From cba3934cff0198686a3a6fe8d14f9878847a4e8c Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Thu, 4 Apr 2024 11:06:11 +0000
Subject: [PATCH] fixes #3890
Closes #3890
Merge request studip/studip!2741
---
app/controllers/contact.php | 14 +++++-
app/views/calendar/calendar/export.php | 2 +-
.../course/wizard/steps/lvgroups/index.php | 46 +++++++++++--------
lib/classes/MyRealmModel.php | 4 +-
.../coursewizardsteps/BasicDataWizardStep.php | 4 +-
.../coursewizardsteps/LVGroupsWizardStep.php | 25 +++++-----
.../StudyAreasWizardStep.php | 2 +-
lib/plugins/core/CorePlugin.php | 2 +-
8 files changed, 62 insertions(+), 37 deletions(-)
diff --git a/app/controllers/contact.php b/app/controllers/contact.php
index 7dd2b0581b3..2148777c360 100644
--- a/app/controllers/contact.php
+++ b/app/controllers/contact.php
@@ -189,9 +189,21 @@ class ContactController extends AuthenticatedController
$user = User::findManyByUsername(Request::getArray('user'));
}
if ($group) {
- $user = User::findMany(Statusgruppen::find($group)->members->pluck('user_id'));
+ $group_object = Statusgruppen::find($group);
+ if (!$group_object) {
+ $this->set_status(404);
+ $this->render_nothing();
+ return;
+ }
+ $user = User::findMany($group_object->members->pluck('user_id'));
}
if (!$user) {
+ $user_object = User::findCurrent();
+ if (!$user_object) {
+ $this->set_status(404);
+ $this->render_nothing();
+ return;
+ }
$user = User::findCurrent()->contacts;
}
diff --git a/app/views/calendar/calendar/export.php b/app/views/calendar/calendar/export.php
index 3fa302eeab0..0ff766d6859 100644
--- a/app/views/calendar/calendar/export.php
+++ b/app/views/calendar/calendar/export.php
@@ -8,7 +8,7 @@
*/
?>
<form class="default" method="post"
- action="<?= $controller->link_for('calendar/calendar/export/' . $user_id) ?>">
+ action="<?= $controller->link_for('calendar/calendar/export', $user_id ?? null) ?>">
<?= CSRFProtection::tokenTag() ?>
<fieldset>
<legend><?= _('Termine exportieren') ?></legend>
diff --git a/app/views/course/wizard/steps/lvgroups/index.php b/app/views/course/wizard/steps/lvgroups/index.php
index 744cc94a0a5..0d8e196a12f 100644
--- a/app/views/course/wizard/steps/lvgroups/index.php
+++ b/app/views/course/wizard/steps/lvgroups/index.php
@@ -17,25 +17,33 @@
</li>
</ul>
</div>
-<? if (!$values['locked']) : ?>
+<? if (empty($values['locked'])) : ?>
- <div id="lvgroup-tree-open-nodes">
- <? foreach ($open_lvg_nodes as $opennode) : ?>
- <input type="hidden" name="open_lvg_nodes[]" value="<?= $opennode; ?>">
- <? endforeach; ?>
- </div>
+ <div id="lvgroup-tree-open-nodes">
+ <? foreach ($open_lvg_nodes as $opennode) : ?>
+ <input type="hidden" name="open_lvg_nodes[]" value="<?= $opennode; ?>">
+ <? endforeach; ?>
+ </div>
<div id="studyareas" data-ajax-url="<?= $ajax_url ?>"
data-forward-url="<?= $no_js_url ?>" data-no-search-result="<?=_('Es wurde kein Suchergebnis gefunden.') ?>">
<h2><?= _('Lehrveranstaltungsgruppen Suche') ?></h2>
<div>
<input type="text" size="40" style="width: auto;" name="search" id="lvgroup-tree-search"
- value="<?= $values['searchterm'] ?>">
+ value="<?= htmlReady($values['searchterm'] ?? '') ?>">
<span id="lvgroup-tree-search-start">
- <?= Icon::create('search', 'clickable')->asInput(["name" => 'start_search', "onclick" => "return STUDIP.MVV.CourseWizard.searchTree()", "class" => $search_result?'hidden-no-js':'']) ?>
+ <?= Icon::create('search')->asInput([
+ 'name' => 'start_search',
+ 'onclick' => 'return STUDIP.MVV.CourseWizard.searchTree()',
+ 'class' => !empty($search_result) ? 'hidden-no-js' : '',
+ ]) ?>
</span>
<span id="lvgroup-tree-search-reset" class="hidden-js">
- <?= Icon::create('refresh', 'clickable')->asInput(["name" => 'reset_search', "onclick" => "return STUDIP.MVV.CourseWizard.resetSearch()", "class" => $search_result?'':' hidden-no-js']) ?>
+ <?= Icon::create('refresh')->asInput([
+ 'name' => 'reset_search',
+ 'onclick' => 'return STUDIP.MVV.CourseWizard.resetSearch()',
+ 'class' => !empty($search_result) ? '' : ' hidden-no-js',
+ ]) ?>
</span>
</div>
@@ -56,23 +64,25 @@
<? $pos_id = 1; ?>
<? foreach ((array) $tree as $node) : ?>
<? $children = $node->getChildren() ?>
- <? if (count($children)) : ?>
- <?= $this->render_partial('lvgroups/_node',
- ['node' => $node, 'pos_id' => $pos_id++,
- 'open_nodes' => $open_lvg_nodes ?: [],
- 'search_result' => $search_result ?: [],
- 'children' => $node->getChildren()]) ?>
+ <? if (count($children) > 0) : ?>
+ <?= $this->render_partial('lvgroups/_node', [
+ 'node' => $node,
+ 'pos_id' => $pos_id++,
+ 'open_nodes' => $open_lvg_nodes ?: [],
+ 'search_result' => $search_result ?? [],
+ 'children' => $node->getChildren(),
+ ]) ?>
<? endif ?>
<? endforeach; ?>
</ul>
</li>
</ul>
</div>
- <? if ($values['open_lvg_nodes']) : ?>
+ <? if (!empty($values['open_lvg_nodes'])) : ?>
<input type="hidden" name="open_nodes" value="<?= json_encode($values['open_lvg_nodes']) ?>"/>
<? endif; ?>
- <? if ($values['searchterm']) : ?>
- <input type="hidden" name="searchterm" value="<?= $values['searchterm'] ?>"/>
+ <? if (!empty($values['searchterm'])) : ?>
+ <input type="hidden" name="searchterm" value="<?= htmlReady($values['searchterm']) ?>">
<? endif; ?>
<script>
//<!--
diff --git a/lib/classes/MyRealmModel.php b/lib/classes/MyRealmModel.php
index 5b7a29b69e7..f968026a618 100644
--- a/lib/classes/MyRealmModel.php
+++ b/lib/classes/MyRealmModel.php
@@ -283,7 +283,7 @@ class MyRealmModel
public static function getPreparedCourses($sem = '', $params = [])
{
$semesters = self::getSelectedSemesters($sem);
- $current_semester_nr = Semester::getIndexById(@Semester::findCurrent()->id);
+ $current_semester_nr = Semester::getIndexById(Semester::findCurrent()->id ?? null);
$min_sem_key = min($semesters);
$max_sem_key = max($semesters);
$group_field = $params['group_field'];
@@ -334,7 +334,7 @@ class MyRealmModel
$_course['visitdate'] = $visits[$course->id][0]['visitdate'];
$_course['user_status'] = $user_status;
$_course['gruppe'] = !$is_deputy ? $member_ships[$course->id]['gruppe'] ?? null : ($deputy ? $deputy->gruppe : null);
- $_course['sem_number_end'] = $course->isOpenEnded() ? $max_sem_key : Semester::getIndexById($course->end_semester->id);
+ $_course['sem_number_end'] = $course->isOpenEnded() ? $max_sem_key : Semester::getIndexById($course->end_semester->id ?? null);
$_course['sem_number'] = Semester::getIndexById($course->start_semester->id);
$_course['tools'] = $course->tools;
$_course['name'] = $course->name;
diff --git a/lib/classes/coursewizardsteps/BasicDataWizardStep.php b/lib/classes/coursewizardsteps/BasicDataWizardStep.php
index 4f424e817ba..58fb09fb3b9 100644
--- a/lib/classes/coursewizardsteps/BasicDataWizardStep.php
+++ b/lib/classes/coursewizardsteps/BasicDataWizardStep.php
@@ -356,9 +356,9 @@ class BasicDataWizardStep implements CourseWizardStep
htmlReady(get_title_for_status('dozent', 1, $values['coursetype']))
);
}
- if (!$values['lecturers'][$GLOBALS['user']->id] && !$GLOBALS['perm']->have_perm('admin')) {
+ if (empty($values['lecturers'][$GLOBALS['user']->id]) && !$GLOBALS['perm']->have_perm('admin')) {
if (Config::get()->DEPUTIES_ENABLE) {
- if (!$values['deputies'][$GLOBALS['user']->id]) {
+ if (empty($values['deputies'][$GLOBALS['user']->id])) {
$errors[] = sprintf(
_('Sie selbst müssen entweder als %s oder als Vertretung eingetragen sein.'),
htmlReady(get_title_for_status('dozent', 1, $values['coursetype']))
diff --git a/lib/classes/coursewizardsteps/LVGroupsWizardStep.php b/lib/classes/coursewizardsteps/LVGroupsWizardStep.php
index 22f11ea6764..f3437308e3c 100644
--- a/lib/classes/coursewizardsteps/LVGroupsWizardStep.php
+++ b/lib/classes/coursewizardsteps/LVGroupsWizardStep.php
@@ -36,7 +36,7 @@ class LVGroupsWizardStep implements CourseWizardStep
$course_start_time = $values[$step_one_class]['start_time'];
// We only need our own stored values here.
- $values = $values[__CLASS__];
+ $values = $values[__CLASS__] ?? [];
// Load template from step template directory.
$factory = new Flexi_TemplateFactory($GLOBALS['STUDIP_BASE_PATH'] . '/app/views/course/wizard/steps');
@@ -53,9 +53,12 @@ class LVGroupsWizardStep implements CourseWizardStep
}
}
- $selection_details = $values['lvgruppe_selection']['area_details'];
+ $selection_details = $values['lvgruppe_selection']['area_details'] ?? null;
- if ($_SESSION[__CLASS__]['course_start_time'] != $course_start_time) {
+ if (
+ isset($_SESSION[__CLASS__]['course_start_time'])
+ && $_SESSION[__CLASS__]['course_start_time'] != $course_start_time
+ ) {
// don't store previously opened nodes
// because we get in trouble if the semester has changed
$open_nodes = [];
@@ -65,15 +68,15 @@ class LVGroupsWizardStep implements CourseWizardStep
$_SESSION[__CLASS__]['course_start_time'] = $course_start_time;
- $tpl->set_attribute('open_lvg_nodes', $open_nodes);
- $tpl->set_attribute('selection', $selection);
- $tpl->set_attribute('selection_details', $selection_details);
- $tpl->set_attribute('tree', $lvgtree->getRootItem()->getChildren());
+ $tpl->open_lvg_nodes = $open_nodes;
+ $tpl->selection = $selection;
+ $tpl->selection_details = $selection_details;
+ $tpl->tree = $lvgtree->getRootItem()->getChildren();
- $tpl->set_attribute('ajax_url', $values['ajax_url'] ?: URLHelper::getLink('dispatch.php/course/wizard/ajax'));
- $tpl->set_attribute('no_js_url', $values['no_js_url'] ?: 'dispatch.php/course/wizard/forward/'.$stepnumber.'/'.$temp_id);
- $tpl->set_attribute('stepnumber', $stepnumber);
- $tpl->set_attribute('temp_id', $temp_id);
+ $tpl->ajax_url = !empty($values['ajax_url']) ? $values['ajax_url'] : URLHelper::getLink('dispatch.php/course/wizard/ajax');
+ $tpl->no_js_url = !empty($values['no_js_url']) ? $values['no_js_url'] : URLHelper::getURL('dispatch.php/course/wizard/forward/'.$stepnumber.'/'.$temp_id);
+ $tpl->stepnumber = $stepnumber;
+ $tpl->temp_id = $temp_id;
return $tpl->render();
}
diff --git a/lib/classes/coursewizardsteps/StudyAreasWizardStep.php b/lib/classes/coursewizardsteps/StudyAreasWizardStep.php
index f81ce41c7aa..29de61730d7 100644
--- a/lib/classes/coursewizardsteps/StudyAreasWizardStep.php
+++ b/lib/classes/coursewizardsteps/StudyAreasWizardStep.php
@@ -28,7 +28,7 @@ class StudyAreasWizardStep implements CourseWizardStep
public function getStepTemplate($values, $stepnumber, $temp_id)
{
// We only need our own stored values here.
- $values = $values[get_class($this)];
+ $values = $values[get_class($this)] ?? [];
// Load template from step template directory.
$factory = new Flexi_TemplateFactory($GLOBALS['STUDIP_BASE_PATH'].'/app/views/course/wizard/steps');
$tpl = $factory->open('studyareas/index');
diff --git a/lib/plugins/core/CorePlugin.php b/lib/plugins/core/CorePlugin.php
index 7f1aaed7c54..d059f4cca47 100644
--- a/lib/plugins/core/CorePlugin.php
+++ b/lib/plugins/core/CorePlugin.php
@@ -70,7 +70,7 @@ abstract class CorePlugin
if (!empty($metadata['description_' . $language])) {
return $metadata['description_' . $language];
}
- $description = $metadata['descriptionlong'] ?? $metadata['description'];
+ $description = $metadata['descriptionlong'] ?? $metadata['description'] ?? '';
if ($this->plugin_info['description_mode'] === 'override_description') {
return $this->plugin_info['description'];
--
GitLab