/** * Executes all the necessary operation to upload the file in the document tool * * @author Hugues Peeters <*****@*****.**> * * @param array $uploadedFile - follows the $_FILES Structure * @param string $baseWorkDir - base working directory of the module * @param string $uploadPath - destination of the upload. * This path is to append to $baseWorkDir * @param int $maxFilledSpace - amount of bytes to not exceed in the base * working directory * @param string $uncompress - whether 'unzip' and file is a zip; * extract the content. * @param string $allowPHP - if set to true, then there is no security check for .php files (works for zip archives only) * @return boolean : true if it succeds, false otherwise */ function treat_uploaded_file($uploadedFile, $baseWorkDir, $uploadPath, $maxFilledSpace, $uncompress = '', $allowPHP = false) { if (file_upload_failed($uploadedFile)) { $failureStr = get_file_upload_error_message($uploadedFile); return claro_failure::set_failure($failureStr); } if (!enough_size($uploadedFile['size'], $baseWorkDir, $maxFilledSpace)) { return claro_failure::set_failure(get_lang('The upload has failed. There is not enough space in your directory')); } if ($uncompress == 'unzip' && preg_match('/.zip$/i', $uploadedFile['name'])) { return treat_secure_uploaded_file_unzip($uploadedFile, $uploadPath, $baseWorkDir, $maxFilledSpace, $allowPHP); } else { /* TRY TO ADD AN EXTENSION TO FILES WITOUT EXTENSION */ $fileName = $uploadedFile['name'] . add_extension_for_uploaded_file($uploadedFile); $fileName = trim($uploadedFile['name']); /* CHECK FOR NO DESIRED CHARACTERS */ $fileName = replace_dangerous_char($fileName); /* HANDLE DANGEROUS FILE NAME FOR SERVER SECURITY */ $fileName = get_secure_file_name($fileName); /* COPY THE FILE TO THE DESIRED DESTINATION */ if (move_uploaded_file($uploadedFile['tmp_name'], $baseWorkDir . $uploadPath . '/' . $fileName)) { chmod($baseWorkDir . $uploadPath . '/' . $fileName, CLARO_FILE_PERMISSIONS); return $fileName; } else { return claro_failure::set_failure(get_lang('File upload failed')); } } }
} // check if a private feedback has been submitted if (isset($_REQUEST['wrkPrivFbk']) && trim(strip_tags($_REQUEST['wrkPrivFbk'], $allowedTags)) != '') { $wrkForm['wrkPrivFbk'] = $san->sanitize($_REQUEST['wrkPrivFbk']); } else { $wrkForm['wrkPrivFbk'] = ''; } // no need to check and/or upload the file if there is already an error if ($formCorrectlySent) { $wrkForm['filename'] = ''; if (isset($_FILES['wrkFile']['tmp_name']) && is_uploaded_file($_FILES['wrkFile']['tmp_name']) && $assignmentContent != "TEXT") { if ($_FILES['wrkFile']['size'] > $fileAllowedSize) { $dialogBox->error(get_lang('You didnt choose any file to send, or it is too big')); $formCorrectlySent = false; } else { $newFilename = $_FILES['wrkFile']['name'] . add_extension_for_uploaded_file($_FILES['wrkFile']); $newFilename = replace_dangerous_char($newFilename); $newFilename = get_secure_file_name($newFilename); $wrkForm['filename'] = $assignment->createUniqueFilename($newFilename); if (!is_dir($assignment->getAssigDirSys())) { claro_mkdir($assignment->getAssigDirSys(), CLARO_FILE_PERMISSIONS); } if (move_uploaded_file($_FILES['wrkFile']['tmp_name'], $assignment->getAssigDirSys() . $wrkForm['filename'])) { chmod($assignment->getAssigDirSys() . $wrkForm['filename'], CLARO_FILE_PERMISSIONS); } else { $dialogBox->error(get_lang('Cannot copy the file')); $formCorrectlySent = false; } // remove the previous file if there was one if (isset($_REQUEST['currentWrkUrl'])) { @unlink($assignment->getAssigDirSys() . $_REQUEST['currentWrkUrl']);
/** * set attachment value and move uploaded image to a temporary file * * @author Sebastien Piraux <*****@*****.**> */ public function setAttachment($file) { // remove the previous file if there was one $this->deleteAttachment(); $filename = $file['name'] . add_extension_for_uploaded_file($file); $filename = replace_dangerous_char($filename); $filename = get_secure_file_name($filename); // if creation we use tmp directory if ($this->id == -1) { $dir = $this->tmpQuestionDirSys; } else { $dir = $this->questionDirSys; } // be sure that directory exists if (!is_dir($dir)) { // create it if (!claro_mkdir($dir, CLARO_FILE_PERMISSIONS)) { claro_failure::set_failure('cannot_create_tmp_dir'); return false; } } // put file in directory if (move_uploaded_file($file['tmp_name'], $dir . $filename)) { chmod($dir . $filename, CLARO_FILE_PERMISSIONS); } else { claro_failure::set_failure('question_upload_failed'); return false; } $this->attachment = $filename; return true; }
// check if there is text in it if (trim(strip_tags($_REQUEST['autoFeedbackText'], $allowedTags)) == '') { $autoFeedbackText = ''; } else { $autoFeedbackText = trim($_REQUEST['autoFeedbackText']); } // uploaded file come from the feedback form if (is_uploaded_file($_FILES['autoFeedbackFilename']['tmp_name'])) { if ($_FILES['autoFeedbackFilename']['size'] > $fileAllowedSize) { $dialogBox->error(get_lang('You didnt choose any file to send, or file is too big')); $formCorrectlySent = false; $autoFeedbackFilename = $assignment->getAutoFeedbackFilename(); } else { // add file extension if it doesn't have one $newFileName = $_FILES['autoFeedbackFilename']['name']; $newFileName .= add_extension_for_uploaded_file($_FILES['autoFeedbackFilename']); // Replace dangerous characters $newFileName = replace_dangerous_char($newFileName); // Transform any .php file in .phps fo security $newFileName = get_secure_file_name($newFileName); // -- create a unique file name to avoid any conflict // there can be only one automatic feedback but the file is put in the // assignments directory $autoFeedbackFilename = $assignment->createUniqueFilename($newFileName); $tmpWorkUrl = $assignment->getAssigDirSys() . $autoFeedbackFilename; if (move_uploaded_file($_FILES['autoFeedbackFilename']['tmp_name'], $tmpWorkUrl)) { chmod($tmpWorkUrl, CLARO_FILE_PERMISSIONS); } else { $dialogBox->error(get_lang('Cannot copy the file')); $formCorrectlySent = false; }