Permalink
Browse files

Remove use of Course::unserialize() when exporting/importing course bk

  • Loading branch information...
jmontoyaa committed Aug 6, 2018
1 parent 0683b23 commit ecb18907a7fec22402411aa873382a4bd06cb07d
@@ -35,17 +35,17 @@
Display::display_header(get_lang('CopyCourse'));
echo Display::page_header(get_lang('CopyCourse'));
/* MAIN CODE */
$action = isset($_POST['action']) ? $_POST['action'] : '';
// If a CourseSelectForm is posted or we should copy all resources, then copy them
if (Security::check_token('post') && (
(isset($_POST['action']) && $_POST['action'] == 'course_select_form') ||
(isset($_POST['copy_option']) && $_POST['copy_option'] == 'full_copy')
($action === 'course_select_form') ||
(isset($_POST['copy_option']) && $_POST['copy_option'] === 'full_copy')
)
) {
// Clear token
Security::clear_token();
if (isset($_POST['action']) && $_POST['action'] == 'course_select_form') {
if ($action === 'course_select_form') {
$course = CourseSelectForm::get_posted_course('copy_course');
} else {
$cb = new CourseBuilder();
@@ -63,7 +63,7 @@
);
} elseif (Security::check_token('post') && (
isset($_POST['copy_option']) &&
$_POST['copy_option'] == 'select_items'
$_POST['copy_option'] === 'select_items'
)
) {
// Clear token
@@ -20,6 +20,7 @@
api_protect_global_admin_script();
api_protect_limit_for_session_admin();
api_set_more_memory_and_time_limits();
$xajax = new xajax();
$xajax->registerFunction('search_courses');
@@ -28,8 +29,7 @@
api_not_allowed(true);
}
api_set_more_memory_and_time_limits();
$action = isset($_POST['action']) ? $_POST['action'] : '';
$this_section = SECTION_PLATFORM_ADMIN;
$nameTools = get_lang('CopyCourse');
@@ -163,7 +163,7 @@ function search_courses($id_session, $type)
$return = null;
if (!empty($type)) {
$id_session = intval($id_session);
$id_session = (int) $id_session;
if ($type == 'origin') {
$course_list = SessionManager::get_course_list_by_session_id($id_session);
$temp_course_list = [];
@@ -279,10 +279,7 @@ function checkSelected(id_select,id_radio,id_title,id_destination) {
/* MAIN CODE */
if (Security::check_token('post') && (
(
isset($_POST['action']) &&
$_POST['action'] == 'course_select_form'
) || (
($action === 'course_select_form') || (
isset($_POST['copy_option']) &&
$_POST['copy_option'] == 'full_copy'
)
@@ -291,7 +288,7 @@ function checkSelected(id_select,id_radio,id_title,id_destination) {
// Clear token
Security::clear_token();
$destination_course = $origin_course = $destination_session = $origin_session = '';
if (isset($_POST['action']) && $_POST['action'] == 'course_select_form') {
if ($action === 'course_select_form') {
$destination_course = $_POST['destination_course'];
$origin_course = $_POST['origin_course'];
$destination_session = $_POST['destination_session'];
@@ -20,6 +20,7 @@
$current_course_tool = TOOL_COURSE_MAINTENANCE;
api_protect_course_script(true, true);
api_set_more_memory_and_time_limits();
$xajax = new xajax();
$xajax->registerFunction('searchCourses');
@@ -32,6 +33,8 @@
api_not_allowed(true);
}
$action = isset($_POST['action']) ? $_POST['action'] : '';
$courseId = api_get_course_int_id();
$courseInfo = api_get_course_info_by_id($courseId);
$courseCode = $courseInfo['code'];
@@ -41,8 +44,6 @@
api_not_allowed(true);
}
api_set_more_memory_and_time_limits();
$this_section = SECTION_COURSES;
$nameTools = get_lang('CopyCourse');
$returnLink = api_get_path(WEB_CODE_PATH).'course_info/maintenance_coach.php?'.api_get_cidreq();
@@ -58,7 +59,6 @@
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
/* FUNCTIONS */
/**
* @param string $name
*/
@@ -128,8 +128,7 @@ function displayForm()
get_lang('CopyCourseFromSessionToSessionExplanation')
);
$html .= '<form name="formulaire" method="post" action="'.api_get_self(
).'?'.api_get_cidreq().'" >';
$html .= '<form name="formulaire" method="post" action="'.api_get_self().'?'.api_get_cidreq().'" >';
$html .= '<table border="0" cellpadding="5" cellspacing="0" width="100%">';
// Source
@@ -199,7 +198,7 @@ function searchCourses($idSession, $type)
$courseCode = api_get_course_id();
if (!empty($type)) {
$idSession = intval($idSession);
$idSession = (int) $idSession;
$courseList = SessionManager::get_course_list_by_session_id($idSession);
$return .= '<select id="destination" name="SessionCoursesListDestination[]" style="width:380px;" >';
@@ -236,8 +235,6 @@ function searchCourses($idSession, $type)
$xajax->processRequests();
/* HTML head extra */
$htmlHeadXtra[] = $xajax->getJavascript(
api_get_path(WEB_LIBRARY_PATH).'xajax/'
);
@@ -283,14 +280,14 @@ function checkSelected(id_select,id_radio,id_title,id_destination) {
/* MAIN CODE */
if ((isset($_POST['action']) && $_POST['action'] == 'course_select_form') ||
if (($action === 'course_select_form') ||
(isset($_POST['copy_option']) && $_POST['copy_option'] == 'full_copy')
) {
$destinationCourse = $destinationSession = '';
$originCourse = api_get_course_id();
$originSession = api_get_session_id();
if (isset($_POST['action']) && $_POST['action'] == 'course_select_form') {
if ($action === 'course_select_form') {
$destinationCourse = $_POST['destination_course'];
$destinationSession = $_POST['destination_session'];
$course = CourseSelectForm::get_posted_course(
@@ -4,6 +4,7 @@
use Chamilo\CourseBundle\Component\CourseCopy\CourseArchiver;
use Chamilo\CourseBundle\Component\CourseCopy\CourseRestorer;
use Chamilo\CourseBundle\Component\CourseCopy\CourseSelectForm;
use ChamiloSession as Session;
/**
* Import a backup.
@@ -40,45 +41,34 @@
// Display the tool title
echo Display::page_header($nameTools);
$action = isset($_POST['action']) ? $_POST['action'] : '';
$importOption = isset($_POST['import_option']) ? $_POST['import_option'] : '';
/* MAIN CODE */
$filename = '';
if (Security::check_token('post') && (
(
isset($_POST['action']) &&
$_POST['action'] == 'course_select_form'
) || (
isset($_POST['import_option']) &&
$_POST['import_option'] == 'full_backup'
)
)
) {
if (Security::check_token('post') && ($action === 'course_select_form' || $importOption === 'full_backup')) {
// Clear token
Security::clear_token();
$error = false;
if (isset($_POST['action']) &&
$_POST['action'] == 'course_select_form'
) {
if ($action === 'course_select_form') {
// Partial backup here we recover the documents posted
// This gets $_POST['course']. Beware that when using Suhosin,
// the post.max_value_length limit might get in the way of the
// restoration of a course with many items. A value of 1,000,000 bytes
// might be too short.
$course = CourseSelectForm::get_posted_course();
$filename = Session::read('backup_file');
$course = CourseArchiver::readCourse($filename, false);
$course = CourseSelectForm::get_posted_course(null, null, null, $course);
} else {
if ($_POST['backup_type'] == 'server') {
if ($_POST['backup_type'] === 'server') {
$filename = $_POST['backup_server'];
$delete_file = false;
} else {
if ($_FILES['backup']['error'] == 0) {
$filename = CourseArchiver::importUploadedFile(
$_FILES['backup']['tmp_name']
);
$filename = CourseArchiver::importUploadedFile($_FILES['backup']['tmp_name']);
if ($filename === false) {
$error = true;
} else {
$delete_file = true;
$delete_file = false;
}
Session::write('backup_file', $filename);
} else {
$error = true;
}
@@ -115,24 +105,21 @@
}
}
CourseArchiver::cleanBackupDir();
} elseif (Security::check_token('post') && (
isset($_POST['import_option']) &&
$_POST['import_option'] == 'select_items'
)
) {
} elseif (Security::check_token('post') && $importOption === 'select_items') {
// Clear token
Security::clear_token();
if ($_POST['backup_type'] == 'server') {
if ($_POST['backup_type'] === 'server') {
$filename = $_POST['backup_server'];
$delete_file = false;
} else {
$filename = CourseArchiver::importUploadedFile($_FILES['backup']['tmp_name']);
$delete_file = true;
$delete_file = false;
Session::write('backup_file', $filename);
}
$course = CourseArchiver::readCourse($filename, $delete_file);
if ($course->has_resources() && ($filename !== false)) {
if ($course->has_resources() && $filename !== false) {
$hiddenFields['same_file_name_option'] = $_POST['same_file_name_option'];
// Add token to Course select form
$hiddenFields['sec_token'] = Security::get_token();
@@ -146,9 +133,7 @@
}
} else {
$user = api_get_user_info();
$backups = CourseArchiver::getAvailableBackups(
$is_platformAdmin ? null : $user['user_id']
);
$backups = CourseArchiver::getAvailableBackups($is_platformAdmin ? null : $user['user_id']);
$backups_available = count($backups) > 0;
$form = new FormValidator(
@@ -282,4 +267,9 @@
$form->display();
}
if (!isset($_POST['action'])) {
Session::erase('backup_file');
}
Display::display_footer();
@@ -36,10 +36,10 @@
// Display the tool title
echo Display::page_header($nameTools);
$action = isset($_POST['action']) ? $_POST['action'] : '';
if (Security::check_token('post') && (
isset($_POST['action']) &&
$_POST['action'] == 'course_select_form' ||
$action === 'course_select_form' ||
(
isset($_POST['recycle_option']) &&
$_POST['recycle_option'] == 'full_backup'
@@ -48,25 +48,24 @@
) {
// Clear token
Security::clear_token();
if (isset($_POST['action']) && $_POST['action'] == 'course_select_form') {
if (isset($_POST['action']) && $_POST['action'] === 'course_select_form') {
$course = CourseSelectForm::get_posted_course();
} else {
$cb = new CourseBuilder();
$course = $cb->build();
}
$recycle_type = '';
if (isset($_POST['recycle_option']) && $_POST['recycle_option'] == 'full_backup') {
if (isset($_POST['recycle_option']) && $_POST['recycle_option'] === 'full_backup') {
$recycle_type = 'full_backup';
} elseif (isset($_POST['action']) && $_POST['action'] == 'course_select_form') {
} elseif (isset($_POST['action']) && $_POST['action'] === 'course_select_form') {
$recycle_type = 'select_items';
}
$cr = new CourseRecycler($course);
$cr->recycle($recycle_type);
echo Display::return_message(get_lang('RecycleFinished'), 'confirm');
} elseif (Security::check_token('post') && (
isset($_POST['recycle_option']) &&
$_POST['recycle_option'] == 'select_items'
$_POST['recycle_option'] === 'select_items'
)
) {
// Clear token
@@ -251,7 +251,7 @@ public static function getAvailableBackups($user_id = null)
*/
public static function importUploadedFile($file)
{
$new_filename = uniqid('').'.zip';
$new_filename = uniqid('import_file', true).'.zip';
$new_dir = self::getBackupDir();
if (!is_dir($new_dir)) {
$fs = new Filesystem();
@@ -153,9 +153,7 @@ public function restore(
$this->destination_course_id = $course_info['real_id'];
// Getting first teacher (for the forums)
$teacher_list = CourseManager::get_teacher_list_from_course_code(
$course_info['code']
);
$teacher_list = CourseManager::get_teacher_list_from_course_code($course_info['code']);
$this->first_teacher_id = api_get_user_id();
if (!empty($teacher_list)) {
@@ -444,7 +444,7 @@ public static function display_hidden_quiz_questions($course)
{
if (is_array($course->resources)) {
foreach ($course->resources as $type => $resources) {
if (count($resources) > 0) {
if (!empty($resources) && count($resources) > 0) {
switch ($type) {
case RESOURCE_QUIZQUESTION:
foreach ($resources as $id => $resource) {
@@ -467,7 +467,7 @@ public static function display_hidden_scorm_directories($course)
{
if (is_array($course->resources)) {
foreach ($course->resources as $type => $resources) {
if (count($resources) > 0) {
if (!empty($resources) && count($resources) > 0) {
switch ($type) {
case RESOURCE_SCORM:
foreach ($resources as $id => $resource) {
@@ -497,13 +497,11 @@ public static function display_hidden_scorm_directories($course)
*/
public static function get_posted_course($from = '', $session_id = 0, $course_code = '', $postedCourse = null)
{
$course = null;
if (isset($_POST['course'])) {
$course = Course::unserialize(base64_decode($_POST['course']));
}
if ($postedCourse) {
$course = $postedCourse;
$course = $postedCourse;
if (empty($postedCourse)) {
$cb = new CourseBuilder();
$postResource = isset($_POST['resource']) ? $_POST['resource'] : [];
$course = $cb->build(0, null, false, array_keys($postResource), $postResource);
}
if (empty($course)) {
@@ -527,7 +525,7 @@ public static function get_posted_course($from = '', $session_id = 0, $course_co
foreach ($resource as $resource_item) {
$conditionSession = '';
if (!empty($session_id)) {
$session_id = intval($session_id);
$session_id = (int) $session_id;
$conditionSession = ' AND d.session_id ='.$session_id;
}
@@ -645,7 +643,7 @@ public static function get_posted_course($from = '', $session_id = 0, $course_co
$documents = isset($_POST['resource'][RESOURCE_DOCUMENT]) ? $_POST['resource'][RESOURCE_DOCUMENT] : null;
if (!empty($resources) && is_array($resources)) {
foreach ($resources as $id => $obj) {
if (isset($obj->file_type) && $obj->file_type == 'folder' &&
if (isset($obj->file_type) && $obj->file_type === 'folder' &&
!isset($_POST['resource'][RESOURCE_DOCUMENT][$id]) &&
is_array($documents)
) {

0 comments on commit ecb1890

Please sign in to comment.