}
/*
* Init request vars
*/
if (!empty($_REQUEST['relativePath']) && $_REQUEST['relativePath'] != '/' && $_REQUEST['relativePath'] != '.') {
$relativePath = str_replace('..', '', $_REQUEST['relativePath']) . '/';
} else {
$relativePath = '/';
}
/*
* Handle upload
*/
if ($is_allowedToEdit && isset($_FILES['sentFile']['tmp_name']) && is_uploaded_file($_FILES['sentFile']['tmp_name'])) {
$imgFile = $_FILES['sentFile'];
$imgFile['name'] = replace_dangerous_char($imgFile['name'], 'strict');
$imgFile['name'] = get_secure_file_name($imgFile['name']);
if (claro_is_in_a_course()) {
$enoughSize = enough_size($_FILES['sentFile']['size'], $pathSys, $maxFilledSpace);
} else {
$enoughSize = true;
}
if (is_image($imgFile['name']) && $enoughSize) {
// rename if file already exists
if (file_exists($pathSys . $relativePath . $imgFile['name'])) {
$pieceList = explode('.', $imgFile['name']);
$base = $pieceList[0];
$ext = $pieceList[1];
$i = 1;
while (file_exists($pathSys . $relativePath . $base . '_' . $i . '.' . $ext)) {
$i++;
}
/**
* Executes all the necessary operation to upload the file in the document tool
*
* @author Hugues Peeters <*****@*****.**>
*
* @param array $uploadedFile - follows the $_FILES Structure
* @param string $baseWorkDir - base working directory of the module
* @param string $uploadPath - destination of the upload.
* This path is to append to $baseWorkDir
* @param int $maxFilledSpace - amount of bytes to not exceed in the base
* working directory
* @param string $uncompress - whether 'unzip' and file is a zip;
* extract the content.
* @param string $allowPHP - if set to true, then there is no security check for .php files (works for zip archives only)
* @return boolean : true if it succeds, false otherwise
*/
function treat_uploaded_file($uploadedFile, $baseWorkDir, $uploadPath, $maxFilledSpace, $uncompress = '', $allowPHP = false)
{
if (file_upload_failed($uploadedFile)) {
$failureStr = get_file_upload_error_message($uploadedFile);
return claro_failure::set_failure($failureStr);
}
if (!enough_size($uploadedFile['size'], $baseWorkDir, $maxFilledSpace)) {
return claro_failure::set_failure(get_lang('The upload has failed. There is not enough space in your directory'));
}
if ($uncompress == 'unzip' && preg_match('/.zip$/i', $uploadedFile['name'])) {
return treat_secure_uploaded_file_unzip($uploadedFile, $uploadPath, $baseWorkDir, $maxFilledSpace, $allowPHP);
} else {
/* TRY TO ADD AN EXTENSION TO FILES WITOUT EXTENSION */
$fileName = $uploadedFile['name'] . add_extension_for_uploaded_file($uploadedFile);
$fileName = trim($uploadedFile['name']);
/* CHECK FOR NO DESIRED CHARACTERS */
$fileName = replace_dangerous_char($fileName);
/* HANDLE DANGEROUS FILE NAME FOR SERVER SECURITY */
$fileName = get_secure_file_name($fileName);
/* COPY THE FILE TO THE DESIRED DESTINATION */
if (move_uploaded_file($uploadedFile['tmp_name'], $baseWorkDir . $uploadPath . '/' . $fileName)) {
chmod($baseWorkDir . $uploadPath . '/' . $fileName, CLARO_FILE_PERMISSIONS);
return $fileName;
} else {
return claro_failure::set_failure(get_lang('File upload failed'));
}
}
}
/**
* set attachment value and move uploaded image to a temporary file
*
* @author Sebastien Piraux <*****@*****.**>
*/
public function setAttachment($file)
{
// remove the previous file if there was one
$this->deleteAttachment();
$filename = $file['name'] . add_extension_for_uploaded_file($file);
$filename = replace_dangerous_char($filename);
$filename = get_secure_file_name($filename);
// if creation we use tmp directory
if ($this->id == -1) {
$dir = $this->tmpQuestionDirSys;
} else {
$dir = $this->questionDirSys;
}
// be sure that directory exists
if (!is_dir($dir)) {
// create it
if (!claro_mkdir($dir, CLARO_FILE_PERMISSIONS)) {
claro_failure::set_failure('cannot_create_tmp_dir');
return false;
}
}
// put file in directory
if (move_uploaded_file($file['tmp_name'], $dir . $filename)) {
chmod($dir . $filename, CLARO_FILE_PERMISSIONS);
} else {
claro_failure::set_failure('question_upload_failed');
return false;
}
$this->attachment = $filename;
return true;
}
/**
* Rename a file or a directory
*
* @param - $filePath (string) - complete path of the file or the directory
* @param - $newFileName (string) - new name for the file or the directory
* @return - string - new file path if it succeeds
* - boolean - false otherwise
* @see - rename() uses the check_name_exist() and php2phps() functions
*/
function claro_rename_file($oldFilePath, $newFilePath)
{
if (realpath($oldFilePath) == realpath($newFilePath)) {
return true;
}
/* CHECK IF THE NEW NAME HAS AN EXTENSION */
if (!is_dir($oldFilePath)) {
$ext_new = get_file_extension($newFilePath);
$ext_old = get_file_extension($oldFilePath);
if (empty($ext_new) && !empty($ext_old)) {
$newFilePath .= '.' . $ext_old;
}
}
/* PREVENT FILE NAME WITH PHP EXTENSION */
$newFilePath = get_secure_file_name($newFilePath);
/* REPLACE CHARACTER POTENTIALY DANGEROUS FOR THE SYSTEM */
$newFilePath = dirname($newFilePath) . '/' . replace_dangerous_char(basename($newFilePath));
if (check_name_exist($newFilePath) && $newFilePath != $oldFilePath) {
return false;
} else {
if (check_name_exist($oldFilePath)) {
if (rename($oldFilePath, $newFilePath)) {
return $newFilePath;
} else {
return false;
}
} else {
return false;
}
}
}
if (isset($_REQUEST['wrkPrivFbk']) && trim(strip_tags($_REQUEST['wrkPrivFbk'], $allowedTags)) != '') {
$wrkForm['wrkPrivFbk'] = $san->sanitize($_REQUEST['wrkPrivFbk']);
} else {
$wrkForm['wrkPrivFbk'] = '';
}
// no need to check and/or upload the file if there is already an error
if ($formCorrectlySent) {
$wrkForm['filename'] = '';
if (isset($_FILES['wrkFile']['tmp_name']) && is_uploaded_file($_FILES['wrkFile']['tmp_name']) && $assignmentContent != "TEXT") {
if ($_FILES['wrkFile']['size'] > $fileAllowedSize) {
$dialogBox->error(get_lang('You didnt choose any file to send, or it is too big'));
$formCorrectlySent = false;
} else {
$newFilename = $_FILES['wrkFile']['name'] . add_extension_for_uploaded_file($_FILES['wrkFile']);
$newFilename = replace_dangerous_char($newFilename);
$newFilename = get_secure_file_name($newFilename);
$wrkForm['filename'] = $assignment->createUniqueFilename($newFilename);
if (!is_dir($assignment->getAssigDirSys())) {
claro_mkdir($assignment->getAssigDirSys(), CLARO_FILE_PERMISSIONS);
}
if (move_uploaded_file($_FILES['wrkFile']['tmp_name'], $assignment->getAssigDirSys() . $wrkForm['filename'])) {
chmod($assignment->getAssigDirSys() . $wrkForm['filename'], CLARO_FILE_PERMISSIONS);
} else {
$dialogBox->error(get_lang('Cannot copy the file'));
$formCorrectlySent = false;
}
// remove the previous file if there was one
if (isset($_REQUEST['currentWrkUrl'])) {
@unlink($assignment->getAssigDirSys() . $_REQUEST['currentWrkUrl']);
}
}
