diff --git a/main/document/document.inc.php b/main/document/document.inc.php index 0d0bec931c..753a5a58cf 100755 --- a/main/document/document.inc.php +++ b/main/document/document.inc.php @@ -349,15 +349,17 @@ function build_edit_icons($document_data, $id, $is_template, $is_read_only = 0, } else { $req_gid = ''; } - $document_id = $document_data['id']; + $document_id = $document_data['id']; - - $type = $document_data['filetype']; - $path = $document_data['path']; - $parent_id = DocumentManager::get_document_id(api_get_course_info(), dirname($path)); - $visibility= $document_data['visibility']; - $is_read_only= $document_data['readonly']; - $curdirpath = dirname($document_data['path']); + $type = $document_data['filetype']; + $visibility = $document_data['visibility']; + $is_read_only = $document_data['readonly']; + $path = $document_data['path']; + $parent_id = DocumentManager::get_document_id(api_get_course_info(), dirname($path)); + $curdirpath = dirname($document_data['path']); + $is_certificate_mode = DocumentManager::is_certificate_mode($path); + $curdirpath = urlencode($curdirpath); + $extension = pathinfo($path, PATHINFO_EXTENSION); // Build URL-parameters for table-sorting $sort_params = array(); @@ -374,59 +376,98 @@ function build_edit_icons($document_data, $id, $is_template, $is_read_only = 0, $sort_params[] = 'direction='.Security::remove_XSS($_GET['direction']); } $sort_params = implode('&', $sort_params); - $visibility_icon = ($visibility == 0) ? 'invisible' : 'visible'; + $visibility_icon = ($visibility == 0) ? 'invisible' : 'visible'; $visibility_command = ($visibility == 0) ? 'set_visible' : 'set_invisible'; - $curdirpath = urlencode($curdirpath); - - $is_certificate_mode = DocumentManager::is_certificate_mode($path); - $modify_icons = ''; - $cur_ses = api_get_session_id(); - $extension = pathinfo($path, PATHINFO_EXTENSION); + + $modify_icons = ''; + // If document is read only *or* we're in a session and the document // is from a non-session context, hide the edition capabilities - if ($is_read_only /*or ($session_id!=$cur_ses)*/) { - $modify_icons = Display::return_icon('edit_na.png', get_lang('Modify'),'',22); - $modify_icons .= ' '.Display::return_icon('delete_na.png', get_lang('Delete'),array(), 22); - $modify_icons .= ' '.Display::return_icon('move.png', get_lang('Move'),array(), 22); - if (api_is_allowed_to_edit() || api_is_platform_admin()){ + if ($is_read_only /*or ($session_id!=api_get_session_id())*/) { + if (api_is_course_admin() || api_is_platform_admin()) { + if($extension=='svg' && api_browser_support('svg') && api_get_setting('enabled_support_svg') == 'true') { + $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; + } elseif($extension=='png' || $extension=='jpg' || $extension=='jpeg' || $extension=='bmp' || $extension=='gif' ||$extension=='pxd' && api_get_setting('enabled_support_pixlr') == 'true'){ + $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; + } else { + $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; + } + } else { + $modify_icons = Display::return_icon('edit_na.png', get_lang('Modify'),'',22); + } + $modify_icons .= ' '.Display::return_icon('move_na.png', get_lang('Move'),array(), 22); + if (api_is_allowed_to_edit() || api_is_platform_admin()) { $modify_icons .= ' '.Display::return_icon($visibility_icon.'.png', get_lang('VisibilityCannotBeChanged'),'',22); } + $modify_icons .= ' '.Display::return_icon('delete_na.png', get_lang('Delete'),array(), 22); } else { + if ($is_certificate_mode) { //$modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; - $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; - + $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; } else { - if($extension=='svg' && api_browser_support('svg') && api_get_setting('enabled_support_svg') == 'true'){ - $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; - } elseif($extension=='png' || $extension=='jpg' || $extension=='jpeg' || $extension=='bmp' || $extension=='gif' ||$extension=='pxd' && api_get_setting('enabled_support_pixlr') == 'true'){ - $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; + if (api_get_session_id()) { + if ($document_data['session_id'] == api_get_session_id()) { + if ($extension=='svg' && api_browser_support('svg') && api_get_setting('enabled_support_svg') == 'true') { + $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; + } elseif($extension=='png' || $extension=='jpg' || $extension=='jpeg' || $extension=='bmp' || $extension=='gif' ||$extension=='pxd' && api_get_setting('enabled_support_pixlr') == 'true'){ + $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; + } else { + $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; + } + } else { + $modify_icons .= ' '.Display::return_icon('edit_na.png', get_lang('Edit'),array(), 22).''; + + } } else { - $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; + if($extension=='svg' && api_browser_support('svg') && api_get_setting('enabled_support_svg') == 'true') { + $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; + } elseif($extension=='png' || $extension=='jpg' || $extension=='jpeg' || $extension=='bmp' || $extension=='gif' ||$extension=='pxd' && api_get_setting('enabled_support_pixlr') == 'true'){ + $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; + } else { + $modify_icons = ''.Display::return_icon('edit.png', get_lang('Modify'),'',22).''; + } } } - if ($is_certificate_mode) { - $modify_icons .= ' '.Display::return_icon('move.png', get_lang('Move'),array(), 22).''; - $modify_icons .= ' '. - Display::return_icon($visibility_icon.'.png', get_lang('Move'),array(), 22).''; + //$modify_icons .= ' '.Display::return_icon('move.png', get_lang('Move'),array(), 22).''; + $modify_icons .= ' '.Display::return_icon('move_na.png', get_lang('Move'),array(), 22).''; + $modify_icons .= ' '.Display::return_icon($visibility_icon.'.png', get_lang('Move'),array(), 22).''; + + //$modify_icons .= ' '. + Display::return_icon($visibility_icon.'.png', get_lang('VisibilityCannotBeChanged'),array(), 22).''; } else { - $modify_icons .= ' '.Display::return_icon('move.png', get_lang('Move'),array(), 22).''; - if(api_is_allowed_to_edit() || api_is_platform_admin()){ - $modify_icons .= ' '.Display::return_icon($visibility_icon.'.png', get_lang('VisibilityCannotBeChanged'),'',22).''; + if (api_get_session_id()) { + if ($document_data['session_id'] == api_get_session_id()) { + $modify_icons .= ' '.Display::return_icon('move.png', get_lang('Move'),array(), 22).''; + } else { + $modify_icons .= ' '.Display::return_icon('move_na.png', get_lang('Move'),array(), 22).''; + } + } else { + $modify_icons .= ' '.Display::return_icon('move.png', get_lang('Move'),array(), 22).''; + } + if (api_is_allowed_to_edit() || api_is_platform_admin()) { + $modify_icons .= ' '.Display::return_icon($visibility_icon.'.png', get_lang('ChangeVisibility'),'',22).''; } } if (in_array($path, array('/audio', '/flash', '/images', '/shared_folder', '/video', '/chat_files', '/certificates'))) { $modify_icons .= ' '.Display::return_icon('delete_na.png', get_lang('ThisFolderCannotBeDeleted'),array(), 22); } else { - - if (isset($_GET['curdirpath']) && $_GET['curdirpath']=='/certificates' && DocumentManager::get_default_certificate_id(api_get_course_id())==$id) { + if (isset($_GET['curdirpath']) && $_GET['curdirpath']=='/certificates' && DocumentManager::get_default_certificate_id(api_get_course_id())==$id) { $modify_icons .= ' '.Display::return_icon('delete.png', get_lang('Delete'),array(), 22).''; } else { if ($is_certificate_mode) { $modify_icons .= ' '.Display::return_icon('delete.png', get_lang('Delete'),array(), 22).''; } else { - $modify_icons .= ' '.Display::return_icon('delete.png', get_lang('Delete'),array(), 22).''; + if (api_get_session_id()) { + if ($document_data['session_id'] == api_get_session_id()) { + $modify_icons .= ' '.Display::return_icon('delete.png', get_lang('Delete'),array(), 22).''; + } else { + $modify_icons .= ' '.Display::return_icon('delete_na.png', get_lang('ThisFolderCannotBeDeleted'),array(), 22); + } + } else { + $modify_icons .= ' '.Display::return_icon('delete.png', get_lang('Delete'),array(), 22).''; + } } } } @@ -676,13 +717,11 @@ function is_my_shared_folder($user_id, $path, $current_session_id) { $main_user_shared_folder = '/shared_folder\/sf_user_'.$user_id.'\//';//for security does not remove the last slash $main_user_shared_folder_session='/shared_folder_session_'.$current_session_id.'\/sf_user_'.$user_id.'\//';//for security does not remove the last slash - if(preg_match($main_user_shared_folder, $clean_path)){ + if (preg_match($main_user_shared_folder, $clean_path)){ return true; - } - elseif(preg_match($main_user_shared_folder_session, $clean_path)){ + } elseif(preg_match($main_user_shared_folder_session, $clean_path)) { return true; - } - else{ + } else { return false; } } @@ -720,6 +759,4 @@ function is_browser_viewable($file_extension) { return api_browser_support('svg'); } return $result; -} - -?> +} \ No newline at end of file diff --git a/main/document/document.php b/main/document/document.php index 8cc4e3f730..cdb6fa5718 100755 --- a/main/document/document.php +++ b/main/document/document.php @@ -69,7 +69,11 @@ DocumentManager::create_directory_certificate_in_course($course_id); //Hack in order to use document.php?id=X if (isset($_GET['id'])) { - $document_data = DocumentManager::get_document_data_by_id($_GET['id'], api_get_course_id()); + $document_data = DocumentManager::get_document_data_by_id($_GET['id'], api_get_course_id()); + $parent_id = DocumentManager::get_document_id(api_get_course_info(), dirname($document_data['path'])); + if (!$parent_id) { + $parent_id = 0; + } //@todo replace all $_GET['curdirpath'] = $document_data['path']; } @@ -208,7 +212,8 @@ require_once $lib_path.'fileUpload.lib.php'; // Check the path // If the path is not found (no document id), set the path to / -if (!DocumentManager::get_document_id($_course, $curdirpath)) { +$document_id = DocumentManager::get_document_id($_course, $curdirpath); +if (!$document_id) { $curdirpath = '/'; // Urlencoded version $curdirpathurl = '%2F'; @@ -218,7 +223,7 @@ if ($to_group_id != 0 && $curdirpath == '/') { $curdirpath = $group_properties['directory']; $curdirpathurl = urlencode($group_properties['directory']); } - +$current_folder_id = $document_id; // Check visibility of the current dir path. Don't show anything if not allowed //@todo check this validation for coaches @@ -231,13 +236,12 @@ if (!$is_allowed_to_edit && api_is_coach()) { } /* Constants and variables */ - $current_session_id = api_get_session_id(); /* Create shared folders */ -if($current_session_id==0){ +if ($current_session_id==0) { //Create shared folder. Necessary for courses recycled. Allways session_id should be zero. Allway should be created from a base course, never from a session. if (!file_exists($base_work_dir.'/shared_folder')) { $usf_dir_title = get_lang('UserFolders'); @@ -314,9 +318,7 @@ if (isset($_GET['action']) && $_GET['action'] == 'download') { // Download a folder if (isset($_GET['action']) && $_GET['action'] == 'downloadfolder' && (api_get_setting('students_download_folders') == 'true' || api_is_allowed_to_edit() || api_is_platform_admin())) { - //filter when I am into shared folder, I can donwload only my shared folder - if(is_any_user_shared_folder($_GET['path'],$current_session_id)){ if(is_my_shared_folder(api_get_user_id(), $_GET['path'], $current_session_id) || api_is_allowed_to_edit() || api_is_platform_admin()){ require 'downloadfolder.inc.php'; @@ -752,12 +754,10 @@ if (isset($_GET['curdirpath']) && $_GET['curdirpath'] == '/certificates' && isse /* GET ALL DOCUMENT DATA FOR CURDIRPATH */ if(isset($_GET['keyword']) && !empty($_GET['keyword'])) { - $docs_and_folders = DocumentManager::get_all_document_data($_course, $curdirpath, $to_group_id, null, $is_allowed_to_edit || $group_member_with_upload_rights, $search=true); - -}else{ + $docs_and_folders = DocumentManager::get_all_document_data($_course, $curdirpath, $to_group_id, null, $is_allowed_to_edit || $group_member_with_upload_rights, $search=true); +} else { $docs_and_folders = DocumentManager::get_all_document_data($_course, $curdirpath, $to_group_id, null, $is_allowed_to_edit || $group_member_with_upload_rights, $search=false); } - $folders = DocumentManager::get_all_document_folders($_course, $to_group_id, $is_allowed_to_edit || $group_member_with_upload_rights); if ($folders === false) { $folders = array(); @@ -775,13 +775,12 @@ if ($is_allowed_to_edit || $group_member_with_upload_rights){ $form->display(); echo ''; } -/* GO TO PARENT DIRECTORY */ +/* GO TO PARENT DIRECTORY */ if ($curdirpath!= '/' && $curdirpath != $group_properties['directory'] && !$is_certificate_mode) { -?> - - -'; + echo Display::display_icon('folder_up.png', get_lang('Up'),'','32'); + echo ''; } if ($is_certificate_mode && $curdirpath != '/certificates') { @@ -792,7 +791,6 @@ if ($is_certificate_mode && $curdirpath != '/certificates') { } if (isset($docs_and_folders) && is_array($docs_and_folders)) { - //echo('
');
     //print_r($docs_and_folders);
     //echo('
'); @@ -804,43 +802,43 @@ if (isset($docs_and_folders) && is_array($docs_and_folders)) { $sortable_data = array(); //while (list($key, $id) = each($docs_and_folders)) { - foreach ($docs_and_folders as $key=>$id) { + foreach ($docs_and_folders as $key => $document_data) { $row = array(); // If the item is invisible, wrap it in a span with class invisible - $invisibility_span_open = ($id['visibility'] == 0) ? '' : ''; + $invisibility_span_open = ($document_data['visibility'] == 0) ? '' : ''; // Size (or total size of a directory) - $size = $id['filetype'] == 'folder' ? get_total_folder_size($id['path'], $is_allowed_to_edit) : $id['size']; + $size = $document_data['filetype'] == 'folder' ? get_total_folder_size($document_data['path'], $is_allowed_to_edit) : $document_data['size']; // Get the title or the basename depending on what we're using - if ($use_document_title == 'true' && $id['title'] != '') { - $document_name = $id['title']; + if ($use_document_title == 'true' && $document_data['title'] != '') { + $document_name = $document_data['title']; } else { - $document_name = basename($id['path']); + $document_name = basename($document_data['path']); } // Data for checkbox if (($is_allowed_to_edit || $group_member_with_upload_rights) && count($docs_and_folders) > 1) { - $row[] = $id['path']; + $row[] = $document_data['path']; } // Hide HotPotatoes Certificates and all css folders - if ($id['path']=='/HotPotatoes_files' || $id['path']=='/certificates' || basename($id['path'])=='css'){ + if ($document_data['path']=='/HotPotatoes_files' || $document_data['path']=='/certificates' || basename($document_data['path'])=='css'){ continue; } //Admin setting for Hide/Show the folders of all users - if (api_get_setting('show_users_folders') == 'false' && ($id['path']=='/shared_folder' || strstr($id['path'], 'shared_folder_session_'))){ + if (api_get_setting('show_users_folders') == 'false' && ($document_data['path']=='/shared_folder' || strstr($document_data['path'], 'shared_folder_session_'))){ continue; } //Admin setting for Hide/Show Default folders to all users - if (api_get_setting('show_default_folders') == 'false' && ($id['path']=='/images' || $id['path']=='/flash' || $id['path']=='/audio' || $id['path']=='/video')){ + if (api_get_setting('show_default_folders') == 'false' && ($document_data['path']=='/images' || $document_data['path']=='/flash' || $document_data['path']=='/audio' || $document_data['path']=='/video')){ continue; } //Admin setting for Hide/Show chat history folder - if (api_get_setting('show_chat_folder') == 'false' && $id['path']=='/chat_files'){ + if (api_get_setting('show_chat_folder') == 'false' && $document_data['path']=='/chat_files'){ continue; } @@ -848,42 +846,40 @@ if (isset($docs_and_folders) && is_array($docs_and_folders)) { $user_link = ''; if (isset($_SESSION['_gid']) && $_SESSION['_gid'] != '') { - if (!empty($id['insert_user_id'])) { - $user_info = UserManager::get_user_info_by_id($id['insert_user_id']); + if (!empty($document_data['insert_user_id'])) { + $user_info = UserManager::get_user_info_by_id($document_data['insert_user_id']); $user_name = api_get_person_name($user_info['firstname'], $user_info['lastname']); - $user_link = '
'.get_lang('Owner').': '.display_user_link_document($id['insert_user_id'], $user_name).'
'; + $user_link = '
'.get_lang('Owner').': '.display_user_link_document($document_data['insert_user_id'], $user_name).'
'; } } // Icons (clickable) - //$row[]= build_document_icon_tag($id['filetype'],$id['path']); - $row[] = create_document_link($id, true); + $row[] = create_document_link($document_data, true); // Validacion when belongs to a session - $session_img = api_get_session_image($id['session_id'], $_user['status']); + $session_img = api_get_session_image($document_data['session_id'], $_user['status']); // Document title with hyperlink - $row[] = create_document_link($id).$session_img.'
'.$invisibility_span_open.nl2br(htmlspecialchars($id['comment'],ENT_QUOTES,$charset)).$invisibility_span_close.$user_link; + $row[] = create_document_link($document_data).$session_img.'
'.$invisibility_span_open.''.nl2br(htmlspecialchars($document_data['comment'],ENT_QUOTES,$charset)).''.$invisibility_span_close.$user_link; // Comments => display comment under the document name - //$row[] = $invisibility_span_open.nl2br(htmlspecialchars($id['comment'])).$invisibility_span_close; $display_size = format_file_size($size); $row[] = ''.$size.''.$invisibility_span_open.$display_size.$invisibility_span_close; // Last edit date - $last_edit_date = $id['lastedit_date']; + $last_edit_date = $document_data['lastedit_date']; $last_edit_date = api_get_local_time($last_edit_date, null, date_default_timezone_get()); //$display_date = date_to_str_ago($last_edit_date).'
'.api_format_date($last_edit_date).''; $display_date = date_to_str_ago($last_edit_date); $row[] = $invisibility_span_open.$display_date.$invisibility_span_close; // Admins get an edit column if ($is_allowed_to_edit || $group_member_with_upload_rights || is_my_shared_folder(api_get_user_id(), $curdirpath, $current_session_id)) { - $is_template = isset($id['is_template']) ? $id['is_template'] : false; + $is_template = isset($document_data['is_template']) ? $document_data['is_template'] : false; // If readonly, check if it the owner of the file or if the user is an admin - if ($id['insert_user_id'] == api_get_user_id() || api_is_platform_admin()) { - $edit_icons = build_edit_icons($id, $key, $is_template, 0); - } else { - $edit_icons = build_edit_icons($curdirpath, $id['filetype'], $id['path'], $id['visibility'], $key, $is_template, $id['readonly']); + if ($document_data['insert_user_id'] == api_get_user_id() || api_is_platform_admin()) { + $edit_icons = build_edit_icons($document_data, $key, $is_template, 0); + } else { + $edit_icons = build_edit_icons($document_data, $key, $is_template, $document_data['readonly']); } $row[] = $edit_icons; } @@ -952,15 +948,11 @@ if ($is_allowed_to_edit || $group_member_with_upload_rights || is_my_shared_fold } // File upload link if ($is_certificate_mode) { -?> - - -'; + echo Display::display_icon('upload_certificate.png', get_lang('UploadCertificate'),'','32').''; } else { -?> - - -'; + echo Display::display_icon('upload_file.png', get_lang('UplUploadDocument'),'','32').''; } // Create directory if (!$is_certificate_mode) { diff --git a/main/document/edit_document.php b/main/document/edit_document.php index 12172e6f41..3e850e3810 100755 --- a/main/document/edit_document.php +++ b/main/document/edit_document.php @@ -96,18 +96,19 @@ if (api_is_in_group()) { } if (isset($_GET['id'])) { - $document_data = DocumentManager::get_document_data_by_id($_GET['id'], api_get_course_id()); + $document_data = DocumentManager::get_document_data_by_id($_GET['id'], api_get_course_id()); if (empty($document_data)) { api_not_allowed(); } - $document_id = $document_data['id']; - $dir = dirname($document_data['path']); - $parent_id = DocumentManager::get_document_id(api_get_course_info(), $dir); + $document_id = $document_data['id']; + $file = $document_data['path']; + $parent_id = DocumentManager::get_document_id(api_get_course_info(), dirname($file)); + $dir = dirname($document_data['path']); + $dir_original = $dir; - $dir_original = $dir; - $file = $document_data['path']; - $doc = basename($file); + $doc = basename($file); $my_cur_dir_path = Security::remove_XSS($_GET['curdirpath']); + } else { $dir = Security::remove_XSS($_GET['curdirpath']); $dir_original = $dir; @@ -122,12 +123,9 @@ $is_certificate_mode = DocumentManager::is_certificate_mode($dir); $call_from_tool = Security::remove_XSS($_GET['origin']); $slide_id = Security::remove_XSS($_GET['origin_opt']); -//echo('dir: '.$dir.'
'); $file_name = $doc; -//echo('file_name: '.$file_name.'
'); $baseServDir = api_get_path(SYS_COURSE_PATH); -$baseServUrl = $_configuration['url_append'].'/'; $courseDir = $_course['path'].'/document'; $baseWorkDir = $baseServDir.$courseDir; $group_document = false; @@ -222,27 +220,14 @@ if (!is_allowed_to_edit()) { Step 2. React on POST data (Step 1 see below) */ -if (isset($_POST['newComment'])) { - // Fixing the path if it is wrong - $commentPath = str_replace('//', '/', Database::escape_string(Security::remove_XSS($_POST['commentPath']))); - $newComment = trim(Database::escape_string($_POST['newComment'])); // Remove spaces - $newTitle = trim(Database::escape_string($_POST['newTitle'])); // Remove spaces - // Check whether there is already a database record for this file - $result = Database::query ("SELECT * FROM $dbTable WHERE path LIKE BINARY '".$commentPath."'"); - while ($row = Database::fetch_array($result, 'ASSOC')) { - $attribute['path' ] = $row['path' ]; - $attribute['comment' ] = $row['title']; - } - // Determine the correct query to the DB, - // new code always keeps document in database - $query = "UPDATE $dbTable - SET comment='".$newComment."', title='".$newTitle."' - WHERE path LIKE BINARY '".$commentPath."'"; - Database::query($query); - $oldComment = $newComment; - $oldTitle = $newTitle; +if (isset($_POST['comment'])) { + // Fixing the path if it is wrong + $comment = trim(Database::escape_string($_POST['comment'])); + $title = trim(Database::escape_string($_POST['title'])); + $query = "UPDATE $dbTable SET comment='".$comment."', title='".$title."' WHERE id = ".$document_id; + Database::query($query); $comments_updated = get_lang('ComMod'); - $info_message = get_lang('fileModified'); + $info_message = get_lang('fileModified'); } /* Code to change the name @@ -251,7 +236,6 @@ if (isset($_POST['newComment'])) { if (isset($_POST['renameTo'])) { $info_message = change_name($baseWorkDir, $_GET['sourceFile'], $_POST['renameTo'], $dir, $doc); - //assume name change was successful } /* Code to change the comment @@ -259,7 +243,7 @@ if (isset($_POST['renameTo'])) { /** TODO: Check whether this code is still used **/ /* Search the old comment */ // RH: metadata: added 'id,' -$result = Database::query("SELECT id,comment,title FROM $dbTable WHERE path LIKE BINARY '$dir$doc'"); +$result = Database::query("SELECT id, comment, title FROM $dbTable WHERE id = ".$document_id); /* // Debug info - enable on temporary needs only. @@ -271,8 +255,8 @@ Display::display_normal_message($message); while ($row = Database::fetch_array($result, 'ASSOC')) { $oldComment = $row['comment']; - $oldTitle = $row['title']; - $docId = $row['id']; // RH: metadata + $oldTitle = $row['title']; + $docId = $row['id']; // RH: metadata } /* WYSIWYG HTML EDITOR - Program Logic */ @@ -281,10 +265,8 @@ if ($is_allowed_to_edit) { if ($_POST['formSent'] == 1) { if (isset($_POST['renameTo'])) { $_POST['filename'] = disable_dangerous_file($_POST['renameTo']); - $extension = explode('.', $_POST['filename']); $extension = $extension[sizeof($extension) - 1]; - $_POST['filename'] = str_replace('.'.$extension, '', $_POST['filename']); } @@ -296,22 +278,27 @@ if ($is_allowed_to_edit) { if (!strstr($content, '/css/frames.css')) { $content=str_replace('', '', $content); } + /* if (!ctype_alnum($_POST['extension'])) { header('Location: document.php?msg=WeirdExtensionDeniedInPost'); exit (); - } + }*/ $extension = $_POST['extension']; $file = $dir.$filename.'.'.$extension; $read_only_flag = $_POST['readonly']; $read_only_flag = empty($read_only_flag) ? 0 : 1; - + $show_edit = $_SESSION['showedit']; - //unset($_SESSION['showedit']); api_session_unregister('showedit'); if (empty($filename)) { $msgError = get_lang('NoFileName'); - } else { + } else { + if ($document_data['filetype'] == 'file') { + $file_size = filesize($filepath.$filename.'.'.$extension); + } else { + $file_size = filesize($filepath.$filename); + } if ($read_only_flag == 0) { if (!empty($content)) { if ($fp = @fopen($filepath.$filename.'.'.$extension, 'w')) { @@ -348,8 +335,7 @@ if ($is_allowed_to_edit) { // "WHAT'S NEW" notification: update table item_property $document_id = DocumentManager::get_document_id($_course, $file); - if ($document_id) { - $file_size = filesize($filepath.$filename.'.'.$extension); + if ($document_id) { update_existing_document($_course, $document_id, $file_size, $read_only_flag); api_item_property_update($_course, TOOL_DOCUMENT, $document_id, 'DocumentUpdated', api_get_user_id(), null, null, null, null, $current_session_id); // Update parent folders @@ -367,35 +353,15 @@ if ($is_allowed_to_edit) { } else { $msgError = get_lang('Impossible'); } - } else { - if (is_file($filepath.$filename.'.'.$extension)) { - $file_size = filesize($filepath.$filename.'.'.$extension); - $document_id = DocumentManager::get_document_id($_course, $file); - if ($document_id) { - update_existing_document($_course, $document_id, $file_size, $read_only_flag); - } - } - } - } else { - if (is_file($filepath.$filename.'.'.$extension)) { - $file_size = filesize($filepath.$filename.'.'.$extension); - $document_id = DocumentManager::get_document_id($_course, $file); - + } else { if ($document_id) { - update_existing_document($_course, $document_id, $file_size, $read_only_flag); - } - } - - if (empty($document_id)) { // or if is a folder - $folder = $_POST['file_path']; - $document_id = DocumentManager::get_document_id($_course, $folder); - - if (DocumentManager::is_folder($_course, $document_id)) { - if ($document_id) { - update_existing_document($_course, $document_id, $file_size, $read_only_flag); - } + update_existing_document($_course, $document_id, $file_size, $read_only_flag); } } + } else { + if ($document_id) { + update_existing_document($_course, $document_id, $file_size, $read_only_flag); + } } } } @@ -449,7 +415,6 @@ $document_info = api_get_item_property_info(api_get_course_int_id(),'document', $owner_id = $document_info['insert_user_id']; $last_edit_date = $document_info['lastedit_date']; - if ($owner_id == api_get_user_id() || api_is_platform_admin() || $is_allowed_to_edit || GroupManager :: is_user_in_group(api_get_user_id(), api_get_group_id() )) { $get_cur_path = $dir; $action = api_get_self().'?sourceFile='.urlencode($file_name).'&id='.$document_data['id']; @@ -469,8 +434,8 @@ if ($owner_id == api_get_user_id() || api_is_platform_admin() || $is_allowed_to_ $form->addElement('hidden', 'origin_opt'); if ($use_document_title) { - $form->add_textfield('newTitle', get_lang('Title')); - $defaults['newTitle'] = $oldTitle; + $form->add_textfield('title', get_lang('Title')); + $defaults['title'] = $oldTitle; } else { $form->addElement('hidden', 'renameTo'); } @@ -504,7 +469,7 @@ if ($owner_id == api_get_user_id() || api_is_platform_admin() || $is_allowed_to_ $form->addElement('static', null, get_lang('UpdatedOn'), $display_date); } - $form->addElement('textarea', 'newComment', get_lang('Comment'), 'rows="3" style="width:300px;"'); + $form->addElement('textarea', 'comment', get_lang('Comment'), 'rows="3" style="width:300px;"'); /* $renderer = $form->defaultRenderer(); */ @@ -526,7 +491,7 @@ if ($owner_id == api_get_user_id() || api_is_platform_admin() || $is_allowed_to_ $defaults['file_path'] = Security::remove_XSS($_GET['file']); $defaults['commentPath'] = $file; $defaults['renameTo'] = $file_name; - $defaults['newComment'] = $oldComment; + $defaults['comment'] = $oldComment; $defaults['origin'] = Security::remove_XSS($_GET['origin']); $defaults['origin_opt'] = Security::remove_XSS($_GET['origin_opt']); @@ -605,16 +570,17 @@ function change_name($base_work_dir, $source_file, $rename_to, $dir, $doc) { function show_return($document_id, $path, $call_from_tool='', $slide_id=0, $is_certificate_mode=false) { $pathurl = urlencode($path); echo '
'; + if ($is_certificate_mode) { echo ''.Display::return_icon('back.png',get_lang('Back').' '.get_lang('To').' '.get_lang('CertificateOverview'),'','32').''; } elseif($call_from_tool=='slideshow') { echo ''.Display::return_icon('slideshow.png', get_lang('BackTo').' '.get_lang('ViewSlideshow'),'','32').''; } elseif($call_from_tool=='editdraw') { echo ''.Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview'),'','32').''; - echo ''.Display::return_icon('draw.png',get_lang('BackTo').' '.get_lang('Draw'),'','32').''; + echo ''.Display::return_icon('draw.png', get_lang('BackTo').' '.get_lang('Draw'), array(), 32).''; } elseif($call_from_tool=='editpaint'){ - echo ''.Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview'),'','32').''; - echo ''.Display::return_icon('paint.png',get_lang('BackTo').' '.get_lang('Paint')).''; + echo ''.Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview'), array(), '32').''; + echo ''.Display::return_icon('paint.png', get_lang('BackTo').' '.get_lang('Paint'), array(), 32).''; } else { echo ''.Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview'),'','32').''; } diff --git a/main/document/edit_paint.php b/main/document/edit_paint.php index f58bc70382..0a0724c7bb 100644 --- a/main/document/edit_paint.php +++ b/main/document/edit_paint.php @@ -48,6 +48,8 @@ $filename=$temp_file[0]; $nameTools = get_lang('EditDocument') . ': '.$filename; $dir = Security::remove_XSS($_GET['curdirpath']); +$document_id = DocumentManager::get_document_id(api_get_course_info(), $get_file); + $courseDir = $_course['path'].'/document'; $is_allowed_to_edit = api_is_allowed_to_edit(null, true); @@ -107,8 +109,8 @@ Display :: display_header($nameTools, 'Doc'); echo '
'; echo ''.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('DocumentsOverview'),'','32').''; - echo ''.Display::return_icon('edit.png',get_lang('Rename').'/'.get_lang('Comment' ),'','32').''; -echo '
'; + echo ''.Display::return_icon('edit.png', get_lang('Rename').'/'.get_lang('Comment' ),'','32').''; +echo '
'; ///pixlr $title=$file;//disk name. No sql name because pixlr return this when save diff --git a/main/document/upload.php b/main/document/upload.php index 8083d7e2db..0bcce7a8ce 100755 --- a/main/document/upload.php +++ b/main/document/upload.php @@ -109,6 +109,7 @@ $sys_course_path = api_get_path(SYS_COURSE_PATH); $base_work_dir = $sys_course_path.$courseDir; $noPHP_SELF = true; +/* // What's the current path? if (isset($_GET['curdirpath']) && $_GET['curdirpath'] != '') { $path = $_GET['curdirpath']; @@ -116,15 +117,19 @@ if (isset($_GET['curdirpath']) && $_GET['curdirpath'] != '') { $path = $_POST['curdirpath']; } else { $path = '/'; -} +}*/ -// Check the path: if the path is not found (no document id), set the path to / -if (!DocumentManager::get_document_id($_course, $path)) { - $path = '/'; +$document_data = DocumentManager::get_document_data_by_id($_REQUEST['id'], api_get_course_id()); +if (empty($document_data)) { + api_not_allowed(); } +$document_id = $document_data['id']; +$path = $document_data['path']; +$parent_id = DocumentManager::get_document_id(api_get_course_info(), dirname($path)); // This needs cleaning! -if (api_get_group_id()) { // If the group id is set, check if the user has the right to be here +if (api_get_group_id()) { + // If the group id is set, check if the user has the right to be here // Needed for group related stuff require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php'; // Get group info @@ -138,7 +143,9 @@ if (api_get_group_id()) { // If the group id is set, check if the user has the r } else { api_not_allowed(true); } -} elseif ($is_allowed_to_edit || is_my_shared_folder($_user['user_id'], $path,api_get_session_id())) { // Admin for "regular" upload, no group documents. And check if is my shared folder +} elseif ($is_allowed_to_edit || is_my_shared_folder(api_get_user_id(), $path, api_get_session_id())) { + + // Admin for "regular" upload, no group documents. And check if is my shared folder $to_group_id = 0; $req_gid = ''; } else { // No course admin and no group member... @@ -175,7 +182,7 @@ if (isset($_REQUEST['certificate'])) { if ($is_certificate_mode) { $interbreadcrumb[] = array('url' => '../gradebook/'.$_SESSION['gradebook_dest'], 'name' => get_lang('Gradebook')); } else { - $interbreadcrumb[] = array('url' => './document.php?curdirpath='.urlencode($path).$req_gid, 'name'=> get_lang('Documents')); + $interbreadcrumb[] = array('url' => './document.php?id='.$document_id.$req_gid, 'name'=> get_lang('Documents')); } @@ -193,12 +200,11 @@ if (!empty($_FILES)) { // Actions echo '
'; - // Link back to the documents overview if ($is_certificate_mode) { - echo ''.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('CertificateOverview'),'','32').''; + echo ''.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('CertificateOverview'),'','32').''; } else { - echo ''.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('DocumentsOverview'),'','32').''; + echo ''.Display::return_icon('back.png',get_lang('BackTo').' '.get_lang('DocumentsOverview'),'','32').''; } // Link to create a folder @@ -215,6 +221,7 @@ if (!$is_certificate_mode) { } $form = new FormValidator('upload', 'POST', api_get_self(), '', 'enctype="multipart/form-data"'); +$form->addElement('hidden', 'id', $document_id); $form->addElement('hidden', 'curdirpath', $path); $form->addElement('file', 'file', get_lang('File'), 'id="user_upload" size="45"'); $form->addElement('html', '
 
'.get_lang('MaxFileSize').': '.ini_get('upload_max_filesize').'
'.get_lang('DocumentQuota').': '.(round(DocumentManager::get_course_quota()/1000000)-round(DocumentManager::documents_total_space($_course)/1000000)).' M
'); diff --git a/main/inc/lib/document.lib.php b/main/inc/lib/document.lib.php index 3c34b79533..fc15de9b5c 100755 --- a/main/inc/lib/document.lib.php +++ b/main/inc/lib/document.lib.php @@ -561,7 +561,6 @@ class DocumentManager { } //Checking disponibility in a session - //var_dump($my_repeat_ids); foreach($my_repeat_ids as $id) { foreach($doc_list as $row ) { if ($id == $row['id']) { @@ -1899,8 +1898,7 @@ class DocumentManager { SE_USER => api_get_user_id(), ); - var_dump($xapian_data); - echo '
';
+                                //var_dump($xapian_data); echo '
';
                                 
                                 $ic_slide->xapian_data = serialize($xapian_data);
                                 $di = new DokeosIndexer();
@@ -1950,7 +1948,7 @@ class DocumentManager {
                                         $di->addChunk($ic_slide);
                                         // Index and return a new search engine document id
                                         $did = $di->index();
-                                        var_dump($did);
+                                        //var_dump($did);
                                         if ($did) {
                                             // update the search_did on db
                                             $tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF);
@@ -1994,12 +1992,12 @@ class DocumentManager {
                         }
                     }
             
-                    // Check for missing images in html files
+                    /*// Check for missing images in html files
                     $missing_files = check_for_missing_files($base_work_dir.$new_path);
                     if ($missing_files && $show_output) {
                         // Show a form to upload the missing files
                         Display::display_normal_message(build_missing_files_form($missing_files, $path, $files['file']['name']), false);
-                    }
+                    }*/
                     
                     if (!empty($docid) && is_numeric($docid)) {                        
                         $document_data = self::get_document_data_by_id($docid, $course_info['code']);
@@ -2041,7 +2039,6 @@ class DocumentManager {
                 break;
             case 'application/msword':
                 exec("catdoc $doc_path", $output, $ret_val);
-                //var_dump($output);
                 break;
             case 'text/html':
                 exec("html2text $doc_path", $output, $ret_val);
diff --git a/main/inc/lib/fileUpload.lib.php b/main/inc/lib/fileUpload.lib.php
index 6b3a489316..e708a255bc 100755
--- a/main/inc/lib/fileUpload.lib.php
+++ b/main/inc/lib/fileUpload.lib.php
@@ -813,7 +813,7 @@ function add_document($_course, $path, $filetype, $filesize, $title, $comment =
  */
 function update_existing_document($_course, $document_id, $filesize, $readonly = 0) {
 	$document_table = Database::get_course_table(TABLE_DOCUMENT, $_course['dbName']);
-	$sql = "UPDATE $document_table SET size = '$filesize' , readonly = '$readonly' WHERE id='$document_id'";
+	$sql = "UPDATE $document_table SET size = '$filesize' , readonly = '$readonly' WHERE id = $document_id";
 	if (Database::query($sql)) {
 		return true;
 	} else {
@@ -1355,26 +1355,28 @@ function check_for_missing_files($file) {
 function build_missing_files_form($missing_files, $upload_path, $file_name) {
 	// Do we need a / or not?
 	$added_slash = ($upload_path == '/') ? '' : '/';
+	$folder_id      = DocumentManager::get_document_id(api_get_course_info(), $upload_path);   
 	// Build the form
-	$form .= "
".get_lang('MissingImagesDetected')."
\n"
-		."
\n"
+	$form .= "
".get_lang('MissingImagesDetected')."
"
+		.""
 		// Related_file is the path to the file that has missing images
-		."\n"
-		."\n"
-		."\n";
+		.""
+		.""
+		.""
+		."
";
 	foreach ($missing_files as & $this_img_file_path) {
-		$form .= "\n"
-			."\n"
+		$form .= ""
+			.""
 			."\n"
-			."\n";
+			.""
+			."";
 	}
-	$form .= "
".basename($this_img_file_path)." : 
".basename($this_img_file_path)." : "
 			.""
 			.""
-			."
\n"
+	$form .= ""
 		.""
 		.""
-		."
\n";
+		."";
 	return $form;
 }
 
diff --git a/main/upload/upload.document.php b/main/upload/upload.document.php
index 35b796af90..27beffd2b9 100755
--- a/main/upload/upload.document.php
+++ b/main/upload/upload.document.php
@@ -98,9 +98,8 @@ if(isset($_FILES['user_upload']))
 	}
 }
 //missing images are submitted
-if(isset($_POST['submit_image']))
-{
-	$number_of_uploaded_images = count($_FILES['img_file']['name']);
+if(isset($_POST['submit_image'])) {
+	$number_of_uploaded_images = count($_FILES['img_file']['name']);	
 	//if images are uploaded
 	if ($number_of_uploaded_images > 0)
 	{