/** * Internal method. Validates all old-style deprecated uploaded files. * The new way is to upload files via repository api. * * @param array $files list of files to be validated * @return bool|array Success or an array of errors */ function _validate_files(&$files) { global $CFG, $COURSE; $files = array(); if (empty($_FILES)) { // we do not need to do any checks because no files were submitted // note: server side rules do not work for files - use custom verification in validate() instead return true; } $errors = array(); $filenames = array(); // now check that we really want each file foreach ($_FILES as $elname => $file) { $required = $this->_form->isElementRequired($elname); if ($file['error'] == 4 and $file['size'] == 0) { if ($required) { $errors[$elname] = get_string('required'); } unset($_FILES[$elname]); continue; } if (!empty($file['error'])) { $errors[$elname] = file_get_upload_error($file['error']); unset($_FILES[$elname]); continue; } if (!is_uploaded_file($file['tmp_name'])) { // TODO: improve error message $errors[$elname] = get_string('error'); unset($_FILES[$elname]); continue; } if (!$this->_form->elementExists($elname) or !$this->_form->getElementType($elname) == 'file') { // hmm, this file was not requested unset($_FILES[$elname]); continue; } // NOTE: the viruses are scanned in file picker, no need to deal with them here. $filename = clean_param($_FILES[$elname]['name'], PARAM_FILE); if ($filename === '') { // TODO: improve error message - wrong chars $errors[$elname] = get_string('error'); unset($_FILES[$elname]); continue; } if (in_array($filename, $filenames)) { // TODO: improve error message - duplicate name $errors[$elname] = get_string('error'); unset($_FILES[$elname]); continue; } $filenames[] = $filename; $_FILES[$elname]['name'] = $filename; $files[$elname] = $_FILES[$elname]['tmp_name']; } // return errors if found if (count($errors) == 0) { return true; } else { $files = array(); return $errors; } }
foreach ($files as $hash => $file) { if (!$subdirs and $file->get_filepath() !== '/') { unset($files[$hash]); continue; } $totalbytes += $file->get_filesize(); } /// process actions if ($newdirname !== '' and data_submitted() and confirm_sesskey()) { $newdirname = $directory->get_filepath() . $newdirname . '/'; $fs->create_directory($contextid, $filearea, $itemid, $newdirname, $USER->id); redirect('draftfiles.php?itemid=' . $itemid . '&filepath=' . rawurlencode($newdirname) . '&subdirs=' . $subdirs . '&maxbytes=' . $maxbytes); } if (isset($_FILES['newfile']) and data_submitted() and confirm_sesskey()) { if (!empty($_FILES['newfile']['error'])) { $notice = file_get_upload_error($_FILES['newfile']['error']); } else { $file = $_FILES['newfile']; $newfilename = clean_param($file['name'], PARAM_FILE); if (is_uploaded_file($_FILES['newfile']['tmp_name'])) { if ($existingfile = $fs->get_file($contextid, $filearea, $itemid, $filepath, $newfilename)) { $existingfile->delete(); } $filerecord = array('contextid' => $contextid, 'filearea' => $filearea, 'itemid' => $itemid, 'filepath' => $filepath, 'filename' => $newfilename, 'userid' => $USER->id); $newfile = $fs->create_file_from_pathname($filerecord, $_FILES['newfile']['tmp_name']); redirect('draftfiles.php?itemid=' . $itemid . '&filepath=' . rawurlencode($filepath) . '&subdirs=' . $subdirs . '&maxbytes=' . $maxbytes); } } } if ($delete !== '' and $file = $fs->get_file($contextid, $filearea, $itemid, $filepath, $delete)) { if (!data_submitted() or !confirm_sesskey()) {