<div class="row">
<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="email"><?php echo _AT('email'); ?></label><br />
<input type="text" name="email" id="email" size="50" />
- <input type="hidden" name="en_id" id="en_id" value="<?php echo $_REQUEST['en_id']; ?>" size="50" />
+ <input type="hidden" name="en_id" id="en_id" value="<?php echo AT_print($_REQUEST['en_id'], 'input.email'); ?>" size="50" />
</div>
<div class="row buttons">
</div>
</form>
-<?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>
\ No newline at end of file
+<?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>
require(AT_INCLUDE_PATH.'vitals.inc.php');\r
\r
authenticate(AT_PRIV_TESTS);\r
-$tid = $_REQUEST['tid'];\r
+$tid = intval($_REQUEST['tid']);\r
+$qid = intval($_GET['qid']);\r
\r
$_pages['mods/_standard/tests/results_quest_long.php']['title_var'] = 'view_responses';\r
$_pages['mods/_standard/tests/results_quest_long.php']['parent'] = 'mods/_standard/tests/results_all_quest.php?tid='.$tid;\r
\r
require(AT_INCLUDE_PATH.'header.inc.php');\r
\r
-$sql = "SELECT title FROM ".TABLE_PREFIX."tests WHERE test_id=$_GET[tid]";\r
+$sql = "SELECT title FROM ".TABLE_PREFIX."tests WHERE test_id=$tid";\r
$result = mysql_query($sql, $db);\r
$row = mysql_fetch_array($result);\r
\r
//get the answers\r
$sql = "SELECT count(*), A.answer\r
FROM ".TABLE_PREFIX."tests_answers A, ".TABLE_PREFIX."tests_results R\r
- WHERE A.question_id=".$_GET['qid']." AND R.result_id=A.result_id AND R.final_score<>'' AND R.test_id=".$_GET['tid']."\r
+ WHERE A.question_id=$qid AND R.result_id=A.result_id AND R.final_score<>'' AND R.test_id=$tid\r
GROUP BY A.answer\r
ORDER BY A.answer";\r
\r
echo '</div></form>';\r
\r
require(AT_INCLUDE_PATH.'footer.inc.php');\r
-?>
\ No newline at end of file
+?>\r
if ($_SESSION['course_id'] && ($course_album_privilege || true)): ?>
<div class="row">
<div class="left_row"<label for="album_type"><?php echo _AT('pa_album_type'); ?></label></div>
- <label for="my_album"><?php echo _AT('pa_my_albums'); ?><label><input type="radio" name="album_type" id="my_album" value="1" checked="checked" />
+ <label for="my_album"><?php echo _AT('pa_my_albums'); ?></label><input type="radio" name="album_type" id="my_album" value="1" checked="checked" />
<label for="course_album"><?php echo _AT('pa_course_albums'); ?></label><input type="radio" name="album_type" id="course_album" value="2" />
</div>
<?php endif; ?>
<div class="row">
<div class="left_row"<label for="album_permission"><?php echo _AT('pa_album_permission'); ?></label></div>
- <label for="album_permission_private"><?php echo _AT('pa_private'); ?><label><input type="radio" name="album_permission" id="album_permission_private" value="0" checked="checked" />
+ <label for="album_permission_private"><?php echo _AT('pa_private'); ?></label><input type="radio" name="album_permission" id="album_permission_private" value="0" checked="checked" />
<label for="album_permission_shared"><?php echo _AT('pa_shared'); ?></label><input type="radio" name="album_permission" id="album_permission_shared" value="1" />
</div>
<div class="row">
<input name="cancel" type="submit" value="<?php echo _AT('cancel');?>" class="button"/>
</div>
</form>
-</div>
\ No newline at end of file
+</div>
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="hidden" name="course" value="<?php echo $course; ?>" />
-<input type="hidden" name="from_browse" value="<?php echo $_REQUEST['from_browse']; ?>" />
+<input type="hidden" name="from_browse" value="<?php echo AT_print($_REQUEST['from_browse'], 'input.contact_instructor'); ?>" />
<table cellspacing="1" cellpadding="0" border="0" summary="" width="85%" class="bodyline" align="center">
<tr>
<th colspan="2" align="left" class="cyan"><?php echo _AT('instructor_contact_form'); ?></th>
<?php
require(AT_INCLUDE_PATH.'footer.inc.php');
-?>
\ No newline at end of file
+?>