// Logging Log::record($course_id, MODULE_ID_DOCS, LOG_INSERT, array('id' => $id, 'filepath' => $file_path, 'filename' => $fileName, 'comment' => $_POST['file_comment'], 'title' => $_POST['file_title'])); Session::Messages($langDownloadEnd, 'alert-success'); redirect($redirect_base_url); } elseif (isset($_POST['file_content'])) { $q = false; if (isset($_POST['editPath'])) { $fileInfo = Database::get()->querySingle("SELECT * FROM document\n WHERE {$group_sql} AND path = ?s", $_POST['editPath']); if ($fileInfo->editable) { $file_path = $fileInfo->path; $q = Database::get()->query("UPDATE document\n SET date_modified = NOW(), title = ?s\n WHERE {$group_sql} AND path = ?s", $_POST['file_title'], $_POST['editPath']); $id = $fileInfo->id; $fileName = $fileInfo->filename; } } else { $safe_fileName = safe_filename(get_file_extension($fileName)); $file_path = $uploadPath . '/' . $safe_fileName; $file_date = date("Y\\-m\\-d G\\:i\\:s"); $file_format = get_file_extension($fileName); $file_creator = "{$_SESSION['givenname']} {$_SESSION['surname']}"; $q = Database::get()->query("INSERT INTO document SET\n course_id = ?d,\n subsystem = ?d,\n subsystem_id = ?d,\n path = ?s,\n extra_path = '',\n filename = ?s,\n visible = 1,\n comment = '',\n category = 0,\n title = ?s,\n creator = ?s,\n date = ?s,\n date_modified = ?s,\n subject = '',\n description = '',\n author = ?s,\n format = ?s,\n language = ?s,\n copyrighted = 0,\n editable = 1", $course_id, $subsystem, $subsystem_id, $file_path, $fileName, $_POST['file_title'], $file_creator, $file_date, $file_date, $file_creator, $file_format, $language); } if ($q) { if (!isset($id)) { $id = $q->lastInsertID; $log_action = LOG_INSERT; } else { $log_action = LOG_MODIFY; } Log::record($course_id, MODULE_ID_DOCS, $log_action, array('id' => $id, 'filepath' => $file_path, 'filename' => $fileName, 'title' => $_POST['file_title'])); $action_message .= "<div class='alert alert-success'>{$langDownloadEnd}</div><br />";
ftruncate($fchat, 0); fwrite($fchat, $timeNow . " ---- " . $langWashFrom . " ---- " . $nick . " -------- !@#$ systemMsgClear\n"); fflush($fchat); flock($fchat, LOCK_UN); } fclose($fchat); @unlink($tmpArchiveFile); redirect_to_home_page("modules/conference/messageList.php?course=$course_code"); } // store if (isset($_GET['store']) && $is_editor) { require_once 'modules/document/doc_init.php'; if (!isset($_GET['token']) || !validate_csrf_token($_GET['token'])) csrf_token_error(); $saveIn = "chat." . date("Y-m-j-his") . ".txt"; $chat_filename = '/' . safe_filename('txt'); //Concat temp & chat file removing system messages and html tags $exportFileChat = $coursePath . $course_code . '/chat_export.txt'; $fp = fopen($exportFileChat, 'a+'); $tmp_file = @file_get_contents($tmpArchiveFile); $chat_file = @file_get_contents($fileChatName); $con_file = preg_replace(array('/^(.*?)!@#\$ systemMsg.*\n/m','/!@#\$.*/'), '', strip_tags($tmp_file.$chat_file)); fwrite($fp, $con_file); fclose($fp); if (copy($exportFileChat, $basedir . $chat_filename)) { Database::get()->query("INSERT INTO document SET course_id = ?d, subsystem = ?d,
function submit_work($uid, $group_id, $id, $file) { global $groupPath, $langUploadError, $langUploadSuccess, $langBack, $m, $tool_content, $workPath, $group_sql, $webDir, $course_code, $is_editor; $ext = get_file_extension($file); $local_name = greek_to_latin('Group ' . $group_id . (empty($ext) ? '' : '.' . $ext)); $original_filename = Database::get()->querySingle("SELECT filename FROM document WHERE $group_sql AND path = ?s", $file)->filename; $source = $groupPath . $file; $destination = work_secret($id) . "/$local_name"; delete_submissions_by_uid($uid, $group_id, $id, $destination); if (is_dir($source)) { $original_filename = $original_filename . '.zip'; $zip_filename = $webDir . 'courses/temp/' . safe_filename('zip'); zip_documents_directory($zip_filename, $file, $is_editor); $source = $zip_filename; } if (copy($source, "$workPath/$destination")) { Database::get()->query("INSERT INTO assignment_submit (uid, assignment_id, submission_date, submission_ip, file_path, file_name, comments, group_id, grade_comments) VALUES (?d, ?d, NOW(), '$_SERVER[REMOTE_ADDR]', ?s, ?s, ?s, ?d, ''", $uid, $id, $destination, $original_filename, $_POST['comments'], $group_id); $tool_content .="<div class='alert alert-success'>$langUploadSuccess <br>$m[the_file] \"$original_filename\" $m[was_submitted]<br> <a href='index.php?course=$course_code'>$langBack</a></div><br>"; } else { $tool_content .="<div class='alert alert-danger'>$langUploadError<br> <a href='index.php?course=$course_code'>$langBack</a></div><br>"; } }
} else { ############################# # andmebaasis topelt malli nime olemasolu kontroll $sql = $site->db->prepare("SELECT count(*) from templ_tyyp where nimi = ?", $site->fdat["nimi"]); $sth = new SQL($sql); $site->debug->msg($sth->debug->get_msgs()); $on_olemas = $sth->fetchsingle(); if ($on_olemas) { # malli nimi juba olemas, veateade $error = $site->sys_sona(array(sona => "Faili nimi juba kinni", tyyp => "editor")); } if (!$error) { ############################# # safe failinime tegemine $filename = trim(preg_replace("/[^\\w\\.]/", "_", $site->fdat[nimi])) . ".html"; $filename = safe_filename($filename); $site->debug->msg("Template file safe name = {$filename}"); ############################ # topelt kontroll: ega pole f��siliselt sellist faili olemas # kui on, pane number l�ppu $filename_original = $filename; $i = 1; while (file_exists($templ_path . $filename)) { # Keerle tsyklis kuni leiad vaba failinime if (preg_match("/^(.*)\\.(.*?)\$/", $filename_original, $matches)) { $filename = $matches[1] . ++$i . "." . $matches[2]; } } } # if !error }
function make_path($path, $path_components) { global $basedir, $givenname, $surname, $path_already_exists, $course_id, $group_sql, $subsystem, $subsystem_id; $path_already_exists = true; $depth = 1 + substr_count($path, '/'); foreach ($path_components as $component) { $q = Database::get()->querySingle("SELECT path, visible, format,\n (LENGTH(path) - LENGTH(REPLACE(path, '/', ''))) AS depth\n FROM document\n WHERE {$group_sql} AND\n filename = ?s AND\n path LIKE ?s HAVING depth = {$depth}", $component, $path . '%'); if ($q) { // Path component already exists in database $path = $q->path; $depth++; } else { // Path component must be created $path .= '/' . safe_filename(); mkdir($basedir . $path, 0775); $id = Database::get()->query("INSERT INTO document SET\n course_id = ?d,\n\t\t\t\t\t subsystem = ?d,\n subsystem_id = ?d,\n path = ?s,\n filename = ?s,\n visible = 1,\n creator = ?s,\n date = NOW(),\n date_modified = NOW(),\n format = '.dir'", $course_id, $subsystem, $subsystem_id, $path, $component, $givenname . $surname)->lastInsertID; Log::record($course_id, MODULE_ID_DOCS, LOG_INSERT, array('id' => $id, 'path' => $path, 'filename' => $component)); $path_already_exists = false; } } return $path; }
} require_once 'include/lib/hierarchy.class.php'; require_once 'archive_functions.php'; require_once 'restore_functions.php'; $toolName = $langCloneCourse; $treeObj = new Hierarchy(); $_POST['restoreThis'] = null; // satisfy course_details_form() if (isset($_POST['create_restored_course'])) { if (!isset($_POST['token']) || !validate_csrf_token($_POST['token'])) csrf_token_error(); $currentCourseCode = $course_code; $restoreThis = $webDir . '/courses/tmpUnzipping/' . $uid . '/' . safe_filename(); mkdir($restoreThis, 0755, true); archiveTables($course_id, $course_code, $restoreThis); recurse_copy($webDir . '/courses/' . $course_code, $restoreThis . '/html'); register_posted_variables(array( 'course_code' => true, 'course_lang' => true, 'course_title' => true, 'course_desc' => true, 'course_vis' => true, 'course_prof' => true), 'all'); create_restored_course($tool_content, $restoreThis, $course_code, $course_lang, $course_title, $course_desc, $course_vis, $course_prof); $course_code = $currentCourseCode; // revert course code to the correct value
function parse_links($courseId, $data, $extras = true) { $chapter_contents = array(); $chapter_contents[0] = array(); $current_chapter = 0; $final_data = array('type' => 'folder', 'title' => safe_filename($courseId)); $first_chapter = true; $offset = 0; foreach ($data as $item) { if ($item["__class"] == "chapter") { if ($first_chapter) { $final_data['contents'] = array(); if (count($chapter_contents[0]) > 0) { $final_data['contents'] = $chapter_contents[0]; } $offset = count($chapter_contents[0]); $first_chapter = false; } else { $final_data['contents'][$current_chapter + $offset - 1]['contents'] = $chapter_contents[$current_chapter]; } $current_chapter++; $chapter_contents[$current_chapter] = array(); $chapter = array('type' => 'folder', 'title' => safe_filename($item["title"]), 'index' => $item["index"]); array_push($final_data['contents'], $chapter); } else { if ($item["__class"] == "lecture") { if ($item["assetType"] == "Article") { $asset = array('type' => 'file', 'data' => 'text', 'extension' => 'html', 'title' => safe_filename($item["title"]), 'index' => $item["lectureIndex"], 'contents' => $item['asset']["data"]["body"]); array_push($chapter_contents[$current_chapter], $asset); } else { if ($item["assetType"] == "Presentation") { if (!empty($item['asset']['downloadUrl']['download'])) { $asset = array('type' => 'file', 'data' => 'link', 'extension' => end(explode(".", strtolower($item['asset']['data']['name']))), 'title' => safe_filename($item["title"]), 'index' => $item["lectureIndex"], 'contents' => $item['asset']['downloadUrl']['download']); array_push($chapter_contents[$current_chapter], $asset); } else { $asset = array('type' => 'folder', 'title' => safe_filename($item["title"]), 'index' => $item["lectureIndex"], 'contents' => array()); preg_match('/src="https:\\/\\/www.udemy.com\\/embed\\/presentation\\/(.*?)\\/" width/', $item['asset']['viewHTML'], $matches); $asset['contents'] = get_links('presentation', $matches[1]); //array_push($chapter_contents[$current_chapter],$asset); } } else { if ($item["assetType"] == "VideoMashup") { if (!empty($item['asset']['downloadUrl']['download'])) { $asset = array('type' => 'file', 'data' => 'link', 'extension' => 'mp4', 'title' => safe_filename($item["title"]), 'index' => $item["lectureIndex"], 'contents' => $item['asset']['downloadUrl']['Video']['0']); array_push($chapter_contents[$current_chapter], $asset); $asset = array('type' => 'file', 'data' => 'link', 'extension' => 'pdf', 'title' => safe_filename($item["title"]), 'index' => $item["lectureIndex"], 'contents' => $item['asset']['downloadUrl']['download']); array_push($chapter_contents[$current_chapter], $asset); } else { $asset = array('type' => 'file', 'data' => 'link', 'extension' => 'mp4', 'title' => safe_filename($item["title"]), 'index' => $item["lectureIndex"]); preg_match('/src="(.*?)\\/" width/', $item['asset']['viewHTML'], $matches); $asset['contents'] = get_links('videomashup', $matches[1]); array_push($chapter_contents[$current_chapter], $asset); } } else { if ($item["assetType"] == "Video") { if (!empty($item['asset']['downloadUrl']['download'])) { $asset = array('type' => 'file', 'data' => 'link', 'extension' => end(explode(".", strtolower($item['asset']['data']['name']))), 'title' => safe_filename($item["title"]), 'index' => $item["lectureIndex"], 'contents' => $item['asset']['downloadUrl']['download']); array_push($chapter_contents[$current_chapter], $asset); } else { $asset = array('type' => 'file', 'data' => 'link', 'extension' => 'mp4', 'title' => safe_filename($item["title"]), 'index' => $item["lectureIndex"]); preg_match('/src="(.*?)\\/" width/', $item['asset']['viewHTML'], $matches); $asset['contents'] = get_links('video', $matches[1]); array_push($chapter_contents[$current_chapter], $asset); } } else { if ($item["assetType"] == "E-Book") { if (!empty($item['asset']['downloadUrl']['download'])) { $asset = array('type' => 'file', 'data' => 'link', 'extension' => end(explode(".", strtolower($item['asset']['data']['name']))), 'title' => safe_filename($item["title"]), 'index' => $item["lectureIndex"], 'contents' => $item['asset']['downloadUrl']['download']); array_push($chapter_contents[$current_chapter], $asset); } else { $asset = array('type' => 'folder', 'title' => safe_filename($item["title"]), 'index' => $item["lectureIndex"], 'contents' => array()); preg_match('/src="https:\\/\\/www.udemy.com\\/embed\\/e-book\\/(.*?)\\/" width/', $item['asset']['viewHTML'], $matches); $asset['contents'] = get_links('e-book', $matches[1]); //array_push($chapter_contents[$current_chapter],$asset); } } else { if (!empty($item['asset']['downloadUrl']['download'])) { $asset = array('type' => 'file', 'data' => 'link', 'extension' => end(explode(".", strtolower($item['asset']['data']['name']))), 'title' => safe_filename($item["title"]), 'index' => $item["lectureIndex"], 'contents' => $item['asset']['downloadUrl']['download']); array_push($chapter_contents[$current_chapter], $asset); } } } } } } if ($extras) { if (count($item["extras"]) > 0) { $actual_count = 0; $extras_folder = array('type' => 'folder', 'title' => "Extras", 'index' => $item["lectureIndex"]); $extras_content = array(); foreach ($item["extras"] as $key => $extra) { if (!empty($extra['downloadUrl']['download'])) { $actual_count++; $asset = array('type' => 'file', 'data' => 'link', 'extension' => end(explode(".", strtolower($extra['data']['name']))), 'title' => safe_filename($extra["title"]), 'index' => $key + 1, 'lindex' => $extras_folder['index'], 'contents' => $extra['downloadUrl']['download']); array_push($extras_content, $asset); } } $extras_folder['contents'] = $extras_content; if ($actual_count > 0) { array_push($chapter_contents[$current_chapter], $extras_folder); } } } } } } $final_data['contents'][$current_chapter + $offset - 1]['contents'] = $chapter_contents[$current_chapter]; return $final_data; }
if ($filesize + $dropbox_space > $diskQuotaDropbox) { $errormsg = $langNoSpace; $error = TRUE; } elseif (!is_uploaded_file($filetmpname)) { // check user found : no clean error msg die($langBadFormData); } // set title if (isset($_POST['message_title']) and $_POST['message_title'] != '') { $subject = $_POST['message_title']; } else { $subject = $langMessage; } $format = get_file_extension($filename); $real_filename = $filename; $filename = safe_filename($format); $recipients = $_POST["recipients"]; //After uploading the file, create the db entries if (!$error) { $filename_final = $dropbox_dir . '/' . $filename; move_uploaded_file($filetmpname, $filename_final) or die($langUploadError); @chmod($filename_final, 0644); $msg = new Msg($uid, $cid, $subject, $_POST['body'], $recipients, $filename, $real_filename, $filesize); } chdir($cwd); } if (isset($_POST['mailing']) and $_POST['mailing']) { // send mail to recipients of dropbox file if ($course_id != 0 || isset($_POST['course'])) { //message in course context $c = course_id_to_title($cid);
function theme_image_src($src) { if (strlen($src) > 0) { if (starts_with($src, 'images/site/')) { $dirPaths = get_theme_img_search_site_dir_list(); } else { $dirPaths = get_theme_img_search_dir_list(); } $src = safe_filename($src); $file_r = parse_file($src); $src = $file_r['name']; // temporary until we fix up the theme image calls to use the actual images that exist. $extension_r = array($file_r['extension'], 'png', 'jpg', 'gif'); while (list(, $dir) = each($dirPaths)) { reset($extension_r); while (list(, $extension) = each($extension_r)) { $file = './' . $dir . '/' . $src . '.' . $extension; if (file_exists($file)) { return $file; } } } } return FALSE; // no image found. }
function encode_dropbox_documents($code, $id, $filename, $title) { global $webDir, $langEncDropboxError; $format = get_file_extension($title); $new_filename = safe_filename($format); $path_to_dropbox = $webDir . '/courses/' . $code . '/dropbox/'; if (!file_exists($path_to_dropbox . $filename)) { $filename = iconv('UTF-8', 'ISO-8859-7', $filename); } if (rename($path_to_dropbox . $filename, $path_to_dropbox . $new_filename)) { Database::get()->query("UPDATE dropbox_file SET filename = '$new_filename' WHERE id = '$id'", $code); } else { Debug::message($langEncDropboxError, Debug::ERROR); } }
public function produce_cache_filename() { // // Get the client IP address. // if (!isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $this->warnx("Proxy configuration error: X-Forwarded-For header not found"); return; } $client_ip = trim($_SERVER['HTTP_X_FORWARDED_FOR']); if (preg_match('/^[0-9a-f:.]+$/', $client_ip) === 0) { $this->warnx("Proxy error: invalid X-Forwarded-For header value: [{$client_ip}]"); return; } // // Parse the URL and make sure it belongs to a YouTube video. // $url = parse_url($this->original_url); if (!is_array($url) || !is_string($url['query'])) { $this->warnx("Invalid URL"); return; } parse_str($url['query'], $p); if (!is_array($p)) { $this->warnx("Invalid query string: [{$url['query']}]"); return; } foreach (array('sver', 'itag', 'id') as $n) { if (!is_string($p[$n]) || strlen($p[$n]) === 0) { $this->warnx("Query parameter [{$n}] not found or empty"); return; } } if (isset($p['begin'])) { // // The user is not downloading the whole video, but seeking within it. // TODO How to deal with this? // Maybe nginx's FLV module could help. // $this->warnx("Uncachable: begin is set: [{$p['begin']}]"); } else { if ($p['sver'] != '3') { // // Stream Version? // // All requests seem to have this field set to the number 3. // If this ever changes, we should look at the new requests to make // sure that they are still compatible with this script. // $this->warnx("Uncachable: sver is not 3: [{$p['sver']}]"); } else { // // All values in $p are provided by the user. // Do not use them directly in 'fopen()'. // $this->cache_filename = cachedir($this) . '/' . 'id=' . safe_filename($p['id']) . '.itag=' . safe_filename($p['itag']); $this->log_filename = "{$this->cache_filename}." . time() . ".{$client_ip}.log"; $this->temp_cache_filename = "{$this->cache_filename}." . uniqid(mt_rand() . '_', TRUE) . ".{$client_ip}.tmp"; } } }
public function get_original_url() { if (!isset($_GET['url'])) { $this->logdie(2, __FUNCTION__, "Proxy URL rewriter error: url GET parameter not found."); } $this->original_url = base64_decode($_GET['url'], TRUE); if (!is_string($this->original_url)) { $this->logdie(2, __FUNCTION__, "Proxy URL rewriter error: url GET parameter is invalidly base64 encoded."); } $this->log(1, __FUNCTION__, "Accessed URL {$this->original_url}"); // // Get the client IP address. // if (!isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $this->log(2, __FUNCTION__, "Proxy configuration error: X-Forwarded-For header not found"); return; } // get forwarded server ip, can be multiple ones if there is multiple proxies $this->client_ip = trim($_SERVER['HTTP_X_FORWARDED_FOR']); if (strpos($this->client_ip, ", ")) { $cips_exploded = explode(", ", $this->client_ip); $this->client_ip = $cips_exploded[count($cips_exploded) - 1]; // get last ip in the array } if (preg_match('/^[0-9a-f:.]+$/', $this->client_ip) === 0) { $this->log(2, __FUNCTION__, "Proxy error: invalid X-Forwarded-For header value: [{$this->client_ip}]"); return; } // // Parse the URL and make sure it belongs to a YouTube video. // $url = parse_url($this->original_url); if (!is_array($url) || !is_string($url['query'])) { $this->logdie(2, __FUNCTION__, "Invalid URL"); return; } parse_str($url['query'], $this->parsed_url); if (!is_array($this->parsed_url)) { $this->log(2, __FUNCTION__, "Invalid query string: [{$url['query']}]"); unset($this->cache_request); return; } foreach (array('sver', 'itag', 'id') as $n) { if (!is_string($this->parsed_url[$n]) || strlen($this->parsed_url[$n]) === 0) { $this->log(2, __FUNCTION__, "Query parameter [{$n}] not found or empty"); unset($this->cache_request); return; } } $this->cache_request = 'id=' . safe_filename($this->parsed_url['id']) . '.itag=' . safe_filename($this->parsed_url['itag']); }