From ec3d477092f39dec15c19192497362251af3c71f Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Mon, 6 Feb 2012 14:30:56 +0100
Subject: [PATCH] Fixing bug when uploading files like "document-1.png" and
 "document_1.png" using the "fast/ajax way" see BT#3628

---
 main/inc/lib/document.lib.php   | 16 +++++++++-------
 main/inc/lib/fileUpload.lib.php | 16 ++++++++--------
 main/inc/lib/main_api.lib.php   |  4 +++-
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/main/inc/lib/document.lib.php b/main/inc/lib/document.lib.php
index f77ded29c2..51ac9e759f 100755
--- a/main/inc/lib/document.lib.php
+++ b/main/inc/lib/document.lib.php
@@ -960,11 +960,11 @@ return 'application/octet-stream';
                         self::delete_document_from_search_engine(api_get_course_id(), $document_id);
 
                         while ($row = Database::fetch_array($res)) {
-                            $sqlipd = "DELETE FROM $TABLE_ITEMPROPERTY WHERE ref = ".$row['id']." AND tool='".TOOL_DOCUMENT."'";
-                            $resipd = Database::query($sqlipd);
+                            $sqlipd = "DELETE FROM $TABLE_ITEMPROPERTY WHERE c_id = $course_id AND ref = ".$row['id']." AND tool='".TOOL_DOCUMENT."'";
+                            Database::query($sqlipd);
                             self::unset_document_as_template($row['id'],api_get_course_id(), api_get_user_id());
                             $sqldd = "DELETE FROM $TABLE_DOCUMENT WHERE c_id = $course_id AND id = ".$row['id'];
-                            $resdd = Database::query($sqldd);
+                            Database::query($sqldd);
                         }
                     }
                 }
@@ -1015,9 +1015,9 @@ return 'application/octet-stream';
         $TABLE_DOCUMENT = Database :: get_course_table(TABLE_DOCUMENT);
         $course_id = $course_info['real_id'];
         $path = Database::escape_string($path);
-        $sql = "SELECT id FROM $TABLE_DOCUMENT WHERE c_id = $course_id AND path LIKE BINARY '$path'";
+        $sql = "SELECT id FROM $TABLE_DOCUMENT WHERE c_id = $course_id AND path LIKE BINARY '$path' LIMIT 1";
         $result = Database::query($sql);
-        if ($result && Database::num_rows($result) == 1) {
+        if ($result && Database::num_rows($result)) {
             $row = Database::fetch_array($result);
             return intval($row[0]);
         }
@@ -2188,15 +2188,17 @@ return 'application/octet-stream';
             if ($upload_ok) {
                 // File got on the server without problems, now process it
                 $new_path = handle_uploaded_document($course_info, $files['file'], $base_work_dir, $path, api_get_user_id(), api_get_group_id(), null, $max_filled_space, $unzip, $if_exists, $show_output);
+                
                 if ($new_path) {
                     $docid = DocumentManager::get_document_id($course_info, $new_path);
+                    
                     if (!empty($docid)) {
                     	$table_document = Database::get_course_table(TABLE_DOCUMENT);
 						$params = array();
                         if (!empty($title)) {                        	
-                        	$params['title'] = trim($title);
+                        	$params['title'] = get_document_title($title);
                         } else {
-                        	$params['title']  = $files['file']['name'];
+                        	$params['title']  = get_document_title($files['file']['name']);
                         }
                         if (!empty($comment)) {
                         	$params['comment'] = trim($comment);
diff --git a/main/inc/lib/fileUpload.lib.php b/main/inc/lib/fileUpload.lib.php
index 412de096a1..9f39fbe7a5 100644
--- a/main/inc/lib/fileUpload.lib.php
+++ b/main/inc/lib/fileUpload.lib.php
@@ -166,7 +166,7 @@ function handle_uploaded_document($_course, $uploaded_file, $base_work_dir, $upl
 	$uploaded_file['name'] = stripslashes($uploaded_file['name']);
 	// Add extension to files without one (if possible)
 	$uploaded_file['name'] = add_ext_on_mime($uploaded_file['name'], $uploaded_file['type']);
-	$current_session_id = api_get_session_id();
+	$current_session_id    = api_get_session_id();
 	
 	// Check if there is enough space to save the file
 	if (!DocumentManager::enough_space($uploaded_file['size'], $maxFilledSpace)) {
@@ -180,9 +180,7 @@ function handle_uploaded_document($_course, $uploaded_file, $base_work_dir, $upl
 	if ($unzip == 1 && preg_match('/.zip$/', strtolower($uploaded_file['name']))) {
 		return unzip_uploaded_document($uploaded_file, $upload_path, $base_work_dir, $maxFilledSpace, $output, $to_group_id);
 		//display_message('Unzipping file');
-	}
-	// We can only unzip ZIP files (no gz, tar,...)
-	elseif ($unzip == 1 && !preg_match('/.zip$/', strtolower($uploaded_file['name']))) {
+	} elseif ($unzip == 1 && !preg_match('/.zip$/', strtolower($uploaded_file['name']))) { // We can only unzip ZIP files (no gz, tar,...)        
 	    if ($output) {	
             Display::display_error_message(get_lang('UplNotAZip')." ".get_lang('PleaseTryAgain'));
 	    }
@@ -192,6 +190,7 @@ function handle_uploaded_document($_course, $uploaded_file, $base_work_dir, $upl
 		$clean_name = replace_dangerous_char($uploaded_file['name'], 'strict');
 		// No "dangerous" files
 		$clean_name = disable_dangerous_file($clean_name);
+        
 		if (!filter_extension($clean_name)) {
 		    if ($output){
                 Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
@@ -239,16 +238,17 @@ function handle_uploaded_document($_course, $uploaded_file, $base_work_dir, $upl
 						if ($file_exists) {
 							// UPDATE DATABASE
 							$document_id = DocumentManager::get_document_id($_course, $file_path);
-							if ($document_id) {
+                                               
+							if (is_numeric($document_id)) {
 								// Update filesize
 								update_existing_document($_course, $document_id, $uploaded_file['size']);
 								// Update document item_property
 								api_item_property_update($_course, TOOL_DOCUMENT, $document_id, 'DocumentUpdated', $user_id, $to_group_id, $to_user_id, null, null, $current_session_id);
 							}
 							// If the file is in a folder, we need to update all parent folders
-							item_property_update_on_folder($_course,$upload_path,$user_id);
+							item_property_update_on_folder($_course, $upload_path, $user_id);
 							// Display success message with extra info to user
-							if ($output){
+							if ($output) {
 								Display::display_confirmation_message(get_lang('UplUploadSucceeded').'<br />'.$file_path .' '. get_lang('UplFileOverwritten'), false);
 							}
 							return $file_path;
@@ -307,7 +307,7 @@ function handle_uploaded_document($_course, $uploaded_file, $base_work_dir, $upl
 				// Only save the file if it doesn't exist or warn user if it does exist
 				default:
 					if (file_exists($store_path)) {
-					    if ($output){
+					    if ($output) {
 						  Display::display_error_message($clean_name.' '.get_lang('UplAlreadyExists'));
 						}
 					} else {
diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php
index 7564454f63..149dd64305 100644
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@@ -4546,7 +4546,9 @@ function replace_dangerous_char($filename, $strict = 'loose') {
     $filename = str_replace($search, $replace, $filename);
     if ($strict == 'strict') {
         //$filename = str_replace('-', '_', $filename); // See task #1848.
-        $filename = preg_replace('/[^0-9A-Za-z_.\-]/', '', $filename);
+        //$filename = preg_replace('/[^0-9A-Za-z_.\-]/', '', $filename);
+        //Removing "_" character see BT#3628
+        $filename = preg_replace('/[^0-9A-Za-z.\-]/', '', $filename);
     }
 
     // Length is to be limited, so the file name to be acceptable by some operating systems.