/**
* Executes all the necessary operation to upload the file in the document tool
*
* @author Hugues Peeters <*****@*****.**>
*
* @param array $uploadedFile - follows the $_FILES Structure
* @param string $baseWorkDir - base working directory of the module
* @param string $uploadPath - destination of the upload.
* This path is to append to $baseWorkDir
* @param int $maxFilledSpace - amount of bytes to not exceed in the base
* working directory
* @param string $uncompress - whether 'unzip' and file is a zip;
* extract the content.
* @param string $allowPHP - if set to true, then there is no security check for .php files (works for zip archives only)
* @return boolean : true if it succeds, false otherwise
*/
function treat_uploaded_file($uploadedFile, $baseWorkDir, $uploadPath, $maxFilledSpace, $uncompress = '', $allowPHP = false)
{
if (file_upload_failed($uploadedFile)) {
$failureStr = get_file_upload_error_message($uploadedFile);
return claro_failure::set_failure($failureStr);
}
if (!enough_size($uploadedFile['size'], $baseWorkDir, $maxFilledSpace)) {
return claro_failure::set_failure(get_lang('The upload has failed. There is not enough space in your directory'));
}
if ($uncompress == 'unzip' && preg_match('/.zip$/i', $uploadedFile['name'])) {
return treat_secure_uploaded_file_unzip($uploadedFile, $uploadPath, $baseWorkDir, $maxFilledSpace, $allowPHP);
} else {
/* TRY TO ADD AN EXTENSION TO FILES WITOUT EXTENSION */
$fileName = $uploadedFile['name'] . add_extension_for_uploaded_file($uploadedFile);
$fileName = trim($uploadedFile['name']);
/* CHECK FOR NO DESIRED CHARACTERS */
$fileName = replace_dangerous_char($fileName);
/* HANDLE DANGEROUS FILE NAME FOR SERVER SECURITY */
$fileName = get_secure_file_name($fileName);
/* COPY THE FILE TO THE DESIRED DESTINATION */
if (move_uploaded_file($uploadedFile['tmp_name'], $baseWorkDir . $uploadPath . '/' . $fileName)) {
chmod($baseWorkDir . $uploadPath . '/' . $fileName, CLARO_FILE_PERMISSIONS);
return $fileName;
} else {
return claro_failure::set_failure(get_lang('File upload failed'));
}
}
}
}
// check if a private feedback has been submitted
if (isset($_REQUEST['wrkPrivFbk']) && trim(strip_tags($_REQUEST['wrkPrivFbk'], $allowedTags)) != '') {
$wrkForm['wrkPrivFbk'] = $san->sanitize($_REQUEST['wrkPrivFbk']);
} else {
$wrkForm['wrkPrivFbk'] = '';
}
// no need to check and/or upload the file if there is already an error
if ($formCorrectlySent) {
$wrkForm['filename'] = '';
if (isset($_FILES['wrkFile']['tmp_name']) && is_uploaded_file($_FILES['wrkFile']['tmp_name']) && $assignmentContent != "TEXT") {
if ($_FILES['wrkFile']['size'] > $fileAllowedSize) {
$dialogBox->error(get_lang('You didnt choose any file to send, or it is too big'));
$formCorrectlySent = false;
} else {
$newFilename = $_FILES['wrkFile']['name'] . add_extension_for_uploaded_file($_FILES['wrkFile']);
$newFilename = replace_dangerous_char($newFilename);
$newFilename = get_secure_file_name($newFilename);
$wrkForm['filename'] = $assignment->createUniqueFilename($newFilename);
if (!is_dir($assignment->getAssigDirSys())) {
claro_mkdir($assignment->getAssigDirSys(), CLARO_FILE_PERMISSIONS);
}
if (move_uploaded_file($_FILES['wrkFile']['tmp_name'], $assignment->getAssigDirSys() . $wrkForm['filename'])) {
chmod($assignment->getAssigDirSys() . $wrkForm['filename'], CLARO_FILE_PERMISSIONS);
} else {
$dialogBox->error(get_lang('Cannot copy the file'));
$formCorrectlySent = false;
}
// remove the previous file if there was one
if (isset($_REQUEST['currentWrkUrl'])) {
@unlink($assignment->getAssigDirSys() . $_REQUEST['currentWrkUrl']);
/**
* set attachment value and move uploaded image to a temporary file
*
* @author Sebastien Piraux <*****@*****.**>
*/
public function setAttachment($file)
{
// remove the previous file if there was one
$this->deleteAttachment();
$filename = $file['name'] . add_extension_for_uploaded_file($file);
$filename = replace_dangerous_char($filename);
$filename = get_secure_file_name($filename);
// if creation we use tmp directory
if ($this->id == -1) {
$dir = $this->tmpQuestionDirSys;
} else {
$dir = $this->questionDirSys;
}
// be sure that directory exists
if (!is_dir($dir)) {
// create it
if (!claro_mkdir($dir, CLARO_FILE_PERMISSIONS)) {
claro_failure::set_failure('cannot_create_tmp_dir');
return false;
}
}
// put file in directory
if (move_uploaded_file($file['tmp_name'], $dir . $filename)) {
chmod($dir . $filename, CLARO_FILE_PERMISSIONS);
} else {
claro_failure::set_failure('question_upload_failed');
return false;
}
$this->attachment = $filename;
return true;
}
// check if there is text in it
if (trim(strip_tags($_REQUEST['autoFeedbackText'], $allowedTags)) == '') {
$autoFeedbackText = '';
} else {
$autoFeedbackText = trim($_REQUEST['autoFeedbackText']);
}
// uploaded file come from the feedback form
if (is_uploaded_file($_FILES['autoFeedbackFilename']['tmp_name'])) {
if ($_FILES['autoFeedbackFilename']['size'] > $fileAllowedSize) {
$dialogBox->error(get_lang('You didnt choose any file to send, or file is too big'));
$formCorrectlySent = false;
$autoFeedbackFilename = $assignment->getAutoFeedbackFilename();
} else {
// add file extension if it doesn't have one
$newFileName = $_FILES['autoFeedbackFilename']['name'];
$newFileName .= add_extension_for_uploaded_file($_FILES['autoFeedbackFilename']);
// Replace dangerous characters
$newFileName = replace_dangerous_char($newFileName);
// Transform any .php file in .phps fo security
$newFileName = get_secure_file_name($newFileName);
// -- create a unique file name to avoid any conflict
// there can be only one automatic feedback but the file is put in the
// assignments directory
$autoFeedbackFilename = $assignment->createUniqueFilename($newFileName);
$tmpWorkUrl = $assignment->getAssigDirSys() . $autoFeedbackFilename;
if (move_uploaded_file($_FILES['autoFeedbackFilename']['tmp_name'], $tmpWorkUrl)) {
chmod($tmpWorkUrl, CLARO_FILE_PERMISSIONS);
} else {
$dialogBox->error(get_lang('Cannot copy the file'));
$formCorrectlySent = false;
}
