$countparticipants = count_enrolled_users($context);
$participants = get_enrolled_users($context, '', 0, 'u.*', '', $page*MESSAGE_CONTACTS_PER_PAGE, MESSAGE_CONTACTS_PER_PAGE);
-
+
$pagingbar = new paging_bar($countparticipants, $page, MESSAGE_CONTACTS_PER_PAGE, $PAGE->url, 'page');
echo $OUTPUT->render($pagingbar);
$doingsearch = false;
if ($frm) {
- $doingsearch = !empty($frm->combinedsubmit) || !empty($frm->keywords) || (!empty($frm->personsubmit) and !empty($frm->name));
+ if (confirm_sesskey()) {
+ $doingsearch = !empty($frm->combinedsubmit) || !empty($frm->keywords) || (!empty($frm->personsubmit) and !empty($frm->name));
+ } else {
+ $frm = false;
+ }
}
if (!empty($frm->combinedsearch)) {
$eventdata->fullmessage = $message;
$eventdata->fullmessagehtml = '';
}
-
+
$eventdata->fullmessageformat = $format;
$eventdata->smallmessage = strip_tags($message);//strip just in case there are is any html that would break the popup notification
if (!empty($eventdata->fullmessagehtml)) {
$eventdata->fullmessagehtml .= "<br /><br />---------------------------------------------------------------------<br />".$emailtagline;
}
-
+
$eventdata->timecreated = time();
return message_send($eventdata);
}
*/
function message_mark_message_read($message, $timeread, $messageworkingempty=false) {
global $DB;
-
+
$message->timeread = $timeread;
$messageid = $message->id;
<table cellpadding="5" class="message_form">
<tr>
<td colspan="3" class="message_heading mdl-left">
- <input type="text" name="combinedsearch" size="40" id="combinedsearch" value="<?php echo $combinedsearchstring; ?>" />
+ <input type="hidden" name="sesskey" value="<?php p(sesskey()); ?>" />
+ <input type="text" name="combinedsearch" size="40" id="combinedsearch" value="<?php p($combinedsearchstring); ?>" />
<input type="submit" name="combinedsubmit" value="<?php print_string('searchcombined','message') ?>" />
<a href="index.php?usergroup=<?php echo VIEW_SEARCH ?>&advanced=1" id="advancedcontactsearchlink"><?php print_string('advanced') ?></a>
</td>
</tr>
<tr>
<td><label for="name"><?php print_string('name') ?></label></td>
- <td><input type="text" name="name" size="40" id="name" value="<? echo $personsearch ?>" /></td>
+ <td><input type="text" name="name" size="40" id="name" value="<?php p($personsearch) ?>" /></td>
<td><input type="submit" name="personsubmit" value="<?php print_string('searchforperson','message') ?>" /></td>
</tr>
<tr>
<td> </td>
<td colspan="2">
<input type="checkbox" name="mycourses" id="mycourses" /><label for="mycourses"><?php print_string('onlymycourses', 'message') ?></label></td>
+ <input type="hidden" name="sesskey" value="<?php p(sesskey()); ?>" />
</tr>
<tr><td colspan="3"></td></tr>
</tr>
<tr>
<td><label for="keywords"><?php print_string('keywords', 'message') ?></label></td>
- <td><input type="text" name="keywords" id="keywords" size="40" value="<? echo $messagesearch ?>" /></td>
+ <td><input type="text" name="keywords" id="keywords" size="40" value="<?php p($messagesearch) ?>" /></td>
<td><input type="submit" name="keywordssubmit" value="<?php print_string('searchmessages','message') ?>" /></td>
</tr>
<tr><td> </td><td colspan="2"><input type="radio" name="keywordsoption" id="keywordsoption4" value="allusers" /><label for="keywordsoption4"><?php print_string('allusers', 'message') ?></label></td></tr>
<?php } ?>
-<?php
-/* Potential abuse problems - temporarily disabled
- echo '<tr><td colspan="3"><input type="radio" name="keywordsoption" alt="'.get_string('allstudents', 'message').'" value="courseusers" />'.get_string('allstudents', 'message').'<br /> '.$cs.'; </td></tr>';
-
-*/
-
-?>
-
</table>
</div>
