diff --git a/main/work/download.php b/main/work/download.php index 56b88e2201..fb7805dc7e 100644 --- a/main/work/download.php +++ b/main/work/download.php @@ -37,7 +37,8 @@ if (empty($course_info)) { $tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION); if (!empty($course_info['real_id'])) { - $sql = 'SELECT * FROM '.$tbl_student_publication.' WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"'; + $sql = 'SELECT * FROM '.$tbl_student_publication.' + WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"'; $result = Database::query($sql); if ($result && Database::num_rows($result)) { $row = Database::fetch_array($result, 'ASSOC'); @@ -48,7 +49,7 @@ if (!empty($course_info['real_id'])) { allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']); if (empty($item_info)) { - exit; + api_not_allowed(); } /* @@ -84,7 +85,14 @@ if (!empty($course_info['real_id'])) { //|| (!$doc_visible_for_all && $work_is_visible && $student_is_owner_of_work) || ($student_is_owner_of_work) || ($doc_visible_for_all && $work_is_visible)) { - $title = str_replace(' ', '_', $row['title']); + + $title = $row['title']; + + if (array_key_exists('filename', $row) && !empty($row['filename'])) { + $title = $row['filename']; + } + + $title = str_replace(' ', '_', $title); event_download($title); if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH).api_get_course_path().'/')) { DocumentManager::file_send_for_download($full_file_name, true, $title); diff --git a/main/work/downloadfolder.inc.php b/main/work/downloadfolder.inc.php index fc36aba045..93ea9eecfe 100644 --- a/main/work/downloadfolder.inc.php +++ b/main/work/downloadfolder.inc.php @@ -52,9 +52,14 @@ $prop_table = Database::get_course_table(TABLE_ITEM_PROPERTY); $files = array(); $course_id = api_get_course_int_id(); +$filenameCondition = null; +if (array_key_exists('filename', $work_data)) { + $filenameCondition = ", filename"; +} + if (api_is_allowed_to_edit()) { //Search for all files that are not deleted => visibility != 2 - $sql = "SELECT DISTINCT url, title, description, insert_user_id, insert_date, contains_file + $sql = "SELECT DISTINCT url, title, description, insert_user_id, insert_date, contains_file $filenameCondition FROM $tbl_student_publication AS work INNER JOIN $prop_table AS props ON ( props.c_id = $course_id AND @@ -85,7 +90,7 @@ if (api_is_allowed_to_edit()) { } //for other users, we need to create a zipfile with only visible files and folders - $sql = "SELECT DISTINCT url, title, description, insert_user_id, insert_date, contains_file + $sql = "SELECT DISTINCT url, title, description, insert_user_id, insert_date, contains_file $filenameCondition FROM $tbl_student_publication AS work INNER JOIN $prop_table AS props ON (props.c_id = $course_id AND work.c_id = $course_id AND @@ -109,20 +114,40 @@ while ($not_deleted_file = Database::fetch_assoc($query)) { $user_info = api_get_user_info($not_deleted_file['insert_user_id']); $insert_date = api_get_local_time($not_deleted_file['insert_date']); $insert_date = str_replace(array(':','-', ' '), '_', $insert_date); - $filename = $insert_date.'_'.$user_info['username'].'_'.basename($not_deleted_file['title']); + + $title = basename($not_deleted_file['title']); + if (!empty($filenameCondition)) { + if (isset($not_deleted_file['filename']) && !empty($not_deleted_file['filename'])) { + $title = $not_deleted_file['filename']; + } + } + + $filename = $insert_date.'_'.$user_info['username'].'_'.$title; if (file_exists($sys_course_path.$_course['path'].'/'.$not_deleted_file['url']) && !empty($not_deleted_file['url'])) { $files[basename($not_deleted_file['url'])] = $filename; - $zip_folder->add($sys_course_path.$_course['path'].'/'.$not_deleted_file['url'], PCLZIP_OPT_REMOVE_PATH, $sys_course_path.$_course['path'].'/work', PCLZIP_CB_PRE_ADD, 'my_pre_add_callback'); + $zip_folder->add( + $sys_course_path.$_course['path'].'/'.$not_deleted_file['url'], + PCLZIP_OPT_REMOVE_PATH, + $sys_course_path.$_course['path'].'/work', + PCLZIP_CB_PRE_ADD, + 'my_pre_add_callback' + ); } - //Convert texts in html files + // Convert texts in html files if ($not_deleted_file['contains_file'] == 0) { $filename = trim($filename).".html"; $work_temp = api_get_path(SYS_ARCHIVE_PATH).api_get_unique_id().'_'.$filename; file_put_contents($work_temp, $not_deleted_file['description']); $files[basename($work_temp)] = $filename; - $zip_folder->add($work_temp, PCLZIP_OPT_REMOVE_PATH, api_get_path(SYS_ARCHIVE_PATH), PCLZIP_CB_PRE_ADD, 'my_pre_add_callback'); + $zip_folder->add( + $work_temp, + PCLZIP_OPT_REMOVE_PATH, + api_get_path(SYS_ARCHIVE_PATH), + PCLZIP_CB_PRE_ADD, + 'my_pre_add_callback' + ); @unlink($work_temp); } } @@ -146,12 +171,12 @@ if (!empty($files)) { /* Extra function (only used here) */ function my_pre_add_callback($p_event, &$p_header) { - global $files; - if (isset($files[basename($p_header['stored_filename'])])) { - $p_header['stored_filename'] = $files[basename($p_header['stored_filename'])]; - return 1; - } - return 0; + global $files; + if (isset($files[basename($p_header['stored_filename'])])) { + $p_header['stored_filename'] = $files[basename($p_header['stored_filename'])]; + return 1; + } + return 0; } /** @@ -163,13 +188,13 @@ function my_pre_add_callback($p_event, &$p_header) { * @return difference between the two arrays */ function diff($arr1, $arr2) { - $res = array(); - $r = 0; - foreach ($arr1 as $av) { - if (!in_array($av, $arr2)) { - $res[$r] = $av; - $r++; - } - } - return $res; + $res = array(); + $r = 0; + foreach ($arr1 as $av) { + if (!in_array($av, $arr2)) { + $res[$r] = $av; + $r++; + } + } + return $res; } diff --git a/main/work/upload.php b/main/work/upload.php index 669b7fa6e3..f7d854e25d 100644 --- a/main/work/upload.php +++ b/main/work/upload.php @@ -194,6 +194,8 @@ if ($form->validate()) { // Check the token inserted into the form + $filename = null; + if (isset($_POST['submitWork'])) { $url = null; $contains_file = 0; @@ -205,13 +207,13 @@ if ($form->validate()) { $updir = $currentCourseRepositorySys.'work/'; //directory path to upload // Try to add an extension to the file if it has'nt one - $new_file_name = add_ext_on_mime(stripslashes($_FILES['file']['name']), $_FILES['file']['type']); + $filename = add_ext_on_mime(stripslashes($_FILES['file']['name']), $_FILES['file']['type']); // Replace dangerous characters - $new_file_name = replace_dangerous_char($new_file_name, 'strict'); + $filename = replace_dangerous_char($filename, 'strict'); // Transform any .php file in .phps fo security - $new_file_name = php2phps($new_file_name); + $filename = php2phps($filename); $filesize = filesize($_FILES['file']['tmp_name']); @@ -269,6 +271,11 @@ if ($form->validate()) { Database::query($sql_add_publication); $id = Database::insert_id(); + + if ($id && array_key_exists('filename', $my_folder_data) && !empty($filename)) { + $sql = "UPDATE $work_table SET filename = '$filename' WHERE c_id = $course_id AND id = $id"; + Database::query($sql); + } } if ($id) {