Add option "allow_htaccess_import_from_scorm" see BT#15334

Allow .htaccess files when importing a SCORM zip file
6 years ago · 030527eb4e
parent 3a5abcd240
commit 030527eb4e
6 changed files with 75 additions and 11 deletions
--- a/main/inc/lib/fileUpload.lib.php
+++ b/main/inc/lib/fileUpload.lib.php
@ -1211,6 +1211,7 @@ function clean_up_files_in_zip($p_event, &$p_header)
        '.Thumbs.db',
        'Thumbs.db',
    ];
    if (in_array($baseName, $skipFiles)) {
        return 0;
    }
@ -1220,6 +1221,41 @@ function clean_up_files_in_zip($p_event, &$p_header)
    return 1;
 }
 /**
 * Allow .htaccess file
 *
 * @param $p_event
 * @param $p_header
 *
 * @return int
 */
 function cleanZipFilesAllowHtaccess($p_event, &$p_header)
 {
    $originalStoredFileName = $p_header['stored_filename'];
    $baseName = basename($originalStoredFileName);
    $allowFiles = ['.htaccess'];
    if (in_array($baseName, $allowFiles)) {
        return 1;
    }
    // Skip files
    $skipFiles = [
        '__MACOSX',
        '.Thumbs.db',
        'Thumbs.db'
    ];
    if (in_array($baseName, $skipFiles)) {
        return 0;
    }
    $modifiedStoredFileName = clean_up_path($originalStoredFileName);
    $p_header['filename'] = str_replace($originalStoredFileName, $modifiedStoredFileName, $p_header['filename']);
    return 1;
 }
 /**
 * This function cleans up a given path
 * by eliminating dangerous file names and cleaning them.
--- a/main/install/configuration.dist.php
+++ b/main/install/configuration.dist.php
@ -1208,6 +1208,9 @@ $_configuration['required_extra_fields_in_profile'] = [
 // Blocks "my files" access to anon users
 //$_configuration['block_my_files_access'] = false;
 // Allow .htaccess files in SCORM packages
 //$_configuration['allow_htaccess_import_from_scorm'] = false;
 // KEEP THIS AT THE END
 // -------- Custom DB changes
 // Add user activation by confirmation email
--- a/main/lp/learnpath.class.php
+++ b/main/lp/learnpath.class.php
@ -12413,9 +12413,9 @@ EOD;
        $total_size = filesize($s) + $documents_total_space;
        if (filesize($s) > $post_max || filesize($s) > $upl_max || $total_size > $course_max_space) {
            return true;
        } else {
            return false;
        }
        return false;
    }
    /**
--- a/main/lp/lp_upload.php
+++ b/main/lp/lp_upload.php
@ -22,6 +22,11 @@ if (empty($_POST['current_dir'])) {
 }
 $uncompress = 1;
 $allowHtaccess = false;
 if (api_get_configuration_value('allow_htaccess_import_from_scorm') && isset($_POST['allow_htaccess'])) {
    $allowHtaccess = true;
 }
 /*
 * Check the request method in place of a variable from POST
 * because if the file size exceed the maximum file upload
@ -59,6 +64,7 @@ if (isset($_POST) && $is_error) {
    if (!empty($_REQUEST['content_proximity'])) {
        $proximity = Database::escape_string($_REQUEST['content_proximity']);
    }
    $maker = 'Scorm';
    if (!empty($_REQUEST['content_maker'])) {
        $maker = Database::escape_string($_REQUEST['content_maker']);
@ -80,7 +86,14 @@ if (isset($_POST) && $is_error) {
            break;
        case 'scorm':
            $oScorm = new scorm();
-            $manifest = $oScorm->import_package($_FILES['user_file'], $current_dir);
+            $manifest = $oScorm->import_package(
                $_FILES['user_file'],
                $current_dir,
                [],
                false,
                null,
                $allowHtaccess
            );
            if (!empty($manifest)) {
                $oScorm->parse_manifest($manifest);
                $oScorm->import_manifest(api_get_course_id(), $_REQUEST['use_max_score']);
@ -144,7 +157,7 @@ if (isset($_POST) && $is_error) {
    $new_dir = api_replace_dangerous_char(trim($file_base_name));
    $result = learnpath::verify_document_size($s);
-    if ($result == true) {
+    if ($result) {
        Display::addFlash(
            Display::return_message(get_lang('UplFileTooBig'))
        );
--- a/main/lp/scorm.class.php
+++ b/main/lp/scorm.class.php
@ -597,6 +597,7 @@ class scorm extends learnpath
     * @param array     $courseInfo
     * @param bool      $updateDirContents
     * @param learnpath $lpToCheck
     * @param bool      $allowHtaccess
     *
     * @return string $current_dir Absolute path to the imsmanifest.xml file or empty string on error
     */
@ -605,7 +606,8 @@ class scorm extends learnpath
        $currentDir = '',
        $courseInfo = [],
        $updateDirContents = false,
-        $lpToCheck = null
+        $lpToCheck = null,
        $allowHtaccess = false
    ) {
        if ($this->debug > 0) {
            error_log(
@ -745,9 +747,14 @@ class scorm extends learnpath
            chdir($courseSysDir.$newDir);
            $callBack = 'clean_up_files_in_zip';
            if ($allowHtaccess) {
                $callBack = 'cleanZipFilesAllowHtaccess';
            }
            $zipFile->extract(
                PCLZIP_CB_PRE_EXTRACT,
-                'clean_up_files_in_zip'
+                $callBack
            );
            if (!empty($newDir)) {
--- a/main/upload/form.scorm.php
+++ b/main/upload/form.scorm.php
@ -41,11 +41,11 @@ function get_zip_files_in_garbage()
 */
 $nameTools = get_lang('FileUpload');
 $interbreadcrumb[] = [
-    "url" => api_get_path(WEB_CODE_PATH)."lp/lp_controller.php?action=list&".api_get_cidreq(),
+    'url' => api_get_path(WEB_CODE_PATH).'lp/lp_controller.php?action=list&'.api_get_cidreq(),
-    "name" => get_lang("ToolLearnpath"),
+    'name' => get_lang('ToolLearnpath'),
 ];
-Display::display_header($nameTools, "Path");
+Display::display_header($nameTools, 'Path');
 require_once '../lp/content_makers.inc.php';
 require_once api_get_path(LIBRARY_PATH).'specific_fields_manager.lib.php';
@ -61,8 +61,8 @@ $form = new FormValidator(
    api_get_path(WEB_CODE_PATH).'upload/upload.php?'.api_get_cidreq(),
    '',
    [
-        'id' => "upload_form",
+        'id' => 'upload_form',
-        'enctype' => "multipart/form-data",
+        'enctype' => 'multipart/form-data',
    ]
 );
 $form->addHeader($nameTools);
@ -87,6 +87,11 @@ if (api_get_setting('search_enabled') == 'true') {
 if (api_is_platform_admin()) {
    $form->addElement('checkbox', 'use_max_score', null, get_lang('UseMaxScore100'));
 }
 if (api_get_configuration_value('allow_htaccess_import_from_scorm')) {
    $form->addElement('checkbox', 'allow_htaccess', null, get_lang('AllowHtaccessScormImport'));
 }
 $form->addButtonUpload(get_lang('Upload'));
 // the default values for the form