Issues in showinframes.php (BT22676) - Issues in BT22676 - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2128)

main/document/showinframes.php (2 issues)

Labels

Severity

<?php

/* For licensing terms, see /license.txt */

/**
 *  This file will show documents in a separate frame.
 *  We don't like frames, but it was the best of two bad things.
 *
 *  display html files within Chamilo - html files have the Chamilo header.
 *
 *  --- advantages ---
 *  users "feel" like they are in Chamilo,
 *  and they can use the navigation context provided by the header.
 * --- design ---
 *  a file gets a parameter (an html file) and shows
 *    - chamilo header
 *    - html file from parameter
 *    - (removed) chamilo footer
 *
 * @version 0.6
 *
 * @author Roan Embrechts ([email protected])
 *
 * @package chamilo.document
 */
require_once __DIR__.'/../inc/global.inc.php';

api_protect_course_script();

$header_file = isset($_GET['file']) ? Security::remove_XSS($_GET['file']) : null;
$document_id = (int) $_GET['id'];
$originIsLearnpath = isset($_GET['origin']) && $_GET['origin'] === 'learnpathitem';
$courseInfo = api_get_course_info();
$course_code = api_get_course_id();
$session_id = api_get_session_id();

if (empty($courseInfo)) {
    api_not_allowed(true);
}

$show_web_odf = false;

// Generate path
if (!$document_id) {
    $document_id = DocumentManager::get_document_id($courseInfo, $header_file);
}
$document_data = DocumentManager::get_document_data_by_id(
    $document_id,
    $course_code,
    true,
    $session_id
);

if ($session_id != 0 && !$document_data) {

    $document_data = DocumentManager::get_document_data_by_id(
        $document_id,
        $course_code,
        true,
        0
    );
}

if (empty($document_data)) {
    api_not_allowed(true);
}

$header_file = $document_data['path'];
$name_to_show = $document_data['title'];
$path_array = explode('/', str_replace('\\', '/', $header_file));
$path_array = array_map('urldecode', $path_array);
$header_file = implode('/', $path_array);
$file = Security::remove_XSS(urldecode($document_data['path']));
$file_root = $courseInfo['path'].'/document'.str_replace('%2F', '/', $file);
$file_url_sys = api_get_path(SYS_COURSE_PATH).$file_root;
$file_url_web = api_get_path(WEB_COURSE_PATH).$file_root;

if (!file_exists($file_url_sys)) {
    api_not_allowed(true);
}

if (is_dir($file_url_sys)) {
    api_not_allowed(true);
}

$is_allowed_to_edit = api_is_allowed_to_edit();
//fix the screen when you try to access a protected course through the url
$is_allowed_in_course = api_is_allowed_in_course() || $is_allowed_to_edit;
if ($is_allowed_in_course == false) {

    api_not_allowed(true);
}

// Check user visibility.
$is_visible = DocumentManager::check_visibility_tree(
    $document_id,
    api_get_course_info(),
    api_get_session_id(),
    api_get_user_id(),
    api_get_group_id(),
    false
);

$pathinfo = pathinfo($header_file);
$playerSupportedFiles = ['mp3', 'mp4', 'ogv', 'ogg', 'flv', 'm4v', 'webm', 'wav'];
$playerSupported = false;
if (in_array(strtolower($pathinfo['extension']), $playerSupportedFiles)) {
    $playerSupported = true;
}

$group_id = api_get_group_id();
if (!empty($group_id)) {
    $current_group = GroupManager::get_group_properties($group_id);
    if ($current_group) {
        $current_group_name = $current_group['name'];
    }
    $interbreadcrumb[] = [
        'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(),
        'name' => get_lang('Groups'),
    ];
    $interbreadcrumb[] = [
        'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(),
        'name' => get_lang('GroupSpace').' '.$current_group_name,
    ];
    $name_to_show = explode('/', $name_to_show);
    unset($name_to_show[1]);
    $name_to_show = implode('/', $name_to_show);
}

$interbreadcrumb[] = [
    'url' => './document.php?curdirpath='.dirname($header_file).'&'.api_get_cidreq(),
    'name' => get_lang('Documents'),
];

if (empty($document_data['parents'])) {
    if (isset($_GET['createdir'])) {
        $interbreadcrumb[] = [
            'url' => $document_data['document_url'],
            'name' => $document_data['title'],
        ];
    } else {
        $interbreadcrumb[] = [
            'url' => '#',
            'name' => $document_data['title'],
        ];
    }
} else {
    foreach ($document_data['parents'] as $document_sub_data) {
        if (!isset($_GET['createdir']) && $document_sub_data['id'] == $document_data['id']) {
            $document_sub_data['document_url'] = '#';
        }
        $interbreadcrumb[] = [
            'url' => $document_sub_data['document_url'],
            'name' => $document_sub_data['title'],
        ];
    }
}

$this_section = SECTION_COURSES;
$nameTools = get_lang('Documents');

/**
 * Main code section.
 */
header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
header('Last-Modified: Wed, 01 Jan 2100 00:00:00 GMT');
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
$browser_display_title = 'Documents - '.Security::remove_XSS($_GET['cidReq']).' - '.$file;
// Only admins get to see the "no frames" link in pageheader.php, so students get a header that's not so high
$frameheight = 135;
if (api_is_course_admin()) {
    $frameheight = 165;
}
$execute_iframe = true;
$frameReady = Display::getFrameReadyBlock('#mainFrame');
$web_odf_supported_files = DocumentManager::get_web_odf_extension_list();
// PDF should be displayed with viewerJS
$web_odf_supported_files[] = 'pdf';
if (in_array(strtolower($pathinfo['extension']), $web_odf_supported_files)) {
    $show_web_odf = true;
    $execute_iframe = false;
    $htmlHeadXtra[] = '
    <script>
        resizeIframe = function() {
            var bodyHeight = $("body").height();
            var topbarHeight = $("#topbar").height();
            $("#viewerJSContent").height((bodyHeight - topbarHeight));
        }
        $(function() {
            $(window).resize(resizeIframe());
        });
    </script>';
}

// Activate code highlight.
$isChatFolder = false;
if (isset($document_data['parents']) && isset($document_data['parents'][0])) {
    $chatFolder = $document_data['parents'][0];
    if (isset($chatFolder['path']) && $chatFolder['path'] === '/chat_files') {
        $isChatFolder = true;
    }
}

if ($isChatFolder) {
    $htmlHeadXtra[] = api_get_js('highlight/highlight.pack.js');
    $htmlHeadXtra[] = api_get_css(api_get_path(WEB_CSS_PATH).'chat.css');
    $htmlHeadXtra[] = api_get_css(api_get_path(WEB_LIBRARY_PATH).'javascript/highlight/styles/github.css');
    $htmlHeadXtra[] = '
    <script>
        hljs.initHighlightingOnLoad();
    </script>';
}

if ($playerSupported) {
    $extension = api_strtolower($pathinfo['extension']);
    $execute_iframe = false;
}

$is_freemind_available = $pathinfo['extension'] === 'mm' && api_get_setting('enable_freemind') === 'true';
if ($is_freemind_available) {
    $execute_iframe = false;
}

if (!$playerSupported && $execute_iframe) {
    $htmlHeadXtra[] = '<script>
    <!--
        var jQueryFrameReadyConfigPath = \''.api_get_jquery_web_path().'\';
    -->
    </script>';
    $htmlHeadXtra[] = '<script src="'.api_get_path(WEB_LIBRARY_PATH).'javascript/jquery.frameready.js"></script>';
    $htmlHeadXtra[] = '<script>
        // Fixes the content height of the frame
        $(function() {
            $(\'#mainFrame\').on(\'load\', function () {
                let currentHeight = this.style.height;
                currentHeight = parseInt(currentHeight, 10);
                let frameHeight = parseInt(this.contentWindow.document.body.scrollHeight) + 50;
                if (frameHeight > currentHeight) {
                    this.style.height = frameHeight + \'px\';
                }
            });

            '.$frameReady.'
        });
    </script>';
}

if ($originIsLearnpath) {
    Display::display_reduced_header();
} else {
    Display::display_header();
}

if (!$is_allowed_to_edit && !$is_visible) {
    echo Display::return_message(get_lang('ProtectedDocument'), 'warning');
    Display::display_footer();
    exit;
}

$file_url = api_get_path(WEB_COURSE_PATH).$courseInfo['path'].'/document'.$header_file;
$file_url_web = $file_url.'?'.api_get_cidreq();
if ($playerSupported) {
    echo DocumentManager::generateMediaPreview($file_url_web, $extension);
}

if ($is_freemind_available) {
    ?>
    <script type="text/javascript" src="<?php echo api_get_path(WEB_LIBRARY_PATH); ?>swfobject/swfobject.js"></script>
    <style type="text/css">
        #flashcontent {
            height: 500px;
            padding-top:10px;
        }
    </style>
    <div id="flashcontent" onmouseover="giveFocus();">
        Flash plugin or Javascript are turned off.
        Activate both  and reload to view the mindmap
    </div>
    <script>
        function giveFocus() {
            document.visorFreeMind.focus();
        }

        document.onload=giveFocus;
        // <![CDATA[
        // for allowing using http://.....?mindmap.mm mode
        function getMap(map){
            var result=map;
            var loc=document.location+'';
            if(loc.indexOf(".mm")>0 && loc.indexOf("?")>0){
                result=loc.substring(loc.indexOf("?")+1);
            }
            return result;
        }
        var fo = new FlashObject("<?php echo api_get_path(WEB_LIBRARY_PATH); ?>freeMindFlashBrowser/visorFreemind.swf", "visorFreeMind", "100%", "100%", 6, "#ffffff");
        fo.addParam("quality", "high");
        //fo.addParam("bgcolor", "#a0a0f0");
        fo.addVariable("openUrl", "_blank");//Default value "_self"
        fo.addVariable("startCollapsedToLevel","3");//Default value = "-1", meaning do nothing, the mindmap will open as it was saved. The root node, or central node, of your mindmap is level zero. You could force the browser to open (unfold) your mind map to an expanded level using this variable.
        fo.addVariable("maxNodeWidth","200");
        //
        fo.addVariable("mainNodeShape","elipse");//"rectangle", "elipse", "none". None hide the main node. Default is "elipse"
        fo.addVariable("justMap","false");
        fo.addVariable("initLoadFile",getMap("<?php echo $file_url_web; ?>"));
        fo.addVariable("defaultToolTipWordWrap",200);//max width for tooltips. Default "600" pixels
        fo.addVariable("offsetX","left");//for the center of the mindmap. Admit also "left" and "right"
        fo.addVariable("offsetY","top");//for the center of the mindmap. Admit also "top" and "bottom"
        fo.addVariable("buttonsPos","top");//"top" or "bottom"
        fo.addVariable("min_alpha_buttons",20);//for dynamic view of buttons
        fo.addVariable("max_alpha_buttons",100);//for dynamic view of buttons
        fo.addVariable("scaleTooltips","false");
        //
        //extra
        //fo.addVariable("CSSFile","<?php // echo api_get_path(WEB_LIBRARY_PATH);?>freeMindFlashBrowser/flashfreemind.css");//
        //fo.addVariable("baseImagePath","<?php // echo api_get_path(WEB_LIBRARY_PATH);?>freeMindFlashBrowser/");//
        //fo.addVariable("justMap","false");//Hides all the upper control options. Default value "false"
        //fo.addVariable("noElipseMode","anyvalue");//for changing to old elipseNode edges. Default = not set
        //fo.addVariable("ShotsWidth","200");//The width of snapshots, in pixels.
        //fo.addVariable("genAllShots","true");//Preview shots (like the samples on the Shots Width page) will be generated for all linked maps when your main map loads. If you have a lot of linked maps, this could take some time to complete
        //fo.addVariable("unfoldAll","true"); //For each mindmap loaded start the display with all nodes unfolded. Another variable to be wary of!
        //fo.addVariable("toolTipsBgColor","0xaaeeaa");: bgcolor for tooltips ej;"0xaaeeaa"
        //fo.addVariable("defaultWordWrap","300"); //default 600
        //
        fo.write("flashcontent");
        // ]]>
    </script>
<?php
}

if (($execute_iframe || $show_web_odf) && !$isChatFolder) {
    $parentId = $document_data['parent_id'];
    $url = api_get_path(WEB_CODE_PATH).'document/document.php?'.api_get_cidreq().'&id='.$parentId;
    $actionsLeft = Display::url(
        Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM),
        $url
    );

    $groupMemberWithEditRights = false;
    $groupId = api_get_group_id();
    if (!empty($groupId)) {
        $groupInfo = GroupManager::get_group_properties($groupId);
        if ($groupInfo) {
            $groupMemberWithEditRights = GroupManager::allowUploadEditDocument(
                api_get_user_id(),
                api_get_course_int_id(),
                $groupInfo,
                $document_data
            );
        }
    }

    $allowToEdit = api_is_allowed_to_edit(null, true) || $groupMemberWithEditRights;
    if ($allowToEdit) {
        if (false === $show_web_odf) {
            $actionsLeft .= Display::url(
                Display::return_icon(
                    'edit.png',
                    get_lang('Modify'),
                    '',
                    ICON_SIZE_MEDIUM
                ),
                api_get_path(WEB_CODE_PATH).'document/edit_document.php?'.api_get_cidreq().'&id='.$document_id
            );
        }

        $titleToShow = addslashes(basename($document_data['title']));
        $urlDeleteParams = http_build_query(
            [
                'action' => 'delete_item',
                'id' => $parentId,
                'deleteid' => $document_data['id'],
            ]
        );

        $actionsLeft .= Display::url(
            Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_MEDIUM),
            '#',
            [
                'data-item-title' => $titleToShow,
                'data-href' => api_get_path(WEB_CODE_PATH).'document/document.php?'.api_get_cidreq().'&'.$urlDeleteParams,
                'data-toggle' => 'modal',
                'data-target' => '#confirm-delete',
            ]
        );

        if (false === $show_web_odf) {
            $secToken = Security::get_token();
            $actionsLeft .= Display::url(
                Display::return_icon('pdf.png', get_lang('Export2PDF'), [], ICON_SIZE_MEDIUM),
                api_get_path(WEB_CODE_PATH).'document/document.php?'.api_get_cidreq(
                ).'&action=export_to_pdf&id='.$document_id.'&sec_token='.$secToken
            );
        }
    }
    echo $toolbar = Display::toolbarAction('actions-documents', [$actionsLeft]);
}

if ($show_web_odf) {
    $execute_iframe = false;
    echo '<div class="text-center">';
    $browser = api_get_navigator();
    $pdfUrl = api_get_path(WEB_LIBRARY_PATH).'javascript/ViewerJS/index.html?zoom=page-width#'.$file_url;
    if ($browser['name'] === 'Mozilla' && preg_match('|.*\.pdf|i', $header_file)) {
        $pdfUrl = $file_url;
    }
    echo '<div id="viewerJS">';
    echo '<iframe
            id="viewerJSContent"
            frameborder="0"
            allowfullscreen="allowfullscreen"
            webkitallowfullscreen
            style="width:100%;height:600px;"
            src="'.$pdfUrl.'">
        </iframe>';
    echo '</div>';
    echo '</div>';
}

if ($execute_iframe) {
    if ($isChatFolder) {
        $content = Security::remove_XSS(file_get_contents($file_url_sys));
        echo $content;
    } else {
        echo '<iframe
            id="mainFrame"
            name="mainFrame"
            border="0"
            frameborder="0"
            marginheight="0"
            marginwidth="0"
            scrolling="no"
            style="width:100%; height:600px"
            src="'.$file_url_web.'&rand='.mt_rand(1, 10000).'"
            allowfullscreen="true" webkitallowfullscreen="true" mozallowfullscreen="true"></iframe>';
    }
}
Display::display_footer();


1			<?php
2
3			/* For licensing terms, see /license.txt */
4
5			/**
6			* This file will show documents in a separate frame.
7			* We don't like frames, but it was the best of two bad things.
8			*
9			* display html files within Chamilo - html files have the Chamilo header.
10			*
11			* --- advantages ---
12			* users "feel" like they are in Chamilo,
13			* and they can use the navigation context provided by the header.
14			* --- design ---
15			* a file gets a parameter (an html file) and shows
16			* - chamilo header
17			* - html file from parameter
18			* - (removed) chamilo footer
19			*
20			* @version 0.6
21			*
22			* @author Roan Embrechts ([email protected])
23			*
24			* @package chamilo.document
25			*/
26			require_once __DIR__.'/../inc/global.inc.php';
27
28			api_protect_course_script();
29
30			$header_file = isset($_GET['file']) ? Security::remove_XSS($_GET['file']) : null;
31			$document_id = (int) $_GET['id'];
32			$originIsLearnpath = isset($_GET['origin']) && $_GET['origin'] === 'learnpathitem';
33			$courseInfo = api_get_course_info();
34			$course_code = api_get_course_id();
35			$session_id = api_get_session_id();
36
37			if (empty($courseInfo)) {
38			api_not_allowed(true);
39			}
40
41			$show_web_odf = false;
42
43			// Generate path
44			if (!$document_id) {
45			$document_id = DocumentManager::get_document_id($courseInfo, $header_file);
46			}
47			$document_data = DocumentManager::get_document_data_by_id(
48			$document_id,
49			$course_code,
50			true,
51			$session_id
52			);
53
54			if ($session_id != 0 && !$document_data) {
			0 ignored issues – show Bug Best Practice introduced 2018-01-05 13:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$document_data` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
55			$document_data = DocumentManager::get_document_data_by_id(
56			$document_id,
57			$course_code,
58			true,
59			0
60			);
61			}
62
63			if (empty($document_data)) {
64			api_not_allowed(true);
65			}
66
67			$header_file = $document_data['path'];
68			$name_to_show = $document_data['title'];
69			$path_array = explode('/', str_replace('\\', '/', $header_file));
70			$path_array = array_map('urldecode', $path_array);
71			$header_file = implode('/', $path_array);
72			$file = Security::remove_XSS(urldecode($document_data['path']));
73			$file_root = $courseInfo['path'].'/document'.str_replace('%2F', '/', $file);
74			$file_url_sys = api_get_path(SYS_COURSE_PATH).$file_root;
75			$file_url_web = api_get_path(WEB_COURSE_PATH).$file_root;
76
77			if (!file_exists($file_url_sys)) {
78			api_not_allowed(true);
79			}
80
81			if (is_dir($file_url_sys)) {
82			api_not_allowed(true);
83			}
84
85			$is_allowed_to_edit = api_is_allowed_to_edit();
86			//fix the screen when you try to access a protected course through the url
87			$is_allowed_in_course = api_is_allowed_in_course() \|\| $is_allowed_to_edit;
88			if ($is_allowed_in_course == false) {
			0 ignored issues – show Coding Style Best Practice introduced 2018-01-05 13:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `===` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
89			api_not_allowed(true);
90			}
91
92			// Check user visibility.
93			$is_visible = DocumentManager::check_visibility_tree(
94			$document_id,
95			api_get_course_info(),
96			api_get_session_id(),
97			api_get_user_id(),
98			api_get_group_id(),
99			false
100			);
101
102			$pathinfo = pathinfo($header_file);
103			$playerSupportedFiles = ['mp3', 'mp4', 'ogv', 'ogg', 'flv', 'm4v', 'webm', 'wav'];
104			$playerSupported = false;
105			if (in_array(strtolower($pathinfo['extension']), $playerSupportedFiles)) {
106			$playerSupported = true;
107			}
108
109			$group_id = api_get_group_id();
110			if (!empty($group_id)) {
111			$current_group = GroupManager::get_group_properties($group_id);
112			if ($current_group) {
113			$current_group_name = $current_group['name'];
114			}
115			$interbreadcrumb[] = [
116			'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(),
117			'name' => get_lang('Groups'),
118			];
119			$interbreadcrumb[] = [
120			'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(),
121			'name' => get_lang('GroupSpace').' '.$current_group_name,
122			];
123			$name_to_show = explode('/', $name_to_show);
124			unset($name_to_show[1]);
125			$name_to_show = implode('/', $name_to_show);
126			}
127
128			$interbreadcrumb[] = [
129			'url' => './document.php?curdirpath='.dirname($header_file).'&'.api_get_cidreq(),
130			'name' => get_lang('Documents'),
131			];
132
133			if (empty($document_data['parents'])) {
134			if (isset($_GET['createdir'])) {
135			$interbreadcrumb[] = [
136			'url' => $document_data['document_url'],
137			'name' => $document_data['title'],
138			];
139			} else {
140			$interbreadcrumb[] = [
141			'url' => '#',
142			'name' => $document_data['title'],
143			];
144			}
145			} else {
146			foreach ($document_data['parents'] as $document_sub_data) {
147			if (!isset($_GET['createdir']) && $document_sub_data['id'] == $document_data['id']) {
148			$document_sub_data['document_url'] = '#';
149			}
150			$interbreadcrumb[] = [
151			'url' => $document_sub_data['document_url'],
152			'name' => $document_sub_data['title'],
153			];
154			}
155			}
156
157			$this_section = SECTION_COURSES;
158			$nameTools = get_lang('Documents');
159
160			/**
161			* Main code section.
162			*/
163			header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
164			header('Last-Modified: Wed, 01 Jan 2100 00:00:00 GMT');
165			header('Cache-Control: no-cache, must-revalidate');
166			header('Pragma: no-cache');
167			$browser_display_title = 'Documents - '.Security::remove_XSS($_GET['cidReq']).' - '.$file;
168			// Only admins get to see the "no frames" link in pageheader.php, so students get a header that's not so high
169			$frameheight = 135;
170			if (api_is_course_admin()) {
171			$frameheight = 165;
172			}
173			$execute_iframe = true;
174			$frameReady = Display::getFrameReadyBlock('#mainFrame');
175			$web_odf_supported_files = DocumentManager::get_web_odf_extension_list();
176			// PDF should be displayed with viewerJS
177			$web_odf_supported_files[] = 'pdf';
178			if (in_array(strtolower($pathinfo['extension']), $web_odf_supported_files)) {
179			$show_web_odf = true;
180			$execute_iframe = false;
181			$htmlHeadXtra[] = '
182			<script>
183			resizeIframe = function() {
184			var bodyHeight = $("body").height();
185			var topbarHeight = $("#topbar").height();
186			$("#viewerJSContent").height((bodyHeight - topbarHeight));
187			}
188			$(function() {
189			$(window).resize(resizeIframe());
190			});
191			</script>';
192			}
193
194			// Activate code highlight.
195			$isChatFolder = false;
196			if (isset($document_data['parents']) && isset($document_data['parents'][0])) {
197			$chatFolder = $document_data['parents'][0];
198			if (isset($chatFolder['path']) && $chatFolder['path'] === '/chat_files') {
199			$isChatFolder = true;
200			}
201			}
202
203			if ($isChatFolder) {
204			$htmlHeadXtra[] = api_get_js('highlight/highlight.pack.js');
205			$htmlHeadXtra[] = api_get_css(api_get_path(WEB_CSS_PATH).'chat.css');
206			$htmlHeadXtra[] = api_get_css(api_get_path(WEB_LIBRARY_PATH).'javascript/highlight/styles/github.css');
207			$htmlHeadXtra[] = '
208			<script>
209			hljs.initHighlightingOnLoad();
210			</script>';
211			}
212
213			if ($playerSupported) {
214			$extension = api_strtolower($pathinfo['extension']);
215			$execute_iframe = false;
216			}
217
218			$is_freemind_available = $pathinfo['extension'] === 'mm' && api_get_setting('enable_freemind') === 'true';
219			if ($is_freemind_available) {
220			$execute_iframe = false;
221			}
222
223			if (!$playerSupported && $execute_iframe) {
224			$htmlHeadXtra[] = '<script>
225			<!--
226			var jQueryFrameReadyConfigPath = \''.api_get_jquery_web_path().'\';
227			-->
228			</script>';
229			$htmlHeadXtra[] = '<script src="'.api_get_path(WEB_LIBRARY_PATH).'javascript/jquery.frameready.js"></script>';
230			$htmlHeadXtra[] = '<script>
231			// Fixes the content height of the frame
232			$(function() {
233			$(\'#mainFrame\').on(\'load\', function () {
234			let currentHeight = this.style.height;
235			currentHeight = parseInt(currentHeight, 10);
236			let frameHeight = parseInt(this.contentWindow.document.body.scrollHeight) + 50;
237			if (frameHeight > currentHeight) {
238			this.style.height = frameHeight + \'px\';
239			}
240			});
241
242			'.$frameReady.'
243			});
244			</script>';
245			}
246
247			if ($originIsLearnpath) {
248			Display::display_reduced_header();
249			} else {
250			Display::display_header();
251			}
252
253			if (!$is_allowed_to_edit && !$is_visible) {
254			echo Display::return_message(get_lang('ProtectedDocument'), 'warning');
255			Display::display_footer();
256			exit;
257			}
258
259			$file_url = api_get_path(WEB_COURSE_PATH).$courseInfo['path'].'/document'.$header_file;
260			$file_url_web = $file_url.'?'.api_get_cidreq();
261			if ($playerSupported) {
262			echo DocumentManager::generateMediaPreview($file_url_web, $extension);
263			}
264
265			if ($is_freemind_available) {
266			?>
267			<script type="text/javascript" src="<?php echo api_get_path(WEB_LIBRARY_PATH); ?>swfobject/swfobject.js"></script>
268			<style type="text/css">
269			#flashcontent {
270			height: 500px;
271			padding-top:10px;
272			}
273			</style>
274			<div id="flashcontent" onmouseover="giveFocus();">
275			Flash plugin or Javascript are turned off.
276			Activate both and reload to view the mindmap
277			</div>
278			<script>
279			function giveFocus() {
280			document.visorFreeMind.focus();
281			}
282
283			document.onload=giveFocus;
284			// <![CDATA[
285			// for allowing using http://.....?mindmap.mm mode
286			function getMap(map){
287			var result=map;
288			var loc=document.location+'';
289			if(loc.indexOf(".mm")>0 && loc.indexOf("?")>0){
290			result=loc.substring(loc.indexOf("?")+1);
291			}
292			return result;
293			}
294			var fo = new FlashObject("<?php echo api_get_path(WEB_LIBRARY_PATH); ?>freeMindFlashBrowser/visorFreemind.swf", "visorFreeMind", "100%", "100%", 6, "#ffffff");
295			fo.addParam("quality", "high");
296			//fo.addParam("bgcolor", "#a0a0f0");
297			fo.addVariable("openUrl", "_blank");//Default value "_self"
298			fo.addVariable("startCollapsedToLevel","3");//Default value = "-1", meaning do nothing, the mindmap will open as it was saved. The root node, or central node, of your mindmap is level zero. You could force the browser to open (unfold) your mind map to an expanded level using this variable.
299			fo.addVariable("maxNodeWidth","200");
300			//
301			fo.addVariable("mainNodeShape","elipse");//"rectangle", "elipse", "none". None hide the main node. Default is "elipse"
302			fo.addVariable("justMap","false");
303			fo.addVariable("initLoadFile",getMap("<?php echo $file_url_web; ?>"));
304			fo.addVariable("defaultToolTipWordWrap",200);//max width for tooltips. Default "600" pixels
305			fo.addVariable("offsetX","left");//for the center of the mindmap. Admit also "left" and "right"
306			fo.addVariable("offsetY","top");//for the center of the mindmap. Admit also "top" and "bottom"
307			fo.addVariable("buttonsPos","top");//"top" or "bottom"
308			fo.addVariable("min_alpha_buttons",20);//for dynamic view of buttons
309			fo.addVariable("max_alpha_buttons",100);//for dynamic view of buttons
310			fo.addVariable("scaleTooltips","false");
311			//
312			//extra
313			//fo.addVariable("CSSFile","<?php // echo api_get_path(WEB_LIBRARY_PATH);?>freeMindFlashBrowser/flashfreemind.css");//
314			//fo.addVariable("baseImagePath","<?php // echo api_get_path(WEB_LIBRARY_PATH);?>freeMindFlashBrowser/");//
315			//fo.addVariable("justMap","false");//Hides all the upper control options. Default value "false"
316			//fo.addVariable("noElipseMode","anyvalue");//for changing to old elipseNode edges. Default = not set
317			//fo.addVariable("ShotsWidth","200");//The width of snapshots, in pixels.
318			//fo.addVariable("genAllShots","true");//Preview shots (like the samples on the Shots Width page) will be generated for all linked maps when your main map loads. If you have a lot of linked maps, this could take some time to complete
319			//fo.addVariable("unfoldAll","true"); //For each mindmap loaded start the display with all nodes unfolded. Another variable to be wary of!
320			//fo.addVariable("toolTipsBgColor","0xaaeeaa");: bgcolor for tooltips ej;"0xaaeeaa"
321			//fo.addVariable("defaultWordWrap","300"); //default 600
322			//
323			fo.write("flashcontent");
324			// ]]>
325			</script>
326			<?php
327			}
328
329			if (($execute_iframe \|\| $show_web_odf) && !$isChatFolder) {
330			$parentId = $document_data['parent_id'];
331			$url = api_get_path(WEB_CODE_PATH).'document/document.php?'.api_get_cidreq().'&id='.$parentId;
332			$actionsLeft = Display::url(
333			Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM),
334			$url
335			);
336
337			$groupMemberWithEditRights = false;
338			$groupId = api_get_group_id();
339			if (!empty($groupId)) {
340			$groupInfo = GroupManager::get_group_properties($groupId);
341			if ($groupInfo) {
342			$groupMemberWithEditRights = GroupManager::allowUploadEditDocument(
343			api_get_user_id(),
344			api_get_course_int_id(),
345			$groupInfo,
346			$document_data
347			);
348			}
349			}
350
351			$allowToEdit = api_is_allowed_to_edit(null, true) \|\| $groupMemberWithEditRights;
352			if ($allowToEdit) {
353			if (false === $show_web_odf) {
354			$actionsLeft .= Display::url(
355			Display::return_icon(
356			'edit.png',
357			get_lang('Modify'),
358			'',
359			ICON_SIZE_MEDIUM
360			),
361			api_get_path(WEB_CODE_PATH).'document/edit_document.php?'.api_get_cidreq().'&id='.$document_id
362			);
363			}
364
365			$titleToShow = addslashes(basename($document_data['title']));
366			$urlDeleteParams = http_build_query(
367			[
368			'action' => 'delete_item',
369			'id' => $parentId,
370			'deleteid' => $document_data['id'],
371			]
372			);
373
374			$actionsLeft .= Display::url(
375			Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_MEDIUM),
376			'#',
377			[
378			'data-item-title' => $titleToShow,
379			'data-href' => api_get_path(WEB_CODE_PATH).'document/document.php?'.api_get_cidreq().'&'.$urlDeleteParams,
380			'data-toggle' => 'modal',
381			'data-target' => '#confirm-delete',
382			]
383			);
384
385			if (false === $show_web_odf) {
386			$secToken = Security::get_token();
387			$actionsLeft .= Display::url(
388			Display::return_icon('pdf.png', get_lang('Export2PDF'), [], ICON_SIZE_MEDIUM),
389			api_get_path(WEB_CODE_PATH).'document/document.php?'.api_get_cidreq(
390			).'&action=export_to_pdf&id='.$document_id.'&sec_token='.$secToken
391			);
392			}
393			}
394			echo $toolbar = Display::toolbarAction('actions-documents', [$actionsLeft]);
395			}
396
397			if ($show_web_odf) {
398			$execute_iframe = false;
399			echo '<div class="text-center">';
400			$browser = api_get_navigator();
401			$pdfUrl = api_get_path(WEB_LIBRARY_PATH).'javascript/ViewerJS/index.html?zoom=page-width#'.$file_url;
402			if ($browser['name'] === 'Mozilla' && preg_match('\|.*\.pdf\|i', $header_file)) {
403			$pdfUrl = $file_url;
404			}
405			echo '<div id="viewerJS">';
406			echo '<iframe
407			id="viewerJSContent"
408			frameborder="0"
409			allowfullscreen="allowfullscreen"
410			webkitallowfullscreen
411			style="width:100%;height:600px;"
412			src="'.$pdfUrl.'">
413			</iframe>';
414			echo '</div>';
415			echo '</div>';
416			}
417
418			if ($execute_iframe) {
419			if ($isChatFolder) {
420			$content = Security::remove_XSS(file_get_contents($file_url_sys));
421			echo $content;
422			} else {
423			echo '<iframe
424			id="mainFrame"
425			name="mainFrame"
426			border="0"
427			frameborder="0"
428			marginheight="0"
429			marginwidth="0"
430			scrolling="no"
431			style="width:100%; height:600px"
432			src="'.$file_url_web.'&rand='.mt_rand(1, 10000).'"
433			allowfullscreen="true" webkitallowfullscreen="true" mozallowfullscreen="true"></iframe>';
434			}
435			}
436			Display::display_footer();
437

chamilo / chamilo-lms

Issues (2128)

main/document/showinframes.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like