]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 34d39b7)
MDL-19002 fixed string concatenation with "+" typos, added file size restrictions...
authorskodak <skodak>
Mon, 11 May 2009 19:35:37 +0000 (19:35 +0000)
committerskodak <skodak>
Mon, 11 May 2009 19:35:37 +0000 (19:35 +0000)
lib/form/filepicker.php patch | blob | history

diff --git a/lib/form/filepicker.php b/lib/form/filepicker.php
index ae0c06dc7b2385175d4335ec2a80c9802b2ddef9..1ded21d1e97707e0e7be9ef92070f0e1a6e30ab9 100644 (file)
--- a/lib/form/filepicker.php
+++ b/lib/form/filepicker.php
@@ -15,7 +15,7 @@ require_once(dirname(dirname(dirname(__FILE__))) . '/repository/lib.php');
 class MoodleQuickForm_filepicker extends HTML_QuickForm_input {
     protected $_helpbutton = '';
     protected $_options    = array('maxbytes'=>0, 'filetypes'=>'*', 'returnvalue'=>'*');
-    
+
     function MoodleQuickForm_filepicker($elementName=null, $elementLabel=null, $attributes=null, $options=null) {
         global $CFG;
 
@@ -70,7 +70,7 @@ class MoodleQuickForm_filepicker extends HTML_QuickForm_input {
         if ($draftid = (int)$this->getValue()) {
             $fs = get_file_storage();
             $usercontext = get_context_instance(CONTEXT_USER, $USER->id);
-            if ($files = $fs->get_area_files($usercontext->id, 'user_draft', $draftid, '', false)) {
+            if ($files = $fs->get_area_files($usercontext->id, 'user_draft', $draftid, 'id DESC', false)) {
                 $file = reset($files);
                 $currentfile = $file->get_filename();
                 $draftvalue = 'value="'.$draftid.'"';
@@ -107,11 +107,30 @@ function callpicker(client_id, id) {
 }
 </script>
 EOD;
-        $str .= '<input value="'.get_string('openpicker', 'repository').'" type="button" onclick="callpicker(\''+$client_id+'\', \''+$id+'\')" />'.'<span id="repo_info_'.$client_id.'" class="notifysuccess">'.$currentfile.'</span>'.$repository_info['css'].$repository_info['js'];
+        $str .= '<input value="'.get_string('openpicker', 'repository').'" type="button" onclick="callpicker(\''.$client_id.'\', \''.$id.'\')" />'.'<span id="repo_info_'.$client_id.'" class="notifysuccess">'.$currentfile.'</span>'.$repository_info['css'].$repository_info['js'];
         return $str;
     }
 
     function exportValue(&$submitValues, $assoc = false) {
+        global $USER;
+
+        // make sure max one file is present and it is not too big
+        if ($draftid = $submitValues[$this->_attributes['name']]) {
+            $fs = get_file_storage();
+            $usercontext = get_context_instance(CONTEXT_USER, $USER->id);
+            if ($files = $fs->get_area_files($usercontext->id, 'user_draft', $draftid, 'id DESC', false)) {
+                $file = array_shift($files);
+                if ($this->_options['maxbytes'] and $file->get_filesize() > $this->_options['maxbytes']) {
+                    // bad luck, somebody tries to sneak in oversized file
+                    $file->delete();
+                }
+                foreach ($files as $file) {
+                    // only one file expected
+                    $file->delete();
+                }
+            }
+        }
+
         return array($this->_attributes['name'] => $submitValues[$this->_attributes['name']]);
     }
 }
Unnamed repository; edit this file to name it for gitweb.