Fixing bug when uploading files like "document-1.png" and "document_1.png" using the "fast/ajax way" see BT#3628

14 years ago · ec3d477092
parent 7bc80f9d17
commit ec3d477092
3 changed files with 20 additions and 16 deletions
--- a/main/inc/lib/document.lib.php
+++ b/main/inc/lib/document.lib.php
@ -960,11 +960,11 @@ return 'application/octet-stream';
                        self::delete_document_from_search_engine(api_get_course_id(), $document_id);

                        while ($row = Database::fetch_array($res)) {
-                            $sqlipd = "DELETE FROM $TABLE_ITEMPROPERTY WHERE ref = ".$row['id']." AND tool='".TOOL_DOCUMENT."'";
-                            $resipd = Database::query($sqlipd);
+                            $sqlipd = "DELETE FROM $TABLE_ITEMPROPERTY WHERE c_id = $course_id AND ref = ".$row['id']." AND tool='".TOOL_DOCUMENT."'";
+                            Database::query($sqlipd);
                            self::unset_document_as_template($row['id'],api_get_course_id(), api_get_user_id());
                            $sqldd = "DELETE FROM $TABLE_DOCUMENT WHERE c_id = $course_id AND id = ".$row['id'];
-                            $resdd = Database::query($sqldd);
+                            Database::query($sqldd);
                        }
                    }
                }
@ -1015,9 +1015,9 @@ return 'application/octet-stream';
        $TABLE_DOCUMENT = Database :: get_course_table(TABLE_DOCUMENT);
        $course_id = $course_info['real_id'];
        $path = Database::escape_string($path);
-        $sql = "SELECT id FROM $TABLE_DOCUMENT WHERE c_id = $course_id AND path LIKE BINARY '$path'";
+        $sql = "SELECT id FROM $TABLE_DOCUMENT WHERE c_id = $course_id AND path LIKE BINARY '$path' LIMIT 1";
        $result = Database::query($sql);
-        if ($result && Database::num_rows($result) == 1) {
+        if ($result && Database::num_rows($result)) {
            $row = Database::fetch_array($result);
            return intval($row[0]);
        }
@ -2188,15 +2188,17 @@ return 'application/octet-stream';
            if ($upload_ok) {
                // File got on the server without problems, now process it
                $new_path = handle_uploaded_document($course_info, $files['file'], $base_work_dir, $path, api_get_user_id(), api_get_group_id(), null, $max_filled_space, $unzip, $if_exists, $show_output);
+                
                if ($new_path) {
                    $docid = DocumentManager::get_document_id($course_info, $new_path);
+                    
                    if (!empty($docid)) {
                    	$table_document = Database::get_course_table(TABLE_DOCUMENT);
 						$params = array();
                        if (!empty($title)) {                        	
-                        	$params['title'] = trim($title);
+                        	$params['title'] = get_document_title($title);
                        } else {
-                        	$params['title']  = $files['file']['name'];
+                        	$params['title']  = get_document_title($files['file']['name']);
                        }
                        if (!empty($comment)) {
                        	$params['comment'] = trim($comment);
--- a/main/inc/lib/fileUpload.lib.php
+++ b/main/inc/lib/fileUpload.lib.php
@ -166,7 +166,7 @@ function handle_uploaded_document($_course, $uploaded_file, $base_work_dir, $upl
 	$uploaded_file['name'] = stripslashes($uploaded_file['name']);
 	// Add extension to files without one (if possible)
 	$uploaded_file['name'] = add_ext_on_mime($uploaded_file['name'], $uploaded_file['type']);
-	$current_session_id = api_get_session_id();
+	$current_session_id    = api_get_session_id();
 	
 	// Check if there is enough space to save the file
 	if (!DocumentManager::enough_space($uploaded_file['size'], $maxFilledSpace)) {
@ -180,9 +180,7 @@ function handle_uploaded_document($_course, $uploaded_file, $base_work_dir, $upl
 	if ($unzip == 1 && preg_match('/.zip$/', strtolower($uploaded_file['name']))) {
 		return unzip_uploaded_document($uploaded_file, $upload_path, $base_work_dir, $maxFilledSpace, $output, $to_group_id);
 		//display_message('Unzipping file');
-	}
-	// We can only unzip ZIP files (no gz, tar,...)
-	elseif ($unzip == 1 && !preg_match('/.zip$/', strtolower($uploaded_file['name']))) {
+	} elseif ($unzip == 1 && !preg_match('/.zip$/', strtolower($uploaded_file['name']))) { // We can only unzip ZIP files (no gz, tar,...)        
 	    if ($output) {	
            Display::display_error_message(get_lang('UplNotAZip')." ".get_lang('PleaseTryAgain'));
 	    }
@ -192,6 +190,7 @@ function handle_uploaded_document($_course, $uploaded_file, $base_work_dir, $upl
 		$clean_name = replace_dangerous_char($uploaded_file['name'], 'strict');
 		// No "dangerous" files
 		$clean_name = disable_dangerous_file($clean_name);
+        
 		if (!filter_extension($clean_name)) {
 		    if ($output){
                Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
@ -239,16 +238,17 @@ function handle_uploaded_document($_course, $uploaded_file, $base_work_dir, $upl
 						if ($file_exists) {
 							// UPDATE DATABASE
 							$document_id = DocumentManager::get_document_id($_course, $file_path);
-							if ($document_id) {
+                                               
+							if (is_numeric($document_id)) {
 								// Update filesize
 								update_existing_document($_course, $document_id, $uploaded_file['size']);
 								// Update document item_property
 								api_item_property_update($_course, TOOL_DOCUMENT, $document_id, 'DocumentUpdated', $user_id, $to_group_id, $to_user_id, null, null, $current_session_id);
 							}
 							// If the file is in a folder, we need to update all parent folders
-							item_property_update_on_folder($_course,$upload_path,$user_id);
+							item_property_update_on_folder($_course, $upload_path, $user_id);
 							// Display success message with extra info to user
-							if ($output){
+							if ($output) {
 								Display::display_confirmation_message(get_lang('UplUploadSucceeded').'<br />'.$file_path .' '. get_lang('UplFileOverwritten'), false);
 							}
 							return $file_path;
@ -307,7 +307,7 @@ function handle_uploaded_document($_course, $uploaded_file, $base_work_dir, $upl
 				// Only save the file if it doesn't exist or warn user if it does exist
 				default:
 					if (file_exists($store_path)) {
-					    if ($output){
+					    if ($output) {
 						  Display::display_error_message($clean_name.' '.get_lang('UplAlreadyExists'));
 						}
 					} else {
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -4546,7 +4546,9 @@ function replace_dangerous_char($filename, $strict = 'loose') {
    $filename = str_replace($search, $replace, $filename);
    if ($strict == 'strict') {
        //$filename = str_replace('-', '_', $filename); // See task #1848.
-        $filename = preg_replace('/[^0-9A-Za-z_.\-]/', '', $filename);
+        //$filename = preg_replace('/[^0-9A-Za-z_.\-]/', '', $filename);
+        //Removing "_" character see BT#3628
+        $filename = preg_replace('/[^0-9A-Za-z.\-]/', '', $filename);
    }

    // Length is to be limited, so the file name to be acceptable by some operating systems.