|
1
|
|
|
<?php |
|
2
|
|
|
/* For licensing terms, see /license.txt */ |
|
3
|
|
|
|
|
4
|
|
|
use ChamiloSession as Session; |
|
5
|
|
|
|
|
6
|
|
|
/** |
|
7
|
|
|
* This file allows creating new svg and png documents with an online editor. |
|
8
|
|
|
* |
|
9
|
|
|
* @package chamilo.document |
|
10
|
|
|
* |
|
11
|
|
|
* @todo used the document_id instead of the curdirpath |
|
12
|
|
|
* |
|
13
|
|
|
* @author Juan Carlos RaƱa Trabado |
|
14
|
|
|
* |
|
15
|
|
|
* @since 30/january/2011 |
|
16
|
|
|
*/ |
|
17
|
|
|
require_once __DIR__.'/../inc/global.inc.php'; |
|
18
|
|
|
|
|
19
|
|
|
$this_section = SECTION_COURSES; |
|
20
|
|
|
$groupRights = Session::read('group_member_with_upload_rights'); |
|
21
|
|
|
|
|
22
|
|
|
api_protect_course_script(true); |
|
23
|
|
|
api_block_anonymous_users(); |
|
24
|
|
|
$_course = api_get_course_info(); |
|
25
|
|
|
$groupId = api_get_group_id(); |
|
26
|
|
|
$document_data = DocumentManager::get_document_data_by_id( |
|
27
|
|
|
$_GET['id'], |
|
28
|
|
|
api_get_course_id(), |
|
29
|
|
|
true |
|
30
|
|
|
); |
|
31
|
|
|
|
|
32
|
|
|
if (empty($document_data)) { |
|
33
|
|
|
api_not_allowed(); |
|
34
|
|
|
} else { |
|
35
|
|
|
$document_id = $document_data['id']; |
|
36
|
|
|
$file_path = $document_data['path']; |
|
37
|
|
|
$dir = dirname($document_data['path']); |
|
38
|
|
|
$parent_id = DocumentManager::get_document_id(api_get_course_info(), $dir); |
|
39
|
|
|
$my_cur_dir_path = isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : null; |
|
40
|
|
|
} |
|
41
|
|
|
|
|
42
|
|
|
//and urlencode each url $curdirpath (hack clean $curdirpath under Windows - Bug #3261) |
|
43
|
|
|
$dir = str_replace('\\', '/', $dir); |
|
44
|
|
|
if (empty($dir)) { |
|
45
|
|
|
$dir = '/'; |
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
/* Constants & Variables */ |
|
49
|
|
|
$current_session_id = api_get_session_id(); |
|
50
|
|
|
//path for pixlr save |
|
51
|
|
|
Session::write('paint_dir', Security::remove_XSS($dir)); |
|
52
|
|
|
Session::write('paint_file', basename(Security::remove_XSS($file_path))); |
|
53
|
|
|
$get_file = Security::remove_XSS($file_path); |
|
54
|
|
|
$file = basename($get_file); |
|
55
|
|
|
$temp_file = explode(".", $file); |
|
56
|
|
|
$filename = $temp_file[0]; |
|
57
|
|
|
$nameTools = get_lang('EditDocument').': '.$filename; |
|
58
|
|
|
$courseDir = $_course['path'].'/document'; |
|
59
|
|
|
$is_allowed_to_edit = api_is_allowed_to_edit(null, true); |
|
60
|
|
|
/* Other initialization code */ |
|
61
|
|
|
/* Please, do not modify this dirname formatting */ |
|
62
|
|
|
if (strstr($dir, '..')) { |
|
63
|
|
|
$dir = '/'; |
|
64
|
|
|
} |
|
65
|
|
|
|
|
66
|
|
|
if ($dir[0] == '.') { |
|
67
|
|
|
$dir = substr($dir, 1); |
|
68
|
|
|
} |
|
69
|
|
|
|
|
70
|
|
|
if ($dir[0] != '/') { |
|
71
|
|
|
$dir = '/'.$dir; |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
if ($dir[strlen($dir) - 1] != '/') { |
|
75
|
|
|
$dir .= '/'; |
|
76
|
|
|
} |
|
77
|
|
|
|
|
78
|
|
|
$filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document'.$dir; |
|
79
|
|
|
if (!is_dir($filepath)) { |
|
80
|
|
|
$filepath = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document/'; |
|
81
|
|
|
$dir = '/'; |
|
82
|
|
|
} |
|
83
|
|
|
|
|
84
|
|
|
//groups //TODO:clean |
|
85
|
|
|
if (!empty($groupId)) { |
|
86
|
|
|
$interbreadcrumb[] = [ |
|
87
|
|
|
'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(), |
|
88
|
|
|
'name' => get_lang('GroupSpace'), |
|
89
|
|
|
]; |
|
90
|
|
|
$group_document = true; |
|
91
|
|
|
} |
|
92
|
|
|
|
|
93
|
|
|
$is_certificate_mode = DocumentManager::is_certificate_mode($dir); |
|
94
|
|
|
|
|
95
|
|
|
if (!$is_certificate_mode) { |
|
96
|
|
|
$interbreadcrumb[] = [ |
|
97
|
|
|
"url" => "./document.php?curdirpath=".urlencode($my_cur_dir_path).'&'.api_get_cidreq(), |
|
98
|
|
|
"name" => get_lang('Documents'), |
|
99
|
|
|
]; |
|
100
|
|
|
} else { |
|
101
|
|
|
$interbreadcrumb[] = [ |
|
102
|
|
|
'url' => Category::getUrl(), |
|
103
|
|
|
'name' => get_lang('Gradebook'), |
|
104
|
|
|
]; |
|
105
|
|
|
} |
|
106
|
|
|
|
|
107
|
|
|
// Interbreadcrumb for the current directory root path |
|
108
|
|
|
if (empty($document_data['parents'])) { |
|
109
|
|
|
$interbreadcrumb[] = ['url' => '#', 'name' => $document_data['title']]; |
|
110
|
|
|
} else { |
|
111
|
|
|
foreach ($document_data['parents'] as $document_sub_data) { |
|
112
|
|
|
if ($document_data['title'] == $document_sub_data['title']) { |
|
113
|
|
|
continue; |
|
114
|
|
|
} |
|
115
|
|
|
$interbreadcrumb[] = ['url' => $document_sub_data['document_url'], 'name' => $document_sub_data['title']]; |
|
116
|
|
|
} |
|
117
|
|
|
} |
|
118
|
|
|
|
|
119
|
|
|
$is_allowedToEdit = api_is_allowed_to_edit(null, true) || $groupRights || |
|
120
|
|
|
DocumentManager::is_my_shared_folder(api_get_user_id(), $dir, $current_session_id); |
|
121
|
|
|
|
|
122
|
|
|
if (!$is_allowedToEdit) { |
|
123
|
|
|
api_not_allowed(true); |
|
124
|
|
|
} |
|
125
|
|
|
|
|
126
|
|
|
Event::event_access_tool(TOOL_DOCUMENT); |
|
127
|
|
|
|
|
128
|
|
|
Display::display_header($nameTools, 'Doc'); |
|
129
|
|
|
echo '<div class="actions">'; |
|
130
|
|
|
echo '<a href="document.php?id='.$parent_id.'&'.api_get_cidreq().'">'. |
|
131
|
|
|
Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview'), '', ICON_SIZE_MEDIUM).'</a>'; |
|
132
|
|
|
echo '<a href="edit_document.php?'.api_get_cidreq().'&id='.$document_id.'&'.api_get_cidreq().'&origin=editpaint">'. |
|
133
|
|
|
Display::return_icon('edit.png', get_lang('Rename').'/'.get_lang('Comment'), '', ICON_SIZE_MEDIUM).'</a>'; |
|
134
|
|
|
echo '</div>'; |
|
135
|
|
|
|
|
136
|
|
|
// pixlr |
|
137
|
|
|
$title = $file; //disk name. No sql name because pixlr return this when save |
|
138
|
|
|
|
|
139
|
|
|
$langpixlr = api_get_language_isocode(); |
|
140
|
|
|
$langpixlr = isset($pixlr_code_translation_table[$langpixlr]) ? $pixlredit_code_translation_table[$langpixlr] : $langpixlr; |
|
141
|
|
|
$loc = $langpixlr; // deprecated ?? TODO:check pixlr read user browser |
|
142
|
|
|
|
|
143
|
|
|
$exit_path = api_get_path(WEB_CODE_PATH).'document/exit_pixlr.php'; |
|
144
|
|
|
Session::write('exit_pixlr', Security::remove_XSS($parent_id)); |
|
145
|
|
|
$referrer = "Chamilo"; |
|
146
|
|
|
$target_path = api_get_path(WEB_CODE_PATH).'document/save_pixlr.php'; |
|
147
|
|
|
$target = $target_path; |
|
148
|
|
|
$locktarget = "true"; |
|
149
|
|
|
$locktitle = "false"; |
|
150
|
|
|
|
|
151
|
|
|
if ($_SERVER['HTTP_HOST'] == "localhost") { |
|
152
|
|
|
$path_and_file = api_get_path(SYS_PATH).'/crossdomain.xml'; |
|
153
|
|
|
if (!file_exists($path_and_file)) { |
|
154
|
|
|
$crossdomain = '<?xml version="1.0"?> |
|
155
|
|
|
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> |
|
156
|
|
|
<cross-domain-policy> |
|
157
|
|
|
<allow-access-from domain="cdn.pixlr.com" /> |
|
158
|
|
|
<site-control permitted-cross-domain-policies="master-only"/> |
|
159
|
|
|
<allow-http-request-headers-from domain="cnd.pixlr.com" headers="*" secure="true"/> |
|
160
|
|
|
</cross-domain-policy>'; //more open domain="*" |
|
161
|
|
|
@file_put_contents($path_and_file, $crossdomain); |
|
|
|
|
|
|
162
|
|
|
} |
|
163
|
|
|
$credentials = "true"; |
|
164
|
|
|
} else { |
|
165
|
|
|
$credentials = "false"; |
|
166
|
|
|
} |
|
167
|
|
|
|
|
168
|
|
|
//make temp images |
|
169
|
|
|
$temp_folder = api_get_path(SYS_ARCHIVE_PATH).'temp/images'; |
|
170
|
|
|
if (!file_exists($temp_folder)) { |
|
171
|
|
|
@mkdir($temp_folder, api_get_permissions_for_new_directories(), true); //TODO:check $permissions value, now empty; |
|
|
|
|
|
|
172
|
|
|
} |
|
173
|
|
|
|
|
174
|
|
|
//make htaccess with allow from all, and file index.html into temp/images |
|
175
|
|
|
$htaccess = api_get_path(SYS_ARCHIVE_PATH).'temp/images/.htaccess'; |
|
176
|
|
|
if (!file_exists($htaccess)) { |
|
177
|
|
|
$htaccess_content = "order deny,allow\r\nallow from all\r\nOptions -Indexes"; |
|
178
|
|
|
$fp = @fopen(api_get_path(SYS_ARCHIVE_PATH).'temp/images/.htaccess', 'w'); |
|
179
|
|
|
if ($fp) { |
|
180
|
|
|
fwrite($fp, $htaccess_content); |
|
181
|
|
|
fclose($fp); |
|
182
|
|
|
} |
|
183
|
|
|
} |
|
184
|
|
|
|
|
185
|
|
|
$html_index = api_get_path(SYS_ARCHIVE_PATH).'temp/images/index.html'; |
|
186
|
|
|
if (!file_exists($html_index)) { |
|
187
|
|
|
$html_index_content = "<html><head></head><body></body></html>"; |
|
188
|
|
|
$fp = @fopen(api_get_path(SYS_ARCHIVE_PATH).'temp/images/index.html', 'w'); |
|
189
|
|
|
if ($fp) { |
|
190
|
|
|
fwrite($fp, $html_index_content); |
|
191
|
|
|
fclose($fp); |
|
192
|
|
|
} |
|
193
|
|
|
} |
|
194
|
|
|
|
|
195
|
|
|
//encript temp name file |
|
196
|
|
|
$name_crip = sha1(uniqid()); //encript |
|
197
|
|
|
$findext = explode(".", $file); |
|
198
|
|
|
$extension = $findext[count($findext) - 1]; |
|
199
|
|
|
$file_crip = $name_crip.'.'.$extension; |
|
200
|
|
|
|
|
201
|
|
|
//copy file to temp/images directory |
|
202
|
|
|
$from = $filepath.$file; |
|
203
|
|
|
$to = api_get_path(SYS_ARCHIVE_PATH).'temp/images/'.$file_crip; |
|
204
|
|
|
copy($from, $to); |
|
205
|
|
|
Session::write('temp_realpath_image', $to); |
|
206
|
|
|
|
|
207
|
|
|
//load image to url |
|
208
|
|
|
$to_url = api_get_path(WEB_ARCHIVE_PATH).'temp/images/'.$file_crip; |
|
209
|
|
|
$image = urlencode($to_url); |
|
210
|
|
|
$pixlr_url = '//pixlr.com/editor/?title='.$title.'&image='.$image.'&loc='.$loc.'&referrer='.$referrer.'&target='.$target.'&exit='.$exit_path.'&locktarget='.$locktarget.'&locktitle='.$locktitle.'&credentials='.$credentials; |
|
211
|
|
|
|
|
212
|
|
|
//make frame an send image |
|
213
|
|
|
?> |
|
214
|
|
|
<script> |
|
215
|
|
|
document.write ('<iframe id="frame" frameborder="0" scrolling="no" src="<?php echo $pixlr_url; ?>" width="100%" height="100%"><noframes><p>Sorry, your browser does not handle frames</p></noframes></iframe>'); |
|
216
|
|
|
function resizeIframe() { |
|
217
|
|
|
var height = window.innerHeight; |
|
218
|
|
|
//max lower size |
|
219
|
|
|
if (height<600) { |
|
220
|
|
|
height=600; |
|
221
|
|
|
} |
|
222
|
|
|
document.getElementById('frame').style.height = height +"px"; |
|
223
|
|
|
}; |
|
224
|
|
|
document.getElementById('frame').onload = resizeIframe; |
|
225
|
|
|
window.onresize = resizeIframe; |
|
226
|
|
|
|
|
227
|
|
|
</script> |
|
228
|
|
|
|
|
229
|
|
|
<?php |
|
230
|
|
|
echo '<noscript>'; |
|
231
|
|
|
echo '<iframe style="height: 600px; width: 100%;" scrolling="no" frameborder="0" src="'.$pixlr_url.'"><noframes><p>Sorry, your browser does not handle frames</p></noframes></iframe>'; |
|
232
|
|
|
echo '</noscript>'; |
|
233
|
|
|
|
|
234
|
|
|
Display::display_footer(); |
|
235
|
|
|
|
chamilo /
chamilo-lms
Scrutinizer Auto-Fixer
jmontoyaa
Loading history...
If you suppress an error, we recommend checking for the error condition explicitly: