chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r19320] fix delete documents outside of courses

Browse Source
skala
Juan Carlos Raña 17 years ago
parent 8ac0ed7206
commit ff23d2438d
1 changed files with 133 additions and 106 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 239
      main/inc/lib/fckeditor/editor/plugins/ajaxfilemanager/ajax_delete_file.php

239
main/inc/lib/fckeditor/editor/plugins/ajaxfilemanager/ajax_delete_file.php
Unescape View File

@ -34,65 +34,78 @@
&& isValidPattern(CONFIG_SYS_INC_DIR_PATTERN, getBaseName($_GET['delete']))
&& !isInvalidPattern(CONFIG_SYS_EXC_DIR_PATTERN, getBaseName($_GET['delete'])))
{
/////////////bridge to Dokeos by Juan Carlos Raña Trabado
//find path
$mainPath='../../../../../../../courses/'.$_course['path'].'/document/';//get Dokeos
$fullPath = $_GET['delete']; //get Ajaxfilemanager
$dokeosPath = substr($fullPath, strlen($mainPath)-strlen($fullPath)-1,-1);
//find base_work_dir
$course_dir = $_course['path']."/document";//get Dokeos
$sys_course_path = api_get_path(SYS_COURSE_PATH);//get Dokeos
$base_work_dir = $sys_course_path.$course_dir; // sample c:/xampp/htdocs/dokeos2009beta/courses/JUAN2009/document
//delete directory
//check protect directories
if ($dokeosPath!='/audio' && $dokeosPath!='/flash' && $dokeosPath!='/images' && $dokeosPath!='/shared_folder' && $dokeosPath!='/video')
{
if(! $is_allowed_to_edit && DocumentManager::check_readonly($_course,api_get_user_id(),$dokeosPath))
{
$error=get_lang('CantDeleteReadonlyFiles'); //From Dokeos to Ajaxfilemanager
}
else
{
$deleted= DocumentManager::delete_document($_course,$dokeosPath,$base_work_dir); //deleted by Dokeos
//$file->delete(addTrailingSlash(backslashToSlash($doc))); // disabled deleted by ajaxfilemanager
}
}
else
{
$error=get_lang('ProtectFolder'); //From Dokeos to Ajaxfilemanager
}
//////end bridge to Dokeos
/////////////bridge to Dokeos by Juan Carlos Raña Trabado
if(!empty($_course['path']))
{
//find path
$mainPath='../../../../../../../courses/'.$_course['path'].'/document/';//get Dokeos
$fullPath = $_GET['delete']; //get Ajaxfilemanager
$dokeosPath = substr($fullPath, strlen($mainPath)-strlen($fullPath)-1,-1);
//find base_work_dir
$course_dir = $_course['path']."/document";//get Dokeos
$sys_course_path = api_get_path(SYS_COURSE_PATH);//get Dokeos
$base_work_dir = $sys_course_path.$course_dir; // sample c:/xampp/htdocs/dokeos2009beta/courses/JUAN2009/document
//delete directory
//check protect directories
if ($dokeosPath!='/audio' && $dokeosPath!='/flash' && $dokeosPath!='/images' && $dokeosPath!='/shared_folder' && $dokeosPath!='/video')
{
if(! $is_allowed_to_edit && DocumentManager::check_readonly($_course,api_get_user_id(),$dokeosPath))
{
$error=get_lang('CantDeleteReadonlyFiles'); //From Dokeos to Ajaxfilemanager
}
else
{
$deleted= DocumentManager::delete_document($_course,$dokeosPath,$base_work_dir); //deleted by Dokeos
//$file->delete(addTrailingSlash(backslashToSlash($doc))); // disabled deleted by ajaxfilemanager
}
}
else
{
$error=get_lang('ProtectFolder'); //From Dokeos to Ajaxfilemanager
}
}
else
{
$file->delete(addTrailingSlash(backslashToSlash($doc)));//deleted by ajaxfilemanager
}
//////end bridge to Dokeos
}elseif(is_file($_GET['delete'])
&& isValidPattern(CONFIG_SYS_INC_FILE_PATTERN, getBaseName($_GET['delete']))
&& !isInvalidPattern(CONFIG_SYS_EXC_FILE_PATTERN, getBaseName($_GET['delete']))
)
{
/////////////bridge to Dokeos by Juan Carlos Raña Trabado
//find path
$mainPath='../../../../../../../courses/'.$_course['path'].'/document/';//get Dokeos
$fullPath = $_GET['delete']; //get Ajaxfilemanager
$dokeosPath = substr($fullPath, strlen($mainPath)-strlen($fullPath)-1);
//find base_work_dir
$course_dir = $_course['path']."/document";//get Dokeos
$sys_course_path = api_get_path(SYS_COURSE_PATH);//get Dokeos
$base_work_dir = $sys_course_path.$course_dir; // sample c:/xampp/htdocs/dokeos2009beta/courses/JUAN2009/document
//delete file
if(! $is_allowed_to_edit && DocumentManager::check_readonly($_course,api_get_user_id(),$dokeosPath))
{
$error=get_lang('CantDeleteReadonlyFiles'); //From Dokeos to Ajaxfilemanager
}
else
{
$deleted= DocumentManager::delete_document($_course,$dokeosPath,$base_work_dir); //deleted by Dokeos
//$file->delete(($_GET['delete'])); // disabled deleted by ajaxfilemanager
}
//////end bridge to Dokeos
{
/////////////bridge to Dokeos by Juan Carlos Raña Trabado
if(!empty($_course['path']))
{
//find path
$mainPath='../../../../../../../courses/'.$_course['path'].'/document/';//get Dokeos
$fullPath = $_GET['delete']; //get Ajaxfilemanager
$dokeosPath = substr($fullPath, strlen($mainPath)-strlen($fullPath)-1);
//find base_work_dir
$course_dir = $_course['path']."/document";//get Dokeos
$sys_course_path = api_get_path(SYS_COURSE_PATH);//get Dokeos
$base_work_dir = $sys_course_path.$course_dir; // sample c:/xampp/htdocs/dokeos2009beta/courses/JUAN2009/document
//delete file
if(! $is_allowed_to_edit && DocumentManager::check_readonly($_course,api_get_user_id(),$dokeosPath))
{
$error=get_lang('CantDeleteReadonlyFiles'); //From Dokeos to Ajaxfilemanager
}
else
{
$deleted= DocumentManager::delete_document($_course,$dokeosPath,$base_work_dir); //deleted by Dokeos
//$file->delete(($_GET['delete'])); // disabled deleted by ajaxfilemanager
}
}
else
{
$file->delete(($_GET['delete']));//deleted by ajaxfilemanager
}
//////end bridge to Dokeos
}
}
}else
@ -115,64 +128,78 @@
&& isValidPattern(CONFIG_SYS_INC_DIR_PATTERN, $doc)
&& !isInvalidPattern(CONFIG_SYS_EXC_DIR_PATTERN, $doc))
{
/////////////bridge to Dokeos by Juan Carlos Raña Trabado
//find path
$mainPath='../../../../../../../courses/'.$_course['path'].'/document/';//get Dokeos
$fullPath = $doc; //get Ajaxfilemanager
$dokeosPath = substr($fullPath, strlen($mainPath)-strlen($fullPath)-1,-1);
//find base_work_dir
$course_dir = $_course['path']."/document";//get Dokeos
$sys_course_path = api_get_path(SYS_COURSE_PATH);//get Dokeos
$base_work_dir = $sys_course_path.$course_dir; // sample c:/xampp/htdocs/dokeos2009beta/courses/JUAN2009/document
//delete directory
//check protect directories
if ($dokeosPath!='/audio' && $dokeosPath!='/flash' && $dokeosPath!='/images' && $dokeosPath!='/shared_folder' && $dokeosPath!='/video')
{
if(! $is_allowed_to_edit && DocumentManager::check_readonly($_course,api_get_user_id(),$dokeosPath))
{
$error=get_lang('CantDeleteReadonlyFiles'); //From Dokeos to Ajaxfilemanager
}
else
{
$deleted= DocumentManager::delete_document($_course,$dokeosPath,$base_work_dir); //deleted by Dokeos
//$file->delete(addTrailingSlash(backslashToSlash($doc))); // disabled deleted by ajaxfilemanager
}
}
else
{
$error=get_lang('ProtectFolder'); //From Dokeos to Ajaxfilemanager
}
//////end bridge to Dokeos
/////////////bridge to Dokeos by Juan Carlos Raña Trabado
if(!empty($_course['path']))
{
//find path
$mainPath='../../../../../../../courses/'.$_course['path'].'/document/';//get Dokeos
$fullPath = $doc; //get Ajaxfilemanager
$dokeosPath = substr($fullPath, strlen($mainPath)-strlen($fullPath)-1,-1);
//find base_work_dir
$course_dir = $_course['path']."/document";//get Dokeos
$sys_course_path = api_get_path(SYS_COURSE_PATH);//get Dokeos
$base_work_dir = $sys_course_path.$course_dir; // sample c:/xampp/htdocs/dokeos2009beta/courses/JUAN2009/document
//delete directory
//check protect directories
if ($dokeosPath!='/audio' && $dokeosPath!='/flash' && $dokeosPath!='/images' && $dokeosPath!='/shared_folder' && $dokeosPath!='/video')
{
if(! $is_allowed_to_edit && DocumentManager::check_readonly($_course,api_get_user_id(),$dokeosPath))
{
$error=get_lang('CantDeleteReadonlyFiles'); //From Dokeos to Ajaxfilemanager
}
else
{
$deleted= DocumentManager::delete_document($_course,$dokeosPath,$base_work_dir); //deleted by Dokeos
//$file->delete(addTrailingSlash(backslashToSlash($doc))); // disabled deleted by ajaxfilemanager
}
}
else
{
$error=get_lang('ProtectFolder'); //From Dokeos to Ajaxfilemanager
}
}
else
{
$file->delete(addTrailingSlash(backslashToSlash($doc)));//deleted by ajaxfilemanager
}
//////end bridge to Dokeos
}elseif(is_file($doc)
&& isValidPattern(CONFIG_SYS_INC_FILE_PATTERN, $doc)
&& !isInvalidPattern(CONFIG_SYS_EXC_FILE_PATTERN, $doc)
)
{
/////////////bridge to Dokeos by Juan Carlos Raña Trabado
//find path
$mainPath='../../../../../../../courses/'.$_course['path'].'/document/';//get Dokeos
$fullPath = $doc; //get Ajaxfilemanager
$dokeosPath = substr($fullPath, strlen($mainPath)-strlen($fullPath)-1);
//find base_work_dir
$course_dir = $_course['path']."/document";//get Dokeos
$sys_course_path = api_get_path(SYS_COURSE_PATH);//get Dokeos
$base_work_dir = $sys_course_path.$course_dir; // sample c:/xampp/htdocs/dokeos2009beta/courses/JUAN2009/document
//delete file
if(! $is_allowed_to_edit && DocumentManager::check_readonly($_course,api_get_user_id(),$dokeosPath))
{
$error=get_lang('CantDeleteReadonlyFiles'); //From Dokeos to Ajaxfilemanager
}
else
{
$deleted= DocumentManager::delete_document($_course,$dokeosPath,$base_work_dir); //deleted by Dokeos
//$file->delete($doc); // disabled deleted by ajaxfilemanager
}
//////end bridge to Dokeos
/////////////bridge to Dokeos by Juan Carlos Raña Trabado
if(!empty($_course['path']))
{
//find path
$mainPath='../../../../../../../courses/'.$_course['path'].'/document/';//get Dokeos
$fullPath = $doc; //get Ajaxfilemanager
$dokeosPath = substr($fullPath, strlen($mainPath)-strlen($fullPath)-1);
//find base_work_dir
$course_dir = $_course['path']."/document";//get Dokeos
$sys_course_path = api_get_path(SYS_COURSE_PATH);//get Dokeos
$base_work_dir = $sys_course_path.$course_dir; // sample c:/xampp/htdocs/dokeos2009beta/courses/JUAN2009/document
//delete file
if(! $is_allowed_to_edit && DocumentManager::check_readonly($_course,api_get_user_id(),$dokeosPath))
{
$error=get_lang('CantDeleteReadonlyFiles'); //From Dokeos to Ajaxfilemanager
}
else
{
$deleted= DocumentManager::delete_document($_course,$dokeosPath,$base_work_dir); //deleted by Dokeos
//$file->delete($doc); // disabled deleted by ajaxfilemanager
}
}
else
{
$file->delete($doc); //deleted by ajaxfilemanager
}
//////end bridge to Dokeos
}
}

Write Preview
Loading…
Cancel
Save