1 | <?php |
||
2 | /* For licensing terms, see /license.txt */ |
||
3 | |||
4 | use ChamiloSession as Session; |
||
5 | |||
6 | /** |
||
7 | * This file allows creating new svg and png documents with an online editor. |
||
8 | * |
||
9 | * @package chamilo.document |
||
10 | * |
||
11 | * @todo used the document_id instead of the curdirpath |
||
12 | * |
||
13 | * @author Juan Carlos Raña Trabado |
||
14 | * |
||
15 | * @since 30/january/2011 |
||
16 | */ |
||
17 | require_once __DIR__.'/../inc/global.inc.php'; |
||
18 | |||
19 | $this_section = SECTION_COURSES; |
||
20 | $groupRights = Session::read('group_member_with_upload_rights'); |
||
21 | |||
22 | api_protect_course_script(true); |
||
23 | api_block_anonymous_users(); |
||
24 | $_course = api_get_course_info(); |
||
25 | $groupId = api_get_group_id(); |
||
26 | $document_data = DocumentManager::get_document_data_by_id( |
||
27 | $_GET['id'], |
||
28 | api_get_course_id(), |
||
29 | true |
||
30 | ); |
||
31 | |||
32 | if (empty($document_data)) { |
||
33 | api_not_allowed(); |
||
34 | } else { |
||
35 | $document_id = $document_data['id']; |
||
36 | $file_path = $document_data['path']; |
||
37 | $dir = dirname($document_data['path']); |
||
38 | $parent_id = DocumentManager::get_document_id(api_get_course_info(), $dir); |
||
39 | $my_cur_dir_path = isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : null; |
||
40 | } |
||
41 | |||
42 | //and urlencode each url $curdirpath (hack clean $curdirpath under Windows - Bug #3261) |
||
43 | $dir = str_replace('\\', '/', $dir); |
||
44 | if (empty($dir)) { |
||
45 | $dir = '/'; |
||
46 | } |
||
47 | |||
48 | /* Constants & Variables */ |
||
49 | $current_session_id = api_get_session_id(); |
||
50 | //path for pixlr save |
||
51 | Session::write('paint_dir', Security::remove_XSS($dir)); |
||
52 | Session::write('paint_file', basename(Security::remove_XSS($file_path))); |
||
53 | $get_file = Security::remove_XSS($file_path); |
||
54 | $file = basename($get_file); |
||
55 | $temp_file = explode(".", $file); |
||
56 | $filename = $temp_file[0]; |
||
57 | $nameTools = get_lang('EditDocument').': '.$filename; |
||
58 | $courseDir = $_course['path'].'/document'; |
||
59 | $is_allowed_to_edit = api_is_allowed_to_edit(null, true); |
||
60 | /* Other initialization code */ |
||
61 | /* Please, do not modify this dirname formatting */ |
||
62 | if (strstr($dir, '..')) { |
||
63 | $dir = '/'; |
||
64 | } |
||
65 | |||
66 | if ($dir[0] == '.') { |
||
67 | $dir = substr($dir, 1); |
||
68 | } |
||
69 | |||
70 | if ($dir[0] != '/') { |
||
71 | $dir = '/'.$dir; |
||
72 | } |
||
73 | |||
74 | if ($dir[strlen($dir) - 1] != '/') { |
||
75 | $dir .= '/'; |
||
76 | } |
||
77 | |||
78 | $filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document'.$dir; |
||
79 | if (!is_dir($filepath)) { |
||
80 | $filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document/'; |
||
81 | $dir = '/'; |
||
82 | } |
||
83 | |||
84 | //groups //TODO:clean |
||
85 | if (!empty($groupId)) { |
||
86 | $interbreadcrumb[] = [ |
||
87 | 'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(), |
||
88 | 'name' => get_lang('GroupSpace'), |
||
89 | ]; |
||
90 | $group_document = true; |
||
91 | } |
||
92 | |||
93 | $is_certificate_mode = DocumentManager::is_certificate_mode($dir); |
||
94 | |||
95 | if (!$is_certificate_mode) { |
||
96 | $interbreadcrumb[] = [ |
||
97 | "url" => "./document.php?curdirpath=".urlencode($my_cur_dir_path).'&'.api_get_cidreq(), |
||
98 | "name" => get_lang('Documents'), |
||
99 | ]; |
||
100 | } else { |
||
101 | $interbreadcrumb[] = [ |
||
102 | 'url' => Category::getUrl(), |
||
103 | 'name' => get_lang('Gradebook'), |
||
104 | ]; |
||
105 | } |
||
106 | |||
107 | // Interbreadcrumb for the current directory root path |
||
108 | if (empty($document_data['parents'])) { |
||
109 | $interbreadcrumb[] = ['url' => '#', 'name' => $document_data['title']]; |
||
110 | } else { |
||
111 | foreach ($document_data['parents'] as $document_sub_data) { |
||
112 | if ($document_data['title'] == $document_sub_data['title']) { |
||
113 | continue; |
||
114 | } |
||
115 | $interbreadcrumb[] = ['url' => $document_sub_data['document_url'], 'name' => $document_sub_data['title']]; |
||
116 | } |
||
117 | } |
||
118 | |||
119 | $is_allowedToEdit = api_is_allowed_to_edit(null, true) || $groupRights || |
||
120 | DocumentManager::is_my_shared_folder(api_get_user_id(), $dir, $current_session_id); |
||
121 | |||
122 | if (!$is_allowedToEdit) { |
||
123 | api_not_allowed(true); |
||
124 | } |
||
125 | |||
126 | Event::event_access_tool(TOOL_DOCUMENT); |
||
127 | |||
128 | Display :: display_header($nameTools, 'Doc'); |
||
129 | echo '<div class="actions">'; |
||
130 | echo '<a href="document.php?id='.$parent_id.'&'.api_get_cidreq().'">'. |
||
131 | Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview'), '', ICON_SIZE_MEDIUM).'</a>'; |
||
132 | echo '<a href="edit_document.php?'.api_get_cidreq().'&id='.$document_id.'&'.api_get_cidreq().'&origin=editpaint">'. |
||
133 | Display::return_icon('edit.png', get_lang('Rename').'/'.get_lang('Comment'), '', ICON_SIZE_MEDIUM).'</a>'; |
||
134 | echo '</div>'; |
||
135 | |||
136 | // pixlr |
||
137 | $title = $file; //disk name. No sql name because pixlr return this when save |
||
138 | |||
139 | $langpixlr = api_get_language_isocode(); |
||
140 | $langpixlr = isset($pixlr_code_translation_table[$langpixlr]) ? $pixlredit_code_translation_table[$langpixlr] : $langpixlr; |
||
141 | $loc = $langpixlr; // deprecated ?? TODO:check pixlr read user browser |
||
142 | |||
143 | $exit_path = api_get_path(WEB_CODE_PATH).'document/exit_pixlr.php'; |
||
144 | Session::write('exit_pixlr', Security::remove_XSS($parent_id)); |
||
145 | $referrer = "Chamilo"; |
||
146 | $target_path = api_get_path(WEB_CODE_PATH).'document/save_pixlr.php'; |
||
147 | $target = $target_path; |
||
148 | $locktarget = "true"; |
||
149 | $locktitle = "false"; |
||
150 | |||
151 | if ($_SERVER['HTTP_HOST'] == "localhost") { |
||
152 | $path_and_file = api_get_path(SYS_PATH).'/crossdomain.xml'; |
||
153 | if (!file_exists($path_and_file)) { |
||
154 | $crossdomain = '<?xml version="1.0"?> |
||
155 | <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> |
||
156 | <cross-domain-policy> |
||
157 | <allow-access-from domain="cdn.pixlr.com" /> |
||
158 | <site-control permitted-cross-domain-policies="master-only"/> |
||
159 | <allow-http-request-headers-from domain="cnd.pixlr.com" headers="*" secure="true"/> |
||
160 | </cross-domain-policy>'; //more open domain="*" |
||
161 | @file_put_contents($path_and_file, $crossdomain); |
||
162 | } |
||
163 | $credentials = "true"; |
||
164 | } else { |
||
165 | $credentials = "false"; |
||
166 | } |
||
167 | |||
168 | //make temp images |
||
169 | $temp_folder = api_get_path(SYS_ARCHIVE_PATH).'temp/images'; |
||
170 | if (!file_exists($temp_folder)) { |
||
171 | @mkdir($temp_folder, api_get_permissions_for_new_directories(), true); //TODO:check $permissions value, now empty; |
||
0 ignored issues
–
show
|
|||
172 | } |
||
173 | |||
174 | //make htaccess with allow from all, and file index.html into temp/images |
||
175 | $htaccess = api_get_path(SYS_ARCHIVE_PATH).'temp/images/.htaccess'; |
||
176 | if (!file_exists($htaccess)) { |
||
177 | $htaccess_content = "order deny,allow\r\nallow from all\r\nOptions -Indexes"; |
||
178 | $fp = @fopen(api_get_path(SYS_ARCHIVE_PATH).'temp/images/.htaccess', 'w'); |
||
179 | if ($fp) { |
||
180 | fwrite($fp, $htaccess_content); |
||
181 | fclose($fp); |
||
182 | } |
||
183 | } |
||
184 | |||
185 | $html_index = api_get_path(SYS_ARCHIVE_PATH).'temp/images/index.html'; |
||
186 | if (!file_exists($html_index)) { |
||
187 | $html_index_content = "<html><head></head><body></body></html>"; |
||
188 | $fp = @fopen(api_get_path(SYS_ARCHIVE_PATH).'temp/images/index.html', 'w'); |
||
189 | if ($fp) { |
||
190 | fwrite($fp, $html_index_content); |
||
191 | fclose($fp); |
||
192 | } |
||
193 | } |
||
194 | |||
195 | //encript temp name file |
||
196 | $name_crip = sha1(uniqid()); //encript |
||
197 | $findext = explode(".", $file); |
||
198 | $extension = $findext[count($findext) - 1]; |
||
199 | $file_crip = $name_crip.'.'.$extension; |
||
200 | |||
201 | //copy file to temp/images directory |
||
202 | $from = $filepath.$file; |
||
203 | $to = api_get_path(SYS_ARCHIVE_PATH).'temp/images/'.$file_crip; |
||
204 | copy($from, $to); |
||
205 | Session::write('temp_realpath_image', $to); |
||
206 | |||
207 | //load image to url |
||
208 | $to_url = api_get_path(WEB_ARCHIVE_PATH).'temp/images/'.$file_crip; |
||
209 | $image = urlencode($to_url); |
||
210 | $pixlr_url = '//pixlr.com/editor/?title='.$title.'&image='.$image.'&loc='.$loc.'&referrer='.$referrer.'&target='.$target.'&exit='.$exit_path.'&locktarget='.$locktarget.'&locktitle='.$locktitle.'&credentials='.$credentials; |
||
211 | |||
212 | //make frame an send image |
||
213 | ?> |
||
214 | <script> |
||
215 | document.write ('<iframe id="frame" frameborder="0" scrolling="no" src="<?php echo $pixlr_url; ?>" width="100%" height="100%"><noframes><p>Sorry, your browser does not handle frames</p></noframes></iframe>'); |
||
216 | function resizeIframe() { |
||
217 | var height = window.innerHeight; |
||
218 | //max lower size |
||
219 | if (height<600) { |
||
220 | height=600; |
||
221 | } |
||
222 | document.getElementById('frame').style.height = height +"px"; |
||
223 | }; |
||
224 | document.getElementById('frame').onload = resizeIframe; |
||
225 | window.onresize = resizeIframe; |
||
226 | |||
227 | </script> |
||
228 | |||
229 | <?php |
||
230 | echo '<noscript>'; |
||
231 | echo '<iframe style="height: 600px; width: 100%;" scrolling="no" frameborder="0" src="'.$pixlr_url.'"><noframes><p>Sorry, your browser does not handle frames</p></noframes></iframe>'; |
||
232 | echo '</noscript>'; |
||
233 | |||
234 | Display::display_footer(); |
||
235 |
If you suppress an error, we recommend checking for the error condition explicitly: