chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge

Browse Source
skala
Juan Carlos Raña 14 years ago
parent 02ddcb2900 15abeaff72
commit 28561e9f47
22 changed files with 532 additions and 39 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 0
      main/document/create_draw.php
  2. 158
      main/document/create_paint.php
  3. 7
      main/document/document.inc.php
  4. 28
      main/document/document.php
  5. 9
      main/document/edit_document.php
  6. 4
      main/document/edit_draw.php
  7. 143
      main/document/edit_paint.php
  8. 26
      main/document/exit_pixlr.php
  9. 141
      main/document/save_pixlr.php
  10. BIN
      main/img/canvas1024x768.png
  11. BIN
      main/img/canvas1920x1080.png
  12. BIN
      main/img/canvas800x600.png
  13. 0
      main/img/draw_big.png
  14. BIN
      main/img/new_paint.png
  15. BIN
      main/img/paint_big.png
  16. 2
      main/inc/lib/fckeditor/editor/plugins/ajaxfilemanager/langs/en.php
  17. 2
      main/inc/lib/fckeditor/editor/plugins/ajaxfilemanager/langs/es.php
  18. 2
      main/inc/lib/message.lib.php
  19. 32
      main/inc/lib/svg-edit/extensions/filesave.php
  20. 7
      main/install/db_main.sql
  21. 6
      main/install/migrate-db-1.8.7-1.8.8-pre.sql
  22. 4
      robots.txt

0
main/document/create_drawing.php → main/document/create_draw.php
Unescape View File

158
main/document/create_paint.php
Unescape View File

@ -0,0 +1,158 @@
<?php
/* For licensing terms, see /license.txt */
/**
* This file allows creating audio files from a text.
*
* @package chamilo.document
*
* @author Juan Carlos Raña Trabado
* @since 30/January/2011
* TODO:clean all file
*/
/* INIT SECTION */
$language_file = array('document');
require_once '../inc/global.inc.php';
$_SESSION['whereami'] = 'document/createpaint';
$this_section = SECTION_COURSES;
require_once 'document.inc.php';
require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
$nameTools = get_lang('Paint');
api_protect_course_script();
api_block_anonymous_users();
if (api_get_setting('enabled_support_paint') == 'false'){
api_not_allowed(true);
}
if (!isset($_GET['dir'])){
api_not_allowed(true);
}
$dir = isset($_GET['dir']) ? Security::remove_XSS($_GET['dir']) : Security::remove_XSS($_POST['dir']);
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
//path for pixlr save
$_SESSION['paint_dir']=Security::remove_XSS($_GET['dir']);
if($_SESSION['paint_dir']=='/'){
$_SESSION['paint_dir']='';
}
$_SESSION['paint_file']=get_lang('NewImage');
// Please, do not modify this dirname formatting
if (strstr($dir, '..')) {
$dir = '/';
}
if ($dir[0] == '.') {
$dir = substr($dir, 1);
}
if ($dir[0] != '/') {
$dir = '/'.$dir;
}
if ($dir[strlen($dir) - 1] != '/') {
$dir .= '/';
}
$filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document'.$dir;
if (!is_dir($filepath)) {
$filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document/';
$dir = '/';
}
//groups //TODO: clean
if (isset ($_SESSION['_gid']) && $_SESSION['_gid'] != 0) {
$req_gid = '&amp;gidReq='.$_SESSION['_gid'];
$interbreadcrumb[] = array ("url" => "../group/group_space.php?gidReq=".$_SESSION['_gid'], "name" => get_lang('GroupSpace'));
$noPHP_SELF = true;
$to_group_id = $_SESSION['_gid'];
$group = GroupManager :: get_group_properties($to_group_id);
$path = explode('/', $dir);
if ('/'.$path[1] != $group['directory']) {
api_not_allowed(true);
}
}
$interbreadcrumb[] = array ("url" => "./document.php?curdirpath=".urlencode($_GET['dir']).$req_gid, "name" => get_lang('Documents'));
if (!$is_allowed_in_course) {
api_not_allowed(true);
}
if (!($is_allowed_to_edit || $_SESSION['group_member_with_upload_rights'] || is_my_shared_folder($_user['user_id'], Security::remove_XSS($_GET['dir']),api_get_session_id()))) {
api_not_allowed(true);
}
/* Header */
event_access_tool(TOOL_DOCUMENT);
$display_dir = $dir;
if (isset ($group)) {
$display_dir = explode('/', $dir);
unset ($display_dir[0]);
unset ($display_dir[1]);
$display_dir = implode('/', $display_dir);
}
// Interbreadcrumb for the current directory root path
// Copied from document.php
$dir_array = explode('/', $dir);
$array_len = count($dir_array);
$dir_acum = '';
for ($i = 0; $i < $array_len; $i++) {
$url_dir = 'document.php?&curdirpath='.$dir_acum.$dir_array[$i];
//Max char 80
$url_to_who = cut($dir_array[$i],80);
if ($is_certificate_mode) {
$interbreadcrumb[] = array('url' => $url_dir.'&selectcat='.Security::remove_XSS($_GET['selectcat']), 'name' => $url_to_who);
} else {
$interbreadcrumb[] = array('url' => $url_dir, 'name' => $url_to_who);
}
$dir_acum .= $dir_array[$i].'/';
}
//
Display :: display_header($nameTools, 'Doc');
echo '<div class="actions">';
echo '<a href="document.php?curdirpath='.Security::remove_XSS($_GET['dir']).'">'.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('DocumentsOverview')).get_lang('BackTo').' '.get_lang('DocumentsOverview').'</a>';
echo '</div>';
///pixlr
// max size 1 Mb
$title=urlencode(utf8_encode(get_lang('NewImage')));//TODO:check
//
$image=api_get_path(WEB_IMG_PATH).'canvas1024x768.png';
//
$pixlr_code_translation_table = array('' => 'en', 'pt' => 'pt-Pt', 'sr' => 'sr_latn');
$langpixlr = api_get_language_isocode();
$langpixlr = isset($pixlr_code_translation_table[$langpixlr]) ? $pixlredit_code_translation_table[$langpixlr] : $langpixlr;
$loc=$langpixlr;// deprecated ?? TODO:check pixlr read user browser
$exit_path=api_get_path(WEB_CODE_PATH).'document/exit_pixlr.php';
$_SESSION['exit_pixlr']= Security::remove_XSS($_GET['dir']);
$exit=$exit_path;
$referrer="Chamilo";
$target_path=api_get_path(WEB_CODE_PATH).'document/save_pixlr.php';
$target=$target_path;
$locktarget="true";
$locktitle="false";
echo '<iframe style=\'height: 600px; width: 100%;\' scrolling=\'no\' frameborder=\'0\' src=\'http://pixlr.com/editor/?title='.$title.'&amp;image='.$image.'&amp;loc='.$loc.'&amp;referrer='.$referrer.'&amp;target='.$target.'&amp;exit='.$exit.'&amp;locktarget='.$locktarget.'&amp;locktitle='.$locktitle.'\'>';
echo '</iframe>';
?>

7
main/document/document.inc.php
Unescape View File

@ -380,7 +380,10 @@ function build_edit_icons($curdirpath, $type, $path, $visibility, $id, $is_templ
$modify_icons = '<a href="edit_document.php?'.api_get_cidreq().'&curdirpath='.$curdirpath.'&amp;file='.urlencode($path).$req_gid.'&selectcat='.$gradebook_category.'"><img src="../img/edit.gif" border="0" title="'.get_lang('Modify').'" alt="" /></a>';
}else {
if($extension=='svg' && api_browser_support('svg') && api_get_setting('enabled_support_svg') == 'true'){
$modify_icons = '<a href="edit_drawing.php?'.api_get_cidreq().'&curdirpath='.$curdirpath.'&amp;file='.urlencode($path).$req_gid.'"><img src="../img/edit.gif" border="0" title="'.get_lang('Modify').'" alt="" /></a>';
$modify_icons = '<a href="edit_draw.php?'.api_get_cidreq().'&curdirpath='.$curdirpath.'&amp;file='.urlencode($path).$req_gid.'"><img src="../img/edit.gif" border="0" title="'.get_lang('Modify').'" alt="" /></a>';
}
elseif($extension=='png' || $extension='jpg' || $extension='jpeg' || $extension='bmp' || $extension="pxd" && api_get_setting('enabled_support_pixlr') == 'true'){
$modify_icons = '<a href="edit_paint.php?'.api_get_cidreq().'&curdirpath='.$curdirpath.'&amp;file='.urlencode($path).$req_gid.'"><img src="../img/edit.gif" border="0" title="'.get_lang('Modify').'" alt="" /></a>';
}else{
$modify_icons = '<a href="edit_document.php?'.api_get_cidreq().'&curdirpath='.$curdirpath.'&amp;file='.urlencode($path).$req_gid.'"><img src="../img/edit.gif" border="0" title="'.get_lang('Modify').'" alt="" /></a>';
}
@ -684,7 +687,7 @@ function search_keyword($document_name, $keyword) {
function is_browser_viewable($file_extension) {
static $allowed_extensions = array(
'htm', 'html', 'xhtml', 'gif', 'jpg', 'jpeg', 'png', 'pdf', 'swf', 'mp3', 'mp4', 'ogg', 'ogx', 'oga', 'ogv', 'svg',
'txt', 'log', 'css', 'js',
'txt', 'log',
'mpg', 'mpeg'
);
if (!($result = in_array($file_extension, $allowed_extensions))) { // Assignment + a logical check.

28
main/document/document.php
Unescape View File

@ -921,22 +921,30 @@ if ($is_allowed_to_edit || $group_member_with_upload_rights || is_my_shared_fold
if (api_browser_support('svg')){
?>
<a href="create_drawing.php?<?php echo api_get_cidreq(); ?>&dir=<?php echo $curdirpathurl.$req_gid; ?>">
<a href="create_draw.php?<?php echo api_get_cidreq(); ?>&dir=<?php echo $curdirpathurl.$req_gid; ?>">
<?php Display::display_icon('draw_new.png', get_lang('Draw')); echo get_lang('Draw'); ?></a>&nbsp;
<?php
}else{
Display::display_icon('draw_new_na.png', get_lang('BrowserDontSupportsSVG')); echo get_lang('Draw').'&nbsp;';
}
}
}
// Create new audio
if (api_get_setting('enabled_text2audio') == 'true'){
?>
<a href="create_audio.php?<?php echo api_get_cidreq(); ?>&dir=<?php echo $curdirpathurl.$req_gid; ?>">
<?php Display::display_icon('new_text2audio.png', get_lang('CreateAudio')); echo get_lang('CreateAudio'); ?></a>&nbsp;
<?php
}
// Create new paint
if (api_get_setting('enabled_support_pixlr') == 'true'){
?>
<a href="create_paint.php?<?php echo api_get_cidreq(); ?>&dir=<?php echo $curdirpathurl.$req_gid; ?>">
<?php Display::display_icon('new_paint.png', get_lang('Paint')); echo get_lang('Paint'); ?></a>&nbsp;
<?php
}
// Create new audio
if (api_get_setting('enabled_text2audio') == 'true'){
?>
<a href="create_audio.php?<?php echo api_get_cidreq(); ?>&dir=<?php echo $curdirpathurl.$req_gid; ?>">
<?php Display::display_icon('new_text2audio.png', get_lang('CreateAudio')); echo get_lang('CreateAudio'); ?></a>&nbsp;
<?php
}
}
// Create new certificate
if ($is_certificate_mode) {

9
main/document/edit_document.php
Unescape View File

@ -598,10 +598,13 @@ function show_return($call_from_tool='', $slide_id=0, $is_certificate_mode=false
elseif($call_from_tool=='slideshow'){
echo '<a href="'.api_get_path(WEB_PATH).'main/document/slideshow.php?slide_id='.$slide_id.'&curdirpath='.Security::remove_XSS(urlencode($_GET['curdirpath'])).'">'.Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('ViewSlideshow')).get_lang('BackTo').' '.get_lang('ViewSlideshow').'</a>';
}
elseif($call_from_tool=='editdrawing'){
elseif($call_from_tool=='editdraw'){
echo '<a href="document.php?action=exit_slideshow&curdirpath='.$pathurl.'">'.Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview')).get_lang('BackTo').' '.get_lang('DocumentsOverview').'</a>';
echo '<a href="javascript:history.back(1)">'.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('Draw')).get_lang('BackTo').' '.get_lang('Draw').'</a>';
echo '<a href="javascript:history.back(1)">'.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('Draw')).get_lang('BackTo').' '.get_lang('Draw').'</a>';
}
elseif($call_from_tool=='editpaint'){
echo '<a href="document.php?action=exit_slideshow&curdirpath='.$pathurl.'">'.Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview')).get_lang('BackTo').' '.get_lang('DocumentsOverview').'</a>';
echo '<a href="javascript:history.back(1)">'.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('Paint')).get_lang('BackTo').' '.get_lang('Paint').'</a>';
}
else{
echo '<a href="document.php?action=exit_slideshow&curdirpath='.$pathurl.'">'.Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview')).get_lang('BackTo').' '.get_lang('DocumentsOverview').'</a>&nbsp;';

4
main/document/edit_drawing.php → main/document/edit_draw.php
Unescape View File

@ -109,7 +109,7 @@ Display :: display_header($nameTools, 'Doc');
echo '<div class="actions">';
echo '<a href="document.php?curdirpath='.Security::remove_XSS($_GET['curdirpath']).'">'.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('DocumentsOverview')).get_lang('BackTo').' '.get_lang('DocumentsOverview').'</a>';
echo '<a href="edit_document.php?'.api_get_cidreq().'&curdirpath='.Security::remove_XSS($_GET['curdirpath']).'&amp;file='.urlencode($dir.$file).$req_gid.'&amp;origin=editdrawing">'.Display::return_icon('edit.gif',get_lang('Rename')).get_lang('Rename').', '.get_lang('Comment').'</a>';
echo '<a href="edit_document.php?'.api_get_cidreq().'&curdirpath='.Security::remove_XSS($_GET['curdirpath']).'&amp;file='.urlencode($dir.$file).$req_gid.'&amp;origin=editdraw">'.Display::return_icon('edit.gif',get_lang('Rename')).get_lang('Rename').', '.get_lang('Comment').'</a>';
echo '</div>';
if (api_browser_support('svg')){
@ -120,7 +120,7 @@ if (api_browser_support('svg')){
$langsvgedit = isset($svgedit_code_translation_table[$langsvgedit]) ? $svgedit_code_translation_table[$langsvgedit] : $langsvgedit;
$langsvgedit = file_exists(api_get_path(LIBRARY_PATH).'svg-edit/locale/lang.'.$langsvgedit.'.js') ? $langsvgedit : 'en';
echo '<iframe style=\'height: 500px; width: 100%;\' scrolling=\'no\' frameborder=\'0\' src=\''.api_get_path(WEB_LIBRARY_PATH).'svg-edit/svg-editor.php?url=../../../../courses/'.$courseDir.$dir.$file.'&lang='.$langsvgedit.'\'>';
echo '<iframe style=\'height: 500px; width: 100%;\' scrolling=\'no\' frameborder=\'0\' src=\''.api_get_path(WEB_LIBRARY_PATH).'svg-edit/svg-editor.php?url=../../../../courses/'.$courseDir.$dir.$file.'&amp;lang='.$langsvgedit.'\'>';
echo '</iframe>';
}else{

143
main/document/edit_paint.php
Unescape View File

@ -0,0 +1,143 @@
<?php
/* For licensing terms, see /license.txt */
/**
* This file allows creating new svg and png documents with an online editor.
*
* @package chamilo.document
*
* @author Juan Carlos Raña Trabado
* @since 30/january/2011
*/
/* INIT SECTION */
$language_file = array('document');
require_once '../inc/global.inc.php';
$_SESSION['whereami'] = 'document/editpaint';
$this_section = SECTION_COURSES;
require_once api_get_path(SYS_CODE_PATH).'document/document.inc.php';
require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
//
api_protect_course_script();
api_block_anonymous_users();
if (!isset($_GET['curdirpath']) || !isset($_GET['file'])){
api_not_allowed(true);
}
/* Constants & Variables */
$current_session_id=api_get_session_id();
//path for pixlr save
$_SESSION['paint_dir']=Security::remove_XSS($_GET['curdirpath']);
if($_SESSION['paint_dir']=='/'){
$_SESSION['paint_dir']='';
}
$_SESSION['paint_file']=basename(Security::remove_XSS($_GET['file']));
//
$get_file = Security::remove_XSS($_GET['file']);
$file = basename($get_file);
$temp_file = explode(".",$file);
$filename=$temp_file[0];
$nameTools = get_lang('EditDocument') . ': '.$filename;
$dir = Security::remove_XSS($_GET['curdirpath']);
$courseDir = $_course['path'].'/document';
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
/* Other initialization code */
/* Please, do not modify this dirname formatting */
if (strstr($dir, '..')) {
$dir = '/';
}
if ($dir[0] == '.') {
$dir = substr($dir, 1);
}
if ($dir[0] != '/') {
$dir = '/'.$dir;
}
if ($dir[strlen($dir) - 1] != '/') {
$dir .= '/';
}
$filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document'.$dir;
if (!is_dir($filepath)) {
$filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document/';
$dir = '/';
}
//groups //TODO:clean
if (isset ($_SESSION['_gid']) && $_SESSION['_gid'] != 0) {
$req_gid = '&amp;gidReq='.$_SESSION['_gid'];
$interbreadcrumb[] = array ('url' => '../group/group_space.php?gidReq='.$_SESSION['_gid'], 'name' => get_lang('GroupSpace'));
$group_document = true;
$noPHP_SELF = true;
}
$my_cur_dir_path = Security::remove_XSS($_GET['curdirpath']);
if (!$is_certificate_mode)
$interbreadcrumb[]=array("url"=>"./document.php?curdirpath=".urlencode($my_cur_dir_path).$req_gid, "name"=> get_lang('Documents'));
else
$interbreadcrumb[]= array ( 'url' => '../gradebook/'.$_SESSION['gradebook_dest'], 'name' => get_lang('Gradebook'));
$is_allowedToEdit = is_allowed_to_edit() || $_SESSION['group_member_with_upload_rights'] || is_my_shared_folder($_user['user_id'], $my_cur_dir_path, $current_session_id);
if (!$is_allowedToEdit) {
api_not_allowed(true);
}
event_access_tool(TOOL_DOCUMENT);
Display :: display_header($nameTools, 'Doc');
echo '<div class="actions">';
echo '<a href="document.php?curdirpath='.Security::remove_XSS($_GET['curdirpath']).'">'.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('DocumentsOverview')).get_lang('BackTo').' '.get_lang('DocumentsOverview').'</a>';
echo '<a href="edit_document.php?'.api_get_cidreq().'&curdirpath='.Security::remove_XSS($_GET['curdirpath']).'&amp;file='.urlencode($dir.$file).$req_gid.'&amp;origin=editpaint">'.Display::return_icon('edit.gif',get_lang('Rename')).get_lang('Rename').', '.get_lang('Comment').'</a>';
echo '</div>';
///pixlr
// max size 1 Mb
$title=$file;//disk name. No sql name because pixlr return this when save
$image=urlencode(api_get_path(WEB_COURSE_PATH).$courseDir.$dir.$file);//TODO: only work with public courses
//
$pixlr_code_translation_table = array('' => 'en', 'pt' => 'pt-Pt', 'sr' => 'sr_latn');
$langpixlr = api_get_language_isocode();
$langpixlr = isset($pixlr_code_translation_table[$langpixlr]) ? $pixlredit_code_translation_table[$langpixlr] : $langpixlr;
$loc=$langpixlr;// deprecated ?? TODO:check pixlr read user browser
$exit_path=api_get_path(WEB_CODE_PATH).'document/exit_pixlr.php';
$_SESSION['exit_pixlr']= Security::remove_XSS($_GET['curdirpath']);
$exit=$exit_path;
$referrer="Chamilo";
$target_path=api_get_path(WEB_CODE_PATH).'document/save_pixlr.php';
$target=$target_path;
$locktarget="true";
$locktitle="false";
echo '<iframe style=\'height: 600px; width: 100%;\' scrolling=\'no\' frameborder=\'0\' src=\'http://pixlr.com/editor/?title='.$title.'&amp;image='.$image.'&amp;loc='.$loc.'&amp;referrer='.$referrer.'&amp;target='.$target.'&amp;exit='.$exit.'&amp;locktarget='.$locktarget.'&amp;locktitle='.$locktitle.'\'>';
echo '</iframe>';
Display::display_footer();
?>

26
main/document/exit_pixlr.php
Unescape View File

@ -0,0 +1,26 @@
<?php
/* For licensing terms, see /license.txt */
/**
* This file allows creating new svg and png documents with an online editor.
*
* @package chamilo.document
*
* @author Juan Carlos Raña Trabado
* @since 30/january/2011
*/
require_once '../inc/global.inc.php';
api_protect_course_script();
api_block_anonymous_users();
if (!isset($_SESSION['exit_pixlr'])){
$location=api_get_path(WEB_CODE_PATH).'document/document.php';
echo '<script>top.location.href="'.$location.'"</script>';
api_not_allowed(true);
}
else{
$location=api_get_path(WEB_CODE_PATH).'document/document.php?curdirpath='.Security::remove_XSS($_SESSION['exit_pixlr']);
echo '<script>top.location.href="'.$location.'"</script>';
unset($_SESSION['exit_pixlr']);
}
?>

141
main/document/save_pixlr.php
Unescape View File

@ -0,0 +1,141 @@
<?php
/* For licensing terms, see /license.txt */
/**
* This file allows creating new svg and png documents with an online editor.
*
* @package chamilo.document
*
* @author Juan Carlos Raña Trabado
* @since 30/january/2011
*/
require_once '../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'fileUpload.lib.php';
require_once api_get_path(LIBRARY_PATH).'document.lib.php';
api_protect_course_script();
api_block_anonymous_users();
if(!isset($_GET['title']) && !isset($_GET['type']) && !isset($_GET['image'])) {
api_not_allowed();
die();
}
if(!isset($_SESSION['paint_dir']) || !isset($_SESSION['whereami']) ){
api_not_allowed();//
die();
}
//pixlr return
$filename=Security::remove_XSS($_GET['title']);//The user preferred file name of the image.
$extension=Security::remove_XSS($_GET['type']);//The image type, "pdx", "jpg", "bmp" or "png".
$urlcontents=Security::remove_XSS($_GET['image']);//A URL to the image on Pixlr.com server or the raw file post of the saved image.
//make variables
$title = Database::escape_string(str_replace('_',' ',$filename));
$current_session_id = api_get_session_id();
$groupId=$_SESSION['_gid'];
$relativeUrlPath=$_SESSION['paint_dir'];
$currentTool=$_SESSION['whereami'];
$dirBaseDocuments = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document';
$saveDir=$dirBaseDocuments.$_SESSION['paint_dir'];
$contents = file_get_contents($urlcontents);
//Verify that the URL is pointing to a file @ pixlr.com
if (strpos($urlcontents, "pixlr.com") == 0){
echo "Invalid referrer";
exit;
}
//Verify that the file is an image
$headers = get_headers($urlcontents, 1);
$content_type = explode("/", $headers['Content-Type']);
if ($content_type[0] != "image"){
echo "Invalid file type";
exit;
}
//a bit title security
$filename = addslashes(trim($filename));
$filename = Security::remove_XSS($filename);
$filename = replace_dangerous_char($filename, 'strict');
$filename = disable_dangerous_file($filename);
// a bit extension security
if($extension!= 'jpg' && $extension!= 'png' && $extension!= 'bmp' && $extension!= 'pxd'){
die();
}
//TODO: a bit mime security
//path, file and title
$paintFileName = $filename.'.'.$extension;
$title = $title.'.'.$extension;
if($currentTool=='document/createpaint'){
//check save as and prevent rewrite an older file with same name
if (0 != $groupId){
$group_properties = GroupManager :: get_group_properties($groupId);
$groupPath = $group_properties['directory'];
}
else{
$groupPath ='';
}
if (file_exists($saveDir.'/'.$filename.'.'.$extension)){
$i = 1;
while (file_exists($saveDir.'/'.$filename.'_'.$i.'.'.$extension)) $i++;
$paintFileName = $filename . '_' . $i . '.'.$extension;
$title = $filename . '_' . $i . '.'.$extension;
}
//
$documentPath = $saveDir.'/'.$paintFileName;
//add new document to disk
file_put_contents( $documentPath, $contents );
//add document to database
$doc_id = add_document($_course, $relativeUrlPath.'/'.$paintFileName, 'file', filesize($documentPath), $title);
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $groupId, null, null, null, $current_session_id);
}elseif($currentTool=='document/editpaint'){
$documentPath = $saveDir.'/'.$paintFileName;
//add new document to disk
file_put_contents( $documentPath, $contents );
//check path
if(!isset($_SESSION['paint_file'])){
api_not_allowed();
die();
}
if($_SESSION['paint_file']==$paintFileName){
$document_id = DocumentManager::get_document_id($_course, $relativeUrlPath.'/'.$paintFileName);
update_existing_document($_course, $document_id, filesize($documentPath), null);
api_item_property_update($_course, TOOL_DOCUMENT, $document_id, 'DocumentUpdated', $_user['user_id'], $groupId, null, null, null, $current_session_id);
}else{
//add a new document
$doc_id = add_document($_course, $relativeUrlPath.'/'.$paintFileName, 'file', filesize($documentPath), $title);
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $groupId, null, null, null, $current_session_id);
}
}
//Clean sessions and return to Chamilo file list
unset($_SESSION['paint_dir']);
unset($_SESSION['paint_file']);
unset($_SESSION['whereami']);
if (!isset($_SESSION['exit_pixlr'])){
$location=api_get_path(WEB_CODE_PATH).'document/document.php';
echo '<script>top.location.href="'.$location.'"</script>';
api_not_allowed(true);
}
else{
$location=api_get_path(WEB_CODE_PATH).'document/document.php?curdirpath='.Security::remove_XSS($_SESSION['exit_pixlr']);
echo '<script>top.location.href="'.$location.'"</script>';
unset($_SESSION['exit_pixlr']);
}
?>

BIN
main/img/canvas1024x768.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.9 KiB

BIN
main/img/canvas1920x1080.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
main/img/canvas800x600.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.3 KiB

0
main/img/drawing_big.png → main/img/draw_big.png
Unescape View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 17 KiB

After

Width:  |  Height:  |  Size: 17 KiB

BIN
main/img/new_paint.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.3 KiB

BIN
main/img/paint_big.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

2
main/inc/lib/fckeditor/editor/plugins/ajaxfilemanager/langs/en.php
Unescape View File

@ -117,7 +117,7 @@
define('SEARCH_TYPE_HTML', 'HTML');
define('SEARCH_TYPE_VIDEO', 'Video');
define('SEARCH_TYPE_MOVIE', 'Movie');
define('SEARCH_TYPE_MUSIC', 'Music');
define('SEARCH_TYPE_MUSIC', 'Audio');
define('SEARCH_TYPE_FLASH', 'Flash');
define('SEARCH_TYPE_PPT', 'PowerPoint');
define('SEARCH_TYPE_DOC', 'Document');

2
main/inc/lib/fckeditor/editor/plugins/ajaxfilemanager/langs/es.php
Unescape View File

@ -113,7 +113,7 @@
define('SEARCH_TYPE_HTML', 'HTML');
define('SEARCH_TYPE_VIDEO', 'Video');
define('SEARCH_TYPE_MOVIE', 'Pelicula');
define('SEARCH_TYPE_MUSIC', 'Musica');
define('SEARCH_TYPE_MUSIC', 'Audio');
define('SEARCH_TYPE_FLASH', 'Flash');
define('SEARCH_TYPE_PPT', 'PowerPoint');
define('SEARCH_TYPE_DOC', 'Documento');

2
main/inc/lib/message.lib.php
Unescape View File

@ -954,7 +954,7 @@ class MessageManager
$html_items.= '<div class="message-group-title">'.Security::remove_XSS($item['title']).'&nbsp;</div>';
$image_path = UserManager::get_user_picture_path_by_id($topic['user_sender_id'], 'web', false, true); $image_repository = $image_path['dir'];
$existing_image = $image_path['file'];
$html_items.= '<div class="message-group-author"><img src="'.$image_repository.$existing_image.'" alt="'.$name.'" width="44" height="44" title="'.$name.'" />&nbsp;<a href="'.api_get_path(WEB_PATH).'main/social/profile.php?u='.$item['user_sender_id'].'">'.$name.'&nbsp;</a></div>';
$html_items.= '<div class="message-group-author"><img src="'.$image_repository.$existing_image.'" alt="'.$name.'" width="32" height="32" title="'.$name.'" />&nbsp;<a href="'.api_get_path(WEB_PATH).'main/social/profile.php?u='.$item['user_sender_id'].'">'.$name.'&nbsp;</a></div>';
$html_items.= '<div class="message-group-content">'.$item['content'].'</div>';
if ($item['send_date'] != $item['update_date']) {

32
main/inc/lib/svg-edit/extensions/filesave.php
Unescape View File

@ -17,13 +17,14 @@ $language_file = array('document');//Chamilo load lang var
//Chamilo load libraries
require_once '../../../../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'fileUpload.lib.php';
require_once api_get_path(LIBRARY_PATH).'document.lib.php';
//Add security from Chamilo
api_protect_course_script();
api_block_anonymous_users();
if(!isset($_POST['output_svg']) && !isset($_POST['output_png'])) {
api_not_allowed(false);//from Chamilo
api_not_allowed();//from Chamilo
die();
}
@ -63,9 +64,8 @@ $title = Database::escape_string(str_replace('_',' ',$filename));
//get Chamilo variables
if(!isset($_SESSION['draw_dir']) || !isset($_SESSION['whereami']) )
{
api_not_allowed(false);//from Chamilo
if(!isset($_SESSION['draw_dir']) && !isset($_SESSION['whereami'])){
api_not_allowed();//from Chamilo
die();
}
@ -83,8 +83,12 @@ $filename = Security::remove_XSS($filename);
$filename = replace_dangerous_char($filename, 'strict');
$filename = disable_dangerous_file($filename);
//a bit mime security
// a bit extension
if($suffix!= 'svg' && $suffix!= 'png'){
die();
}
//a bit mime security
if (phpversion() >= '5.3') {
$finfo = new finfo(FILEINFO_MIME);
$current_mime=$finfo->buffer($contents);
@ -94,18 +98,12 @@ if (phpversion() >= '5.3') {
$mime_xml='application/xml';//hack for svg-edit because original code return application/xml; charset=us-ascii. See
if(strpos($current_mime, $mime_png)===false && $extension=='png')
{
//die();//File extension does not match its content //disabled to check into chamilo dev campus
//die();//File extension does not match its content //disabled to check into chamilo dev campus TODO:check
}elseif(strpos($current_mime, $mime_svg)===false && strpos($current_mime, $mime_xml)===false && $extension=='svg')
{
//die();//File extension does not match its content //disabled to check into chamilo dev campus TODO:enabled
//die();//File extension does not match its content //disabled to check into chamilo dev campus TODO:check
}
}else{
if($suffix!= 'svg' || $suffix!= 'png')
{
//die();//disabled to check into chamilo dev campus
}
}
//checks if the file exists, then rename the new
@ -132,7 +130,7 @@ if($currentTool=='document/createdraw'){
//check path
if(!isset($_SESSION['draw_file'])){
api_not_allowed(false);//from Chamilo
api_not_allowed();//from Chamilo
die();
}
if($_SESSION['draw_file']==$drawFileName){
@ -146,7 +144,11 @@ if($currentTool=='document/createdraw'){
}
}
//add messages and return to current document list
//clean sessions and add messages and return to current document list
unset($_SESSION['draw_dir']);
unset($_SESSION['draw_file']);
unset($_SESSION['whereami']);
echo '<script language="javascript" type="text/javascript">';
if($suffix!= 'png'){
if($relativeUrlPath==''){$relativeUrlPath='/';};

7
main/install/db_main.sql
Unescape View File

@ -815,7 +815,8 @@ VALUES
('course_hide_tools','tracking','checkbox','Tools','false','CourseHideToolsTitle','CourseHideToolsComment',NULL,'Stats',1),
('course_hide_tools','course_maintenance','checkbox','Tools','false','CourseHideToolsTitle','CourseHideToolsComment',NULL,'Maintenance',1),
('course_hide_tools','course_setting','checkbox','Tools','false','CourseHideToolsTitle','CourseHideToolsComment',NULL,'CourseSettings',1),
('chamilo_database_version', NULL,'textfield', NULL, '1.8.8.13330','DokeosDatabaseVersion','', NULL, NULL, 0);
('enabled_support_pixlr',NULL,'radio','Tools','false','EnabledPixlrTitle','EnabledPixlrComment',NULL,NULL, 0),
('chamilo_database_version',NULL,'textfield',NULL, '1.8.8.13330','DokeosDatabaseVersion','', NULL, NULL, 0);
UNLOCK TABLES;
@ -1069,7 +1070,9 @@ VALUES
('show_chat_folder','true','Yes'),
('show_chat_folder','false','No'),
('enabled_text2audio','true','Yes'),
('enabled_text2audio','false','No');
('enabled_text2audio','false','No'),
('enabled_support_pixlr','true','Yes'),
('enabled_support_pixlr','false','No');
UNLOCK TABLES;

6
main/install/migrate-db-1.8.7-1.8.8-pre.sql
Unescape View File

@ -72,7 +72,7 @@ INSERT INTO settings_options (variable, value, display_text) VALUES ('enabled_go
INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url_changeable) VALUES ('enabled_imgmap',NULL,'radio','Editor','true','EnabledImageMapsTitle','EnabledImageMapsComment',NULL,NULL, 0);
INSERT INTO settings_options (variable, value, display_text) VALUES ('enabled_imgmap', 'true', 'Yes');
INSERT INTO settings_options (variable, value, display_text) VALUES ('enabled_imgmap', 'false', 'No');
INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url_changeable) VALUES ('enabled_support_svg',NULL,'radio','Editor','true','EnabledSVGTitle','EnabledSVGComment',NULL,NULL, 0);
INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url_changeable) VALUES ('enabled_support_svg',NULL,'radio','Tools','true','EnabledSVGTitle','EnabledSVGComment',NULL,NULL, 0);
INSERT INTO settings_options (variable, value, display_text) VALUES ('enabled_support_svg', 'true', 'Yes');
INSERT INTO settings_options (variable, value, display_text) VALUES ('enabled_support_svg', 'false', 'No');
@ -142,6 +142,10 @@ INSERT INTO settings_current (variable, subkey, type, category, selected_value,
INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url_changeable) VALUES ('course_hide_tools','course_maintenance','checkbox','Tools','false','CourseHideToolsTitle','CourseHideToolsComment',NULL,'Maintenance',1);
INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url_changeable) VALUES ('course_hide_tools','course_setting','checkbox','Tools','false','CourseHideToolsTitle','CourseHideToolsComment',NULL,'CourseSettings',1);
INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url_changeable) VALUES ('enabled_support_pixlr',NULL,'radio','Tools','false','EnabledPixlrTitle','EnabledPixlrComment',NULL,NULL, 0);
INSERT INTO settings_options (variable, value, display_text) VALUES ('enabled_support_pixlr', 'true', 'Yes');
INSERT INTO settings_options (variable, value, display_text) VALUES ('enabled_support_pixlr', 'false', 'No');
UPDATE settings_current SET selected_value = '1.8.8.13330' WHERE variable = 'chamilo_database_version';
-- xxSTATSxx

4
robots.txt
Unescape View File

@ -28,4 +28,6 @@ Disallow: /tests/
# Files
Disallow: /license.txt
Disallow: /README.txt
Disallow: /webchatdeny.php
Disallow: /webchatdeny.php
Disallow: /whoisonline.php
Disallow: /whoisonlinesession.php
Write Preview
Loading…
Cancel
Save