edit_paint.php 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. use ChamiloSession as Session;
  4. /**
  5. * This file allows creating new svg and png documents with an online editor.
  6. *
  7. * @package chamilo.document
  8. *
  9. * @todo used the document_id instead of the curdirpath
  10. *
  11. * @author Juan Carlos Raña Trabado
  12. *
  13. * @since 30/january/2011
  14. */
  15. require_once __DIR__.'/../inc/global.inc.php';
  16. $this_section = SECTION_COURSES;
  17. $groupRights = Session::read('group_member_with_upload_rights');
  18. api_protect_course_script(true);
  19. api_block_anonymous_users();
  20. $_course = api_get_course_info();
  21. $groupId = api_get_group_id();
  22. $document_data = DocumentManager::get_document_data_by_id(
  23. $_GET['id'],
  24. api_get_course_id(),
  25. true
  26. );
  27. if (empty($document_data)) {
  28. api_not_allowed();
  29. } else {
  30. $document_id = $document_data['id'];
  31. $file_path = $document_data['path'];
  32. $dir = dirname($document_data['path']);
  33. $parent_id = DocumentManager::get_document_id(api_get_course_info(), $dir);
  34. $my_cur_dir_path = isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : null;
  35. }
  36. //and urlencode each url $curdirpath (hack clean $curdirpath under Windows - Bug #3261)
  37. $dir = str_replace('\\', '/', $dir);
  38. if (empty($dir)) {
  39. $dir = '/';
  40. }
  41. /* Constants & Variables */
  42. $current_session_id = api_get_session_id();
  43. //path for pixlr save
  44. Session::write('paint_dir', Security::remove_XSS($dir));
  45. Session::write('paint_file', basename(Security::remove_XSS($file_path)));
  46. $get_file = Security::remove_XSS($file_path);
  47. $file = basename($get_file);
  48. $temp_file = explode(".", $file);
  49. $filename = $temp_file[0];
  50. $nameTools = get_lang('Edit').': '.$filename;
  51. $courseDir = $_course['path'].'/document';
  52. $is_allowed_to_edit = api_is_allowed_to_edit(null, true);
  53. /* Other initialization code */
  54. /* Please, do not modify this dirname formatting */
  55. if (strstr($dir, '..')) {
  56. $dir = '/';
  57. }
  58. if ($dir[0] == '.') {
  59. $dir = substr($dir, 1);
  60. }
  61. if ($dir[0] != '/') {
  62. $dir = '/'.$dir;
  63. }
  64. if ($dir[strlen($dir) - 1] != '/') {
  65. $dir .= '/';
  66. }
  67. $filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document'.$dir;
  68. if (!is_dir($filepath)) {
  69. $filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document/';
  70. $dir = '/';
  71. }
  72. //groups //TODO:clean
  73. if (!empty($groupId)) {
  74. $interbreadcrumb[] = [
  75. 'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(),
  76. 'name' => get_lang('Group area'),
  77. ];
  78. $group_document = true;
  79. }
  80. $is_certificate_mode = DocumentManager::is_certificate_mode($dir);
  81. if (!$is_certificate_mode) {
  82. $interbreadcrumb[] = [
  83. "url" => "./document.php?curdirpath=".urlencode($my_cur_dir_path).'&'.api_get_cidreq(),
  84. "name" => get_lang('Documents'),
  85. ];
  86. } else {
  87. $interbreadcrumb[] = [
  88. 'url' => Category::getUrl(),
  89. 'name' => get_lang('Assessments'),
  90. ];
  91. }
  92. // Interbreadcrumb for the current directory root path
  93. if (empty($document_data['parents'])) {
  94. $interbreadcrumb[] = ['url' => '#', 'name' => $document_data['title']];
  95. } else {
  96. foreach ($document_data['parents'] as $document_sub_data) {
  97. if ($document_data['title'] == $document_sub_data['title']) {
  98. continue;
  99. }
  100. $interbreadcrumb[] = ['url' => $document_sub_data['document_url'], 'name' => $document_sub_data['title']];
  101. }
  102. }
  103. $is_allowedToEdit = api_is_allowed_to_edit(null, true) || $groupRights ||
  104. DocumentManager::is_my_shared_folder(api_get_user_id(), $dir, $current_session_id);
  105. if (!$is_allowedToEdit) {
  106. api_not_allowed(true);
  107. }
  108. Event::event_access_tool(TOOL_DOCUMENT);
  109. Display :: display_header($nameTools, 'Doc');
  110. echo '<div class="actions">';
  111. echo '<a href="document.php?id='.$parent_id.'&'.api_get_cidreq().'">'.
  112. Display::return_icon('back.png', get_lang('Back to').' '.get_lang('Documents overview'), '', ICON_SIZE_MEDIUM).'</a>';
  113. echo '<a href="edit_document.php?'.api_get_cidreq().'&id='.$document_id.'&'.api_get_cidreq().'&origin=editpaint">'.
  114. Display::return_icon('edit.png', get_lang('Rename').'/'.get_lang('Comment'), '', ICON_SIZE_MEDIUM).'</a>';
  115. echo '</div>';
  116. // pixlr
  117. $title = $file; //disk name. No sql name because pixlr return this when save
  118. $langpixlr = api_get_language_isocode();
  119. $langpixlr = isset($pixlr_code_translation_table[$langpixlr]) ? $pixlredit_code_translation_table[$langpixlr] : $langpixlr;
  120. $loc = $langpixlr; // deprecated ?? TODO:check pixlr read user browser
  121. $exit_path = api_get_path(WEB_CODE_PATH).'document/exit_pixlr.php';
  122. Session::write('exit_pixlr', Security::remove_XSS($parent_id));
  123. $referrer = "Chamilo";
  124. $target_path = api_get_path(WEB_CODE_PATH).'document/save_pixlr.php';
  125. $target = $target_path;
  126. $locktarget = "true";
  127. $locktitle = "false";
  128. if ($_SERVER['HTTP_HOST'] == "localhost") {
  129. $path_and_file = api_get_path(SYS_PATH).'/crossdomain.xml';
  130. if (!file_exists($path_and_file)) {
  131. $crossdomain = '<?xml version="1.0"?>
  132. <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
  133. <cross-domain-policy>
  134. <allow-access-from domain="cdn.pixlr.com" />
  135. <site-control permitted-cross-domain-policies="master-only"/>
  136. <allow-http-request-headers-from domain="cnd.pixlr.com" headers="*" secure="true"/>
  137. </cross-domain-policy>'; //more open domain="*"
  138. @file_put_contents($path_and_file, $crossdomain);
  139. }
  140. $credentials = "true";
  141. } else {
  142. $credentials = "false";
  143. }
  144. //make temp images
  145. $temp_folder = api_get_path(SYS_ARCHIVE_PATH).'temp/images';
  146. if (!file_exists($temp_folder)) {
  147. @mkdir($temp_folder, api_get_permissions_for_new_directories(), true); //TODO:check $permissions value, now empty;
  148. }
  149. //make htaccess with allow from all, and file index.html into temp/images
  150. $htaccess = api_get_path(SYS_ARCHIVE_PATH).'temp/images/.htaccess';
  151. if (!file_exists($htaccess)) {
  152. $htaccess_content = "order deny,allow\r\nallow from all\r\nOptions -Indexes";
  153. $fp = @fopen(api_get_path(SYS_ARCHIVE_PATH).'temp/images/.htaccess', 'w');
  154. if ($fp) {
  155. fwrite($fp, $htaccess_content);
  156. fclose($fp);
  157. }
  158. }
  159. $html_index = api_get_path(SYS_ARCHIVE_PATH).'temp/images/index.html';
  160. if (!file_exists($html_index)) {
  161. $html_index_content = "<html><head></head><body></body></html>";
  162. $fp = @fopen(api_get_path(SYS_ARCHIVE_PATH).'temp/images/index.html', 'w');
  163. if ($fp) {
  164. fwrite($fp, $html_index_content);
  165. fclose($fp);
  166. }
  167. }
  168. //encript temp name file
  169. $name_crip = sha1(uniqid()); //encript
  170. $findext = explode(".", $file);
  171. $extension = $findext[count($findext) - 1];
  172. $file_crip = $name_crip.'.'.$extension;
  173. //copy file to temp/images directory
  174. $from = $filepath.$file;
  175. $to = api_get_path(SYS_ARCHIVE_PATH).'temp/images/'.$file_crip;
  176. copy($from, $to);
  177. Session::write('temp_realpath_image', $to);
  178. //load image to url
  179. $to_url = api_get_path(WEB_ARCHIVE_PATH).'temp/images/'.$file_crip;
  180. $image = urlencode($to_url);
  181. $pixlr_url = '//pixlr.com/editor/?title='.$title.'&image='.$image.'&loc='.$loc.'&referrer='.$referrer.'&target='.$target.'&exit='.$exit_path.'&locktarget='.$locktarget.'&locktitle='.$locktitle.'&credentials='.$credentials;
  182. //make frame an send image
  183. ?>
  184. <script>
  185. document.write ('<iframe id="frame" frameborder="0" scrolling="no" src="<?php echo $pixlr_url; ?>" width="100%" height="100%"><noframes><p>Sorry, your browser does not handle frames</p></noframes></iframe>');
  186. function resizeIframe() {
  187. var height = window.innerHeight;
  188. //max lower size
  189. if (height<600) {
  190. height=600;
  191. }
  192. document.getElementById('frame').style.height = height +"px";
  193. };
  194. document.getElementById('frame').onload = resizeIframe;
  195. window.onresize = resizeIframe;
  196. </script>
  197. <?php
  198. echo '<noscript>';
  199. echo '<iframe style="height: 600px; width: 100%;" scrolling="no" frameborder="0" src="'.$pixlr_url.'"><noframes><p>Sorry, your browser does not handle frames</p></noframes></iframe>';
  200. echo '</noscript>';
  201. Display::display_footer();