/**
* Internal method. Validates all old-style deprecated uploaded files.
* The new way is to upload files via repository api.
*
* @param array $files list of files to be validated
* @return bool|array Success or an array of errors
*/
function _validate_files(&$files)
{
global $CFG, $COURSE;
$files = array();
if (empty($_FILES)) {
// we do not need to do any checks because no files were submitted
// note: server side rules do not work for files - use custom verification in validate() instead
return true;
}
$errors = array();
$filenames = array();
// now check that we really want each file
foreach ($_FILES as $elname => $file) {
$required = $this->_form->isElementRequired($elname);
if ($file['error'] == 4 and $file['size'] == 0) {
if ($required) {
$errors[$elname] = get_string('required');
}
unset($_FILES[$elname]);
continue;
}
if (!empty($file['error'])) {
$errors[$elname] = file_get_upload_error($file['error']);
unset($_FILES[$elname]);
continue;
}
if (!is_uploaded_file($file['tmp_name'])) {
// TODO: improve error message
$errors[$elname] = get_string('error');
unset($_FILES[$elname]);
continue;
}
if (!$this->_form->elementExists($elname) or !$this->_form->getElementType($elname) == 'file') {
// hmm, this file was not requested
unset($_FILES[$elname]);
continue;
}
// NOTE: the viruses are scanned in file picker, no need to deal with them here.
$filename = clean_param($_FILES[$elname]['name'], PARAM_FILE);
if ($filename === '') {
// TODO: improve error message - wrong chars
$errors[$elname] = get_string('error');
unset($_FILES[$elname]);
continue;
}
if (in_array($filename, $filenames)) {
// TODO: improve error message - duplicate name
$errors[$elname] = get_string('error');
unset($_FILES[$elname]);
continue;
}
$filenames[] = $filename;
$_FILES[$elname]['name'] = $filename;
$files[$elname] = $_FILES[$elname]['tmp_name'];
}
// return errors if found
if (count($errors) == 0) {
return true;
} else {
$files = array();
return $errors;
}
}
foreach ($files as $hash => $file) {
if (!$subdirs and $file->get_filepath() !== '/') {
unset($files[$hash]);
continue;
}
$totalbytes += $file->get_filesize();
}
/// process actions
if ($newdirname !== '' and data_submitted() and confirm_sesskey()) {
$newdirname = $directory->get_filepath() . $newdirname . '/';
$fs->create_directory($contextid, $filearea, $itemid, $newdirname, $USER->id);
redirect('draftfiles.php?itemid=' . $itemid . '&filepath=' . rawurlencode($newdirname) . '&subdirs=' . $subdirs . '&maxbytes=' . $maxbytes);
}
if (isset($_FILES['newfile']) and data_submitted() and confirm_sesskey()) {
if (!empty($_FILES['newfile']['error'])) {
$notice = file_get_upload_error($_FILES['newfile']['error']);
} else {
$file = $_FILES['newfile'];
$newfilename = clean_param($file['name'], PARAM_FILE);
if (is_uploaded_file($_FILES['newfile']['tmp_name'])) {
if ($existingfile = $fs->get_file($contextid, $filearea, $itemid, $filepath, $newfilename)) {
$existingfile->delete();
}
$filerecord = array('contextid' => $contextid, 'filearea' => $filearea, 'itemid' => $itemid, 'filepath' => $filepath, 'filename' => $newfilename, 'userid' => $USER->id);
$newfile = $fs->create_file_from_pathname($filerecord, $_FILES['newfile']['tmp_name']);
redirect('draftfiles.php?itemid=' . $itemid . '&filepath=' . rawurlencode($filepath) . '&subdirs=' . $subdirs . '&maxbytes=' . $maxbytes);
}
}
}
if ($delete !== '' and $file = $fs->get_file($contextid, $filearea, $itemid, $filepath, $delete)) {
if (!data_submitted() or !confirm_sesskey()) {
