chamilo · Coussecousse · Oct 6, 2025 · Oct 7, 2025 · Oct 7, 2025
diff --git a/public/main/admin/course_list.php b/public/main/admin/course_list.php
@@ -240,25 +240,24 @@ function get_course_data(
             ),
             $path.'course_copy/create_backup.php?'.api_get_cidreq_params($courseId)
         );
-        $actions[] = Display::url(
-            Display::getMdiIcon(
-                ActionIcon::DELETE,
-                'ch-tool-icon',
-                null,
-                ICON_SIZE_SMALL,
-                get_lang('Delete')
-            ),
-            $path.'admin/course_list.php?'
-            .http_build_query([
-                'delete_course' => $course['col0'],
-                'sec_token' => Security::getTokenFromSession(),
-            ]),
-            [
-                'onclick' => "javascript: if (!confirm('"
-                    .addslashes(api_htmlentities(get_lang('Please confirm your choice'), \ENT_QUOTES))
-                    ."')) return false;",
-            ]
-        );
+        // Delete course action
+        $actions[] = '
+        <form method="post" style="display:inline;" onsubmit="return confirm(\'' . 
+            addslashes(api_htmlentities(get_lang('Please confirm your choice'), \ENT_QUOTES)) . 
+            '\');">
+            <input type="hidden" name="action" value="delete_course">
+            <input type="hidden" name="course_code" value="' . $course['col0'] . '">
+            <input type="hidden" name="sec_token" value="' . Security::getTokenFromSession() . '">
+            <button type="submit" class="btn btn-link p-0 text-decoration-none cursor-pointer" title="' . get_lang('Delete') . '">
+                ' . Display::getMdiIcon(
+                    ActionIcon::DELETE,
+                    'ch-tool-icon',
+                    null,
+                    ICON_SIZE_SMALL,
+                    get_lang('Delete')
+                ) . '
+            </button>
+        </form>';
 
         $em = Database::getManager();
         /** @var CatalogueCourseRelAccessUrlRelUsergroupRepository $repo */
@@ -270,24 +269,23 @@ function get_course_data(
         ]);
 
         $isInCatalogue = null !== $record;
-        $catalogueUrl = api_get_self().'?toggle_catalogue='.$course['id'].'&sec_token='.Security::getTokenFromSession();
 
-        $actions[] = Display::url(
-            Display::getMdiIcon(
-                $isInCatalogue ? StateIcon::CATALOGUE_OFF : StateIcon::CATALOGUE_ON,
-                'ch-tool-icon',
-                null,
-                ICON_SIZE_SMALL,
-                $isInCatalogue ? get_lang('Remove from catalogue') : get_lang('Add to catalogue'),
-                [
-                    'class' => $isInCatalogue ? 'text-warning' : 'text-muted',
-                ]
-            ),
-            $catalogueUrl,
-            [
-                'title' => $isInCatalogue ? get_lang('Remove from catalogue') : get_lang('Add to catalogue'),
-            ]
-        );
+        $actions[] = '
+        <form method="post" style="display:inline;">
+            <input type="hidden" name="action" value="toggle_catalogue">
+            <input type="hidden" name="course_id" value="' . $course['id'] . '">
+            <input type="hidden" name="sec_token" value="' . Security::getTokenFromSession() . '">
+            <button type="submit" class="btn btn-link p-0 text-decoration-none cursor-pointer" title="' . 
+                ($isInCatalogue ? get_lang('Remove from catalogue') : get_lang('Add to catalogue')) . '">
+                ' . Display::getMdiIcon(
+                    $isInCatalogue ? StateIcon::CATALOGUE_OFF : StateIcon::CATALOGUE_ON,
+                    'ch-tool-icon',
+                    null,
+                    ICON_SIZE_SMALL,
+                    $isInCatalogue ? get_lang('Remove from catalogue') : get_lang('Add to catalogue')
+                ) . '
+            </button>
+        </form>';
 
         $courseItem = [
             $course['col0'],
@@ -356,7 +354,7 @@ function get_course_visibility_icon(int $visibility): string
     };
 }
 
-if (isset($_POST['action']) && Security::check_token('get')) {
+if (isset($_POST['action']) && Security::check_token('post')) {
     // Delete selected courses
     if ('delete_courses' == $_POST['action']) {
         if (!empty($_POST['course'])) {
@@ -369,43 +367,49 @@ function get_course_visibility_icon(int $visibility): string
 
             Display::addFlash(Display::return_message(get_lang('Deleted')));
         }
-        api_location(api_get_self());
     }
-}
 
-if (isset($_GET['toggle_catalogue']) && Security::check_token('get')) {
-    $courseId = (int) $_GET['toggle_catalogue'];
-    $accessUrlId = api_get_current_access_url_id();
-    $em = Database::getManager();
-    $repo = $em->getRepository(CatalogueCourseRelAccessUrlRelUsergroup::class);
-    $course = api_get_course_entity($courseId);
-    $accessUrl = $em->getRepository(AccessUrl::class)->find($accessUrlId);
+    if ('delete_course' == $_POST['action']) {
+        $result = CourseManager::delete_course($_POST['course_code']);
+        if ($result) {
+            Display::addFlash(Display::return_message(get_lang('Deleted')));
+        }
+    }
 
-    if ($course && $accessUrl) {
-        $record = $repo->findOneBy([
-            'course' => $course,
-            'accessUrl' => $accessUrl,
-            'usergroup' => null,
-        ]);
+    // Toggle catalogue
+    if ('toggle_catalogue' == $_POST['action']) {
+        $courseId = (int) $_POST['course_id'];
+        $accessUrlId = api_get_current_access_url_id();
+        $em = Database::getManager();
+        $repo = $em->getRepository(CatalogueCourseRelAccessUrlRelUsergroup::class);
+        $course = api_get_course_entity($courseId);
+        $accessUrl = $em->getRepository(AccessUrl::class)->find($accessUrlId);
+
+        if ($course && $accessUrl) {
+            $record = $repo->findOneBy([
+                'course' => $course,
+                'accessUrl' => $accessUrl,
+                'usergroup' => null,
+            ]);
+
+            if ($record) {
+                $em->remove($record);
+                Display::addFlash(Display::return_message(get_lang('Removed from catalogue')));
+            } else {
+                $newRel = new CatalogueCourseRelAccessUrlRelUsergroup();
+                $newRel->setCourse($course);
+                $newRel->setAccessUrl($accessUrl);
+                $newRel->setUsergroup(null);
+
+                $em->persist($newRel);
+                Display::addFlash(Display::return_message(get_lang('Added to catalogue'), 'success'));
+            }
 
-        if ($record) {
-            $em->remove($record);
-            Display::addFlash(Display::return_message(get_lang('Removed from catalogue')));
-        } else {
-            $newRel = new CatalogueCourseRelAccessUrlRelUsergroup();
-            $newRel->setCourse($course);
-            $newRel->setAccessUrl($accessUrl);
-            $newRel->setUsergroup(null);
-
-            $em->persist($newRel);
-            Display::addFlash(Display::return_message(get_lang('Added to catalogue'), 'success'));
+            $em->flush();
         }
-
-        $em->flush();
     }
-
-    api_location(api_get_self());
 }
+
 $content = '';
 $message = '';
 $actions = '';
@@ -463,15 +467,6 @@ function get_course_visibility_icon(int $visibility): string
     $content .= $form->returnForm();
 } else {
     $tool_name = get_lang('Course list');
-    if (isset($_GET['delete_course']) && Security::check_token('get')) {
-        $result = CourseManager::delete_course($_GET['delete_course']);
-        if ($result) {
-            Display::addFlash(Display::return_message(get_lang('Deleted')));
-        }
-
-        api_location(api_get_self());
-    }
-
     if (isset($_GET['new_course_id'])) {
         $courseId = (int) $_GET['new_course_id'];
         $course = api_get_course_entity($courseId);

diff --git a/public/main/course_info/delete_course.php b/public/main/course_info/delete_course.php
@@ -27,13 +27,20 @@
 $type_info_message = 'warning';
 if (isset($_GET['delete']) && 'yes' === $_GET['delete'] && $_GET['course_code'] && !empty($_GET['course_code'])) {
     if ($current_course_code == $_GET['course_code']) {
-        CourseManager::delete_course($_course['sysCode']);
-        // DELETE CONFIRMATION MESSAGE
-        Session::erase('_cid');
-        Session::erase('_real_cid');
-        $message = '<h3>'.get_lang('Course title').' : '.$current_course_name.'</h3>';
-        $message .= '<h3>'.get_lang('Course code').' : '.$current_course_code.'</h3>';
-        $message .= get_lang('has been deleted');
+        if (!CourseManager::delete_course($_course['sysCode'])) {
+            // DELETE ERROR MESSAGE
+            $message = '<h3>'.get_lang('Course title').' : '.$current_course_name.'</h3>';
+            $message .= '<h3>'.get_lang('Course code').' : '.$current_course_code.'</h3>';
+            $message .= '<p>'.get_lang('An error occurred while trying to delete the course').'</p>';
+            $type_info_message = 'error';
+        } else {
+            // DELETE CONFIRMATION MESSAGE
+            Session::erase('_cid');
+            Session::erase('_real_cid');
+            $message = '<h3>'.get_lang('Course title').' : '.$current_course_name.'</h3>';
+            $message .= '<h3>'.get_lang('Course code').' : '.$current_course_code.'</h3>';
+            $message .= get_lang('has been deleted');
+        }
         $message .= '<br /><br /><a href="../../index.php">'.get_lang('Back to Home Page.').'</a>';
     } else {
         /* message if code course is incorrect */