} } } elseif ($action == "assessmentupdate") { if ($filterxsshtml) { require_once "../classes/inputfilter/class.inputfilter_clean.php"; $myFilter = new InputFilter('', '', 1, 1, 1); } foreach ($assessmentlangs as $assessmentlang) { if (!isset($_POST['gid'])) { $_POST['gid'] = 0; } if ($filterxsshtml) { $_POST['name_' . $assessmentlang] = $myFilter->process($_POST['name_' . $assessmentlang]); $_POST['assessmentmessage_' . $assessmentlang] = $myFilter->process($_POST['assessmentmessage_' . $assessmentlang]); } $query = "UPDATE {$dbprefix}assessments\n\t\t\t SET scope='" . db_quote($_POST['scope'], true) . "',\n\t\t\t gid=" . sanitize_int($_POST['gid']) . ",\n\t\t\t minimum='" . sanitize_signedint($_POST['minimum']) . "',\n\t\t\t maximum='" . sanitize_signedint($_POST['maximum']) . "',\n\t\t\t name='" . db_quote($_POST['name_' . $assessmentlang], true) . "',\n\t\t\t message='" . db_quote($_POST['assessmentmessage_' . $assessmentlang], true) . "'\n\t\t\t WHERE language='{$assessmentlang}' and id=" . sanitize_int($_POST['id']); $result = $connect->Execute($query) or safe_die("Error updating<br />{$query}<br />" . $connect->ErrorMsg()); } } elseif ($action == "assessmentdelete") { $query = "DELETE FROM {$dbprefix}assessments\n\t\t\t\t WHERE id=" . sanitize_int($_POST['id']); $result = $connect->Execute($query); } $assessmentsoutput = PrepareEditorScript(); $assessmentsoutput .= "<script type=\"text/javascript\">\n <!-- \n var strnogroup='" . $clang->gT("There are no groups available.", "js") . "';\n --></script>\n"; $assessmentsoutput .= "<div class='menubar'>\n" . "\t<div class='menubar-title'>\n" . "<strong>" . $clang->gT("Assessments") . "</strong>\n"; $assessmentsoutput .= "\t</div>\n" . "\t<div class='menubar-main'>\n" . "<div class='menubar-left'>\n" . "\t<a href=\"#\" onclick=\"window.open('{$scriptname}?sid={$surveyid}', '_top')\" title='" . $clang->gTview("Return to survey administration") . "'>" . "<img name='Administration' src='{$imagefiles}/home.png' alt='" . $clang->gT("Return to survey administration") . "' /></a>\n" . "\t<img src='{$imagefiles}/blank.gif' alt='' width='11' />\n" . "\t<img src='{$imagefiles}/seperator.gif' alt='' />\n"; if ($surveyinfo['assessments'] != 'Y') { $assessmentsoutput .= '<span style="font-size:11px;">' . sprintf($clang->gT("Notice: Assessment mode for this survey is not activated. You can activate it in the %s survey settings %s (tab 'Notification & data management')."), '<a href="admin.php?action=editsurvey&sid=' . $surveyid . '">', '</a>') . '</span>'; } $assessmentsoutput .= "</div>\n" . "\t</div>\n" . "</div>\n"; $assessmentsoutput .= "<p style='margin:0;font-size:1px;line-height:1px;height:1px;'> </p>";
} foreach ($assessmentlangs as $assessmentlang) { if (!isset($_POST['gid'])) $_POST['gid']=0; if ($filterxsshtml) { $_POST['name_'.$assessmentlang]=$myFilter->process($_POST['name_'.$assessmentlang]); $_POST['assessmentmessage_'.$assessmentlang]=$myFilter->process($_POST['assessmentmessage_'.$assessmentlang]); } $query = "UPDATE {$dbprefix}assessments SET scope='".db_quote($_POST['scope'],true)."', gid=".sanitize_int($_POST['gid']).", minimum='".sanitize_signedint($_POST['minimum'])."', maximum='".sanitize_signedint($_POST['maximum'])."', name='".db_quote($_POST['name_'.$assessmentlang],true)."', message='".db_quote($_POST['assessmentmessage_'.$assessmentlang],true)."' WHERE language='$assessmentlang' and id=".sanitize_int($_POST['id']); $result = $connect->Execute($query) or safe_die("Error updating<br />$query<br />".$connect->ErrorMsg()); } } elseif ($action == "assessmentdelete" && bHasSurveyPermission($surveyid, 'assessments','delete')) { $query = "DELETE FROM {$dbprefix}assessments WHERE id=".sanitize_int($_POST['id']); $result=$connect->Execute($query); } if (bHasSurveyPermission($surveyid, 'assessments','read')) { $assessmentsoutput=PrepareEditorScript();