Remove outdated functions: importmacros, importqimages, importcoursef…

…iles
kreut · Mar 19, 2020 · 4369f0f · 4369f0f
1 parent 8f65969
commit 4369f0f
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 175 deletions.
diff --git a/admin/actions.php b/admin/actions.php
@@ -981,143 +981,6 @@ function updateoutcomes(&$arr) {
 			}
 		}
 		break;
-	/*
-	removed from production code - security risk
-	case "importmacros":
-		if ($myrights < 100 || !$allowmacroinstall) { echo "You don't have the authority for this action"; break;}
-		$uploaddir = rtrim(dirname("../config.php"), '/\\') .'/assessment/libs/';
-		$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
-		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-			if (strpos($uploadfile,'.php')!==FALSE) {
-				$handle = fopen($uploadfile, "r");
-				$atstart = true;
-				if ($handle) {
-					while (!feof($handle)) {
-						$buffer = fgets($handle, 4096);
-						if (strpos($buffer,"//")===0) {
-							$trimmed = trim(substr($buffer,2));
-							if ($trimmed{0}!='<' && substr($trimmed,-1)!='>') {
-								$numspaces = strlen(substr($buffer,2)) - strlen(ltrim(substr($buffer,2)));
-								$comments .= str_repeat('&nbsp;', $numspaces);
-								$comments .= $trimmed . '<br/>';
-							} else {
-								$comments .= $trimmed;
-							}
-						} else if (strpos($buffer,"function")===0) {
-							$func = substr($buffer,9,strpos($buffer,"(")-9);
-							if ($comments!='') {
-								$outlines .= "<h2><a name=\"$func\">$func</a></h2>\n";
-								$funcs[] = $func;
-								$outlines .= $comments;
-								$comments = '';
-							}
-						} else if ($atstart && trim($buffer)=='') {
-							$startcomments = $comments;
-							$atstart = false;
-							$comments = '';
-						} else {
-							$comments = '';
-						}
-					}
-				}
-				fclose($handle);
-				$lib = basename($uploadfile,".php");
-				$outfile = fopen($uploaddir . $lib.".html", "w");
-				fwrite($outfile,"<html><body>\n<h1>Macro Library $lib</h1>\n");
-				fwrite($outfile,$startcomments);
-				fwrite($outfile,"<ul>\n");
-				foreach($funcs as $func) {
-					fwrite($outfile,"<li><a href=\"#$func\">$func</a></li>\n");
-				}
-				fwrite($outfile,"</ul>\n");
-				fwrite($outfile, $outlines);
-				fclose($outfile);
-			}
-			break;
-		} else {
-			require("../header.php");
-			echo "<p>Error uploading file!</p>\n";
-			require("../footer.php");
-			exit;
-		}
-	*/
-	case "importqimages":
-		if ($myrights < 100 || !$allowmacroinstall) { echo "You don't have the authority for this action"; break;}
-		$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/import/';
-		$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
-		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-			if (strpos($uploadfile,'.tar.gz')!==FALSE) {
-				include("../includes/tar.class.php");
-				require_once("../includes/filehandler.php");
-				$tar = new tar();
-				$tar->openTAR($uploadfile);
-				if ($tar->hasFiles()) {
-					if (getfilehandlertype('filehandlertypecfiles') == 's3') {
-						$n = $tar->extractToS3("qimages","public");
-					} else {
-						$n = $tar->extractToDir("../assessment/qimages/");
-					}
-					require("../header.php");
-					echo "<p>Extracted $n files.  <a href=\"admin2.php\">Continue</a></p>\n";
-					require("../footer.php");
-					exit;
-				} else {
-					require("../header.php");
-					echo "<p>File appears to contain nothing</p>\n";
-					require("../footer.php");
-					exit;
-				}
-
-			}
-			unlink($uploadfile);
-			break;
-		} else {
-			require("../header.php");
-			echo "<p>Error uploading file!</p>\n";
-			require("../footer.php");
-			exit;
-		}
-	case "importcoursefiles":
-		if ($myrights < 100 || !$allowmacroinstall) { echo "You don't have the authority for this action"; break;}
-		$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/import/';
-		$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
-		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-			if (strpos($uploadfile,'.zip')!==FALSE && class_exists('ZipArchive')) {
-				require_once("../includes/filehandler.php");
-				$zip = new ZipArchive();
-				$res = $zip->open($uploadfile);
-				$ne = 0;  $ns = 0;
-				if ($res===true) {
-					for($i = 0; $i < $zip->numFiles; $i++) {
-						//if (file_exists("../course/files/".$zip->getNameIndex($i))) {
-						if (doesfileexist('cfile',$zip->getNameIndex($i))) {
-							$ns++;
-						} else {
-							$zip->extractTo("../course/files/", array($zip->getNameIndex($i)));
-							relocatecoursefileifneeded("../course/files/".$zip->getNameIndex($i),$zip->getNameIndex($i));
-							$ne++;
-						}
-					}
-					require("../header.php");
-					echo "<p>Extracted $ne files.  Skipped $ns files.  <a href=\"admin2.php\">Continue</a></p>\n";
-					require("../footer.php");
-					exit;
-				} else {
-					require("../header.php");
-					echo "<p>File appears to contain nothing</p>\n";
-					require("../footer.php");
-					exit;
-				}
-
-			}
-			unlink($uploadfile);
-			break;
-		} else {
-			require("../header.php");
-			echo "<p>Error uploading file!</p>\n";
-			require("../footer.php");
-			exit;
-		}
 	case "removeself":
 		if ($myrights < 20) {
 			echo 'Error: Unauthorized';

diff --git a/admin/forms.php b/admin/forms.php
@@ -1213,44 +1213,6 @@ function setCourse(course) {
 			echo '<p class=small>'._('Course Ancestors').': '.Sanitize::encodeStringForDisplay($line['ancestors']).'</p>';
 		}
 		break;
-	case "importmacros":
-		if ($myrights < 100) { echo "You don't have the authority for this action"; break;}
-
-		echo "<h2>Install Macro File</h2>\n";
-		echo "<p><b>Warning:</b> Macro Files have a large security risk.  <b>Only install macro files from a trusted source</b></p>\n";
-		echo "<p><b>Warning:</b> Install will overwrite any existing macro file of the same name</p>\n";
-		echo "<form enctype=\"multipart/form-data\" method=post action=\"actions.php?from=".Sanitize::encodeUrlParam($from)."\">\n";
-		echo '<input type=hidden name=action value="importmacros" />';
-		echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"300000\" />\n";
-		echo "<span class=form>Import file: </span><span class=formright><input name=\"userfile\" type=\"file\" /></span><br class=form>\n";
-		echo "<div class=submit><input type=submit value=\"Submit\"></div>\n";
-		echo "</form>\n";
-		break;
-
-	case "importqimages":
-		if ($myrights < 100) { echo "You don't have the authority for this action"; break;}
-		echo "<h2>Install Question Images</h2>\n";
-		echo "<p><b>Warning:</b> This has a large security risk.  <b>Only install question images from a trusted source</b>, and where you've verified the archive only contains images.</p>\n";
-		echo "<p><b>Warning:</b> Install will ignore files with the same filename as existing files.</p>\n";
-		echo "<form enctype=\"multipart/form-data\" method=post action=\"actions.php?from=".Sanitize::encodeUrlParam($from)."\">\n";
-		echo '<input type=hidden name=action value="importqimages" />';
-		echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"5000000\" />\n";
-		echo "<span class=form>Import file: </span><span class=formright><input name=\"userfile\" type=\"file\" /></span><br class=form>\n";
-		echo "<div class=submit><input type=submit value=\"Submit\"></div>\n";
-		echo "</form>\n";
-		break;
-	case "importcoursefiles":
-		if ($myrights < 100) { echo "You don't have the authority for this action"; break;}
-		echo "<h2>Install Course files</h2>\n";
-		echo "<p><b>Warning:</b> This has a large security risk.  <b>Only install course files from a trusted source</b>, and where you've verified the archive only contains regular files (no PHP files).</p>\n";
-		echo "<p><b>Warning:</b> Install will ignore files with the same filename as existing files.</p>\n";
-		echo "<form enctype=\"multipart/form-data\" method=post action=\"actions.php?from=".Sanitize::encodeUrlParam($from)."\">\n";
-		echo '<input type=hidden name=action value="importcoursefiles" />';
-		echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"10000000\" />\n";
-		echo "<span class=form>Import file: </span><span class=formright><input name=\"userfile\" type=\"file\" /></span><br class=form>\n";
-		echo "<div class=submit><input type=submit value=\"Submit\"></div>\n";
-		echo "</form>\n";
-		break;
 	case "deloldusers":
 		if ($myrights < 100) { echo "You don't have the authority for this action"; break;}
 		echo "<h2>Delete Old Users</h2>\n";