/** * This function saves a new wiki page. * @author Patrick Cool <*****@*****.**>, Ghent University * @todo consider merging this with the function save_wiki into one single function. * @return string Message of success **/ function save_new_wiki() { global $charset; global $tbl_wiki; global $assig_user_id; //need for assignments mode global $tbl_wiki_conf; global $page; // cleaning the variables $_clean['assignment'] = Database::escape_string($_POST['assignment']); // session_id $session_id = api_get_session_id(); if ($_clean['assignment'] == 2 || $_clean['assignment'] == 1) { // Unlike ordinary pages of pages of assignments. Allow create a ordinary page although there is a assignment with the same name $page = str_replace(' ', '_', $_POST['title'] . "_uass" . $assig_user_id); } else { $page = str_replace(' ', '_', $_POST['title']); } $_clean['reflink'] = Database::escape_string(strip_tags(api_htmlentities($page))); $_clean['title'] = Database::escape_string(strip_tags(trim($_POST['title']))); $_clean['content'] = Database::escape_string($_POST['content']); if (api_get_setting('htmlpurifier_wiki') == 'true') { $purifier = new HTMLPurifier(); $_clean['content'] = $purifier->purify($_clean['content']); } //re-check after strip_tags if the title is empty if (empty($_clean['title']) || empty($_clean['reflink'])) { return false; } if ($_clean['assignment'] == 2) { //config by default for individual assignment (students) $_clean['user_id'] = (int) Database::escape_string($assig_user_id); //Identifies the user as a creator, not the teacher who created $_clean['visibility'] = 0; $_clean['visibility_disc'] = 0; $_clean['ratinglock_disc'] = 0; } else { $_clean['user_id'] = api_get_user_id(); $_clean['visibility'] = 1; $_clean['visibility_disc'] = 1; $_clean['ratinglock_disc'] = 1; } $_clean['comment'] = Database::escape_string($_POST['comment']); $_clean['progress'] = Database::escape_string($_POST['progress']); $_clean['version'] = 1; if (isset($_SESSION['_gid'])) { $_clean['group_id'] = (int) $_SESSION['_gid']; } if (isset($_GET['group_id'])) { $_clean['group_id'] = (int) Database::escape_string($_GET['group_id']); } $_clean['linksto'] = links_to($_clean['content']); //check wikilinks //cleaning config variables $_clean['task'] = Database::escape_string($_POST['task']); $_clean['feedback1'] = Database::escape_string($_POST['feedback1']); $_clean['feedback2'] = Database::escape_string($_POST['feedback2']); $_clean['feedback3'] = Database::escape_string($_POST['feedback3']); $_clean['fprogress1'] = Database::escape_string($_POST['fprogress1']); $_clean['fprogress2'] = Database::escape_string($_POST['fprogress2']); $_clean['fprogress3'] = Database::escape_string($_POST['fprogress3']); if ($_POST['initstartdate'] == 1) { $_clean['startdate_assig'] = Database::escape_string(get_date_from_select('startdate_assig')); } else { $_clean['startdate_assig'] = Database::escape_string($_POST['startdate_assig']); } if ($_POST['initenddate'] == 1) { $_clean['enddate_assig'] = Database::escape_string(get_date_from_select('enddate_assig')); } else { $_clean['enddate_assig'] = Database::escape_string($_POST['enddate_assig']); } $_clean['delayedsubmit'] = Database::escape_string($_POST['delayedsubmit']); $_clean['max_text'] = Database::escape_string($_POST['max_text']); $_clean['max_version'] = Database::escape_string($_POST['max_version']); $course_id = api_get_course_int_id(); //filter no _uass if (api_eregi('_uass', $_POST['title']) || (api_strtoupper(trim($_POST['title'])) == 'INDEX' || api_strtoupper(trim(api_htmlentities($_POST['title'], ENT_QUOTES, $charset))) == api_strtoupper(api_htmlentities(get_lang('DefaultTitle'), ENT_QUOTES, $charset)))) { $message = get_lang('GoAndEditMainPage'); Display::display_warning_message($message, false); } else { $var = $_clean['reflink']; $group_id = Security::remove_XSS($_GET['group_id']); if (!checktitle($var)) { return get_lang('WikiPageTitleExist') . '<a href="index.php?action=edit&title=' . $var . '&group_id=' . $group_id . '">' . $_POST['title'] . '</a>'; } else { $dtime = date("Y-m-d H:i:s"); $sql = "INSERT INTO " . $tbl_wiki . " (c_id, reflink, title, content, user_id, group_id, dtime, visibility, visibility_disc, ratinglock_disc, assignment, comment, progress, version, linksto, user_ip, session_id) VALUES\n \t\t({$course_id}, '" . $_clean['reflink'] . "','" . $_clean['title'] . "','" . $_clean['content'] . "','" . $_clean['user_id'] . "','" . $_clean['group_id'] . "','" . $dtime . "','" . $_clean['visibility'] . "','" . $_clean['visibility_disc'] . "','" . $_clean['ratinglock_disc'] . "','" . $_clean['assignment'] . "','" . $_clean['comment'] . "','" . $_clean['progress'] . "','" . $_clean['version'] . "','" . $_clean['linksto'] . "','" . Database::escape_string($_SERVER['REMOTE_ADDR']) . "', '" . Database::escape_string($session_id) . "')"; $result = Database::query($sql); $Id = Database::insert_id(); if ($Id > 0) { //insert into item_property api_item_property_update(api_get_course_info(), TOOL_WIKI, $Id, 'WikiAdded', api_get_user_id(), $_clean['group_id']); } $sql = 'UPDATE ' . $tbl_wiki . ' SET page_id="' . $Id . '" WHERE c_id = ' . $course_id . ' AND id="' . $Id . '"'; Database::query($sql); //insert wiki config $sql = "INSERT INTO " . $tbl_wiki_conf . " (c_id, page_id, task, feedback1, feedback2, feedback3, fprogress1, fprogress2, fprogress3, max_text, max_version, startdate_assig, enddate_assig, delayedsubmit) VALUES\n \t\t({$course_id}, '" . $Id . "','" . $_clean['task'] . "','" . $_clean['feedback1'] . "','" . $_clean['feedback2'] . "','" . $_clean['feedback3'] . "','" . $_clean['fprogress1'] . "','" . $_clean['fprogress2'] . "','" . $_clean['fprogress3'] . "','" . $_clean['max_text'] . "','" . $_clean['max_version'] . "','" . $_clean['startdate_assig'] . "','" . $_clean['enddate_assig'] . "','" . $_clean['delayedsubmit'] . "')"; Database::query($sql); check_emailcue(0, 'A'); return get_lang('NewWikiSaved'); } } //end filter no _uass }
$end_date = get_date_from_select('expires'); $date = $end_date; } $description = isset($_POST['description']) ? $_POST['description'] : ''; $content = '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&curdirpath=' . api_substr($dir_name_sql, 1) . '" >' . $_POST['new_dir'] . '</a>' . $description; $agenda_id = agenda_add_item($course_info, $title, $content, $date, $end_date, array('GROUP:' . $group_id), 0); } } //Folder created api_item_property_update($course_info, 'work', $id, 'DirectoryCreated', $user_id, $group_id); Display::display_confirmation_message(get_lang('DirectoryCreated'), false); // insert into student_publication_assignment //return something like this: 2008-02-45 00:00:00 $enable_calification = isset($_POST['qualification_value']) && !empty($_POST['qualification_value']) ? 1 : 0; if (!empty($_POST['type1']) || !empty($_POST['type2'])) { $sql_add_homework = "INSERT INTO {$TSTDPUBASG} SET\n c_id = {$course_id} ,\n expires_on \t\t= '" . (isset($_POST['type1']) && $_POST['type1'] == 1 ? api_get_utc_datetime(get_date_from_select('expires')) : '0000-00-00 00:00:00') . "',\n ends_on \t \t\t= '" . (isset($_POST['type2']) && $_POST['type2'] == 1 ? api_get_utc_datetime(get_date_from_select('ends')) : '0000-00-00 00:00:00') . "',\n add_to_calendar \t\t= '{$agenda_id}',\n enable_qualification \t= '{$enable_calification}',\n publication_id \t\t\t= '{$id}'"; Database::query($sql_add_homework); $my_last_id = Database::insert_id(); $sql_add_publication = "UPDATE {$work_table} SET has_properties = {$my_last_id} , view_properties = 1 WHERE c_id = {$course_id} AND id = {$id}"; Database::query($sql_add_publication); } else { $sql_add_homework = "INSERT INTO {$TSTDPUBASG} SET\n c_id = {$course_id} ,\n expires_on = '0000-00-00 00:00:00',\n ends_on = '0000-00-00 00:00:00',\n add_to_calendar = '{$agenda_id}',\n enable_qualification = '" . $enable_calification . "',\n publication_id = '" . $id . "'"; Database::query($sql_add_homework); $inserted_id = Database::insert_id(); $sql_add_publication = "UPDATE {$work_table} SET has_properties = {$inserted_id}, view_properties = 0 WHERE c_id = {$course_id} AND id = {$id}"; Database::query($sql_add_publication); } if (!empty($_POST['category_id'])) { if (isset($_POST['make_calification']) && $_POST['make_calification'] == 1) { require_once api_get_path(SYS_CODE_PATH) . 'gradebook/lib/be/gradebookitem.class.php'; require_once api_get_path(SYS_CODE_PATH) . 'gradebook/lib/be/evaluation.class.php';
} elseif (!double_post($_POST['wpost_id'])) { //double post } elseif ($_POST['version'] != '' && $_SESSION['_version'] != 0 && $_POST['version'] != $_SESSION['_version']) { //prevent concurrent users and double version Display::display_error_message(get_lang("EditedByAnotherUser")); } else { $return_message = save_wiki(); Display::display_confirmation_message($return_message, false); } } //saving a new wiki entry echo '<div style="overflow:hidden">'; if (isset($_POST['SaveWikiNew'])) { if (empty($_POST['title'])) { Display::display_error_message(get_lang("NoWikiPageTitle")); } elseif (strtotime(get_date_from_select('startdate_assig')) > strtotime(get_date_from_select('enddate_assig'))) { Display::display_error_message(get_lang("EndDateCannotBeBeforeTheStartDate")); } elseif (!double_post($_POST['wpost_id'])) { //double post } else { $_clean['assignment'] = Database::escape_string($_POST['assignment']); // for mode assignment if ($_clean['assignment'] == 1) { auto_add_page_users($_clean['assignment']); } else { $return_message = save_new_wiki(); if ($return_message == false) { Display::display_error_message(get_lang('NoWikiPageTitle'), false); } else { Display::display_confirmation_message($return_message, false); }