chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Adding validation in the work and document tool when uploading a file with size 0 see #3260

Browse Source
skala
Julio Montoya 15 years ago
parent 25f79e36aa
commit 6e2d05f854
5 changed files with 90 additions and 58 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/inc/ajax/document.ajax.php
  2. 4
      main/inc/lib/document.lib.php
  3. 37
      main/inc/lib/fileUpload.lib.php
  4. 40
      main/work/work.lib.php
  5. 63
      main/work/work.php

4
main/inc/ajax/document.ajax.php
Unescape View File

@ -4,13 +4,13 @@
* Responses to AJAX calls for the document upload * Responses to AJAX calls for the document upload
*/ */
require_once '../global.inc.php'; require_once '../global.inc.php';
if (api_is_anonymous()){ if (api_is_anonymous()) {
exit; exit;
} }
if(!empty($_FILES)) { if(!empty($_FILES)) {
require_once api_get_path(LIBRARY_PATH).'document.lib.php'; require_once api_get_path(LIBRARY_PATH).'document.lib.php';
require_once api_get_path(LIBRARY_PATH).'fileDisplay.lib.php'; require_once api_get_path(LIBRARY_PATH).'fileDisplay.lib.php';
$result = DocumentManager::upload_document($_FILES, $_POST['curdirpath'], '', '', 0, 'overwrite'); $result = DocumentManager::upload_document($_FILES, $_POST['curdirpath'], '', '', 0, 'overwrite', false, false);
$file = $_FILES['file']; $file = $_FILES['file'];
$json = array(); $json = array();
$json['name'] = Display::url(api_htmlentities($file['name']), $result['url'], array('target'=>'_blank')); $json['name'] = Display::url(api_htmlentities($file['name']), $result['url'], array('target'=>'_blank'));

4
main/inc/lib/document.lib.php
Unescape View File

@ -1831,12 +1831,12 @@ class DocumentManager {
} }
$max_filled_space = self::get_course_quota(); $max_filled_space = self::get_course_quota();
$course_info = api_get_course_info(); $course_info = api_get_course_info();
$course_dir = $course_info['path'].'/document'; $course_dir = $course_info['path'].'/document';
$sys_course_path = api_get_path(SYS_COURSE_PATH); $sys_course_path = api_get_path(SYS_COURSE_PATH);
$base_work_dir = $sys_course_path.$course_dir; $base_work_dir = $sys_course_path.$course_dir;
if (isset($files['file'])) { if (isset($files['file'])) {
$upload_ok = process_uploaded_file($files['file']); $upload_ok = process_uploaded_file($files['file'], $show_output);
if ($upload_ok) { if ($upload_ok) {
// File got on the server without problems, now process it // File got on the server without problems, now process it

37
main/inc/lib/fileUpload.lib.php
Unescape View File

@ -86,27 +86,54 @@ function get_document_title($name) {
* @param array $uploaded_file ($_FILES) * @param array $uploaded_file ($_FILES)
* @return true if upload succeeded * @return true if upload succeeded
*/ */
function process_uploaded_file($uploaded_file) { function process_uploaded_file($uploaded_file, $show_output = true) {
// Checking the error code sent with the file upload. // Checking the error code sent with the file upload.
switch ($uploaded_file['error']) { switch ($uploaded_file['error']) {
case 1: case 1:
// The uploaded file exceeds the upload_max_filesize directive in php.ini. // The uploaded file exceeds the upload_max_filesize directive in php.ini.
Display::display_error_message(get_lang('UplExceedMaxServerUpload').ini_get('upload_max_filesize')); if ($show_output)
Display::display_error_message(get_lang('UplExceedMaxServerUpload').ini_get('upload_max_filesize'));
return false; return false;
case 2: case 2:
// The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form. // The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.
// Not used at the moment, but could be handy if we want to limit the size of an upload (e.g. image upload in html editor). // Not used at the moment, but could be handy if we want to limit the size of an upload (e.g. image upload in html editor).
Display::display_error_message(get_lang('UplExceedMaxPostSize'). round($_POST['MAX_FILE_SIZE']/1024) .' KB'); $max_file_size = intval($_POST['MAX_FILE_SIZE']);
if ($show_output) {
Display::display_error_message(get_lang('UplExceedMaxPostSize'). round($max_file_size/1024) .' KB');
}
return false; return false;
case 3: case 3:
// The uploaded file was only partially uploaded. // The uploaded file was only partially uploaded.
Display::display_error_message(get_lang('UplPartialUpload').' '.get_lang('PleaseTryAgain')); if ($show_output) {
Display::display_error_message(get_lang('UplPartialUpload').' '.get_lang('PleaseTryAgain'));
}
return false; return false;
case 4: case 4:
// No file was uploaded. // No file was uploaded.
Display::display_error_message(get_lang('UplNoFileUploaded').' '. get_lang('UplSelectFileFirst')); if ($show_output) {
Display::display_error_message(get_lang('UplNoFileUploaded').' '. get_lang('UplSelectFileFirst'));
}
return false; return false;
} }
if (!file_exists($uploaded_file['tmp_name'])) {
// No file was uploaded.
if ($show_output) {
Display::display_error_message(get_lang('UplUploadFailed'));
}
return false;
}
if (file_exists($uploaded_file['tmp_name'])) {
$filesize = filesize($uploaded_file['tmp_name']);
if (empty($filesize)) {
// No file was uploaded.
if ($show_output) {
Display::display_error_message(get_lang('UplUploadFailed'));
}
return false;
}
}
// case 0: default: We assume there is no error, the file uploaded with success. // case 0: default: We assume there is no error, the file uploaded with success.
return true; return true;
} }

40
main/work/work.lib.php
Unescape View File

@ -1638,3 +1638,43 @@ function is_work_exist_by_url($url) {
return false; return false;
} }
} }
function make_select($name, $values, $checked = '') {
$output = '<select name="'.$name.'" id="'.$name.'">';
foreach($values as $key => $value) {
$output .= '<option value="'.$key.'" '.(($checked==$key) ? 'selected="selected"' : '').'>'.$value.'</option>';
}
$output .= '</select>';
return $output;
}
function make_checkbox($name, $checked = '') {
return '<input type="checkbox" value="1" name="'.$name.'" '.((!empty($checked))?'checked="checked"':'').'/>';
}
function draw_date_picker($prefix, $default = '') {
//$default = 2008-10-01 10:00:00
if (empty($default)) {
//$default = date('Y-m-d H:i:s');
$default = api_get_local_time();
}
$parts = split(' ', $default);
list($d_year, $d_month, $d_day) = split('-', $parts[0]);
list($d_hour, $d_minute) = split(':', $parts[1]);
$minute = range(10, 59);
array_unshift($minute, '00', '01', '02', '03', '04', '05', '06', '07', '08', '09');
$date_form = make_select($prefix.'_day', array_combine(range(1, 31), range(1, 31)), $d_day);
$date_form .= make_select($prefix.'_month', array_combine(range(1, 12), api_get_months_long()), $d_month);
$date_form .= make_select($prefix.'_year', array($d_year => $d_year, $d_year + 1 => $d_year + 1), $d_year).'&nbsp;&nbsp;&nbsp;&nbsp;';
$date_form .= make_select($prefix.'_hour', array_combine(range(0, 23), range(0, 23)), $d_hour).' : ';
$date_form .= make_select($prefix.'_minute', $minute, $d_minute);
return $date_form;
}
function get_date_from_select($prefix) {
return $_POST[$prefix.'_year'].'-'.two_digits($_POST[$prefix.'_month']).'-'.two_digits($_POST[$prefix.'_day']).' '.two_digits($_POST[$prefix.'_hour']).':'.two_digits($_POST[$prefix.'_minute']).':00';
}

63
main/work/work.php
Unescape View File

@ -58,7 +58,7 @@
/* INIT SECTION */ /* INIT SECTION */
$language_file = array('exercice', 'work', 'document', 'admin' ); $language_file = array('exercice', 'work', 'document', 'admin');
require_once '../inc/global.inc.php'; require_once '../inc/global.inc.php';
@ -88,10 +88,10 @@ $stok = Security::get_token();
$htmlHeadXtra[] = to_javascript_work(); $htmlHeadXtra[] = to_javascript_work();
$htmlHeadXtra[] = '<script type="text/javascript"> $htmlHeadXtra[] = '<script type="text/javascript">
function setFocus(){ function setFocus(){
$("#work_title").focus(); $("#work_title").focus();
} }
$(document).ready(function () { $(document).ready(function () {
setFocus(); setFocus();
}); });
</script>'; </script>';
@ -504,11 +504,7 @@ if (!empty($_REQUEST['new_dir'])) {
if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) { if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) {
api_not_allowed(); api_not_allowed();
} }
function get_date_from_select($prefix) {
return $_POST[$prefix.'_year'].'-'.two_digits($_POST[$prefix.'_month']).'-'.two_digits($_POST[$prefix.'_day']).' '.two_digits($_POST[$prefix.'_hour']).':'.two_digits($_POST[$prefix.'_minute']).':00';
}
$fexpire = get_date_from_select('expires'); $fexpire = get_date_from_select('expires');
$fend = get_date_from_select('ends'); $fend = get_date_from_select('ends');
@ -875,8 +871,14 @@ if ($ctok == $_POST['sec_token']) { //check the token inserted into the form
// Transform any .php file in .phps fo security // Transform any .php file in .phps fo security
$new_file_name = php2phps($new_file_name); $new_file_name = php2phps($new_file_name);
//filter extension
if (!filter_extension($new_file_name)) { $filesize = filesize($_FILES['file']['tmp_name']);
if (empty($filesize)) {
Display :: display_error_message(get_lang('UplUploadFailed'));
$succeed = false;
} elseif (!filter_extension($new_file_name)) {
//filter extension
Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
$succeed = false; $succeed = false;
} else { } else {
@ -1207,7 +1209,7 @@ if ($is_course_member) {
} }
//require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php'; //require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
require_once (api_get_path(LIBRARY_PATH).'fileDisplay.lib.php'); require_once api_get_path(LIBRARY_PATH).'fileDisplay.lib.php';
$form = new FormValidator('form', 'POST', api_get_self() . "?curdirpath=" . rtrim(Security :: remove_XSS($cur_dir_path),'/') . "&gradebook=".Security::remove_XSS($_GET['gradebook'])."&origin=$origin", '', 'enctype="multipart/form-data"'); $form = new FormValidator('form', 'POST', api_get_self() . "?curdirpath=" . rtrim(Security :: remove_XSS($cur_dir_path),'/') . "&gradebook=".Security::remove_XSS($_GET['gradebook'])."&origin=$origin", '', 'enctype="multipart/form-data"');
@ -1308,7 +1310,6 @@ if ($is_course_member) {
$form->setDefaults($defaults); $form->setDefaults($defaults);
//$form->addRule('file', '<div class="required">'.get_lang('ThisFieldIsRequired'), 'required'); //$form->addRule('file', '<div class="required">'.get_lang('ThisFieldIsRequired'), 'required');
$form->display(); $form->display();
} }
@ -1487,40 +1488,4 @@ if (!$display_upload_form && !$display_tool_options) {
if ($origin != 'learnpath') { if ($origin != 'learnpath') {
//we are not in the learning path tool //we are not in the learning path tool
Display :: display_footer(); Display :: display_footer();
} }
/* Some functions */
function make_select($name, $values, $checked = '') {
$output = '<select name="'.$name.'" id="'.$name.'">';
foreach($values as $key => $value) {
$output .= '<option value="'.$key.'" '.(($checked==$key) ? 'selected="selected"' : '').'>'.$value.'</option>';
}
$output .= '</select>';
return $output;
}
function make_checkbox($name, $checked = '') {
return '<input type="checkbox" value="1" name="'.$name.'" '.((!empty($checked))?'checked="checked"':'').'/>';
}
function draw_date_picker($prefix, $default = '') {
//$default = 2008-10-01 10:00:00
if (empty($default)) {
//$default = date('Y-m-d H:i:s');
$default = api_get_local_time();
}
$parts = split(' ', $default);
list($d_year, $d_month, $d_day) = split('-', $parts[0]);
list($d_hour, $d_minute) = split(':', $parts[1]);
$minute = range(10, 59);
array_unshift($minute, '00', '01', '02', '03', '04', '05', '06', '07', '08', '09');
$date_form = make_select($prefix.'_day', array_combine(range(1, 31), range(1, 31)), $d_day);
$date_form .= make_select($prefix.'_month', array_combine(range(1, 12), api_get_months_long()), $d_month);
$date_form .= make_select($prefix.'_year', array($d_year => $d_year, $d_year + 1 => $d_year + 1), $d_year).'&nbsp;&nbsp;&nbsp;&nbsp;';
$date_form .= make_select($prefix.'_hour', array_combine(range(0, 23), range(0, 23)), $d_hour).' : ';
$date_form .= make_select($prefix.'_minute', $minute, $d_minute);
return $date_form;
}
Write Preview
Loading…
Cancel
Save