chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixing production user's file bug see #1682

Browse Source
skala
Julio Montoya 15 years ago
parent 15f86864c2
commit 5cc17d77b3
3 changed files with 27 additions and 18 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      documentation/changelog.html
  2. 35
      main/auth/profile.php
  3. 9
      main/inc/lib/usermanager.lib.php

1
documentation/changelog.html
Unescape View File

@ -33,6 +33,7 @@
<li>Added more quality at the icons</li>
<li>Fixed an encoding problem about database connection which is specific to Chinese language. The initial solution has been proposed by Oliver Corre (Bug #1802)</li>
<li>Multiple URL feature: Fixed Course user list (BT#1547) </li>
<li>Deleting production user's file fixed see #1682</li>
</ul>
<h3>Security</h3>
<ul>

35
main/auth/profile.php
Unescape View File

@ -41,10 +41,11 @@ $htmlHeadXtra[] = '<link rel="stylesheet" href="'.api_get_path(WEB_LIBRARY_PATH)
$htmlHeadXtra[] = '<script type="text/javascript">
function confirmation(name) {
if (confirm("'.get_lang('AreYouSureToDelete', '').' " + name + " ?"))
{return true;}
else
{return false;}
if (confirm("'.get_lang('AreYouSureToDelete', '').' " + name + " ?")) {
document.forms["profile"].submit();
} else {
return false;
}
}
function show_image(image,width,height) {
width = parseInt(width) + 20;
@ -73,7 +74,6 @@ if (!empty ($_GET['coursePath'])) {
$interbreadcrumb[] = array('url' => $course_url, 'name' => Security::remove_XSS($_GET['courseCode']));
}
$warning_msg = '';
if (!empty($_GET['fe'])) {
$warning_msg .= get_lang('UplUnableToSaveFileFilteredExtension');
@ -510,7 +510,6 @@ function upload_user_production($user_id) {
if (!file_exists($production_repository)) {
@mkdir($production_repository, api_get_permissions_for_new_directories(), true);
}
$filename = replace_dangerous_char($_FILES['production']['name']);
$filename = disable_dangerous_file($filename);
@ -580,15 +579,6 @@ if (!empty($_SESSION['change_email'])) {
} elseif (!empty($_SESSION['production_uploaded'])) {
$upload_production_success = ($_SESSION['production_uploaded'] == 'success');
unset($_SESSION['production_uploaded']);
} elseif (isset($_POST['remove_production'])) {
foreach (array_keys($_POST['remove_production']) as $production) {
UserManager::remove_user_production($_user['user_id'], urldecode($production));
}
if ($production_list = UserManager::build_production_list($_user['user_id'], true, true)) {
$form->insertElementBefore($form->createElement('static', null, null, $production_list), 'productions_list');
}
$form->removeElement('productions_list');
$file_deleted = true;
}
if ($form->validate()) {
@ -596,6 +586,7 @@ if ($form->validate()) {
$wrong_current_password = false;
// $user_data = $form->exportValues();
$user_data = $form->getSubmitValues();
// set password if a new one was provided
if (!empty($user_data['password0'])) {
if (check_user_password($user_data['password0'])) {
@ -632,6 +623,20 @@ if ($form->validate()) {
UserManager::delete_user_picture($_user['user_id']);
$user_data['picture_uri'] = '';
}
//Remove production
if (is_array($user_data['remove_production'])) {
foreach (array_keys($user_data['remove_production']) as $production) {
UserManager::remove_user_production($_user['user_id'], urldecode($production));
}
if ($production_list = UserManager::build_production_list($_user['user_id'], true, true)) {
var_dump($production_list);
$form->insertElementBefore($form->createElement('static', null, null, $production_list), 'productions_list');
}
$form->removeElement('productions_list');
$file_deleted = true;
}
// upload production if a new one is provided
if ($_FILES['production']['size']) {

9
main/inc/lib/usermanager.lib.php
Unescape View File

@ -916,7 +916,7 @@ class UserManager
$production_dir = $production_path['dir'].$user_id.'/';
$del_image = api_get_path(WEB_CODE_PATH).'img/delete.gif';
$del_text = get_lang('Delete');
$production_list = '';
$production_list = '';
if (count($productions) > 0) {
$production_list = '<ul id="productions">';
foreach ($productions as $file) {
@ -968,9 +968,12 @@ class UserManager
*/
public static function remove_user_production($user_id, $production) {
$production_path = self::get_user_picture_path_by_id($user_id, 'system', true);
if (is_file($production_path['dir'].$production)) {
unlink($production_path['dir'].$production);
$production_file = $production_path['dir'].$user_id.'/'.$production;
if (is_file($production_file)) {
unlink($production_file);
return true;
}
return false;
}
/**

Write Preview
Loading…
Cancel
Save