print_single_button("edit.php", NULL, get_string("addnewcourse"), "get");
}
if (!empty($CFG->enablecourserequests)) {
- print_single_button('request.php',NULL, get_string('requestcourse'),"get");
+ print_single_button('pending.php',NULL, get_string('coursespending'),"get");
}
echo "</center>";
print_footer();
<textarea name="rejectnotice" rows="10" cols="50"></textarea><br />
<input type="submit" value="<?php print_string("savechanges");?>" />
<input type="button" value="<?php print_string("cancel"); ?>" onClick="window.location='pending.php';" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey();?>" />
</form>
\ No newline at end of file
$course->shortname .= ' [*]';
$collision = 1;
}
+ //do not output raw html from request, quote html entities using s()!!
$table->data[] = array(((!empty($course->password)) ?
'<img hspace="1" alt="'.$strrequireskey.'" height="16" width="16" border="0" src="'.$CFG->pixpath.'/i/key.gif" />' : ''),
- $course->shortname,$course->fullname,fullname($requester),
- $course->summary,$course->reason,
- '<a href="pending.php?approve='.$course->id.'">'.get_string('approve').'</a> | '
- .'<a href="pending.php?reject='.$course->id.'">'.get_string('reject').'</a>');
+ s($course->shortname),s($course->fullname),fullname($requester),
+ s($course->summary),s($course->reason),
+ '<a href="pending.php?approve='.$course->id.'&sesskey='.sesskey().'">'.get_string('approve').'</a> | '
+ .'<a href="pending.php?reject='.$course->id.'&sesskey='.sesskey().'">'.get_string('reject').'</a>');
}
print_table($table);
if (!empty($collision)) {
require_once("../config.php");
require_once("lib.php");
- $id = required_param('id',PARAM_INT);
-
- $user = optional_param('user', '0', PARAM_INT);
- $sortby = optional_param('sortby', 'default');
- $selectedgroup = optional_param('selectedgroup', '');
- $date = optional_param('date','',PARAM_CLEAN);
- $advancedfilter = optional_param('advancedfilter',0,PARAM_INT);
- $modname = optional_param('modname','' );
- $modid = optional_param('modid','' );
- $modaction = optional_param('modaction','' );
- $chooserecent = optional_param('chooserecent',0,PARAM_INT);
+ $id = required_param('id', PARAM_INT);
+ $user = optional_param('user', '0', PARAM_INT);
+ $sortby = optional_param('sortby', 'default', PARAM_ALPHA);
+ $selectedgroup = optional_param('selectedgroup', 0, PARAM_INT);
+ $date = optional_param('date', '', PARAM_INT);
+ $advancedfilter = optional_param('advancedfilter', 0, PARAM_INT);
+ $modname = optional_param('modname', '', PARAM_ALPHA); // not used??
+ $modid = optional_param('modid', 'activity/All', PARAM_FILE); // not a file, but looks like it anyway
+ $modaction = optional_param('modaction', '', PARAM_ALPHA); // not used??
+ $chooserecent = optional_param('chooserecent', 0, PARAM_INT);
if (! $course = get_record("course", "id", $id) ) {
error("That's an invalid course id");
}
- if (!isset($modid)) {
- $modid="activity/All";
- }
$tmpmodid = $modid;
switch ($tmpmodid) {
$groupmode = groupmode($course, $coursemod);
switch ($groupmode) {
case SEPARATEGROUPS : $groupid = mygroupid($course->id); break;
- case VISIBLEGROUPS :
- if ($selectedgroup == "allgroups") {
- $groupid = "";
- } else {
- $groupid = $selectedgroup;
- }
- break;
+ case VISIBLEGROUPS : $groupid = $selectedgroup; break;
case NOGROUPS :
- default : $groupid = "";
+ default : $groupid = 0;
}
$libfile = "$CFG->dirroot/mod/$coursemod->name/lib.php";
<td><input type="submit" value="<?php print_string("savechanges") ?>" /></td>
</tr>
</table>
-<input type="hidden" name="sesskey" value="<?php echo $form->sesskey ?>" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
</form>
\ No newline at end of file
-<?php
+<?php // $Id$
/// this allows a student to request a course be created for them.
- require_once(dirname(dirname(__FILE__)).'/config.php');
+ require_once('../config.php');
require_login();
+ if (isguest()) {
+ error("No guests here!");
+ }
+
if (empty($CFG->enablecourserequests)) {
error(get_string('courserequestdisabled'));
}
print_header($strtitle,$strtitle,$strtitle);
- $form = data_submitted();
- if (!empty($form) && confirm_sesskey()) {
+ if (($form = data_submitted()) and confirm_sesskey()) {
validate_form($form,$err) ;
if (empty($err)) {
}
}
- $form->sesskey = !empty($USER->id) ? $USER->sesskey : '';
-
// print_simple_box(get_string('courserequestintro'),'center');
print_simple_box_start("center");
print_string('courserequestintro');
$err["reason"] = get_string("missingreqreason");
}
- $foundcourses = get_records("course", "shortname", $form->shortname);
- $foundreqcourses = get_records("course_request", "shortname", $form->shortname);
+ $foundcourses = null;
+ $foundreqcourses = null;
+
+ if (!empty($form->shortname)) {
+ $foundcourses = get_records("course", "shortname", $form->shortname);
+ $foundreqcourses = get_records("course_request", "shortname", $form->shortname);
+ }
if (!empty($foundreqcourses)) {
- $foundcourses = array_merge($foundcourses,$foundreqcourses);
+ if (!empty($foundcourses)) {
+ $foundcourses = array_merge($foundcourses,$foundreqcourses);
+ } else {
+ $foundcourses = $foundreqcourses;
+ }
}
if (!empty($foundcourses)) {