From 2c664f1691c28871f697a1b8778c653f4e93fe40 Mon Sep 17 00:00:00 2001 From: jmontoyaa Date: Mon, 5 Sep 2016 11:18:45 +0200 Subject: [PATCH] Use group.iid --- main/document/document.php | 27 ++++++++++--------- main/inc/lib/document.lib.php | 6 ++--- .../svgedit/extensions/imagelib/groups.php | 3 ++- 3 files changed, 19 insertions(+), 17 deletions(-) diff --git a/main/document/document.php b/main/document/document.php index 41ccbc719c..8db9f68b3c 100755 --- a/main/document/document.php +++ b/main/document/document.php @@ -258,7 +258,7 @@ switch ($action) { $base_work_dir, $sessionId, $_GET['deleteid'], - $groupId + $groupIid ); if ($deleteDocument) { @@ -431,7 +431,7 @@ switch ($action) { if (!isset($_GET['copy'])) { Display::addFlash(Display::return_message($message, 'warning', false)); } - if (Security::remove_XSS($_GET['copy']) == 'yes') { + if ($_GET['copy'] === 'yes') { if (!copy($file, $copyfile)) { Display::addFlash(Display::return_message(get_lang('CopyFailed'), 'error')); } else { @@ -578,7 +578,7 @@ if (isset($document_id) && empty($action)) { api_get_course_id(), $sessionId, api_get_user_id(), - $groupId + $groupIid ); if (!empty($document_data['filetype']) && $document_data['filetype'] == 'file') { @@ -903,10 +903,11 @@ $htmlHeadXtra[] = ''; $mediaplayer_path = api_get_path(WEB_LIBRARY_PATH).'mediaplayer/player.swf'; +$groupIid = isset($group_properties['iid']) ? $group_properties['iid'] : 0; $documentAndFolders = DocumentManager::get_all_document_data( $courseInfo, $curdirpath, - $groupId, + $groupIid, null, $is_allowed_to_edit || $group_member_with_upload_rights, false @@ -1010,7 +1011,7 @@ if ($is_allowed_to_edit || if (!empty($document_to_move)) { $folders = DocumentManager::get_all_document_folders( $courseInfo, - $groupId, + $groupIid, $is_allowed_to_edit || $group_member_with_upload_rights ); @@ -1094,7 +1095,7 @@ if ($is_allowed_to_edit || $doc_id, 'FolderMoved', api_get_user_id(), - $groupId, + $groupIid, null, null, null, @@ -1108,7 +1109,7 @@ if ($is_allowed_to_edit || $doc_id, 'DocumentMoved', api_get_user_id(), - $groupId, + $groupIid, null, null, null, @@ -1234,7 +1235,7 @@ if ($is_allowed_to_edit || $base_work_dir, $sessionId, $documentId, - $groupId + $groupIid ); if (!empty($deleteDocument)) { $messages .= Display::return_message( @@ -1301,7 +1302,7 @@ if ($is_allowed_to_edit || $courseInfo, api_get_user_id(), $sessionId, - $groupId, + $groupIid, $to_user_id, $base_work_dir, $dir_name, @@ -1512,7 +1513,7 @@ if (isset($_GET['keyword']) && !empty($_GET['keyword'])) { $documentAndFolders = DocumentManager::get_all_document_data( $courseInfo, $curdirpath, - $groupId, + $groupIid, null, $is_allowed_to_edit || $group_member_with_upload_rights, true @@ -1521,7 +1522,7 @@ if (isset($_GET['keyword']) && !empty($_GET['keyword'])) { $documentAndFolders = DocumentManager::get_all_document_data( $courseInfo, $curdirpath, - $groupId, + $groupIid, null, $is_allowed_to_edit || $group_member_with_upload_rights, false @@ -1537,14 +1538,14 @@ if ($groupId != 0) { if ($userAccess) { $folders = DocumentManager::get_all_document_folders( $courseInfo, - $groupId, + $groupIid, $is_allowed_to_edit || $group_member_with_upload_rights ); } } else { $folders = DocumentManager::get_all_document_folders( $courseInfo, - $groupId, + $groupIid, $is_allowed_to_edit || $group_member_with_upload_rights ); } diff --git a/main/inc/lib/document.lib.php b/main/inc/lib/document.lib.php index f4e111eca1..f2fb7e4c10 100755 --- a/main/inc/lib/document.lib.php +++ b/main/inc/lib/document.lib.php @@ -739,7 +739,7 @@ class DocumentManager * can show all folders (except for the deleted ones) or only visible ones * * @param array $_course - * @param int $to_group_id + * @param int $to_group_id iid * @param boolean $can_see_invisible * * @return array with paths @@ -1113,7 +1113,7 @@ class DocumentManager * @param string $base_work_dir, path to the documents folder (if not defined, $documentId must be used) * @param int $sessionId The ID of the session, if any * @param int $documentId The document id, if available - * @param int $groupId + * @param int $groupId iid * @return boolean true/false * @todo now only files/folders in a folder get visibility 2, we should rename them too. * @todo We should be able to get rid of this later when using only documentId (check further usage) @@ -1124,7 +1124,7 @@ class DocumentManager $base_work_dir = null, $sessionId = null, $documentId = null, - $groupId = null + $groupId = 0 ) { $TABLE_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT); diff --git a/main/inc/lib/javascript/svgedit/extensions/imagelib/groups.php b/main/inc/lib/javascript/svgedit/extensions/imagelib/groups.php index fa5db51a63..380890740d 100644 --- a/main/inc/lib/javascript/svgedit/extensions/imagelib/groups.php +++ b/main/inc/lib/javascript/svgedit/extensions/imagelib/groups.php @@ -16,6 +16,7 @@ $course_info = api_get_course_info(); $groupId = api_get_group_id(); $group_properties = GroupManager::get_group_properties($groupId); +$groupIid = isset($group_properties['iid']) ? $group_properties['iid'] : 0; $groupdirpath = $group_properties['directory']; $group_disk_path = api_get_path(SYS_COURSE_PATH).$course_info['path'].'/document'.$groupdirpath.'/'; $group_web_path = api_get_path(WEB_COURSE_PATH).$course_info['path'].'/document'.$groupdirpath.'/'; @@ -24,7 +25,7 @@ $group_web_path = api_get_path(WEB_COURSE_PATH).$course_info['path'].'/document' $docs_and_folders = DocumentManager::get_all_document_data( $course_info, $groupdirpath, - api_get_group_id(), + $groupIid, null, $is_allowed_to_edit, false