Remove use of $_SESSION, fix edit svg files.

Author: jmontoyaa

main/document/create_audio.php

@@ -14,7 +14,6 @@
  */
 
 require_once __DIR__.'/../inc/global.inc.php';
-$_SESSION['whereami'] = 'document/createaudio';
 $this_section = SECTION_COURSES;
 
 $nameTools = get_lang('CreateAudio');

main/document/create_document.php

@@ -11,7 +11,6 @@
 
 require_once __DIR__.'/../inc/global.inc.php';
 
-$_SESSION['whereami'] = 'document/create';
 $this_section = SECTION_COURSES;
 $groupRights = Session::read('group_member_with_upload_rights');
 $htmlHeadXtra[] = '

main/document/create_draw.php

@@ -14,7 +14,6 @@
 
 require_once __DIR__.'/../inc/global.inc.php';
 
-$_SESSION['whereami'] = 'document/createdraw';
 $this_section = SECTION_COURSES;
 $groupRights = Session::read('group_member_with_upload_rights');
 $nameTools = get_lang('Draw');
@@ -49,9 +48,9 @@
 /*	Constants and variables */
 
 //path for svg-edit save
-$_SESSION['draw_dir'] = Security::remove_XSS($dir);
-if ($_SESSION['draw_dir'] == '/') {
-    $_SESSION['draw_dir'] = '';
+Session::write('draw_dir', Security::remove_XSS($dir));
+if ($dir == '/') {
+    Session::write('draw_dir', '');
 }
 
 $dir = isset($dir) ? Security::remove_XSS($dir) : (isset($_POST['dir']) ? Security::remove_XSS($_POST['dir']) : '/');

main/document/create_paint.php

@@ -4,17 +4,16 @@
 use ChamiloSession as Session;
 
 /**
- *	This file allows creating audio files from a text.
+ * This file allows creating audio files from a text.
  *
- *	@package chamilo.document
+ * @package chamilo.document
  *
  * @author Juan Carlos Raña Trabado
  * @since 30/January/2011
  * @todo clean all file
 */
 
 require_once __DIR__.'/../inc/global.inc.php';
-$_SESSION['whereami'] = 'document/createpaint';
 $this_section = SECTION_COURSES;
 $nameTools = get_lang('PhotoRetouching');
 $groupRights = Session::read('group_member_with_upload_rights');
@@ -43,14 +42,14 @@
 $is_allowed_to_edit = api_is_allowed_to_edit(null, true);
 
 //path for pixlr save
-$_SESSION['paint_dir'] = Security::remove_XSS($dir);
-if ($_SESSION['paint_dir'] == '/') {
-    $_SESSION['paint_dir'] = '';
+$paintDir = Security::remove_XSS($dir);
+if ($paintDir == '/') {
+    $paintDir = '';
 }
-$_SESSION['paint_file'] = get_lang('NewImage');
+Session::write('paint_dir', $paintDir);
+Session::write('paint_file', get_lang('NewImage'));
 
 // Please, do not modify this dirname formatting
-
 if (strstr($dir, '..')) {
 	$dir = '/';
 }
@@ -116,17 +115,26 @@
 
 // Interbreadcrumb for the current directory root path
 if (empty($document_data['parents'])) {
-	$interbreadcrumb[] = array('url' => '#', 'name' => $document_data['title']);
+    $interbreadcrumb[] = array('url' => '#', 'name' => $document_data['title']);
 } else {
     foreach ($document_data['parents'] as $document_sub_data) {
-        $interbreadcrumb[] = array('url' => $document_sub_data['document_url'], 'name' => $document_sub_data['title']);
+        $interbreadcrumb[] = array(
+            'url' => $document_sub_data['document_url'],
+            'name' => $document_sub_data['title']
+        );
     }
 }
 Display :: display_header($nameTools, 'Doc');
 
 echo '<div class="actions">';
 echo '<a href="document.php?id='.$document_id.'">'.
-    Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview'), '', ICON_SIZE_MEDIUM).'</a>';
+    Display::return_icon(
+        'back.png',
+        get_lang('BackTo').' '.get_lang('DocumentsOverview'),
+        '',
+        ICON_SIZE_MEDIUM
+    ).
+    '</a>';
 echo '</div>';
 
 // pixlr
@@ -141,7 +149,7 @@
 $loc = $langpixlr; // deprecated ?? TODO:check pixlr read user browser
 
 $exit_path = api_get_path(WEB_CODE_PATH).'document/exit_pixlr.php';
-$_SESSION['exit_pixlr'] = $document_data['path'];
+Session::write('exit_pixlr', $document_data['path']);
 $referrer = "Chamilo";
 $target_path = api_get_path(WEB_CODE_PATH).'document/save_pixlr.php';
 $target = $target_path;
@@ -164,7 +172,7 @@
 } else {
     $credentials = "false";
 }
-$pixlr_url = api_get_protocol().'://pixlr.com/editor/?title='.$title.'&image='.$image.'&loc='.$loc.'&referrer='.$referrer.'&target='.$target.'&exit='.$exit_path.'&locktarget='.$locktarget.'&locktitle='.$locktitle.'&credentials='.$credentials;
+$pixlr_url = '//pixlr.com/editor/?title='.$title.'&image='.$image.'&loc='.$loc.'&referrer='.$referrer.'&target='.$target.'&exit='.$exit_path.'&locktarget='.$locktarget.'&locktitle='.$locktitle.'&credentials='.$credentials;
 ?>
 <script>
 

main/document/document.php

@@ -64,12 +64,11 @@
 }
 
 DocumentManager::removeGeneratedAudioTempFile();
-
-if (isset($_SESSION['temp_realpath_image']) &&
-    !empty($_SESSION['temp_realpath_image']) &&
-    file_exists($_SESSION['temp_realpath_image'])
+$tempRealPath = Session::read('temp_realpath_image');
+if (!empty($tempRealPath) &&
+    file_exists($tempRealPath)
 ) {
-    unlink($_SESSION['temp_realpath_image']);
+    unlink($tempRealPath);
 }
 $_user = api_get_user_info();
 $courseInfo = api_get_course_info();
@@ -97,9 +96,9 @@
 }
 
 // Removing sessions
-unset($_SESSION['draw_dir']);
-unset($_SESSION['paint_dir']);
-unset($_SESSION['temp_audio_nanogong']);
+Session::erase('draw_dir');
+Session::erase('paint_dir');
+Session::erase('temp_audio_nanogong');
 
 $plugin = new AppPlugin();
 $pluginList = $plugin->get_installed_plugins();
@@ -870,10 +869,8 @@ function convertModal (id, format) {
 
 /* 	MAIN SECTION */
 
-// Slideshow inititalisation
-$_SESSION['image_files_only'] = '';
+Session::write('image_files_only', '');
 $image_files_only = '';
-
 if ($is_certificate_mode) {
     $interbreadcrumb[] = array(
         'url' => '../gradebook/index.php',
@@ -1745,9 +1742,8 @@ function convertModal (id, format) {
         );
     }
 }
-
 require 'document_slideshow.inc.php';
-if ($image_present && !isset($_GET['keyword'])) {
+if (!isset($_GET['keyword'])) {
     $actionsLeft .= Display::url(
         Display::return_icon('slideshow.png', get_lang('ViewSlideshow'), '', ICON_SIZE_MEDIUM),
         api_get_path(WEB_CODE_PATH).'document/slideshow.php?'.api_get_cidreq().'&curdirpath='.$curdirpathurl

main/document/document_slideshow.inc.php

@@ -1,5 +1,8 @@
 <?php
 /* For licensing terms, see /license.txt */
+
+use ChamiloSession as Session;
+
 /**
  * This is a plugin for the documents tool. It looks for .jpg, .jpeg, .gif, .png
  * files (since these are the files that can be viewed in a browser) and creates
@@ -28,7 +31,7 @@
 
 // Resetting the images of the slideshow = destroying the slideshow
 if (isset($_GET['action']) && $_GET['action'] == 'exit_slideshow') {
-    $_SESSION['image_files_only'] = null;
+    Session::write('image_files_only', null);
     unset($image_files_only);
 }
 
@@ -40,7 +43,6 @@
 if (count($array_to_search) > 0) {
     while (list($key) = each($array_to_search)) {
         $all_files[] = basename($array_to_search[$key]['path']);
-        //echo basename($array_to_search[$key]['path']).'<br />';
     }
 }
 
@@ -67,7 +69,7 @@
 }
 
 $image_files_only = sort_files($array_to_search);
-$_SESSION['image_files_only'] = $image_files_only;
+Session::write('image_files_only', $image_files_only);
 
 function sort_files($table)
 {

main/document/edit_document.php

@@ -52,7 +52,6 @@
 
 </script>';
 
-$_SESSION['whereami'] = 'document/create';
 $this_section = SECTION_COURSES;
 $lib_path = api_get_path(LIBRARY_PATH);
 

main/document/edit_draw.php

@@ -14,7 +14,6 @@
 
 require_once __DIR__.'/../inc/global.inc.php';
 
-$_SESSION['whereami'] = 'document/editdraw';
 $this_section = SECTION_COURSES;
 $groupRights = Session::read('group_member_with_upload_rights');
 
@@ -27,6 +26,7 @@
     true
 );
 
+$file_path = '';
 if (empty($document_data)) {
     api_not_allowed();
 } else {
@@ -44,11 +44,11 @@
 $group_id = api_get_group_id();
 
 //path for svg-edit save
-$_SESSION['draw_dir'] = Security::remove_XSS($dir);
-if ($_SESSION['draw_dir'] == '/') {
-    $_SESSION['draw_dir'] = '';
+Session::write('draw_dir', Security::remove_XSS($dir));
+if ($dir == '/') {
+    Session::write('draw_dir', '');
 }
-$_SESSION['draw_file'] = basename(Security::remove_XSS($file_path));
+Session::write('draw_file', basename(Security::remove_XSS($file_path)));
 $get_file = Security::remove_XSS($file_path);
 $file = basename($get_file);
 $temp_file = explode(".", $file);

main/document/edit_paint.php

@@ -14,7 +14,6 @@
 */
 require_once __DIR__.'/../inc/global.inc.php';
 
-$_SESSION['whereami'] = 'document/editpaint';
 $this_section = SECTION_COURSES;
 $groupRights = Session::read('group_member_with_upload_rights');
 
@@ -42,11 +41,11 @@
 /* Constants & Variables */
 $current_session_id = api_get_session_id();
 //path for pixlr save
-$_SESSION['paint_dir'] = Security::remove_XSS($dir);
-if ($_SESSION['paint_dir'] == '/') {
-    $_SESSION['paint_dir'] = '';
+Session::write('paint_dir', Security::remove_XSS($dir));
+if ($dir == '/') {
+    Session::write('paint_dir', '');
 }
-$_SESSION['paint_file'] = basename(Security::remove_XSS($file_path));
+Session::write('paint_file', basename(Security::remove_XSS($file_path)));
 $get_file = Security::remove_XSS($file_path);
 $file = basename($get_file);
 $temp_file = explode(".", $file);
@@ -141,7 +140,7 @@
 $loc = $langpixlr; // deprecated ?? TODO:check pixlr read user browser
 
 $exit_path = api_get_path(WEB_CODE_PATH).'document/exit_pixlr.php';
-$_SESSION['exit_pixlr'] = Security::remove_XSS($parent_id);
+Session::write('exit_pixlr', Security::remove_XSS($parent_id));
 $referrer = "Chamilo";
 $target_path = api_get_path(WEB_CODE_PATH).'document/save_pixlr.php';
 $target = $target_path;
@@ -202,12 +201,12 @@
 $from = $filepath.$file;
 $to = api_get_path(SYS_ARCHIVE_PATH).'temp/images/'.$file_crip;
 copy($from, $to);
-$_SESSION['temp_realpath_image'] = $to;
+Session::write('temp_realpath_image', $to);
 
 //load image to url
 $to_url = api_get_path(WEB_ARCHIVE_PATH).'temp/images/'.$file_crip;
 $image = urlencode($to_url);
-$pixlr_url = api_get_protocol().'://pixlr.com/editor/?title='.$title.'&image='.$image.'&loc='.$loc.'&referrer='.$referrer.'&target='.$target.'&exit='.$exit_path.'&locktarget='.$locktarget.'&locktitle='.$locktitle.'&credentials='.$credentials;
+$pixlr_url = '//pixlr.com/editor/?title='.$title.'&image='.$image.'&loc='.$loc.'&referrer='.$referrer.'&target='.$target.'&exit='.$exit_path.'&locktarget='.$locktarget.'&locktitle='.$locktitle.'&credentials='.$credentials;
 
 //make frame an send image
 ?>

main/document/exit_pixlr.php

@@ -1,6 +1,8 @@
 <?php
 /* For licensing terms, see /license.txt */
 
+use ChamiloSession as Session;
+
 /**
  * This file allows creating new svg and png documents with an online editor.
  *
@@ -15,21 +17,24 @@
 api_block_anonymous_users();
 
 //delete temporal file
-unlink($_SESSION['temp_realpath_image']);
+$fileToDelete = Session::read('temp_realpath_image');
+if (file_exists($fileToDelete)) {
+    unlink($fileToDelete);
+}
 
 //Clean sessions and return to Chamilo file list
-unset($_SESSION['paint_dir']);
-unset($_SESSION['paint_file']);
-unset($_SESSION['whereami']);
-unset($_SESSION['temp_realpath_image']);
+Session::erase('paint_dir');
+Session::erase('paint_file');
+Session::erase('temp_realpath_image');
+$exit = Session::read('exit_pixlr');
 
-if (!isset($_SESSION['exit_pixlr'])) {
-    $location = api_get_path(WEB_CODE_PATH).'document/document.php';
+if (empty($exit)) {
+    $location = api_get_path(WEB_CODE_PATH).'document/document.php?'.api_get_cidreq();
     echo '<script>window.parent.location.href="'.$location.'"</script>';
     api_not_allowed(true);
 } else {
     echo '<div align="center" style="padding-top:150; font-family:Arial, Helvetica, Sans-serif;font-size:25px;color:#aaa;font-weight:bold;">'.get_lang('PleaseStandBy').'</div>';
-    $location = api_get_path(WEB_CODE_PATH).'document/document.php?id='.Security::remove_XSS($_SESSION['exit_pixlr']);
+    $location = api_get_path(WEB_CODE_PATH).'document/document.php?id='.Security::remove_XSS($exit).'&'.api_get_cidreq();
     echo '<script>window.parent.location.href="'.$location.'"</script>';
-    unset($_SESSION['exit_pixlr']);
+    Session::erase('exit_pixlr');
 }