$zipFile = new pclZip($userFile);
validateUploadedZipFile($zipFile->listContent(), $menuTypeID);
$realFileSize = 0;
$zipFile->extract(PCLZIP_CB_PRE_EXTRACT, 'process_extracted_file');
if ($diskUsed + $realFileSize > $diskQuotaDocument) {
$action_message .= "<div class='alert alert-danger'>{$langNoSpace}</div>";
} else {
$action_message .= "<div class='alert alert-success'>{$langDownloadAndZipEnd}</div><br />";
}
} else {
$fileName = canonicalize_whitespace($_FILES['userFile']['name']);
$uploaded = true;
}
}
} elseif (isset($_POST['fileURL']) and $fileURL = trim($_POST['fileURL'])) {
$extra_path = canonicalize_url($fileURL);
if (preg_match('/^javascript/', $extra_path)) {
$action_message .= "<div class='alert alert-danger'>{$langUnwantedFiletype}: " . q($extra_path) . "</div>";
} else {
$uploaded = true;
}
$components = explode('/', $extra_path);
$fileName = end($components);
} elseif (isset($_POST['file_content'])) {
$extra_path = '';
$diskUsed = dir_total_space($basedir);
if ($diskUsed + strlen($_POST['file_content']) > $diskQuotaDocument) {
$action_message .= "<div class='alert alert-danger'>{$langNoSpace}</div>";
} else {
if (isset($_POST['file_name'])) {
$fileName = $_POST['file_name'];
$v->labels(array(
'term' => "$langTheField $langGlossaryTerm",
'definition' => "$langTheField $langGlossaryDefinition",
'url' => "$langTheField $langGlossaryUrl"
));
if($v->validate()) {
if (!isset($_POST['category_id']) || getDirectReference($_POST['category_id']) == 0) {
$category_id = NULL;
} else {
$category_id = intval(getDirectReference($_POST['category_id']));
}
if (isset($_POST['url'])) {
$url = trim($_POST['url']);
if (!empty($url)) {
$url = canonicalize_url($url);
}
} else {
$url = '';
}
if (isset($_POST['id'])) {
$id = intval(getDirectReference($_POST['id']));
$q = Database::get()->query("UPDATE glossary
SET term = ?s,
definition = ?s,
url = ?s,
notes = ?s,
category_id = ?d ,
datestamp = NOW()
WHERE id = ?d AND course_id = ?d"
/**
* @brief Enter the modified info submitted from the link form into the database
* @global type $course_id
* @global type $langLinkMod
* @global type $langLinkAdded
* @global type $urllink
* @global type $title
* @global type $description
* @global type $selectcategory
* @global type $langLinkNotPermitted
* @global string $state
* @return type
*/
function submit_link() {
global $course_id, $langLinkMod, $langLinkAdded, $course_code, $uid, $langSocialCategory,
$urllink, $title, $description, $selectcategory, $langLinkNotPermitted, $state;
register_posted_variables(array('urllink' => true,
'title' => true,
'description' => true), 'all', 'trim');
$urllink = canonicalize_url($urllink);
if (!is_url_accepted($urllink,"(https?|ftp)")){
$message = $langLinkNotPermitted;
if (isset($_POST['id'])) {
$id = getDirectReference($_POST['id']);
redirect_to_home_page("modules/link/index.php?course=$course_code&action=editlink&id=" . getIndirectReference($id) . "&urlview=");
} else {
redirect_to_home_page("modules/link/index.php?course=$course_code&action=addlink&urlview=");
}
}
$set_sql = "SET url = ?s, title = ?s, description = ?s, category = ?d";
$terms = array($urllink, $title, purify($description), intval(getDirectReference($_POST['selectcategory'])));
if (isset($_POST['id'])) {
$id = intval(getDirectReference($_POST['id']));
Database::get()->query("UPDATE `link` $set_sql WHERE course_id = ?d AND id = ?d", $terms, $course_id, $id);
$log_type = LOG_MODIFY;
} else {
$order = Database::get()->querySingle("SELECT MAX(`order`) as maxorder FROM `link`
WHERE course_id = ?d AND category = ?d", $course_id, getDirectReference($_POST['selectcategory']))->maxorder;
$order++;
$id = Database::get()->query("INSERT INTO `link` $set_sql, course_id = ?d, `order` = ?d, user_id = ?d", $terms, $course_id, $order, $uid)->lastInsertID;
$log_type = LOG_INSERT;
}
Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_LINK, $id);
// find category name
if ($selectcategory == -2) {
$category = $langSocialCategory;
} else {
$category_object = Database::get()->querySingle("SELECT link_category.name as name FROM link, link_category
WHERE link.category = link_category.id
AND link.course_id = ?s
AND link.id = ?d", $course_id, $id);
$category = $category_object ? $category_object->name : 0;
}
$txt_description = ellipsize_html(canonicalize_whitespace(strip_tags($description)), 50, '+');
Log::record($course_id, MODULE_ID_LINKS, $log_type, @array('id' => $id,
'url' => $urllink,
'title' => $title,
'description' => $txt_description,
'category' => $category));
}
function storeDelosResources($jsonObj) {
global $course_id;
$submittedResources = $_POST['delosResources'];
$submittedCategory = $_POST['selectcategory'];
foreach ($submittedResources as $rid) {
$stored = Database::get()->querySingle("SELECT id
FROM videolink
WHERE course_id = ?d
AND category = ?d
AND url LIKE '%rid=" . $rid . "'", $course_id, $submittedCategory);
foreach ($jsonObj->resources as $resource) {
if ($resource->resourceID === $rid) {
$vL = $resource->videoLecture;
$url = $jsonObj->playerBasePath . '?rid=' . $rid;
$title = $vL->title;
$description = $vL->description;
$creator = $vL->rights->creator->name;
$publisher = $vL->organization->name;
$date = $vL->date;
if ($stored) {
$id = $stored->id;
$q = Database::get()->query("UPDATE videolink SET
url = ?s, title = ?s, description = ?s, creator = ?s, publisher = ?s, date = ?t
WHERE course_id = ?d
AND category = ?d
AND id = ?d", canonicalize_url($url), $title, $description, $creator, $publisher, $date, $course_id, $submittedCategory, $id);
} else {
$q = Database::get()->query('INSERT INTO videolink (course_id, url, title, description, category, creator, publisher, date)
VALUES (?d, ?s, ?s, ?s, ?d, ?s, ?s, ?t)', $course_id, canonicalize_url($url), $title, $description, $submittedCategory, $creator, $publisher, $date);
$id = $q->lastInsertID;
}
Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_VIDEOLINK, $id);
$txt_description = ellipsize(canonicalize_whitespace(strip_tags($description)), 50, '+');
Log::record($course_id, MODULE_ID_VIDEO, LOG_INSERT, array('id' => $id,
'url' => canonicalize_url($url),
'title' => $title,
'description' => $txt_description));
}
}
}
}
if (isset($_POST['add_submit'])) { // add
$uploaded = false;
if (isset($_POST['URL'])) { // add videolink
$url = $_POST['URL'];
if ($_POST['title'] == '') {
$title = $url;
} else {
$title = $_POST['title'];
}
$q = Database::get()->query('INSERT INTO videolink (course_id, url, title, description, category, creator, publisher, date)
VALUES (?s, ?s, ?s, ?s, ?d, ?s, ?s, ?s)', $course_id, canonicalize_url($url), $title, $_POST['description'], $_POST['selectcategory'], $_POST['creator'], $_POST['publisher'], $_POST['date']);
$id = $q->lastInsertID;
Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_VIDEOLINK, $id);
$txt_description = ellipsize(canonicalize_whitespace(strip_tags($_POST['description'])), 50, '+');
Log::record($course_id, MODULE_ID_VIDEO, LOG_INSERT, @array('id' => $id,
'url' => canonicalize_url($url),
'title' => $title,
'description' => $txt_description));
$tool_content .= "<div class='alert alert-success'>$langLinkAdded</div>";
} else { // add video
if (isset($_POST['fileCloudInfo'])) { // upload cloud file
$cloudfile = CloudFile::fromJSON($_POST['fileCloudInfo']);
$file_name = $cloudfile->name();
} else if (isset($_FILES['userFile']) && is_uploaded_file($_FILES['userFile']['tmp_name'])) { // upload local file
$file_name = $_FILES['userFile']['name'];
if ($diskUsed + @$_FILES['userFile']['size'] > $diskQuotaVideo) {
$tool_content .= "<div class='alert alert-danger'>$langNoSpace<br>
<a href='$_SERVER[SCRIPT_NAME]?course=$course_code'>$langBack</a></div><br>";
draw($tool_content, $menuTypeID, null, $head_content);
exit;
} else {
if (isset($_POST['add_submit'])) {
// add
if (isset($_POST['URL'])) {
// add videolink
$url = $_POST['URL'];
if ($_POST['title'] == '') {
$title = $url;
} else {
$title = $_POST['title'];
}
$q = Database::get()->query('INSERT INTO videolink (course_id, url, title, description, category, creator, publisher, date)
VALUES (?s, ?s, ?s, ?s, ?d, ?s, ?s, ?s)', $course_id, canonicalize_url($url), $title, $_POST['description'], $_POST['selectcategory'], $_POST['creator'], $_POST['publisher'], $_POST['date']);
$id = $q->lastInsertID;
Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_VIDEOLINK, $id);
$txt_description = ellipsize(canonicalize_whitespace(strip_tags($_POST['description'])), 50, '+');
Log::record($course_id, MODULE_ID_VIDEO, LOG_INSERT, @array('id' => $id, 'url' => canonicalize_url($url), 'title' => $title, 'description' => $txt_description));
$tool_content .= "<div class='alert alert-success'>{$langLinkAdded}</div>";
} else {
// add video
if (isset($_FILES['userFile']) && is_uploaded_file($_FILES['userFile']['tmp_name'])) {
validateUploadedFile($_FILES['userFile']['name'], $menuTypeID);
if ($diskUsed + @$_FILES['userFile']['size'] > $diskQuotaVideo) {
$tool_content .= "<div class='alert alert-danger'>{$langNoSpace}<br>\n <a href='{$_SERVER['SCRIPT_NAME']}?course={$course_code}'>{$langBack}</a></div><br>";
draw($tool_content, $menuTypeID, null, $head_content);
exit;
} else {
$file_name = $_FILES['userFile']['name'];
$tmpfile = $_FILES['userFile']['tmp_name'];
// convert php file in phps to protect the platform against malicious codes
$file_name = preg_replace("/\\.php.*\$/", ".phps", $file_name);
// check for dangerous file extensions
