mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-18 14:03:52 +01:00
Code Issues Projects Releases Wiki Activity

MDL-16596 support for restricting of subdirectory browsing/upload

Browse Source
This commit is contained in:
skodak 2008-09-21 20:45:07 +00:00
parent 84c18f4d2c
commit b5b188ce33
3 changed files with 58 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
files/draftfiles.php
View File

@ -7,6 +7,7 @@
$filepath = optional_param('filepath', '/', PARAM_PATH);
$newdirname = optional_param('newdirname', '', PARAM_FILE);
$delete = optional_param('delete', '', PARAM_PATH);
$subdirs = optional_param('subdirs', 0, PARAM_BOOL);
require_login();
if (isguestuser()) {
@ -23,6 +24,10 @@
$browser = get_file_browser();
$fs = get_file_storage();
if (!$subdirs) {
$filepath = '/';
}
if (!$directory = $fs->get_file($context->id, 'user_draft', $itemid, $filepath, '.')) {
$directory = new virtual_root_file($context->id, 'user_draft', $itemid);
$filepath = $directory->get_filepath();
@ -34,7 +39,7 @@
if ($newdirname !== '' and data_submitted() and confirm_sesskey()) {
$newdirname = $directory->get_filepath().$newdirname.'/';
$fs->create_directory($contextid, $filearea, $itemid, $newdirname, $USER->id);
redirect('draftfiles.php?itemid='.$itemid.'&filepath='.rawurlencode($newdirname));
redirect('draftfiles.php?itemid='.$itemid.'&filepath='.rawurlencode($newdirname).'&subdirs='.$subdirs);
}
if (isset($_FILES['newfile']) and data_submitted() and confirm_sesskey()) {
@ -48,7 +53,7 @@
$filerecord = array('contextid'=>$contextid, 'filearea'=>$filearea, 'itemid'=>$itemid, 'filepath'=>$filepath,
'filename'=>$newfilename, 'userid'=>$USER->id);
$newfile = $fs->create_file_from_pathname($filerecord, $_FILES['newfile']['tmp_name']);
redirect('draftfiles.php?itemid='.$itemid.'&filepath='.rawurlencode($filepath));
redirect('draftfiles.php?itemid='.$itemid.'&filepath='.rawurlencode($filepath).'&subdirs='.$subdirs);
}
}
@ -56,8 +61,8 @@
if (!data_submitted() or !confirm_sesskey()) {
print_header();
notify(get_string('deletecheckwarning').': '.s($file->get_filepath().$file->get_filename()));
$optionsno = array('itemid'=>$itemid, 'filepath'=>$filepath);
$optionsyes = array('itemid'=>$itemid, 'filepath'=>$filepath, 'delete'=>$delete, 'sesskey'=>sesskey());
$optionsno = array('itemid'=>$itemid, 'filepath'=>$filepath, 'subdirs'=>$subdirs);
$optionsyes = array('itemid'=>$itemid, 'filepath'=>$filepath, 'delete'=>$delete, 'sesskey'=>sesskey(), 'subdirs'=>$subdirs);
notice_yesno (get_string('deletecheckfiles'), 'draftfiles.php', 'draftfiles.php', $optionsyes, $optionsno, 'post', 'get');
print_footer('empty');
die;
@ -66,9 +71,9 @@
$isdir = $file->is_directory();
$file->delete();
if ($isdir) {
redirect('draftfiles.php?itemid='.$itemid.'&filepath='.rawurlencode($parent->get_filepath()));
redirect('draftfiles.php?itemid='.$itemid.'&filepath='.rawurlencode($parent->get_filepath()).'&subdirs='.$subdirs);
} else {
redirect('draftfiles.php?itemid='.$itemid.'&filepath='.rawurlencode($filepath));
redirect('draftfiles.php?itemid='.$itemid.'&filepath='.rawurlencode($filepath).'&subdirs='.$subdirs);
}
}
}
@ -84,7 +89,7 @@
if ($parent) {
echo '<div class="folder">';
echo '<a href="draftfiles.php?itemid='.$itemid.'&amp;filepath='.$parent->get_filepath().'"><img src="'.$CFG->pixpath.'/f/parent.gif" class="icon" alt="" />&nbsp;'.get_string('parentfolder').'</a>';
echo '<a href="draftfiles.php?itemid='.$itemid.'&amp;filepath='.$parent->get_filepath().'&amp;subdirs='.$subdirs.'"><img src="'.$CFG->pixpath.'/f/parent.gif" class="icon" alt="" />&nbsp;'.get_string('parentfolder').'</a>';
echo '</div>';
}
@ -98,19 +103,21 @@
$mimetype = $file->get_mimetype();
if ($file->is_directory()) {
$dirname = explode('/', trim($filepath, '/'));
$dirname = array_pop($dirname);
echo '<div class="folder">';
echo "<a href=\"draftfiles.php?itemid=$itemid&amp;filepath=$filepath\"><img src=\"$CFG->pixpath/f/folder.gif\" class=\"icon\" alt=\"$strfolder\" />&nbsp;".s($dirname)."</a> ";
echo "<a href=\"draftfiles.php?itemid=$itemid&amp;filepath=$filepath&amp;delete=$filenameurl\"><img src=\"$CFG->pixpath/t/delete.gif\" class=\"iconsmall\" alt=\"$strdelete\" /></a>";
echo '</div>';
if ($subdirs) {
$dirname = explode('/', trim($filepath, '/'));
$dirname = array_pop($dirname);
echo '<div class="folder">';
echo "<a href=\"draftfiles.php?itemid=$itemid&amp;filepath=$filepath&amp;subdirs=$subdirs\"><img src=\"$CFG->pixpath/f/folder.gif\" class=\"icon\" alt=\"$strfolder\" />&nbsp;".s($dirname)."</a> ";
echo "<a href=\"draftfiles.php?itemid=$itemid&amp;filepath=$filepath&amp;delete=$filenameurl&amp;subdirs=$subdirs\"><img src=\"$CFG->pixpath/t/delete.gif\" class=\"iconsmall\" alt=\"$strdelete\" /></a>";
echo '</div>';
}
} else {
$icon = mimeinfo_from_type('icon', $mimetype);
$viewurl = $browser->encodepath("$CFG->wwwroot/draftfile.php", "/$contextid/user_draft/$itemid".$filepath.$filename, false, false);
echo '<div class="file">';
echo "<a href=\"$viewurl\"><img src=\"$CFG->pixpath/f/$icon\" class=\"icon\" alt=\"$strfile\" />&nbsp;".s($filename)." ($filesize)</a> ";
echo "<a href=\"draftfiles.php?itemid=$itemid&amp;filepath=$filepath&amp;delete=$filenameurl\"><img src=\"$CFG->pixpath/t/delete.gif\" class=\"iconsmall\" alt=\"$strdelete\" /></a>";;
echo "<a href=\"draftfiles.php?itemid=$itemid&amp;filepath=$filepath&amp;delete=$filenameurl&amp;subdirs=$subdirs\"><img src=\"$CFG->pixpath/t/delete.gif\" class=\"iconsmall\" alt=\"$strdelete\" /></a>";;
echo '</div>';
}
}
@ -120,18 +127,22 @@
echo '<form enctype="multipart/form-data" method="post" action="draftfiles.php"><div>';
echo '<input type="hidden" name="itemid" value="'.$itemid.'" />';
echo '<input type="hidden" name="filepath" value="'.s($filepath).'" />';
echo '<input type="hidden" name="subdirs" value="'.$subdirs.'" />';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '<input name="newfile" type="file" />';
echo '<input type="submit" value="'.get_string('uploadafile').'" />';
echo '</div></form>';
echo '<form action="draftfiles.php" method="post"><div>';
echo '<input type="hidden" name="itemid" value="'.$itemid.'" />';
echo '<input type="hidden" name="filepath" value="'.s($filepath).'" />';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '<input type="text" name="newdirname" value="" />';
echo '<input type="submit" value="'.get_string('makeafolder').'" />';
echo '</div></form>';
if ($subdirs) {
echo '<form action="draftfiles.php" method="post"><div>';
echo '<input type="hidden" name="itemid" value="'.$itemid.'" />';
echo '<input type="hidden" name="filepath" value="'.s($filepath).'" />';
echo '<input type="hidden" name="subdirs" value="'.$subdirs.'" />';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '<input type="text" name="newdirname" value="" />';
echo '<input type="submit" value="'.get_string('makeafolder').'" />';
echo '</div></form>';
}
print_footer('empty');

23
lib/filelib.php
View File

@ -88,11 +88,12 @@ function file_get_new_draftitemid() {
* @param int $contextid
* @param string $filearea
* @param int $itemid
* @param bool subdirs allow directory structure
* @param string $text usually html text with embedded links to draft area
* @param boolean $forcehttps force https
* @return string text with relative links starting with @@PLUGINFILE@@
*/
function file_prepare_draftarea(&$draftitemid, $contextid, $filearea, $itemid, $text=null, $forcehttps=false) {
function file_prepare_draftarea(&$draftitemid, $contextid, $filearea, $itemid, $subdirs=false, $text=null, $forcehttps=false) {
global $CFG, $USER;
$usercontext = get_context_instance(CONTEXT_USER, $USER->id);
@ -104,6 +105,9 @@ function file_prepare_draftarea(&$draftitemid, $contextid, $filearea, $itemid, $
$file_record = array('contextid'=>$usercontext->id, 'filearea'=>'user_draft', 'itemid'=>$draftitemid);
if ($files = $fs->get_area_files($contextid, $filearea, $itemid)) {
foreach ($files as $file) {
if (!$subdirs and $file->get_filepath() !== '/') {
continue;
}
$fs->create_file_from_storedfile($file_record, $file);
}
}
@ -118,9 +122,9 @@ function file_prepare_draftarea(&$draftitemid, $contextid, $filearea, $itemid, $
/// relink embedded files - editor can not handle @@PLUGINFILE@@ !
if ($CFG->slasharguments) {
$draftbase = "$CFG->wwwroot/draftfile.php/user_draft/$draftitemid/";
$draftbase = "$CFG->wwwroot/draftfile.php/$usercontext->id/user_draft/$draftitemid/";
} else {
$draftbase = "$CFG->wwwroot/draftfile.php?file=/user_draft/$draftitemid/";
$draftbase = "$CFG->wwwroot/draftfile.php?file=/$usercontext->id/user_draft/$draftitemid/";
}
if ($forcehttps) {
@ -138,11 +142,12 @@ function file_prepare_draftarea(&$draftitemid, $contextid, $filearea, $itemid, $
* @param int $contextid
* @param string $filearea
* @param int $itemid
* @param bool subdirs allow directory structure
* @param string $text usually html text with embedded links to draft area
* @param boolean $forcehttps force https
* @return string text with relative links starting with @@PLUGINFILE@@
*/
function file_convert_draftarea($draftitemid, $contextid, $filearea, $itemid, $text=null, $forcehttps=false) {
function file_convert_draftarea($draftitemid, $contextid, $filearea, $itemid, $subdirs=false, $text=null, $forcehttps=false) {
global $CFG, $USER;
$usercontext = get_context_instance(CONTEXT_USER, $USER->id);
@ -160,6 +165,9 @@ function file_convert_draftarea($draftitemid, $contextid, $filearea, $itemid, $t
$fs->delete_area_files($contextid, $filearea, $itemid);
$file_record = array('contextid'=>$contextid, 'filearea'=>$filearea, 'itemid'=>$itemid);
foreach ($draftfiles as $file) {
if (!$subdirs and $file->get_filepath() !== '/') {
continue;
}
$fs->create_file_from_storedfile($file_record, $file);
}
@ -167,6 +175,9 @@ function file_convert_draftarea($draftitemid, $contextid, $filearea, $itemid, $t
// we have to merge old and new files - we want to keep file ids for files that were not changed
$file_record = array('contextid'=>$contextid, 'filearea'=>$filearea, 'itemid'=>$itemid);
foreach ($draftfiles as $file) {
if (!$subdirs and $file->get_filepath() !== '/') {
continue;
}
$newhash = sha1($contextid.$filearea.$itemid.$file->get_filepath().$file->get_filename());
if (isset($oldfiles[$newhash])) {
$oldfile = $oldfiles[$newhash];
@ -200,9 +211,9 @@ function file_convert_draftarea($draftitemid, $contextid, $filearea, $itemid, $t
/// relink embedded files if text submitted - no absolute links allowed in database!
if ($CFG->slasharguments) {
$draftbase = "$CFG->wwwroot/draftfile.php/user_draft/$draftitemid/";
$draftbase = "$CFG->wwwroot/draftfile.php/$usercontext->id/user_draft/$draftitemid/";
} else {
$draftbase = "$CFG->wwwroot/draftfile.php?file=/user_draft/$draftitemid/";
$draftbase = "$CFG->wwwroot/draftfile.php?file=/$usercontext->id/user_draft/$draftitemid/";
}
if ($forcehttps) {

16
lib/form/areafiles.php
View File

@ -4,10 +4,12 @@ require_once('HTML/QuickForm/element.php');
class MoodleQuickForm_areafiles extends HTML_QuickForm_element {
protected $_helpbutton = '';
protected $_options = null;
protected $_options = array('subdirs'=>0);
function MoodleQuickForm_files($elementName=null, $elementLabel=null, $options=null) {
$this->_options = $options;
function MoodleQuickForm_areafiles($elementName=null, $elementLabel=null, $options=null) {
if (!empty($options['subdirs'])) {
$this->_options['subdirs'] = 1;
}
parent::HTML_QuickForm_element($elementName, $elementLabel);
}
@ -66,9 +68,9 @@ class MoodleQuickForm_areafiles extends HTML_QuickForm_element {
return $this->getFrozenHtml();
}
$id = $this->_attributes['id'];
$elname = $this->_attributes['name'];
$id = $this->_attributes['id'];
$elname = $this->_attributes['name'];
$subdirs = $this->_options['subdirs'];
$draftitemid = $this->getValue();
if (empty($draftitemid)) {
@ -78,7 +80,7 @@ class MoodleQuickForm_areafiles extends HTML_QuickForm_element {
$draftitemid = $this->getValue();
}
$editorurl = "$CFG->wwwroot/files/draftfiles.php?itemid=$draftitemid";
$editorurl = "$CFG->wwwroot/files/draftfiles.php?itemid=$draftitemid&amp;subdirs=$subdirs";
$str = $this->_getTabs();
$str .= '<input type="hidden" name="'.$elname.'" value="'.$draftitemid.'" />';