From b3e8c24e1452e85c4d408fd3838b352e58a7c141 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Fri, 18 Oct 2024 08:37:47 +0000
Subject: [PATCH] ensure dates belong to course, fixes #4530
Closes #4530
Merge request studip/studip!3509
---
app/controllers/course/timesrooms.php | 34 ++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git a/app/controllers/course/timesrooms.php b/app/controllers/course/timesrooms.php
index 3d55469a8c3..52fa6fff317 100644
--- a/app/controllers/course/timesrooms.php
+++ b/app/controllers/course/timesrooms.php
@@ -771,7 +771,8 @@ class Course_TimesroomsController extends AuthenticatedController
public function stack_action($cycle_id = '')
{
$_SESSION['_checked_dates'] = Request::optionArray('single_dates');
- if (empty($_SESSION['_checked_dates']) && isset($_SESSION['_checked_dates'])) {
+ $_SESSION['_checked_dates'] = $this->validateDateIds($_SESSION['_checked_dates']);
+ if (count($_SESSION['_checked_dates']) === 0) {
PageLayout::postError(_('Sie haben keine Termine ausgewählt!'));
$this->redirect('course/timesrooms/index', ['contentbox_open' => $cycle_id]);
@@ -1874,4 +1875,35 @@ class Course_TimesroomsController extends AuthenticatedController
}
}
}
+
+ private function validateDateIds(array $date_ids): array
+ {
+ if (count($date_ids) === 0) {
+ return [];
+ }
+
+ $valid = [];
+
+ CourseDate::findEachBySQL(
+ function (CourseDate $date) use (&$valid) {
+ if ($date->range_id === $this->course_id) {
+ $valid[] = $date->id;
+ }
+ },
+ 'range_id = ? AND termin_id IN (?)',
+ [$this->course->id, $date_ids]
+ );
+
+ CourseExDate::findEachBySQL(
+ function (CourseExDate $date) use (&$valid) {
+ if ($date->range_id === $this->course_id) {
+ $valid[] = $date->id;
+ }
+ },
+ 'range_id = ? AND termin_id IN (?)',
+ [$this->course->id, $date_ids]
+ );
+
+ return $valid;
+ }
}
--
GitLab