}
$msg->addFeedback('DIRS_MOVED');
}
/// END of $_POST['listofdirs'] marked for delete
if (isset($_POST['listoffiles'])) {
$_files = explode(',', $_POST['listoffiles']);
$count = count($_files);
for ($i = 0; $i < $count; $i++) {
$source = $_files[$i];
if (course_realpath($current_path . $pathext . $source) == FALSE) {
// error: File does not exist
$msg->addError('FILE_NOT_EXIST');
header('Location: index.php?pathext=' . $pathext . SEP . 'framed=' . $framed . SEP . 'popup=' . $popup . SEP . 'cp=' . $_POST['cp'] . SEP . 'cid=' . $_POST['cid'] . SEP . 'pid=' . $_POST['pid'] . SEP . 'a_type=' . $_POST['a_type']);
exit;
} else {
if (course_realpath($current_path . $dest) == FALSE) {
// error: File does not exist
$msg->addError('UNKNOWN');
header('Location: index.php?pathext=' . $pathext . SEP . 'framed=' . $framed . SEP . 'popup=' . $popup . SEP . 'cp=' . $_POST['cp'] . SEP . 'cid=' . $_POST['cid'] . SEP . 'pid=' . $_POST['pid'] . SEP . 'a_type=' . $_POST['a_type']);
exit;
} else {
if (strpos($source, '..') !== false) {
$msg->addError('UNKNOWN');
header('Location: index.php?pathext=' . $pathext . SEP . 'framed=' . $framed . SEP . 'popup=' . $popup . SEP . 'cp=' . $_POST['cp'] . SEP . 'cid=' . $_POST['cid'] . SEP . 'pid=' . $_POST['pid'] . SEP . 'a_type=' . $_POST['a_type']);
exit;
} else {
// The Home/ directory does not exists, its really /
if ($dest == _AT('home') . "/") {
$dest = "/";
}
@rename($current_path . $pathext . $source, $current_path . $dest . $source);
if (isset($_POST['savenewfile'])) {
if (isset($_POST['filename']) && $_POST['filename'] != "") {
$filename = preg_replace("{[^a-zA-Z0-9_]}", "_", trim($_POST['filename']));
$pathext = $_POST['pathext'];
$current_path = AT_CONTENT_DIR . $_SESSION['course_id'] . '/';
/* only html or txt extensions allowed */
if ($_POST['extension'] == 'html') {
$extension = 'html';
$head_html = "<html>\n<head>\n<title>" . $_POST['filename'] . "</title>\n<head>\n<body>";
$foot_html = "\n</body>\n</html>";
} else {
$extension = 'txt';
}
if (!@file_exists($current_path . $pathext . $filename . '.' . $extension)) {
$content = str_replace("\r\n", "\n", $head_html . $_POST['body_text'] . $foot_html);
if (course_realpath($current_path . $pathext . $filename . '.' . $extension) == FALSE) {
$msg->addError('FILE_NOT_SAVED');
/* take user to home page to avoid unspecified error warning */
header('Location: index.php?pathext=' . SEP . 'framed=' . $framed . SEP . 'popup=' . $popup);
exit;
}
if (($f = fopen($current_path . $pathext . $filename . '.' . $extension, 'w')) && @fwrite($f, stripslashes($content)) !== false && @fclose($f)) {
$msg->addFeedback(array('FILE_SAVED', $filename . '.' . $extension));
header('Location: index.php?pathext=' . urlencode($_POST['pathext']) . SEP . 'popup=' . $_POST['popup']);
exit;
} else {
$msg->addError('FILE_NOT_SAVED');
header('Location: index.php?pathext=' . $pathext . SEP . 'framed=' . $framed . SEP . 'popup=' . $popup);
exit;
}
} else {
if (isset($_POST['submit_no'])) {
$msg->addFeedback('CANCELLED');
header('Location: index.php?pathext=' . $_POST['pathext'] . SEP . 'framed=' . $_POST['framed'] . SEP . 'popup=' . $_POST['popup'] . SEP . 'cp=' . $_POST['cp'] . SEP . 'cid=' . $_POST['cid'] . SEP . 'pid=' . $_POST['pid'] . SEP . 'a_type=' . $_POST['a_type']);
exit;
}
if (isset($_POST['submit_yes'])) {
/* delete files and directories */
/* delete the file */
$pathext = $_POST['pathext'];
if (isset($_POST['listoffiles'])) {
$checkbox = explode(',', $_POST['listoffiles']);
$count = count($checkbox);
$result = true;
for ($i = 0; $i < $count; $i++) {
$filename = $checkbox[$i];
if (course_realpath($current_path . $pathext . $filename) == FALSE) {
$msg->addError('FILE_NOT_DELETED');
$result = false;
break;
} else {
if (!@unlink($current_path . $pathext . $filename)) {
$msg->addError('FILE_NOT_DELETED');
$result = false;
break;
}
}
}
if ($result) {
// delete according definition of primary resources and alternatives for adapted content
$filename = '../' . $pathext . $filename;
// 1. delete secondary resources types
/* check if this file extension is allowed: */
/* $IllegalExtentions is defined in ./include/config.inc.php */
if (in_array($ext_new, $IllegalExtentions)) {
$errors = array('FILE_ILLEGAL', $ext_new);
$msg->addError($errors);
} else {
if ($current_path . $pathext . $_POST['new_name'] == $current_path . $pathext . $_POST['oldname']) {
//do nothing
$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
header('Location: index.php?pathext=' . urlencode($_POST['pathext']) . SEP . 'framed=' . $_POST['framed'] . SEP . 'popup=' . $_POST['popup'] . SEP . 'cp=' . $_POST['cp'] . SEP . 'cid=' . $_POST['cid'] . SEP . 'pid=' . $_POST['pid'] . SEP . 'a_type=' . $_POST['a_type']);
exit;
} else {
if (course_realpath($current_path . $pathext . $_POST['new_name']) == FALSE) {
$msg->addError('CANNOT_RENAME');
} else {
if (course_realpath($current_path . $pathext . $_POST['oldname']) == FALSE) {
$msg->addError('CANNOT_RENAME');
} else {
if (file_exists($current_path . $pathext . $_POST['new_name'])) {
$msg->addError('CANNOT_RENAME');
} else {
@rename($current_path . $pathext . $_POST['oldname'], $current_path . $pathext . $_POST['new_name']);
$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
header('Location: index.php?pathext=' . urlencode($_POST['pathext']) . SEP . 'framed=' . $_POST['framed'] . SEP . 'popup=' . $_POST['popup'] . SEP . 'cp=' . $_POST['cp'] . SEP . 'cid=' . $_POST['cid'] . SEP . 'pid=' . $_POST['pid'] . SEP . 'a_type=' . $_POST['a_type']);
exit;
}
}
}
}
}
}