From 62d52913181887938caa4700135c7991a70d9faf Mon Sep 17 00:00:00 2001 From: michaelpenne Date: Fri, 4 Feb 2005 19:33:33 +0000 Subject: [PATCH] this is Petrs security fix for import --- mod/lesson/import.php | 56 +++++++++++++------------------------------ 1 file changed, 17 insertions(+), 39 deletions(-) diff --git a/mod/lesson/import.php b/mod/lesson/import.php index 4fa31e53e5..d6f812a694 100644 --- a/mod/lesson/import.php +++ b/mod/lesson/import.php @@ -2,11 +2,10 @@ // Import quiz questions into the given category require_once("../../config.php"); - require_once("locallib.php"); + require_once("lib.php"); - $format = optional_param('format'); - $id = required_param('id', PARAM_INT); // Course Module ID - $pageid = required_param('pageid', PARAM_INT); + $id = required_param('id', PARAM_INT); // Course Module ID + $pageid = optional_param('pageid', '', PARAM_INT); // Page ID if (! $cm = get_record("course_modules", "id", $id)) { error("Course Module ID was incorrect"); @@ -30,30 +29,24 @@ $strimportquestions = get_string("importquestions", "lesson"); $strlessons = get_string("modulenameplural", "lesson"); - print_header("$course->shortname: $strimportquestions", "$course->shortname: $strimportquestions", - "wwwroot/course/view.php?id=$course->id\">$course->shortname -> ". + print_header_simple("$strimportquestions", " $strimportquestions", "id>$strlessons -> id\">$lesson->name-> $strimportquestions"); - if ($form = lesson_clean_data_submitted()) { /// Filename - confirm_sesskey(); - $form->format = clean_filename($form->format); // For safety + if ($form = data_submitted()) { /// Filename - if (isset($form->filename)) { // file already on server - $newfile['tmp_name'] = $form->filename; - $newfile['size'] = filesize($form->filename); + $form->format = clean_filename($form->format); // For safety - } else if (!empty($_FILES['newfile'])) { // file was just uploaded - require_once($CFG->dirroot.'/lib/uploadlib.php'); - $um = new upload_manager('newfile',false,false,$course,false,0,false); - if ($um->preprocess_files()) { // validate and virus check! - $newfile = $_FILES['newfile']; - } + if (empty($_FILES['newfile'])) { // file was just uploaded + notify(get_string("uploadproblem") ); } + + if ((!is_uploaded_file($_FILES['newfile']['tmp_name']) or $_FILES['newfile']['size'] == 0)) { + notify(get_string("uploadnofilefound") ); - if (is_array($newfile)) { // either for file already on server or just uploaded file. + } else { // Valid file is found if (! is_readable("../quiz/format/$form->format/format.php")) { - error("Format not known (".clean_text($form->format).")"); + error("Format not known ($form->format)"); } require("format.php"); // Parent class @@ -61,25 +54,12 @@ require("$CFG->dirroot/mod/quiz/format/$form->format/format.php"); $format = new quiz_file_format(); - - - // jjg7:8/9/2004 remove double '\n' from a file if the format is aiken and reformat Brusca's to Aiken - if ($form->format == 'aiken') - { - require("reformat.php"); // include functions to reformat styles - if (removedoublecr($newfile['tmp_name']) === FALSE) { - error("Error occurred while replacing double carriage returns"); - } - if (importmodifiedaikenstyle($newfile['tmp_name']) === FALSE) { - error("Error occurred while converting to Aiken"); - } - } - + if (! $format->importpreprocess()) { // Do anything before that we need to error("Error occurred during pre-processing!"); } - if (! $format->importprocess($newfile['tmp_name'], $lesson, $pageid)) { // Process the uploaded file + if (! $format->importprocess($_FILES['newfile']['tmp_name'], $lesson, $pageid)) { // Process the uploaded file error("Error occurred during processing!"); } @@ -113,8 +93,7 @@ print_simple_box_start("center", "", "$THEME->cellheading"); echo "
"; echo "id\">\n"; - echo "\n"; - echo "sesskey."\">\n"; + echo "\n"; echo ""; echo ""; -- 2.39.5
"; @@ -126,8 +105,7 @@ echo "
"; print_string("upload"); echo ":"; - require_once($CFG->dirroot.'/lib/uploadlib.php'); - upload_print_form_fragment(1,array('newfile'),null,false,null,$course->maxbytes,0,false); + echo " "; echo "
 "; echo " "; echo "