$wrkForm['wrkPrivFbk'] = $san->sanitize($_REQUEST['wrkPrivFbk']); } else { $wrkForm['wrkPrivFbk'] = ''; } // no need to check and/or upload the file if there is already an error if ($formCorrectlySent) { $wrkForm['filename'] = ''; if (isset($_FILES['wrkFile']['tmp_name']) && is_uploaded_file($_FILES['wrkFile']['tmp_name']) && $assignmentContent != "TEXT") { if ($_FILES['wrkFile']['size'] > $fileAllowedSize) { $dialogBox->error(get_lang('You didnt choose any file to send, or it is too big')); $formCorrectlySent = false; } else { $newFilename = $_FILES['wrkFile']['name'] . add_extension_for_uploaded_file($_FILES['wrkFile']); $newFilename = replace_dangerous_char($newFilename); $newFilename = get_secure_file_name($newFilename); $wrkForm['filename'] = $assignment->createUniqueFilename($newFilename); if (!is_dir($assignment->getAssigDirSys())) { claro_mkdir($assignment->getAssigDirSys(), CLARO_FILE_PERMISSIONS); } if (move_uploaded_file($_FILES['wrkFile']['tmp_name'], $assignment->getAssigDirSys() . $wrkForm['filename'])) { chmod($assignment->getAssigDirSys() . $wrkForm['filename'], CLARO_FILE_PERMISSIONS); } else { $dialogBox->error(get_lang('Cannot copy the file')); $formCorrectlySent = false; } // remove the previous file if there was one if (isset($_REQUEST['currentWrkUrl'])) { @unlink($assignment->getAssigDirSys() . $_REQUEST['currentWrkUrl']); } } } elseif ($assignmentContent == "FILE") {
if ($_FILES['autoFeedbackFilename']['size'] > $fileAllowedSize) { $dialogBox->error(get_lang('You didnt choose any file to send, or file is too big')); $formCorrectlySent = false; $autoFeedbackFilename = $assignment->getAutoFeedbackFilename(); } else { // add file extension if it doesn't have one $newFileName = $_FILES['autoFeedbackFilename']['name']; $newFileName .= add_extension_for_uploaded_file($_FILES['autoFeedbackFilename']); // Replace dangerous characters $newFileName = replace_dangerous_char($newFileName); // Transform any .php file in .phps fo security $newFileName = get_secure_file_name($newFileName); // -- create a unique file name to avoid any conflict // there can be only one automatic feedback but the file is put in the // assignments directory $autoFeedbackFilename = $assignment->createUniqueFilename($newFileName); $tmpWorkUrl = $assignment->getAssigDirSys() . $autoFeedbackFilename; if (move_uploaded_file($_FILES['autoFeedbackFilename']['tmp_name'], $tmpWorkUrl)) { chmod($tmpWorkUrl, CLARO_FILE_PERMISSIONS); } else { $dialogBox->error(get_lang('Cannot copy the file')); $formCorrectlySent = false; } // remove the previous file if there was one if ($assignment->getAutoFeedbackFilename() != '') { if (file_exists($assignment->getAssigDirSys() . $assignment->getAutoFeedbackFilename())) { claro_delete_file($assignment->getAssigDirSys() . $assignment->getAutoFeedbackFilename()); } } // else : file sending shows no error // $formCorrectlySent stay true;