_course_table(TABLE_BLOGS_TASKS_REL_USER);
278
279			$sql = "SELECT COUNT(*) as number
280			FROM ".$tbl_blogs_tasks_rel_user."
281			WHERE
282			c_id = $course_id AND
283			blog_id = ".$blog_id." AND
284			user_id = ".api_get_user_id()." AND
285			task_id = ".$task_id;
286
287			$result = Database::query($sql);
288			$row = Database::fetch_array($result);
289
290			if ($row['number'] == 1) {
291			$user_task = true;
292			}
293			}
294
295			$tpl = new Template($nameTools);
296			$tpl->setHelp('Blogs');
297			$tpl->assign('title', $titleBlog);
298			$tpl->assign('description', $descriptionBlog);
299			$tpl->assign('id_blog', $idBlog);
300			$tpl->assign('calendar', $calendarBlog);
301			$tpl->assign('search', $searchBlog);
302			$tpl->assign('task', $taskBlog);
303			$tpl->assign('blog_url', $taskBlog);
304			$blogLayout = null;
305
306			switch ($action) {
307			case 'new_post':
308			$formAdd = '';
309			if (api_is_allowed('BLOG_'.$blog_id, 'article_add', $user_task ? $task_id : 0)) {
310			$formAdd = Blog::displayPostCreateForm($blog_id);
311			$tpl->assign('content', $formAdd);
312			$blogLayout = $tpl->get_template('blog/layout.tpl');
313			} else {
314			api_not_allowed();
315			}
316			break;
317			case 'view_post':
318			$postArticle = Blog::getSinglePost($blog_id, $_GET['post_id']);
319			$tpl->assign('post', $postArticle);
320			$blogLayout = $tpl->get_template('blog/post.tpl');
321			break;
322			case 'edit_post':
323			$task_id = (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0;
324			if (api_is_allowed('BLOG_'.$blog_id, 'article_edit', $task_id)) {
325			// we show the form if
326			// 1. no post data
327			// 2. there is post data and the required field is empty
328			if (!$_POST \|\| (!empty($_POST) && empty($_POST['post_title']))) {
329			// if there is post data there is certainly an error in the form
330			$formEdit = Blog::displayPostEditForm($blog_id, intval($_GET['post_id']));
331			$tpl->assign('content', $formEdit);
332			$blogLayout = $tpl->get_template('blog/layout.tpl');
333
334			if ($_POST) {
335			$post = Blog::getSinglePost($blog_id, intval($_GET['post_id']));
336			$tpl->assign('post', $post);
337			$blogLayout = $tpl->get_template('blog/post.tpl');
338			}
339			}
340			} else {
341			api_not_allowed();
342			}
343
344			break;
345			case 'manage_members':
346			$manage = null;
347			if (api_is_allowed('BLOG_'.$blog_id, 'member_management')) {
348			$manage .= Blog::displayUserSubscriptionForm($blog_id);
349			$manage .= Blog::displayUserUnsubscriptionForm($blog_id);
350			} else {
351			api_not_allowed();
352			}
353			$tpl->assign('content', $manage);
354			$blogLayout = $tpl->get_template('blog/layout.tpl');
355			break;
356			case 'manage_rights':
357			$manage = Blog::displayUserRightsForm($blog_id);
358			$tpl->assign('content', $manage);
359			$blogLayout = $tpl->get_template('blog/layout.tpl');
360			break;
361			case 'manage_tasks':
362			if (api_is_allowed('BLOG_'.$blog_id, 'task_management')) {
363			$task = null;
364			if (isset($_GET['do']) && $_GET['do'] === 'add') {
365			$task .= Blog::displayTaskCreateForm($blog_id);
366			}
367			if (isset($_GET['do']) && $_GET['do'] === 'assign') {
368			$task .= Blog::displayTaskAssignmentForm($blog_id);
369			}
370			if (isset($_GET['do']) && $_GET['do'] === 'edit') {
371			$task .= Blog::displayTaskEditForm(
372			$blog_id,
373			intval($_GET['task_id'])
374			);
375			}
376			if (isset($_GET['do']) && $_GET['do'] === 'edit_assignment') {
377			$task .= Blog::displayAssignedTaskEditForm(
378			$blog_id,
379			intval($_GET['task_id']),
380			intval($_GET['user_id'])
381			);
382			}
383			$task .= Blog::displayTasksList($blog_id);
384			$task .= Blog::displayAssignedTasksList($blog_id);
385			$tpl->assign('content', $task);
386			$blogLayout = $tpl->get_template('blog/layout.tpl');
387			} else {
388			api_not_allowed();
389			}
390			break;
391			case 'execute_task':
392			if (isset($_GET['post_id'])) {
393			$post = Blog::getSinglePost($blog_id, $_GET['post_id']);
394			$tpl->assign('post', $post);
395			$blogLayout = $tpl->get_template('blog/post.tpl');
396			} else {
397			$taskPost = Blog::displayPostSelectionForTask($blog_id, intval($_GET['task_id']));
398			$tpl->assign('content', $taskPost);
399			$blogLayout = $tpl->get_template('blog/layout.tpl');
400			}
401			break;
402			case 'view_search_result':
403			$listArticles = Blog::getSearchResults($blog_id, Database::escape_string($_GET['q']));
404			$titleSearch = get_lang('SearchResults');
405			$tpl->assign('search', $titleSearch);
406			$tpl->assign('articles', $listArticles);
407			$blogLayout = $tpl->get_template('blog/blog.tpl');
408			break;
409			case '':
410			default:
411			if (isset($_GET['filter']) && !empty($_GET['filter'])) {
412			$listArticles = Blog::getDailyResults($blog_id, Database::escape_string($_GET['filter']));
413			$dateSearch = api_format_date($_GET['filter'], DATE_FORMAT_LONG);
414			$titleSearch = get_lang('PostsOf').' '.$dateSearch;
415			$tpl->assign('search', $titleSearch);
416			$tpl->assign('articles', $listArticles);
417			$blogLayout = $tpl->get_template('blog/blog.tpl');
418			} else {
419			$listArticles = Blog::getPosts($blog_id);
420			$tpl->assign('articles', $listArticles);
421			$blogLayout = $tpl->get_template('blog/blog.tpl');
422			}
423			break;
424			}
425
426			$content = $tpl->fetch($blogLayout);
427			$tpl->assign('course_code', api_get_course_id());
428			$tpl->assign('session_id', api_get_session_id());
429			if ($actionsLeft) {
430			$tpl->assign(
431			'actions',
432			Display::return_introduction_section(TOOL_BLOGS."_$blog_id")
			0 ignored issues – show Bug introduced 2018-09-03 15:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the usage of `Display::return_introduc...L_BLOGS . '_'.$blog_id)` targeting `Display::return_introduction_section()` seems to always return null. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
433			.Display::toolbarAction('toolbar', [$actionsLeft])
434			);
435			}
436
437			$tpl->assign('content', $content);
438			$tpl->display_one_col_template();
439

chamilo / chamilo-lms

Issues (2029)

main/blog/blog.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like