chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix upload files in forum - refs BT#9892 #TMI

Browse Source
1.10.x
Angel Fernando Quiroz Campos 10 years ago
parent e48cacfaa4
commit dfe3ad93a0
4 changed files with 32 additions and 25 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 31
      main/forum/forumfunction.inc.php
  2. 8
      main/forum/viewthread_flat.inc.php
  3. 17
      main/forum/viewthread_nested.inc.php
  4. 1
      main/inc/ajax/forum.ajax.php

31
main/forum/forumfunction.inc.php
Unescape View File

@ -4316,11 +4316,18 @@ function add_forum_attachment_file($file_comment, $last_id)
$last_id = intval($last_id); $last_id = intval($last_id);
// Storing the attachments if any. // Storing the attachments if any.
if ($result) { if ($result) {
$sql = "INSERT INTO $agenda_forum_attachment (c_id, filename, comment, path, post_id, size) $last_id_file = Database::insert(
VALUES (".api_get_course_int_id().", '$safe_file_name', '$safe_file_comment', '$safe_new_file_name' , '$last_id', '".intval($_FILES['user_upload']['size'])."' )"; $agenda_forum_attachment,
Database::query($sql); [
'c_id' => api_get_course_int_id(),
'filename' => $safe_file_name,
'comment' => $safe_file_comment,
'path' => $safe_new_file_name,
'post_id' => $last_id,
'size' => intval($_FILES['user_upload']['size'])
]
);
$last_id_file = Database::insert_id();
api_item_property_update( api_item_property_update(
$_course, $_course,
TOOL_FORUM_ATTACH, TOOL_FORUM_ATTACH,
@ -4400,7 +4407,7 @@ function get_attachment($post_id)
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$row = array(); $row = array();
$post_id = intval($post_id); $post_id = intval($post_id);
$sql = "SELECT id, path, filename,comment FROM $forum_table_attachment $sql = "SELECT iid, path, filename,comment FROM $forum_table_attachment
WHERE c_id = $course_id AND post_id = $post_id"; WHERE c_id = $course_id AND post_id = $post_id";
$result = Database::query($sql); $result = Database::query($sql);
if (Database::num_rows($result) != 0) { if (Database::num_rows($result) != 0) {
@ -4415,7 +4422,7 @@ function getAllAttachment($postId)
$forumAttachmentTable = Database :: get_course_table(TABLE_FORUM_ATTACHMENT); $forumAttachmentTable = Database :: get_course_table(TABLE_FORUM_ATTACHMENT);
$courseId = api_get_course_int_id(); $courseId = api_get_course_int_id();
$postId = intval($postId); $postId = intval($postId);
$columns = array('id', 'path', 'filename', 'comment'); $columns = array('iid', 'path', 'filename', 'comment');
$conditions = array( $conditions = array(
'where' => array( 'where' => array(
'c_id = ? AND post_id = ?' => array($courseId, $postId) 'c_id = ? AND post_id = ?' => array($courseId, $postId)
@ -4448,7 +4455,7 @@ function delete_attachment($post_id, $id_attach = 0, $display = true)
$forum_table_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT); $forum_table_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$cond = (!empty($id_attach)) ? " id = ".(int) $id_attach."" : " post_id = ".(int) $post_id.""; $cond = (!empty($id_attach)) ? " iid = ".(int) $id_attach."" : " post_id = ".(int) $post_id."";
$sql = "SELECT path FROM $forum_table_attachment WHERE c_id = $course_id AND $cond"; $sql = "SELECT path FROM $forum_table_attachment WHERE c_id = $course_id AND $cond";
$res = Database::query($sql); $res = Database::query($sql);
$row = Database::fetch_array($res); $row = Database::fetch_array($res);
@ -5339,14 +5346,14 @@ function getAttachedFiles($forumId, $threadId, $postId = null, $attachId = null,
return array(); return array();
} elseif (empty($postId)) { } elseif (empty($postId)) {
$filter = "AND id = $attachId"; $filter = "AND iid = $attachId";
} elseif (empty($attachId)) { } elseif (empty($attachId)) {
$filter = "AND post_id = $postId"; $filter = "AND post_id = $postId";
} else { } else {
$filter = "AND post_id = $postId AND id = $attachId"; $filter = "AND post_id = $postId AND iid = $attachId";
} }
$forumAttachmentTable = Database::get_course_table(TABLE_FORUM_ATTACHMENT); $forumAttachmentTable = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
$sql = "SELECT id, comment, filename, path, size $sql = "SELECT iid, comment, filename, path, size
FROM $forumAttachmentTable FROM $forumAttachmentTable
WHERE c_id = $courseId $filter"; WHERE c_id = $courseId $filter";
$result = Database::query($sql); $result = Database::query($sql);
@ -5359,7 +5366,7 @@ function getAttachedFiles($forumId, $threadId, $postId = null, $attachId = null,
api_get_path(WEB_CODE_PATH) . 'forum/download.php?file='.$row['path'].'&'.api_get_cidreq(), api_get_path(WEB_CODE_PATH) . 'forum/download.php?file='.$row['path'].'&'.api_get_cidreq(),
array('target'=>'_blank', 'class' => 'attachFilename') array('target'=>'_blank', 'class' => 'attachFilename')
); );
$json['id'] = $row['id']; $json['id'] = $row['iid'];
$json['comment'] = $row['comment']; $json['comment'] = $row['comment'];
// Format file size // Format file size
$json['size'] = format_file_size($row['size']); $json['size'] = format_file_size($row['size']);
@ -5367,7 +5374,7 @@ function getAttachedFiles($forumId, $threadId, $postId = null, $attachId = null,
if (!empty($row) && is_array($row)) { if (!empty($row) && is_array($row)) {
// Set result as success and bring delete URL // Set result as success and bring delete URL
$json['result'] = Display::return_icon('accept.png', get_lang('Uploaded')); $json['result'] = Display::return_icon('accept.png', get_lang('Uploaded'));
$url = api_get_path(WEB_CODE_PATH) . 'forum/viewthread.php?' . api_get_cidreq() . '&action=delete_attach&forum=' . $forumId . '&thread=' . $threadId.'&id_attach=' . $row['id']; $url = api_get_path(WEB_CODE_PATH) . 'forum/viewthread.php?' . api_get_cidreq() . '&action=delete_attach&forum=' . $forumId . '&thread=' . $threadId.'&id_attach=' . $row['iid'];
$json['delete'] = Display::url( $json['delete'] = Display::url(
Display::return_icon('delete.png',get_lang('Delete'), array(), ICON_SIZE_SMALL), Display::return_icon('delete.png',get_lang('Delete'), array(), ICON_SIZE_SMALL),
$url, $url,

8
main/forum/viewthread_flat.inc.php
Unescape View File

@ -291,13 +291,13 @@ if (isset($current_thread['thread_id'])) {
$realname = $attachment['path']; $realname = $attachment['path'];
$user_filename = $attachment['filename']; $user_filename = $attachment['filename'];
echo Display::return_icon('attachment.gif', get_lang('Attachment')); $html .= Display::return_icon('attachment.gif', get_lang('Attachment'));
echo '<a href="download.php?file=' . $realname . '"> ' . $user_filename . ' </a>'; $html .= '<a href="download.php?file=' . $realname . '"> ' . $user_filename . ' </a>';
if (($current_forum['allow_edit'] == 1 && $row['user_id'] == $_user['user_id']) || if (($current_forum['allow_edit'] == 1 && $row['user_id'] == $_user['user_id']) ||
(api_is_allowed_to_edit(false, true) && !(api_is_course_coach() && $current_forum['session_id'] != $sessionId)) (api_is_allowed_to_edit(false, true) && !(api_is_course_coach() && $current_forum['session_id'] != $sessionId))
) { ) {
echo '&nbsp;&nbsp;<a href="' . api_get_self() . '?' . api_get_cidreq() . '&amp;origin=' $html .= '&nbsp;&nbsp;<a href="' . api_get_self() . '?' . api_get_cidreq() . '&amp;origin='
. Security::remove_XSS($_GET['origin']) . '&amp;action=delete_attach&amp;id_attach=' . Security::remove_XSS($_GET['origin']) . '&amp;action=delete_attach&amp;id_attach='
. $attachment['id'] . '&amp;forum=' . $clean_forum_id . '&amp;thread=' . $clean_thread_id . $attachment['id'] . '&amp;forum=' . $clean_forum_id . '&amp;thread=' . $clean_thread_id
. '" onclick="javascript:if(!confirm(\'' . '" onclick="javascript:if(!confirm(\''
@ -306,7 +306,7 @@ if (isset($current_thread['thread_id'])) {
. Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL)
. '</a><br />'; . '</a><br />';
} }
echo '<span class="forum_attach_comment" >' . $attachment['comment'] . '</span>'; $html .= '<span class="forum_attach_comment" >' . $attachment['comment'] . '</span>';
} }
} }

17
main/forum/viewthread_nested.inc.php
Unescape View File

@ -83,7 +83,7 @@ foreach ($rows as $post) {
// get attach id // get attach id
$attachment_list = get_attachment($post['post_id']); $attachment_list = get_attachment($post['post_id']);
$id_attach = !empty($attachment_list) ? $attachment_list['id'] : ''; $id_attach = !empty($attachment_list) ? $attachment_list['iid'] : '';
$iconEdit = ''; $iconEdit = '';
// The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum // The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum
@ -266,20 +266,19 @@ foreach ($rows as $post) {
$attachment_list = getAllAttachment($post['post_id']); $attachment_list = getAllAttachment($post['post_id']);
if (!empty($attachment_list) && is_array($attachment_list)) { if (!empty($attachment_list) && is_array($attachment_list)) {
foreach ($attachment_list as $attachment) { foreach ($attachment_list as $attachment) {
echo '<tr><td height="50%">';
$realname = $attachment['path']; $realname = $attachment['path'];
$user_filename = $attachment['filename']; $user_filename = $attachment['filename'];
echo Display::return_icon('attachment.gif', get_lang('Attachment')); $html .= Display::return_icon('attachment.gif', get_lang('Attachment'));
echo '<a href="download.php?file='; $html .= '<a href="download.php?file=';
echo $realname; $html .= $realname;
echo ' "> ' . $user_filename . ' </a>'; $html .= ' "> ' . $user_filename . ' </a>';
echo '<span class="forum_attach_comment" >' . $attachment['comment'] . '</span>'; $html .= '<span class="forum_attach_comment" >' . $attachment['comment'] . '</span>';
if (($current_forum['allow_edit'] == 1 && $post['user_id'] == $userId) || if (($current_forum['allow_edit'] == 1 && $post['user_id'] == $userId) ||
(api_is_allowed_to_edit(false, true) && !(api_is_course_coach() && $current_forum['session_id'] != $sessionId)) (api_is_allowed_to_edit(false, true) && !(api_is_course_coach() && $current_forum['session_id'] != $sessionId))
) { ) {
echo '&nbsp;&nbsp;<a href="' . api_get_self() . '?' . api_get_cidreq() . '&origin=' $html .= '&nbsp;&nbsp;<a href="' . api_get_self() . '?' . api_get_cidreq() . '&origin='
. Security::remove_XSS($_GET['origin']) . '&action=delete_attach&id_attach=' . Security::remove_XSS($_GET['origin']) . '&action=delete_attach&id_attach='
. $attachment['id'] . '&forum=' . $clean_forum_id . '&thread=' . $clean_thread_id . $attachment['iid'] . '&forum=' . $clean_forum_id . '&thread=' . $clean_thread_id
. '" onclick="javascript:if(!confirm(\'' . '" onclick="javascript:if(!confirm(\''
. addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)) . '\')) return false;">' . addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)) . '\')) return false;">'
. Display::return_icon('delete.gif', get_lang('Delete')) . '</a><br />'; . Display::return_icon('delete.gif', get_lang('Delete')) . '</a><br />';

1
main/inc/ajax/forum.ajax.php
Unescape View File

@ -25,6 +25,7 @@ $action = isset($_REQUEST['a']) ? $_REQUEST['a'] : null;
$current_forum = get_forum_information($_REQUEST['forum']); $current_forum = get_forum_information($_REQUEST['forum']);
$current_forum_category = get_forumcategory_information($current_forum['forum_category']); $current_forum_category = get_forumcategory_information($current_forum['forum_category']);
$current_thread = get_thread_information($_REQUEST['thread']);
// Check if exist action // Check if exist action
if (!empty($action)) { if (!empty($action)) {

Write Preview
Loading…
Cancel
Save