diff --git a/main/document/document.php b/main/document/document.php index 6f316447c0..ba311806dd 100755 --- a/main/document/document.php +++ b/main/document/document.php @@ -37,7 +37,7 @@ $parent_id = null; $lib_path = api_get_path(LIBRARY_PATH); $actionsRight = ''; $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; -if(isset($_POST['currentFile'])){ +if (isset($_POST['currentFile'])) { $action = 'replace'; } $allowUseTool = false; @@ -227,7 +227,7 @@ switch ($action) { ) { $fileTarget = $_POST['currentFile']; if (isset($_FILES) && isset($_FILES['file_'.$fileTarget])) { - $fileId = (int)$_POST['id_'.$fileTarget]; + $fileId = (int) $_POST['id_'.$fileTarget]; if (!$isAllowedToEdit) { if (api_is_coach()) { if (!DocumentManager::is_visible_by_id( @@ -246,7 +246,6 @@ switch ($action) { } } - $documentInfo = DocumentManager::get_document_data_by_id( $fileId, $courseInfo['code'], @@ -261,9 +260,9 @@ switch ($action) { true ); // Check whether the document is in the database. - if (!empty($documentInfo) ) { + if (!empty($documentInfo)) { $file = $_FILES['file_'.$fileTarget]; - if ($documentInfo['filetype'] == 'file') { + if ($documentInfo['filetype'] == 'file') { $deleteDocument = DocumentManager::writeContentIntoDocument( $courseInfo, null, @@ -290,9 +289,7 @@ switch ($action) { header("Location: $currentUrl"); exit; - } - } break; exit(); diff --git a/main/inc/lib/document.lib.php b/main/inc/lib/document.lib.php index d650a8ccc3..03d1ea0c5e 100644 --- a/main/inc/lib/document.lib.php +++ b/main/inc/lib/document.lib.php @@ -5646,7 +5646,7 @@ class DocumentManager "#!", [ 'data-id' => $randomUploadName, - 'class' => 'removeHiddenFile' + 'class' => 'removeHiddenFile', ] ); $html = " @@ -6660,6 +6660,158 @@ class DocumentManager return $list; } + /** + * Writes the content of a sent file to an existing one in the system, backing up the previous one. + * + * @param array $_course + * @param string $path Path stored in the database + * @param string $base_work_dir Path to the documents folder (if not defined, $documentId must be used) + * @param int $sessionId The ID of the session, if any + * @param int $documentId The document id, if available + * @param int $groupId iid + * @param file $file $_FILES content + * + * @return bool true/false + */ + public static function writeContentIntoDocument( + $_course, + $path = null, + $base_work_dir = null, + $sessionId = null, + $documentId = null, + $groupId = 0, + $file + ) { + $TABLE_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT); + + $documentId = (int) $documentId; + $groupId = (int) $groupId; + if (empty($groupId)) { + $groupId = api_get_group_id(); + } + + $sessionId = (int) $sessionId; + if (empty($sessionId)) { + $sessionId = api_get_session_id(); + } + + $course_id = $_course['real_id']; + + if (empty($course_id)) { + return false; + } + + if (empty($base_work_dir)) { + return false; + } + + if (empty($documentId)) { + $documentId = self::get_document_id($_course, $path, $sessionId); + $docInfo = self::get_document_data_by_id( + $documentId, + $_course['code'], + false, + $sessionId + ); + $path = $docInfo['path']; + } else { + $docInfo = self::get_document_data_by_id( + $documentId, + $_course['code'], + false, + $sessionId + ); + if (empty($docInfo)) { + return false; + } + $path = $docInfo['path']; + } + + if (empty($path) || empty($docInfo) || empty($documentId)) { + return false; + } + + $itemInfo = api_get_item_property_info( + $_course['real_id'], + TOOL_DOCUMENT, + $documentId, + $sessionId, + $groupId + ); + + if (empty($itemInfo)) { + return false; + } + + // File was already deleted. + if ($itemInfo['lastedit_type'] == 'DocumentReplaced' || + $itemInfo['lastedit_type'] == 'replace' || + $itemInfo['visibility'] == 2 + ) { + return false; + } + + // Filtering by group. + if ($itemInfo['to_group_id'] != $groupId) { + return false; + } + $now = new DateTime(); + $now = $now->format('Y_m_d__H_i_s_'); + + $document_exists_in_disk = file_exists($base_work_dir.$path); + $new_path = $path.'_REPLACED_DATE_'.$now.'_ID_'.$documentId; + + $file_deleted_from_disk = false; + $file_deleted_from_disk = true; + $fileMoved = fale; + $file_renamed_from_disk = false; + + if ($document_exists_in_disk) { + // Set visibility to 2 and rename file/folder to xxx_REPLACED_DATE_#date_ID_#id (soft delete) + if (is_file($base_work_dir.$path) || is_dir($base_work_dir.$path)) { + if (rename($base_work_dir.$path, $base_work_dir.$new_path)) { + $file_renamed_from_disk = true; + } else { + // Couldn't rename - file permissions problem? + error_log( + __FILE__.' '.__LINE__.': Error renaming '.$base_work_dir.$path.' to '.$base_work_dir.$new_path.'. This is probably due to file permissions', + 0 + ); + } + } + + if (move_uploaded_file($file['tmp_name'], $base_work_dir.$path)) { + $size = filesize($base_work_dir.$path); + $sql = "UPDATE $TABLE_DOCUMENT + SET size = '".$size."' + WHERE + c_id = $course_id AND + session_id = $sessionId AND + id = ".$documentId; + Database::query($sql); + $fileMoved = true; + } + } + // Checking inconsistency + if ($file_deleted_from_disk || + $file_renamed_from_disk + ) { + return true; + } else { + //Something went wrong + //The file or directory isn't there anymore (on the filesystem) + // This means it has been removed externally. To prevent a + // blocking error from happening, we drop the related items from the + // item_property and the document table. + error_log( + __FILE__.' '.__LINE__.': System inconsistency detected. The file or directory '.$base_work_dir.$path.' seems to have been removed from the filesystem independently from the web platform. To restore consistency, the elements using the same path will be removed from the database', + 0 + ); + + return false; + } + } + /** * Parse file information into a link. * @@ -7104,160 +7256,4 @@ class DocumentManager return $btn; } - - /** - * Writes the content of a sent file to an existing one in the system, backing up the previous one - * - * @param array $_course - * @param string $path Path stored in the database - * @param string $base_work_dir Path to the documents folder (if not defined, $documentId must be used) - * @param int $sessionId The ID of the session, if any - * @param int $documentId The document id, if available - * @param int $groupId iid - * @param file $file $_FILES content - * - * @return bool true/false - * - */ - - public static function writeContentIntoDocument( - $_course, - $path = null, - $base_work_dir = null, - $sessionId = null, - $documentId = null, - $groupId = 0, - $file - ) { - $TABLE_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT); - - $documentId = (int)$documentId; - $groupId = (int)$groupId; - if (empty($groupId)) { - $groupId = api_get_group_id(); - } - - $sessionId = (int)$sessionId; - if (empty($sessionId)) { - $sessionId = api_get_session_id(); - } - - $course_id = $_course['real_id']; - - if (empty($course_id)) { - return false; - } - - if (empty($base_work_dir)) { - return false; - } - - if (empty($documentId)) { - $documentId = self::get_document_id($_course, $path, $sessionId); - $docInfo = self::get_document_data_by_id( - $documentId, - $_course['code'], - false, - $sessionId - ); - $path = $docInfo['path']; - } else { - $docInfo = self::get_document_data_by_id( - $documentId, - $_course['code'], - false, - $sessionId - ); - if (empty($docInfo)) { - return false; - } - $path = $docInfo['path']; - } - - if (empty($path) || empty($docInfo) || empty($documentId)) { - return false; - } - - $itemInfo = api_get_item_property_info( - $_course['real_id'], - TOOL_DOCUMENT, - $documentId, - $sessionId, - $groupId - ); - - if (empty($itemInfo)) { - return false; - } - - // File was already deleted. - if ($itemInfo['lastedit_type'] == 'DocumentReplaced' || - $itemInfo['lastedit_type'] == 'replace' || - $itemInfo['visibility'] == 2 - ) { - return false; - } - - // Filtering by group. - if ($itemInfo['to_group_id'] != $groupId) { - return false; - } - $now = new DateTime(); - $now = $now->format('Y_m_d__H_i_s_'); - - $document_exists_in_disk = file_exists($base_work_dir.$path); - $new_path = $path.'_REPLACED_DATE_'.$now.'_ID_'.$documentId; - - $file_deleted_from_disk = false; - $file_deleted_from_disk = true; - $fileMoved = fale; - $file_renamed_from_disk = false; - - - if ($document_exists_in_disk) { - // Set visibility to 2 and rename file/folder to xxx_REPLACED_DATE_#date_ID_#id (soft delete) - if (is_file($base_work_dir.$path) || is_dir($base_work_dir.$path)) { - if (rename($base_work_dir.$path, $base_work_dir.$new_path)) { - $file_renamed_from_disk = true; - } else { - // Couldn't rename - file permissions problem? - error_log( - __FILE__.' '.__LINE__.': Error renaming '.$base_work_dir.$path.' to '.$base_work_dir.$new_path.'. This is probably due to file permissions', - 0 - ); - } - } - - if (move_uploaded_file($file['tmp_name'], $base_work_dir.$path)) { - $size = filesize($base_work_dir.$path); - $sql = "UPDATE $TABLE_DOCUMENT - SET size = '".$size."' - WHERE - c_id = $course_id AND - session_id = $sessionId AND - id = ".$documentId; - Database::query($sql); - $fileMoved = true; - - } - } - // Checking inconsistency - if ($file_deleted_from_disk || - $file_renamed_from_disk - ) { - return true; - } else { - //Something went wrong - //The file or directory isn't there anymore (on the filesystem) - // This means it has been removed externally. To prevent a - // blocking error from happening, we drop the related items from the - // item_property and the document table. - error_log( - __FILE__.' '.__LINE__.': System inconsistency detected. The file or directory '.$base_work_dir.$path.' seems to have been removed from the filesystem independently from the web platform. To restore consistency, the elements using the same path will be removed from the database', - 0 - ); - - return false; - } - } }