Merge branch '1.11.x' of github.com:chamilo/chamilo-lms into 1.11.x

ywarnier · ywarnier · commit 0ced3edd3bf6 · 2023-07-16T01:06:15.000+02:00
diff --git a/main/inc/ajax/social.ajax.php b/main/inc/ajax/social.ajax.php
@@ -245,14 +245,21 @@
             exit;
         }
 
+        if (!Security::check_token('get', null, 'social')) {
+            exit;
+        }
+
         $userId = api_get_user_id();
         $messageInfo = MessageManager::get_message_by_id($messageId);
         if (!empty($messageInfo)) {
             $canDelete = ($messageInfo['user_receiver_id'] == $userId || $messageInfo['user_sender_id'] == $userId) &&
                 empty($messageInfo['group_id']);
             if ($canDelete || api_is_platform_admin()) {
                 SocialManager::deleteMessage($messageId);
-                echo Display::return_message(get_lang('MessageDeleted'));
+                echo json_encode([
+                    'message' => Display::return_message(get_lang('MessageDeleted')),
+                    'secToken' => Security::get_token('social')
+                ]);
                 break;
             }
         }
diff --git a/main/inc/lib/fileUpload.lib.php b/main/inc/lib/fileUpload.lib.php
@@ -30,15 +30,17 @@ function php2phps($file_name)
 }
 
 /**
- * Renames .htaccess & .HTACCESS to htaccess.txt.
+ * Renames .htaccess & .HTACCESS & .htAccess to htaccess.txt.
  *
  * @param string $filename
  *
  * @return string
  */
 function htaccess2txt($filename)
 {
-    return str_replace(['.htaccess', '.HTACCESS'], ['htaccess.txt', 'htaccess.txt'], $filename);
+    $filename = strtolower($filename);
+
+    return str_replace('.htaccess', 'htaccess.txt', $filename);
 }
 
 /**
diff --git a/main/inc/lib/social.lib.php b/main/inc/lib/social.lib.php
@@ -1963,14 +1963,16 @@ class="avatar-thumb">
 
         $isOwnWall = $currentUserId == $userIdLoop || $currentUserId == $receiverId;
         if ($isOwnWall) {
-            $comment .= Display::url(
-                    Display::returnFontAwesomeIcon('trash', '', true),
-                'javascript:void(0)',
+            $comment .= Display::button(
+                '',
+                Display::returnFontAwesomeIcon('trash', '', true),
                 [
                     'id' => 'message_'.$message['id'],
                     'title' => get_lang('SocialMessageDelete'),
-                    'onclick' => 'deleteComment('.$message['id'].')',
-                    'class' => 'btn btn-default',
+                    'type' => 'button',
+                    'class' => 'btn btn-default btn-delete-social-comment',
+                    'data-id' => $message['id'],
+                    'data-sectoken' => Security::get_existing_token('social'),
                 ]
             );
         }
@@ -3017,30 +3019,6 @@ public static function getScrollJs($countPost, &$htmlHeadXtra)
         }
 
         $htmlHeadXtra[] = '<script>
-            function deleteMessage(id)
-            {
-                $.ajax({
-                    url: "'.$socialAjaxUrl.'?a=delete_message" + "&id=" + id,
-                    success: function (result) {
-                        if (result) {
-                            $("#message_" + id).parent().parent().parent().parent().html(result);
-                        }
-                    }
-                });
-            }
-
-            function deleteComment(id)
-            {
-                $.ajax({
-                    url: "'.$socialAjaxUrl.'?a=delete_message" + "&id=" + id,
-                    success: function (result) {
-                        if (result) {
-                            $("#message_" + id).parent().parent().parent().html(result);
-                        }
-                    }
-                });
-            }
-
             function submitComment(messageId)
             {
                 var data = $("#form_comment_"+messageId).serializeArray();
@@ -3069,33 +3047,39 @@ function submitComment(messageId)
             $(function() {
                 timeAgo();
 
-                /*$(".delete_message").on("click", function() {
-                    var id = $(this).attr("id");
-                    id = id.split("_")[1];
-                    $.ajax({
-                        url: "'.$socialAjaxUrl.'?a=delete_message" + "&id=" + id,
-                        success: function (result) {
+                $("body").on("click", ".btn-delete-social-message", function () {
+                    var id = $(this).data("id");
+                    var secToken = $(this).data("sectoken");
+
+                    $.getJSON(
+                        "'.$socialAjaxUrl.'",
+                        { a: "delete_message", id: id, social_sec_token: secToken },
+                        function (result) {
                             if (result) {
-                                $("#message_" + id).parent().parent().parent().parent().html(result);
+                                $("#message_" + id).parent().parent().parent().parent().html(result.message);
+
+                                $(".btn-delete-social-message").data("sectoken", result.secToken);
                             }
                         }
-                    });
+                    );
                 });
 
+                $("body").on("click", ".btn-delete-social-comment", function () {
+                    var id = $(this).data("id");
+                    var secToken = $(this).data("sectoken");
 
-                $(".delete_comment").on("click", function() {
-                    var id = $(this).attr("id");
-                    id = id.split("_")[1];
-                    $.ajax({
-                        url: "'.$socialAjaxUrl.'?a=delete_message" + "&id=" + id,
-                        success: function (result) {
+                    $.getJSON(
+                        "'.$socialAjaxUrl.'",
+                        { a: "delete_message", id: id, social_sec_token: secToken },
+                        function (result) {
                             if (result) {
-                                $("#message_" + id).parent().parent().parent().html(result);
+                                $("#message_" + id).parent().parent().parent().html(result.message);
+
+                                $(".btn-delete-social-comment").data("sectoken", result.secToken);
                             }
                         }
-                    });
+                    );
                 });
-                */
             });
 
             function timeAgo() {
@@ -3467,14 +3451,16 @@ private static function headerMessagePost($authorInfo, $receiverInfo, $message)
         );
 
         if ($canEdit) {
-            $htmlDelete = Display::url(
+            $htmlDelete = Display::button(
+                '',
                 Display::returnFontAwesomeIcon('trash', '', true),
-                'javascript:void(0)',
                 [
                     'id' => 'message_'.$message['id'],
                     'title' => get_lang('SocialMessageDelete'),
-                    'onclick' => 'deleteMessage('.$message['id'].')',
-                    'class' => 'btn btn-default',
+                    'type' => 'button',
+                    'class' => 'btn btn-default btn-delete-social-message',
+                    'data-id' => $message['id'],
+                    'data-sectoken' => Security::get_existing_token('social'),
                 ]
             );
 

Original file line number	Diff line number	Diff line change
`@@ -30,15 +30,17 @@ function php2phps($file_name)`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`/**`
`33`		`- * Renames .htaccess & .HTACCESS to htaccess.txt.`
	`33`	`+ * Renames .htaccess & .HTACCESS & .htAccess to htaccess.txt.`
`34`	`34`	`*`
`35`	`35`	`* @param string $filename`
`36`	`36`	`*`
`37`	`37`	`* @return string`
`38`	`38`	`*/`
`39`	`39`	`function htaccess2txt($filename)`
`40`	`40`	`{`
`41`		`- return str_replace(['.htaccess', '.HTACCESS'], ['htaccess.txt', 'htaccess.txt'], $filename);`
	`41`	`+ $filename = strtolower($filename);`
	`42`	`+`
	`43`	`+ return str_replace('.htaccess', 'htaccess.txt', $filename);`
`42`	`44`	`}`
`43`	`45`
`44`	`46`	`/**`