chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Change ticket attachment upload folder see BT#13697

Browse Source 
- File attachments were uploaded in the cache folder instead of a
fixed upload folder. Now ticket attachments are saved inside
app/upload/ticket_attachment
- Requires testing
pull/3063/head
Julio 8 years ago committed by Nicolas Ducoulombier
parent 536cb6ead7
commit 485b6caed5
5 changed files with 219 additions and 73 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 65
      main/inc/lib/TicketManager.php
  2. 40
      main/inc/lib/api.lib.php
  3. 6
      main/inc/lib/message.lib.php
  4. 38
      main/ticket/download.php
  5. 97
      src/Chamilo/TicketBundle/Entity/MessageAttachment.php

65
main/inc/lib/TicketManager.php
Unescape View File

@ -275,7 +275,7 @@ class TicketManager
* @param string $subject
* @param string $content
* @param string $personalEmail
* @param $file_attachments
* @param array $fileAttachments
* @param string $source
* @param string $priority
* @param string $status
@ -292,7 +292,7 @@ class TicketManager
$subject,
$content,
$personalEmail = '',
$file_attachments = [],
$fileAttachments = [],
$source = '',
$priority = '',
$status = '',
@ -397,9 +397,9 @@ class TicketManager
));
}
if (!empty($file_attachments)) {
if (!empty($fileAttachments)) {
$attachmentCount = 0;
foreach ($file_attachments as $attach) {
foreach ($fileAttachments as $attach) {
if (!empty($attach['tmp_name'])) {
$attachmentCount++;
}
@ -409,7 +409,7 @@ class TicketManager
$ticketId,
'',
'',
$file_attachments,
$fileAttachments,
$currentUserId
);
}
@ -613,7 +613,7 @@ class TicketManager
* @param int $ticketId
* @param string $subject
* @param string $content
* @param array $file_attachments
* @param array $fileAttachments
* @param int $userId
* @param string $status
* @param bool $sendConfirmation
@ -624,7 +624,7 @@ class TicketManager
$ticketId,
$subject,
$content,
$file_attachments,
$fileAttachments,
$userId,
$status = 'NOL',
$sendConfirmation = false
@ -670,10 +670,10 @@ class TicketManager
WHERE id = $ticketId ";
Database::query($sql);
if (is_array($file_attachments)) {
foreach ($file_attachments as $file_attach) {
if (is_array($fileAttachments)) {
foreach ($fileAttachments as $file_attach) {
if ($file_attach['error'] == 0) {
self::save_message_attachment_file(
self::saveMessageAttachmentFile(
$file_attach,
$ticketId,
$messageId
@ -697,7 +697,7 @@ class TicketManager
* @param $message_id
* @return array
*/
public static function save_message_attachment_file(
public static function saveMessageAttachmentFile(
$file_attach,
$ticketId,
$message_id
@ -717,18 +717,10 @@ class TicketManager
'error'
);
} else {
$new_file_name = uniqid('');
$path_attachment = api_get_path(SYS_ARCHIVE_PATH);
$path_message_attach = $path_attachment.'plugin_ticket_messageattch/';
if (!file_exists($path_message_attach)) {
@mkdir($path_message_attach, api_get_permissions_for_new_directories(), true);
}
$new_path = $path_message_attach.$new_file_name;
if (is_uploaded_file($file_attach['tmp_name'])) {
@copy($file_attach['tmp_name'], $new_path);
}
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
$result = api_upload_file('ticket_attachment', $file_attach, $ticketId);
if ($result) {
$safe_file_name = Database::escape_string($new_file_name);
$safe_new_file_name = Database::escape_string($result['path_to_save']);
$sql = "INSERT INTO $table_support_message_attachments (
filename,
path,
@ -752,10 +744,8 @@ class TicketManager
)";
Database::query($sql);
return array(
'path' => $path_message_attach.$safe_new_file_name,
'filename' => $safe_file_name,
);
return true;
}
}
}
@ -1088,6 +1078,23 @@ class TicketManager
return (int)$obj->total;
}
/**
* @param int $id
* @return \Chamilo\TicketBundle\Entity\MessageAttachment
*/
public static function getTicketMessageAttachment($id)
{
$id = (int) $id;
$em = Database::getManager();
$item = $em->getRepository('ChamiloTicketBundle:MessageAttachment')->find($id);
if ($item) {
return $item;
}
return false;
}
/**
* @param int $ticketId
* @return array
@ -1181,8 +1188,8 @@ class TicketManager
$result_attach = Database::query($sql);
while ($row2 = Database::fetch_assoc($result_attach)) {
$archiveURL = $archiveURL = $webPath.'ticket/download.php?ticket_id='.$ticketId.'&file=';
$row2['attachment_link'] = $attach_icon.'&nbsp;<a href="'.$archiveURL.$row2['path'].'&title='.$row2['filename'].'">'.$row2['filename'].'</a>&nbsp;('.$row2['size'].')';
$archiveURL = $webPath.'ticket/download.php?ticket_id='.$ticketId.'&id='.$row2['id'];
$row2['attachment_link'] = $attach_icon.'&nbsp;<a href="'.$archiveURL.'">'.$row2['filename'].'</a>&nbsp;('.$row2['size'].')';
$message['attachments'][] = $row2;
}
$ticket['messages'][] = $message;

40
main/inc/lib/api.lib.php
Unescape View File

@ -8452,6 +8452,46 @@ function api_upload_file($type, $file, $itemId, $cropParameters = '')
}
}
/**
* @param string $type
* @param int $itemId
* @param string $file
*
* @return bool
*/
function api_get_uploaded_file($type, $itemId, $file)
{
$itemId = (int) $itemId;
$pathId = '/'.substr((string) $itemId, 0, 1).'/'.$itemId.'/';
$path = api_get_path(SYS_UPLOAD_PATH).$type.$pathId;
$file = basename($file);
$file = $path.'/'.$file;
if (file_exists($file)) {
return $file;
}
return false;
}
/**
* @param string $type
* @param int $itemId
* @param string $file
* @param string $title
*/
function api_download_uploaded_file($type, $itemId, $file, $title = '')
{
$file = api_get_uploaded_file($type, $itemId, $file);
if ($file) {
if (Security::check_abs_path($file, api_get_path(SYS_UPLOAD_PATH).$type)) {
DocumentManager::file_send_for_download($file, true, $title);
exit;
}
}
api_not_allowed(true);
}
/**
* @param string $type
* @param string $file

6
main/inc/lib/message.lib.php
Unescape View File

@ -379,7 +379,7 @@ class MessageManager
$i = 0;
foreach ($file_attachments as $file_attach) {
if ($file_attach['error'] == 0) {
self::save_message_attachment_file(
self::saveMessageAttachmentFile(
$file_attach,
isset($file_comments[$i]) ? $file_comments[$i] : null,
$inbox_last_id,
@ -413,7 +413,7 @@ class MessageManager
foreach ($file_attachments as $file_attach) {
if ($file_attach['error'] == 0) {
$comment = isset($file_comments[$o]) ? $file_comments[$o] : '';
self::save_message_attachment_file(
self::saveMessageAttachmentFile(
$file_attach,
$comment,
$outbox_last_id,
@ -676,7 +676,7 @@ class MessageManager
* @param int sender user id (optional)
* @param int group id (optional)
*/
public static function save_message_attachment_file(
public static function saveMessageAttachmentFile(
$file_attach,
$file_comment,
$message_id,

38
main/ticket/download.php
Unescape View File

@ -9,12 +9,22 @@ require_once __DIR__.'/../inc/global.inc.php';
api_block_anonymous_users();
$user_id = api_get_user_id();
if (!isset($_GET['file']) || !isset($_GET['title']) || !isset($_GET['ticket_id'])) {
api_not_allowed();
if (!isset($_GET['id']) || !isset($_GET['ticket_id'])) {
api_not_allowed(true);
}
if (!api_is_platform_admin()) {
$ticket_id = intval($_GET['ticket_id']);
$ticketInfo = TicketManager::get_ticket_detail_by_id($ticket_id);
if (empty($ticketInfo)) {
api_not_allowed(true);
}
$messageAttachment = TicketManager::getTicketMessageAttachment($_GET['id']);
if (empty($messageAttachment)) {
api_not_allowed(true);
}
if (!api_is_platform_admin()) {
$table_support_messages = Database::get_main_table(TABLE_TICKET_MESSAGE);
$table_support_tickets = Database::get_main_table(TABLE_TICKET_TICKET);
$table_support_message_attachments = Database::get_main_table(TABLE_TICKET_MESSAGE_ATTACHMENTS);
@ -29,22 +39,14 @@ if (!api_is_platform_admin()) {
$row_users = Database::fetch_array($rs, 'ASSOC');
$user_request_id = $row_users['request_user'];
if (intval($user_request_id) != $user_id) {
api_not_allowed();
api_not_allowed(true);
}
}
// @todo replace by Security::check_abs_path()?
$file_url = $_GET['file'];
$file_url = str_replace('///', '&', $file_url);
$file_url = str_replace(' ', '+', $file_url);
$file_url = str_replace('/..', '', $file_url);
$file_url = Database::escape_string($file_url);
$title = $_GET['title'];
$path_attachment = api_get_path(SYS_ARCHIVE_PATH);
$path_message_attach = $path_attachment.'plugin_ticket_messageattch/';
$full_file_name = $path_message_attach.$file_url;
if (Security::check_abs_path($full_file_name, $path_message_attach)) {
DocumentManager::file_send_for_download($full_file_name, true, $title);
}
api_download_uploaded_file(
'ticket_attachment',
$ticket_id,
$messageAttachment->getPath(),
$messageAttachment->getFilename()
);
exit;

97
src/Chamilo/TicketBundle/Entity/MessageAttachment.php
Unescape View File

@ -90,4 +90,101 @@ class MessageAttachment
*/
protected $lastEditDateTime;
/**
* @return int
*/
public function getId()
{
return $this->id;
}
/**
* @param int $id
* @return MessageAttachment
*/
public function setId($id)
{
$this->id = $id;
return $this;
}
/**
* @return Message
*/
public function getMessage()
{
return $this->message;
}
/**
* @param Message $message
* @return MessageAttachment
*/
public function setMessage($message)
{
$this->message = $message;
return $this;
}
/**
* @return string
*/
public function getPath()
{
return $this->path;
}
/**
* @param string $path
* @return MessageAttachment
*/
public function setPath($path)
{
$this->path = $path;
return $this;
}
/**
* @return string
*/
public function getFilename()
{
return $this->filename;
}
/**
* @param string $filename
* @return MessageAttachment
*/
public function setFilename($filename)
{
$this->filename = $filename;
return $this;
}
/**
* @return int
*/
public function getSize()
{
return $this->size;
}
/**
* @param int $size
* @return MessageAttachment
*/
public function setSize($size)
{
$this->size = $size;
return $this;
}
}

Write Preview
Loading…
Cancel
Save