fixed missing xxx_param() and broken path

diff --git a/files/index.php b/files/index.php
index 1eebf667044a5edf050fee0ca31a23f5d317f837..f2261955dabc09db204367acff3b1ad1ad6697d6 100644 (file)
--- a/files/index.php
+++ b/files/index.php
@@ -18,7 +18,8 @@
     $oldname = optional_param('oldname', '', PARAM_FILE);
     $choose  = optional_param('choose', '', PARAM_CLEAN);
     $userfile= optional_param('userfile','',PARAM_FILE);
-    $save = optional_param( 'save','' );
+    $save    = optional_param('save', 0, PARAM_BOOL);
+    $confirm = optional_param('confirm', 0, PARAM_BOOL);
 
     if ($choose) {
         if (count(explode('.', $choose)) != 2) {
@@ -158,7 +159,7 @@
             html_header($course, $wdir);
             require_once($CFG->dirroot.'/lib/uploadlib.php');
                 
-            if (!empty($save) and confirm_sesskey()) {
+            if ($save and confirm_sesskey()) {
                 $course->maxbytes = 0;  // We are ignoring course limits
                 $um = new upload_manager('userfile',false,false,$course,false,0);
                 $dir = "$basedir$wdir";
@@ -202,7 +203,7 @@
             break;
 
         case "delete":
-            if (!empty($confirm) and confirm_sesskey()) {
+            if ($confirm and confirm_sesskey()) {
                 html_header($course, $wdir);
                 if (!empty($USER->filelist)) {
                     foreach ($USER->filelist as $file) {

diff --git a/lib/editor/htmlarea/coursefiles.php b/lib/editor/htmlarea/coursefiles.php
index 79b1169a86ca98c954ce7f14d80fdcc719bca95b..678c6bbd1d2123b0443109269069c1b54ebc37b4 100644 (file)
--- a/lib/editor/htmlarea/coursefiles.php
+++ b/lib/editor/htmlarea/coursefiles.php
@@ -21,6 +21,8 @@
     $name    = optional_param('name', '', PARAM_FILE);
     $oldname = optional_param('oldname', '', PARAM_FILE);
     $usecheckboxes  = optional_param('usecheckboxes', 1, PARAM_INT);
+    $save    = optional_param('save', 0, PARAM_BOOL);
+    $confirm = optional_param('confirm', 0, PARAM_BOOL);
 
 
     if (! $course = get_record("course", "id", $id) ) {
@@ -207,7 +209,7 @@
             html_header($course, $wdir);
             require_once($CFG->dirroot.'/lib/uploadlib.php');
 
-            if (!empty($save) and confirm_sesskey()) {
+            if ($save and confirm_sesskey()) {
                 $um = new upload_manager('userfile',false,false,$course,false,0);
                 $dir = "$basedir$wdir";
                 if ($um->process_file_uploads($dir)) {
@@ -248,7 +250,7 @@
             break;
 
         case "delete":
-            if (!empty($confirm) and confirm_sesskey()) {
+            if ($confirm and confirm_sesskey()) {
                 html_header($course, $wdir);
                 foreach ($USER->filelist as $file) {
                     $fullfile = $basedir.$file;
@@ -525,7 +527,7 @@
                 echo "<p align=\"center\">$strlistfiles:</p>";
                 $file = basename($file);
 
-                include_once('../pclzip/pclzip.lib.php');
+                require_once($CFG->libdir.'/pclzip/pclzip.lib.php');
                 $archive = new PclZip("$basedir/$wdir/$file");
                 if (!$list = $archive->listContent("$basedir/$wdir")) {
                     notify($archive->errorInfo(true));