Home Explore Help
Sign In
aj
/
chamilo-lms2
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a860d6adfc
Branches Tags
chamilo-lms2
/
main
/
document
/
create_document.php

create_document.php 22 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. 

  4. use ChamiloSession as Session;
    5. 

  5. 

  6. /**
    7. 

  7.  * This file allows creating new html documents with an online WYSIWYG html editor.
    8. 

  8.  *
    9. 

  9.  * @package chamilo.document
    10. 

  10.  */
    11. 

  11. 

  12. require_once __DIR__.'/../inc/global.inc.php';
    13. 

  13. 

  14. $_SESSION['whereami'] = 'document/create';
    15. 

  15. $this_section = SECTION_COURSES;
    16. 

  16. $groupRights = Session::read('group_member_with_upload_rights');
    17. 

  17. $htmlHeadXtra[] = '
    18. 

  18. <script>
    19. 

  19. $(document).ready(function() {
    20. 

  20.     $(".scrollbar-light").scrollbar();
    21. 

  21. 

  22.     expandColumnToogle("#hide_bar_template", {
    23. 

  23.         selector: "#template_col",
    24. 

  24.         width: 3
    25. 

  25.     }, {
    26. 

  26.         selector: "#doc_form",
    27. 

  27.         width: 9
    28. 

  28.     });
    29. 

  29. 

  30.     CKEDITOR.on("instanceReady", function (e) {
    31. 

  31.         showTemplates();
    32. 

  32.     });
    33. 

  33. });
    34. 

  34. 

  35. $(document).on("change", ".selectpicker", function () {
    36. 

  36.     var dirValue = $(this).val();
    37. 

  37.     $.ajax({
    38. 

  38.         contentType: "application/x-www-form-urlencoded",
    39. 

  39.         data: "dirValue="+dirValue,
    40. 

  40.         url: "' . api_get_path(WEB_AJAX_PATH).'document.ajax.php?a=document_destination",
    41. 

  41.         type: "POST",
    42. 

  42.         success: function(response) {
    43. 

  43.             $("[name=\'dirValue\']").val(response)
    44. 

  44.         }
    45. 

  45.     });
    46. 

  46. });
    47. 

  47. 

  48. function setFocus() {
    49. 

  49.    $("#document_title").focus();
    50. 

  50. }
    51. 

  51. 

  52. $(window).load(function () {
    53. 

  53. 	setFocus();
    54. 

  54. });
    55. 

  55. 

  56. </script>';
    57. 

  57. 

  58. //I'm in the certification module?
    59. 

  59. $is_certificate_mode = false;
    60. 

  60. 

  61. if (isset($_REQUEST['certificate']) && $_REQUEST['certificate'] == 'true') {
    62. 

  62. 	$is_certificate_mode = true;
    63. 

  63. }
    64. 

  64. 

  65. if ($is_certificate_mode) {
    66. 

  66. 	$nameTools = get_lang('CreateCertificate');
    67. 

  67. } else {
    68. 

  68. 	$nameTools = get_lang('CreateDocument');
    69. 

  69. }
    70. 

  70. 

  71. /*	Constants and variables */
    72. 

  72. 

  73. $doc_table = Database::get_course_table(TABLE_DOCUMENT);
    74. 

  74. $course_id = api_get_course_int_id();
    75. 

  75. $courseCode = api_get_course_id();
    76. 

  76. $sessionId = api_get_session_id();
    77. 

  77. $userId = api_get_user_id();
    78. 

  78. $_course = api_get_course_info();
    79. 

  79. $groupId = api_get_group_id();
    80. 

  80. $document_data = array();
    81. 

  81. 

  82. if (isset($_REQUEST['id'])) {
    83. 

  83.     $document_data = DocumentManager::get_document_data_by_id(
    84. 

  84.         $_REQUEST['id'],
    85. 

  85.         $courseCode,
    86. 

  86.         true,
    87. 

  87.         0
    88. 

  88.     );
    89. 

  89. }
    90. 

  90. 

  91. if (!empty($sessionId) && empty($document_data)) {
    92. 

  92.     $document_data = DocumentManager::get_document_data_by_id(
    93. 

  93.         $_REQUEST['id'],
    94. 

  94.         $courseCode,
    95. 

  95.         true,
    96. 

  96.         $sessionId
    97. 

  97.     );
    98. 

  98. }
    99. 

  99. $groupIid = 0;
    100. 

  100. $group_properties = [];
    101. 

  101. if (!empty($groupId)) {
    102. 

  102.     $group_properties = GroupManager::get_group_properties($groupId);
    103. 

  103.     $groupIid = $group_properties['iid'];
    104. 

  104. }
    105. 

  105. 

  106. if (empty($document_data)) {
    107. 

  107.     if (api_is_in_group()) {
    108. 

  108.         $document_id = DocumentManager::get_document_id($_course, $group_properties['directory']);
    109. 

  109.         $document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id());
    110. 

  110.         $dir = $document_data['path'];
    111. 

  111.         $folder_id = $document_data['id'];
    112. 

  112.     } else {
    113. 

  113.         $dir = '/';
    114. 

  114.         $folder_id = 0;
    115. 

  115.     }
    116. 

  116. } else {
    117. 

  117.     $folder_id = $document_data['id'];
    118. 

  118.     $dir = $document_data['path'];
    119. 

  119. }
    120. 

  120. 

  121. /*	MAIN CODE */
    122. 

  122. 

  123. // Please, do not modify this dirname formatting
    124. 

  124. if (strstr($dir, '..')) {
    125. 

  125. 	$dir = '/';
    126. 

  126. }
    127. 

  127. 

  128. if ($dir[0] == '.') {
    129. 

  129. 	$dir = substr($dir, 1);
    130. 

  130. }
    131. 

  131. 

  132. if ($dir[0] != '/') {
    133. 

  133. 	$dir = '/'.$dir;
    134. 

  134. }
    135. 

  135. 

  136. if ($dir[strlen($dir) - 1] != '/') {
    137. 

  137. 	$dir .= '/';
    138. 

  138. }
    139. 

  139. 

  140. if ($is_certificate_mode) {
    141. 

  141. 	$document_id = DocumentManager::get_document_id(api_get_course_info(), '/certificates');
    142. 

  142. 	$document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), true);
    143. 

  143. 	$folder_id = $document_data['id'];
    144. 

  144. 	$dir = '/certificates/';
    145. 

  145. }
    146. 

  146. 

  147. $doc_tree  = explode('/', $dir);
    148. 

  148. $count_dir = count($doc_tree) - 2; // "2" because at the begin and end there are 2 "/"
    149. 

  149. 

  150. if (api_is_in_group()) {
    151. 

  151.     $group_properties = GroupManager::get_group_properties(api_get_group_id());
    152. 

  152. 

  153.     // Level correction for group documents.
    154. 

  154.     if (!empty($group_properties['directory'])) {
    155. 

  155.     	$count_dir = $count_dir > 0 ? $count_dir - 1 : 0;
    156. 

  156.     }
    157. 

  157. }
    158. 

  158. $relative_url = '';
    159. 

  159. for ($i = 0; $i < ($count_dir); $i++) {
    160. 

  160.     $relative_url .= '../';
    161. 

  161. }
    162. 

  162. 

  163. if ($relative_url == '') {
    164. 

  164.     $relative_url = '/';
    165. 

  165. }
    166. 

  166. 

  167. $is_allowed_to_edit = api_is_allowed_to_edit(null, true);
    168. 

  168. 

  169. $editorConfig = array(
    170. 

  170.     'ToolbarSet' => ($is_allowed_to_edit ? 'Documents' : 'DocumentsStudent'),
    171. 

  171.     'Width' => '100%',
    172. 

  172.     'Height' => '400',
    173. 

  173.     'cols-size' => [2, 10, 0],
    174. 

  174.     'FullPage' => true,
    175. 

  175.     'InDocument' => true,
    176. 

  176.     'CreateDocumentDir' => $relative_url,
    177. 

  177.     'CreateDocumentWebDir' => (empty($group_properties['directory']))
    178. 

  178.                                 ? api_get_path(WEB_COURSE_PATH).$_course['path'].'/document/'
    179. 

  179.                                 : api_get_path(WEB_COURSE_PATH).api_get_course_path().'/document'.$group_properties['directory'].'/',
    180. 

  180.     'BaseHref' => api_get_path(WEB_COURSE_PATH).$_course['path'].'/document'.$dir
    181. 

  181. );
    182. 

  182. 

  183. if ($is_certificate_mode) {
    184. 

  184.     $editorConfig['CreateDocumentDir'] = api_get_path(WEB_COURSE_PATH).$_course['path'].'/document/';
    185. 

  185.     $editorConfig['CreateDocumentWebDir'] = api_get_path(WEB_COURSE_PATH).$_course['path'].'/document/';
    186. 

  186.     $editorConfig['BaseHref'] = api_get_path(WEB_COURSE_PATH).$_course['path'].'/document'.$dir;
    187. 

  187. }
    188. 

  188. 

  189. $filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document';
    190. 

  190. 

  191. if (!is_dir($filepath)) {
    192. 

  192.     $filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document/';
    193. 

  193.     $dir = '/';
    194. 

  194. }
    195. 

  195. 

  196. if (!$is_certificate_mode) {
    197. 

  197.     if (api_is_in_group()) {
    198. 

  198.         $interbreadcrumb[] = array(
    199. 

  199.             "url" => "../group/group_space.php?".api_get_cidreq(),
    200. 

  200.             "name" => get_lang('GroupSpace'),
    201. 

  201.         );
    202. 

  202.         $noPHP_SELF = true;
    203. 

  203.         $path = explode('/', $dir);
    204. 

  204.         if ('/'.$path[1] != $group_properties['directory']) {
    205. 

  205.             api_not_allowed(true);
    206. 

  206.         }
    207. 

  207.     }
    208. 

  208.     $interbreadcrumb[] = array(
    209. 

  209.         "url" => "./document.php?curdirpath=".urlencode($dir)."&".api_get_cidreq(),
    210. 

  210.         "name" => get_lang('Documents'),
    211. 

  211.     );
    212. 

  212. } else {
    213. 

  213.     $interbreadcrumb[] = array(
    214. 

  214.         'url' => '../gradebook/'.$_SESSION['gradebook_dest'],
    215. 

  215.         'name' => get_lang('Gradebook'),
    216. 

  216.     );
    217. 

  217. }
    218. 

  218. 

  219. if (!api_is_allowed_in_course()) {
    220. 

  220.     api_not_allowed(true);
    221. 

  221. }
    222. 

  222. 

  223. if (!($is_allowed_to_edit ||
    224. 

  224.     $groupRights ||
    225. 

  225.     DocumentManager::is_my_shared_folder($userId, $dir, api_get_session_id()))
    226. 

  226. ) {
    227. 

  227.     api_not_allowed(true);
    228. 

  228. }
    229. 

  229. 

  230. /*	Header */
    231. 

  231. Event::event_access_tool(TOOL_DOCUMENT);
    232. 

  232. 

  233. $display_dir = $dir;
    234. 

  234. if (isset($group_properties)) {
    235. 

  235.     $display_dir = explode('/', $dir);
    236. 

  236.     unset($display_dir[0]);
    237. 

  237.     unset($display_dir[1]);
    238. 

  238.     $display_dir = implode('/', $display_dir);
    239. 

  239. }
    240. 

  240. 

  241. $select_cat = isset($_GET['selectcat']) ? intval($_GET['selectcat']) : null;
    242. 

  242. $curDirPath = isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : null;
    243. 

  243. // Create a new form
    244. 

  244. $form = new FormValidator(
    245. 

  245.     'create_document',
    246. 

  246.     'post',
    247. 

  247.     api_get_self().'?'.api_get_cidreq().'&dir='.Security::remove_XSS(urlencode($dir)).'&selectcat='.$select_cat,
    248. 

  248.     null
    249. 

  249. );
    250. 

  250. 

  251. // form title
    252. 

  252. $form->addElement('header', $nameTools);
    253. 

  253. 

  254. if ($is_certificate_mode) {//added condition for certicate in gradebook
    255. 

  255.     $form->addElement(
    256. 

  256.         'hidden',
    257. 

  257.         'certificate',
    258. 

  258.         'true',
    259. 

  259.         array('id' => 'certificate')
    260. 

  260.     );
    261. 

  261.     if (isset($_GET['selectcat'])) {
    262. 

  262.         $form->addElement('hidden', 'selectcat', $select_cat);
    263. 

  263.     }
    264. 

  264. }
    265. 

  265. 

  266. // Hidden element with current directory
    267. 

  267. $form->addElement('hidden', 'id');
    268. 

  268. $defaults = array();
    269. 

  269. $defaults['id'] = $folder_id;
    270. 

  270. 

  271. // Filename
    272. 

  272. $form->addElement('hidden', 'title_edited', 'false', 'id="title_edited"');
    273. 

  273. 

  274. /**
    275. 

  275.  * Check if a document width the chosen filename already exists
    276. 

  276.  */
    277. 

  277. function document_exists($filename)
    278. 

  278. {
    279. 

  279.     global $dir;
    280. 

  280.     $cleanName = api_replace_dangerous_char($filename);
    281. 

  281. 

  282.     // No "dangerous" files
    283. 

  283.     $cleanName = disable_dangerous_file($cleanName);
    284. 

  284. 

  285.     return !DocumentManager::documentExists(
    286. 

  286.         $dir.$cleanName.'.html',
    287. 

  287.         api_get_course_info(),
    288. 

  288.         api_get_session_id(),
    289. 

  289.         api_get_group_id()
    290. 

  290.     );
    291. 

  291. }
    292. 

  292. 

  293. // Add group to the form
    294. 

  294. if ($is_certificate_mode) {
    295. 

  295.     $form->addText('title', get_lang('CertificateName'), true, array('cols-size' => [2, 10, 0], 'autofocus'));
    296. 

  296. } else {
    297. 

  297.     $form->addText('title', get_lang('Title'), true, array('cols-size' => [2, 10, 0], 'autofocus'));
    298. 

  298. }
    299. 

  299. 

  300. // Show read-only box only in groups
    301. 

  301. if (!empty($groupId)) {
    302. 

  302.     $group[] = $form->createElement('checkbox', 'readonly', '', get_lang('ReadOnly'));
    303. 

  303. }
    304. 

  304. $form->addRule('title', get_lang('ThisFieldIsRequired'), 'required');
    305. 

  305. $form->addRule('title', get_lang('FileExists'), 'callback', 'document_exists');
    306. 

  306. 

  307. $current_session_id = api_get_session_id();
    308. 

  308. $form->addHtmlEditor(
    309. 

  309.     'content',
    310. 

  310.     get_lang('Content'),
    311. 

  311.     true,
    312. 

  312.     true,
    313. 

  313.     $editorConfig,
    314. 

  314.     true
    315. 

  315. );
    316. 

  316. 

  317. // Comment-field
    318. 

  318. $folders = DocumentManager::get_all_document_folders(
    319. 

  319.     $_course,
    320. 

  320.     $groupIid,
    321. 

  321.     $is_allowed_to_edit
    322. 

  322. );
    323. 

  323. 

  324. // If we are not in the certificates creation, display a folder chooser for the
    325. 

  325. // new document created
    326. 

  326. 

  327. if (!$is_certificate_mode &&
    328. 

  328. 	!DocumentManager::is_my_shared_folder($userId, $dir, $current_session_id)
    329. 

  329. ) {
    330. 

  330.     $folders = DocumentManager::get_all_document_folders(
    331. 

  331.         $_course,
    332. 

  332.         $groupIid,
    333. 

  333.         $is_allowed_to_edit
    334. 

  334.     );
    335. 

  335. 

  336.     $parent_select = $form->addSelect(
    337. 

  337.         'curdirpath',
    338. 

  338.         get_lang('DestinationDirectory'),
    339. 

  339.         null,
    340. 

  340.         array('cols-size' => [2, 10, 0])
    341. 

  341.     );
    342. 

  342. 

  343.     $folder_titles = array();
    344. 

  344.     if (is_array($folders)) {
    345. 

  345.         $escaped_folders = array();
    346. 

  346.         foreach ($folders as $key => & $val) {
    347. 

  347.             // Hide some folders
    348. 

  348.             if ($val == '/HotPotatoes_files' || $val == '/certificates' || basename($val) == 'css') {
    349. 

  349.                 continue;
    350. 

  350.             }
    351. 

  351.             // Admin setting for Hide/Show the folders of all users
    352. 

  352.             if (api_get_setting('show_users_folders') == 'false' && (strstr($val, '/shared_folder') || strstr($val, 'shared_folder_session_'))) {
    353. 

  353.                 continue;
    354. 

  354.             }
    355. 

  355.             // Admin setting for Hide/Show Default folders to all users
    356. 

  356.             if (api_get_setting('show_default_folders') == 'false' && ($val == '/images' || $val == '/flash' || $val == '/audio' || $val == '/video' || strstr($val, '/images/gallery') || $val == '/video/flv')) {
    357. 

  357.                 continue;
    358. 

  358.             }
    359. 

  359.             // Admin setting for Hide/Show chat history folder
    360. 

  360.             if (api_get_setting('show_chat_folder') == 'false' && $val == '/chat_files') {
    361. 

  361.                 continue;
    362. 

  362.             }
    363. 

  363. 

  364.             $escaped_folders[$key] = Database::escape_string($val);
    365. 

  365.         }
    366. 

  366.         $folder_sql = implode("','", $escaped_folders);
    367. 

  367. 

  368.         $sql = "SELECT * FROM $doc_table
    369. 

  369. 				WHERE
    370. 

  370. 				    c_id = $course_id AND
    371. 

  371. 				    filetype='folder' AND
    372. 

  372. 				    path IN ('".$folder_sql."')";
    373. 

  373.         $res = Database::query($sql);
    374. 

  374.         $folder_titles = array();
    375. 

  375.         while ($obj = Database::fetch_object($res)) {
    376. 

  376.             $folder_titles[$obj->path] = $obj->title;
    377. 

  377.         }
    378. 

  378.     }
    379. 

  379. 

  380.     if (empty($group_dir)) {
    381. 

  381.         $parent_select -> addOption(get_lang('HomeDirectory'), '/');
    382. 

  382.         if (is_array($folders)) {
    383. 

  383.             foreach ($folders as & $folder) {
    384. 

  384.                 //Hide some folders
    385. 

  385.                 if ($folder == '/HotPotatoes_files' || $folder == '/certificates' || basename($folder) == 'css') {
    386. 

  386.                     continue;
    387. 

  387.                 }
    388. 

  388.                 //Admin setting for Hide/Show the folders of all users
    389. 

  389.                 if (api_get_setting('show_users_folders') == 'false' &&
    390. 

  390.                     (strstr($folder, '/shared_folder') || strstr($folder, 'shared_folder_session_'))
    391. 

  391.                 ) {
    392. 

  392.                     continue;
    393. 

  393.                 }
    394. 

  394.                 //Admin setting for Hide/Show Default folders to all users
    395. 

  395.                 if (api_get_setting('show_default_folders') == 'false' &&
    396. 

  396.                     (
    397. 

  397.                         $folder == '/images' ||
    398. 

  398.                         $folder == '/flash' ||
    399. 

  399.                         $folder == '/audio' ||
    400. 

  400.                         $folder == '/video' ||
    401. 

  401.                         strstr($folder, '/images/gallery') ||
    402. 

  402.                         $folder == '/video/flv'
    403. 

  403.                     )
    404. 

  404.                 ) {
    405. 

  405.                     continue;
    406. 

  406.                 }
    407. 

  407.                 //Admin setting for Hide/Show chat history folder
    408. 

  408.                 if (api_get_setting('show_chat_folder') == 'false' &&
    409. 

  409.                     $folder == '/chat_files'
    410. 

  410.                 ) {
    411. 

  411.                     continue;
    412. 

  412.                 }
    413. 

  413. 

  414.                 $selected = (substr($dir, 0, -1) == $folder) ? ' selected="selected"' : '';
    415. 

  415.                 $path_parts = explode('/', $folder);
    416. 

  416.                 $folder_titles[$folder] = cut($folder_titles[$folder], 80);
    417. 

  417.                 $space_counter = count($path_parts) - 2;
    418. 

  418.                 if ($space_counter > 0) {
    419. 

  419.                     $label = str_repeat('&nbsp;&nbsp;&nbsp;', $space_counter).' &mdash; '.$folder_titles[$folder];
    420. 

  420.                 } else {
    421. 

  421.                     $label = ' &mdash; '.$folder_titles[$folder];
    422. 

  422.                 }
    423. 

  423.                 $parent_select -> addOption($label, $folder);
    424. 

  424.                 if ($selected != '') {
    425. 

  425.                     $parent_select->setSelected($folder);
    426. 

  426.                 }
    427. 

  427.             }
    428. 

  428.         }
    429. 

  429.     } else {
    430. 

  430.         if (is_array($folders) && !empty($folders)) {
    431. 

  431.             foreach ($folders as & $folder) {
    432. 

  432.                 $selected = (substr($dir, 0, -1) == $folder) ? ' selected="selected"' : '';
    433. 

  433.                 $label = $folder_titles[$folder];
    434. 

  434.                 if ($folder == $group_dir) {
    435. 

  435.                     $label = '/ ('.get_lang('HomeDirectory').')';
    436. 

  436.                 } else {
    437. 

  437.                     $path_parts = explode('/', str_replace($group_dir, '', $folder));
    438. 

  438.                     $label = cut($label, 80);
    439. 

  439.                     $label = str_repeat('&nbsp;&nbsp;&nbsp;', count($path_parts) - 2).' &mdash; '.$label;
    440. 

  440.                 }
    441. 

  441.                 $parent_select->addOption($label, $folder);
    442. 

  442.                 if ($selected != '') {
    443. 

  443.                     $parent_select->setSelected($folder);
    444. 

  444.                 }
    445. 

  445.             }
    446. 

  446.         }
    447. 

  447.     }
    448. 

  448. }
    449. 

  449. 

  450. $form->addHidden('dirValue', '');
    451. 

  451. 

  452. if ($is_certificate_mode) {
    453. 

  453.     $form->addButtonCreate(get_lang('CreateCertificate'));
    454. 

  454. } else {
    455. 

  455.     $form->addButtonCreate(get_lang('CreateDoc'));
    456. 

  456. }
    457. 

  457. 

  458. $form->setDefaults($defaults);
    459. 

  459. 

  460. // If form validates -> save the new document
    461. 

  461. if ($form->validate()) {
    462. 

  462.     $values = $form->exportValues();
    463. 

  463.     $readonly = isset($values['readonly']) ? 1 : 0;
    464. 

  464.     $values['title'] = trim($values['title']);
    465. 

  465. 

  466.     if (!empty($values['dirValue'])) {
    467. 

  467.         $dir = $values['dirValue'];
    468. 

  468.     }
    469. 

  469. 

  470.     if ($dir[strlen($dir) - 1] != '/') {
    471. 

  471.         $dir .= '/';
    472. 

  472.     }
    473. 

  473.     $filepath = $filepath.$dir;
    474. 

  474. 

  475.     // Setting the filename
    476. 

  476.     $filename = $values['title'];
    477. 

  477.     $filename = addslashes(trim($filename));
    478. 

  478.     $filename = Security::remove_XSS($filename);
    479. 

  479.     $filename = api_replace_dangerous_char($filename);
    480. 

  480.     $filename = disable_dangerous_file($filename);
    481. 

  481.     $filename .= DocumentManager::getDocumentSuffix(
    482. 

  482.         $_course,
    483. 

  483.         api_get_session_id(),
    484. 

  484.         api_get_group_id()
    485. 

  485.     );
    486. 

  486. 

  487.     // Setting the title
    488. 

  488.     $title = $values['title'];
    489. 

  489. 

  490.     // Setting the extension
    491. 

  491.     $extension = 'html';
    492. 

  492. 

  493.     $content = Security::remove_XSS($values['content'], COURSEMANAGERLOWSECURITY);
    494. 

  494. 

  495.     /*if (strpos($content, '/css/frames.css') == false) {
    496. 

  496.         $content = str_replace('</head>', '<link rel="stylesheet" href="./css/frames.css" type="text/css" /><style> body{margin:50px;}</style></head>', $content);
    497. 

  497.     }*/
    498. 

  498. 

  499.     // Don't create file with the same name.
    500. 

  500. 

  501.     if (file_exists($filepath.$filename.'.'.$extension)) {
    502. 

  502.         Display::addFlash(Display::return_message(get_lang('FileExists').' '.$title, 'error', false));
    503. 

  503.         Display:: display_header($nameTools, 'Doc');
    504. 

  504.         Display:: display_footer();
    505. 

  505.         exit;
    506. 

  506.     }
    507. 

  507. 

  508.     if ($fp = @fopen($filepath.$filename.'.'.$extension, 'w')) {
    509. 

  509. 

  510.         $content = str_replace(
    511. 

  511.             api_get_path(WEB_COURSE_PATH),
    512. 

  512.             api_get_configuration_value('url_append').api_get_path(REL_COURSE_PATH),
    513. 

  513.             $content
    514. 

  514.         );
    515. 

  515. 

  516.         fputs($fp, $content);
    517. 

  517.         fclose($fp);
    518. 

  518.         chmod($filepath.$filename.'.'.$extension, api_get_permissions_for_new_files());
    519. 

  519.         $file_size = filesize($filepath.$filename.'.'.$extension);
    520. 

  520.         $save_file_path = $dir.$filename.'.'.$extension;
    521. 

  521. 

  522.         $document_id = add_document(
    523. 

  523.             $_course,
    524. 

  524.             $save_file_path,
    525. 

  525.             'file',
    526. 

  526.             $file_size,
    527. 

  527.             $title,
    528. 

  528.             null,
    529. 

  529.             $readonly
    530. 

  530.         );
    531. 

  531. 

  532.         if ($document_id) {
    533. 

  533.             api_item_property_update(
    534. 

  534.                 $_course,
    535. 

  535.                 TOOL_DOCUMENT,
    536. 

  536.                 $document_id,
    537. 

  537.                 'DocumentAdded',
    538. 

  538.                 $userId,
    539. 

  539.                 $group_properties,
    540. 

  540.                 null,
    541. 

  541.                 null,
    542. 

  542.                 null,
    543. 

  543.                 $current_session_id
    544. 

  544.             );
    545. 

  545.             // Update parent folders
    546. 

  546.             item_property_update_on_folder($_course, $dir, $userId);
    547. 

  547.             $new_comment = isset($_POST['comment']) ? trim($_POST['comment']) : '';
    548. 

  548.             $new_title = isset($_POST['title']) ? trim($_POST['title']) : '';
    549. 

  549.             $new_title = htmlspecialchars($new_title);
    550. 

  550.             if ($new_comment || $new_title) {
    551. 

  551.                 $ct = '';
    552. 

  552.                 $params = [];
    553. 

  553.                 if ($new_comment) {
    554. 

  554.                     $params['comment'] = $new_comment;
    555. 

  555.                 }
    556. 

  556.                 if ($new_title) {
    557. 

  557.                     $params['title'] = $new_title;
    558. 

  558.                 }
    559. 

  559.                 if (!empty($params)) {
    560. 

  560.                     Database::update(
    561. 

  561.                         $doc_table,
    562. 

  562.                         $params,
    563. 

  563.                         ['c_id = ? AND id = ?' => [$course_id, $document_id]]
    564. 

  564.                     );
    565. 

  565.                 }
    566. 

  566.             }
    567. 

  567.             $dir = substr($dir, 0, -1);
    568. 

  568.             $selectcat = '';
    569. 

  569.             if (isset($_REQUEST['selectcat'])) {
    570. 

  570.                 $selectcat = "&selectcat=".intval($_REQUEST['selectcat']);
    571. 

  571.             }
    572. 

  572.             $certificate_condition = '';
    573. 

  573.             if ($is_certificate_mode) {
    574. 

  574.                 $df = DocumentManager::get_default_certificate_id($_course['code']);
    575. 

  575.                 if (!isset($df)) {
    576. 

  576.                     DocumentManager::attach_gradebook_certificate($_course['code'], $document_id);
    577. 

  577.                 }
    578. 

  578.                 $certificate_condition = '&certificate=true&curdirpath=/certificates';
    579. 

  579.             }
    580. 

  580.             Display::addFlash(Display::return_message(get_lang('ItemAdded')));
    581. 

  581.             header('Location: document.php?'.api_get_cidreq().'&id='.$folder_id.$selectcat.$certificate_condition);
    582. 

  582.             exit();
    583. 

  583.         } else {
    584. 

  584.             Display::addFlash(Display::return_message(get_lang('Impossible'), 'error'));
    585. 

  585.             Display :: display_header($nameTools, 'Doc');
    586. 

  586.             Display :: display_footer();
    587. 

  587.         }
    588. 

  588.     } else {
    589. 

  589.         Display::addFlash(Display::return_message(get_lang('Impossible'), 'error'));
    590. 

  590.         Display :: display_header($nameTools, 'Doc');
    591. 

  591.         Display :: display_footer();
    592. 

  592.     }
    593. 

  593. } else {
    594. 

  594.     // Copied from document.php
    595. 

  595.     $dir_array = explode('/', $dir);
    596. 

  596.     $array_len = count($dir_array);
    597. 

  597. 

  598.     // Breadcrumb for the current directory root path
    599. 

  599.     if (!empty($document_data)) {
    600. 

  600.         if (empty($document_data['parents'])) {
    601. 

  601.             $interbreadcrumb[] = array(
    602. 

  602.                 'url' => '#',
    603. 

  603.                 'name' => $document_data['title']
    604. 

  604.             );
    605. 

  605.         } else {
    606. 

  606.             foreach ($document_data['parents'] as $document_sub_data) {
    607. 

  607.                 $interbreadcrumb[] = array(
    608. 

  608.                     'url' => $document_sub_data['document_url'],
    609. 

  609.                     'name' => $document_sub_data['title']
    610. 

  610.                 );
    611. 

  611.             }
    612. 

  612.         }
    613. 

  613.     }
    614. 

  614. 

  615.     Display :: display_header($nameTools, "Doc");
    616. 

  616.     // actions
    617. 

  617. 

  618.     // link back to the documents overview
    619. 

  619.     if ($is_certificate_mode) {
    620. 

  620.             $actionsLeft = '<a href="document.php?certificate=true&id='.$folder_id.'&selectcat='.Security::remove_XSS($_GET['selectcat']).'">'.
    621. 

  621.                 Display::return_icon('back.png', get_lang('Back').' '.get_lang('To').' '.get_lang('CertificateOverview'), '', ICON_SIZE_MEDIUM).'</a>';
    622. 

  622.             $actionsLeft .= '<a id="hide_bar_template" href="#" role="button">'.
    623. 

  623.                 Display::return_icon('expand.png', get_lang('Back'), array('id'=>'expand'), ICON_SIZE_MEDIUM).Display::return_icon('contract.png', get_lang('Back'), array('id'=>'contract', 'class'=>'hide'), ICON_SIZE_MEDIUM).'</a>';
    624. 

  624.         } else {
    625. 

  625.             $actionsLeft = '<a href="document.php?curdirpath='.Security::remove_XSS($dir).'">'.
    626. 

  626.                 Display::return_icon('back.png', get_lang('Back').' '.get_lang('To').' '.get_lang('DocumentsOverview'), '', ICON_SIZE_MEDIUM).'</a>';
    627. 

  627.             $actionsLeft .= '<a id="hide_bar_template" href="#" role="button">'.
    628. 

  628.                 Display::return_icon('expand.png', get_lang('Expand'), array('id'=>'expand'), ICON_SIZE_MEDIUM).
    629. 

  629.                 Display::return_icon('contract.png', get_lang('Collapse'), array('id'=>'contract', 'class'=>'hide'), ICON_SIZE_MEDIUM).'</a>';
    630. 

  630.         }
    631. 

  631. 

  632.     echo $toolbar = Display::toolbarAction('actions-documents', array($actionsLeft));
    633. 

  633. 

  634.     if ($is_certificate_mode) {
    635. 

  635.         $all_information_by_create_certificate = DocumentManager::get_all_info_to_certificate(
    636. 

  636.             api_get_user_id(),
    637. 

  637.             api_get_course_id()
    638. 

  638.         );
    639. 

  639. 

  640.         $str_info = '';
    641. 

  641.         foreach ($all_information_by_create_certificate[0] as $info_value) {
    642. 

  642.             $str_info .= $info_value.'<br/>';
    643. 

  643.         }
    644. 

  644.         $create_certificate = get_lang('CreateCertificateWithTags');
    645. 

  645.         echo Display::return_message($create_certificate.': <br /><br/>'.$str_info, 'normal', false);
    646. 

  646.     }
    647. 

  647. 

  648.     // HTML-editor
    649. 

  649.     echo '<div class="page-create">
    650. 

  650.             <div class="row" style="overflow:hidden">
    651. 

  651.             <div id="template_col" class="col-md-3">
    652. 

  652.                 <div class="panel panel-default">
    653. 

  653.                 <div class="panel-body">
    654. 

  654.                     <div id="frmModel" class="items-templates scrollbar-light"></div>
    655. 

  655.                 </div>
    656. 

  656.                 </div>
    657. 

  657.             </div>
    658. 

  658.             <div id="doc_form" class="col-md-9">
    659. 

  659.                 '.$form->returnForm().'
    660. 

  660.             </div>
    661. 

  661.           </div></div>';
    662. 

  662.     Display :: display_footer();
    663. 

  663. }
    664. 

  664.