// $wrkForm['filename'] , $wrkForm['wrkTitle'] , $wrkForm['authors'] ... if ($cmd == 'exDownload') { $workId = isset($_REQUEST['workId']) ? $_REQUEST['workId'] : null; $submission = new Submission(); if ($submission->load($workId)) { $submissionUserId = $submission->getUserId(); $submissionGroupId = $submission->getGroupId(); $userGroupList = array(); if ($assignment->getAssignmentType() == 'GROUP') { $userGroupList = get_user_group_list(claro_get_current_user_id()); } $is_allowedToDownload = (bool) $is_allowedToEditAll || $submissionUserId == claro_get_current_user_id() || isset($userGroupList[$submissionGroupId]); // check permission if ($submission->getVisibility() == 'VISIBLE' || $is_allowedToDownload) { // read file $filePath = $assignment->getAssigDirSys() . $submission->getSubmittedFilename(); if (claro_send_file($filePath)) { die; } else { $dialogBox->error(get_lang('Not found')); } } else { $dialogBox->error(get_lang('Not allowed')); } } else { $dialogBox->error(get_lang('Not found')); } // Submission not found or not allowed header('HTTP/1.1 404 Not Found'); $interbredcrump[] = array('url' => Url::Contextualize("../work/work.php"), 'name' => get_lang('Assignments')); $interbredcrump[] = array('url' => Url::Contextualize("../work/work_list.php?authId=" . $_REQUEST['authId'] . "&assigId=" . $assignmentId), 'name' => get_lang('Assignment'));
$dialogBox->error(get_lang('You didnt choose any file to send, or file is too big')); $formCorrectlySent = false; $autoFeedbackFilename = $assignment->getAutoFeedbackFilename(); } else { // add file extension if it doesn't have one $newFileName = $_FILES['autoFeedbackFilename']['name']; $newFileName .= add_extension_for_uploaded_file($_FILES['autoFeedbackFilename']); // Replace dangerous characters $newFileName = replace_dangerous_char($newFileName); // Transform any .php file in .phps fo security $newFileName = get_secure_file_name($newFileName); // -- create a unique file name to avoid any conflict // there can be only one automatic feedback but the file is put in the // assignments directory $autoFeedbackFilename = $assignment->createUniqueFilename($newFileName); $tmpWorkUrl = $assignment->getAssigDirSys() . $autoFeedbackFilename; if (move_uploaded_file($_FILES['autoFeedbackFilename']['tmp_name'], $tmpWorkUrl)) { chmod($tmpWorkUrl, CLARO_FILE_PERMISSIONS); } else { $dialogBox->error(get_lang('Cannot copy the file')); $formCorrectlySent = false; } // remove the previous file if there was one if ($assignment->getAutoFeedbackFilename() != '') { if (file_exists($assignment->getAssigDirSys() . $assignment->getAutoFeedbackFilename())) { claro_delete_file($assignment->getAssigDirSys() . $assignment->getAutoFeedbackFilename()); } } // else : file sending shows no error // $formCorrectlySent stay true; }