/** * Manages all the unzipping process of an uploaded document * This uses the item_property table for properties of documents * * @author Hugues Peeters <*****@*****.**> * @author Bert Vanderkimpen * * @param array $courseInfo * @param array $userInfo * @param array $uploaded_file - follows the $_FILES Structure * @param string $upload_path - destination of the upload. * This path is to append to $base_work_dir * @param string $base_work_dir - base working directory of the module * @param int $maxFilledSpace - amount of bytes to not exceed in the base * working directory * @param int $sessionId * @param int $groupId * @param boolean $output Optional. If no output not wanted on success, set to false. * * @return boolean true if it succeeds false otherwise */ function unzip_uploaded_document($courseInfo, $userInfo, $uploaded_file, $uploadPath, $base_work_dir, $maxFilledSpace, $sessionId = 0, $groupId = 0, $output = true) { $zip = new PclZip($uploaded_file['tmp_name']); // Check the zip content (real size and file extension) $zip_content_array = (array) $zip->listContent(); $realSize = 0; foreach ($zip_content_array as &$this_content) { $realSize += $this_content['size']; } if (!DocumentManager::enough_space($realSize, $maxFilledSpace)) { Display::display_error_message(get_lang('UplNotEnoughSpace')); return false; } $folder = api_get_unique_id(); $destinationDir = api_get_path(SYS_ARCHIVE_PATH) . $folder; mkdir($destinationDir, api_get_permissions_for_new_directories(), true); /* Uncompress zip file*/ // We extract using a callback function that "cleans" the path $zip->extract(PCLZIP_OPT_PATH, $destinationDir, PCLZIP_CB_PRE_EXTRACT, 'clean_up_files_in_zip', PCLZIP_OPT_REPLACE_NEWER); // Add all documents in the unzipped folder to the database add_all_documents_in_folder_to_database($courseInfo, $userInfo, $base_work_dir, $destinationDir, $sessionId, $groupId, $output, array('path' => $uploadPath)); if (is_dir($destinationDir)) { rmdirr($destinationDir); } return true; }
$title_to_save = str_replace('_', ' ', $title_to_save); } $documentPath = $saveDir . '/' . $webcamname_to_save; //read content $content = file_get_contents('php://input'); if (!$content) { print "ERROR: Failed to read data\n"; exit; } //make a temporal file for get the file size $tmpfname = tempnam("/tmp", "CTF"); $handle = fopen($tmpfname, "w"); fwrite($handle, $content); fclose($handle); // Check if there is enough space in the course to save the file if (!DocumentManager::enough_space(filesize($tmpfname), DocumentManager::get_course_quota())) { unlink($tmpfname); die(get_lang('UplNotEnoughSpace')); } //erase temporal file unlink($tmpfname); //add to disk $fh = fopen($documentPath, 'w') or die("can't open file"); fwrite($fh, $content); fclose($fh); //add document to database $doc_id = FileManager::add_document($_course, $webcamdir . '/' . $webcamname_to_save, 'file', filesize($documentPath), $title_to_save); api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $groupId, null, null, null, $current_session_id); /// $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']) . '/' . $documentPath; print "{$url}\n";
/** * Uploads the nanogong wav file * @param bool */ public function upload_file($is_nano = false) { if (!empty($_FILES)) { $upload_ok = FileManager::process_uploaded_file($_FILES['file'], false); if (!is_uploaded_file($_FILES['file']['tmp_name'])) { return 0; } if ($upload_ok) { // Check if there is enough space to save the file if (!DocumentManager::enough_space($_FILES['file']['size'], DocumentManager::get_course_quota())) { return 0; } //first we delete everything before uploading the file $this->delete_files(); //Reload the filename variable $file_name = FileManager::add_ext_on_mime($_FILES['file']['name'], $_FILES['file']['type']); $file_name = strtolower($file_name); $file_info = pathinfo($file_name); if ($is_nano == true) { $file_info['extension'] = 'wav'; } $file_name = $this->filename . '.' . $file_info['extension']; if (in_array($file_info['extension'], $this->available_extensions)) { if (move_uploaded_file($_FILES['file']['tmp_name'], $this->store_path . $file_name)) { $this->store_filename = $this->store_path . $file_name; return 1; } } } } return 0; }
$form->addButtonUpload(get_lang('Upload')); $error_message = null; $succeed = false; if ($form->validate()) { $values = $form->getSubmitValues(); $upload = process_uploaded_file($_FILES['file'], false); if ($upload) { $zip = new PclZip($_FILES['file']['tmp_name']); // Check the zip content (real size and file extension) $zipFileList = (array) $zip->listContent(); $realSize = 0; foreach ($zipFileList as &$this_content) { $realSize += $this_content['size']; } $maxSpace = DocumentManager::get_course_quota(); if (!DocumentManager::enough_space($realSize, $maxSpace)) { Display::addFlash(Display::return_message(get_lang('UplNotEnoughSpace'), 'warning')); } $folder = api_get_unique_id(); $destinationDir = api_get_path(SYS_ARCHIVE_PATH) . $folder; mkdir($destinationDir, api_get_permissions_for_new_directories(), true); /* Uncompress zip file*/ // We extract using a callback function that "cleans" the path $zip->extract(PCLZIP_OPT_PATH, $destinationDir, PCLZIP_CB_PRE_EXTRACT, 'clean_up_files_in_zip', PCLZIP_OPT_REPLACE_NEWER); $result = get_work_user_list(null, null, null, null, $workId); if (empty($result)) { Display::addFlash(Display::return_message(get_lang('NoDataAvailable'), 'warning')); } $finalResult = []; foreach ($result as $item) { $title = $item['title_clean'];
/** * Manages all the unzipping process of an uploaded document * This uses the item_property table for properties of documents * * @author Hugues Peeters <*****@*****.**> * @author Bert Vanderkimpen * * @param array $uploaded_file - follows the $_FILES Structure * @param string $upload_path - destination of the upload. * This path is to append to $base_work_dir * @param string $base_work_dir - base working directory of the module * @param int $max_filled_space - amount of bytes to not exceed in the base * working directory * @param boolean Output switch. Optional. If no output not wanted on success, set to false. * * @return boolean true if it succeeds false otherwise */ static function unzip_uploaded_document($uploaded_file, $upload_path, $base_work_dir, $max_filled_space, $output = true, $to_group_id = 0) { $_course = api_get_course_info(); global $_user; global $to_user_id; global $to_group_id; $zip_file = new PclZip($uploaded_file['tmp_name']); // Check the zip content (real size and file extension) $zip_content_array = (array) $zip_file->listContent(); $real_filesize = 0; foreach ($zip_content_array as &$this_content) { $real_filesize += $this_content['size']; } if (!DocumentManager::enough_space($real_filesize, $max_filled_space)) { Display::display_error_message(get_lang('UplNotEnoughSpace')); return false; } // It happens on Linux that $upload_path sometimes doesn't start with '/' if ($upload_path[0] != '/') { $upload_path = '/' . $upload_path; } /* Uncompressing phase */ // Get into the right directory $save_dir = getcwd(); chdir($base_work_dir . $upload_path); // We extract using a callback function that "cleans" the path //@todo check if this works $unzipping_state = $zip_file->extract(PCLZIP_CB_PRE_EXTRACT, 'FileManager::clean_up_files_in_zip', PCLZIP_OPT_REPLACE_NEWER); // Add all documents in the unzipped folder to the database self::add_all_documents_in_folder_to_database($_course, $_user['user_id'], $base_work_dir, $upload_path == '/' ? '' : $upload_path, $to_group_id); //Display::display_normal_message(get_lang('UplZipExtractSuccess')); return true; }
/** * This function save a post into a file mp3 from pediaphon services * * @param $filepath * @param $dir * @author Juan Carlos Raña Trabado <*****@*****.**> * @version january 2011, chamilo 1.8.8 */ function downloadMP3_pediaphon($filepath, $dir) { $location = 'create_audio.php?' . api_get_cidreq() . '&id=' . Security::remove_XSS($_POST['document_id']) . '&dt2a=pediaphon'; //security if (!isset($_POST['lang']) && !isset($_POST['text']) && !isset($_POST['title']) && !isset($filepath) && !isset($dir)) { echo '<script>window.location.href="' . $location . '"</script>'; return; } global $_user; $_course = api_get_course_info(); $clean_title = trim($_POST['title']); $clean_title = Database::escape_string($clean_title); $clean_text = trim($_POST['text']); $clean_voices = Security::remove_XSS($_POST['voices']); if (empty($clean_title) || empty($clean_text) || empty($clean_voices)) { echo '<script>window.location.href="' . $location . '"</script>'; return; } $clean_title = Security::remove_XSS($clean_title); $clean_title = Database::escape_string($clean_title); $clean_title = str_replace(' ', '_', $clean_title); //compound file names $clean_text = Security::remove_XSS($clean_text); $clean_lang = Security::remove_XSS($_POST['lang']); $clean_speed = Security::remove_XSS($_POST['speed']); $extension = 'mp3'; $audio_filename = $clean_title . '.' . $extension; $audio_title = str_replace('_', ' ', $clean_title); //prevent duplicates if (file_exists($filepath . '/' . $clean_title . '.' . $extension)) { $i = 1; while (file_exists($filepath . '/' . $clean_title . '_' . $i . '.' . $extension)) { $i++; } $audio_filename = $clean_title . '_' . $i . '.' . $extension; $audio_title = $clean_title . '_' . $i . '.' . $extension; $audio_title = str_replace('_', ' ', $audio_title); } $documentPath = $filepath . '/' . $audio_filename; //prev for a fine unicode, borrowed from main api TODO:clean // Safe replacements for some non-letter characters (whitout blank spaces) $search = array("", "\t", "\n", "\r", "\v", '/', "\\", '"', "'", '?', '*', '>', '<', '|', ':', '$', '(', ')', '^', '[', ']', '#', '+', '&', '%'); $replace = array('', '_', '_', '_', '_', '-', '-', '-', '_', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-', '-'); $filename = $clean_text; // Encoding detection. $encoding = api_detect_encoding($filename); // Converting html-entities into encoded characters. $filename = api_html_entity_decode($filename, ENT_QUOTES, $encoding); // Transliteration to ASCII letters, they are not dangerous for filesystems. $filename = api_transliterate($filename, 'x', $encoding); // Replacing remaining dangerous non-letter characters. $clean_text = str_replace($search, $replace, $filename); //adding the file if ($clean_lang == 'de') { $url_pediaphon = 'http://www.pediaphon.org/~bischoff/radiopedia/sprich_multivoice.cgi'; $find_t2v = '/http\\:\\/\\/www\\.pediaphon\\.org\\/\\~bischoff\\/radiopedia\\/mp3\\/(.*)\\.mp3\\"/'; } else { $url_pediaphon = 'http://www.pediaphon.org/~bischoff/radiopedia/sprich_multivoice_' . $clean_lang . '.cgi'; //en, es, fr $find_t2v = '/http\\:\\/\\/www\\.pediaphon\\.org\\/\\~bischoff\\/radiopedia\\/mp3\\/' . $clean_lang . '\\/(.*)\\.mp3\\"/'; } $data = "stimme=" . $clean_voices . "&inputtext=" . $clean_text . "&speed=" . $clean_speed . "&go=go"; $opts = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded\r\n", "Content-Length: " . strlen($data) . "\r\n", 'content' => $data)); $context = stream_context_create($opts); $previous_returntext2voice = file_get_contents($url_pediaphon, false, $context); //clean file contents $search_source = preg_match($find_t2v, $previous_returntext2voice, $hits); $souce_end = substr($hits[0], 0, -1); $returntext2voice = file_get_contents($souce_end); //make a temporal file for get the file size $tmpfname = tempnam("/tmp", "CTF"); $handle = fopen($tmpfname, "w"); fwrite($handle, $returntext2voice); fclose($handle); // Check if there is enough space in the course to save the file if (!DocumentManager::enough_space(filesize($tmpfname), DocumentManager::get_course_quota())) { unlink($tmpfname); die(get_lang('UplNotEnoughSpace')); } //erase temporal file unlink($tmpfname); //save file file_put_contents($documentPath, $returntext2voice); //add document to database $current_session_id = api_get_session_id(); $groupId = $_SESSION['_gid']; $file_size = filesize($documentPath); $relativeUrlPath = $dir; $doc_id = FileManager::add_document($_course, $relativeUrlPath . $audio_filename, 'file', filesize($documentPath), $audio_title); api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $groupId, null, null, null, $current_session_id); Display::display_confirmation_message(get_lang('DocumentCreated')); //return to location echo '<script>window.location.href="' . $location . '"</script>'; }
$filename = Database::escape_string($filename); $filename = api_replace_dangerous_char($filename, $strict = 'loose'); // or strict $filename = FileManager::disable_dangerous_file($filename); $title = trim(str_replace('_chnano_.', '.', $filename)); //hide nanogong wav tag at title $title = str_replace('_', ' ', $title); // $documentPath = $filepath . $filename; if ($nano_user_id != api_get_user_id() || api_get_user_id() == 0 || $nano_user_id == 0) { echo 'Not allowed'; exit; } //Do not use here check Fileinfo method because return: text/plain // Check if there is enough space in the course to save the file if (!DocumentManager::enough_space(filesize($_FILES['voicefile']['tmp_name']), DocumentManager::get_course_quota())) { die(get_lang('UplNotEnoughSpace')); } if (!file_exists($documentPath)) { //add document to disk move_uploaded_file($_FILES['voicefile']['tmp_name'], $documentPath); //add document to database $current_session_id = $nano_session_id; $groupId = $nano_group_id; $file_size = filesize($documentPath); $relativeUrlPath = $dir; $doc_id = FileManager::add_document($_course, $relativeUrlPath . $filename, 'file', filesize($documentPath), $title); api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $nano_user_id, $groupId, null, null, null, $current_session_id); } else { return get_lang('FileExistRename'); }