Acasă Explorează Ajutor
Înregistrare Autentificare
aj
/
chamilo-lms2
1
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Arbore: 0e3191628e
Ramuri Etichete
chamilo-lms2
/
main
/
inc
/
lib
/
nanogong
/
receiver.php

receiver.php 2.5 KB
Istoric Crud

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. 

  4. /**
    5. 

  5.  *    This file allows creating new svg and png documents with an online editor.
    6. 

  6.  *
    7. 

  7.  * @package chamilo.document
    8. 

  8.  *
    9. 

  9.  * @author Juan Carlos Raña Trabado
    10. 

  10.  * @since 5/mar/2011
    11. 

  11.  */
    12. 

  12. /**
    13. 

  13.  * Code
    14. 

  14.  */
    15. 

  15. require_once '../../../inc/global.inc.php';
    16. 

  16. require_once api_get_path(LIBRARY_PATH).'fileUpload.lib.php';
    17. 

  17. 

  18. api_protect_course_script();
    19. 

  19. api_block_anonymous_users();
    20. 

  20. 

  21. if (!isset($_GET['filename']) || !isset($_GET['filepath']) || !isset($_GET['dir']) || !isset($_GET['course_code']) || !isset($_GET['nano_group_id']) || !isset($_GET['nano_session_id']) || !isset($_GET['nano_user_id'])) {
    22. 

  22.     echo 'Error. Not allowed';
    23. 

  23.     exit;
    24. 

  24. }
    25. 

  25. 

  26. if (!is_uploaded_file($_FILES['voicefile']['tmp_name'])) {
    27. 

  27.     exit;
    28. 

  28. }
    29. 

  29. 

  30. //clean
    31. 

  31. $nano_user_id = Security::remove_XSS($_GET['nano_user_id']);
    32. 

  32. $nano_group_id = Security::remove_XSS($_GET['nano_group_id']);
    33. 

  33. $nano_session_id = Security::remove_XSS($_GET['nano_session_id']);
    34. 

  34. 

  35. $filename = Security::remove_XSS($_GET['filename']);
    36. 

  36. $filename = urldecode($filename);
    37. 

  37. $filepath = Security::remove_XSS(urldecode($_GET['filepath']));
    38. 

  38. $dir = Security::remove_XSS(urldecode($_GET['dir']));
    39. 

  39. 

  40. $course_code = Security::remove_XSS(urldecode($_GET['course_code']));
    41. 

  41. $_course = api_get_course_info($course_code);
    42. 

  42. 

  43. $filename = trim($_GET['filename']);
    44. 

  44. $filename = Security::remove_XSS($filename);
    45. 

  45. $filename = Database::escape_string($filename);
    46. 

  46. $filename = replace_dangerous_char($filename, $strict = 'loose'); // or strict
    47. 

  47. $filename = disable_dangerous_file($filename);
    48. 

  48. 

  49. $title = trim(str_replace('_chnano_.', '.', $filename)); //hide nanogong wav tag at title
    50. 

  50. $title = str_replace('_', ' ', $title);
    51. 

  51. 

  52. $documentPath = $filepath . $filename;
    53. 

  53. 

  54. if ($nano_user_id != api_get_user_id() || api_get_user_id() == 0 || $nano_user_id == 0) {
    55. 

  55.     echo 'Not allowed';
    56. 

  56.     exit;
    57. 

  57. }
    58. 

  58. 

  59. // Do not use here check Fileinfo method because return: text/plain
    60. 

  60. 

  61. if (!file_exists($documentPath)) {
    62. 

  62.     //add document to disk
    63. 

  63.     move_uploaded_file($_FILES['voicefile']['tmp_name'], $documentPath);
    64. 

  64. 

  65.     //add document to database
    66. 

  66.     $current_session_id = $nano_session_id;
    67. 

  67.     $groupId = $nano_group_id;
    68. 

  68.     $file_size = filesize($documentPath);
    69. 

  69.     $relativeUrlPath = $dir;
    70. 

  70.     $doc_id = add_document($_course, $relativeUrlPath . $filename, 'file', filesize($documentPath), $title);
    71. 

  71.     api_item_property_update(
    72. 

  72.         $_course,
    73. 

  73.         TOOL_DOCUMENT,
    74. 

  74.         $doc_id,
    75. 

  75.         'DocumentAdded',
    76. 

  76.         $nano_user_id,
    77. 

  77.         $groupId,
    78. 

  78.         null,
    79. 

  79.         null,
    80. 

  80.         null,
    81. 

  81.         $current_session_id
    82. 

  82.     );
    83. 

  83. } else {
    84. 

  84.     return get_lang('FileExistRename');
    85. 

  85. }
    86.