Skip to content

Commit ee0d2d4

Browse files
jmontoyaajmontoyaa
committed
Add parameter validation in function get_time_spent_on_the_course
1 parent 5ef843d commit ee0d2d4

File tree

1 file changed

+14
-11
lines changed

1 file changed

+14
-11
lines changed

main/inc/lib/tracking.lib.php

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1613,7 +1613,7 @@ public static function get_time_spent_on_the_platform(
16131613
/**
16141614
* Calculates the time spent on the course
16151615
* @param integer $user_id
1616-
* @param integer $courseId
1616+
* @param integer $courseId
16171617
* @param int Session id (optional)
16181618
*
16191619
* @return int Time in seconds
@@ -1624,30 +1624,33 @@ public static function get_time_spent_on_the_course(
16241624
$session_id = 0
16251625
) {
16261626
$courseId = intval($courseId);
1627+
1628+
if (empty($courseId) || empty($user_id)) {
1629+
return 0;
1630+
}
1631+
16271632
$session_id = intval($session_id);
1628-
$tbl_track_course = Database::get_main_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS);
16291633
if (is_array($user_id)) {
16301634
$user_id = array_map('intval', $user_id);
1631-
$condition_user = " AND user_id IN (".implode(',', $user_id).") ";
1635+
$conditionUser = " AND user_id IN (".implode(',', $user_id).") ";
16321636
} else {
16331637
$user_id = intval($user_id);
1634-
$condition_user = " AND user_id = $user_id ";
1638+
$conditionUser = " AND user_id = $user_id ";
16351639
}
16361640

1641+
$table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS);
16371642
$sql = "SELECT
16381643
SUM(UNIX_TIMESTAMP(logout_course_date) - UNIX_TIMESTAMP(login_course_date)) as nb_seconds
1639-
FROM $tbl_track_course
1640-
WHERE UNIX_TIMESTAMP(logout_course_date) > UNIX_TIMESTAMP(login_course_date) ";
1641-
1642-
if ($courseId != 0) {
1643-
$sql .= "AND c_id = '$courseId' ";
1644-
}
1644+
FROM $table
1645+
WHERE
1646+
UNIX_TIMESTAMP(logout_course_date) > UNIX_TIMESTAMP(login_course_date) AND
1647+
c_id = '$courseId' ";
16451648

16461649
if ($session_id != -1) {
16471650
$sql .= "AND session_id = '$session_id' ";
16481651
}
16491652

1650-
$sql .= $condition_user;
1653+
$sql .= $conditionUser;
16511654
$rs = Database::query($sql);
16521655
$row = Database::fetch_array($rs);
16531656

0 commit comments

Comments
 (0)