aj
/
chamilo-lms2


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166
							<?php
/*
 * filesave.php
 * To be used with ext-server_opensave.js for SVG-edit
 *
 * Licensed under the Apache License, Version 2
 *
 * Copyright(c) 2010 Alexis Deveria
 *
 * Integrate svg-edit with Chamilo
 * @author Juan Carlos Raña Trabado
 * @since 25/september/2010
*/

$language_file = array('document');//Chamilo load lang var

//Chamilo load libraries
require_once '../../../../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'fileUpload.lib.php';
require_once api_get_path(LIBRARY_PATH).'document.lib.php';

//Add security from Chamilo
api_protect_course_script();
api_block_anonymous_users();

if(!isset($_POST['output_svg']) && !isset($_POST['output_png'])) {
    api_not_allowed();//from Chamilo
    die();
}

$file = '';
$suffix = isset($_POST['output_svg'])?'svg':'png';

if(isset($_POST['filename']) && strlen($_POST['filename']) > 0) {
    $file = $_POST['filename'];
} else {
    $file = 'image';
}

if($suffix == 'svg') {
    $mime = 'image/svg+xml';
    $contents = rawurldecode($_POST['output_svg']);
} else {
    $mime = 'image/png';
    $contents = $_POST['output_png'];
    $pos = (strpos($contents, 'base64,') + 7);
    $contents = base64_decode(substr($contents, $pos));
}

//get SVG-Edit values
$filename=$file;//from svg-edit
$extension=$suffix;// from svg-edit
$content=$contents;//from svg-edit

$title = Database::escape_string(str_replace('_',' ',$filename));

//get Chamilo variables

if(!isset($_SESSION['draw_dir']) && !isset($_SESSION['whereami'])) {
    api_not_allowed();//from Chamilo
    die();
}

$current_session_id = api_get_session_id();
$groupId    =  api_get_group_id();
$relativeUrlPath=$_SESSION['draw_dir'];
$currentTool=$_SESSION['whereami'];
$dirBaseDocuments = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document';
$saveDir=$dirBaseDocuments.$_SESSION['draw_dir'];

//a bit title security

$filename = addslashes(trim($filename));
$filename = Security::remove_XSS($filename);
$filename = replace_dangerous_char($filename, 'strict');
$filename = disable_dangerous_file($filename);

// a bit extension
if ($suffix != 'svg' && $suffix != 'png') {
    die();
}

//a bit mime security
//comment because finfo seems stopping the save process files in some php vers.
/*
if (phpversion() >= '5.3' && extension_loaded('fileinfo')) {
	$finfo = new finfo(FILEINFO_MIME);
	$current_mime=$finfo->buffer($contents);
	finfo_close($finfo);
	$mime_png='image/png';//svg-edit return image/png; charset=binary
	$mime_svg='image/svg+xml';
	$mime_xml='application/xml';//hack for svg-edit because original code return application/xml; charset=us-ascii. See
	if(strpos($current_mime, $mime_png)===false && $extension=='png') {
		die();//File extension does not match its content
	} elseif(strpos($current_mime, $mime_svg)===false && strpos($current_mime, $mime_xml)===false && $extension=='svg') {
		die();//File extension does not match its content
	}
}
*/

//checks if the file exists, then rename the new
if (file_exists($saveDir.'/'.$filename.$i.'.'.$extension) && $currentTool=='document/createdraw') {
    $message = get_lang('FileExistsChangeToSave');
    $params = array(
        'message' => $message,
        'url' => ''
    );
    echo json_encode($params);
    exit;
} else {
    $drawFileName = $filename.'.'.$extension;
    $title = $title.'.'.$extension;
}

$documentPath = $saveDir.'/'.$drawFileName;

//add new document to disk
file_put_contents( $documentPath, $contents );

if ($currentTool=='document/createdraw') {
    //add document to database
    $doc_id = add_document($_course, $relativeUrlPath.'/'.$drawFileName, 'file', filesize($documentPath), $title);
    api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $groupId, null, null, null, $current_session_id);

} elseif($currentTool=='document/editdraw') {

    //check path
    if (!isset($_SESSION['draw_file'])){
        api_not_allowed();//from Chamilo
        die();
    }
    if ($_SESSION['draw_file'] == $drawFileName ){
        $document_id = DocumentManager::get_document_id($_course, $relativeUrlPath.'/'.$drawFileName);
        update_existing_document($_course, $document_id, filesize($documentPath), null);
        api_item_property_update($_course, TOOL_DOCUMENT, $document_id, 'DocumentUpdated', $_user['user_id'], $groupId, null, null, null, $current_session_id);
    } else {
        //add a new document
        $doc_id = add_document($_course, $relativeUrlPath.'/'.$drawFileName, 'file', filesize($documentPath), $title);
        api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $groupId, null, null, null, $current_session_id);
    }
}

//clean sessions and add messages and return to current document list
unset($_SESSION['draw_dir']);
unset($_SESSION['draw_file']);
unset($_SESSION['whereami']);

if ($suffix != 'png') {
    if ($relativeUrlPath == '') {
        $relativeUrlPath = '/';
    };
    $url = api_get_path(WEB_CODE_PATH).'document/document.php?'.api_get_cidreq().'&curdirpath='.urlencode($relativeUrlPath);
    $message = get_lang('FileSavedAs').': '.$title;
    //echo 'alert("'.get_lang('FileSavedAs').': '.$title.'");';
    //echo 'window.top.location.href="'.$interbreadcrumb.'";';//return to current document list
} else {
    $url = '';
    $message = get_lang('FileExportAs').': '.$title;
}

$params = array(
    'message' => $message,
    'url' => $url
);
echo json_encode($params);
exit;