chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch '1.9.x' of github.com:chamilo/chamilo-lms into 1.9.x

Browse Source
1.9.x
Yannick Warnier 11 years ago
parent bb6c65d79b aa7cc03785
commit 5fb4ff126b
4 changed files with 167 additions and 75 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 119
      main/cron/import_csv.php
  2. 11
      main/inc/lib/course.lib.php
  3. 99
      main/inc/lib/security.lib.php
  4. 13
      main/work/downloadfolder.inc.php

119
main/cron/import_csv.php
Unescape View File

@ -46,6 +46,7 @@ class ImportCsv
/**
* @param Logger $logger
* @param array
*/
public function __construct($logger, $conditions)
{
@ -56,7 +57,7 @@ class ImportCsv
/**
* @param bool $dump
*/
function setDumpValues($dump)
public function setDumpValues($dump)
{
$this->dumpValues = $dump;
}
@ -64,7 +65,7 @@ class ImportCsv
/**
* @return mixed
*/
function getDumpValues()
public function getDumpValues()
{
return $this->dumpValues;
}
@ -77,34 +78,43 @@ class ImportCsv
$path = api_get_path(SYS_CODE_PATH).'cron/incoming/';
if (!is_dir($path)) {
echo "The folder! $path does not exits";
exit;
return 0;
}
if ($this->getDumpValues()) {
$this->dumpDatabaseTables();
}
echo "Starting with reading the files: ".PHP_EOL.PHP_EOL;
echo "Reading files: ".PHP_EOL.PHP_EOL;
$files = scandir($path);
$fileToProcess = array();
$fileToProcessStatic = array();
if (!empty($files)) {
foreach ($files as $file) {
$fileInfo = pathinfo($file);
if ($fileInfo['extension'] == 'csv') {
// teachers_yyyymmdd.csv, courses_yyyymmdd.csv, students_yyyymmdd.csv and sessions_yyyymmdd.csv
// Checking teachers_yyyymmdd.csv, courses_yyyymmdd.csv, students_yyyymmdd.csv and sessions_yyyymmdd.csv
$parts = explode('_', $fileInfo['filename']);
$preMethod = ucwords($parts[1]);
$preMethod = str_replace('-static', 'Static', $preMethod);
$method = 'import'.$preMethod;
$isStatic = strpos($method, 'Static');
if (method_exists($this, $method)) {
$fileToProcess[$parts[1]][] = array(
'method' => $method,
'file' => $path.$fileInfo['basename']
);
//$this->$method($path.$fileInfo['basename']);
if ($method == 'importUnsubscribeStatic' || empty($isStatic)) {
$fileToProcess[$parts[1]][] = array(
'method' => $method,
'file' => $path.$fileInfo['basename']
);
} else {
$fileToProcessStatic[$parts[1]][] = array(
'method' => $method,
'file' => $path.$fileInfo['basename']
);
}
} else {
echo "Error - This file '$file' can't be processed.".PHP_EOL;
echo "Trying to call $method".PHP_EOL;
@ -118,13 +128,12 @@ class ImportCsv
if (empty($fileToProcess)) {
echo 'Error - no files to process.';
exit;
return 0;
}
$sections = array('students', 'teachers', 'courses', 'sessions', 'unsubscribe-static');
$this->prepareImport();
$sections = array('students', 'teachers', 'courses', 'sessions', 'unsubscribe-static');
foreach ($sections as $section) {
$this->logger->addInfo("-- Import $section --");
@ -134,10 +143,25 @@ class ImportCsv
$method = $fileInfo['method'];
$file = $fileInfo['file'];
echo 'Reading file: '.$file.PHP_EOL;
echo 'File: '.$file.PHP_EOL;
$this->logger->addInfo("Reading file: $file");
$this->$method($file, true);
}
}
}
$sections = array('students-static', 'teachers-static', 'courses-static', 'sessions-static');
foreach ($sections as $section) {
$this->logger->addInfo("-- Import static files $section --");
$this->$method($file);
if (isset($fileToProcessStatic[$section]) && !empty($fileToProcessStatic[$section])) {
$files = $fileToProcessStatic[$section];
foreach ($files as $fileInfo) {
$method = $fileInfo['method'];
$file = $fileInfo['file'];
echo 'Static file: '.$file.PHP_EOL;
$this->logger->addInfo("Reading file: $file");
$this->$method($file, true);
}
}
}
@ -240,7 +264,17 @@ class ImportCsv
* File to import
* @param string $file
*/
private function importTeachers($file)
private function importTeachersStatic($file)
{
$this->importTeachers($file, false);
}
/**
* File to import
* @param string $file
* @param bool $moveFile
*/
private function importTeachers($file, $moveFile = true)
{
$data = Import::csv_to_array($file);
@ -348,13 +382,26 @@ class ImportCsv
}
}
}
$this->moveFile($file);
if ($moveFile) {
$this->moveFile($file);
}
}
/**
* @param string $file
*/
private function importStudents($file)
private function importStudentsStatic($file)
{
$this->importStudents($file, false);
}
/**
* @param string $file
* @param bool $moveFile
*/
private function importStudents($file, $moveFile = true)
{
$data = Import::csv_to_array($file);
@ -513,13 +560,24 @@ class ImportCsv
}
}
$this->moveFile($file);
if ($moveFile) {
$this->moveFile($file);
}
}
/**
* @param string $file
*/
private function importCourses($file)
private function importCoursesStatic($file)
{
$this->importCourses($file, false);
}
/**
* @param string $file
* @param bool $moveFile
*/
private function importCourses($file, $moveFile = true)
{
$data = Import::csv_to_array($file);
@ -573,13 +631,26 @@ class ImportCsv
}
}
}
$this->moveFile($file);
if ($moveFile) {
$this->moveFile($file);
}
}
/**
* @param string $file
*/
private function importSessions($file)
private function importSessionsStatic($file)
{
$this->importSessions($file, false);
}
/**
* @param string $file
* @param bool $moveFile
*/
private function importSessions($file, $moveFile = true)
{
$avoid = null;
if (isset($this->conditions['importSessions']) && isset($this->conditions['importSessions']['update'])) {
@ -602,7 +673,9 @@ class ImportCsv
$this->logger->addError($result['error_message']);
}
$this->logger->addInfo("Sessions - Sessions parsed: ".$result['session_counter']);
$this->moveFile($file);
if ($moveFile) {
$this->moveFile($file);
}
}
/**

11
main/inc/lib/course.lib.php
Unescape View File

@ -37,9 +37,9 @@ class CourseManager
/**
* Creates a course
* @param array with the columns in the main.course table
* @param mixed false if the course was not created, array with the course info
* @return mixed false if the course was not created, array with the course info
*/
static function create_course($params)
public static function create_course($params)
{
global $_configuration;
// Check portal limits
@ -105,7 +105,8 @@ class CourseManager
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @assert ('') === false
*/
public static function get_course_information($course_code) {
public static function get_course_information($course_code)
{
return Database::fetch_array(Database::query(
"SELECT *, id as real_id FROM ".Database::get_main_table(TABLE_MAIN_COURSE)."
WHERE code='".Database::escape_string($course_code)."'"),'ASSOC'
@ -636,6 +637,7 @@ class CourseManager
/**
* Lists all virtual courses
* @return array Course info (course code => details) of all virtual courses on the platform
* @deprecated virtual course feature is not supported
*/
public static function get_virtual_course_list() {
$sql_result = Database::query("SELECT * FROM ".Database::get_main_table(TABLE_MAIN_COURSE)." WHERE target_course_code IS NOT NULL");
@ -1649,6 +1651,7 @@ class CourseManager
* @param $real_course_code, the id (char) of the real course
*
* @return array of course info arrays
* @deprecated virtual course feature is not supported
*/
public static function get_list_of_virtual_courses_for_specific_user_and_real_course($user_id, $course_code) {
$result_array = array();
@ -1723,6 +1726,7 @@ class CourseManager
* @param string Course language
* @param string Course category
* @return bool True on success, false on error
* @deprecated virtual course feature is not supported
*/
public static function attempt_create_virtual_course($real_course_code, $course_title, $wanted_course_code, $course_language, $course_category) {
//better: create parameter list, check the entire list, when false display errormessage
@ -1751,6 +1755,7 @@ class CourseManager
* @param string Course category
* @return true if the course creation succeeded, false otherwise
* @todo research: expiration date of a course
* @deprecated virtual course feature is not supported
*/
public static function create_virtual_course($real_course_code, $course_title, $wanted_course_code, $course_language, $course_category) {
global $firstExpirationDelay;

99
main/inc/lib/security.lib.php
Unescape View File

@ -34,7 +34,8 @@
* and then using $secure->clean['var'] as a filtered equivalent, although
* this is *not* mandatory at all.
*/
class Security {
class Security
{
public static $clean = array();
/**
@ -44,9 +45,12 @@ class Security {
* @param string Checker path under which the path should be (absolute path, with trailing slash, get it from api_get_path(SYS_COURSE_PATH))
* @return bool True if the path is under the checker, false otherwise
*/
public static function check_abs_path($abs_path, $checker_path) {
global $_configuration;
if (empty($checker_path)) { return false; } // The checker path must be set.
public static function check_abs_path($abs_path, $checker_path)
{
// The checker path must be set.
if (empty($checker_path)) {
return false;
}
$true_path = str_replace("\\", '/', realpath($abs_path));
$checker_path = str_replace("\\", '/', realpath($checker_path));
@ -63,13 +67,6 @@ class Security {
return true;
}
}
// Code specific to courses directory stored on other disk.
/*
$checker_path = str_replace(api_get_path(SYS_COURSE_PATH), $_configuration['symbolic_course_folder_abs'], $checker_path);
$found = strpos($true_path.'/', $checker_path);
if ($found === 0) {
return true;
}*/
}
return false;
}
@ -81,8 +78,12 @@ class Security {
* @param string Checker path under which the path should be (absolute path, with trailing slash, get it from api_get_path(SYS_COURSE_PATH))
* @return bool True if the path is under the checker, false otherwise
*/
public static function check_rel_path($rel_path, $checker_path) {
if (empty($checker_path)) { return false; } // The checker path must be set.
public static function check_rel_path($rel_path, $checker_path)
{
// The checker path must be set.
if (empty($checker_path)) {
return false;
}
$current_path = getcwd(); // No trailing slash.
if (substr($rel_path, -1, 1) != '/') {
$rel_path = '/'.$rel_path;
@ -102,6 +103,7 @@ class Security {
* other languages' files extensions)
* @param string Unfiltered filename
* @param string Filtered filename
* @return string
*/
public static function filter_filename($filename)
{
@ -147,7 +149,8 @@ class Security {
* most session hijacking attacks.
* @return bool True if the user agent is the same, false otherwise
*/
public static function check_ua() {
public static function check_ua()
{
if (isset($_SESSION['sec_ua']) and $_SESSION['sec_ua'] === $_SERVER['HTTP_USER_AGENT'].$_SESSION['sec_ua_seed']) {
return true;
}
@ -158,7 +161,8 @@ class Security {
* Clear the security token from the session
* @return void
*/
public static function clear_token() {
public static function clear_token()
{
$_SESSION['sec_token'] = null;
unset($_SESSION['sec_token']);
}
@ -172,7 +176,8 @@ class Security {
* Check the token with check_token()
* @return string Hidden-type input ready to insert into a form
*/
public static function get_HTML_token() {
public static function get_HTML_token()
{
$token = md5(uniqid(rand(), TRUE));
$string = '<input type="hidden" name="sec_token" value="'.$token.'" />';
$_SESSION['sec_token'] = $token;
@ -188,13 +193,18 @@ class Security {
* Check the token with check_token()
* @return string Token
*/
public static function get_token() {
public static function get_token()
{
$token = md5(uniqid(rand(), TRUE));
$_SESSION['sec_token'] = $token;
return $token;
}
public static function get_existing_token() {
/**
* @return string
*/
public static function get_existing_token()
{
if (isset($_SESSION['sec_token']) && !empty($_SESSION['sec_token'])) {
return $_SESSION['sec_token'];
} else {
@ -207,7 +217,8 @@ class Security {
* most cases of session hijacking.
* @return void
*/
public static function get_ua() {
public static function get_ua()
{
$_SESSION['sec_ua_seed'] = uniqid(rand(), TRUE);
$_SESSION['sec_ua'] = $_SERVER['HTTP_USER_AGENT'].$_SESSION['sec_ua_seed'];
}
@ -219,7 +230,8 @@ class Security {
* @param array Additional options
* @return bool True if variable was filtered and added to the current object, false otherwise
*/
public static function filter($var, $type = 'string', $options = array()) {
public static function filter($var, $type = 'string', $options = array())
{
// This function has not been finished! Do not use!
$result = false;
// Get variable name and value.
@ -261,7 +273,8 @@ class Security {
* @param string Variable name
* @return mixed Variable or NULL on error
*/
public static function get($varname) {
public static function get($varname)
{
if (isset(self::$clean[$varname])) {
return self::$clean[$varname];
}
@ -276,7 +289,8 @@ class Security {
* @param integer The user status,constant allowed (STUDENT, COURSEMANAGER, ANONYMOUS, COURSEMANAGERLOWSECURITY)
* @return mixed Filtered string or array
*/
public static function remove_XSS($var, $user_status = ANONYMOUS, $filter_terms = false) {
public static function remove_XSS($var, $user_status = ANONYMOUS, $filter_terms = false)
{
if ($filter_terms) {
$var = self::filter_terms($var);
}
@ -335,8 +349,6 @@ class Security {
$purifier[$user_status] = new HTMLPurifier($config);
}
if (is_array($var)) {
return $purifier[$user_status]->purifyArray($var);
} else {
@ -351,27 +363,29 @@ class Security {
* @param string content to be filter
* @return string
*/
static function filter_terms($text) {
static function filter_terms($text)
{
static $bad_terms = array();
if (empty($bad_terms)) {
$list = api_get_setting('filter_terms');
$list = explode("\n", $list);
$list = array_filter($list);
if (!empty($list)) {
foreach($list as $term) {
$term = str_replace(array("\r\n", "\r", "\n", "\t"), '', $term);
$html_entities_value = api_htmlentities($term, ENT_QUOTES, api_get_system_encoding());
$bad_terms[] = $term;
if ($term != $html_entities_value) {
$bad_terms[] = $html_entities_value;
}
}
$bad_terms = array_filter($bad_terms);
}
}
if (empty($bad_terms)) {
$list = api_get_setting('filter_terms');
$list = explode("\n", $list);
$list = array_filter($list);
if (!empty($list)) {
foreach ($list as $term) {
$term = str_replace(array("\r\n", "\r", "\n", "\t"), '', $term);
$html_entities_value = api_htmlentities($term, ENT_QUOTES, api_get_system_encoding());
$bad_terms[] = $term;
if ($term != $html_entities_value) {
$bad_terms[] = $html_entities_value;
}
}
$bad_terms = array_filter($bad_terms);
}
}
$replace = '***';
if (!empty($bad_terms)) {
//Fast way
$new_text = str_ireplace($bad_terms, $replace, $text, $count);
@ -407,7 +421,8 @@ class Security {
* @return string Returns sanitized image path or an empty string when the image path is not secure.
* @author Ivan Tcholakov, March 2011
*/
public static function filter_img_path($image_path) {
public static function filter_img_path($image_path)
{
static $allowed_extensions = array('png', 'gif', 'jpg', 'jpeg');
$image_path = htmlspecialchars(trim($image_path)); // No html code is allowed.
// We allow static images only, query strings are forbidden.

13
main/work/downloadfolder.inc.php
Unescape View File

@ -36,7 +36,7 @@ $sys_course_path = api_get_path(SYS_COURSE_PATH);
//zip library for creation of the zipfile
require_once api_get_path(LIBRARY_PATH).'pclzip/pclzip.lib.php';
//Creating a ZIP file
// Creating a ZIP file
$temp_zip_file = api_get_path(SYS_ARCHIVE_PATH).api_get_unique_id().".zip";
$zip_folder = new PclZip($temp_zip_file);
@ -44,9 +44,9 @@ $zip_folder = new PclZip($temp_zip_file);
$tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$prop_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
//Put the files in the zip
//2 possibilities: admins get all files and folders in the selected folder (except for the deleted ones)
//normal users get only visible files that are in visible folders
// Put the files in the zip
// 2 possibilities: admins get all files and folders in the selected folder (except for the deleted ones)
// normal users get only visible files that are in visible folders
//admins are allowed to download invisible files
$files = array();
@ -126,7 +126,7 @@ while ($not_deleted_file = Database::fetch_assoc($query)) {
if (file_exists($sys_course_path.$_course['path'].'/'.$not_deleted_file['url']) && !empty($not_deleted_file['url'])) {
$files[basename($not_deleted_file['url'])] = $filename;
$zip_folder->add(
$addStatus = $zip_folder->add(
$sys_course_path.$_course['path'].'/'.$not_deleted_file['url'],
PCLZIP_OPT_REMOVE_PATH,
$sys_course_path.$_course['path'].'/work',
@ -141,7 +141,7 @@ while ($not_deleted_file = Database::fetch_assoc($query)) {
$work_temp = api_get_path(SYS_ARCHIVE_PATH).api_get_unique_id().'_'.$filename;
file_put_contents($work_temp, $not_deleted_file['description']);
$files[basename($work_temp)] = $filename;
$zip_folder->add(
$addStatus = $zip_folder->add(
$work_temp,
PCLZIP_OPT_REMOVE_PATH,
api_get_path(SYS_ARCHIVE_PATH),
@ -158,7 +158,6 @@ if (!empty($files)) {
//start download of created file
$name = basename($work_data['title']).'.zip';
if (Security::check_abs_path($temp_zip_file, api_get_path(SYS_ARCHIVE_PATH))) {
DocumentManager::file_send_for_download($temp_zip_file, true, $name);
@unlink($temp_zip_file);

Write Preview
Loading…
Cancel
Save