diff --git a/main/forum/forumfunction.inc.php b/main/forum/forumfunction.inc.php
index a7bdf92b48..560622a1ad 100755
--- a/main/forum/forumfunction.inc.php
+++ b/main/forum/forumfunction.inc.php
@@ -85,15 +85,16 @@ $(function () {
}
}
});
- enableDeleteFile();
});
";
// Recover Thread ID, will be used to generate delete attachment URL to do ajax
$threadId = isset($_REQUEST['thread']) ? intval($_REQUEST['thread']) : 0;
+$forumId = isset($_REQUEST['forum']) ? intval($_REQUEST['forum']) : 0;
+
// The next javascript script is to delete file by ajax
$htmlHeadXtra[] = '';
/**
@@ -219,8 +221,6 @@ function show_add_forumcategory_form($inputvalues = array(), $lp_id)
// Setting the form elements.
$form->addElement('header', '', get_lang('AddForumCategory'));
$form->addElement('text', 'forum_category_title', get_lang('Title'), 'class="input_titles" id="category_title"');
-
- //$form->applyFilter('forum_category_title', 'html_filter');
$form->addElement('html_editor', 'forum_category_comment', get_lang('Description'), null, array('ToolbarSet' => 'Forum', 'Width' => '98%', 'Height' => '200'));
//$form->applyFilter('forum_category_comment', 'html_filter');
@@ -4951,8 +4951,8 @@ function getAttachmentsAjaxTable($postId = null)
* @param null $courseId
* @return array
*/
-function getAttachedFiles($forumId, $threadId, $postId = null, $attachId = null, $courseId = null) {
- // Init values
+function getAttachedFiles($forumId, $threadId, $postId = null, $attachId = null, $courseId = null)
+{
$forumId = intval($forumId);
$courseId = intval($courseId);
$attachId = intval($attachId);
@@ -4983,14 +4983,17 @@ function getAttachedFiles($forumId, $threadId, $postId = null, $attachId = null,
$filter = "AND post_id = $postId AND id = $attachId";
}
$forumAttachmentTable = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
- $sql = "SELECT id, comment, filename, path, size FROM $forumAttachmentTable WHERE c_id = $courseId $filter";
+ $sql = "SELECT id, comment, filename, path, size
+ FROM $forumAttachmentTable
+ WHERE c_id = $courseId $filter";
$result = Database::query($sql);
+ $json = array();
if ($result !== false && Database::num_rows($result) > 0) {
while ($row = Database::fetch_array($result, 'ASSOC')) {
// name contains an URL to download attachment file and its filename
$json['name'] = Display::url(
api_htmlentities($row['filename']),
- api_get_path(WEB_CODE_PATH) . 'forum/download.php?file='.$row['path'],
+ api_get_path(WEB_CODE_PATH) . 'forum/download.php?file='.$row['path'].'&'.api_get_cidreq(),
array('target'=>'_blank', 'class' => 'attachFilename')
);
$json['id'] = $row['id'];
@@ -4999,12 +5002,14 @@ function getAttachedFiles($forumId, $threadId, $postId = null, $attachId = null,
$json['size'] = format_file_size($row['size']);
// Check if $row is consistent
if (!empty($row) && is_array($row)) {
- // Set result as succes and bring delete URL
+ // Set result as success and bring delete URL
$json['result'] = Display::return_icon('accept.png', get_lang('Uploaded'));
- $json['delete'] = '' .
- Display::return_icon('delete.png',get_lang('Delete'), array(), ICON_SIZE_SMALL) . '';
+ $url = api_get_path(WEB_CODE_PATH) . 'forum/viewthread.php?' . api_get_cidreq() . '&action=delete_attach&forum=' . $forumId . '&thread=' . $threadId.'&id_attach=' . $row['id'];
+ $json['delete'] = Display::url(
+ Display::return_icon('delete.png',get_lang('Delete'), array(), ICON_SIZE_SMALL),
+ $url,
+ array('class' => 'deleteLink')
+ );
} else {
// If not, set an exclamation result
$json['result'] = Display::return_icon('exclamation.png', get_lang('Error'));
diff --git a/main/inc/ajax/forum.ajax.php b/main/inc/ajax/forum.ajax.php
index a14605c9d9..b8b679cadd 100644
--- a/main/inc/ajax/forum.ajax.php
+++ b/main/inc/ajax/forum.ajax.php
@@ -1,16 +1,18 @@
*/
-/**
- * Init
- */
require_once '../global.inc.php';
require_once api_get_path(LIBRARY_PATH).'document.lib.php';
+require_once api_get_path(SYS_CODE_PATH) . 'forum/forumfunction.inc.php';
+
+// First, protect this script
+api_protect_course_script(false);
/**
* Main code
@@ -21,13 +23,14 @@ $json = array(
'errorMessage' => 'ERROR',
);
$action = isset($_REQUEST['a']) ? $_REQUEST['a'] : null;
+
+$current_forum = get_forum_information($_REQUEST['forum']);
+$current_forum_category = get_forumcategory_information($current_forum['forum_category']);
+
// Check if exist action
if (!empty($action)) {
- require_once api_get_path(SYS_CODE_PATH) . 'forum/forumfunction.inc.php';
- switch($action) {
+ switch ($action) {
case 'upload_file':
- // First, protect this script
- api_protect_course_script(false);
if (!empty($_FILES) && !empty($_REQUEST['forum'])) {
// The user is not allowed here if
// 1. the forum category, forum or thread is invisible (visibility==0)
@@ -35,15 +38,27 @@ if (!empty($action)) {
// 3. if anonymous posts are not allowed
// The only exception is the course manager
// They are several pieces for clarity.
- if (!api_is_allowed_to_edit(null, true) AND (($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0)) {
+ if (!api_is_allowed_to_edit(null, true) AND
+ (
+ ($current_forum_category && $current_forum_category['visibility'] == 0) OR
+ $current_forum['visibility'] == 0
+ )
+ ) {
$json['errorMessage'] = '1. the forum category, forum or thread is invisible (visibility==0)';
break;
}
- if (!api_is_allowed_to_edit(null, true) AND (($current_forum_category && $current_forum_category['locked'] <> 0 ) OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0)) {
+ if (!api_is_allowed_to_edit(null, true) AND
+ (
+ ($current_forum_category && $current_forum_category['locked'] <> 0) OR
+ $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0
+ )
+ ) {
$json['errorMessage'] = '2. the forum category, forum or thread is locked (locked <>0)';
break;
}
- if (api_is_anonymous() AND $current_forum['allow_anonymous'] == 0) {
+ if (api_is_anonymous() AND
+ $current_forum['allow_anonymous'] == 0
+ ) {
$json['errorMessage'] = '3. if anonymous posts are not allowed';
break;
}
@@ -56,12 +71,23 @@ if (!empty($action)) {
$json['thread'] = $threadId;
$postId = isset($_REQUEST['postId'])? intval($_REQUEST['postId']) : null;
$json['postId'] = $postId;
- if (!empty($courseId) && !is_null($forumId) && !is_null($threadId) && !is_null($postId)) {
+
+ if (!empty($courseId) &&
+ !is_null($forumId) &&
+ !is_null($threadId) &&
+ !is_null($postId)
+ ) {
// Save forum attachment
$attachId = add_forum_attachment_file('', $postId);
if ($attachId !== false) {
// Get prepared array of attachment data
- $array = getAttachedFiles($forumId, $threadId, $postId, $attachId, $courseId);
+ $array = getAttachedFiles(
+ $forumId,
+ $threadId,
+ $postId,
+ $attachId,
+ $courseId
+ );
// Check if array data is consistent
if (isset($array['name'])) {
$json['error'] = false;
@@ -73,8 +99,6 @@ if (!empty($action)) {
}
break;
case 'delete_file':
- // First, protect this script
- api_protect_course_script(false);
// Check if set attachment ID and thread ID
if (isset($_REQUEST['attachId']) && isset($_REQUEST['thread'])) {
api_block_course_item_locked_by_gradebook($_REQUEST['thread'], LINK_FORUM_THREAD);
@@ -85,11 +109,15 @@ if (!empty($action)) {
// 4. if editing of replies is not allowed
// The only exception is the course manager
// They are several pieces for clarity.
- if (!api_is_allowed_to_edit(null, true) AND (($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0)) {
+ if (!api_is_allowed_to_edit(null, true) AND
+ (($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0)
+ ) {
$json['errorMessage'] = '1. the forum category, forum or thread is invisible (visibility==0)';
break;
}
- if (!api_is_allowed_to_edit(null, true) AND (($current_forum_category && $current_forum_category['locked'] <> 0 ) OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0)) {
+ if (!api_is_allowed_to_edit(null, true) AND
+ (($current_forum_category && $current_forum_category['locked'] <> 0) OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0)
+ ) {
$json['errorMessage'] = '2. the forum category, forum or thread is locked (locked <>0)';
break;
}
@@ -98,7 +126,10 @@ if (!empty($action)) {
break;
}
$group_id = api_get_group_id();
- if (!api_is_allowed_to_edit(null, true) AND $current_forum['allow_edit'] == 0 && !GroupManager::is_tutor_of_group(api_get_user_id(), $group_id)) {
+ if (!api_is_allowed_to_edit(null, true) AND
+ $current_forum['allow_edit'] == 0 &&
+ !GroupManager::is_tutor_of_group(api_get_user_id(), $group_id)
+ ) {
$json['errorMessage'] = '4. if editing of replies is not allowed';
break;
}
@@ -116,8 +147,5 @@ if (!empty($action)) {
}
}
-/**
- * Display
- */
echo json_encode($json);
-exit;
\ No newline at end of file
+exit;