mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-02-02 14:19:07 +01:00
Code Issues Projects Releases Wiki Activity

merged from 14_STABLE -

Browse Source 
changes:
* sesskey;
* only editing teachers can use it;
* time modified - used filemtime (consistency with files/index.php, better for Win32);
* directory sizes shown;
* removed unused "torte" action;
* updated breadcrums (active folder not linked and »);
* updated comments;
* some other fixes from files/index.php.

Please test, test, test.
This commit is contained in:
skodak 2004-10-26 19:25:53 +00:00
parent 083eccc26b
commit 23eb1cc518
1 changed files with 50 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
mod/resource/coursefiles.php
View File

@ -3,8 +3,7 @@
// Manage all uploaded files in a course file area
// This file is a hack to files/index.php that removes
// the headers and adds some controls so that images
// can be selected within the Richtext editor.
// the headers and adds file selection capability
// All the Moodle-specific stuff is in this top section
// Configuration and access control occurs here.
@ -14,10 +13,14 @@
require("../../config.php");
require("../../files/mimetypes.php");
require_variable($id);
optional_variable($file, "");
optional_variable($wdir, "");
optional_variable($action, "");
global $USER;
$id = required_param('id', PARAM_INT);
$file = optional_param('file', '', PARAM_PATH);
$wdir = optional_param('wdir', '', PARAM_PATH);
$action = optional_param('action', '', PARAM_ACTION);
$name = optional_param('name', '', PARAM_FILE);
$oldname = optional_param('oldname', '', PARAM_FILE);
if (! $course = get_record("course", "id", $id) ) {
error("That's an invalid course id");
@ -25,8 +28,8 @@
require_login($course->id);
if (! isteacher($course->id) ) {
error("Only teachers can edit files");
if (! isteacheredit($course->id) ) {
error("You need to be a teacher with editing privileges");
}
function html_footer() {
@ -50,12 +53,12 @@
$numdirs = count($dirs);
$link = "";
$navigation = "";
for ($i=1; $i<$numdirs; $i++) {
for ($i=1; $i<$numdirs-1; $i++) {
$navigation .= " -> ";
$link .= "/".urlencode($dirs[$i]);
$navigation .= "<a href=\"".$ME."?id=$course->id&amp;wdir=$link\">".$dirs[$i]."</a>";
}
$fullnav = "<a href=\"".$ME."?id=$course->id&amp;wdir=/\">$strfiles</a> $navigation";
$fullnav = "<a href=\"".$ME."?id=$course->id&amp;wdir=/\">$strfiles</a> $navigation -> ".$dirs[$numdirs-1];
}
print_header();
@ -70,10 +73,11 @@
</script>
<?php
$fullnav = str_replace('->', '&raquo;', "$course->shortname -> $fullnav");
echo '<table border="0" cellpadding="3" cellspacing="0" width="100%">';
echo '<tr>';
echo '<td bgcolor="'.$THEME->cellheading.'" class="navbar">';
echo '<font size="2"><b>'."$course->shortname -> $fullnav".'</b></font>';
echo '<font size="2"><b>'.$fullnav.'</b></font>';
echo '</td>';
echo '</tr>';
echo '</table>';
@ -96,17 +100,17 @@
// End of configuration and access control
$regexp="\\.\\.";
if (ereg( $regexp, $file, $regs )| ereg( $regexp, $wdir,$regs )) {
if (!$wdir) {
$wdir="/";
}
if (($wdir != '/' and detect_munged_arguments($wdir, 0))
or ($file != '' and detect_munged_arguments($file, 0))) {
$message = "Error: Directories can not contain \"..\"";
$wdir = "/";
$action = "";
}
if (!$wdir) {
$wdir="/";
}
switch ($action) {
@ -114,7 +118,7 @@
html_header($course, $wdir);
require_once($CFG->dirroot.'/lib/uploadlib.php');
if (!empty($save)) {
if (!empty($save) and confirm_sesskey()) {
$um = new upload_manager('userfile',false,false,$course,false,0);
$dir = "$basedir$wdir";
if ($um->process_file_uploads($dir)) {
@ -122,6 +126,7 @@
}
// um will take care of error reporting.
displaydir($wdir);
} else {
$upload_max_filesize = get_max_upload_file_size($CFG->maxbytes);
$filesize = display_size($upload_max_filesize);
@ -138,6 +143,7 @@
echo " <input type=\"hidden\" name=\"id\" value=$id />";
echo " <input type=\"hidden\" name=\"wdir\" value=$wdir />";
echo " <input type=\"hidden\" name=\"action\" value=\"upload\" />";
echo " <input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />";
echo " </td><tr><td width=\"10\">";
echo " <input type=\"submit\" name=\"save\" value=\"$struploadthisfile\" />";
echo "</form>";
@ -154,7 +160,7 @@
break;
case "delete":
if (!empty($confirm)) {
if (!empty($confirm) and confirm_sesskey()) {
html_header($course, $wdir);
foreach ($USER->filelist as $file) {
$fullfile = $basedir.$file;
@ -175,7 +181,7 @@
print_simple_box_end();
echo "<br />";
notice_yesno (get_string("deletecheckfiles"),
"".basename($ME)."?id=$id&amp;wdir=$wdir&amp;action=delete&amp;confirm=1",
"".basename($ME)."?id=$id&amp;wdir=$wdir&amp;action=delete&amp;confirm=1&amp;sesskey=$USER->sesskey",
"".basename($ME)."?id=$id&amp;wdir=$wdir&amp;action=cancel");
} else {
displaydir($wdir);
@ -186,7 +192,7 @@
case "move":
html_header($course, $wdir);
if ($count = setfilelist($_POST)) {
if (($count = setfilelist($_POST)) and confirm_sesskey()) {
$USER->fileop = $action;
$USER->filesource = $wdir;
echo "<p align=\"center\">";
@ -199,7 +205,7 @@
case "paste":
html_header($course, $wdir);
if (isset($USER->fileop) and $USER->fileop == "move") {
if (isset($USER->fileop) and ($USER->fileop == "move") and confirm_sesskey()) {
foreach ($USER->filelist as $file) {
$shortfile = basename($file);
$oldfile = $basedir.$file;
@ -215,10 +221,9 @@
break;
case "rename":
if (!empty($name)) {
if (!empty($name) and confirm_sesskey()) {
html_header($course, $wdir);
$name = clean_filename($name);
$oldname = clean_filename($oldname);
if (file_exists($basedir.$wdir."/".$name)) {
echo "Error: $name already exists!";
} else if (!rename($basedir.$wdir."/".$oldname, $basedir.$wdir."/".$name)) {
@ -239,6 +244,7 @@
echo " <input type=\"hidden\" name=\"action\" value=\"rename\" />";
echo " <input type=\"hidden\" name=\"oldname\" value=\"$file\" />";
echo " <input type=\"text\" name=\"name\" size=\"35\" value=\"$file\" />";
echo " <input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />";
echo " <input type=\"submit\" value=\"$strrename\" />";
echo "</form>";
echo "</td><td>";
@ -254,7 +260,7 @@
break;
case "mkdir":
if (!empty($name)) {
if (!empty($name) and confirm_sesskey()) {
html_header($course, $wdir);
$name = clean_filename($name);
if (file_exists("$basedir$wdir/$name")) {
@ -276,6 +282,7 @@
echo " <input type=\"hidden\" name=\"wdir\" value=$wdir />";
echo " <input type=\"hidden\" name=\"action\" value=\"mkdir\" />";
echo " <input type=\"text\" name=\"name\" size=\"35\" />";
echo " <input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />";
echo " <input type=\"submit\" value=\"$strcreate\" />";
echo "</form>";
echo "</td><td>";
@ -292,7 +299,7 @@
case "edit":
html_header($course, $wdir);
if (isset($text)) {
if (isset($text) and confirm_sesskey()) {
$fileptr = fopen($basedir.$file,"w");
fputs($fileptr, stripslashes($text));
fclose($fileptr);
@ -324,6 +331,7 @@
echo " <input type=\"hidden\" name=\"wdir\" value=\"$wdir\" />";
echo " <input type=\"hidden\" name=\"file\" value=\"$file\" />";
echo " <input type=\"hidden\" name=\"action\" value=\"edit\" />";
echo " <input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />";
print_textarea($usehtmleditor, 25, 80, 680, 400, "text", $contents);
echo "</td></tr><tr><td>";
echo " <input type=\"submit\" value=\"".get_string("savechanges")."\" />";
@ -347,7 +355,7 @@
break;
case "zip":
if (!empty($name)) {
if (!empty($name) and confirm_sesskey()) {
html_header($course, $wdir);
$name = clean_filename($name);
@ -399,7 +407,7 @@
case "unzip":
html_header($course, $wdir);
if (!empty($file)) {
if (!empty($file) and confirm_sesskey()) {
$strok = get_string("ok");
$strunpacking = get_string("unpacking", "", $file);
@ -426,7 +434,7 @@
case "listzip":
html_header($course, $wdir);
if (!empty($file)) {
if (!empty($file) and confirm_sesskey()) {
$strname = get_string("name");
$strsize = get_string("size");
$strmodified = get_string("modified");
@ -437,8 +445,8 @@
$file = basename($file);
include_once($CFG->libdir.'/pclzip/pclzip.lib.php');
$archive = new PclZip("$basedir/$wdir/$file");
if (!$list = $archive->listContent("$basedir/$wdir")) {
$archive = new PclZip(cleardoubleslashes("$basedir/$wdir/$file"));
if (!$list = $archive->listContent(cleardoubleslashes("$basedir/$wdir"))) {
notify($archive->errorInfo(true));
} else {
@ -471,34 +479,6 @@
html_footer();
break;
case "torte":
if($_POST)
{
while(list($key, $val) = each($_POST))
{
if(ereg("file([0-9]+)", $key, $regs))
{
$file = $val;
}
}
if(@filetype($CFG->dataroot ."/". $course->id . $file) == "file")
{
if(mimeinfo("icon", $file) == "image.gif")
{
$url = $CFG->wwwroot ."/file.php?file=/" .$course->id . $file;
runjavascript($url);
}
else
{
print "File is not a image!";
}
}
else
{
print "You cannot insert FOLDER into richtext editor!!!";
}
}
break;
case "cancel";
clearfilelist();
@ -555,7 +535,10 @@ function setfilelist($VARS) {
foreach ($VARS as $key => $val) {
if (substr($key,0,4) == "file") {
$count++;
$USER->filelist[] = rawurldecode($val);
$val = rawurldecode($val);
if (!detect_munged_arguments($val, 0)) {
$USER->filelist[] = $val;
}
}
}
return $count;
@ -667,7 +650,8 @@ function displaydir ($wdir) {
$filename = $fullpath."/".$dir;
$fileurl = rawurlencode($wdir."/".$dir);
$filesafe = rawurlencode($dir);
$filedate = userdate(filectime($filename), "%d %b %Y, %I:%M %p");
$filesize = display_size(get_directory_size("$fullpath/$dir"));
$filedate = userdate(filemtime($filename), "%d %b %Y, %I:%M %p");
echo "<tr>";
@ -692,7 +676,7 @@ function displaydir ($wdir) {
$fileurl = "$wdir/$file";
$filesafe = rawurlencode($file);
$fileurlsafe = rawurlencode($fileurl);
$filedate = userdate(filectime($filename), "%d %b %Y, %I:%M %p");
$filedate = userdate(filemtime($filename), "%d %b %Y, %I:%M %p");
if (substr($fileurl,0,1) == '/') {
$selectfile = substr($fileurl,1);
@ -726,8 +710,8 @@ function displaydir ($wdir) {
if ($icon == "text.gif" || $icon == "html.gif") {
$edittext .= "<a href=\"".basename($ME)."?id=$id&amp;wdir=$wdir&amp;file=$fileurl&amp;action=edit\">$stredit</a>";
} else if ($icon == "zip.gif") {
$edittext .= "<a href=\"".basename($ME)."?id=$id&amp;wdir=$wdir&amp;file=$fileurl&amp;action=unzip\">$strunzip</a>&nbsp;";
$edittext .= "<a href=\"".basename($ME)."?id=$id&amp;wdir=$wdir&amp;file=$fileurl&amp;action=listzip\">$strlist</a> ";
$edittext .= "<a href=\"".basename($ME)."?id=$id&amp;wdir=$wdir&amp;file=$fileurl&amp;action=unzip&amp;sesskey=$USER->sesskey\">$strunzip</a>&nbsp;";
$edittext .= "<a href=\"".basename($ME)."?id=$id&amp;wdir=$wdir&amp;file=$fileurl&amp;action=listzip&amp;sesskey=$USER->sesskey\">$strlist</a> ";
}
print_cell("right", "$edittext <a href=\"".basename($ME)."?id=$id&amp;wdir=$wdir&amp;file=$filesafe&amp;action=rename\">$strrename</a>");
@ -746,6 +730,7 @@ function displaydir ($wdir) {
echo "<tr><td>";
echo "<input type=\"hidden\" name=\"id\" value=\"$id\" />";
echo "<input type=\"hidden\" name=\"wdir\" value=\"$wdir\" /> ";
echo "<input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />";
$options = array (
"move" => "$strmovetoanotherfolder",
"delete" => "$strdeletecompletely",
@ -762,6 +747,7 @@ function displaydir ($wdir) {
echo " <input type=\"hidden\" name=\"id\" value=$id />";
echo " <input type=\"hidden\" name=\"wdir\" value=\"$wdir\" />";
echo " <input type=\"hidden\" name=\"action\" value=\"paste\" />";
echo " <input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />";
echo " <input type=\"submit\" value=\"$strmovefilestohere\" />";
echo "</form>";
}