Merge branch '1.11.x' of github.com:chamilo/chamilo-lms into 1.11.x

Author: ywarnier

main/exercise/fill_blanks.class.php

@@ -893,7 +893,7 @@ function (&$value, $key, $tabBlankChar) {
                     // should always be
                     $i++;
                 }
-                $listAnswerResults['student_answer'][] = $listAnswerResults['words'][$i];
+                $listAnswerResults['student_answer'][] = Security::remove_XSS($listAnswerResults['words'][$i]);
                 if ($i + 1 < count($listAnswerResults['words'])) {
                     // should always be
                     $i++;
@@ -1238,13 +1238,13 @@ public static function getHtmlDisplayForAnswer(
                     continue;
                 }
             }
-            $result .= isset($listStudentAnswerInfo['common_words'][$i]) ? $listStudentAnswerInfo['common_words'][$i] : '';
-            $studentLabel = isset($listStudentAnswerInfo['student_answer'][$i]) ? $listStudentAnswerInfo['student_answer'][$i] : '';
+            $result .= $listStudentAnswerInfo['common_words'][$i] ?? '';
+            $studentLabel = $listStudentAnswerInfo['student_answer'][$i] ?? '';
             $result .= $studentLabel;
         }
 
         // the last common word (should be </p>)
-        $result .= isset($listStudentAnswerInfo['common_words'][$i]) ? $listStudentAnswerInfo['common_words'][$i] : '';
+        $result .= $listStudentAnswerInfo['common_words'][$i] ?? '';
 
         return $result;
     }

main/exercise/question.class.php

@@ -2255,7 +2255,7 @@ public function return_header(Exercise $exercise, $counter = null, $score = [])
             case ORAL_EXPRESSION:
             case ANSWER_IN_OFFICE_DOC:
             case ANNOTATION:
-                $score['revised'] = isset($score['revised']) ? $score['revised'] : false;
+                $score['revised'] = $score['revised'] ?? false;
                 if ($score['revised'] == true) {
                     $scoreLabel = get_lang('Revised');
                     $class = '';
@@ -2304,8 +2304,8 @@ public function return_header(Exercise $exercise, $counter = null, $score = [])
         }
 
         $scoreCurrent = [
-            'used' => isset($score['score']) ? $score['score'] : '',
-            'missing' => isset($score['weight']) ? $score['weight'] : '',
+            'used' => $score['score'] ?? '',
+            'missing' => $score['weight'] ?? '',
         ];
 
         // Check whether we need to hide the question ID

main/inc/ajax/exercise.ajax.php

@@ -489,23 +489,22 @@
         }
 
         // "all" or "simple" strings means that there's one or all questions exercise type
-        $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
+        $type = $_REQUEST['type'] ?? null;
 
         // Questions choices.
-        $choice = isset($_REQUEST['choice']) ? $_REQUEST['choice'] : [];
+        $choice = $_REQUEST['choice'] ?? [];
 
         // certainty degree choice
-        $choiceDegreeCertainty = isset($_REQUEST['choiceDegreeCertainty']) ? $_REQUEST['choiceDegreeCertainty'] : [];
+        $choiceDegreeCertainty = $_REQUEST['choiceDegreeCertainty'] ?? [];
 
         // Hot spot coordinates from all questions.
-        $hot_spot_coordinates = isset($_REQUEST['hotspot']) ? $_REQUEST['hotspot'] : [];
+        $hot_spot_coordinates = $_REQUEST['hotspot'] ?? [];
 
         // the filenames in upload answer type
-        $uploadAnswerFileNames = isset($_REQUEST['uploadChoice']) ? $_REQUEST['uploadChoice'] : [];
+        $uploadAnswerFileNames = $_REQUEST['uploadChoice'] ?? [];
 
         // There is a reminder?
-        $remind_list = isset($_REQUEST['remind_list']) && !empty($_REQUEST['remind_list'])
-            ? array_keys($_REQUEST['remind_list']) : [];
+        $remind_list = !empty($_REQUEST['remind_list']) ? array_keys($_REQUEST['remind_list']) : [];
 
         // Needed in manage_answer.
         $learnpath_id = isset($_REQUEST['learnpath_id']) ? (int) $_REQUEST['learnpath_id'] : 0;
@@ -662,7 +661,7 @@
             if ($type === 'simple' && $question_id != $my_question_id) {
                 continue;
             }
-            $my_choice = isset($choice[$my_question_id]) ? $choice[$my_question_id] : null;
+            $my_choice = $choice[$my_question_id] ?? null;
             $objQuestionTmp = Question::read($my_question_id, $objExercise->course);
             $myChoiceDegreeCertainty = null;
             if ($objQuestionTmp->type === MULTIPLE_ANSWER_TRUE_FALSE_DEGREE_CERTAINTY) {
@@ -700,8 +699,7 @@
 
             // This variable came from exercise_submit_modal.php.
             $hotspot_delineation_result = null;
-            if (isset($_SESSION['hotspot_delineation_result']) &&
-                isset($_SESSION['hotspot_delineation_result'][$objExercise->selectId()])
+            if (isset($_SESSION['hotspot_delineation_result'][$objExercise->selectId()])
             ) {
                 $hotspot_delineation_result = $_SESSION['hotspot_delineation_result'][$objExercise->selectId()][$my_question_id];
             }

main/inc/lib/TicketManager.php

@@ -801,7 +801,7 @@ public static function getTicketsByCurrentUser(
         if (empty($userInfo)) {
             return [];
         }
-        $isAdmin = UserManager::is_admin($userId);
+        $isAdmin = UserManager::is_admin($userId) || (api_get_configuration_value('allow_session_admin_manage_tickets_and_export_ticket_report') && api_is_session_admin($userId));
 
         if (!isset($_GET['project_id'])) {
             return [];
@@ -893,6 +893,7 @@ public static function getTicketsByCurrentUser(
             'keyword_source' => 'ticket.source ',
             'keyword_status' => 'ticket.status_id',
             'keyword_priority' => 'ticket.priority_id',
+            'keyword_created_by' => 'ticket.sys_insert_user_id',
         ];
 
         foreach ($keywords as $keyword => $label) {
@@ -1079,6 +1080,7 @@ public static function getTotalTicketsCurrentUser()
             'keyword_source' => 'ticket.source',
             'keyword_status' => 'ticket.status_id',
             'keyword_priority' => 'ticket.priority_id',
+            'keyword_created_by' => 'ticket.sys_insert_user_id',
         ];
 
         foreach ($keywords as $keyword => $sqlLabel) {

main/install/configuration.dist.php

@@ -729,6 +729,11 @@
 // ALTER TABLE ticket_ticket ADD CONSTRAINT FK_EB5B2A0D6285C231 FOREIGN KEY (lp_id) REFERENCES c_lp (iid);
 // $_configuration['ticket_lp_quiz_info_add'] = false;
 
+// Allow session admins to manage tickets settings and report like global admins
+//$_configuration['allow_session_admin_manage_tickets_and_export_ticket_report'] = false;
+// Show ticket created by the user insted of ticket assigned to the user on MyTicket page.
+//$_configuration['ticket_show_ticket_created_by_user_on_my_ticket_page'] = false;
+
 // Exercises configuration settings
 // Send only quiz answer notifications to course coaches and not general coach
 //$_configuration['block_quiz_mail_notification_general_coach'] = false;

main/ticket/new_ticket.php

@@ -373,7 +373,7 @@ function save_ticket()
     ]
 );
 
-if (api_is_platform_admin()) {
+if (api_is_platform_admin() || (api_get_configuration_value('allow_session_admin_manage_tickets_and_export_ticket_report') && api_is_session_admin())) {
     $form->addSelectAjax(
         'user_id',
         get_lang('Assign'),

main/ticket/tickets.php

@@ -81,13 +81,13 @@ function display_advanced_search_form () {
         $data = [
             [
                 '#',
+                get_lang('Status'),
                 get_lang('Date'),
                 get_lang('LastUpdate'),
                 get_lang('Category'),
-                get_lang('User'),
-                get_lang('Program'),
+                get_lang('CreatedBy'),
                 get_lang('AssignedTo'),
-                get_lang('Status'),
+                get_lang('Message'),
                 get_lang('Description'),
             ],
         ];
@@ -128,7 +128,8 @@ function display_advanced_search_form () {
 $currentUrl = api_get_self().'?project_id='.$projectId;
 $user_id = api_get_user_id();
 $isAllow = TicketManager::userIsAllowInProject(api_get_user_info(), $projectId);
-$isAdmin = api_is_platform_admin();
+$allowSessionAdmin = api_get_configuration_value('allow_session_admin_manage_tickets_and_export_ticket_report') && api_is_session_admin();
+$isAdmin = api_is_platform_admin() || $allowSessionAdmin;
 $actionRight = '';
 
 Display::display_header(get_lang('MyTickets'));
@@ -145,6 +146,7 @@ function display_advanced_search_form () {
             'keyword_unread',
             'Tickets_per_page',
             'Tickets_column',
+            'keyword_created_by',
         ];
     }
     $get_parameter = '';
@@ -190,6 +192,18 @@ function display_advanced_search_form () {
     foreach ($admins as $admin) {
         $selectAdmins[$admin['user_id']] = $admin['complete_name_with_username'];
     }
+
+    $Createdby = UserManager::getUserListLike(
+        [],
+        ['username'],
+        true
+    );
+    $selectcreated = [
+        0 => get_lang('Unassigned'),
+    ];
+    foreach ($Createdby as $creator) {
+        $selectcreated[$creator['user_id']] = $creator['complete_name_with_username'];
+    }
     $status = TicketManager::get_all_tickets_status();
     $selectStatus = [];
     foreach ($status as $stat) {
@@ -227,7 +241,7 @@ function display_advanced_search_form () {
     );
 
     // Add link
-    if (api_get_setting('ticket_allow_student_add') == 'true' || api_is_platform_admin()) {
+    if (api_get_setting('ticket_allow_student_add') == 'true' || api_is_platform_admin() || $allowSessionAdmin) {
         $extraParams = '';
 
         if (isset($_GET['exerciseId']) && !empty($_GET['exerciseId'])) {
@@ -250,7 +264,7 @@ function display_advanced_search_form () {
         );
     }
 
-    if (api_is_platform_admin()) {
+    if (api_is_platform_admin() || $allowSessionAdmin) {
         $actionRight .= Display::url(
             Display::return_icon(
                 'export_excel.png',
@@ -261,7 +275,9 @@ function display_advanced_search_form () {
             api_get_self().'?action=export'.$get_parameter.$get_parameter2.'&project_id='.$projectId,
             ['title' => get_lang('Export')]
         );
+    }
 
+    if (api_is_platform_admin()) {
         $actionRight .= Display::url(
             Display::return_icon(
                 'settings.png',
@@ -286,11 +302,16 @@ function display_advanced_search_form () {
     $ticketLabel = get_lang('AllTickets');
     $url = api_get_path(WEB_CODE_PATH).'ticket/tickets.php?project_id='.$projectId;
 
-    if (!isset($_GET['keyword_assigned_to'])) {
+    if (!isset($_GET['keyword_assigned_to']) && !api_get_configuration_value('ticket_show_ticket_created_by_user_on_my_ticket_page')) {
         $ticketLabel = get_lang('MyTickets');
         $url = api_get_path(WEB_CODE_PATH).'ticket/tickets.php?project_id='.$projectId.'&keyword_assigned_to='.api_get_user_id();
     }
 
+    if (api_get_configuration_value('ticket_show_ticket_created_by_user_on_my_ticket_page') && !isset($_GET['keyword_created_by'])) {
+        $ticketLabel = get_lang('MyTickets');
+        $url = api_get_path(WEB_CODE_PATH).'ticket/tickets.php?project_id='.$projectId.'&keyword_created_by='.api_get_user_id();
+    }
+
     $options = '';
     $iconProject = Display::return_icon(
         'project.png',
@@ -342,6 +363,12 @@ function display_advanced_search_form () {
     );
     $advancedSearchForm->addDateTimePicker('keyword_start_date_start', get_lang('Created'));
     $advancedSearchForm->addDateTimePicker('keyword_start_date_end', get_lang('Until'));
+    $advancedSearchForm->addSelect(
+        'keyword_created_by',
+        get_lang('CreatedBy'),
+        $selectcreated,
+        ['placeholder' => get_lang('All')]
+    );
     $advancedSearchForm->addSelect(
         'keyword_assigned_to',
         get_lang('AssignedTo'),
@@ -391,7 +418,8 @@ function display_advanced_search_form () {
     $table->set_header(1, get_lang('Status'), false);
     $table->set_header(2, get_lang('Date'), true);
     $table->set_header(3, get_lang('LastUpdate'), true);
-    $table->set_header(4, get_lang('Category'));
+    $table->set_header(4, get_lang('Category'), true);
+    $table->set_header(5, get_lang('CreatedBy'), true);
 }
 
 $table->display();

main/user/user.php

@@ -82,8 +82,8 @@
 if (isset($_GET['action'])) {
     switch ($_GET['action']) {
         case 'set_tutor':
-            if (!$canEdit) {
-                api_not_allowed();
+            if (!$canEdit || !Security::check_token('get', null, 'tutor')) {
+                api_not_allowed(true);
             }
             $userId = isset($_GET['user_id']) ? (int) $_GET['user_id'] : null;
             $isTutor = isset($_GET['is_tutor']) ? (int) $_GET['is_tutor'] : 0;
@@ -100,6 +100,7 @@
                         Display::addFlash(
                             Display::return_message(get_lang('Updated'))
                         );
+                        Security::clear_token('tutor');
                     } else {
                         Display::addFlash(
                             Display::return_message(
@@ -108,6 +109,10 @@
                             )
                         );
                     }
+                    header(
+                        'Location: '.api_get_path(WEB_CODE_PATH).'user/user.php?'.api_get_cidreq().'&type='.$type
+                    );
+                    exit;
                 }
             }
             break;
@@ -1052,7 +1057,13 @@ function modify_filter($user_id, $row, $data)
             if ($data['user_status_in_course'] == STUDENT) {
                 $result .= Display::url(
                     $text,
-                    'user.php?'.api_get_cidreq().'&action=set_tutor&is_tutor='.$isTutor.'&user_id='.$user_id.'&type='.$type,
+                    'user.php?'.api_get_cidreq().'&'.http_build_query([
+                        'action' => 'set_tutor',
+                        'is_tutor' => $isTutor,
+                        'user_id' => $user_id,
+                        'type' => $type,
+                        'tutor_sec_token' => Security::get_existing_token('tutor'),
+                    ]),
                     ['class' => 'btn btn-default '.$disabled]
                 ).' ';
             }