$zipFile = new pclZip($userFile); validateUploadedZipFile($zipFile->listContent(), $menuTypeID); $realFileSize = 0; $zipFile->extract(PCLZIP_CB_PRE_EXTRACT, 'process_extracted_file'); if ($diskUsed + $realFileSize > $diskQuotaDocument) { $action_message .= "<div class='alert alert-danger'>{$langNoSpace}</div>"; } else { $action_message .= "<div class='alert alert-success'>{$langDownloadAndZipEnd}</div><br />"; } } else { $fileName = canonicalize_whitespace($_FILES['userFile']['name']); $uploaded = true; } } } elseif (isset($_POST['fileURL']) and $fileURL = trim($_POST['fileURL'])) { $extra_path = canonicalize_url($fileURL); if (preg_match('/^javascript/', $extra_path)) { $action_message .= "<div class='alert alert-danger'>{$langUnwantedFiletype}: " . q($extra_path) . "</div>"; } else { $uploaded = true; } $components = explode('/', $extra_path); $fileName = end($components); } elseif (isset($_POST['file_content'])) { $extra_path = ''; $diskUsed = dir_total_space($basedir); if ($diskUsed + strlen($_POST['file_content']) > $diskQuotaDocument) { $action_message .= "<div class='alert alert-danger'>{$langNoSpace}</div>"; } else { if (isset($_POST['file_name'])) { $fileName = $_POST['file_name'];
$v->labels(array( 'term' => "$langTheField $langGlossaryTerm", 'definition' => "$langTheField $langGlossaryDefinition", 'url' => "$langTheField $langGlossaryUrl" )); if($v->validate()) { if (!isset($_POST['category_id']) || getDirectReference($_POST['category_id']) == 0) { $category_id = NULL; } else { $category_id = intval(getDirectReference($_POST['category_id'])); } if (isset($_POST['url'])) { $url = trim($_POST['url']); if (!empty($url)) { $url = canonicalize_url($url); } } else { $url = ''; } if (isset($_POST['id'])) { $id = intval(getDirectReference($_POST['id'])); $q = Database::get()->query("UPDATE glossary SET term = ?s, definition = ?s, url = ?s, notes = ?s, category_id = ?d , datestamp = NOW() WHERE id = ?d AND course_id = ?d"
/** * @brief Enter the modified info submitted from the link form into the database * @global type $course_id * @global type $langLinkMod * @global type $langLinkAdded * @global type $urllink * @global type $title * @global type $description * @global type $selectcategory * @global type $langLinkNotPermitted * @global string $state * @return type */ function submit_link() { global $course_id, $langLinkMod, $langLinkAdded, $course_code, $uid, $langSocialCategory, $urllink, $title, $description, $selectcategory, $langLinkNotPermitted, $state; register_posted_variables(array('urllink' => true, 'title' => true, 'description' => true), 'all', 'trim'); $urllink = canonicalize_url($urllink); if (!is_url_accepted($urllink,"(https?|ftp)")){ $message = $langLinkNotPermitted; if (isset($_POST['id'])) { $id = getDirectReference($_POST['id']); redirect_to_home_page("modules/link/index.php?course=$course_code&action=editlink&id=" . getIndirectReference($id) . "&urlview="); } else { redirect_to_home_page("modules/link/index.php?course=$course_code&action=addlink&urlview="); } } $set_sql = "SET url = ?s, title = ?s, description = ?s, category = ?d"; $terms = array($urllink, $title, purify($description), intval(getDirectReference($_POST['selectcategory']))); if (isset($_POST['id'])) { $id = intval(getDirectReference($_POST['id'])); Database::get()->query("UPDATE `link` $set_sql WHERE course_id = ?d AND id = ?d", $terms, $course_id, $id); $log_type = LOG_MODIFY; } else { $order = Database::get()->querySingle("SELECT MAX(`order`) as maxorder FROM `link` WHERE course_id = ?d AND category = ?d", $course_id, getDirectReference($_POST['selectcategory']))->maxorder; $order++; $id = Database::get()->query("INSERT INTO `link` $set_sql, course_id = ?d, `order` = ?d, user_id = ?d", $terms, $course_id, $order, $uid)->lastInsertID; $log_type = LOG_INSERT; } Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_LINK, $id); // find category name if ($selectcategory == -2) { $category = $langSocialCategory; } else { $category_object = Database::get()->querySingle("SELECT link_category.name as name FROM link, link_category WHERE link.category = link_category.id AND link.course_id = ?s AND link.id = ?d", $course_id, $id); $category = $category_object ? $category_object->name : 0; } $txt_description = ellipsize_html(canonicalize_whitespace(strip_tags($description)), 50, '+'); Log::record($course_id, MODULE_ID_LINKS, $log_type, @array('id' => $id, 'url' => $urllink, 'title' => $title, 'description' => $txt_description, 'category' => $category)); }
function storeDelosResources($jsonObj) { global $course_id; $submittedResources = $_POST['delosResources']; $submittedCategory = $_POST['selectcategory']; foreach ($submittedResources as $rid) { $stored = Database::get()->querySingle("SELECT id FROM videolink WHERE course_id = ?d AND category = ?d AND url LIKE '%rid=" . $rid . "'", $course_id, $submittedCategory); foreach ($jsonObj->resources as $resource) { if ($resource->resourceID === $rid) { $vL = $resource->videoLecture; $url = $jsonObj->playerBasePath . '?rid=' . $rid; $title = $vL->title; $description = $vL->description; $creator = $vL->rights->creator->name; $publisher = $vL->organization->name; $date = $vL->date; if ($stored) { $id = $stored->id; $q = Database::get()->query("UPDATE videolink SET url = ?s, title = ?s, description = ?s, creator = ?s, publisher = ?s, date = ?t WHERE course_id = ?d AND category = ?d AND id = ?d", canonicalize_url($url), $title, $description, $creator, $publisher, $date, $course_id, $submittedCategory, $id); } else { $q = Database::get()->query('INSERT INTO videolink (course_id, url, title, description, category, creator, publisher, date) VALUES (?d, ?s, ?s, ?s, ?d, ?s, ?s, ?t)', $course_id, canonicalize_url($url), $title, $description, $submittedCategory, $creator, $publisher, $date); $id = $q->lastInsertID; } Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_VIDEOLINK, $id); $txt_description = ellipsize(canonicalize_whitespace(strip_tags($description)), 50, '+'); Log::record($course_id, MODULE_ID_VIDEO, LOG_INSERT, array('id' => $id, 'url' => canonicalize_url($url), 'title' => $title, 'description' => $txt_description)); } } } }
if (isset($_POST['add_submit'])) { // add $uploaded = false; if (isset($_POST['URL'])) { // add videolink $url = $_POST['URL']; if ($_POST['title'] == '') { $title = $url; } else { $title = $_POST['title']; } $q = Database::get()->query('INSERT INTO videolink (course_id, url, title, description, category, creator, publisher, date) VALUES (?s, ?s, ?s, ?s, ?d, ?s, ?s, ?s)', $course_id, canonicalize_url($url), $title, $_POST['description'], $_POST['selectcategory'], $_POST['creator'], $_POST['publisher'], $_POST['date']); $id = $q->lastInsertID; Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_VIDEOLINK, $id); $txt_description = ellipsize(canonicalize_whitespace(strip_tags($_POST['description'])), 50, '+'); Log::record($course_id, MODULE_ID_VIDEO, LOG_INSERT, @array('id' => $id, 'url' => canonicalize_url($url), 'title' => $title, 'description' => $txt_description)); $tool_content .= "<div class='alert alert-success'>$langLinkAdded</div>"; } else { // add video if (isset($_POST['fileCloudInfo'])) { // upload cloud file $cloudfile = CloudFile::fromJSON($_POST['fileCloudInfo']); $file_name = $cloudfile->name(); } else if (isset($_FILES['userFile']) && is_uploaded_file($_FILES['userFile']['tmp_name'])) { // upload local file $file_name = $_FILES['userFile']['name']; if ($diskUsed + @$_FILES['userFile']['size'] > $diskQuotaVideo) { $tool_content .= "<div class='alert alert-danger'>$langNoSpace<br> <a href='$_SERVER[SCRIPT_NAME]?course=$course_code'>$langBack</a></div><br>"; draw($tool_content, $menuTypeID, null, $head_content); exit; } else {
if (isset($_POST['add_submit'])) { // add if (isset($_POST['URL'])) { // add videolink $url = $_POST['URL']; if ($_POST['title'] == '') { $title = $url; } else { $title = $_POST['title']; } $q = Database::get()->query('INSERT INTO videolink (course_id, url, title, description, category, creator, publisher, date) VALUES (?s, ?s, ?s, ?s, ?d, ?s, ?s, ?s)', $course_id, canonicalize_url($url), $title, $_POST['description'], $_POST['selectcategory'], $_POST['creator'], $_POST['publisher'], $_POST['date']); $id = $q->lastInsertID; Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_VIDEOLINK, $id); $txt_description = ellipsize(canonicalize_whitespace(strip_tags($_POST['description'])), 50, '+'); Log::record($course_id, MODULE_ID_VIDEO, LOG_INSERT, @array('id' => $id, 'url' => canonicalize_url($url), 'title' => $title, 'description' => $txt_description)); $tool_content .= "<div class='alert alert-success'>{$langLinkAdded}</div>"; } else { // add video if (isset($_FILES['userFile']) && is_uploaded_file($_FILES['userFile']['tmp_name'])) { validateUploadedFile($_FILES['userFile']['name'], $menuTypeID); if ($diskUsed + @$_FILES['userFile']['size'] > $diskQuotaVideo) { $tool_content .= "<div class='alert alert-danger'>{$langNoSpace}<br>\n <a href='{$_SERVER['SCRIPT_NAME']}?course={$course_code}'>{$langBack}</a></div><br>"; draw($tool_content, $menuTypeID, null, $head_content); exit; } else { $file_name = $_FILES['userFile']['name']; $tmpfile = $_FILES['userFile']['tmp_name']; // convert php file in phps to protect the platform against malicious codes $file_name = preg_replace("/\\.php.*\$/", ".phps", $file_name); // check for dangerous file extensions