function unpack_zip_inner($zipfile, $clone) { global $webDir, $uid; require_once 'include/lib/fileUploadLib.inc.php'; $zip = new pclZip($zipfile); if (!$clone) { validateUploadedZipFile($zip->listContent(), 3); } $destdir = $webDir . '/courses/tmpUnzipping/' . $uid; if (!is_dir($destdir)) { mkdir($destdir, 0755); } chdir($destdir); $zip->extract(); $retArr = array(); foreach (find_backup_folders($destdir) as $folder) { $retArr[] = array( 'path' => $folder['path'] . '/' . $folder['dir'], 'file' => $folder['dir'], 'course' => preg_replace('|^.*/|', '', $folder['path']) ); } chdir($webDir); return $retArr; }
$action_message = $dialogBox = ''; if (isset($_FILES['userFile']) and is_uploaded_file($_FILES['userFile']['tmp_name'])) { validateUploadedFile($_FILES['userFile']['name'], $menuTypeID); $extra_path = ''; $userFile = $_FILES['userFile']['tmp_name']; // check for disk quotas $diskUsed = dir_total_space($basedir); if ($diskUsed + @$_FILES['userFile']['size'] > $diskQuotaDocument) { $action_message .= "<div class='alert alert-danger'>{$langNoSpace}</div>"; } else { if (unwanted_file($_FILES['userFile']['name'])) { $action_message .= "<div class='alert alert-danger'>{$langUnwantedFiletype}: " . q($_FILES['userFile']['name']) . "</div>"; } elseif (isset($_POST['uncompress']) and $_POST['uncompress'] == 1 and preg_match('/\\.zip$/i', $_FILES['userFile']['name'])) { /* ** Unzipping stage ** */ $zipFile = new pclZip($userFile); validateUploadedZipFile($zipFile->listContent(), $menuTypeID); $realFileSize = 0; $zipFile->extract(PCLZIP_CB_PRE_EXTRACT, 'process_extracted_file'); if ($diskUsed + $realFileSize > $diskQuotaDocument) { $action_message .= "<div class='alert alert-danger'>{$langNoSpace}</div>"; } else { $action_message .= "<div class='alert alert-success'>{$langDownloadAndZipEnd}</div><br />"; } } else { $fileName = canonicalize_whitespace($_FILES['userFile']['name']); $uploaded = true; } } } elseif (isset($_POST['fileURL']) and $fileURL = trim($_POST['fileURL'])) { $extra_path = canonicalize_url($fileURL); if (preg_match('/^javascript/', $extra_path)) {
if (!$is_editor) { redirect_to_home_page(); } else { $title = trim(@$_POST['title']); if (empty($title)) { Session::Messages($langFieldsMissing, 'alert-danger'); redirect_to_home_page("modules/ebook/index.php?course=$course_code&create=1"); } if (isset($_FILES['file']['name']) and !$_FILES['file']['error']) { if (!preg_match('/\.zip$/i', $_FILES['file']['name'])) { Session::Messages("$langUnwantedFiletype: " . $_FILES['file']['name'], 'alert-danger'); redirect_to_home_page("modules/ebook/index.php?course=$course_code&create=1"); } validateUploadedFile($_FILES['file']['name'], 2); $zipFile = new pclZip($_FILES['file']['tmp_name']); validateUploadedZipFile($zipFile->listContent(), 2); } $order = Database::get()->querySingle("SELECT COALESCE(MAX(`order`), 1) AS `order` FROM ebook WHERE course_id = ?d", $course_id)->order; $ebook_id = Database::get()->query("INSERT INTO ebook SET `order` = ?d, `course_id` = ?d, `title` = ?s, `visible` = 1", $order + 1, $course_id, $title)->lastInsertID; Database::get()->query("INSERT INTO ebook_section SET ebook_id = ?d, public_id = ?s, title = ?s" , $ebook_id, '1', $langSection.' 1'); // Initialize document subsystem global variables require_once 'modules/document/doc_init.php'; require_once 'include/log.php'; if (!mkdir($basedir, 0775, true)) { Database::get()->query("DELETE FROM ebook WHERE course_id = ?d AND id = ?d", $course_id, $ebook_id); Session::Messages($langImpossible, 'alert-danger');