Fix webcam clip inside a group BT#16848

5 years ago · 7303d7083f
parent 1bebed87c3
commit 7303d7083f
4 changed files with 40 additions and 56 deletions
--- a/main/document/record_audio.php
+++ b/main/document/record_audio.php
@ -43,10 +43,10 @@ if (empty($document_data)) {

 //make some vars
 $wamidir = $dir;
-if ($wamidir === "/") {
+if ($wamidir === '/') {
    $wamidir = '';
 }
-$wamiurlplay = api_get_path(WEB_COURSE_PATH).api_get_course_path().'/document'.$wamidir."/";
+$wamiurlplay = api_get_path(WEB_COURSE_PATH).api_get_course_path().'/document'.$wamidir.'/';
 $groupId = api_get_group_id();
 $is_allowed_to_edit = api_is_allowed_to_edit(null, true);

@ -55,7 +55,7 @@ if (strstr($dir, '..')) {
    $dir = '/';
 }

-if ($dir[0] == '.') {
+if ($dir[0] === '.') {
    $dir = substr($dir, 1);
 }

@ -63,7 +63,7 @@ if ($dir[0] !== '/') {
    $dir = '/'.$dir;
 }

-if ($dir[strlen($dir) - 1] != '/') {
+if ($dir[strlen($dir) - 1] !== '/') {
    $dir .= '/';
 }

--- a/main/document/webcam_clip.php
+++ b/main/document/webcam_clip.php
@ -1,4 +1,5 @@
 <?php
+
 /* For licensing terms, see /license.txt */

 use ChamiloSession as Session;
@ -6,8 +7,6 @@ use ChamiloSession as Session;
 /**
 * This file allows record wav files.
 *
- * @package chamilo.document
- *
 * @author  Juan Carlos Raña Trabado herodoto@telefonica.net
 *
 * @since   7/jun/2012
@ -25,75 +24,74 @@ $groupRights = Session::read('group_member_with_upload_rights');
 api_protect_course_script();
 api_block_anonymous_users();

+$courseInfo = api_get_course_info();
 $userId = api_get_user_id();
 $courseCode = api_get_course_id();
 $groupId = api_get_group_id();
 $sessionId = api_get_session_id();
-
 $documentData = DocumentManager::get_document_data_by_id($_GET['id'], $courseCode, true);

+$groupProperties = null;
+if (!empty($groupId)) {
+    $groupProperties = GroupManager::get_group_properties($groupId);
+}
+$documentId = 0;
+$dir = '/';
 if (empty($documentData)) {
    if (api_is_in_group()) {
-        $groupProperties = GroupManager::get_group_properties($groupId);
        $documentId = DocumentManager::get_document_id(
-            api_get_course_info(),
+            $courseInfo,
            $groupProperties['directory']
        );
        $documentData = DocumentManager::get_document_data_by_id($documentId, $courseCode);
+        $dir = $documentData['path'];
    }
+} else {
+    $documentId = $documentData['id'];
+    $dir = $documentData['path'];
 }

-$documentId = $documentData['id'];
-$dir = $documentData['path'];
-
-//make some vars
 $webcamdir = $dir;
-if ($webcamdir == "/") {
+if ($webcamdir === '/') {
    $webcamdir = '';
 }

 $isAllowedToEdit = api_is_allowed_to_edit(null, true);

-// Please, do not modify this dirname formatting
+// Please, do not modify this dirname formatting.
 if (strstr($dir, '..')) {
    $dir = '/';
 }

-if ($dir[0] == '.') {
+if ($dir[0] === '.') {
    $dir = substr($dir, 1);
 }

-if ($dir[0] != '/') {
+if ($dir[0] !== '/') {
    $dir = '/'.$dir;
 }

-if ($dir[strlen($dir) - 1] != '/') {
+if ($dir[strlen($dir) - 1] !== '/') {
    $dir .= '/';
 }

-$filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document'.$dir;
+$filepath = api_get_path(SYS_COURSE_PATH).$courseInfo['path'].'/document'.$dir;

 if (!is_dir($filepath)) {
-    $filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document/';
+    $filepath = api_get_path(SYS_COURSE_PATH).$courseInfo['path'].'/document/';
    $dir = '/';
 }

 if (!empty($groupId)) {
    $interbreadcrumb[] = [
-        "url" => "../group/group_space.php?".api_get_cidreq(),
-        "name" => get_lang('GroupSpace'),
+        'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(),
+        'name' => get_lang('GroupSpace').' '.$groupProperties['name'],
    ];
-    $noPHP_SELF = true;
-    $group = GroupManager::get_group_properties($groupId);
-    $path = explode('/', $dir);
-    if ('/'.$path[1] != $group['directory']) {
-        api_not_allowed(true);
-    }
 }

 $interbreadcrumb[] = [
-    "url" => "./document.php?id=".$documentId."&".api_get_cidreq(),
-    "name" => get_lang('Documents'),
+    'url' => "./document.php?id=".$documentId."&".api_get_cidreq(),
+    'name' => get_lang('Documents'),
 ];

 if (!api_is_allowed_in_course()) {
@ -106,18 +104,8 @@ if (!($isAllowedToEdit || $groupRights || $isMySharedFolder)) {
    api_not_allowed(true);
 }

-/*	Header */
 Event::event_access_tool(TOOL_DOCUMENT);

-$displayDir = $dir;
-if (isset($group)) {
-    $displayDir = explode('/', $dir);
-    unset($displayDir[0]);
-    unset($displayDir[1]);
-    $displayDir = implode('/', $displayDir);
-}
-
-// Interbreadcrumb for the current directory root path
 $counter = 0;
 if (isset($documentData['parents'])) {
    foreach ($documentData['parents'] as $documentSubData) {
@ -155,10 +143,7 @@ $template = new Template($nameTools);
 $template->assign('webcam_dir', $webcamdir);
 $template->assign('user_id', $userId);
 $template->assign('filename', 'video_clip.jpg');
-
-$layout = $template->get_template('document/webcam.tpl');
-$content = $template->fetch($layout);
-
+$content = $template->fetch($template->get_template('document/webcam.tpl'));
 $template->assign('header', get_lang('TakeYourPhotos'));
 $template->assign('actions', $actions);
 $template->assign('content', $content);
--- a/main/document/webcam_receiver.php
+++ b/main/document/webcam_receiver.php
@ -34,24 +34,23 @@ $webcamname = addslashes(trim($webcamname));
 $webcamname = api_replace_dangerous_char($webcamname);
 $webcamname = disable_dangerous_file($webcamname);
 $webcamdir = Security::remove_XSS($webcamdir);
-
+$courseInfo = api_get_course_info();
 //security extension
 $ext = explode('.', $webcamname);
-$ext = strtolower($ext[sizeof($ext) - 1]);
+$ext = strtolower($ext[count($ext) - 1]);

-if ($ext != 'jpg') {
-    die();
+if ($ext !== 'jpg') {
+    exit;
 }

 //Do not use here check Fileinfo method because return: text/plain                //CHECK THIS BEFORE COMMIT
-
-$dirBaseDocuments = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document';
+$dirBaseDocuments = api_get_path(SYS_COURSE_PATH).$courseInfo['path'].'/document';
 $saveDir = $dirBaseDocuments.$webcamdir;
 $current_session_id = api_get_session_id();
 $groupId = api_get_group_id();
 $groupInfo = GroupManager::get_group_properties($groupId);

-//Avoid duplicates
+// Avoid duplicates.
 $webcamname_to_save = $webcamname;
 $title_to_save = str_replace('_', ' ', $webcamname);
 $webcamname_noex = basename($webcamname, ".jpg");
@ -77,24 +76,24 @@ if (!$content) {

 //add document to database
 $doc_id = add_document(
-    $_course,
+    $courseInfo,
    $webcamdir.'/'.$webcamname_to_save,
    'file',
    filesize($documentPath),
    $title_to_save
 );
 api_item_property_update(
-    $_course,
+    $courseInfo,
    TOOL_DOCUMENT,
    $doc_id,
    'DocumentAdded',
-    $_user['user_id'],
+    api_get_user_id(),
    $groupInfo,
    null,
    null,
    null,
    $current_session_id
 );
-///
+
 $url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['REQUEST_URI']).'/'.$documentPath;
 echo get_lang('ClipSent');
--- a/main/template/default/document/webcam.tpl
+++ b/main/template/default/document/webcam.tpl
@ -33,7 +33,7 @@
 </div>
 <script>
    RecordWebcam.init({
-        urlReceiver: '{{ _p.web_main }}document/webcam_receiver.php?webcamname='
+        urlReceiver: '{{ _p.web_main }}document/webcam_receiver.php?{{ _p.web_cid_query }}&webcamname='
            + escape('{{ filename }}') + '&webcamdir={{ webcam_dir }}&webcamuserid={{ user_id }}'
    });
 </script>