Home Explore Help
Register Sign In
aj
/
chamilo-lms2
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e7c246f349
Branches Tags
chamilo-lms2
/
main
/
inc
/
lib
/
nanogong
/
receiver.php

receiver.php 2.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. 

  4. /**
    5. 

  5.  *    This file allows creating new svg and png documents with an online editor.
    6. 

  6.  *
    7. 

  7.  * @package chamilo.document
    8. 

  8.  *
    9. 

  9.  * @author Juan Carlos Raña Trabado
    10. 

  10.  * @since 5/mar/2011
    11. 

  11.  */
    12. 

  12. /**
    13. 

  13.  * Code
    14. 

  14.  */
    15. 

  15. require_once '../../../inc/global.inc.php';
    16. 

  16. 

  17. api_protect_course_script();
    18. 

  18. api_block_anonymous_users();
    19. 

  19. 

  20. if (!isset($_GET['filename']) || !isset($_GET['filepath']) || !isset($_GET['dir']) || !isset($_GET['course_code']) || !isset($_GET['nano_group_id']) || !isset($_GET['nano_session_id']) || !isset($_GET['nano_user_id'])) {
    21. 

  21.     echo 'Error. Not allowed';
    22. 

  22.     exit;
    23. 

  23. }
    24. 

  24. if (!is_uploaded_file($_FILES['voicefile']['tmp_name'])) {
    25. 

  25.     exit;
    26. 

  26. }
    27. 

  27. 

  28. //clean
    29. 

  29. $nano_user_id = Security::remove_XSS($_GET['nano_user_id']);
    30. 

  30. $nano_group_id = Security::remove_XSS($_GET['nano_group_id']);
    31. 

  31. $nano_session_id = Security::remove_XSS($_GET['nano_session_id']);
    32. 

  32. 

  33. $filename = Security::remove_XSS($_GET['filename']);
    34. 

  34. $filename = urldecode($filename);
    35. 

  35. $filepath = Security::remove_XSS(urldecode($_GET['filepath']));
    36. 

  36. $dir = Security::remove_XSS(urldecode($_GET['dir']));
    37. 

  37. 

  38. $course_code = Security::remove_XSS(urldecode($_GET['course_code']));
    39. 

  39. $_course = api_get_course_info($course_code);
    40. 

  40. 

  41. $filename = trim($_GET['filename']);
    42. 

  42. $filename = Security::remove_XSS($filename);
    43. 

  43. $filename = Database::escape_string($filename);
    44. 

  44. $filename = api_replace_dangerous_char($filename, $strict = 'loose'); // or strict
    45. 

  45. $filename = FileManager::disable_dangerous_file($filename);
    46. 

  46. 

  47. $title = trim(str_replace('_chnano_.', '.', $filename)); //hide nanogong wav tag at title
    48. 

  48. $title = str_replace('_', ' ', $title);
    49. 

  49. 

  50. //
    51. 

  51. $documentPath = $filepath.$filename;
    52. 

  52. 

  53. if ($nano_user_id != api_get_user_id() || api_get_user_id() == 0 || $nano_user_id == 0) {
    54. 

  54.     echo 'Not allowed';
    55. 

  55.     exit;
    56. 

  56. }
    57. 

  57. 

  58. 

  59. //Do not use here check Fileinfo method because return: text/plain
    60. 

  60. 

  61. // Check if there is enough space in the course to save the file
    62. 

  62. if (!DocumentManager::enough_space(filesize($_FILES['voicefile']['tmp_name']), DocumentManager::get_course_quota())) {
    63. 

  63.     die(get_lang('UplNotEnoughSpace'));
    64. 

  64. }
    65. 

  65. 

  66. if (!file_exists($documentPath)) {
    67. 

  67.     //add document to disk
    68. 

  68.     move_uploaded_file($_FILES['voicefile']['tmp_name'], $documentPath);
    69. 

  69. 

  70.     //add document to database
    71. 

  71.     $current_session_id = $nano_session_id;
    72. 

  72.     $groupId = $nano_group_id;
    73. 

  73.     $file_size = filesize($documentPath);
    74. 

  74.     $relativeUrlPath = $dir;
    75. 

  75.     $doc_id = FileManager::add_document($_course, $relativeUrlPath.$filename, 'file', filesize($documentPath), $title);
    76. 

  76.     api_item_property_update(
    77. 

  77.         $_course,
    78. 

  78.         TOOL_DOCUMENT,
    79. 

  79.         $doc_id,
    80. 

  80.         'DocumentAdded',
    81. 

  81.         $nano_user_id,
    82. 

  82.         $groupId,
    83. 

  83.         null,
    84. 

  84.         null,
    85. 

  85.         null,
    86. 

  86.         $current_session_id
    87. 

  87.     );
    88. 

  88. } else {
    89. 

  89.     return get_lang('FileExistRename');
    90. 

  90. }
    91.