[GSOC-FUQT] Fixed several issues in AJAX uploader:

* survey directory creation
* using randomized filenames for saving files
* escaping non-alphanumeric characters in filenames

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey_dev@8944 b72ed6b6-b9f8-46b5-92b4-906544132732

admin/activate.php

@@ -282,103 +282,95 @@
     //Get list of questions for the base language
     $fieldmap=createFieldMap($surveyid);
 
-    $fuqtQuestions[] = "";
     foreach ($fieldmap as $arow) //With each question, create the appropriate field(s)
     {
-        if ($arow['type'] != '|')
+       if ($createsurvey!='') {$createsurvey .= ",\n";}
+        $createsurvey .= " `{$arow['fieldname']}`";
+        switch($arow['type'])
         {
-           if ($createsurvey!='') {$createsurvey .= ",\n";}
-            $createsurvey .= " `{$arow['fieldname']}`";
-            switch($arow['type'])
-            {
-                case 'startlanguage':
-                    $createsurvey .= " C(20) NOTNULL";
-                    break;
-                case 'id':
-                    $createsurvey .= " I NOTNULL AUTO PRIMARY";
-                    break;
-                case "startdate":
-                case "datestamp":
-                    $createsurvey .= " T NOTNULL";
-                    break;
-                case "submitdate":
-                    $createsurvey .= " T";
-                    break;
-                case "lastpage":
-                    $createsurvey .= " I";
-                    break;
-                case "N":  //NUMERICAL
-                    $createsurvey .= " F";
-                    break;
-                case "S":  //SHORT TEXT
-                    if ($databasetype=='mysql' || $databasetype=='mysqli')	{$createsurvey .= " X";}
-                    else  {$createsurvey .= " C(255)";}
-                    break;
-                case "L":  //LIST (RADIO)
-                case "!":  //LIST (DROPDOWN)
-                case "M":  //Multiple options
-                case "P":  //Multiple options with comment
-                case "O":  //DROPDOWN LIST WITH COMMENT
-                    if ($arow['aid'] != 'other' && $arow['aid'] != 'comment' && $arow['aid'] != 'othercomment')
-                    {
-                        $createsurvey .= " C(5)";
-                    }
-                    else
-                    {
-                        $createsurvey .= " X";
-                    }
-                    break;
-                case "K":  // Multiple Numerical
-                    $createsurvey .= " F";
-                    break;
-                case "U":  //Huge text
-                case "Q":  //Multiple short text
-                case "T":  //LONG TEXT
-                case ";":  //Multi Flexi
-                case ":":  //Multi Flexi
-                    $createsurvey .= " X";
-                    break;
-                case "D":  //DATE
-                    $createsurvey .= " D";
-                    break;
-                case "5":  //5 Point Choice
-                case "G":  //Gender
-                case "Y":  //YesNo
-                case "X":  //Boilerplate
-                    $createsurvey .= " C(1)";
-                    break;
-                case "I":  //Language switch
-                    $createsurvey .= " C(20)";
-                    break;
-                case "ipaddress":
-                    if ($prow['ipaddr'] == "Y")
-                        $createsurvey .= " X";
-                    break;
-                case "url":
-                    if ($prow['refurl'] == "Y")
-                        $createsurvey .= " X";
-                    break;
-                case "token":
-                    if ($prow['private'] == "N")
-                    {
-                        $createsurvey .= " C(36)";
-                        $surveynotprivate="TRUE";
-                    }
-                    break;
-                default:
+            case 'startlanguage':
+                $createsurvey .= " C(20) NOTNULL";
+                break;
+            case 'id':
+                $createsurvey .= " I NOTNULL AUTO PRIMARY";
+                break;
+            case "startdate":
+            case "datestamp":
+                $createsurvey .= " T NOTNULL";
+                break;
+            case "submitdate":
+                $createsurvey .= " T";
+                break;
+            case "lastpage":
+                $createsurvey .= " I";
+                break;
+            case "N":  //NUMERICAL
+                $createsurvey .= " F";
+                break;
+            case "S":  //SHORT TEXT
+                if ($databasetype=='mysql' || $databasetype=='mysqli')	{$createsurvey .= " X";}
+                else  {$createsurvey .= " C(255)";}
+                break;
+            case "L":  //LIST (RADIO)
+            case "!":  //LIST (DROPDOWN)
+            case "M":  //Multiple options
+            case "P":  //Multiple options with comment
+            case "O":  //DROPDOWN LIST WITH COMMENT
+                if ($arow['aid'] != 'other' && $arow['aid'] != 'comment' && $arow['aid'] != 'othercomment')
+                {
                     $createsurvey .= " C(5)";
-            }
-        }
-        else
-        {
-            $question = strstr($arow['fieldname'], "_", true);
-            if (!in_array($question, $fuqtQuestions))
-            {
-                $createsurvey .= ",\n";
-                $createsurvey .= " `".$question."` X, \n";
-                $createsurvey .= " `".$question."_filecount` I1";
-                $fuqtQuestions[] = $question;
-            }
+                }
+                else
+                {
+                    $createsurvey .= " X";
+                }
+                break;
+            case "K":  // Multiple Numerical
+                $createsurvey .= " F";
+                break;
+            case "U":  //Huge text
+            case "Q":  //Multiple short text
+            case "T":  //LONG TEXT
+            case ";":  //Multi Flexi
+            case ":":  //Multi Flexi
+                $createsurvey .= " X";
+                break;
+            case "D":  //DATE
+                $createsurvey .= " D";
+                break;
+            case "5":  //5 Point Choice
+            case "G":  //Gender
+            case "Y":  //YesNo
+            case "X":  //Boilerplate
+                $createsurvey .= " C(1)";
+                break;
+            case "I":  //Language switch
+                $createsurvey .= " C(20)";
+                break;
+            case "|":
+                $createsurveydirectory = true;
+                if (strpos($arow['fieldname'], "_"))
+                    $createsurvey .= " I1";
+                else
+                    $createsurvey .= " X";
+                break;
+            case "ipaddress":
+                if ($prow['ipaddr'] == "Y")
+                    $createsurvey .= " X";
+                break;
+            case "url":
+                if ($prow['refurl'] == "Y")
+                    $createsurvey .= " X";
+                break;
+            case "token":
+                if ($prow['private'] == "N")
+                {
+                    $createsurvey .= " C(36)";
+                    $surveynotprivate="TRUE";
+                }
+                break;
+            default:
+                $createsurvey .= " C(5)";
         }
     }
 
@@ -428,6 +420,12 @@
         $activateoutput .= "<div class='header'>".$clang->gT("Activate Survey")." ($surveyid)</div>\n";
         $activateoutput .= "<div class='successheader'>".$clang->gT("Survey has been activated. Results table has been successfully created.")."</div><br /><br />\n";
 
+        // create the survey directory where the uploaded files can be saved
+        if ($createsurveydirectory)
+            if (!(mkdir("../upload/surveys/" . $postsid . "/files", 0777, true)))
+                $activateoutput .= "<div class='warningheader'>".
+                    $clang->gT("The required directory for saving the uploaded files couldn't be created. Please check file premissions on the limesurvey/upload/surveys directory.") . "</div>";
+
         $acquery = "UPDATE {$dbprefix}surveys SET active='Y' WHERE sid=".returnglobal('sid');
         $acresult = $connect->Execute($acquery);
 

admin/browse.php

@@ -394,13 +394,17 @@
                     foreach ($metadata as $data)
                     {
                         $phparray = json_decode($data, true);
-                        for ($i = 0; isset($phparray[$i]); $i++)
-                            $filelist[] = $phparray[$i]['name'];
+                        for ($i = 0; $i < count($phparray); $i++)
+                        {
+                            $filelist[$i]['filename'] = $phparray[$i]['filename'];
+                            $filelist[$i]['name'] = $phparray[$i]['name'];
+                        }
+
                     }
                 }
             }
             // Now, zip all the files in the filelist
-            $tmpdir = getcwd()."/../upload/tmp";
+            $tmpdir = getcwd()."/../upload/surveys/" . $surveyid . "/files/";
 
             $zip = new ZipArchive();
             $zipfilename = "uploadedfiles.zip";
@@ -413,7 +417,7 @@
             }
 
             foreach ($filelist as $file)
-                $zip->addFile($tmpdir."/".$file, basename($file));
+                $zip->addFile($tmpdir . "/" . $file['filename'], $file['name']);
 
             $zip->close();
 
@@ -468,26 +472,27 @@
                 $phparray = json_decode($data, true);
                 for ($i = 0; isset($phparray[$i]); $i++)
                 {
-                    $filelist[] = $phparray[$i]['name'];
+                    $filelist[$i]['filename'] = $phparray[$i]['filename'];
+                    $filelist[$i]['name'] = $phparray[$i]['name'];
                 }
             }
         }
 
         // Now, zip all the files in the filelist
-        $tmpdir = getcwd()."/../upload/tmp";
+        $tmpdir = getcwd()."/../upload/surveys/" . $surveyid . "/files/";
 
         $zip = new ZipArchive();
         $zipfilename = "uploadedfiles.zip";
-        if (file_exists($tmpdir."/".$zipfilename))
-            unlink($tmpdir."/".$zipfilename);
+        if (file_exists($tmpdir ."/". $zipfilename))
+            unlink($tmpdir . "/" . $zipfilename);
 
-        if ($zip->open($tmpdir."/".$zipfilename, ZIPARCHIVE::CREATE) !== TRUE)
+        if ($zip->open($tmpdir . "/" . $zipfilename, ZIPARCHIVE::CREATE) !== TRUE)
         {
             exit("Cannot Open <$zipfilename>\n");
         }
 
         foreach ($filelist as $file)
-            $zip->addFile($tmpdir."/".$file, basename($file));
+            $zip->addFile($tmpdir . "/" . $file['filename'], $file['name']);
 
         $zip->close();
         if (file_exists($tmpdir."/".$zipfilename)) {
@@ -501,8 +506,8 @@
             header('Content-Length: ' . filesize($tmpdir."/".$zipfilename));
             ob_clean();
             flush();
-            readfile($tmpdir."/".$zipfilename);
-            //unlink($tmpdir."/".$zipfilename);
+            readfile($tmpdir . "/" . $zipfilename);
+            //unlink($tmpdir . "/" . $zipfilename);
             exit;
         }
     }

common.php

@@ -2606,6 +2606,7 @@ function createFieldMap($surveyid, $style='short', $force_refresh=false, $questi
                     $fieldmap[$fieldname]['question']=$arow['question'];
                     $fieldmap[$fieldname]['max_files']=$abrow['value'];
                     $fieldmap[$fieldname]['group_name']=$arow['group_name'];
+                    $fieldmap[$fieldname]['mandatory']=$arow['mandatory'];
                     $fieldmap[$fieldname]['hasconditions']=$conditions;
                     $fieldmap[$fieldname]['usedinconditions']=$usedinconditions;
                 }
@@ -2623,6 +2624,7 @@ function createFieldMap($surveyid, $style='short', $force_refresh=false, $questi
                     $fieldmap[$fieldname]['question']="filecount - ".$arow['question'];
                     //$fieldmap[$fieldname]['subquestion']=$clang->gT("Comment");
                     $fieldmap[$fieldname]['group_name']=$arow['group_name'];
+                    $fieldmap[$fieldname]['mandatory']=$arow['mandatory'];
                     $fieldmap[$fieldname]['hasconditions']=$conditions;
                     $fieldmap[$fieldname]['usedinconditions']=$usedinconditions;
                 }

qanda.php

@@ -3592,7 +3592,7 @@ function do_file_upload($ia)
                             $('<iframe id=\"uploader\" class=\"externalSite\" src=\"' + this.href + '\" />').dialog({
                                 title: 'Upload your files',
                                 autoOpen: true,
-                                width: 1084,
+                                width: 984,
                                 height: 500,
                                 modal: true,
                                 resizable: false,
@@ -3604,7 +3604,7 @@ function do_file_upload($ia)
                                     opacity: 0.85,
                                     background: 'black'
                                 }
-                            }).width(1084 - horizontalPadding).height(500 - verticalPadding);
+                            }).width(984 - horizontalPadding).height(500 - verticalPadding);
                         });
                     });
                     
@@ -3625,32 +3625,32 @@ function copyJSON(jsonstring, filecount) {
                         $('#".$ia[1]."').val(jsonstring);
                         $('#".$ia[1]."_filecount').val(filecount);
 
-                        var image_extensions = new Array('gif', 'jpeg', 'png', 'swf', 'psd', 'bmp', 'tiff', 'jp2', 'iff', 'bmp', 'xbm', 'ico');
+                        var image_extensions = new Array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'tiff', 'jp2', 'iff', 'bmp', 'xbm', 'ico');
                             
                         for (i = 0; i < filecount; i++)
                         {";
 
-    if ($pos || $thissurvey['active'] != "Y")
+    if ($pos)
     {
         $answer .= "if (isValueInArray(image_extensions, jsonobj[i].ext))
-                        display += '<tr><td align=\"center\"><img src=\"../upload/tmp/'+jsonobj[i].name+'\" height=100px  align=\"center\"/></td>';
+                        display += '<tr><td align=\"center\"><img src=\"../upload/tmp/'+decodeURIComponent(jsonobj[i].name)+'\" height=100px  align=\"center\"/></td>';
                     else
                         display += '<tr><td align=\"center\"><img src=\"../images/placeholder.png\" height=100px  align=\"center\"/></td>';";
     }
     else
     {
         $answer .= "if (isValueInArray(image_extensions, jsonobj[i].ext))
-                        display += '<tr><td align=\"center\"><img src=\"upload/tmp/'+jsonobj[i].name+'\" height=100px  align=\"center\"/></td>';
+                        display += '<tr><td align=\"center\"><img src=\"upload/tmp/'+decodeURIComponent(jsonobj[i].name)+'\" height=100px  align=\"center\"/></td>';
                     else
                         display += '<tr><td align=\"center\"><img src=\"images/placeholder.png\" height=100px  align=\"center\"/></td>';";
     }
 
-    $answer .= "            if ($(\"#show_title\").val() == 1)
-                                display += '<td align=\"center\">'+jsonobj[i].title+'</td>';
-                            if ($(\"#show_comment\").val() == 1)
-                                display += '<td align=\"center\">'+jsonobj[i].comment+'</td>';
+    if ($show_title)
+        $answer .= "display += '<td align=\"center\">'+jsonobj[i].title+'</td>';";
+    if ($show_comment)
+        $answer .= "display += '<td align=\"center\">'+jsonobj[i].comment+'</td>';";
 
-                            display += '<td align=\"center\">'+jsonobj[i].name+'</td></tr><tr><td>&nbsp;</td></tr>';
+    $answer .= "            display += '<td align=\"center\">'+decodeURIComponent(jsonobj[i].name)+'</td></tr><tr><td>&nbsp;</td></tr>';
                         }
                         display += '</table>';
                         $('#uploadedfiles').html(display);