+
+
Chamilo 1.11.32 - Tikal, 27/06/2025
+
Release notes - summary
+
Chamilo 1.11.32 is a micro corrective release on top of 1.11.30. For any significant change, please check the 1.11.30 release notes.
+
Release name
+
Huaral a city in Peru, capital of the Huaral Province in the Department of Lima, on the path to the ancient city of Caral. 1.11.32 being a minor corrective release on top of 1.11.30 (called "Caral"), relating to a small city geographically close to Caral is a subtle wink to the Chamilo community there.
+
Security fixes
+
+ - No new vulnerability detected in this version
+
+
Important note
+
Chamilo 1.11.30 comes with subtle changes in the root .htaccess file which could affect your system (for example by triggering "Not Found" errors on course homepages) if you use Apache < 2.4.38-3. Please check line 37 of /.htaccess for more info.
+
Notable new Features
+
For end-users, teachers and Chamilo admins
+ These features are immediately available to users through the web interface.
+
+
For developers and sysadmins
+ Although most features here will be used by teachers or Chamilo admins, they require sysadmin privileges to enable them on the server.
+
+
Improvements (minor features) and debug
+ In reverse chronological order...
+
+ - [2025-06-27] (a039923b - GH#6400) Internal: Remove potential double conversion of quotes in api_htmlentites() (change introduced in 1.11.30 to increase support for PHP 8.3) - loosely refs
+ - [2025-06-27] (ef7c8b5e) Plugin: OnlyOffice: Bump version to 1.5.0 and merge with exercise-specific code + fix issues saving document details
+
+
Stylesheets and theming
+
+ - No notable style change
+
+
Web services
+
+ - [2025-06-26] (ccaf0f66 - BT#22611) Webservice: Allow receiving body content in JSON format -
+
+
Removals
+
+
Known issues
+
+ - No notable known issue
+
+
Chamilo 1.11.30 - Caral, 25/06/2025
Release notes - summary
Chamilo 1.11.30 is a patch release on top of 1.11.28.
Release name
-
Caral is is an archaeological site in Peru where the remains of the main city of the Caral civilization are found. It is attributed an antiquity of 5,000 years and it is considered the oldest city in the Americas and one of the oldest in the world. We found this reference ironically related to Chamilo 1.11.30 as we are closing towards a 2.0 release.
+
Caral is an archaeological site in Peru where the remains of the main city of the Caral civilization are found. It is attributed an antiquity of 5,000 years and it is considered the oldest city in the Americas and one of the oldest in the world. We found this reference ironically related to Chamilo 1.11.30 as we are closing towards a 2.0 release.
Security fixes
- [2024-09-27] (387808b5) Security: Social: Add sec_token when commenting posts Fix GHSA-33gm-vrgh-m239
@@ -159,6 +208,7 @@ Security fixes
- [2025-06-17] (ead79db4) Security: Fix XSS in session category See advisory GHSA-p4m6-gwhg-x89f
- [2025-06-24] (d672d118) Security: Set token validation to set a student as tutor
- [2025-06-24] (1aaa53da) Security: Exercise: Remove XSS when displaying fill in blanks results
+
Important note
Chamilo 1.11.30 comes with subtle changes in the root .htaccess file which could affect your system (for example by triggering "Not Found" errors on course homepages) if you use Apache < 2.4.38-3. Please check line 37 of /.htaccess for more info.
Notable new Features
diff --git a/main/inc/lib/internationalization.lib.php b/main/inc/lib/internationalization.lib.php
index bad0f0538e3..063346cd0fd 100755
--- a/main/inc/lib/internationalization.lib.php
+++ b/main/inc/lib/internationalization.lib.php
@@ -1207,7 +1207,7 @@ function api_htmlentities($string, $quote_style = ENT_COMPAT, $encoding = 'UTF-8
break;
}
- return htmlentities($string, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
+ return htmlentities($string, ENT_SUBSTITUTE, 'UTF-8');
}
/**
diff --git a/main/inc/lib/moodleexport/QuizExport.php b/main/inc/lib/moodleexport/QuizExport.php
index 7cd6794b6ba..69c11285833 100644
--- a/main/inc/lib/moodleexport/QuizExport.php
+++ b/main/inc/lib/moodleexport/QuizExport.php
@@ -209,13 +209,16 @@ private function mapQuestionType(string $quizType): string
*/
private function getAnswersForQuestion(int $questionId): array
{
+ static $globalCounter = 0;
$answers = [];
$quizResources = $this->course->resources[RESOURCE_QUIZQUESTION] ?? [];
foreach ($quizResources as $questionData) {
if ($questionData->source_id == $questionId) {
foreach ($questionData->answers as $answer) {
+ $globalCounter++;
$answers[] = [
+ 'id' => $questionId * 1000 + $globalCounter,
'text' => $answer['answer'],
'fraction' => $answer['correct'] == '1' ? 100 : 0,
'feedback' => $answer['comment'],
@@ -316,9 +319,10 @@ private function createQuizXml(array $quizData, string $destinationDir): void
// Add question instances
$xmlContent .= '
'.PHP_EOL;
+ $slotIndex = 1;
foreach ($quizData['questions'] as $question) {
$xmlContent .= ' '.PHP_EOL;
- $xmlContent .= ' '.$question['id'].''.PHP_EOL;
+ $xmlContent .= ' '.$slotIndex.''.PHP_EOL;
$xmlContent .= ' 1'.PHP_EOL;
$xmlContent .= ' 0'.PHP_EOL;
$xmlContent .= ' '.$question['id'].''.PHP_EOL;
@@ -326,6 +330,7 @@ private function createQuizXml(array $quizData, string $destinationDir): void
$xmlContent .= ' $@NULL@$'.PHP_EOL;
$xmlContent .= ' '.$question['maxmark'].''.PHP_EOL;
$xmlContent .= ' '.PHP_EOL;
+ $slotIndex++;
}
$xmlContent .= ' '.PHP_EOL;
@@ -417,8 +422,10 @@ private function exportTrueFalseQuestion(array $question): string
}
$xmlContent .= ' '.PHP_EOL;
$xmlContent .= '
'.PHP_EOL;
- $xmlContent .= ' '.($question['answers'][0]['id'] ?? '0').''.PHP_EOL;
- $xmlContent .= ' '.($question['answers'][1]['id'] ?? '0').''.PHP_EOL;
+ $trueId = $question['answers'][0]['id'] ?? 0;
+ $falseId = $question['answers'][1]['id'] ?? 0;
+ $xmlContent .= ' '.$trueId.''.PHP_EOL;
+ $xmlContent .= ' '.$falseId.''.PHP_EOL;
$xmlContent .= ' '.PHP_EOL;
$xmlContent .= ' '.PHP_EOL;
diff --git a/main/install/version.php b/main/install/version.php
index 1ae648933bb..98c841fc1be 100755
--- a/main/install/version.php
+++ b/main/install/version.php
@@ -13,7 +13,7 @@
/**
* Variables used from the main/install/index.php.
*/
-$new_version = '1.11.30';
+$new_version = '1.11.32';
$new_version_status = 'stable';
$new_version_last_id = 0;
$new_version_stable = true;
diff --git a/main/lang/english/trad4all.inc.php b/main/lang/english/trad4all.inc.php
index 0c47caf0cc1..0f9efe4f212 100644
--- a/main/lang/english/trad4all.inc.php
+++ b/main/lang/english/trad4all.inc.php
@@ -9102,4 +9102,8 @@
$HideComment = "Hide comments";
$AreYouSureYouWantToDeleteThisTicket = "Are you sure you want to delete this ticket ?";
$TicketDeleted = "Ticket deleted";
+$SubmittedDocument = "Submitted document";
+$AnswerInOfficeDoc = "Answer as office document";
+$UploadOfficeDoc = "Upload office document";
+$AllowedFormats = "Supported formats";
?>
\ No newline at end of file
diff --git a/main/lang/french/trad4all.inc.php b/main/lang/french/trad4all.inc.php
index bc6f1685b8c..d648d5ba3f9 100644
--- a/main/lang/french/trad4all.inc.php
+++ b/main/lang/french/trad4all.inc.php
@@ -9037,4 +9037,8 @@
$HideComment = "Cacher les commentaires";
$AreYouSureYouWantToDeleteThisTicket = "Êtes vous sûr de vouloir supprimer ce ticket ?";
$TicketDeleted = "Ticket supprimé";
+$SubmittedDocument = "Document soumis";
+$AnswerInOfficeDoc = "Réponse comme document bureautique";
+$UploadOfficeDoc = "Envoyer un document bureautique";
+$AllowedFormats = "Formats supportés";
?>
\ No newline at end of file
diff --git a/main/lang/spanish/trad4all.inc.php b/main/lang/spanish/trad4all.inc.php
index 37622cfa286..7f3a2e763e3 100644
--- a/main/lang/spanish/trad4all.inc.php
+++ b/main/lang/spanish/trad4all.inc.php
@@ -9127,4 +9127,8 @@
$HideComment = "Ocultar comentarios";
$AreYouSureYouWantToDeleteThisTicket = "¿Estás seguro de que quieres eliminar este ticket?";
$TicketDeleted = "Ticket eliminado";
+$SubmittedDocument = "Documento entregado";
+$AnswerInOfficeDoc = "Respuesta como documento de ofimática";
+$UploadOfficeDoc = "Subir documento ofimático";
+$AllowedFormats = "Formatos soportados";
?>
\ No newline at end of file
diff --git a/main/webservices/api/v2.php b/main/webservices/api/v2.php
index bca1d19a2f6..1a1430fe642 100644
--- a/main/webservices/api/v2.php
+++ b/main/webservices/api/v2.php
@@ -23,6 +23,20 @@
$httpRequest = HttpRequest::createFromGlobals();
+$jsonContent = 'application/json' === $httpRequest->headers->get('Content-Type')
+ ? json_decode($httpRequest->getContent(), true)
+ : null;
+
+if ($jsonContent) {
+ foreach ($jsonContent as $key => $value) {
+ $value = Security::remove_XSS($value);
+
+ $httpRequest->query->set($key, $value);
+ $httpRequest->request->set($key, $value);
+ $httpRequest->overrideGlobals();
+ }
+}
+
$hash = $httpRequest->query->get('hash');
if ($hash) {
diff --git a/plugin/onlyoffice/CHANGELOG.md b/plugin/onlyoffice/CHANGELOG.md
index 8f231becfbf..13a47725099 100644
--- a/plugin/onlyoffice/CHANGELOG.md
+++ b/plugin/onlyoffice/CHANGELOG.md
@@ -2,6 +2,10 @@
This plugin is developed and maintained at https://github.com/ONLYOFFICE/onlyoffice-chamilo.
+##
+## Added
+- Catalan, Czech, Danish, Hungarian, Indonesian, Romanian, Albanian, Urdu empty file templates
+
## 1.5.0
## Added
- support learning path
diff --git a/plugin/onlyoffice/README.md b/plugin/onlyoffice/README.md
index 5b286f2d988..b1866a143e4 100644
--- a/plugin/onlyoffice/README.md
+++ b/plugin/onlyoffice/README.md
@@ -1,8 +1,8 @@
-# Chamilo ONLYOFFICE integration plugin
+# ONLYOFFICE plugin for Chamilo
-This plugin allows users to edit office documents from [Chamilo](https://chamilo.org) using ONLYOFFICE Docs packaged as Document Server - [Community or Enterprise Edition](#onlyoffice-docs-editions).
+This plugin enables users to edit office documents from [Chamilo](https://chamilo.org) using ONLYOFFICE Docs packaged as Document Server - [Community or Enterprise Edition](#onlyoffice-docs-editions).
-The plugin is compatible with Chamilo v1.11.16 and later, although some features might only work on the [latest stable version](https://chamilo.org/download) of Chamilo.
+The plugin is compatible with Chamilo v1.11.16 or newer.
## Features
@@ -54,7 +54,12 @@ the third party, here is the recommended procedure:
git submodule update --init --recursive
```
-3. Clean up
+3. Get plugin dependencies:
+ ```
+ composer install
+ ```
+
+4. Collect all files
```
mkdir /tmp/onlyoffice-deploy
mkdir /tmp/onlyoffice-deploy/onlyoffice
@@ -64,13 +69,13 @@ the third party, here is the recommended procedure:
rm -rf */.git*
```
-4. Archive
+5. Archive
```
cd ../
zip onlyoffice.zip -r onlyoffice
```
-## Installing Chamilo ONLYOFFICE integration plugin
+## Installing ONLYOFFICE plugin for Chamilo
The plugin has been integrated into Chamilo since version 1.11.16.
@@ -90,12 +95,12 @@ Then launch `composer install` from the Chamilo root folder.
Return to the plugin list, select the ONLYOFFICE plugin, and click "Enable".
-## Configuring Chamilo ONLYOFFICE integration plugin
+## Configuring ONLYOFFICE plugin for Chamilo
On the Plugins page, find ONLYOFFICE and click _Configure_. You'll see the _Settings_ page. Enable the plugin and specify the _Document Server address_.
-Starting from version 7.2, JWT is enabled by default and the secret key is generated automatically to restrict the access to ONLYOFFICE Docs and for security reasons and data integrity.
-Specify your own **Secret key** on the Chamilo **Settings** page. The key can be found on your OnlyOffice server, depending on the type of server. See the ONLYOFFICE Docs [config file](https://api.onlyoffice.com/editors/signature/) page for more details.
+Starting from version 7.2, JWT is enabled by default and the secret key is generated automatically to restrict the access to ONLYOFFICE Docs and for security reasons and data integrity.
+Specify your own **Secret key** on the Chamilo **Settings** page. The key can be found on your OnlyOffice server, depending on the type of server. See the ONLYOFFICE Docs [config file](https://api.onlyoffice.com/docs/docs-api/additional-api/signature/) page for more details.
Specify the same secret key (search for a long hash string next to "secret") and save.
The plugin will tell you if anything is wrong.
@@ -128,7 +133,7 @@ The plugin will tell you if anything is wrong.
* Learners have access to a new ONLYOFFICE icon next to all documents supported by ONLYOFFICE in the documents tool.
* In the learning paths, the viewer seamlessly integrates with Chamilo to open the supported documents.
-More information on integration ONLYOFFICE Docs can be found in the [API documentation](https://api.onlyoffice.com/editors/basic).
+More information on integration ONLYOFFICE Docs can be found in the [API documentation](https://api.onlyoffice.com/docs/docs-api/get-started/basic-concepts/).
## ONLYOFFICE Docs editions
diff --git a/plugin/onlyoffice/ajax/saveas.php b/plugin/onlyoffice/ajax/saveas.php
index e6ab2e6f1ed..744bbf34a63 100644
--- a/plugin/onlyoffice/ajax/saveas.php
+++ b/plugin/onlyoffice/ajax/saveas.php
@@ -1,6 +1,6 @@
readHash($_GET['hash'], api_get_security_key());
if (null === $hashData) {
- error_log("ONLYOFFICE CALLBACK: ERROR - Hash inválido: ".$error);
+ error_log("ONLYOFFICE CALLBACK: ERROR - Invalid hash: ".$error);
exit(json_encode(['status' => 'error', 'error' => $error]));
}
@@ -42,6 +42,9 @@
$groupId = $hashData->groupId;
$sessionId = $hashData->sessionId;
$docPath = isset($_GET['docPath']) ? urldecode($_GET['docPath']) : ($hashData->docPath ?? null);
+ // Load courseCode for various uses from global scope in other functions
+ $courseInfo = api_get_course_info_by_id($courseId);
+ $courseCode = $courseInfo['code'];
if (!empty($userId)) {
$userInfo = api_get_user_info($userId);
@@ -196,7 +199,6 @@ function download()
global $docId;
global $groupId;
global $docPath;
- global $courseCode;
global $sessionId;
global $courseInfo;
global $appSettings;
diff --git a/plugin/onlyoffice/create.php b/plugin/onlyoffice/create.php
index 074c5aa92bd..e3d7023af77 100644
--- a/plugin/onlyoffice/create.php
+++ b/plugin/onlyoffice/create.php
@@ -1,6 +1,6 @@
docData['sessionId']);
update_existing_document($this->docData['courseInfo'],
- $docId,
+ $fileid,
filesize($filePath),
false);
$this->trackResult = 0;
diff --git a/plugin/onlyoffice/lib/onlyofficeConfigService.php b/plugin/onlyoffice/lib/onlyofficeConfigService.php
index 6fca962ba44..1e00290598a 100644
--- a/plugin/onlyoffice/lib/onlyofficeConfigService.php
+++ b/plugin/onlyoffice/lib/onlyofficeConfigService.php
@@ -1,6 +1,6 @@
array(
'name' => '__root__',
- 'pretty_version' => '1.0.0+no-version-set',
- 'version' => '1.0.0.0',
- 'reference' => NULL,
+ 'pretty_version' => 'dev-master',
+ 'version' => 'dev-master',
+ 'reference' => 'e2dac8179b6ce15fe4dfb1df7703546297a02790',
'type' => 'library',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
@@ -11,9 +11,9 @@
),
'versions' => array(
'__root__' => array(
- 'pretty_version' => '1.0.0+no-version-set',
- 'version' => '1.0.0.0',
- 'reference' => NULL,
+ 'pretty_version' => 'dev-master',
+ 'version' => 'dev-master',
+ 'reference' => 'e2dac8179b6ce15fe4dfb1df7703546297a02790',
'type' => 'library',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
diff --git a/tests/behat/features/accessCompanyReports.feature b/tests/behat/features/accessCompanyReports.feature
index 45051b605d3..cb6e1e1aedc 100644
--- a/tests/behat/features/accessCompanyReports.feature
+++ b/tests/behat/features/accessCompanyReports.feature
@@ -12,12 +12,12 @@ Feature: Access to portal reports as admin
Scenario: Access the company report
Given I am a platform administrator
And I am on "/main/mySpace/company_reports.php"
- Then I should not see "not authorized"
+ Then I should not see "not allowed"
Scenario: Access the resumed version of the company report
Given I am a platform administrator
And I am on "/main/mySpace/company_reports_resumed.php"
- Then I should not see "not authorized"
+ Then I should not see "not allowed"
Scenario: See the company reports link on the admin page
Given I am a platform administrator
@@ -27,7 +27,7 @@ Feature: Access to portal reports as admin
Scenario: See the company reports link on the admin page
Given I am a platform administrator
And I am on "/main/admin/teacher_time_report.php"
- Then I should not see "not authorized"
+ Then I should not see "not allowed"
Scenario: See the company reports link on the admin page
Given I am a platform administrator
@@ -37,4 +37,4 @@ Feature: Access to portal reports as admin
Scenario: See the company reports link on the admin page
Given I am a platform administrator
And I am on "/main/admin/teachers_time_by_session_report.php"
- Then I should not see "not authorized"
\ No newline at end of file
+ Then I should not see "not allowed"
\ No newline at end of file
diff --git a/tests/behat/features/class.feature b/tests/behat/features/class.feature
index 02d9c852434..0a05bff7ae6 100644
--- a/tests/behat/features/class.feature
+++ b/tests/behat/features/class.feature
@@ -6,8 +6,7 @@ Feature: Classes
Scenario: Create a class
Given I am a platform administrator
And I am on "/main/admin/usergroups.php?action=add"
- When I fill in the following:
- | name | Class 1 |
- | description | class description |
+ When I fill "usergroup_name" with "Class 1"
+ And I fill "description" with "class description"
And I press "submit"
Then I should see "Item added"
diff --git a/tests/behat/features/course.feature b/tests/behat/features/course.feature
index 549fc790b2d..67cd7b834fb 100644
--- a/tests/behat/features/course.feature
+++ b/tests/behat/features/course.feature
@@ -11,7 +11,7 @@ Feature: Course tools basic testing
Scenario: See the courses list
Given I am on "/main/admin/course_list.php"
Then I should see "Course list"
- And I should not see "not authorized"
+ And I should not see "not allowed"
Scenario: See the course creation link on the admin page
Given I am on "/main/admin/index.php"
@@ -19,7 +19,7 @@ Feature: Course tools basic testing
Scenario: Access the course creation page
Given I am on "/main/admin/course_add.php"
- Then I should not see "not authorized"
+ Then I should not see "not allowed"
Scenario: Create a private course before testing
Given I am on "/main/admin/course_add.php"