Merge branch '1.11.x' of github.com:chamilo/chamilo-lms into 1.11.x

Author: ywarnier

README.md

@@ -204,4 +204,4 @@ In short, we ask you to send us Pull Requests based on a branch that you create
 with this purpose into your repository forked from the original Chamilo repository.
 
 # Documentation
-For more information on Chamilo, visit https://1.11.chamilo.org/documentation/index.html
+For more information on Chamilo, visit https://11.chamilo.org/documentation/index.html

main/admin/index.php

@@ -541,14 +541,20 @@
     }
 
     $blockPlatform['items'] = $items;
-} elseif (api_is_session_admin() && api_get_configuration_value('session_admin_access_system_announcement')) {
+} elseif (api_is_session_admin()) {
     $items = [];
     $items[] = [
-        'class' => 'item-global-announcement',
-        'url' => 'system_announcements.php',
-        'label' => get_lang('SystemAnnouncements'),
+        'class' => 'item-stats',
+        'url' => 'statistics/index.php',
+        'label' => get_lang('Statistics'),
     ];
-
+    if (api_get_configuration_value('session_admin_access_system_announcement')) {
+        $items[] = [
+            'class' => 'item-global-announcement',
+            'url' => 'system_announcements.php',
+            'label' => get_lang('SystemAnnouncements'),
+        ];
+    }
     $blockPlatform['items'] = $items;
 }
 

main/admin/statistics/index.php

@@ -8,7 +8,7 @@
 $cidReset = true;
 
 require_once __DIR__.'/../../inc/global.inc.php';
-api_protect_admin_script();
+api_protect_admin_script(true);
 
 $interbreadcrumb[] = ['url' => '../index.php', 'name' => get_lang('PlatformAdmin')];
 
@@ -18,6 +18,72 @@
 $sessionStatusAllowed = api_get_configuration_value('allow_session_status');
 $invoicingMonth = isset($_GET['invoicing_month']) ? (int) $_GET['invoicing_month'] : '';
 $invoicingYear = isset($_GET['invoicing_year']) ? (int) $_GET['invoicing_year'] : '';
+$tool_name = get_lang('Statistics');
+if (api_is_platform_admin()) {
+    $tools = [
+        get_lang('Courses') => [
+            'report=courses' => get_lang('CountCours'),
+            'report=tools' => get_lang('PlatformToolAccess'),
+            'report=courselastvisit' => get_lang('LastAccess'),
+            'report=coursebylanguage' => get_lang('CountCourseByLanguage'),
+        ],
+        get_lang('Users') => [
+            'report=users' => get_lang('CountUsers'),
+            'report=recentlogins' => get_lang('Logins'),
+            'report=logins&type=month' => get_lang('Logins') . ' (' . get_lang('PeriodMonth') . ')',
+            'report=logins&type=day' => get_lang('Logins') . ' (' . get_lang('PeriodDay') . ')',
+            'report=logins&type=hour' => get_lang('Logins') . ' (' . get_lang('PeriodHour') . ')',
+            'report=pictures' => get_lang('CountUsers') . ' (' . get_lang('UserPicture') . ')',
+            'report=logins_by_date' => get_lang('LoginsByDate'),
+            'report=no_login_users' => get_lang('StatsUsersDidNotLoginInLastPeriods'),
+            'report=zombies' => get_lang('Zombies'),
+            'report=users_active' => get_lang('UserStats'),
+            'report=users_online' => get_lang('UsersOnline'),
+            'report=invoicing' => get_lang('InvoicingByAccessUrl'),
+            'report=duplicated_users' => get_lang('DuplicatedUsers'),
+            'report=duplicated_users_by_mail' => get_lang('DuplicatedUsersByMail'),
+        ],
+        get_lang('System') => [
+            'report=activities' => get_lang('ImportantActivities'),
+            'report=user_session' => get_lang('PortalUserSessionStats'),
+            'report=courses_usage' => get_lang('CoursesUsage'),
+            'report=quarterly_report' => get_lang('QuarterlyReport'),
+        ],
+        get_lang('Social') => [
+            'report=messagereceived' => get_lang('MessagesReceived'),
+            'report=messagesent' => get_lang('MessagesSent'),
+            'report=friends' => get_lang('CountFriends'),
+        ],
+        get_lang('Session') => [
+            'report=session_by_date' => get_lang('SessionsByDate'),
+        ],
+    ];
+
+    if ('true' === api_get_plugin_setting('lti_provider', 'enabled')) {
+        $tools[get_lang('Users')]['report=lti_tool_lp'] = get_lang('LearningPathLTI');
+    }
+} elseif (api_is_session_admin()) {
+    $tools = [
+        get_lang('Session') => [
+            'report=session_by_date' => get_lang('SessionsByDate'),
+        ],
+    ];
+}
+
+// Get list of allowed reports based on role
+$allowedReports = [];
+foreach ($tools as $section => $items) {
+    foreach ($items as $key => $label) {
+        if (preg_match('/report=([a-zA-Z0-9_]+)/', $key, $matches)) {
+            $allowedReports[] = $matches[1];
+        }
+    }
+}
+
+// Ensure current report is valid for this user, or default to first available
+if (!in_array($report, $allowedReports)) {
+    $report = reset($allowedReports);
+}
 
 if (
 in_array(
@@ -334,50 +400,6 @@
     ob_start();
 }
 
-$tool_name = get_lang('Statistics');
-$tools = [
-    get_lang('Courses') => [
-        'report=courses' => get_lang('CountCours'),
-        'report=tools' => get_lang('PlatformToolAccess'),
-        'report=courselastvisit' => get_lang('LastAccess'),
-        'report=coursebylanguage' => get_lang('CountCourseByLanguage'),
-    ],
-    get_lang('Users') => [
-        'report=users' => get_lang('CountUsers'),
-        'report=recentlogins' => get_lang('Logins'),
-        'report=logins&type=month' => get_lang('Logins').' ('.get_lang('PeriodMonth').')',
-        'report=logins&type=day' => get_lang('Logins').' ('.get_lang('PeriodDay').')',
-        'report=logins&type=hour' => get_lang('Logins').' ('.get_lang('PeriodHour').')',
-        'report=pictures' => get_lang('CountUsers').' ('.get_lang('UserPicture').')',
-        'report=logins_by_date' => get_lang('LoginsByDate'),
-        'report=no_login_users' => get_lang('StatsUsersDidNotLoginInLastPeriods'),
-        'report=zombies' => get_lang('Zombies'),
-        'report=users_active' => get_lang('UserStats'),
-        'report=users_online' => get_lang('UsersOnline'),
-        'report=invoicing' => get_lang('InvoicingByAccessUrl'),
-        'report=duplicated_users' => get_lang('DuplicatedUsers'),
-        'report=duplicated_users_by_mail' => get_lang('DuplicatedUsersByMail'),
-    ],
-    get_lang('System') => [
-        'report=activities' => get_lang('ImportantActivities'),
-        'report=user_session' => get_lang('PortalUserSessionStats'),
-        'report=courses_usage' => get_lang('CoursesUsage'),
-        'report=quarterly_report' => get_lang('QuarterlyReport'),
-    ],
-    get_lang('Social') => [
-        'report=messagereceived' => get_lang('MessagesReceived'),
-        'report=messagesent' => get_lang('MessagesSent'),
-        'report=friends' => get_lang('CountFriends'),
-    ],
-    get_lang('Session') => [
-        'report=session_by_date' => get_lang('SessionsByDate'),
-    ],
-];
-
-if ('true' === api_get_plugin_setting('lti_provider', 'enabled')) {
-    $tools[get_lang('Users')]['report=lti_tool_lp'] = get_lang('LearningPathLTI');
-}
-
 $course_categories = Statistics::getCourseCategories();
 $content = '';
 

main/admin/sub_language_add.php

@@ -209,9 +209,8 @@ function allow_get_all_information_of_sub_language($parent_id, $sub_language_id)
 
 if (isset($_POST['SubmitAddNewLanguage'])) {
     $original_name = $_POST['original_name'];
-    $english_name = $_POST['english_name'];
     $isocode = $_POST['isocode'];
-    $english_name = str_replace(' ', '_', $english_name);
+    $english_name = api_replace_dangerous_char($_POST['english_name']);
     $isocode = str_replace(' ', '_', $isocode);
 
     $sublanguage_available = $_POST['sub_language_is_visible'];
@@ -298,14 +297,11 @@ function allow_get_all_information_of_sub_language($parent_id, $sub_language_id)
     );
     $class = 'add';
     $form->addElement('header', '', $text);
-    $form->addElement('text', 'original_name', get_lang('OriginalName'), 'class="input_titles"');
-    $form->addRule('original_name', get_lang('ThisFieldIsRequired'), 'required');
-    $form->addElement('text', 'english_name', get_lang('EnglishName'), 'class="input_titles"');
-    $form->addRule('english_name', get_lang('ThisFieldIsRequired'), 'required');
-    $form->addElement('text', 'isocode', get_lang('ISOCode'), 'class="input_titles"');
-    $form->addRule('isocode', get_lang('ThisFieldIsRequired'), 'required');
+    $form->addText('original_name', get_lang('OriginalName'));
+    $form->addText('english_name', get_lang('EnglishName'));
+    $form->addText('isocode', get_lang('ISOCode'));
     $form->addElement('static', null, '&nbsp;', '<i>en, es, fr</i>');
-    $form->addElement('checkbox', 'sub_language_is_visible', '', get_lang('Visibility'));
+    $form->addCheckBox('sub_language_is_visible', '', get_lang('Visibility'));
     $form->addButtonCreate(get_lang('CreateSubLanguage'), 'SubmitAddNewLanguage');
     //$values['original_name'] = $language_details['original_name'].'...'; -> cannot be used because of quickform filtering (freeze)
     $values['english_name'] = $language_details['english_name'].'2';

main/admin/sub_language_ajax.inc.php

@@ -14,10 +14,15 @@
 api_protect_admin_script();
 
 $new_language = Security::remove_XSS($_REQUEST['new_language']);
-$language_variable = Security::remove_XSS($_REQUEST['variable_language']);
+$language_variable = ltrim(
+    Security::remove_XSS($_REQUEST['variable_language']),
+    '$'
+);
 $file_id = intval($_REQUEST['file_id']);
 
-if (isset($new_language) && isset($language_variable) && isset($file_id)) {
+$variableIsValid = isset($language_variable) && preg_match('/^[a-zA-Z_][a-zA-Z0-9_]*$/', $language_variable);
+
+if (isset($new_language) && $variableIsValid && isset($file_id)) {
     $file_language = $language_files_to_load[$file_id].'.inc.php';
     $id_language = intval($_REQUEST['id']);
     $sub_language_id = intval($_REQUEST['sub']);
@@ -27,12 +32,7 @@
     $all_file_of_directory = SubLanguageManager::get_all_language_variable_in_file($path_folder);
     $return_value = SubLanguageManager::add_file_in_language_directory($path_folder);
 
-    //update variable language
-    // Replace double quotes to avoid parse errors
-    $new_language = str_replace('"', '\"', $new_language);
-    // Replace new line signs to avoid parse errors - see #6773
-    $new_language = str_replace("\n", "\\n", $new_language);
-    $all_file_of_directory[$language_variable] = "\"".$new_language."\";";
+    $all_file_of_directory[$language_variable] = $new_language;
     $result_array = [];
 
     foreach ($all_file_of_directory as $key_value => $value_info) {

main/auth/openid/login.php

@@ -298,10 +298,17 @@ function openid_verify_assertion($op_endpoint, $response) {
 
     //TODO
     $openid_association = Database::get_main_table(TABLE_MAIN_OPENID_ASSOCIATION);
-    $sql = sprintf("SELECT * FROM $openid_association WHERE assoc_handle = '%s'", $response['openid.assoc_handle']);
-    $res = Database::query($sql);
-    $association = Database::fetch_object($res);
-    if ($association && isset($association->session_type)) {
+    $association = Database::select(
+        '*',
+        $openid_association,
+        [
+            'where' => [
+                'assoc_handle = ?' => [$response['openid.assoc_handle']],
+            ]
+        ],
+        'first'
+    );
+    if ($association && isset($association['session_type'])) {
         $keys_to_sign = explode(',', $response['openid.signed']);
         $self_sig = _openid_signature($association, $response, $keys_to_sign);
         if ($self_sig == $response['openid.sig']) {

main/auth/openid/openid.lib.php

@@ -201,14 +201,14 @@ function _openid_meta_httpequiv($equiv, $html) {
 
 /**
  * Sign certain keys in a message
- * @param $association - object loaded from openid_association or openid_server_association table
+ * @param $association - array loaded from openid_association or openid_server_association table
  *              - important fields are ->assoc_type and ->mac_key
  * @param $message_array - array of entire message about to be sent
  * @param $keys_to_sign - keys in the message to include in signature (without
  *  'openid.' appended)
  */
-function _openid_signature($association, $message_array, $keys_to_sign) {
-    $signature = '';
+function _openid_signature(array $association, $message_array, $keys_to_sign): string
+{
     $sign_data = array();
 
     foreach ($keys_to_sign as $key) {
@@ -218,7 +218,7 @@ function _openid_signature($association, $message_array, $keys_to_sign) {
     }
 
     $message = _openid_create_message($sign_data);
-    $secret = base64_decode($association->mac_key);
+    $secret = base64_decode($association['mac_key']);
     $signature = _openid_hmac($secret, $message);
 
     return base64_encode($signature);

main/coursecopy/copy_course_session_selected.php

@@ -33,7 +33,7 @@
     api_not_allowed(true);
 }
 
-$action = isset($_POST['action']) ? $_POST['action'] : '';
+$action = $_POST['action'] ?? '';
 
 $courseId = api_get_course_int_id();
 $courseInfo = api_get_course_info_by_id($courseId);
@@ -52,10 +52,7 @@
     'name' => get_lang('Maintenance'),
 ];
 
-/**
- * @param string $name
- */
-function make_select_session_list($name, $sessions, $attr = [])
+function make_select_session_list($name, $sessions, $attr = []): string
 {
     $attrs = '';
     if (count($attr) > 0) {
@@ -184,7 +181,7 @@ function displayForm()
     echo $html;
 }
 
-function searchCourses($idSession, $type)
+function searchCourses($idSession, $type): xajaxResponse
 {
     $xajaxResponse = new xajaxResponse();
     $return = null;
@@ -193,6 +190,7 @@ function searchCourses($idSession, $type)
     if (!empty($type)) {
         $idSession = (int) $idSession;
         $courseList = SessionManager::get_course_list_by_session_id($idSession);
+        $course_list_destination = [];
 
         $return .= '<select id="destination" name="SessionCoursesListDestination[]" style="width:380px;" >';
 
@@ -292,8 +290,6 @@ function checkSelected(id_select,id_radio,id_title,id_destination) {
         $cr = new CourseRestorer($course);
         $cr->restore($destinationCourse, $destinationSession);
         echo Display::return_message(get_lang('CopyFinished'), 'confirmation');
-
-        displayForm();
     } else {
         $arrCourseOrigin = [];
         $arrCourseDestination = [];
@@ -334,15 +330,16 @@ function checkSelected(id_select,id_radio,id_title,id_destination) {
                 echo Display::return_message(get_lang('CopyFinished'), 'confirmation');
             }
 
-            displayForm();
         } else {
             echo Display::return_message(
                 get_lang('YouMustSelectACourseFromOriginalSession'),
                 'error'
             );
-            displayForm();
         }
+
     }
+
+    displayForm();
 } elseif (isset($_POST['copy_option']) && $_POST['copy_option'] == 'select_items') {
     // Else, if a CourseSelectForm is requested, show it
     if (api_get_setting('show_glossary_in_documents') != 'none') {

main/cron/lang/langstats.class.php

@@ -190,10 +190,7 @@ public function get_variables_origin()
         $vars = [];
         $priority = ['trad4all'];
         foreach ($priority as $file) {
-            $list = SubLanguageManager::get_all_language_variable_in_file(
-                $path.$file.'.inc.php',
-                true
-            );
+            $list = SubLanguageManager::get_all_language_variable_in_file($path.$file.'.inc.php');
             foreach ($list as $var => $trad) {
                 $vars[$var] = $file.'.inc.php';
             }
@@ -203,10 +200,7 @@ public function get_variables_origin()
             if (substr($file, 0, 1) == '.' or in_array($file, $priority)) {
                 continue;
             }
-            $list = SubLanguageManager::get_all_language_variable_in_file(
-                $path.$file,
-                true
-            );
+            $list = SubLanguageManager::get_all_language_variable_in_file($path.$file);
             foreach ($list as $var => $trad) {
                 $vars[$var] = $file;
             }

main/cron/lang/list_undefined_langvars.php

@@ -20,7 +20,7 @@
 foreach ($list as $entry) {
     $file = $path.'/'.$entry;
     if (is_file($file)) {
-        $terms = array_merge($terms, SubLanguageManager::get_all_language_variable_in_file($file, true));
+        $terms = array_merge($terms, SubLanguageManager::get_all_language_variable_in_file($file));
     }
 }
 // get only the array keys (the language variables defined in language files)