chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r12204] Updated all table names to use Database class (called in dropbox_config.inc.php) and removed dangerous ` signs

Browse Source
skala
Yannick Warnier 18 years ago
parent 325bc6eb48
commit 24042b9485
7 changed files with 67 additions and 91 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 45
      main/dropbox/dropbox_class.inc.php
  2. 16
      main/dropbox/dropbox_config.inc.php
  3. 6
      main/dropbox/dropbox_download.php
  4. 52
      main/dropbox/dropbox_functions.inc.php
  5. 31
      main/dropbox/dropbox_init.inc.php
  6. 2
      main/dropbox/dropbox_submit.php
  7. 4
      main/dropbox/index.php

45
main/dropbox/dropbox_class.inc.php
Unescape View File

@ -160,7 +160,7 @@ class Dropbox_Work {
// with updated information (authors, descriptio, upload_date)
$this->isOldWork = FALSE;
$sql="SELECT id, upload_date
FROM `".dropbox_cnf("fileTbl")."`
FROM ".dropbox_cnf("tbl_file")."
WHERE filename = '".addslashes($this->filename)."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$res = mysql_fetch_array($result);
@ -171,7 +171,7 @@ class Dropbox_Work {
{
$this->id = $res["id"];
$this->upload_date = $res["upload_date"];
$sql = "UPDATE `".dropbox_cnf("fileTbl")."`
$sql = "UPDATE ".dropbox_cnf("tbl_file")."
SET filesize = '".addslashes($this->filesize)."'
, title = '".addslashes($this->title)."'
, description = '".addslashes($this->description)."'
@ -183,7 +183,7 @@ class Dropbox_Work {
else
{
$this->upload_date = $this->last_upload_date;
$sql="INSERT INTO `".dropbox_cnf("fileTbl")."`
$sql="INSERT INTO ".dropbox_cnf("tbl_file")."
(uploader_id, filename, filesize, title, description, author, upload_date, last_upload_date)
VALUES ('".addslashes($this->uploader_id)."'
, '".addslashes($this->filename)."'
@ -200,7 +200,7 @@ class Dropbox_Work {
}
// insert entries into person table
$sql="INSERT INTO `".dropbox_cnf("personTbl")."`
$sql="INSERT INTO ".dropbox_cnf("tbl_person")."
(file_id, user_id)
VALUES ('".addslashes($this->id)."'
, '".addslashes($this->uploader_id)."'
@ -222,7 +222,7 @@ class Dropbox_Work {
// get the data from DB
$sql="SELECT uploader_id, filename, filesize, title, description, author, upload_date, last_upload_date, cat_id
FROM `".dropbox_cnf("fileTbl")."`
FROM ".dropbox_cnf("tbl_file")."
WHERE id='".addslashes($id)."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$res = mysql_fetch_array($result,MYSQL_ASSOC);
@ -258,7 +258,7 @@ class Dropbox_Work {
if ($_GET['action']=='viewfeedback' AND $this->id==$_GET['id'])
{
$feedback2=array();
$sql_feedback = "SELECT * FROM `".dropbox_cnf("tbl_feedback")."` WHERE file_id='".$id."' ORDER BY feedback_id ASC";
$sql_feedback = "SELECT * FROM ".dropbox_cnf("tbl_feedback")." WHERE file_id='".$id."' ORDER BY feedback_id ASC";
$result = api_sql_query($sql_feedback, __FILE__, __LINE__);
while ($row_feedback=mysql_fetch_array($result))
{
@ -270,8 +270,8 @@ class Dropbox_Work {
/*
// RH: Feedback
$result = api_sql_query("SELECT feedback_date, feedback, cat_id FROM `".
dropbox_cnf("postTbl")."` WHERE dest_user_id='".$_user['user_id'].
$result = api_sql_query("SELECT feedback_date, feedback, cat_id FROM ".
dropbox_cnf("tbl_post")." WHERE dest_user_id='".$_user['user_id'].
"' AND file_id='".$id."'",__FILE__,__LINE__);
if ($res = mysql_fetch_array($result))
{
@ -355,13 +355,13 @@ class Dropbox_SentWork extends Dropbox_Work
// insert data in dropbox_post and dropbox_person table for each recipient
foreach ($this->recipients as $rec)
{
$sql="INSERT INTO `".dropbox_cnf("postTbl")."`
$sql="INSERT INTO ".dropbox_cnf("tbl_post")."
(file_id, dest_user_id)
VALUES ('".addslashes($this->id)."', '".addslashes($rec["id"])."')";
$result = api_sql_query($sql); //if work already exists no error is generated
//insert entries into person table
$sql="INSERT INTO `".dropbox_cnf("personTbl")."`
$sql="INSERT INTO ".dropbox_cnf("tbl_person")."
(file_id, user_id)
VALUES ('".addslashes($this->id)."'
, '".addslashes($rec["id"])."'
@ -401,7 +401,7 @@ class Dropbox_SentWork extends Dropbox_Work
//Fill in recipients array/
$this->recipients = array(); // RH: Feedback: added to SELECT
$sql="SELECT dest_user_id, feedback_date, feedback
FROM `".dropbox_cnf("postTbl")."`
FROM ".dropbox_cnf("tbl_post")."
WHERE file_id='".addslashes($id)."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
while ($res = mysql_fetch_array($result))
@ -434,13 +434,13 @@ class Dropbox_Person
//the receivedWork and the sentWork arrays are sorted
/**
* Constructor for recreating the Dropbox_Person object
* Constructor for recreating the Dropbox_Person object
*
* @param unknown_type $userId
* @param unknown_type $isCourseAdmin
* @param unknown_type $isCourseTutor
* @return Dropbox_Person
*/
*/
function Dropbox_Person ($userId, $isCourseAdmin, $isCourseTutor)
{
// Fill in properties
@ -452,11 +452,14 @@ class Dropbox_Person
//Note: perhaps include an ex coursemember check to delete old files
$post_tbl = Database::get_course_table();
$person_tbl = Database::get_course_table();
$file_tbl = Database::get_course_table();
// find all entries where this person is the recipient
$sql = "SELECT r.file_id
FROM
`".dropbox_cnf("postTbl")."` r
, `".dropbox_cnf("personTbl")."` p
".dropbox_cnf("tbl_post")." r
, ".dropbox_cnf("tbl_person")." p
WHERE r.dest_user_id = '".addslashes($this->userId)."'
AND r.dest_user_id = p.user_id
AND r.file_id = p.file_id";
@ -467,7 +470,7 @@ class Dropbox_Person
// find all entries where this person is the sender/uploader
$sql = "SELECT f.id
FROM `".dropbox_cnf("fileTbl")."` f, `".dropbox_cnf("personTbl")."` p
FROM ".dropbox_cnf("tbl_file")." f, ".dropbox_cnf("tbl_person")." p
WHERE f.uploader_id = '".addslashes($this->userId)."'
AND f.uploader_id = p.user_id
AND f.id = p.file_id";
@ -588,7 +591,7 @@ class Dropbox_Person
//delete entries in person table concerning received works
foreach ($this->receivedWork as $w)
{
api_sql_query("DELETE FROM `".dropbox_cnf("personTbl")."` WHERE user_id='".$this->userId."' AND file_id='".$w->id."'",__FILE__,__LINE__);
api_sql_query("DELETE FROM ".dropbox_cnf("tbl_person")." WHERE user_id='".$this->userId."' AND file_id='".$w->id."'",__FILE__,__LINE__);
}
removeUnusedFiles(); //check for unused files
@ -617,7 +620,7 @@ class Dropbox_Person
}
//delete entries in person table concerning received works
api_sql_query("DELETE FROM `".dropbox_cnf("personTbl")."` WHERE user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);
api_sql_query("DELETE FROM ".dropbox_cnf("tbl_person")." WHERE user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);
removeUnusedFiles(); //check for unused files
}
@ -630,7 +633,7 @@ class Dropbox_Person
//delete entries in person table concerning sent works
foreach ($this->sentWork as $w)
{
api_sql_query("DELETE FROM `".dropbox_cnf("personTbl")."` WHERE user_id='".$this->userId."' AND file_id='".$w->id."'",__FILE__,__LINE__);
api_sql_query("DELETE FROM ".dropbox_cnf("tbl_person")." WHERE user_id='".$this->userId."' AND file_id='".$w->id."'",__FILE__,__LINE__);
removeMoreIfMailing($w->id); // RH: Mailing: see init1
}
removeUnusedFiles(); //check for unused files
@ -658,7 +661,7 @@ class Dropbox_Person
//$file_id = $this->sentWork[$index]->id; // RH: Mailing
//delete entries in person table concerning sent works
api_sql_query("DELETE FROM `".dropbox_cnf("personTbl")."` WHERE user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);
api_sql_query("DELETE FROM ".dropbox_cnf("tbl_person")." WHERE user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);
removeMoreIfMailing($id); // RH: Mailing: see init1
removeUnusedFiles(); //check for unused files
@ -690,7 +693,7 @@ class Dropbox_Person
$this->receivedWork[$wi]->feedback_date = $feedback_date;
$this->receivedWork[$wi]->feedback = $text;
api_sql_query("UPDATE `".dropbox_cnf("postTbl")."` SET feedback_date='".
api_sql_query("UPDATE ".dropbox_cnf("tbl_post")." SET feedback_date='".
addslashes($feedback_date)."', feedback='".addslashes($text).
"' WHERE dest_user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);

16
main/dropbox/dropbox_config.inc.php
Unescape View File

@ -33,14 +33,14 @@ $DEBUG = TRUE;
*       DATABASE TABLE VARIABLES
* --------------------------------------
*/
$dropbox_cnf["postTbl"] = $_course["dbNameGlu"] . "dropbox_post";
$dropbox_cnf["fileTbl"] = $_course["dbNameGlu"] . "dropbox_file";
$dropbox_cnf["personTbl"] = $_course["dbNameGlu"] . "dropbox_person";
$dropbox_cnf["introTbl"] = $_course["dbNameGlu"] . "tool_intro";
$dropbox_cnf["userTbl"] = $_configuration['main_database'] . "`.`user";
$dropbox_cnf["courseUserTbl"] = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$dropbox_cnf['tbl_category'] = $_course["dbNameGlu"] . "dropbox_category";
$dropbox_cnf['tbl_feedback'] = $_course["dbNameGlu"] . "dropbox_feedback";
$dropbox_cnf['tbl_post'] = Database::get_course_table(TABLE_DROPBOX_POST);
$dropbox_cnf['tbl_file'] = Database::get_course_table(TABLE_DROPBOX_FILE);
$dropbox_cnf['tbl_person'] = Database::get_course_table(TABLE_DROPBOX_PERSON);
$dropbox_cnf['tbl_intro'] = Database::get_course_table(TABLE_TOOL_INTRO);
$dropbox_cnf['tbl_user'] = Database::get_main_table(TABLE_MAIN_USER);
$dropbox_cnf['tbl_course_user'] = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$dropbox_cnf['tbl_category'] = Database::get_course_table(TABLE_DROPBOX_CATEGORY);
$dropbox_cnf['tbl_feedback'] = Database::get_course_table(TABLE_DROPBOX_FEEDBACK);
/**
* --------------------------------------

6
main/dropbox/dropbox_download.php
Unescape View File

@ -65,7 +65,7 @@ if ( isset($_GET['cat_id']) AND is_numeric($_GET['cat_id']) AND $_GET['action']=
if ($_GET['sent_received']=='sent')
{
// here we also incorporate the person table to make sure that deleted sent documents are not included.
$sql="SELECT DISTINCT file.id, file.filename, file.title FROM `".$dropbox_cnf["fileTbl"]."` file, `".$dropbox_cnf["personTbl"]."` person
$sql="SELECT DISTINCT file.id, file.filename, file.title FROM ".$dropbox_cnf["tbl_file"]." file, ".$dropbox_cnf["tbl_person"]." person
WHERE file.uploader_id='".mysql_real_escape_string($_user['user_id'])."'
AND file.cat_id='".mysql_real_escape_string($_GET['cat_id'])."'
AND person.user_id='".mysql_real_escape_string($_user['user_id'])."'
@ -74,7 +74,7 @@ if ( isset($_GET['cat_id']) AND is_numeric($_GET['cat_id']) AND $_GET['action']=
}
if ($_GET['sent_received']=='received')
{
$sql="SELECT DISTINCT file.id, file.filename, file.title FROM `".$dropbox_cnf["fileTbl"]."` file, `".$dropbox_cnf["personTbl"]."` person, `".$dropbox_cnf["postTbl"]."` post
$sql="SELECT DISTINCT file.id, file.filename, file.title FROM ".$dropbox_cnf["tbl_file"]." file, ".$dropbox_cnf["tbl_personTbl"]." person, ".$dropbox_cnf["tbl_post"]." post
WHERE post.cat_id='".mysql_real_escape_string($_GET['cat_id'])."'
AND person.user_id='".mysql_real_escape_string($_user['user_id'])."'
AND person.file_id=file.id
@ -121,7 +121,7 @@ if ( ! isset( $_GET['id']) || ! is_numeric( $_GET['id']))
$allowed_to_download=false;
// Check if the user has sent or received the file.
$sql="SELECT * FROM `".$dropbox_cnf["personTbl"]."` WHERE file_id='".mysql_real_escape_string($_GET['id'])."' AND user_id='".mysql_real_escape_string($_user['user_id'])."'";
$sql="SELECT * FROM ".$dropbox_cnf["tbl_person"]." WHERE file_id='".mysql_real_escape_string($_GET['id'])."' AND user_id='".mysql_real_escape_string($_user['user_id'])."'";
$result=api_sql_query($sql);
if (mysql_num_rows($result)>0)
{

52
main/dropbox/dropbox_functions.inc.php
Unescape View File

@ -126,13 +126,13 @@ function delete_category($action, $id)
if ($action=='deletereceivedcategory')
{
$sentreceived='received';
$entries_table=$dropbox_cnf['postTbl'];
$entries_table=$dropbox_cnf['tbl_post'];
$id_field='file_id';
}
elseif ($action=='deletesentcategory')
{
$sentreceived='sent';
$entries_table=$dropbox_cnf['fileTbl'];
$entries_table=$dropbox_cnf['tbl_file'];
$id_field='id';
}
else
@ -145,7 +145,7 @@ function delete_category($action, $id)
$result=api_sql_query($sql);
// step 2: delete all the documents in this category
$sql="SELECT * FROM `".$entries_table."` WHERE cat_id='".Database::escape_string($id)."'";
$sql="SELECT * FROM ".$entries_table." WHERE cat_id='".Database::escape_string($id)."'";
$result=api_sql_query($sql);
while ($row=mysql_fetch_array($result))
@ -209,7 +209,7 @@ function store_move($id, $target, $part)
{
if ($part=='received')
{
$sql="UPDATE `".$dropbox_cnf["postTbl"]."` SET cat_id='".Database::escape_string($target)."'
$sql="UPDATE ".$dropbox_cnf["tbl_post"]." SET cat_id='".Database::escape_string($target)."'
WHERE dest_user_id='".Database::escape_string($_user['user_id'])."'
AND file_id='".Database::escape_string($id)."'
";
@ -218,7 +218,7 @@ function store_move($id, $target, $part)
}
if ($part=='sent')
{
$sql="UPDATE `".$dropbox_cnf["fileTbl"]."` SET cat_id='".Database::escape_string($target)."'
$sql="UPDATE ".$dropbox_cnf["tbl_file"]." SET cat_id='".Database::escape_string($target)."'
WHERE uploader_id='".Database::escape_string($_user['user_id'])."'
AND id='".Database::escape_string($id)."'
";
@ -309,7 +309,7 @@ function get_dropbox_categories($filter='')
$return_array=array();
$sql="SELECT * FROM `".$dropbox_cnf['tbl_category']."` WHERE user_id='".$_user['user_id']."'";
$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."'";
$result=api_sql_query($sql);
while ($row=mysql_fetch_array($result))
@ -367,14 +367,14 @@ function store_addcategory()
if (!$_POST['edit_id'])
{
// step 3a, we check if the category doesn't already exist
$sql="SELECT * FROM `".$dropbox_cnf['tbl_category']."` WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string($_POST['category_name'])."' AND received='".$received."' AND sent='".$sent."'";
$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string($_POST['category_name'])."' AND received='".$received."' AND sent='".$sent."'";
$result=api_sql_query($sql);
// step 3b, we add the category if it does not exist yet.
if (mysql_num_rows($result)==0)
{
$sql="INSERT INTO `".$dropbox_cnf['tbl_category']."` (cat_name, received, sent, user_id)
$sql="INSERT INTO ".$dropbox_cnf['tbl_category']." (cat_name, received, sent, user_id)
VALUES ('".Database::escape_string($_POST['category_name'])."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', '".Database::escape_string($_user['user_id'])."')";
api_sql_query($sql);
return get_lang('CategoryStored');
@ -386,7 +386,7 @@ function store_addcategory()
}
else
{
$sql="UPDATE `".$dropbox_cnf['tbl_category']."` SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
$sql="UPDATE ".$dropbox_cnf['tbl_category']." SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
WHERE user_id='".Database::escape_string($_user['user_id'])."'
AND cat_id='".Database::escape_string($_POST['edit_id'])."'";
api_sql_query($sql);
@ -412,7 +412,7 @@ function display_addcategory_form($category_name='', $id='')
if (isset($id) AND $id<>'')
{
// retrieve the category we are editing
$sql="SELECT * FROM `".$dropbox_cnf['tbl_category']."` WHERE cat_id='".Database::escape_string($id)."'";
$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE cat_id='".Database::escape_string($id)."'";
$result=api_sql_query($sql);
$row=mysql_fetch_array($result);
@ -622,7 +622,7 @@ function getUserNameFromId ( $id) // RH: Mailing: return 'Mailing ' + id
}
$sql = "SELECT CONCAT(lastname,' ', firstname) AS name
FROM `" . dropbox_cnf("userTbl") . "`
FROM " . dropbox_cnf("tbl_user") . "
WHERE user_id='" . addslashes( $id) . "'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$res = mysql_fetch_array( $result);
@ -638,7 +638,7 @@ function getUserNameFromId ( $id) // RH: Mailing: return 'Mailing ' + id
function getLoginFromId ( $id)
{
$sql = "SELECT username
FROM `" . dropbox_cnf("userTbl") . "`
FROM " . dropbox_cnf("tbl_user") . "
WHERE user_id='" . addslashes( $id) . "'";
$result =api_sql_query($sql,__FILE__,__LINE__);
$res = mysql_fetch_array( $result);
@ -667,16 +667,16 @@ function removeUnusedFiles( )
{
// select all files that aren't referenced anymore
$sql = "SELECT DISTINCT f.id, f.filename
FROM `" . dropbox_cnf("fileTbl") . "` f
LEFT JOIN `" . dropbox_cnf("personTbl") . "` p ON f.id = p.file_id
FROM " . dropbox_cnf("tbl_file") . " f
LEFT JOIN " . dropbox_cnf("tbl_person") . " p ON f.id = p.file_id
WHERE p.user_id IS NULL";
$result = api_sql_query($sql,__FILE__,__LINE__);
while ( $res = mysql_fetch_array( $result))
{
//delete the selected files from the post and file tables
$sql = "DELETE FROM `" . dropbox_cnf("postTbl") . "` WHERE file_id='" . $res['id'] . "'";
$sql = "DELETE FROM " . dropbox_cnf("tbl_post") . " WHERE file_id='" . $res['id'] . "'";
$result1 = api_sql_query($sql,__FILE__,__LINE__);
$sql = "DELETE FROM `" . dropbox_cnf("fileTbl") . "` WHERE id='" . $res['id'] . "'";
$sql = "DELETE FROM " . dropbox_cnf("tbl_file") . " WHERE id='" . $res['id'] . "'";
$result1 = api_sql_query($sql,__FILE__,__LINE__);
//delete file from server
@ -700,8 +700,8 @@ function removeUnusedFiles( )
function getUserOwningThisMailing($mailingPseudoId, $owner = 0, $or_die = '')
{
$sql = "SELECT f.uploader_id
FROM `" . dropbox_cnf("fileTbl") . "` f
LEFT JOIN `" . dropbox_cnf("postTbl") . "` p ON f.id = p.file_id
FROM " . dropbox_cnf("tbl_file") . " f
LEFT JOIN " . dropbox_cnf("tbl_post") . " p ON f.id = p.file_id
WHERE p.dest_user_id = '" . $mailingPseudoId . "'";
$result = api_sql_query($sql,__FILE__,__LINE__);
@ -727,7 +727,7 @@ function removeMoreIfMailing($file_id)
// for all content files, replace mailingPseudoId by owner as uploader
$sql = "SELECT p.dest_user_id
FROM `" . dropbox_cnf("postTbl") . "` p
FROM " . dropbox_cnf("tbl_post") . " p
WHERE p.file_id = '" . $file_id . "'";
$result = api_sql_query($sql,__FILE__,__LINE__);
@ -736,11 +736,11 @@ function removeMoreIfMailing($file_id)
$mailingPseudoId = $res['dest_user_id'];
if ( $mailingPseudoId > dropbox_cnf("mailingIdBase"))
{
$sql = "DELETE FROM `" . dropbox_cnf("personTbl") . "` WHERE user_id='" . $mailingPseudoId . "'";
$sql = "DELETE FROM " . dropbox_cnf("tbl_person") . " WHERE user_id='" . $mailingPseudoId . "'";
$result1 = api_sql_query($sql,__FILE__,__LINE__);
$sql = "UPDATE `" . dropbox_cnf("fileTbl") .
"` SET uploader_id='" . api_get_user_id() . "' WHERE uploader_id='" . $mailingPseudoId . "'";
$sql = "UPDATE " . dropbox_cnf("tbl_file") .
" SET uploader_id='" . api_get_user_id() . "' WHERE uploader_id='" . $mailingPseudoId . "'";
$result1 = api_sql_query($sql,__FILE__,__LINE__);
}
}
@ -1034,7 +1034,7 @@ function feedback_form()
// we now check if the other users have not delete this document yet. If this is the case then it is useless to see the
// add feedback since the other users will never get to see the feedback.
$sql="SELECT * FROM `".$dropbox_cnf["personTbl"]."` WHERE file_id='".Database::escape_string($_GET['id'])."'";
$sql="SELECT * FROM ".$dropbox_cnf["tbl_person"]." WHERE file_id='".Database::escape_string($_GET['id'])."'";
$result=api_sql_query($sql,__LINE__, __FILE__);
$number_users_who_see_file=mysql_num_rows($result);
if ($number_users_who_see_file>1)
@ -1070,7 +1070,7 @@ function store_feedback()
}
else
{
$sql="INSERT INTO `".$dropbox_cnf['tbl_feedback']."` (file_id, author_user_id, feedback, feedback_date) VALUES
$sql="INSERT INTO ".$dropbox_cnf['tbl_feedback']." (file_id, author_user_id, feedback, feedback_date) VALUES
('".Database::escape_string($_GET['id'])."','".Database::escape_string($_user['user_id'])."','".Database::escape_string($_POST['feedback'])."',NOW())";
api_sql_query($sql);
return get_lang('DropboxFeedbackStored');
@ -1112,7 +1112,7 @@ function zip_download ($array)
// note: we also have to add the check if the user has received or sent this file. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$sql="SELECT distinct file.filename, file.title, file.author, file.description
FROM `".$dropbox_cnf["fileTbl"]."` file, `".$dropbox_cnf["personTbl"]."` person
FROM ".$dropbox_cnf["tbl_file"]." file, ".$dropbox_cnf["tbl_person"]." person
WHERE file.id IN (".implode(', ',$array).")
AND file.id=person.file_id
AND person.user_id='".$_user['user_id']."'";
@ -1362,7 +1362,7 @@ function get_total_number_feedback($file_id='')
{
global $dropbox_cnf;
$sql="SELECT COUNT(feedback_id) AS total, file_id FROM `".$dropbox_cnf['tbl_feedback']."` GROUP BY file_id";
$sql="SELECT COUNT(feedback_id) AS total, file_id FROM ".$dropbox_cnf['tbl_feedback']." GROUP BY file_id";
$result=api_sql_query($sql, __FILE__, __LINE__);
while ($row=mysql_fetch_array($result))
{

31
main/dropbox/dropbox_init.inc.php
Unescape View File

@ -321,35 +321,4 @@ if(! $is_allowed_in_course || ! $is_courseMember)
}
exit();
}
/**
* ========================================
*       SANITY CHECK
* ========================================
* @todo This has to be moved to the install / update script
*/
if (mysql_query("SELECT * FROM `".$dropbox_cnf['tbl_category']."`")==false)
{
$sql="CREATE TABLE `".$dropbox_cnf['tbl_category']."` (
`cat_id` int(11) NOT NULL auto_increment,
`cat_name` text NOT NULL,
`received` enum('0','1') NOT NULL default '0',
`sent` enum('0','1') NOT NULL default '0',
`user_id` int(11) NOT NULL default '0',
PRIMARY KEY (`cat_id`)
);";
api_sql_query($sql);
}
if (mysql_query("SELECT cat_id FROM `".$dropbox_cnf["fileTbl"]."`")==false)
{
$sql="ALTER TABLE `".$dropbox_cnf["fileTbl"]."`
ADD `cat_id` int(11) NOT NULL default '0'";
api_sql_query($sql);
}
?>

2
main/dropbox/dropbox_submit.php
Unescape View File

@ -527,7 +527,7 @@ if ( isset( $_GET['mailingIndex'])) // examine or send
$sendDT = addslashes(date("Y-m-d H:i:s",time()));
// set filesize to zero on send, to avoid 2nd send (see index.php)
$sql = "UPDATE `".dropbox_cnf("fileTbl")."`
$sql = "UPDATE ".dropbox_cnf("tbl_file")."
SET filesize = '0'
, upload_date = '".$sendDT."', last_upload_date = '".$sendDT."'
WHERE id='".addslashes($mailing_item->id)."'";

4
main/dropbox/index.php
Unescape View File

@ -107,6 +107,10 @@ Version 1.3 (Patrick Cool)
- same action on multiple documents ([zip]download, move, delete)
- consistency with the docuements tool (open/download file, icons of documents, ...)
- zip download of complete folder
Version 1.4 (Yannick Warnier)
-----------------------------
- removed all self-built database tables names
==============================================================================
*/

Write Preview
Loading…
Cancel
Save