}
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
$html_editor_config = array('ToolbarSet' => $is_allowed_to_edit ? 'Documents' : 'DocumentsStudent', 'Width' => '100%', 'Height' => '500', 'FullPage' => true, 'InDocument' => true, 'CreateDocumentDir' => $relative_url, 'CreateDocumentWebDir' => empty($group_properties['directory']) ? api_get_path(WEB_COURSE_PATH) . $_course['path'] . '/document/' : api_get_path(WEB_COURSE_PATH) . api_get_course_path() . '/document' . $group_properties['directory'] . '/', 'BaseHref' => api_get_path(WEB_COURSE_PATH) . $_course['path'] . '/document' . $dir);
if ($is_certificate_mode) {
$html_editor_config['CreateDocumentDir'] = api_get_path(WEB_COURSE_PATH) . $_course['path'] . '/document/';
$html_editor_config['CreateDocumentWebDir'] = api_get_path(WEB_COURSE_PATH) . $_course['path'] . '/document/';
$html_editor_config['BaseHref'] = api_get_path(WEB_COURSE_PATH) . $_course['path'] . '/document' . $dir;
}
$filepath = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document' . $dir;
if (!is_dir($filepath)) {
$filepath = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document/';
$dir = '/';
}
if (!$is_certificate_mode) {
$req_gid = null;
if (api_is_in_group()) {
$req_gid = '&gidReq=' . $groupId;
$interbreadcrumb[] = array("url" => "../group/group_space.php?gidReq=" . $groupId, "name" => get_lang('GroupSpace'));
$noPHP_SELF = true;
$path = explode('/', $dir);
if ('/' . $path[1] != $group_properties['directory']) {
api_not_allowed(true);
}
}
$interbreadcrumb[] = array("url" => "./document.php?curdirpath=" . urlencode($dir) . $req_gid, "name" => get_lang('Documents'));
} else {
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'gradebook/' . $_SESSION['gradebook_dest'], 'name' => get_lang('Gradebook'));
}
if (!($is_allowed_to_edit || GroupManager::groupMemberWithUploadRights() || is_my_shared_folder($_user['user_id'], Security::remove_XSS($dir), api_get_session_id()))) {
api_not_allowed(true);
}
function CreateServerFolder($folderPath, $lastFolder = null)
{
global $Config;
$sParent = GetParentFolder($folderPath);
// Ensure the folder path has no double-slashes, or mkdir may fail on certain platforms
while (strpos($folderPath, '//') !== false) {
$folderPath = str_replace('//', '/', $folderPath);
}
// Check if the parent exists, or create it.
if (!empty($sParent) && !file_exists($sParent)) {
//prevents agains infinite loop when we can't create root folder
if (!is_null($lastFolder) && $lastFolder === $sParent) {
return "Can't create {$folderPath} directory";
}
$sErrorMsg = CreateServerFolder($sParent, $folderPath);
if ($sErrorMsg != '') {
return $sErrorMsg;
}
}
if (!file_exists($folderPath)) {
// Turn off all error reporting.
error_reporting(0);
$php_errormsg = '';
// Enable error tracking to catch the error.
ini_set('track_errors', '1');
if (isset($Config['ChmodOnFolderCreate']) && !$Config['ChmodOnFolderCreate']) {
mkdir($folderPath);
} else {
$permissions = 0777;
// $permissions = 0770 ;
if (isset($Config['ChmodOnFolderCreate'])) {
$permissions = $Config['ChmodOnFolderCreate'];
}
// To create the folder with 0777 permissions, we need to set umask to zero.
//$oldumask = umask(0) ;
mkdir($folderPath, $permissions);
//umask( $oldumask ) ;
}
// While we are in a course: Registering the newly created folder in the course's database.
if (api_is_in_course()) {
global $_course, $_user;
$repository_path = api_get_path(REL_COURSE_PATH) . api_get_course_path() . '/document/';
$to_group_id = 0;
if (api_is_in_group()) {
global $group_properties;
$to_group_id = $group_properties['id'];
}
$folder_path = preg_replace("/^.*" . TOOL_DOCUMENT . "/", "", $folderPath);
//
$folder_path = preg_replace("/\\/\$/", "", $folder_path);
// should be done in 1 regexp I guess ...
// $folder_path = substr($folderPath, strpos($folderPath, $repository_path) + strlen($repository_path) - 1);
$folder_name = explode('/', $folder_path);
$folder_name = $folder_name[count($folder_name) - 1];
$doc_id = add_document($_course, $folder_path, 'folder', 0, $folder_name);
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'FolderCreated', $_user['user_id'], $to_group_id);
}
$sErrorMsg = $php_errormsg;
// Restore the configurations.
ini_restore('track_errors');
ini_restore('error_reporting');
return $sErrorMsg;
} else {
return '';
}
}
function FileUpload($resourceType, $currentFolder, $sCommand)
{
if (!isset($_FILES)) {
global $_FILES;
}
$sErrorNumber = '0';
$sFileName = '';
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
global $Config;
$oFile = $_FILES['NewFile'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
// Get the uploaded file name.
$sFileName = $oFile['name'];
$sFileName = SanitizeFileName($sFileName, $oFile['type']);
$sOriginalFileName = $sFileName;
// Get the extension.
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
if (isset($Config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
$sErrorNumber = '202';
}
}
if (isset($Config['HtmlExtensions'])) {
if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
$sErrorNumber = '202';
}
}
// Check if it is an allowed extension.
if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '0';
// Change $sErrorNumber '201' to '0' to allow create record files renamed
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
$permissions = $Config['ChmodOnUpload'];
}
//$oldumask = umask(0) ;
chmod($sFilePath, $permissions);
//umask( $oldumask ) ;
}
break;
}
}
if (file_exists($sFilePath)) {
//previous checks failed, try once again
if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$sErrorNumber = '202';
} else {
if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
@unlink($sFilePath);
$sErrorNumber = '202';
}
}
}
} else {
$sErrorNumber = '202';
}
} else {
$sErrorNumber = '202';
}
if ($sErrorNumber == '0') {
// While we are in a course: Registering the newly uploaded file in the course's database.
if (api_is_in_course()) {
global $_course, $_user;
$repository_path = api_get_path(REL_COURSE_PATH) . api_get_course_path() . '/document/';
$to_group_id = 0;
if (api_is_in_group()) {
global $group_properties;
$to_group_id = $group_properties['id'];
}
if (file_exists($sFilePath)) {
$file_path = substr($sFilePath, strpos($sFilePath, $repository_path) + strlen($repository_path) - 1);
$path = explode('/', $file_path);
$file_name = $path[count($path) - 1];
$path[count($path) - 1] = '';
$folder_path = '/' + implode('/', $path);
$file_size = @filesize($sFilePath);
$doc_id = add_document($_course, $file_path, 'file', $file_size, $file_name);
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $to_group_id);
item_property_update_on_folder($_course, $folder_path, $_user['user_id']);
}
}
}
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
exit;
}
/**
* Get all the files and directories of a relative path.
* @param string $path relative path to be base path.
* @return array of file and path information.
* <code>array(0=>array('relative'=>'fullpath',...), 1=>array('filename'=>fileinfo array(),...)</code>
* fileinfo array: <code>array('url'=>'full url',
* 'relative'=>'relative to base',
* 'fullpath'=>'full file path',
* 'image'=>imageInfo array() false if not image,
* 'stat' => filestat)</code>
*/
function getFiles($path)
{
$files = array();
$dirs = array();
if (!$this->isValidBase()) {
return array($files, $dirs);
}
$path = Files::fixPath($path);
$base = Files::fixPath($this->getBaseDir());
$fullpath = Files::makePath($base, $path);
$d = @dir($fullpath);
if (empty($d)) {
$path = Files::fixPath('/');
$base = Files::fixPath($this->getBaseDir());
$fullpath = Files::makePath($base, $path);
$d = @dir($fullpath);
}
$in_group = api_is_in_group();
$user_id = api_get_user_id();
// check templates files in bd
$tbl_system_template = Database::get_main_table(TABLE_MAIN_SYSTEM_TEMPLATE);
$sql = "SELECT image FROM {$tbl_system_template} ";
$res = Database::query($sql);
$files_templates = array();
while ($row = Database::fetch_row($res)) {
$files_templates[] = $row[0];
}
while (false !== ($entry = $d->read())) {
if (in_array($entry, $files_templates)) {
continue;
}
if (substr($entry, 0, 1) != '.' && strpos($entry, '_DELETED_') === false && strpos($entry, 'chat_files') === false && strpos($entry, 'css') === false && strpos($entry, 'HotPotatoes_files') === false && ($in_group || !$in_group && strpos($entry, '_groupdocs') === false)) {
$is_dir = is_dir($fullpath . $entry);
if ($is_dir) {
$dir_entry = Files::fixPath($fullpath . $entry);
/*
if (strpos($dir_entry, '/shared_folder/') !== false)
{
if (!preg_match('/.*\/shared_folder\/$/', $dir_entry))
{
//all students can see the shared_folder
if (strpos($dir_entry, '/shared_folder/sf_user_'.$user_id.'/') === true)
{
continue;
}
}
}
*/
}
if ($is_dir && !$this->isThumbDir($entry)) {
global $_course;
if (isset($_course) && !empty($_course) && isset($_course['code'])) {
//checking visibility
$base_dir = substr($dir_entry, 0, strpos($dir_entry, '/document/') + 9);
$new_dir = substr($dir_entry, strlen($base_dir), -1);
//
$doc_id = DocumentManager::get_document_id($_course, $new_dir);
$visible_status = api_get_item_visibility($_course, TOOL_DOCUMENT, $doc_id);
}
//Teachers can access to hidden files and directories as they can in the tool documents
/*
if ($visible_status=='0' || $visible_status=='-1') {
continue;
}
*/
$relative = Files::fixPath($path . $entry);
$full = Files::fixPath($fullpath . $entry);
$count = $this->countFiles($full);
$dirs[$relative] = array('fullpath' => $full, 'entry' => $entry, 'count' => $count);
} else {
if (is_file($fullpath . $entry) && !$this->isThumb($entry) && !$this->isTmpFile($entry)) {
$img = $this->getImageInfo($fullpath . $entry);
if (!(!is_array($img) && $this->config['validate_images'])) {
global $_course;
if (!empty($_course) && isset($_course['code'])) {
//checking visibility
$base_dir = substr($fullpath . $entry, 0, strpos($fullpath . $entry, '/document/') + 9);
$new_dir = substr($fullpath . $entry, strlen($base_dir));
$doc_id = DocumentManager::get_document_id($_course, $new_dir);
$visible_status = api_get_item_visibility($_course, TOOL_DOCUMENT, $doc_id);
}
//Teachers can access to hidden files and directories as they can in the tool documents
/*
if ($visible_status=='0' || $visible_status=='-1') {
continue;
}
*/
$file['url'] = Files::makePath($this->config['base_url'], $path) . $entry;
$file['relative'] = $path . $entry;
$file['fullpath'] = $fullpath . $entry;
$file['image'] = $img;
$file['stat'] = stat($fullpath . $entry);
$files[$entry] = $file;
}
}
}
}
}
$d->close();
ksort($dirs);
ksort($files);
return array($dirs, $files);
}
check you web server documentation for futher information on directory protection
If this directory needs to be publicly accessiable, remove scripting capabilities
for this directory (i.e. disable PHP, Perl, CGI). We only want to store assets
in this directory and its subdirectories.
*/
$language_file = array('document');
require_once '../../../../../../inc/global.inc.php';
api_block_anonymous_users();
// Disabling access for anonymous users.
api_block_anonymous_users();
// Initialization of the repositories.
require_once api_get_path(LIBRARY_PATH) . 'fckeditor/repository.php';
$userId = api_get_user_id();
// Choosing the repository to be used.
if (api_is_in_course()) {
if (!api_is_in_group()) {
// 1. We are inside a course and not in a group.
if (api_is_allowed_to_edit()) {
// 1.1. Teacher
$IMConfig['base_dir'] = api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/document/';
$IMConfig['base_url'] = api_get_path(WEB_COURSE_PATH) . api_get_course_path() . '/document/';
} else {
// 1.2. Student
$sessionId = api_get_session_id();
if ($sessionId == 0) {
$IMConfig['base_dir'] = api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/document/shared_folder/sf_user_' . $userId . '/';
$IMConfig['base_url'] = api_get_path(WEB_COURSE_PATH) . api_get_course_path() . '/document/shared_folder/sf_user_' . $userId . '/';
} else {
$IMConfig['base_dir'] = api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/document/shared_folder_session_' . $sessionId . '/sf_user_' . $userId . '/';
$IMConfig['base_url'] = api_get_path(WEB_COURSE_PATH) . api_get_course_path() . '/document/shared_folder_session_' . $sessionId . '/sf_user_' . $userId . '/';
}
/**
* This method returns default configuration for document repository that is to be used by the editor.
* @return array
*/
private function &get_repository_configuration()
{
// Disabling access for anonymous users.
$isAnonymous = api_is_anonymous();
if ($isAnonymous) {
return array();
}
// Preliminary calculations for assembling required paths.
$base_path = $this->BasePath;
$script_name = substr($_SERVER['PHP_SELF'], strlen(api_get_path(REL_PATH)));
$script_path = explode('/', $script_name);
$script_path[count($script_path) - 1] = '';
if (api_is_in_course()) {
$relative_path_prefix = str_repeat('../', count($script_path) - 1);
} else {
$relative_path_prefix = str_repeat('../', count($script_path) - 2);
}
$script_path = implode('/', $script_path);
$script_path = api_get_path(WEB_PATH) . $script_path;
$use_advanced_filemanager = api_get_setting('advanced_filemanager') == 'true';
// Let javascripts "know" which file manager has been chosen.
$config['AdvancedFileManager'] = $use_advanced_filemanager;
if (api_is_in_course()) {
if (!api_is_in_group()) {
// 1. We are inside a course and not in a group.
if (api_is_allowed_to_edit()) {
// 1.1. Teacher (tutor and coach are not authorized to change anything in the "content creation" tools)
$config['CreateDocumentWebDir'] = api_get_path(WEB_COURSE_PATH) . api_get_course_path() . '/document/';
$config['CreateDocumentDir'] = $relative_path_prefix . 'courses/' . api_get_course_path() . '/document/';
$config['BaseHref'] = $script_path;
} else {
// 1.2. Student
$current_session_id = api_get_session_id();
if ($current_session_id == 0) {
$config['CreateDocumentWebDir'] = api_get_path(WEB_COURSE_PATH) . api_get_course_path() . '/document/shared_folder/sf_user_' . api_get_user_id() . '/';
$config['CreateDocumentDir'] = $relative_path_prefix . 'courses/' . api_get_course_path() . '/document/shared_folder/sf_user_' . api_get_user_id() . '/';
$config['BaseHref'] = $script_path;
} else {
$config['CreateDocumentWebDir'] = api_get_path(WEB_COURSE_PATH) . api_get_course_path() . '/document/shared_folder_session_' . $current_session_id . '/sf_user_' . api_get_user_id() . '/';
$config['CreateDocumentDir'] = $relative_path_prefix . 'courses/' . api_get_course_path() . '/document/shared_folder_session_' . $current_session_id . '/sf_user_' . api_get_user_id() . '/';
$config['BaseHref'] = $script_path;
}
}
} else {
// 2. Inside a course and inside a group.
global $group_properties;
$config['CreateDocumentWebDir'] = api_get_path(WEB_COURSE_PATH) . api_get_course_path() . '/document' . $group_properties['directory'] . '/';
$config['CreateDocumentDir'] = $relative_path_prefix . 'courses/' . api_get_course_path() . '/document' . $group_properties['directory'] . '/';
$config['BaseHref'] = $script_path;
}
} else {
if (api_is_platform_admin() && isset($_SESSION['this_section']) && $_SESSION['this_section'] == 'platform_admin') {
// 3. Platform administration activities.
$config['CreateDocumentWebDir'] = api_get_path(WEB_PATH) . 'home/default_platform_document/';
$config['CreateDocumentDir'] = api_get_path(WEB_PATH) . 'home/default_platform_document/';
// A side-effect is in use here.
$config['BaseHref'] = api_get_path(WEB_PATH) . 'home/default_platform_document/';
} else {
// 4. The user is outside courses.
$my_path = UserManager::get_user_picture_path_by_id(api_get_user_id(), 'system');
$config['CreateDocumentWebDir'] = $my_path['dir'] . 'my_files/';
$my_path = UserManager::get_user_picture_path_by_id(api_get_user_id(), 'rel');
$config['CreateDocumentDir'] = $my_path['dir'] . 'my_files/';
$config['BaseHref'] = $script_path;
}
}
// URLs for opening the file browser for different resource types (file types):
if ($use_advanced_filemanager) {
// Double slashes within the following URLs for the advanced file manager are put intentionally. Please, keep them.
// for images
$config['ImageBrowserURL'] = $base_path . '/editor/plugins/ajaxfilemanager/ajaxfilemanager.php';
// for flash
$config['FlashBrowserURL'] = $base_path . '/editor/plugins/ajaxfilemanager/ajaxfilemanager.php';
// for audio files (mp3)
$config['MP3BrowserURL'] = $base_path . '/editor/plugins/ajaxfilemanager/ajaxfilemanager.php';
// for video
$config['VideoBrowserURL'] = $base_path . '/editor/plugins/ajaxfilemanager/ajaxfilemanager.php';
// for video (flv)
$config['MediaBrowserURL'] = $base_path . '/editor/plugins/ajaxfilemanager/ajaxfilemanager.php';
// for links (any resource type)
$config['LinkBrowserURL'] = $base_path . '/editor/plugins/ajaxfilemanager/ajaxfilemanager.php';
} else {
// for images
$config['ImageBrowserURL'] = $base_path . 'editor/filemanager/browser/default/browser.html?Type=Images&Connector=' . $base_path . 'editor/filemanager/connectors/php/connector.php';
// for flash
$config['FlashBrowserURL'] = $base_path . 'editor/filemanager/browser/default/browser.html?Type=Flash&Connector=' . $base_path . 'editor/filemanager/connectors/php/connector.php';
// for audio files (mp3)
$config['MP3BrowserURL'] = $base_path . 'editor/filemanager/browser/default/browser.html?Type=MP3&Connector=' . $base_path . 'editor/filemanager/connectors/php/connector.php';
// for video
$config['VideoBrowserURL'] = $base_path . 'editor/filemanager/browser/default/browser.html?Type=Video&Connector=' . $base_path . 'editor/filemanager/connectors/php/connector.php';
// for video (flv)
$config['MediaBrowserURL'] = $base_path . 'editor/filemanager/browser/default/browser.html?Type=Video/flv&Connector=' . $base_path . 'editor/filemanager/connectors/php/connector.php';
// for links (any resource type)
$config['LinkBrowserURL'] = $base_path . 'editor/filemanager/browser/default/browser.html?Type=File&Connector=' . $base_path . 'editor/filemanager/connectors/php/connector.php';
}
// URLs for making quick uplods for different resource types (file types).
// These URLs are used by the dialogs' quick upload tabs:
// for images
$config['ImageUploadURL'] = $base_path . 'editor/filemanager/connectors/php/upload.php?Type=Images';
// for flash
$config['FlashUploadURL'] = $base_path . 'editor/filemanager/connectors/php/upload.php?Type=Flash';
// for audio files (mp3)
$config['MP3UploadURL'] = $base_path . 'editor/filemanager/connectors/php/upload.php?Type=MP3';
// for video
$config['VideoUploadURL'] = $base_path . 'editor/filemanager/connectors/php/upload.php?Type=Video';
// for video (flv)
$config['MediaUploadURL'] = $base_path . 'editor/filemanager/connectors/php/upload.php?Type=Video/flv';
// for links (any resource type)
$config['LinkUploadURL'] = $base_path . 'editor/filemanager/connectors/php/upload.php?Type=File';
return $config;
}
