diff --git a/main/document/document.php b/main/document/document.php index dd3e777ab0..e64d668402 100755 --- a/main/document/document.php +++ b/main/document/document.php @@ -1,5 +1,6 @@ function check_unzip() { - if(document.upload.unzip.checked){ + if (document.upload.unzip.checked){ document.upload.if_exists[0].disabled=true; document.upload.if_exists[1].checked=true; document.upload.if_exists[2].disabled=true; @@ -62,9 +60,9 @@ function check_unzip() { } function advanced_parameters() { - if(document.getElementById(\'options\').style.display == \'none\') { - document.getElementById(\'options\').style.display = \'block\'; - document.getElementById(\'img_plus_and_minus\').innerHTML=\'  '.get_lang('AdvancedParameters').'\'; + if (document.getElementById(\'options\').style.display == \'none\') { + document.getElementById(\'options\').style.display = \'block\'; + document.getElementById(\'img_plus_and_minus\').innerHTML=\'  '.get_lang('AdvancedParameters').'\'; } else { document.getElementById(\'options\').style.display = \'none\'; document.getElementById(\'img_plus_and_minus\').innerHTML=\'  '.get_lang('AdvancedParameters').'\'; @@ -109,19 +107,35 @@ $base_work_dir = $sys_course_path.$courseDir; $sessionId = api_get_session_id(); $selectcat = isset($_GET['selectcat']) ? Security::remove_XSS($_GET['selectcat']) : null; -$document_data = DocumentManager::get_document_data_by_id($_REQUEST['id'], api_get_course_id(), true, $sessionId); +$document_data = DocumentManager::get_document_data_by_id( + $_REQUEST['id'], + api_get_course_id(), + true, + $sessionId +); + if ($sessionId != 0 && !$document_data) { - $document_data = DocumentManager::get_document_data_by_id($_REQUEST['id'], api_get_course_id(), true, 0); + $document_data = DocumentManager::get_document_data_by_id( + $_REQUEST['id'], + api_get_course_id(), + true, + 0 + ); } + if (empty($document_data)) { $document_id = $parent_id = 0; $path = '/'; } else { - $document_id = $document_data['id']; - $path = $document_data['path']; - $parent_id = DocumentManager::get_document_id(api_get_course_info(), dirname($path)); + $document_id = $document_data['id']; + $path = $document_data['path']; + $parent_id = DocumentManager::get_document_id( + api_get_course_info(), + dirname($path) + ); } $group_properties = array(); + // This needs cleaning! if (api_get_group_id()) { // If the group id is set, check if the user has the right to be here @@ -130,7 +144,8 @@ if (api_get_group_id()) { // Get group info $group_properties = GroupManager::get_group_properties(api_get_group_id()); - if ($is_allowed_to_edit || GroupManager::is_user_in_group($_user['user_id'], api_get_group_id())) { // Only courseadmin or group members allowed + // Only courseadmin or group members allowed + if ($is_allowed_to_edit || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) { $to_group_id = api_get_group_id(); $req_gid = '&gidReq='.api_get_group_id(); $interbreadcrumb[] = array('url' => '../group/group_space.php?gidReq='.api_get_group_id(), 'name' => get_lang('GroupSpace')); @@ -142,7 +157,8 @@ if (api_get_group_id()) { // Admin for "regular" upload, no group documents. And check if is my shared folder $to_group_id = 0; $req_gid = ''; -} else { // No course admin and no group member... +} else { + // No course admin and no group member... api_not_allowed(true); } @@ -161,7 +177,8 @@ if ($is_certificate_array[0] == 'certificates') { // Title of the tool $add_group_to_title = null; -if ($to_group_id != 0) { // Add group name after for group documents +if ($to_group_id != 0) { + // Add group name after for group documents $add_group_to_title = ' ('.$group_properties['name'].')'; } if (isset($_REQUEST['certificate'])) { @@ -195,7 +212,16 @@ Display::display_header($nameTools, 'Doc'); // User has submitted a file if (!empty($_FILES)) { - DocumentManager::upload_document($_FILES, $_POST['curdirpath'], $_POST['title'], $_POST['comment'], $_POST['unzip'], $_POST['if_exists'], $_POST['index_document'], true); + DocumentManager::upload_document( + $_FILES, + $_POST['curdirpath'], + $_POST['title'], + $_POST['comment'], + $_POST['unzip'], + $_POST['if_exists'], + $_POST['index_document'], + true + ); } // Actions @@ -215,7 +241,11 @@ echo ''; // Form to select directory $folders = DocumentManager::get_all_document_folders($_course, $to_group_id, $is_allowed_to_edit); if (!$is_certificate_mode) { - echo build_directory_selector($folders, $document_id, (isset($group_properties['directory']) ? $group_properties['directory'] : array())); + echo build_directory_selector( + $folders, + $document_id, + (isset($group_properties['directory']) ? $group_properties['directory'] : array()) + ); } $action = api_get_self().'?'.api_get_cidreq().'&id='.$document_id; @@ -225,11 +255,9 @@ $form->addElement('hidden', 'id', $document_id); $form->addElement('hidden', 'curdirpath', $path); $course_quota = format_file_size(DocumentManager::get_course_quota() - DocumentManager::documents_total_space()); - $label = get_lang('MaxFileSize').': '.ini_get('upload_max_filesize').'
'.get_lang('DocumentQuota').': '.$course_quota; $form->addElement('file', 'file', array(get_lang('File'), $label), 'style="width: 250px" id="user_upload"'); - $form->addElement('text', 'title', get_lang('Title'), array('size' => '20', 'style' => 'width:300px', 'id' => 'title_file')); $form->addElement('textarea', 'comment', get_lang('Comment'), 'wrap="virtual" style="width:300px;"'); @@ -274,8 +302,6 @@ $simple_form = $form->return_form(); $url = api_get_path(WEB_AJAX_PATH).'document.ajax.php?'.api_get_cidreq().'&a=upload_file'; $multiple_form = get_lang('ClickToSelectOrDragAndDropMultipleFilesOnTheUploadField').'
'; -//Adding icon replace the
'.get_lang('UploadFiles').'
with this: -//
'.Display::div(Display::return_icon('folder_document.png', '', array(), 64), array('style'=>'float:left')).' '.get_lang('UploadFiles').'
$multiple_form .= '
diff --git a/main/inc/ajax/document.ajax.php b/main/inc/ajax/document.ajax.php index 10db8adb9b..f94be44a42 100755 --- a/main/inc/ajax/document.ajax.php +++ b/main/inc/ajax/document.ajax.php @@ -7,20 +7,21 @@ require_once '../global.inc.php'; require_once api_get_path(LIBRARY_PATH).'document.lib.php'; $action = $_REQUEST['a']; -switch($action) { +switch ($action) { case 'upload_file': api_protect_course_script(true); //User access same as upload.php $is_allowed_to_edit = api_is_allowed_to_edit(null, true); // This needs cleaning! if (api_get_group_id()) { - // Only courseadmin or group members allowed + // Only course admin or group members allowed if ($is_allowed_to_edit || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) { } else { exit; } } elseif ($is_allowed_to_edit || is_my_shared_folder(api_get_user_id(), $_POST['curdirpath'], api_get_session_id())) { - } else { // No course admin and no group member... + } else { + // No course admin and no group member... exit; } @@ -60,7 +61,12 @@ switch($action) { case 'document_preview': $course_info = api_get_course_info_by_id($_REQUEST['course_id']); if (!empty($course_info) && is_array($course_info)) { - echo DocumentManager::get_document_preview($course_info, false, '_blank', $_REQUEST['session_id']); + echo DocumentManager::get_document_preview( + $course_info, + false, + '_blank', + $_REQUEST['session_id'] + ); } break; } diff --git a/main/inc/ajax/model.ajax.php b/main/inc/ajax/model.ajax.php index e2e89a78f5..12d9ac393e 100755 --- a/main/inc/ajax/model.ajax.php +++ b/main/inc/ajax/model.ajax.php @@ -551,7 +551,6 @@ switch ($action) { } break; case 'get_work_teacher': - //$columns = array('type', 'title', 'sent_date', 'expires_on', 'ends_on', 'actions'); $columns = array('type', 'title', 'sent_date', 'expires_on', 'amount', 'actions'); $result = getWorkListTeacher($start, $limit, $sidx, $sord, $whereCondition); break; diff --git a/main/inc/lib/course.lib.php b/main/inc/lib/course.lib.php index 55b67a3b3d..ffeddbb5d6 100755 --- a/main/inc/lib/course.lib.php +++ b/main/inc/lib/course.lib.php @@ -1315,13 +1315,12 @@ class CourseManager $filterByActive = null ) { // variable initialisation - $session_id = intval($session_id); - $course_code = Database::escape_string($course_code); - $where = array(); + $session_id = intval($session_id); + $course_code = Database::escape_string($course_code); + $where = array(); // if the $order_by does not contain 'ORDER BY' we have to check if it is a valid field that can be sorted on if (!strstr($order_by,'ORDER BY')) { - //if (!empty($order_by) AND in_array($order_by, array('lastname', 'firstname', 'username', 'email', 'official_code'))) { $order_by = Database::escape_string($order_by); if (!empty($order_by)) { $order_by = 'ORDER BY '.$order_by; @@ -1339,9 +1338,10 @@ class CourseManager } $sql .= ' FROM '.Database::get_main_table(TABLE_MAIN_USER).' as user '; $sql .= ' LEFT JOIN '.Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER).' as session_course_user - ON user.user_id = session_course_user.id_user - AND session_course_user.course_code="'.$course_code.'" - AND session_course_user.id_session = '.$session_id; + ON + user.user_id = session_course_user.id_user AND + session_course_user.course_code="'.$course_code.'" AND + session_course_user.id_session = '.$session_id; $where[] = ' session_course_user.course_code IS NOT NULL '; // 2 = coach @@ -1429,6 +1429,7 @@ class CourseManager } $sql .= ' '.$order_by.' '.$limit; + $rs = Database::query($sql); $users = array(); diff --git a/main/inc/lib/fileUpload.lib.php b/main/inc/lib/fileUpload.lib.php index 505d675ca0..8c2d9266a5 100755 --- a/main/inc/lib/fileUpload.lib.php +++ b/main/inc/lib/fileUpload.lib.php @@ -86,7 +86,8 @@ function get_document_title($name) { * @param array $uploaded_file ($_FILES) * @return true if upload succeeded */ -function process_uploaded_file($uploaded_file, $show_output = true) { +function process_uploaded_file($uploaded_file, $show_output = true) +{ // Checking the error code sent with the file upload. if (isset($uploaded_file['error'])) { switch ($uploaded_file['error']) { @@ -95,6 +96,7 @@ function process_uploaded_file($uploaded_file, $show_output = true) { if ($show_output) { Display::display_error_message(get_lang('UplExceedMaxServerUpload').ini_get('upload_max_filesize')); } + return false; case 2: // The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form. @@ -103,27 +105,30 @@ function process_uploaded_file($uploaded_file, $show_output = true) { if ($show_output) { Display::display_error_message(get_lang('UplExceedMaxPostSize'). format_file_size($max_file_size)); } + return false; case 3: // The uploaded file was only partially uploaded. if ($show_output) { Display::display_error_message(get_lang('UplPartialUpload').' '.get_lang('PleaseTryAgain')); } + return false; case 4: // No file was uploaded. if ($show_output) { Display::display_error_message(get_lang('UplNoFileUploaded').' '. get_lang('UplSelectFileFirst')); } + return false; } } - if (!file_exists($uploaded_file['tmp_name'])) { - // No file was uploaded. - if ($show_output) { + if (!file_exists($uploaded_file['tmp_name'])) { + // No file was uploaded. + if ($show_output) { Display::display_error_message(get_lang('UplUploadFailed')); - } + } return false; } @@ -152,8 +157,8 @@ function process_uploaded_file($uploaded_file, $show_output = true) { } } - // case 0: default: We assume there is no error, the file uploaded with success. - return true; + // case 0: default: We assume there is no error, the file uploaded with success. + return true; } /** @@ -173,7 +178,7 @@ function process_uploaded_file($uploaded_file, $show_output = true) { * @param int $unzip 1/0 * @param string $what_if_file_exists overwrite, rename or warn if exists (default) * @param boolean Optional output parameter. So far only use for unzip_uploaded_document function. If no output wanted on success, set to false. - * @return path of the saved file + * @return string path of the saved file */ function handle_uploaded_document( $_course, @@ -189,14 +194,14 @@ function handle_uploaded_document( $onlyUploadFile = false ) { if (!$user_id) { - die('Not a valid user.'); + return false; } // Strip slashes $uploaded_file['name'] = stripslashes($uploaded_file['name']); // Add extension to files without one (if possible) $uploaded_file['name'] = add_ext_on_mime($uploaded_file['name'], $uploaded_file['type']); - $current_session_id = api_get_session_id(); + $current_session_id = api_get_session_id(); // Just in case process_uploaded_file is not called $max_filled_space = DocumentManager::get_course_quota(); @@ -252,11 +257,14 @@ function handle_uploaded_document( if (!is_dir($where_to_save)) { if (!mkdir($where_to_save, api_get_permissions_for_new_directories())) { if ($output) { - Display::display_error_message(get_lang('DestDirectoryDoesntExist').' ('.$upload_path.')'); + Display::display_error_message( + get_lang('DestDirectoryDoesntExist').' ('.$upload_path.')' + ); } return false; } } + // Full path of the destination $store_path = $where_to_save.$clean_name; @@ -266,6 +274,7 @@ function handle_uploaded_document( $file_size = $uploaded_file['size']; $files_perm = api_get_permissions_for_new_files(); + // Just upload file. if ($onlyUploadFile) { $errorResult = moveUploadedFile($uploaded_file, $store_path); if ($errorResult) { @@ -275,7 +284,11 @@ function handle_uploaded_document( } } - $docId = DocumentManager::get_document_id($_course, $file_path, $current_session_id); + $docId = DocumentManager::get_document_id( + $_course, + $file_path, + $current_session_id + ); // What to do if the target file exists switch ($what_if_file_exists) { @@ -313,7 +326,18 @@ function handle_uploaded_document( } else { // There might be cases where the file exists on disk but there is no registration of that in the database // In this case, and if we are in overwrite mode, overwrite and create the db record - $document_id = add_document($_course, $file_path, 'file', $file_size, $document_name, null, 0, true, null, $current_session_id); + $document_id = add_document( + $_course, + $file_path, + 'file', + $file_size, + $document_name, + null, + 0, + true, + null, + $current_session_id + ); if ($document_id) { // Put the document in item_property update api_item_property_update( @@ -337,12 +361,26 @@ function handle_uploaded_document( item_property_update_on_folder($_course, $upload_path, $user_id); // Display success message with extra info to user if ($output) { - Display::display_confirmation_message(get_lang('UplUploadSucceeded').'
'.$file_path .' '. get_lang('UplFileOverwritten'), false); + Display::display_confirmation_message( + get_lang('UplUploadSucceeded') . '
' . $file_path . ' ' . get_lang('UplFileOverwritten'), + false + ); } return $file_path; } else { // Put the document data in the database - $document_id = add_document($_course, $file_path, 'file', $file_size, $document_name, null, 0, true, null, $current_session_id); + $document_id = add_document( + $_course, + $file_path, + 'file', + $file_size, + $document_name, + null, + 0, + true, + null, + $current_session_id + ); if ($document_id) { // Put the document in item_property update api_item_property_update( @@ -394,7 +432,16 @@ function handle_uploaded_document( chmod($store_path, $files_perm); // Put the document data in the database - $document_id = add_document($_course, $new_file_path, 'file', $file_size, $document_name, null, 0, true); + $document_id = add_document( + $_course, + $new_file_path, + 'file', + $file_size, + $document_name, + null, + 0, + true + ); if ($document_id) { // Update document item_property api_item_property_update( @@ -418,7 +465,10 @@ function handle_uploaded_document( // Display success message to user if ($output) { - Display::display_confirmation_message(get_lang('UplUploadSucceeded').'
'.get_lang('UplFileSavedAs').$new_file_path, false); + Display::display_confirmation_message( + get_lang('UplUploadSucceeded') . '
' . get_lang('UplFileSavedAs') . $new_file_path, + false + ); } return $new_file_path; } else {