Fix upload files in forum - refs BT#9892 #TMI

main/forum/forumfunction.inc.php

@@ -4316,11 +4316,18 @@ function add_forum_attachment_file($file_comment, $last_id)
             $last_id = intval($last_id);
             // Storing the attachments if any.
             if ($result) {
-                $sql = "INSERT INTO $agenda_forum_attachment (c_id, filename, comment, path, post_id, size)
-                        VALUES (".api_get_course_int_id().", '$safe_file_name', '$safe_file_comment', '$safe_new_file_name' , '$last_id', '".intval($_FILES['user_upload']['size'])."' )";
-                Database::query($sql);
+                $last_id_file = Database::insert(
+                    $agenda_forum_attachment,
+                    [
+                        'c_id' => api_get_course_int_id(),
+                        'filename' => $safe_file_name,
+                        'comment' => $safe_file_comment,
+                        'path' => $safe_new_file_name,
+                        'post_id' => $last_id,
+                        'size' => intval($_FILES['user_upload']['size'])
+                    ]
+                );
 
-                $last_id_file = Database::insert_id();
                 api_item_property_update(
                     $_course,
                     TOOL_FORUM_ATTACH,
@@ -4400,7 +4407,7 @@ function get_attachment($post_id)
     $course_id = api_get_course_int_id();
     $row = array();
     $post_id = intval($post_id);
-    $sql = "SELECT id, path, filename,comment FROM $forum_table_attachment
+    $sql = "SELECT iid, path, filename,comment FROM $forum_table_attachment
             WHERE c_id = $course_id AND post_id = $post_id";
     $result = Database::query($sql);
     if (Database::num_rows($result) != 0) {
@@ -4415,7 +4422,7 @@ function getAllAttachment($postId)
     $forumAttachmentTable = Database :: get_course_table(TABLE_FORUM_ATTACHMENT);
     $courseId = api_get_course_int_id();
     $postId = intval($postId);
-    $columns = array('id', 'path', 'filename', 'comment');
+    $columns = array('iid', 'path', 'filename', 'comment');
     $conditions = array(
         'where' => array(
             'c_id = ? AND post_id = ?' => array($courseId, $postId)
@@ -4448,7 +4455,7 @@ function delete_attachment($post_id, $id_attach = 0, $display = true)
     $forum_table_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
     $course_id = api_get_course_int_id();
 
-    $cond = (!empty($id_attach)) ? " id = ".(int) $id_attach."" : " post_id = ".(int) $post_id."";
+    $cond = (!empty($id_attach)) ? " iid = ".(int) $id_attach."" : " post_id = ".(int) $post_id."";
     $sql = "SELECT path FROM $forum_table_attachment WHERE c_id = $course_id AND $cond";
     $res = Database::query($sql);
     $row = Database::fetch_array($res);
@@ -5339,14 +5346,14 @@ function getAttachedFiles($forumId, $threadId, $postId = null, $attachId = null,
 
         return array();
     } elseif (empty($postId)) {
-        $filter = "AND id = $attachId";
+        $filter = "AND iid = $attachId";
     } elseif (empty($attachId)) {
         $filter = "AND post_id = $postId";
     } else {
-        $filter = "AND post_id = $postId AND id = $attachId";
+        $filter = "AND post_id = $postId AND iid = $attachId";
     }
     $forumAttachmentTable = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
-    $sql = "SELECT id, comment, filename, path, size
+    $sql = "SELECT iid, comment, filename, path, size
             FROM $forumAttachmentTable
             WHERE c_id = $courseId $filter";
     $result = Database::query($sql);
@@ -5359,7 +5366,7 @@ function getAttachedFiles($forumId, $threadId, $postId = null, $attachId = null,
                 api_get_path(WEB_CODE_PATH) . 'forum/download.php?file='.$row['path'].'&'.api_get_cidreq(),
                 array('target'=>'_blank', 'class' => 'attachFilename')
             );
-            $json['id'] = $row['id'];
+            $json['id'] = $row['iid'];
             $json['comment'] = $row['comment'];
             // Format file size
             $json['size'] = format_file_size($row['size']);
@@ -5367,7 +5374,7 @@ function getAttachedFiles($forumId, $threadId, $postId = null, $attachId = null,
             if (!empty($row) && is_array($row)) {
                 // Set result as success and bring delete URL
                 $json['result'] = Display::return_icon('accept.png', get_lang('Uploaded'));
-                $url = api_get_path(WEB_CODE_PATH) . 'forum/viewthread.php?' . api_get_cidreq() . '&action=delete_attach&forum=' . $forumId . '&thread=' . $threadId.'&id_attach=' . $row['id'];
+                $url = api_get_path(WEB_CODE_PATH) . 'forum/viewthread.php?' . api_get_cidreq() . '&action=delete_attach&forum=' . $forumId . '&thread=' . $threadId.'&id_attach=' . $row['iid'];
                 $json['delete'] = Display::url(
                     Display::return_icon('delete.png',get_lang('Delete'), array(), ICON_SIZE_SMALL),
                     $url,

main/forum/viewthread_flat.inc.php

@@ -291,13 +291,13 @@ if (isset($current_thread['thread_id'])) {
                     $realname = $attachment['path'];
                     $user_filename = $attachment['filename'];
 
-                    echo Display::return_icon('attachment.gif', get_lang('Attachment'));
-                    echo '<a href="download.php?file=' . $realname . '"> ' . $user_filename . ' </a>';
+                    $html .= Display::return_icon('attachment.gif', get_lang('Attachment'));
+                    $html .= '<a href="download.php?file=' . $realname . '"> ' . $user_filename . ' </a>';
 
                     if (($current_forum['allow_edit'] == 1 && $row['user_id'] == $_user['user_id']) ||
                         (api_is_allowed_to_edit(false, true) && !(api_is_course_coach() && $current_forum['session_id'] != $sessionId))
                     ) {
-                        echo '&nbsp;&nbsp;<a href="' . api_get_self() . '?' . api_get_cidreq() . '&amp;origin='
+                        $html .= '&nbsp;&nbsp;<a href="' . api_get_self() . '?' . api_get_cidreq() . '&amp;origin='
                             . Security::remove_XSS($_GET['origin']) . '&amp;action=delete_attach&amp;id_attach='
                             . $attachment['id'] . '&amp;forum=' . $clean_forum_id . '&amp;thread=' . $clean_thread_id
                             . '" onclick="javascript:if(!confirm(\''
@@ -306,7 +306,7 @@ if (isset($current_thread['thread_id'])) {
                             . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL)
                             . '</a><br />';
                     }
-                    echo '<span class="forum_attach_comment" >' . $attachment['comment'] . '</span>';
+                    $html .= '<span class="forum_attach_comment" >' . $attachment['comment'] . '</span>';
                 }
             }
 

main/forum/viewthread_nested.inc.php

@@ -83,7 +83,7 @@ foreach ($rows as $post) {
 
     // get attach id
     $attachment_list = get_attachment($post['post_id']);
-    $id_attach = !empty($attachment_list) ? $attachment_list['id'] : '';
+    $id_attach = !empty($attachment_list) ? $attachment_list['iid'] : '';
 
     $iconEdit = '';
     // The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum
@@ -266,20 +266,19 @@ foreach ($rows as $post) {
     $attachment_list = getAllAttachment($post['post_id']);
     if (!empty($attachment_list) && is_array($attachment_list)) {
         foreach ($attachment_list as $attachment) {
-            echo '<tr><td height="50%">';
             $realname = $attachment['path'];
             $user_filename = $attachment['filename'];
-            echo Display::return_icon('attachment.gif', get_lang('Attachment'));
-            echo '<a href="download.php?file=';
-            echo $realname;
-            echo ' "> ' . $user_filename . ' </a>';
-            echo '<span class="forum_attach_comment" >' . $attachment['comment'] . '</span>';
+            $html .= Display::return_icon('attachment.gif', get_lang('Attachment'));
+            $html .= '<a href="download.php?file=';
+            $html .= $realname;
+            $html .= ' "> ' . $user_filename . ' </a>';
+            $html .= '<span class="forum_attach_comment" >' . $attachment['comment'] . '</span>';
             if (($current_forum['allow_edit'] == 1 && $post['user_id'] == $userId) ||
                 (api_is_allowed_to_edit(false, true) && !(api_is_course_coach() && $current_forum['session_id'] != $sessionId))
             ) {
-                echo '&nbsp;&nbsp;<a href="' . api_get_self() . '?' . api_get_cidreq() . '&origin='
+                $html .= '&nbsp;&nbsp;<a href="' . api_get_self() . '?' . api_get_cidreq() . '&origin='
                     . Security::remove_XSS($_GET['origin']) . '&action=delete_attach&id_attach='
-                    . $attachment['id'] . '&forum=' . $clean_forum_id . '&thread=' . $clean_thread_id
+                    . $attachment['iid'] . '&forum=' . $clean_forum_id . '&thread=' . $clean_thread_id
                     . '" onclick="javascript:if(!confirm(\''
                     . addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)) . '\')) return false;">'
                     . Display::return_icon('delete.gif', get_lang('Delete')) . '</a><br />';

main/inc/ajax/forum.ajax.php

@@ -25,6 +25,7 @@ $action = isset($_REQUEST['a']) ? $_REQUEST['a'] : null;
 
 $current_forum = get_forum_information($_REQUEST['forum']);
 $current_forum_category = get_forumcategory_information($current_forum['forum_category']);
+$current_thread = get_thread_information($_REQUEST['thread']);
 
 // Check if exist action
 if (!empty($action)) {