Halaman utama Jelajahi Bantuan
Daftar Masuk
aj
/
chamilo-lms2
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Cabang: experimental2
Ranting Tag
chamilo-lms2
/
main
/
document
/
create_document.php

create_document.php 21 KB
Permalink Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. 

  4. use ChamiloSession as Session;
    5. 

  5. use Chamilo\CoreBundle\Framework\Container;
    6. 

  6. 

  7. /**
    8. 

  8.  *	This file allows creating new html documents with an online WYSIWYG html editor.
    9. 

  9.  *
    10. 

  10.  *	@package chamilo.document
    11. 

  11.  */
    12. 

  12. 

  13. 

  14. Session::write('whereami', 'document/create');
    15. 

  15. $this_section = SECTION_COURSES;
    16. 

  16. 

  17. $groupRights = Session::read('group_member_with_upload_rights');
    18. 

  18. $htmlHeadXtra[] = '
    19. 

  19. <script>
    20. 

  20. 

  21. $(document).ready(function() {
    22. 

  22.     $(".scrollbar-light").scrollbar();
    23. 

  23. 

  24.     expandColumnToogle("#hide_bar_template", {
    25. 

  25.         selector: "#template_col",
    26. 

  26.         width: 3
    27. 

  27.     }, {
    28. 

  28.         selector: "#doc_form",
    29. 

  29.         width: 9
    30. 

  30. 

  31.     });
    32. 

  32. 

  33.     CKEDITOR.on("instanceReady", function (e) {
    34. 

  34.         showTemplates();
    35. 

  35.     });
    36. 

  36. });
    37. 

  37. 

  38. $(document).on("change", ".selectpicker", function () {
    39. 

  39.     var dirValue = $(this).val();
    40. 

  40.     $.ajax({
    41. 

  41.         contentType: "application/x-www-form-urlencoded",
    42. 

  42.         data: "dirValue="+dirValue,
    43. 

  43.         url: "' . api_get_path(WEB_AJAX_PATH) . 'document.ajax.php?a=document_destination",
    44. 

  44.         type: "POST",
    45. 

  45.         success: function(response) {
    46. 

  46.             $("[name=\'dirValue\']").val(response)
    47. 

  47.         }
    48. 

  48.     });
    49. 

  49. });
    50. 

  50. 

  51. function setFocus() {
    52. 

  52.    $("#document_title").focus();
    53. 

  53. }
    54. 

  54. 

  55. $(window).load(function () {
    56. 

  56. 	setFocus();
    57. 

  57. });
    58. 

  58. 

  59. </script>';
    60. 

  60. 

  61. //I'm in the certification module?
    62. 

  62. $is_certificate_mode = false;
    63. 

  63. 

  64. if (isset($_REQUEST['certificate']) && $_REQUEST['certificate'] == 'true') {
    65. 

  65. 	$is_certificate_mode = true;
    66. 

  66. }
    67. 

  67. 

  68. if ($is_certificate_mode) {
    69. 

  69. 	$nameTools = get_lang('CreateCertificate');
    70. 

  70. } else {
    71. 

  71. 	$nameTools = get_lang('CreateDocument');
    72. 

  72. }
    73. 

  73. 

  74. /*	Constants and variables */
    75. 

  75. 

  76. $doc_table = Database::get_course_table(TABLE_DOCUMENT);
    77. 

  77. $course_id = api_get_course_int_id();
    78. 

  78. $courseCode = api_get_course_id();
    79. 

  79. $sessionId = api_get_session_id();
    80. 

  80. $userId = api_get_user_id();
    81. 

  81. $_course = api_get_course_info();
    82. 

  82. $groupId = api_get_group_id();
    83. 

  83. $document_data = array();
    84. 

  84. 

  85. if (isset($_REQUEST['id'])) {
    86. 

  86.     $document_data = DocumentManager::get_document_data_by_id(
    87. 

  87.         $_REQUEST['id'],
    88. 

  88.         $courseCode,
    89. 

  89.         true,
    90. 

  90.         0
    91. 

  91.     );
    92. 

  92. }
    93. 

  93. 

  94. if (!empty($sessionId) && empty($document_data)) {
    95. 

  95.     $document_data = DocumentManager::get_document_data_by_id(
    96. 

  96.         $_REQUEST['id'],
    97. 

  97.         $courseCode,
    98. 

  98.         true,
    99. 

  99.         $sessionId
    100. 

  100.     );
    101. 

  101. }
    102. 

  102. $groupIid = 0;
    103. 

  103. 

  104. if (!empty($groupId)) {
    105. 

  105.     $group_properties = GroupManager::get_group_properties($groupId);
    106. 

  106.     $groupIid = $group_properties['iid'];
    107. 

  107. }
    108. 

  108. 

  109. if (empty($document_data)) {
    110. 

  110.     if (api_is_in_group()) {
    111. 

  111.         $document_id = DocumentManager::get_document_id($_course, $group_properties['directory']);
    112. 

  112.         $document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id());
    113. 

  113.         $dir = $document_data['path'];
    114. 

  114.         $folder_id = $document_data['id'];
    115. 

  115.     } else {
    116. 

  116.         $dir = '/';
    117. 

  117.         $folder_id = 0;
    118. 

  118.     }
    119. 

  119. } else {
    120. 

  120.     $folder_id = $document_data['id'];
    121. 

  121.     $dir = $document_data['path'];
    122. 

  122. }
    123. 

  123. 

  124. 

  125. /*	MAIN CODE */
    126. 

  126. 

  127. // Please, do not modify this dirname formatting
    128. 

  128. if (strstr($dir, '..')) {
    129. 

  129. 	$dir = '/';
    130. 

  130. }
    131. 

  131. 

  132. if ($dir[0] == '.') {
    133. 

  133. 	$dir = substr($dir, 1);
    134. 

  134. }
    135. 

  135. 

  136. if ($dir[0] != '/') {
    137. 

  137. 	$dir = '/'.$dir;
    138. 

  138. }
    139. 

  139. 

  140. if ($dir[strlen($dir) - 1] != '/') {
    141. 

  141. 	$dir .= '/';
    142. 

  142. }
    143. 

  143. 

  144. if ($is_certificate_mode) {
    145. 

  145. 	$document_id = DocumentManager::get_document_id(api_get_course_info(), '/certificates');
    146. 

  146. 	$document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), true);
    147. 

  147. 	$folder_id = $document_data['id'];
    148. 

  148. 	$dir = '/certificates/';
    149. 

  149. }
    150. 

  150. 

  151. $doc_tree  = explode('/', $dir);
    152. 

  152. $count_dir = count($doc_tree) -2; // "2" because at the begin and end there are 2 "/"
    153. 

  153. 

  154. if (api_is_in_group()) {
    155. 

  155.     $group_properties = GroupManager::get_group_properties(api_get_group_id());
    156. 

  156. 

  157.     // Level correction for group documents.
    158. 

  158.     if (!empty($group_properties['directory'])) {
    159. 

  159.     	$count_dir = $count_dir > 0 ? $count_dir - 1 : 0;
    160. 

  160.     }
    161. 

  161. }
    162. 

  162. $relative_url = '';
    163. 

  163. for ($i = 0; $i < ($count_dir); $i++) {
    164. 

  164. 	$relative_url .= '../';
    165. 

  165. }
    166. 

  166. 

  167. if ($relative_url== '') {
    168. 

  168. 	$relative_url = '/';
    169. 

  169. }
    170. 

  170. 

  171. $is_allowed_to_edit = api_is_allowed_to_edit(null, true);
    172. 

  172. 

  173. $editorConfig = array(
    174. 

  174.     'ToolbarSet' => ($is_allowed_to_edit ? 'Documents' : 'DocumentsStudent'),
    175. 

  175.     'Width' => '100%',
    176. 

  176.     'Height' => '400',
    177. 

  177.     'cols-size' => [2, 10, 0],
    178. 

  178.     'FullPage' => true,
    179. 

  179.     'InDocument' => true,
    180. 

  180. 	'CreateDocumentDir' => $relative_url,
    181. 

  181. 	'CreateDocumentWebDir' => (empty($group_properties['directory']))
    182. 

  182.                         		? api_get_path(WEB_COURSE_PATH).$_course['path'].'/document/'
    183. 

  183.                         		: api_get_path(WEB_COURSE_PATH).api_get_course_path().'/document'.$group_properties['directory'].'/',
    184. 

  184. 	'BaseHref' => api_get_path(WEB_COURSE_PATH).$_course['path'].'/document'.$dir
    185. 

  185. );
    186. 

  186. if ($is_certificate_mode) {
    187. 

  187.     $editorConfig['CreateDocumentDir'] = api_get_path(WEB_COURSE_PATH).$_course['path'].'/document/';
    188. 

  188.     $editorConfig['CreateDocumentWebDir'] = api_get_path(WEB_COURSE_PATH).$_course['path'].'/document/';
    189. 

  189.     $editorConfig['BaseHref'] = api_get_path(WEB_COURSE_PATH).$_course['path'].'/document'.$dir;
    190. 

  190. }
    191. 

  191. 

  192. $filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document';
    193. 

  193. 

  194. if (!is_dir($filepath)) {
    195. 

  195. 	$filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document/';
    196. 

  196. 	$dir = '/';
    197. 

  197. }
    198. 

  198. 

  199. $to_group_id = 0;
    200. 

  200. 

  201. if (!$is_certificate_mode) {
    202. 

  202. 	if (api_is_in_group()) {
    203. 

  203.         $interbreadcrumb[] = array(
    204. 

  204.             "url" => "../group/group_space.php?".api_get_cidreq(),
    205. 

  205.             "name" => get_lang('GroupSpace'),
    206. 

  206.         );
    207. 

  207. 		$noPHP_SELF = true;
    208. 

  208. 		$to_group_id = $group_properties['iid'];
    209. 

  209. 		$path = explode('/', $dir);
    210. 

  210. 		if ('/'.$path[1] != $group_properties['directory']) {
    211. 

  211. 			api_not_allowed(true);
    212. 

  212. 		}
    213. 

  213. 	}
    214. 

  214.     $interbreadcrumb[] = array(
    215. 

  215.         "url" => "./document.php?curdirpath=".urlencode($dir)."&".api_get_cidreq(),
    216. 

  216.         "name" => get_lang('Documents'),
    217. 

  217.     );
    218. 

  218. } else {
    219. 

  219.     $interbreadcrumb[] = array(
    220. 

  220.         'url' => '../gradebook/index.php?'.api_get_cidreq(),
    221. 

  221.         'name' => get_lang('Gradebook'),
    222. 

  222.     );
    223. 

  223. }
    224. 

  224. 

  225. if (!$is_allowed_in_course) {
    226. 

  226. 	api_not_allowed(true);
    227. 

  227. }
    228. 

  228. 

  229. if (!($is_allowed_to_edit ||
    230. 

  230.     $groupRights ||
    231. 

  231.     DocumentManager::is_my_shared_folder($userId, $dir, api_get_session_id()))
    232. 

  232. ) {
    233. 

  233. 	api_not_allowed(true);
    234. 

  234. }
    235. 

  235. 

  236. /*	Header */
    237. 

  237. Event::event_access_tool(TOOL_DOCUMENT);
    238. 

  238. 

  239. $display_dir = $dir;
    240. 

  240. if (isset($group_properties)) {
    241. 

  241. 	$display_dir = explode('/', $dir);
    242. 

  242. 	unset($display_dir[0]);
    243. 

  243. 	unset($display_dir[1]);
    244. 

  244. 	$display_dir = implode('/', $display_dir);
    245. 

  245. }
    246. 

  246. 

  247. $select_cat = isset($_GET['selectcat']) ? intval($_GET['selectcat']) : null;
    248. 

  248. $curDirPath = isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : null;
    249. 

  249. // Create a new form
    250. 

  250. $form = new FormValidator(
    251. 

  251.     'create_document',
    252. 

  252.     'post',
    253. 

  253.     api_get_self().'?'.api_get_cidreq().'&dir='.Security::remove_XSS(urlencode($dir)).'&selectcat='.$select_cat,
    254. 

  254.     null
    255. 

  255. );
    256. 

  256. 

  257. // form title
    258. 

  258. $form->addElement('header', $nameTools);
    259. 

  259. 

  260. if ($is_certificate_mode) {//added condition for certicate in gradebook
    261. 

  261. 	$form->addElement('hidden','certificate','true',array('id'=>'certificate'));
    262. 

  262. 	if (isset($_GET['selectcat'])) {
    263. 

  263. 		$form->addElement('hidden','selectcat', $select_cat);
    264. 

  264.     }
    265. 

  265. }
    266. 

  266. 

  267. // Hidden element with current directory
    268. 

  268. $form->addElement('hidden', 'id');
    269. 

  269. $defaults = array();
    270. 

  270. $defaults['id'] = $folder_id;
    271. 

  271. 

  272. // Filename
    273. 

  273. $form->addElement('hidden', 'title_edited', 'false', 'id="title_edited"');
    274. 

  274. 

  275. /**
    276. 

  276.  * Check if a document width the chosen filename already exists
    277. 

  277.  */
    278. 

  278. function document_exists($filename)
    279. 

  279. {
    280. 

  280.     global $dir;
    281. 

  281.     $cleanName = api_replace_dangerous_char($filename);
    282. 

  282. 

  283.     // No "dangerous" files
    284. 

  284.     $cleanName = disable_dangerous_file($cleanName);
    285. 

  285. 

  286.     return !DocumentManager::documentExists(
    287. 

  287.         $dir.$cleanName.'.html',
    288. 

  288.         api_get_course_info(),
    289. 

  289.         api_get_session_id(),
    290. 

  290.         api_get_group_id()
    291. 

  291.     );
    292. 

  292. }
    293. 

  293. 

  294. // Add group to the form
    295. 

  295. if ($is_certificate_mode) {
    296. 

  296.     $form->addText('title', get_lang('CertificateName'), true, array('cols-size' => [2, 10, 0], 'autofocus'));
    297. 

  297. } else {
    298. 

  298. 	$form->addText('title', get_lang('Title'), true, array('cols-size' => [2, 10, 0], 'autofocus'));
    299. 

  299. }
    300. 

  300. 

  301. // Show read-only box only in groups
    302. 

  302. if (!empty($groupId)) {
    303. 

  303.     $group[] = $form->createElement('checkbox', 'readonly', '', get_lang('ReadOnly'));
    304. 

  304. }
    305. 

  305. $form->addRule('title', get_lang('ThisFieldIsRequired'), 'required');
    306. 

  306. $form->addRule('title', get_lang('FileExists'), 'callback', 'document_exists');
    307. 

  307. 

  308. $current_session_id = api_get_session_id();
    309. 

  309. $form->addHtmlEditor('content', get_lang('Content'), true, true, $editorConfig, true);
    310. 

  310. 

  311. // Comment-field
    312. 

  312. $folders = DocumentManager::get_all_document_folders(
    313. 

  313.     $_course,
    314. 

  314.     $groupIid,
    315. 

  315.     $is_allowed_to_edit
    316. 

  316. );
    317. 

  317. 

  318. // If we are not in the certificates creation, display a folder chooser for the
    319. 

  319. // new document created
    320. 

  320. 

  321. if (!$is_certificate_mode &&
    322. 

  322. 	!DocumentManager::is_my_shared_folder($userId, $dir, $current_session_id)
    323. 

  323. ) {
    324. 

  324.     $folders = DocumentManager::get_all_document_folders(
    325. 

  325.         $_course,
    326. 

  326.         $groupIid,
    327. 

  327.         $is_allowed_to_edit
    328. 

  328.     );
    329. 

  329. 

  330. 	//$parent_select = $form->addElement('select', 'curdirpath', array(null, get_lang('DestinationDirectory')));
    331. 

  331.     $parent_select = $form->addSelect(
    332. 

  332.         'curdirpath',
    333. 

  333.         get_lang('DestinationDirectory'),
    334. 

  334.         null,
    335. 

  335.         array('cols-size' => [2, 10, 0])
    336. 

  336.     );
    337. 

  337. 	// Following two conditions copied from document.inc.php::build_directory_selector()
    338. 

  338. 	$folder_titles = array();
    339. 

  339. 

  340.     if (is_array($folders)) {
    341. 

  341.         $escaped_folders = array();
    342. 

  342.         foreach ($folders as $key => & $val) {
    343. 

  343.             // Hide some folders
    344. 

  344.             if ($val=='/HotPotatoes_files' || $val=='/certificates' || basename($val)=='css'){
    345. 

  345.                 continue;
    346. 

  346.             }
    347. 

  347.             // Admin setting for Hide/Show the folders of all users
    348. 

  348.             if (api_get_setting('document.show_users_folders') == 'false' && (strstr($val, '/shared_folder') || strstr($val, 'shared_folder_session_'))){
    349. 

  349.                 continue;
    350. 

  350.             }
    351. 

  351.             // Admin setting for Hide/Show Default folders to all users
    352. 

  352.             if (api_get_setting('document.show_default_folders') == 'false' && ($val=='/images' || $val=='/flash' || $val=='/audio' || $val=='/video' || strstr($val, '/images/gallery') || $val=='/video/flv')){
    353. 

  353.                 continue;
    354. 

  354.             }
    355. 

  355.             // Admin setting for Hide/Show chat history folder
    356. 

  356.             if (api_get_setting('document.show_chat_folder') == 'false' && $val=='/chat_files'){
    357. 

  357.                 continue;
    358. 

  358.             }
    359. 

  359. 

  360.             $escaped_folders[$key] = Database::escape_string($val);
    361. 

  361.         }
    362. 

  362.         $folder_sql = implode("','", $escaped_folders);
    363. 

  363. 

  364.         $sql = "SELECT * FROM $doc_table
    365. 

  365. 				WHERE
    366. 

  366. 				    c_id = $course_id AND
    367. 

  367. 				    filetype='folder' AND
    368. 

  368. 				    path IN ('".$folder_sql."')";
    369. 

  369.         $res = Database::query($sql);
    370. 

  370.         $folder_titles = array();
    371. 

  371.         while ($obj = Database::fetch_object($res)) {
    372. 

  372.             $folder_titles[$obj->path] = $obj->title;
    373. 

  373.         }
    374. 

  374.     }
    375. 

  375. 

  376. 	if (empty($group_dir)) {
    377. 

  377. 		$parent_select -> addOption(get_lang('HomeDirectory'), '/');
    378. 

  378. 		if (is_array($folders)) {
    379. 

  379. 			foreach ($folders as & $folder) {
    380. 

  380. 				//Hide some folders
    381. 

  381. 				if ($folder=='/HotPotatoes_files' || $folder=='/certificates' || basename($folder)=='css') {
    382. 

  382.                     continue;
    383. 

  383. 				}
    384. 

  384. 				//Admin setting for Hide/Show the folders of all users
    385. 

  385. 				if (api_get_setting('document.show_users_folders') == 'false' &&
    386. 

  386.                     (strstr($folder, '/shared_folder') || strstr($folder, 'shared_folder_session_'))
    387. 

  387.                 ){
    388. 

  388. 					continue;
    389. 

  389. 				}
    390. 

  390. 				//Admin setting for Hide/Show Default folders to all users
    391. 

  391. 				if (api_get_setting(
    392. 

  392. 								'document.show_default_folders'
    393. 

  393. 						) == 'false' &&
    394. 

  394.                     (
    395. 

  395.                         $folder == '/images' ||
    396. 

  396.                         $folder == '/flash' ||
    397. 

  397.                         $folder == '/audio' ||
    398. 

  398.                         $folder == '/video' ||
    399. 

  399.                         strstr($folder, '/images/gallery') ||
    400. 

  400.                         $folder == '/video/flv'
    401. 

  401.                     )
    402. 

  402.                 ){
    403. 

  403. 					continue;
    404. 

  404. 				}
    405. 

  405. 				//Admin setting for Hide/Show chat history folder
    406. 

  406. 				if (api_get_setting('chat.show_chat_folder') == 'false' &&
    407. 

  407.                     $folder=='/chat_files'
    408. 

  408.                 ){
    409. 

  409. 					continue;
    410. 

  410. 				}
    411. 

  411. 

  412. 				$selected = (substr($dir,0,-1) == $folder) ? ' selected="selected"' : '';
    413. 

  413. 				$path_parts = explode('/', $folder);
    414. 

  414. 				$folder_titles[$folder] = cut($folder_titles[$folder], 80);
    415. 

  415.                 $space_counter =count($path_parts) - 2;
    416. 

  416.                 if ($space_counter > 0) {
    417. 

  417.                     $label = str_repeat('&nbsp;&nbsp;&nbsp;', $space_counter).' &mdash; '.$folder_titles[$folder];
    418. 

  418.                 } else {
    419. 

  419.                     $label = ' &mdash; '.$folder_titles[$folder];
    420. 

  420.                 }
    421. 

  421. 				$parent_select -> addOption($label, $folder);
    422. 

  422. 				if ($selected != '') {
    423. 

  423. 					$parent_select->setSelected($folder);
    424. 

  424. 				}
    425. 

  425. 			}
    426. 

  426. 		}
    427. 

  427. 	} else {
    428. 

  428. 		if (is_array($folders) && !empty($folders)) {
    429. 

  429. 		    foreach ($folders as & $folder) {
    430. 

  430. 			    $selected = (substr($dir, 0, -1) == $folder) ? ' selected="selected"' : '';
    431. 

  431. 			    $label = $folder_titles[$folder];
    432. 

  432. 			    if ($folder == $group_dir) {
    433. 

  433. 					    $label = '/ (' . get_lang('HomeDirectory') . ')';
    434. 

  434. 			    } else {
    435. 

  435. 				    $path_parts = explode('/', str_replace($group_dir, '', $folder));
    436. 

  436. 				    $label = cut($label, 80);
    437. 

  437. 					    $label = str_repeat('&nbsp;&nbsp;&nbsp;', count($path_parts) - 2) . ' &mdash; ' . $label;
    438. 

  438. 			    }
    439. 

  439. 				    $parent_select->addOption($label, $folder);
    440. 

  440. 			    if ($selected != '') {
    441. 

  441. 				    $parent_select->setSelected($folder);
    442. 

  442. 				}
    443. 

  443. 		    }
    444. 

  444. 		}
    445. 

  445. 	}
    446. 

  446. }
    447. 

  447. 

  448. $form->addHidden('dirValue', '');
    449. 

  449. 

  450. if ($is_certificate_mode) {
    451. 

  451. 	$form->addButtonCreate(get_lang('CreateCertificate'));
    452. 

  452. } else {
    453. 

  453. 	$form->addButtonCreate(get_lang('CreateDoc'));
    454. 

  454. }
    455. 

  455. 

  456. $form->setDefaults($defaults);
    457. 

  457. 

  458. // If form validates -> save the new document
    459. 

  459. if ($form->validate()) {
    460. 

  460. 	$values = $form->exportValues();
    461. 

  461. 	$readonly = isset($values['readonly']) ? 1 : 0;
    462. 

  462. 	$values['title'] = trim($values['title']);
    463. 

  463. 

  464.     if (!empty($values['dirValue'])) {
    465. 

  465.         $dir = $values['dirValue'];
    466. 

  466.     }
    467. 

  467. 

  468.     if ($dir[strlen($dir) - 1] != '/') {
    469. 

  469. 		$dir .= '/';
    470. 

  470. 	}
    471. 

  471.     $filepath = $filepath.$dir;
    472. 

  472. 

  473.     // Setting the filename
    474. 

  474. 	$filename = $values['title'];
    475. 

  475. 	$filename = addslashes(trim($filename));
    476. 

  476. 	$filename = Security::remove_XSS($filename);
    477. 

  477. 	$filename = api_replace_dangerous_char($filename);
    478. 

  478. 	$filename = disable_dangerous_file($filename);
    479. 

  479.     $filename .= DocumentManager::getDocumentSuffix(
    480. 

  480.         $_course,
    481. 

  481.         api_get_session_id(),
    482. 

  482.         api_get_group_id()
    483. 

  483.     );
    484. 

  484. 

  485.     // Setting the title
    486. 

  486. 	$title = $values['title'];
    487. 

  487. 

  488.     // Setting the extension
    489. 

  489. 	$extension = 'html';
    490. 

  490. 

  491. 	$content = Security::remove_XSS($values['content'], COURSEMANAGERLOWSECURITY);
    492. 

  492. 

  493. 	/*if (strpos($content, '/css/frames.css') == false) {
    494. 

  494. 		$content = str_replace('</head>', '<link rel="stylesheet" href="./css/frames.css" type="text/css" /><style> body{margin:50px;}</style></head>', $content);
    495. 

  495. 	}*/
    496. 

  496. 

  497.     // Don't create file with the same name.
    498. 

  498. 

  499.     if (file_exists($filepath.$filename.'.'.$extension)) {
    500. 

  500.         Display:: display_header($nameTools, 'Doc');
    501. 

  501.         Display:: display_error_message(get_lang('FileExists').' '.$title, false);
    502. 

  502.         Display:: display_footer();
    503. 

  503.         exit;
    504. 

  504.     }
    505. 

  505. 

  506. 	if ($fp = @fopen($filepath.$filename.'.'.$extension, 'w')) {
    507. 

  507. 		//$courseUrl = \Chamilo\CoreBundle\Framework\Container::getUrlGenerator()->generate('course_url').'/';
    508. 

  508.         $content = str_replace(api_get_path(WEB_COURSE_PATH), Container::getUrlAppend().'/courses/', $content);
    509. 

  509. 

  510. 		fputs($fp, $content);
    511. 

  511. 		fclose($fp);
    512. 

  512. 		chmod($filepath.$filename.'.'.$extension, api_get_permissions_for_new_files());
    513. 

  513. 

  514. 		$file_size = filesize($filepath.$filename.'.'.$extension);
    515. 

  515. 		$save_file_path = $dir.$filename.'.'.$extension;
    516. 

  516. 

  517.         $document_id = add_document(
    518. 

  518.             $_course,
    519. 

  519.             $save_file_path,
    520. 

  520.             'file',
    521. 

  521.             $file_size,
    522. 

  522.             $title,
    523. 

  523.             null,
    524. 

  524.             $readonly
    525. 

  525.         );
    526. 

  526. 

  527. 		if ($document_id) {
    528. 

  528. 			api_item_property_update(
    529. 

  529.                 $_course,
    530. 

  530.                 TOOL_DOCUMENT,
    531. 

  531.                 $document_id,
    532. 

  532.                 'DocumentAdded',
    533. 

  533.                 $userId,
    534. 

  534.                 $to_group_id,
    535. 

  535.                 null,
    536. 

  536.                 null,
    537. 

  537.                 null,
    538. 

  538.                 $current_session_id
    539. 

  539.             );
    540. 

  540. 			// Update parent folders
    541. 

  541. 			item_property_update_on_folder($_course, $dir, $userId);
    542. 

  542. 			$new_comment = isset($_POST['comment']) ? trim($_POST['comment']) : '';
    543. 

  543. 			$new_title = isset($_POST['title']) ? trim($_POST['title']) : '';
    544. 

  544.             $new_title = htmlspecialchars($new_title);
    545. 

  545. 			if ($new_comment || $new_title) {
    546. 

  546. 				$ct = '';
    547. 

  547.                 $params = [];
    548. 

  548.                 if ($new_comment) {
    549. 

  549.                     $params['comment'] = $new_comment;
    550. 

  550.                 }
    551. 

  551.                 if ($new_title) {
    552. 

  552.                     $params['title'] = $new_title;
    553. 

  553.                 }
    554. 

  554.                 if (!empty($params)) {
    555. 

  555.                     Database::update(
    556. 

  556.                         $doc_table,
    557. 

  557.                         $params,
    558. 

  558.                         ['c_id = ? AND id = ?' => [$course_id, $document_id]]
    559. 

  559.                     );
    560. 

  560.                 }
    561. 

  561. 			}
    562. 

  562. 			$dir= substr($dir,0,-1);
    563. 

  563. 			$selectcat = '';
    564. 

  564.             if (isset($_REQUEST['selectcat'])) {
    565. 

  565.                 $selectcat = "&selectcat=".intval($_REQUEST['selectcat']);
    566. 

  566.             }
    567. 

  567. 			$certificate_condition = '';
    568. 

  568. 			if ($is_certificate_mode) {
    569. 

  569. 				$df = DocumentManager::get_default_certificate_id($_course['code']);
    570. 

  570.                 if (!isset($df)) {
    571. 

  571.                     DocumentManager::attach_gradebook_certificate($_course['code'],$document_id);
    572. 

  572. 				}
    573. 

  573. 				$certificate_condition = '&certificate=true&curdirpath=/certificates';
    574. 

  574. 			}
    575. 

  575. 

  576.             Display::addFlash(Display::return_message(get_lang('ItemAdded')));
    577. 

  577. 			header('Location: document.php?'.api_get_cidreq().'&id='.$folder_id.$selectcat.$certificate_condition);
    578. 

  578. 			exit();
    579. 

  579. 		} else {
    580. 

  580. 			Display :: display_header($nameTools, 'Doc');
    581. 

  581. 			Display :: display_error_message(get_lang('Impossible'));
    582. 

  582. 			Display :: display_footer();
    583. 

  583. 		}
    584. 

  584. 	} else {
    585. 

  585. 		Display :: display_header($nameTools, 'Doc');
    586. 

  586. 		Display :: display_error_message(get_lang('Impossible'));
    587. 

  587. 		Display :: display_footer();
    588. 

  588. 	}
    589. 

  589. } else {
    590. 

  590. 	// Copied from document.php
    591. 

  591. 	$dir_array = explode('/', $dir);
    592. 

  592. 	$array_len = count($dir_array);
    593. 

  593. 

  594. 	// Breadcrumb for the current directory root path
    595. 

  595.     if (!empty($document_data)) {
    596. 

  596.         if (empty($document_data['parents'])) {
    597. 

  597.             $interbreadcrumb[] = array(
    598. 

  598.                 'url' => '#',
    599. 

  599.                 'name' => $document_data['title']
    600. 

  600.             );
    601. 

  601.         } else {
    602. 

  602.             foreach ($document_data['parents'] as $document_sub_data) {
    603. 

  603.                 $interbreadcrumb[] = array(
    604. 

  604.                     'url' => $document_sub_data['document_url'],
    605. 

  605.                     'name' => $document_sub_data['title']
    606. 

  606.                 );
    607. 

  607.             }
    608. 

  608.         }
    609. 

  609.     }
    610. 

  610. 

  611. 	Display :: display_header($nameTools, "Doc");
    612. 

  612. 	// actions
    613. 

  613. 

  614. 	// link back to the documents overview
    615. 

  615. 	if ($is_certificate_mode) {
    616. 

  616. 		$actionsLeft =  '<a href="document.php?certificate=true&id='.$folder_id.'&selectcat=' . Security::remove_XSS($_GET['selectcat']).'">'.
    617. 

  617.             Display::return_icon('back.png',get_lang('Back').' '.get_lang('To').' '.get_lang('CertificateOverview'),'',ICON_SIZE_MEDIUM).'</a>';
    618. 

  618.             $actionsLeft .= '<a id="hide_bar_template" href="#" role="button">'.
    619. 

  619.                 Display::return_icon('expand.png',get_lang('Back'),array('id'=>'expand'),ICON_SIZE_MEDIUM).Display::return_icon('contract.png',get_lang('Back'),array('id'=>'contract', 'class'=>'hide'),ICON_SIZE_MEDIUM).'</a>';
    620. 

  620.     } else {
    621. 

  621. 	    $actionsLeft = '<a href="document.php?curdirpath='.Security::remove_XSS($dir).'">'.
    622. 

  622.             Display::return_icon('back.png',get_lang('Back').' '.get_lang('To').' '.get_lang('DocumentsOverview'),'',ICON_SIZE_MEDIUM).'</a>';
    623. 

  623.         $actionsLeft .= '<a id="hide_bar_template" href="#" role="button">'.
    624. 

  624.             Display::return_icon('expand.png',get_lang('Expand'),array('id'=>'expand'),ICON_SIZE_MEDIUM).
    625. 

  625.             Display::return_icon('contract.png',get_lang('Collapse'),array('id'=>'contract', 'class'=>'hide'),ICON_SIZE_MEDIUM).'</a>';
    626. 

  626.     }
    627. 

  627. 

  628.     echo $toolbar = Display::toolbarAction('actions-documents', array($actionsLeft));
    629. 

  629. 

  630. 

  631. 	if ($is_certificate_mode) {
    632. 

  632.         $all_information_by_create_certificate = DocumentManager::get_all_info_to_certificate(
    633. 

  633.             api_get_user_id(),
    634. 

  634.             api_get_course_id()
    635. 

  635.         );
    636. 

  636. 

  637. 		$str_info = '';
    638. 

  638. 		foreach ($all_information_by_create_certificate[0] as $info_value) {
    639. 

  639. 			$str_info.=$info_value.'<br/>';
    640. 

  640. 		}
    641. 

  641. 		$create_certificate = get_lang('CreateCertificateWithTags');
    642. 

  642. 		Display::display_normal_message($create_certificate.': <br /><br/>'.$str_info,false);
    643. 

  643. 	}
    644. 

  644.     // HTML-editor
    645. 

  645.     echo '<div class="page-create">
    646. 

  646.             <div class="row" style="overflow:hidden">
    647. 

  647.             <div id="template_col" class="col-md-3">
    648. 

  648.                 <div class="panel panel-default">
    649. 

  649.                 <div class="panel-body">
    650. 

  650.                     <div id="frmModel" class="items-templates scrollbar-light"></div>
    651. 

  651.                 </div>
    652. 

  652.                 </div>
    653. 

  653.             </div>
    654. 

  654.             <div id="doc_form" class="col-md-9">
    655. 

  655.                 '.$form->returnForm().'
    656. 

  656.             </div>
    657. 

  657.           </div></div>';
    658. 

  658. 	Display :: display_footer();
    659. 

  659. }
    660.