function unpack_zip_inner($zipfile, $clone) {
    global $webDir, $uid;

    require_once 'include/lib/fileUploadLib.inc.php';

    $zip = new pclZip($zipfile);
    if (!$clone) {
        validateUploadedZipFile($zip->listContent(), 3);
    }

    $destdir = $webDir . '/courses/tmpUnzipping/' . $uid;
    if (!is_dir($destdir)) {
        mkdir($destdir, 0755);
    }
    chdir($destdir);
    $zip->extract();

    $retArr = array();
    foreach (find_backup_folders($destdir) as $folder) {
        $retArr[] = array(
            'path' => $folder['path'] . '/' . $folder['dir'],
            'file' => $folder['dir'],
            'course' => preg_replace('|^.*/|', '', $folder['path'])
        );
    }
    
    chdir($webDir);
    return $retArr;
}
Beispiel #2
0
 $action_message = $dialogBox = '';
 if (isset($_FILES['userFile']) and is_uploaded_file($_FILES['userFile']['tmp_name'])) {
     validateUploadedFile($_FILES['userFile']['name'], $menuTypeID);
     $extra_path = '';
     $userFile = $_FILES['userFile']['tmp_name'];
     // check for disk quotas
     $diskUsed = dir_total_space($basedir);
     if ($diskUsed + @$_FILES['userFile']['size'] > $diskQuotaDocument) {
         $action_message .= "<div class='alert alert-danger'>{$langNoSpace}</div>";
     } else {
         if (unwanted_file($_FILES['userFile']['name'])) {
             $action_message .= "<div class='alert alert-danger'>{$langUnwantedFiletype}: " . q($_FILES['userFile']['name']) . "</div>";
         } elseif (isset($_POST['uncompress']) and $_POST['uncompress'] == 1 and preg_match('/\\.zip$/i', $_FILES['userFile']['name'])) {
             /* ** Unzipping stage ** */
             $zipFile = new pclZip($userFile);
             validateUploadedZipFile($zipFile->listContent(), $menuTypeID);
             $realFileSize = 0;
             $zipFile->extract(PCLZIP_CB_PRE_EXTRACT, 'process_extracted_file');
             if ($diskUsed + $realFileSize > $diskQuotaDocument) {
                 $action_message .= "<div class='alert alert-danger'>{$langNoSpace}</div>";
             } else {
                 $action_message .= "<div class='alert alert-success'>{$langDownloadAndZipEnd}</div><br />";
             }
         } else {
             $fileName = canonicalize_whitespace($_FILES['userFile']['name']);
             $uploaded = true;
         }
     }
 } elseif (isset($_POST['fileURL']) and $fileURL = trim($_POST['fileURL'])) {
     $extra_path = canonicalize_url($fileURL);
     if (preg_match('/^javascript/', $extra_path)) {
Beispiel #3
0
if (!$is_editor) {
    redirect_to_home_page();
} else {
    $title = trim(@$_POST['title']);
    if (empty($title)) {
        Session::Messages($langFieldsMissing, 'alert-danger');
        redirect_to_home_page("modules/ebook/index.php?course=$course_code&create=1");
    }
    if (isset($_FILES['file']['name']) and !$_FILES['file']['error']) {
        if (!preg_match('/\.zip$/i', $_FILES['file']['name'])) {
            Session::Messages("$langUnwantedFiletype: " . $_FILES['file']['name'], 'alert-danger');
            redirect_to_home_page("modules/ebook/index.php?course=$course_code&create=1");
        }
        validateUploadedFile($_FILES['file']['name'], 2);
        $zipFile = new pclZip($_FILES['file']['tmp_name']);
        validateUploadedZipFile($zipFile->listContent(), 2);
    }

    $order = Database::get()->querySingle("SELECT COALESCE(MAX(`order`), 1) AS `order` FROM ebook WHERE course_id = ?d", $course_id)->order;
    $ebook_id = Database::get()->query("INSERT INTO ebook SET `order` = ?d, `course_id` = ?d, `title` = ?s, `visible` = 1", $order + 1, $course_id, $title)->lastInsertID;
    Database::get()->query("INSERT INTO ebook_section SET ebook_id = ?d,
                                                    public_id = ?s,
                                                    title = ?s"
            , $ebook_id, '1', $langSection.' 1');
    // Initialize document subsystem global variables
    require_once 'modules/document/doc_init.php';
    require_once 'include/log.php';

    if (!mkdir($basedir, 0775, true)) {
        Database::get()->query("DELETE FROM ebook WHERE course_id = ?d AND id = ?d", $course_id, $ebook_id);
        Session::Messages($langImpossible, 'alert-danger');