$action_message = "<div class='alert alert-success'>{$langMetadataMod}</div>"; } if (isset($_POST['replacePath']) and isset($_FILES['newFile']) and is_uploaded_file($_FILES['newFile']['tmp_name'])) { validateUploadedFile($_FILES['newFile']['name'], $menuTypeID); $replacePath = $_POST['replacePath']; // Check if file actually exists $result = Database::get()->querySingle("SELECT id, path, format FROM document WHERE\n {$group_sql} AND\n format <> '.dir' AND\n path=?s", $replacePath); if ($result) { $docId = $result->id; $oldpath = $result->path; $oldformat = $result->format; // check for disk quota $diskUsed = dir_total_space($basedir); if ($diskUsed - filesize($basedir . $oldpath) + $_FILES['newFile']['size'] > $diskQuotaDocument) { $action_message = "<div class='alert alert-danger'>{$langNoSpace}</div>"; } elseif (unwanted_file($_FILES['newFile']['name'])) { $action_message = "<div class='alert alert-danger'>{$langUnwantedFiletype}: " . q($_FILES['newFile']['name']) . "</div>"; } else { $newformat = get_file_extension($_FILES['newFile']['name']); $newpath = preg_replace("/\\.{$oldformat}\$/", '', $oldpath) . (empty($newformat) ? '' : '.' . $newformat); my_delete($basedir . $oldpath); $affectedRows = Database::get()->query("UPDATE document SET path = ?s, format = ?s, filename = ?s, date_modified = NOW()\n WHERE {$group_sql} AND path = ?s", $newpath, $newformat, $_FILES['newFile']['name'], $oldpath)->affectedRows; if (!copy($_FILES['newFile']['tmp_name'], $basedir . $newpath) or $affectedRows == 0) { $action_message = "<div class='alert alert-danger'>{$langGeneralError}</div>"; } else { if (hasMetaData($oldpath, $basedir, $group_sql)) { rename($basedir . $oldpath . ".xml", $basedir . $newpath . ".xml"); Database::get()->query("UPDATE document SET path = ?s, filename=?s WHERE {$group_sql} AND path = ?s", $newpath . ".xml", $_FILES['newFile']['name'] . ".xml", $oldpath . ".xml"); } Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_DOCUMENT, $docId); Log::record($course_id, MODULE_ID_DOCS, LOG_MODIFY, array('oldpath' => $oldpath, 'newpath' => $newpath, 'filename' => $_FILES['newFile']['name']));
function process_extracted_file($p_event, &$p_header) { global $uploadPath, $realFileSize, $basedir, $course_id, $subsystem, $subsystem_id, $uploadPath, $group_sql; $replace = isset($_POST['replace']); if (!isset($uploadPath)) { $uploadPath = ''; } $file_category = isset($_POST['file_category']) ? $_POST['file_category'] : 0; $file_creator = isset($_POST['file_creator']) ? $_POST['file_creator'] : ''; $file_author = isset($_POST['file_author']) ? $_POST['file_author'] : ''; $file_subject = isset($_POST['file_subject']) ? $_POST['file_subject'] : ''; $file_language = isset($_POST['file_language']) ? $_POST['file_language'] : ''; $file_copyrighted = isset($_POST['file_copyrighted']) ? $_POST['file_copyrighted'] : ''; $file_comment = isset($_POST['file_comment']) ? $_POST['file_comment'] : ''; $file_description = isset($_POST['file_description']) ? $_POST['file_description'] : ''; $realFileSize += $p_header['size']; $stored_filename = $p_header['stored_filename']; if (invalid_utf8($stored_filename)) { $stored_filename = cp737_to_utf8($stored_filename); } $path_components = explode('/', $stored_filename); $filename = php2phps(array_pop($path_components)); if (unwanted_file($filename)) { $filename .= '.bin'; } $file_date = date("Y\\-m\\-d G\\:i\\:s", $p_header['mtime']); $path = make_path($uploadPath, $path_components); if ($p_header['folder']) { // Directory has been created by make_path(), // only need to update the index $r = Database::get()->querySingle("SELECT id FROM document WHERE {$group_sql} AND path = ?s", $path); Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_DOCUMENT, $r->id); return 0; } else { // Check if file already exists $result = Database::get()->querySingle("SELECT id, path, visible FROM document\n WHERE {$group_sql} AND\n path REGEXP ?s AND\n filename = ?s LIMIT 1", "^{$path}/[^/]+\$", $filename); $format = get_file_extension($filename); if ($result) { $old_id = $result->id; $file_path = $result->path; $vis = $result->visible; if ($replace) { // Overwrite existing file $p_header['filename'] = $basedir . $file_path; Database::get()->query("UPDATE document\n SET date_modified = ?t\n WHERE {$group_sql} AND\n id = ?d", $file_date, $old_id); return 1; } else { // Rename existing file $backup_n = 1; do { $backup = preg_replace('/\\.[a-zA-Z0-9_-]+$/', '', $filename) . '_backup_' . $backup_n . '.' . $format; $n = Database::get()->querySingle("SELECT COUNT(*) as count FROM document\n WHERE {$group_sql} AND\n path REGEXP ?s AND\n filename = ?s LIMIT 1", "^{$path}/[^/]+\$", $backup)->count; $backup_n++; } while ($n > 0); Database::get()->query("UPDATE document SET filename = ?s\n WHERE {$group_sql} AND\n path = ?s", $backup, $file_path); Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_DOCUMENT, $old_id); } } $path .= '/' . safe_filename($format); $id = Database::get()->query("INSERT INTO document SET\n course_id = ?d,\n subsystem = ?d,\n subsystem_id = ?d,\n path = ?s,\n filename = ?s,\n visible = 1,\n comment = ?s,\n category = ?d,\n title = '',\n creator = ?s,\n date = ?t,\n date_modified = ?t,\n subject = ?s,\n description = ?s,\n author = ?s,\n format = ?s,\n language = ?s,\n copyrighted = ?d", $course_id, $subsystem, $subsystem_id, $path, $filename, $file_comment, $file_category, $file_creator, $file_date, $file_date, $file_subject, $file_description, $file_author, $format, $file_language, $file_copyrighted)->lastInsertID; // Logging Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_DOCUMENT, $id); Log::record($course_id, MODULE_ID_DOCS, LOG_INSERT, array('id' => $id, 'filepath' => $path, 'filename' => $filename, 'comment' => $file_comment)); // File will be extracted with new encoded filename $p_header['filename'] = $basedir . $path; return 1; } }