diff --git a/main/inc/lib/api.lib.php b/main/inc/lib/api.lib.php index d1d96c5b37..dcf9e0a128 100644 --- a/main/inc/lib/api.lib.php +++ b/main/inc/lib/api.lib.php @@ -1349,6 +1349,7 @@ function _api_format_user($user, $add_password = false) } $result['complete_name'] = api_get_person_name($firstname, $lastname); + $result['complete_name_with_username'] = $result['complete_name']; if (!empty($user['username'])) { @@ -1389,12 +1390,12 @@ function _api_format_user($user, $add_password = false) } $user_id = intval($user['user_id']); $result['user_id'] = $user_id; + $saveUserLastLogin = api_get_configuration_value('save_user_last_login'); - if (isset($_configuration['save_user_last_login']) && - $_configuration['save_user_last_login'] - ) { + if ($saveUserLastLogin) { $last_login = $user['last_login']; } else { + if (!isset($user['lastLogin']) && !isset($user['last_login'])) { $timestamp = Tracking::get_last_connection_date($result['user_id'], false, true); // Convert the timestamp back into a datetime @@ -1482,6 +1483,7 @@ function api_get_user_info($user_id = '', $check_if_user_is_online = false, $sho // @todo trigger an exception here return false; } + $sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_USER)." WHERE id='".intval($user_id)."'"; $result = Database::query($sql); @@ -1502,6 +1504,7 @@ function api_get_user_info($user_id = '', $check_if_user_is_online = false, $sho $result_array['user_is_online_in_chat'] = $user_online_in_chat; } $user = _api_format_user($result_array, $show_password); + return $user; } return false; @@ -1709,6 +1712,11 @@ function api_get_course_info($course_code = null, $strict = false) if (!empty($course_code)) { $course_code = Database::escape_string($course_code); $courseId = api_get_course_int_id($course_code); + + if (empty($courseId)) { + return array(); + } + $course_table = Database::get_main_table(TABLE_MAIN_COURSE); $course_cat_table = Database::get_main_table(TABLE_MAIN_CATEGORY); $sql = "SELECT course.*, course_category.code faCode, course_category.name faName @@ -1717,17 +1725,20 @@ function api_get_course_info($course_code = null, $strict = false) ON course.category_code = course_category.code WHERE course.id = $courseId"; $result = Database::query($sql); - $_course = array(); + $courseInfo = array(); if (Database::num_rows($result) > 0) { - $course_data = Database::fetch_array($result); - $_course = api_format_course_array($course_data); + $data = Database::fetch_array($result); + $courseInfo = api_format_course_array($data); } - return $_course; + + return $courseInfo; } + global $_course; if ($_course == '-1') { $_course = array(); } + return $_course; } @@ -5598,8 +5609,10 @@ function api_is_element_in_the_session($tool, $element_id, $session_id = null) { * @return string The cleaned filename. */ -function replace_dangerous_char($filename, $strict = 'loose') +function api_replace_dangerous_char($filename, $strict = 'loose') { + return URLify::filter($filename, 250); + /* // Safe replacements for some non-letter characters. static $search = array(',', "\0", ' ', "\t", "\n", "\r", "\x0B", '/', "\\", '"', "'", '?', '*', '>', '<', '|', ':', '$', '(', ')', '^', '[', ']', '#', '+', '&', '%'); static $replace = array('_', '', '_', '_', '_', '_', '_', '-', '-', '-', '_', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-'); @@ -5633,7 +5646,7 @@ function replace_dangerous_char($filename, $strict = 'loose') $filename = substr($filename, 0, -$extension_len); return substr($filename, 0, 250 - $extension_len).$extension; } - return substr($filename, 0, 250); + return substr($filename, 0, 250);*/ } /** @@ -6531,7 +6544,7 @@ function api_get_home_path() { $access_url_id = api_get_current_access_url_id(); $url_info = api_get_access_url($access_url_id); $url = api_remove_trailing_slash(preg_replace('/https?:\/\//i', '', $url_info['url'])); - $clean_url = replace_dangerous_char($url); + $clean_url = api_replace_dangerous_char($url); $clean_url = str_replace('/', '-', $clean_url); $clean_url .= '/'; // if $clean_url == "localhost/" means that the multiple URL was not well configured we don't rename the $home variable @@ -7731,7 +7744,7 @@ function api_create_protected_dir($name, $parentDirectory) return false; } - $fullPath = $parentDirectory . replace_dangerous_char($name); + $fullPath = $parentDirectory . api_replace_dangerous_char($name); if (mkdir($fullPath, api_get_permissions_for_new_directories(), true)) { $fp = fopen($fullPath . '/index.html', 'w'); diff --git a/main/inc/lib/banner.lib.php b/main/inc/lib/banner.lib.php index ee5e7389dd..8418544035 100755 --- a/main/inc/lib/banner.lib.php +++ b/main/inc/lib/banner.lib.php @@ -388,7 +388,7 @@ function return_menu() { if ($access_url_id != -1) { $url_info = api_get_access_url($access_url_id); $url = api_remove_trailing_slash(preg_replace('/https?:\/\//i', '', $url_info['url'])); - $clean_url = replace_dangerous_char($url); + $clean_url = api_replace_dangerous_char($url); $clean_url = str_replace('/', '-', $clean_url); $clean_url .= '/'; $homep = api_get_path(SYS_PATH).'home/'.$clean_url; //homep for Home Path diff --git a/main/inc/lib/document.lib.php b/main/inc/lib/document.lib.php index dee4b68d80..408c4c1dba 100755 --- a/main/inc/lib/document.lib.php +++ b/main/inc/lib/document.lib.php @@ -319,7 +319,7 @@ class DocumentManager if (!is_file($full_file_name)) { return false; } - $filename = ($name == '') ? basename($full_file_name) : replace_dangerous_char($name); + $filename = ($name == '') ? basename($full_file_name) : api_replace_dangerous_char($name); $len = filesize($full_file_name); // Fixing error when file name contains a "," $filename = str_replace(',', '', $filename); @@ -4571,7 +4571,7 @@ class DocumentManager $title = get_lang('DefaultCertificate'); $comment = null; - $fileName = replace_dangerous_char($title); + $fileName = api_replace_dangerous_char($title); $filePath = api_get_path(SYS_COURSE_PATH) . "{$courseData['path']}/document{$dir}"; $fileFullPath = "{$filePath}/{$fileName}.html"; $fileSize = 0; diff --git a/main/inc/lib/extra_field_option.lib.php b/main/inc/lib/extra_field_option.lib.php index a58bd8ad9d..97b3e9acd6 100755 --- a/main/inc/lib/extra_field_option.lib.php +++ b/main/inc/lib/extra_field_option.lib.php @@ -131,8 +131,7 @@ class ExtraFieldOption extends Model $optionInfo = self::get_field_option_by_field_and_option($params['field_id'], $params['option_value']); // Use URLify only for new items - //$optionValue = URLify::filter($params['option_value']); - $optionValue = replace_dangerous_char($params['option_value']); + $optionValue = api_replace_dangerous_char($params['option_value']); $option = $params['option_value']; if ($optionInfo == false) { @@ -144,6 +143,7 @@ class ExtraFieldOption extends Model 'option_order' => $order, 'tms' => api_get_utc_datetime(), ); + return parent::save($new_params, $show_query); } @@ -244,7 +244,7 @@ class ExtraFieldOption extends Model foreach ($list as $option) { $option_info = self::get_field_option_by_field_and_option($field_id, $option); // Use URLify only for new items - $optionValue = replace_dangerous_char($option); + $optionValue = api_replace_dangerous_char($option); $option = trim($option); if ($option_info == false) { diff --git a/main/inc/lib/extra_field_value.lib.php b/main/inc/lib/extra_field_value.lib.php index 93a1edd38d..8444d2f1c1 100755 --- a/main/inc/lib/extra_field_value.lib.php +++ b/main/inc/lib/extra_field_value.lib.php @@ -216,7 +216,7 @@ class ExtraFieldValue extends Model break; } - $cleanedName = replace_dangerous_char($value['name']); + $cleanedName = api_replace_dangerous_char($value['name']); $fileName = ExtraField::FIELD_TYPE_FILE . "_{$params[$this->handler_id]}_$cleanedName"; if (!file_exists($sysCodePath . $fileDir)) { diff --git a/main/inc/lib/fileManage.lib.php b/main/inc/lib/fileManage.lib.php index f79bb02740..5a7864f619 100755 --- a/main/inc/lib/fileManage.lib.php +++ b/main/inc/lib/fileManage.lib.php @@ -163,7 +163,7 @@ function my_rename($file_path, $new_file_name) { $path = dirname($file_path); $old_file_name = basename($file_path); - $new_file_name = replace_dangerous_char($new_file_name); + $new_file_name = api_replace_dangerous_char($new_file_name); // If no extension, take the old one if ((strpos($new_file_name, '.') === false) && ($dotpos = strrpos($old_file_name, '.'))) { diff --git a/main/inc/lib/fileUpload.lib.php b/main/inc/lib/fileUpload.lib.php index d6dcfad61d..974667dcb7 100755 --- a/main/inc/lib/fileUpload.lib.php +++ b/main/inc/lib/fileUpload.lib.php @@ -260,7 +260,7 @@ function handle_uploaded_document( return false; } else { // Clean up the name, only ASCII characters should stay. (and strict) - $cleanName = replace_dangerous_char($uploadedFile['name'], 'strict'); + $cleanName = api_replace_dangerous_char($uploadedFile['name'], 'strict'); // No "dangerous" files $cleanName = disable_dangerous_file($cleanName); @@ -880,7 +880,7 @@ function treat_uploaded_file($uploaded_file, $base_work_dir, $upload_path, $max_ $file_name = trim($uploaded_file['name']); // CHECK FOR NO DESIRED CHARACTERS - $file_name = replace_dangerous_char($file_name, 'strict'); + $file_name = api_replace_dangerous_char($file_name, 'strict'); // TRY TO ADD AN EXTENSION TO FILES WITOUT EXTENSION $file_name = add_ext_on_mime($file_name, $uploaded_file['type']); @@ -988,7 +988,7 @@ function unzip_uploaded_file($uploaded_file, $upload_path, $base_work_dir, $max_ $filetype = 'file'; if (is_dir($base_work_dir.$upload_path.'/'.$file)) $filetype = 'folder'; - $safe_file = replace_dangerous_char($file, 'strict'); + $safe_file = api_replace_dangerous_char($file, 'strict'); @rename($base_work_dir.$upload_path.'/'.$file,$base_work_dir.$upload_path.'/'.$safe_file); set_default_settings($upload_path, $safe_file,$filetype); } @@ -1106,7 +1106,7 @@ function clean_up_files_in_zip($p_event, &$p_header) * @param string $path * @return $path * @see disable_dangerous_file() - * @see replace_dangerous_char() + * @see api_replace_dangerous_char() */ function clean_up_path(&$path) { @@ -1116,7 +1116,7 @@ function clean_up_path(&$path) foreach ($path_array as $key => & $val) { // We don't want to lose the dots in ././folder/file (cfr. zipfile) if ($val != '.') { - $val = disable_dangerous_file(replace_dangerous_char($val)); + $val = disable_dangerous_file(api_replace_dangerous_char($val)); } } // Join the "cleaned" path (modified in-place as passed by reference) diff --git a/main/inc/lib/group_portal_manager.lib.php b/main/inc/lib/group_portal_manager.lib.php index 81c8cffd04..0514a0249f 100755 --- a/main/inc/lib/group_portal_manager.lib.php +++ b/main/inc/lib/group_portal_manager.lib.php @@ -906,7 +906,7 @@ class GroupPortalManager $filename = in_array($old_extension, $allowed_types) ? substr($old_file, 0, -strlen($old_extension)) : $old_file; $filename = (substr($filename, -1) == '.') ? $filename.$extension : $filename.'.'.$extension; } else { - $filename = replace_dangerous_char($filename); + $filename = api_replace_dangerous_char($filename); if (PREFIX_IMAGE_FILENAME_WITH_UID) { $filename = uniqid('').'_'.$filename; } diff --git a/main/inc/lib/groupmanager.lib.php b/main/inc/lib/groupmanager.lib.php index f107bf2964..c483b6f6f0 100755 --- a/main/inc/lib/groupmanager.lib.php +++ b/main/inc/lib/groupmanager.lib.php @@ -199,7 +199,7 @@ class GroupManager $sql = "UPDATE $table_group SET id = iid WHERE iid = $lastId"; Database::query($sql); - $desired_dir_name= '/'.replace_dangerous_char($name,'strict').'_groupdocs'; + $desired_dir_name= '/'.api_replace_dangerous_char($name,'strict').'_groupdocs'; $my_path = api_get_path(SYS_COURSE_PATH) . $currentCourseRepository . '/document'; $newFolderData = create_unexisting_directory( diff --git a/main/inc/lib/jpegcam/webcam_receiver.php b/main/inc/lib/jpegcam/webcam_receiver.php index d08962ab22..b6cb503b2b 100755 --- a/main/inc/lib/jpegcam/webcam_receiver.php +++ b/main/inc/lib/jpegcam/webcam_receiver.php @@ -25,13 +25,13 @@ if ($webcamuserid!= api_get_user_id() || api_get_user_id()==0 || $webcamuserid== api_not_allowed(); die(); } - + //clean $webcamname = Security::remove_XSS($webcamname); $webcamname = Database::escape_string($webcamname); $webcamname = addslashes(trim($webcamname)); -$webcamname = replace_dangerous_char($webcamname, 'strict'); +$webcamname = api_replace_dangerous_char($webcamname, 'strict'); $webcamname = disable_dangerous_file($webcamname); $webcamdir = Security::remove_XSS($webcamdir); @@ -54,8 +54,8 @@ $groupId=$_SESSION['_gid']; $webcamname_to_save=$webcamname; $title_to_save=str_replace('_',' ',$webcamname); $webcamname_noex=basename($webcamname, ".jpg"); -if (file_exists($saveDir.'/'.$webcamname_noex.'.'.$ext)){ - $i = 1; +if (file_exists($saveDir.'/'.$webcamname_noex.'.'.$ext)){ + $i = 1; while (file_exists($saveDir.'/'.$webcamname_noex.'_'.$i.'.'.$ext)) $i++; $webcamname_to_save = $webcamname_noex . '_' . $i . '.'.$ext; $title_to_save = $webcamname_noex . '_' . $i . '.'.$ext; diff --git a/main/inc/lib/nanogong/receiver.php b/main/inc/lib/nanogong/receiver.php index 43814f0a70..43be825297 100755 --- a/main/inc/lib/nanogong/receiver.php +++ b/main/inc/lib/nanogong/receiver.php @@ -42,7 +42,7 @@ $_course = api_get_course_info($course_code); $filename = trim($_GET['filename']); $filename = Security::remove_XSS($filename); $filename = Database::escape_string($filename); -$filename = replace_dangerous_char($filename, $strict = 'loose'); // or strict +$filename = api_replace_dangerous_char($filename, $strict = 'loose'); // or strict $filename = disable_dangerous_file($filename); $title = trim(str_replace('_chnano_.', '.', $filename)); //hide nanogong wav tag at title @@ -81,4 +81,4 @@ if (!file_exists($documentPath)) { ); } else { return get_lang('FileExistRename'); -} \ No newline at end of file +} diff --git a/main/inc/lib/pdf.lib.php b/main/inc/lib/pdf.lib.php index 7d2dbb462e..6850743b50 100755 --- a/main/inc/lib/pdf.lib.php +++ b/main/inc/lib/pdf.lib.php @@ -335,7 +335,7 @@ class PDF if (empty($pdf_name)) { $output_file = 'pdf_'.date('Y-m-d-his').'.pdf'; } else { - $pdf_name = replace_dangerous_char($pdf_name); + $pdf_name = api_replace_dangerous_char($pdf_name); $output_file = $pdf_name.'.pdf'; } // F to save the pdf in a file @@ -443,7 +443,7 @@ class PDF if (empty($pdf_name)) { $output_file = 'pdf_'.date('Y-m-d-his').'.pdf'; } else { - $pdf_name = replace_dangerous_char($pdf_name); + $pdf_name = api_replace_dangerous_char($pdf_name); $output_file = $pdf_name.'.pdf'; } $this->pdf->Output($output_file, $outputMode); // F to save the pdf in a file diff --git a/main/inc/lib/svg-edit/extensions/savefile_config.php b/main/inc/lib/svg-edit/extensions/savefile_config.php index 056b91b8e8..b97337c3a1 100755 --- a/main/inc/lib/svg-edit/extensions/savefile_config.php +++ b/main/inc/lib/svg-edit/extensions/savefile_config.php @@ -68,7 +68,7 @@ $saveDir=$dirBaseDocuments.$_SESSION['draw_dir']; $filename = addslashes(trim($filename)); $filename = Security::remove_XSS($filename); -$filename = replace_dangerous_char($filename, 'strict'); +$filename = api_replace_dangerous_char($filename, 'strict'); $filename = disable_dangerous_file($filename); // a bit extension diff --git a/main/inc/lib/template.lib.php b/main/inc/lib/template.lib.php index 9a3b89509e..0915458bc0 100755 --- a/main/inc/lib/template.lib.php +++ b/main/inc/lib/template.lib.php @@ -766,7 +766,7 @@ class Template if ($access_url_id != -1) { $url_info = api_get_access_url($access_url_id); $url = api_remove_trailing_slash(preg_replace('/https?:\/\//i', '', $url_info['url'])); - $clean_url = replace_dangerous_char($url); + $clean_url = api_replace_dangerous_char($url); $clean_url = str_replace('/', '-', $clean_url); $clean_url .= '/'; $homep = api_get_path(REL_PATH).'home/'.$clean_url; //homep for Home Path diff --git a/main/inc/lib/wami-recorder/record_document.php b/main/inc/lib/wami-recorder/record_document.php index b4989f257d..6ee3c88cae 100755 --- a/main/inc/lib/wami-recorder/record_document.php +++ b/main/inc/lib/wami-recorder/record_document.php @@ -29,7 +29,7 @@ if ($wamiuserid != api_get_user_id() || api_get_user_id() == 0 || $wamiuserid == // Clean $waminame = Security::remove_XSS($waminame); $waminame = Database::escape_string($waminame); -$waminame = replace_dangerous_char($waminame, 'strict'); +$waminame = api_replace_dangerous_char($waminame, 'strict'); $waminame = disable_dangerous_file($waminame); $wamidir = Security::remove_XSS($wamidir); $content = file_get_contents('php://input'); diff --git a/main/install/install.lib.php b/main/install/install.lib.php index c435d8e516..6c0470e9b9 100755 --- a/main/install/install.lib.php +++ b/main/install/install.lib.php @@ -1397,7 +1397,7 @@ function display_database_settings_form( //Database Name fix replace weird chars if ($installType != INSTALL_TYPE_UPDATE) { $dbNameForm = str_replace(array('-','*', '$', ' ', '.'), '', $dbNameForm); - $dbNameForm = replace_dangerous_char($dbNameForm); + $dbNameForm = api_replace_dangerous_char($dbNameForm); } displayDatabaseParameter( diff --git a/main/newscorm/aicc.class.php b/main/newscorm/aicc.class.php index 92bcbe3c58..fc925fbcc5 100755 --- a/main/newscorm/aicc.class.php +++ b/main/newscorm/aicc.class.php @@ -352,7 +352,7 @@ class aicc extends learnpath if ($this->debug > 0) { error_log('New LP - aicc::import_package() - Zip file path = '.$zip_file_path.', zip file name = '.$zip_file_name, 0); } $course_rel_dir = api_get_course_path().'/scorm'; // Scorm dir web path starting from /courses $course_sys_dir = api_get_path(SYS_COURSE_PATH).$course_rel_dir; // The absolute system path of this course. - $current_dir = replace_dangerous_char(trim($current_dir), 'strict'); // Current dir we are in, inside scorm/ + $current_dir = api_replace_dangerous_char(trim($current_dir), 'strict'); // Current dir we are in, inside scorm/ if ($this->debug > 0) { error_log('New LP - aicc::import_package() - Current_dir = '.$current_dir, 0); } //$uploaded_filename = $_FILES['userFile']['name']; @@ -365,7 +365,7 @@ class aicc extends learnpath $this->zipname = $file_base_name; // Save for later in case we don't have a title. if ($this->debug > 0) { error_log('New LP - aicc::import_package() - Base file name is : '.$file_base_name, 0); } - $new_dir = replace_dangerous_char(trim($file_base_name),'strict'); + $new_dir = api_replace_dangerous_char(trim($file_base_name),'strict'); $this->subdir = $new_dir; if($this->debug > 0) { error_log('New LP - aicc::import_package() - Subdir is first set to : '.$this->subdir, 0); } @@ -514,7 +514,7 @@ class aicc extends learnpath if (is_dir($course_sys_dir.$new_dir.$file)) $filetype = 'folder'; // TODO: RENAMING FILES CAN BE VERY DANGEROUS AICC-WISE, avoid that as much as possible! - //$safe_file = replace_dangerous_char($file, 'strict'); + //$safe_file = api_replace_dangerous_char($file, 'strict'); $find_str = array('\\', '.php', '.phtml'); $repl_str = array('/', '.txt', '.txt'); $safe_file = str_replace($find_str, $repl_str, $file); diff --git a/main/newscorm/learnpath.class.php b/main/newscorm/learnpath.class.php index 4f0a95c11f..fcdae7c60b 100755 --- a/main/newscorm/learnpath.class.php +++ b/main/newscorm/learnpath.class.php @@ -5943,7 +5943,7 @@ class learnpath // Creating LP folder if ($folder) { //Limits title size - $title = api_substr(replace_dangerous_char($lp_name), 0 , 80); + $title = api_substr(api_replace_dangerous_char($lp_name), 0 , 80); $dir = $dir.$title; $filepath = api_get_path(SYS_COURSE_PATH) . $course['path'] . '/document'; if (!is_dir($filepath.'/'.$dir)) { @@ -6009,9 +6009,9 @@ class learnpath $dir = '/'; } - // stripslashes() before calling replace_dangerous_char() because $_POST['title'] + // stripslashes() before calling api_replace_dangerous_char() because $_POST['title'] // is already escaped twice when it gets here. - $title = replace_dangerous_char(stripslashes($_POST['title'])); + $title = api_replace_dangerous_char(stripslashes($_POST['title'])); $title = disable_dangerous_file($title); $filename = $title; @@ -9673,7 +9673,7 @@ EOD; $res = unlink($file); if ($res === false) { error_log('Could not delete temp file '.$file.' '.__FILE__.' '.__LINE__, 0); } } - $name = replace_dangerous_char($this->get_name()).'.zip'; + $name = api_replace_dangerous_char($this->get_name()).'.zip'; DocumentManager::file_send_for_download($temp_zip_file, true, $name); } diff --git a/main/newscorm/lp_admin_view.php b/main/newscorm/lp_admin_view.php index 1b77856a8f..eccceaff06 100755 --- a/main/newscorm/lp_admin_view.php +++ b/main/newscorm/lp_admin_view.php @@ -119,7 +119,7 @@ if (isset($_POST['save_audio'])) { // Add extension to files without one (if possible). $file_name = add_ext_on_mime($file_name, $_FILES[$key]['type']); - $clean_name = replace_dangerous_char($file_name); + $clean_name = api_replace_dangerous_char($file_name); // No "dangerous" files. $clean_name = disable_dangerous_file($clean_name); diff --git a/main/newscorm/lp_list.php b/main/newscorm/lp_list.php index 665d9509ce..0f96ee7b10 100755 --- a/main/newscorm/lp_list.php +++ b/main/newscorm/lp_list.php @@ -9,7 +9,7 @@ * @package chamilo.learnpath * @author Yannick Warnier */ -use \ChamiloSession as Session; +use ChamiloSession as Session; $this_section = SECTION_COURSES; //@todo who turns on $lp_controller_touched? @@ -378,7 +378,7 @@ if (!empty($flat_list)) { } elseif ($details['lp_type'] == 2) { $dsp_disk = Display::url( Display::return_icon('cd.gif', get_lang('Export'), array(), ICON_SIZE_SMALL), - api_get_self()."?".api_get_cidreq()."&action=export&lp_id=$id&export_name=".replace_dangerous_char($name, 'strict').".zip" + api_get_self()."?".api_get_cidreq()."&action=export&lp_id=$id&export_name=".api_replace_dangerous_char($name, 'strict').".zip" ); } else { $dsp_disk = Display::return_icon('cd_gray.gif', get_lang('Export'), array(), ICON_SIZE_SMALL); diff --git a/main/newscorm/lp_upload.php b/main/newscorm/lp_upload.php index 064ab5a170..71908fe81b 100755 --- a/main/newscorm/lp_upload.php +++ b/main/newscorm/lp_upload.php @@ -14,7 +14,7 @@ $course_sys_dir = api_get_path(SYS_COURSE_PATH).$course_dir; if (empty($_POST['current_dir'])) { $current_dir = ''; } else { - $current_dir = replace_dangerous_char(trim($_POST['current_dir']), 'strict'); + $current_dir = api_replace_dangerous_char(trim($_POST['current_dir']), 'strict'); } $uncompress = 1; @@ -43,7 +43,7 @@ if (isset($_POST) && $is_error) { $extension = $info['extension']; $file_base_name = str_replace('.'.$extension, '', $filename); - $new_dir = replace_dangerous_char(trim($file_base_name), 'strict'); + $new_dir = api_replace_dangerous_char(trim($file_base_name), 'strict'); $type = learnpath::get_package_type($_FILES['user_file']['tmp_name'], $_FILES['user_file']['name']); $proximity = 'local'; @@ -116,7 +116,7 @@ if (isset($_POST) && $is_error) { $filename = $info['basename']; $extension = $info['extension']; $file_base_name = str_replace('.'.$extension, '', $filename); - $new_dir = replace_dangerous_char(trim($file_base_name), 'strict'); + $new_dir = api_replace_dangerous_char(trim($file_base_name), 'strict'); $result = learnpath::verify_document_size($s); if ($result == true) { diff --git a/main/newscorm/openoffice_document.class.php b/main/newscorm/openoffice_document.class.php index 8ff3026f0b..fd1fb2abb1 100755 --- a/main/newscorm/openoffice_document.class.php +++ b/main/newscorm/openoffice_document.class.php @@ -53,7 +53,7 @@ abstract class OpenofficeDocument extends learnpath $this->base_work_dir = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document'; ///learning_path/ppt_dirname directory $this->created_dir = substr($result['dir'], 0, strlen($result['dir']) -1); - $this->file_path = $this->created_dir.'/'.replace_dangerous_char($file['name'], 'strict'); + $this->file_path = $this->created_dir.'/'.api_replace_dangerous_char($file['name'], 'strict'); //var_dump($this->file_name, $this->file_path, $this->base_work_dir, $this->created_dir); @@ -62,7 +62,7 @@ abstract class OpenofficeDocument extends learnpath global $_course, $_user, $_configuration; $this->file_name = (strrpos($file['name'], '.') > 0 ? substr($file['name'], 0, strrpos($file['name'], '.')) : $file['name']); - $this->file_name = replace_dangerous_char($this->file_name, 'strict'); + $this->file_name = api_replace_dangerous_char($this->file_name, 'strict'); $this->file_name = strtolower($this->file_name); $visio_dir = ($action_after_conversion == 'add_docs_to_visio') ? VIDEOCONF_UPLOAD_PATH : ''; diff --git a/main/newscorm/scorm.class.php b/main/newscorm/scorm.class.php index 6c7af825cc..4b25a0cf6d 100755 --- a/main/newscorm/scorm.class.php +++ b/main/newscorm/scorm.class.php @@ -520,7 +520,7 @@ class scorm extends learnpath } $course_rel_dir = api_get_course_path().'/scorm'; // scorm dir web path starting from /courses $course_sys_dir = api_get_path(SYS_COURSE_PATH).$course_rel_dir; // Absolute system path for this course. - $current_dir = replace_dangerous_char(trim($current_dir),'strict'); // Current dir we are in, inside scorm/ + $current_dir = api_replace_dangerous_char(trim($current_dir),'strict'); // Current dir we are in, inside scorm/ if ($this->debug > 1) { error_log( 'New LP - import_package() - current_dir = ' . $current_dir, 0); @@ -535,7 +535,7 @@ class scorm extends learnpath $this->zipname = $file_base_name; // Save for later in case we don't have a title. if ($this->debug > 1) { error_log("New LP - base file name is : ".$file_base_name, 0); } - $new_dir = replace_dangerous_char(trim($file_base_name),'strict'); + $new_dir = api_replace_dangerous_char(trim($file_base_name),'strict'); $this->subdir = $new_dir; if ($this->debug > 1) { error_log("New LP - subdir is first set to : ".$this->subdir, 0); } @@ -649,7 +649,7 @@ class scorm extends learnpath } // TODO: RENAMING FILES CAN BE VERY DANGEROUS SCORM-WISE, avoid that as much as possible! - //$safe_file = replace_dangerous_char($file, 'strict'); + //$safe_file = api_replace_dangerous_char($file, 'strict'); $find_str = array('\\', '.php', '.phtml'); $repl_str = array('/', '.txt', '.txt'); $safe_file = str_replace($find_str, $repl_str, $file); diff --git a/main/tracking/courseLogCSV.php b/main/tracking/courseLogCSV.php index a1a4c581b4..382b302973 100755 --- a/main/tracking/courseLogCSV.php +++ b/main/tracking/courseLogCSV.php @@ -397,7 +397,7 @@ if ($is_allowedToTrack) { //header('Content-Type: application/force-download'); header('Content-length: ' . $len); $filename = api_html_entity_decode(str_replace(":", "", str_replace(" ", "_", $title[0] . '_' . $title[1] . '.csv'))); - $filename = replace_dangerous_char($filename); + $filename = api_replace_dangerous_char($filename); if (preg_match("/MSIE 5.5/", $_SERVER['HTTP_USER_AGENT'])) { header('Content-Disposition: filename= ' . $filename); } else { diff --git a/main/tracking/userlogCSV.php b/main/tracking/userlogCSV.php index 5c198b9cae..b5ee516bf1 100755 --- a/main/tracking/userlogCSV.php +++ b/main/tracking/userlogCSV.php @@ -321,7 +321,7 @@ if (($is_allowedToTrack || $is_allowedToTrackEverybodyInCourse)) { str_replace(" ", "_", $title[0] . '_' . $title[1] . '.csv') ) ); - $filename = replace_dangerous_char($filename); + $filename = api_replace_dangerous_char($filename); if (preg_match("/MSIE 5.5/", $_SERVER['HTTP_USER_AGENT'])) { header('Content-Disposition: filename= ' . $filename); } else { diff --git a/main/upload/upload.document.php b/main/upload/upload.document.php index fd7d7d78f2..afd7b3b857 100755 --- a/main/upload/upload.document.php +++ b/main/upload/upload.document.php @@ -128,7 +128,7 @@ if (isset($_POST['submit_image'])) { //they want to create a directory if (isset($_POST['create_dir']) && $_POST['dirname']!='') { $added_slash = ($path=='/')?'':'/'; - $dir_name = $path.$added_slash.replace_dangerous_char($_POST['dirname']); + $dir_name = $path.$added_slash.api_replace_dangerous_char($_POST['dirname']); $created_dir = create_unexisting_directory($_course,$_user['user_id'],api_get_session_id(), $to_group_id,$to_user_id,$base_work_dir,$dir_name,$_POST['dirname']); if ($created_dir) { Display::display_normal_message(get_lang('DirCr')); diff --git a/main/wiki/wiki.inc.php b/main/wiki/wiki.inc.php index 4e8e9028fc..7eaca87bba 100755 --- a/main/wiki/wiki.inc.php +++ b/main/wiki/wiki.inc.php @@ -1747,7 +1747,7 @@ class Wiki } $exportDir = api_get_path(SYS_COURSE_PATH).api_get_course_path(). '/document'.$groupPath; - $exportFile = replace_dangerous_char($wikiTitle, 'strict') . $groupPart; + $exportFile = api_replace_dangerous_char($wikiTitle, 'strict') . $groupPart; //$clean_wikiContents = trim(preg_replace("/\[\[|\]\]/", " ", $wikiContents)); //$array_clean_wikiContents= explode('|', $clean_wikiContents); diff --git a/main/work/downloadfolder.inc.php b/main/work/downloadfolder.inc.php index 0f0dd25915..dc832f9612 100755 --- a/main/work/downloadfolder.inc.php +++ b/main/work/downloadfolder.inc.php @@ -178,7 +178,7 @@ while ($not_deleted_file = Database::fetch_assoc($query)) { } if (!empty($files)) { - $fileName = replace_dangerous_char($work_data['title']); + $fileName = api_replace_dangerous_char($work_data['title']); // Logging Event::event_download($fileName .'.zip (folder)'); diff --git a/main/work/work.lib.php b/main/work/work.lib.php index d5a3fc4acf..63e20b19ac 100755 --- a/main/work/work.lib.php +++ b/main/work/work.lib.php @@ -1255,7 +1255,7 @@ function updateDirName($work_data, $newPath) $path = $work_data['url']; $originalNewPath = Database::escape_string($newPath); $newPath = Database::escape_string($newPath); - $newPath = replace_dangerous_char($newPath); + $newPath = api_replace_dangerous_char($newPath); $newPath = disable_dangerous_file($newPath); if ($oldPath == '/'.$newPath) { @@ -3558,7 +3558,7 @@ function addWorkComment($courseInfo, $userId, $parentWork, $work, $data) if (!empty($workParent)) { $uploadDir = api_get_path(SYS_COURSE_PATH).$courseInfo['path'].'/work'.$workParent['url']; $newFileName = 'comment_'.$commentId.'_'.php2phps( - replace_dangerous_char($fileData['name'], 'strict') + api_replace_dangerous_char($fileData['name'], 'strict') ); $newFilePath = $uploadDir.'/'.$newFileName; $result = move_uploaded_file($fileData['tmp_name'], $newFilePath); @@ -3706,7 +3706,7 @@ function uploadWork($my_folder_data, $_course) $filename = add_ext_on_mime(stripslashes($_FILES['file']['name']), $_FILES['file']['type']); // Replace dangerous characters - $filename = replace_dangerous_char($filename, 'strict'); + $filename = api_replace_dangerous_char($filename, 'strict'); // Transform any .php file in .phps fo security $filename = php2phps($filename); @@ -3980,7 +3980,7 @@ function addDir($params, $user_id, $courseInfo, $group_id, $session_id) $base_work_dir = api_get_path(SYS_COURSE_PATH).$courseInfo['path'].'/work'; $course_id = $courseInfo['real_id']; - $directory = replace_dangerous_char($params['new_dir']); + $directory = api_replace_dangerous_char($params['new_dir']); $directory = disable_dangerous_file($directory); $created_dir = create_unexisting_work_directory($base_work_dir, $directory); @@ -4924,7 +4924,7 @@ function exportAllWork($userId, $courseInfo, $format = 'pdf') $pdf->content_to_pdf( $content, null, - replace_dangerous_char($userInfo['complete_name']), + api_replace_dangerous_char($userInfo['complete_name']), $courseInfo['code'] ); } @@ -5059,7 +5059,7 @@ function exportAllStudentWorkFromPublication( if (!empty($content)) { $params = array( 'filename' => $workData['title'] . '_' . api_get_local_time(), - 'pdf_title' => replace_dangerous_char($workData['title']), + 'pdf_title' => api_replace_dangerous_char($workData['title']), 'course_code' => $courseInfo['code'], 'add_signatures' => false ); @@ -5126,7 +5126,7 @@ function downloadAllFilesPerUser($userId, $courseInfo) } // Start download of created file - $name = basename(replace_dangerous_char($userInfo['complete_name'])).'.zip'; + $name = basename(api_replace_dangerous_char($userInfo['complete_name'])).'.zip'; Event::event_download($name.'.zip (folder)'); if (Security::check_abs_path($tempZipFile, api_get_path(SYS_ARCHIVE_PATH))) { DocumentManager::file_send_for_download($tempZipFile, true, $name); diff --git a/plugin/buycourses/src/inscription.php b/plugin/buycourses/src/inscription.php index 503b66458c..af11a8aefd 100644 --- a/plugin/buycourses/src/inscription.php +++ b/plugin/buycourses/src/inscription.php @@ -176,7 +176,7 @@ if (api_is_multiple_url_enabled()) { if ($access_url_id != -1) { $url_info = api_get_access_url($access_url_id); $url = api_remove_trailing_slash(preg_replace('/https?:\/\//i', '', $url_info['url'])); - $clean_url = replace_dangerous_char($url); + $clean_url = api_replace_dangerous_char($url); $clean_url = str_replace('/', '-', $clean_url); $clean_url .= '/'; $home_old = api_get_path(SYS_PATH) . 'home/'; diff --git a/tests/main/inc/lib/events.lib.inc.test.php b/tests/main/inc/lib/events.lib.inc.test.php index 104b3310ca..e789b27fc4 100755 --- a/tests/main/inc/lib/events.lib.inc.test.php +++ b/tests/main/inc/lib/events.lib.inc.test.php @@ -74,7 +74,7 @@ class TestEvents extends UnitTestCase { global $_configuration; global $_user; global $TABLETRACK_LOGIN; - $res=Event::event_login(); + $res=Event::event_login(1); $this->assertNull($res); //var_dump($res); } diff --git a/tests/main/inc/lib/internationalization.lib.test.php b/tests/main/inc/lib/internationalization.lib.test.php index 8f14c439e8..1bdbf1e1a3 100755 --- a/tests/main/inc/lib/internationalization.lib.test.php +++ b/tests/main/inc/lib/internationalization.lib.test.php @@ -198,22 +198,6 @@ class TestInternationalization extends UnitTestCase { //var_dump($res); } - public function test_api_file_system_encode() { - $string = 'áéíóú@/\!?Ç´`+*?-_'; // UTF-8 - $from_encoding = 'UTF-8'; - $res = api_file_system_encode($string, $from_encoding); - $this->assertTrue(is_string($res)); - //var_dump($res); - } - - public function test_api_file_system_decode() { - $string='áéíóú@/\!?Ç´`+*?-_'; // UTF-8 - $to_encoding = 'UTF-8'; - $res = api_file_system_decode($string, $to_encoding); - $this->assertTrue(is_string($res)); - //var_dump($res); - } - public function test_api_transliterate() { $string = 'Фёдор Михайлович Достоевкий'; // UTF-8 /* @@ -489,16 +473,6 @@ class TestInternationalization extends UnitTestCase { //var_dump($res); } - public function test_api_preg_replace_callback() { - $pattern = '/иван/i'; // UTF-8 - $subject = '-- Ivan (en) -- Иван (bg) -- иван --'; // UTF-8 - $limit = -1; - $count = null; - $encoding = 'UTF-8'; - $res = api_preg_replace_callback($pattern, create_function('$matches', 'return api_ucfirst($matches[0], \'UTF-8\');'), $subject, $limit, $count, $encoding); - $this->assertTrue($res == '-- Ivan (en) -- Иван (bg) -- Иван --'); // UTF-8 - //var_dump($res); - } public function test_api_preg_split() { $pattern = '/иван/i'; // UTF-8 @@ -560,22 +534,11 @@ class TestInternationalization extends UnitTestCase { //var_dump($res); } - public function test_api_split() { - $pattern = '[/.-]'; - $string = '08/22/2009'; - $limit = null; - $res = api_split($pattern, $string, $limit); - $this->assertTrue(is_array($res)); - $this->assertTrue(count($res) == 3); - //var_dump($res); - } - - -/** - * ---------------------------------------------------------------------------- - * String comparison - * ---------------------------------------------------------------------------- - */ + /** + * ---------------------------------------------------------------------------- + * String comparison + * ---------------------------------------------------------------------------- + */ public function test_api_strcasecmp() { $string1 = 'áéíóu'; // UTF-8 @@ -764,18 +727,6 @@ class TestInternationalization extends UnitTestCase { //var_dump($res); } - public function test_api_knatcasersort() { - $array = array('img2.png' => 'aíó', 'img10.png' => 'úéo', 'IMG12.PNG' => 'áed', 'IMG1.PNG' => 'áedc'); // UTF-8 - $language = 'english'; - $encoding = 'UTF-8'; - $res = api_knatcasersort($array, $language, $encoding); - $keys = array_keys($array); - $this->assertTrue(is_bool($res)); - $this->assertTrue($array[$keys[0]] == 'áed'); - //var_dump($array); - //var_dump($res); - } - public function test_api_sort() { $array = array('úéo', 'aíó', 'áed', 'áedc'); // UTF-8 $sort_flag = SORT_REGULAR; @@ -1285,37 +1236,6 @@ class TestInternationalization extends UnitTestCase { //var_dump($res); } - public function test_api_is_latin1_compatible() { - $language = 'portuguese'; - $res = api_is_latin1_compatible($language); - $this->assertTrue(is_bool($res)); - $this->assertTrue($res); - //var_dump($res); - } - - /* - // This test works. It has been disabled, because it is time-consuming. - public function test_api_detect_language() { - $encoding = 'UTF-8'; - $strings = $this->language_strings; - $is_test_ok = true; - foreach ($strings as $language => $string) { - if (api_is_language_supported($language)) { - $res = api_detect_language($string, $encoding); - $non_utf8_encoding = api_get_non_utf8_encoding($res); - if (!empty($non_utf8_encoding)) { - $is_ok = ($res == $language) || (api_is_encoding_supported($non_utf8_encoding) ? $string == api_utf8_encode(api_utf8_decode($string, $non_utf8_encoding), $non_utf8_encoding) : true); - } else { - $is_ok = true; - } - $is_test_ok = $is_test_ok && $is_ok; - echo ($is_ok ? 'Ok' : 'Failed').' '.$language.': '.$string.' => '.$res.'
'; - } - } - echo '
'; - $this->assertTrue($is_test_ok); - } - */ /* // This test works. It has been disabled, because it is time-consuming. diff --git a/tests/main/inc/lib/main_api.lib.test.php b/tests/main/inc/lib/main_api.lib.test.php index 1ea64a1aea..0ea27c90cf 100755 --- a/tests/main/inc/lib/main_api.lib.test.php +++ b/tests/main/inc/lib/main_api.lib.test.php @@ -1,6 +1,6 @@ |\'', /*Keep C1 controls for UTF-8 streams **/ '-----_---_'), 0, 250)); - $res = replace_dangerous_char($filename, $strict = 'loose'); + $res = api_replace_dangerous_char($filename, $strict = 'loose'); $this->assertEqual($res,$filename, $message = 'no se pudo'); }