Store import files on S3

kreut · Mar 19, 2020 · 8f65969 · 8f65969
1 parent 192c0af
commit 8f65969
Show file tree

Hide file tree

Showing 8 changed files with 189 additions and 134 deletions.
diff --git a/admin/importitems.php b/admin/importitems.php
@@ -13,7 +13,7 @@
 require("../init.php");
 require_once(__DIR__ . "/../includes/htmLawed.php");
 require("../includes/safeunserialize.php");
-
+require_once("../includes/filehandler.php");
 
 /*** pre-html data manipulation, including function code *******/
 function getsubinfo($items,$parent,$pre) {
@@ -624,9 +624,11 @@ function copysub($items,$parent,&$addtoarr) {
 
 	//FORM HAS BEEN POSTED, STEP 3 DATA MANIPULATION
 	if (isset($_POST['process'])) {
-		$filename = rtrim(dirname(__FILE__), '/\\') .'/import/' . Sanitize::sanitizeFilenameAndCheckBlacklist($_POST['filename']);
+		//$filename = rtrim(dirname(__FILE__), '/\\') .'/import/' . Sanitize::sanitizeFilenameAndCheckBlacklist($_POST['filename']);
+		$filename = getimportfilepath(Sanitize::simplestring($_POST['filekey']));
 		list ($desc,$itemlist,$item,$questions,$qset,$sourceinstall,$ownerid) = parsefile($filename);
-
+		deleteimport(Sanitize::simplestring($_POST['filekey']));
+
 		$userights = $_POST['userights'];
 		$newlibs = explode(",",array_map('intval',$_POST['libs']));
 
@@ -666,20 +668,23 @@ function copysub($items,$parent,&$addtoarr) {
 		exit;
 	} elseif ($_FILES['userfile']['name']!='') { //STEP 2 DATA MANIPULATION
 		$page_fileErrorMsg = "";
-		$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/import/';
-		$uploadfile = $uploaddir . Sanitize::sanitizeFilenameAndCheckBlacklist($_FILES['userfile']['name']);
-		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-			$page_fileHiddenInput = "<input type=hidden name=\"filename\" value=\"".Sanitize::encodeStringForDisplay(basename($uploadfile))."\" />\n";
+
+		list ($desc,$itemlist,$item,$questions,$qset,$sourceinstall,$ownerid) = parsefile(realpath($_FILES['userfile']['tmp_name']));
+
+		if (!isset($desc)) {
+			$page_fileErrorMsg .=  "This does not appear to be a course items file.  It may be ";
+			$page_fileErrorMsg .=  "a question or library export.\n";
+		}
+
+		if ($filekey = storeimportfile('userfile')) {
+			$page_fileHiddenInput = "<input type=hidden name=\"filekey\" value=\"".Sanitize::encodeStringForDisplay($filekey)."\" />\n";
 		} else {
 			echo "<p>Error uploading file!</p>\n";
 			echo Sanitize::encodeStringForDisplay($_FILES["userfile"]['error']);
 			exit;
 		}
-		list ($desc,$itemlist,$item,$questions,$qset,$sourceinstall,$ownerid) = parsefile($uploadfile);
-		if (!isset($desc)) {
-			$page_fileErrorMsg .=  "This does not appear to be a course items file.  It may be ";
-			$page_fileErrorMsg .=  "a question or library export.\n";
-		}
+
+
 
 		$items = safe_unserialize($itemlist);
 		$ids = array();
@@ -772,7 +777,7 @@ function chkgrp(frm, arr, mark) {
 				<option value="4">Allow use and modifications by all</option>
 			</select>
 			<br/><input type="checkbox" name="reuseqrights" checked /> Use rights in import, if available.
-			
+
 		</p>
 		<p>
 

diff --git a/admin/importitems2.php b/admin/importitems2.php
@@ -37,13 +37,14 @@
 } else if (isset($_POST['process'])) {
 	//FORM HAS BEEN POSTED, STEP 3 DATA MANIPULATION - do import
 
-	$uploaddir = __DIR__.'/import/';
-	$uploadfile = $uploaddir . Sanitize::sanitizeFilenameAndCheckBlacklist($_POST['filename']);
+  $filekey = Sanitize::simplestring($_POST['filekey']);
+  $uploadfile = getimportfilepath($filekey);
+
 	$data = json_decode(file_get_contents($uploadfile), true);
   if (!isset($data['course']['UIver'])) {
     $data['course']['UIver'] = 1;
   }
-  
+
 	$options = array();
 	foreach (array('courseopt','gbsetup','offline','calitems','stickyposts') as $n) {
 		if (isset($_POST['import'.$n])) {
@@ -85,19 +86,18 @@
 		$body .= Sanitize::encodeStringForDisplay($k.': '.$v).'<br/>';
 	}
 	$body .= '</p><p><a href="../course/course.php?cid='.$cid.'">Done</a><p>';
-
+  deleteimport($filekey);
 } elseif ($_FILES['userfile']['name']!='') {
 	//STEP 2 DATA MANIPULATION - parse input file
 	$page_fileErrorMsg = "";
-	$uploaddir = __DIR__.'/import/';
-	$uploadfile = $uploaddir . Sanitize::sanitizeFilenameAndCheckBlacklist($_FILES['userfile']['name']);
-	if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-		$page_fileHiddenInput = '<input type=hidden name="filename" value="'.Sanitize::encodeStringForDisplay(basename($uploadfile)).'" />';
-	} else {
-		echo "<p>Error uploading file!</p>\n";
-		echo Sanitize::encodeStringForDisplay($_FILES["userfile"]['error']);
-		exit;
-	}
+  if ($filekey = storeimportfile('userfile')) {
+    $page_fileHiddenInput = "<input type=hidden name=\"filekey\" value=\"".Sanitize::encodeStringForDisplay($filekey)."\" />\n";
+  } else {
+    echo "<p>Error uploading file!</p>\n";
+    echo Sanitize::encodeStringForDisplay($_FILES["userfile"]['error']);
+    exit;
+  }
+  $uploadfile = getimportfilepath($filekey);
 	$data = json_decode(file_get_contents($uploadfile), true);
 	if ($data===null || !isset($data['course'])) {
 		$page_fileErrorMsg .=  "This does not appear to be a course items file.  It may be ";

diff --git a/admin/importitemsfuncs.php b/admin/importitemsfuncs.php
@@ -30,6 +30,14 @@ function getsubinfo($items,$parent,$pre) {
 	}
 }
 
+function ecount($v) {
+	if (is_array($v)) {
+		return count($v);
+	} else {
+		return 0;
+	}
+}
+
 class ImportItemClass
 {
 
@@ -215,12 +223,12 @@ public function importdata($data, $cid, $checked, $options) {
 	return array(
 		'Questions Added'=>$this->qsadded,
 		'Questions Updated'=>$this->qmodcnt,
-		'InlineText Imported'=>count($this->typemap['InlineText']),
-		'Linked Imported'=>count($this->typemap['LinkedText']),
-		'Forums Imported'=>count($this->typemap['Forum']),
-		'Assessments Imported'=>count($this->typemap['Assessment']),
-		'Drills Imported'=>count($this->typemap['Drill']),
-		'Wikis Imported'=>count($this->typemap['Wiki'])
+		'InlineText Imported'=>ecount($this->typemap['InlineText']),
+		'Linked Imported'=>ecount($this->typemap['LinkedText']),
+		'Forums Imported'=>ecount($this->typemap['Forum']),
+		'Assessments Imported'=>ecount($this->typemap['Assessment']),
+		'Drills Imported'=>ecount($this->typemap['Drill']),
+		'Wikis Imported'=>ecount($this->typemap['Wiki'])
 		);
 }
 

diff --git a/admin/importlib.php b/admin/importlib.php
@@ -153,6 +153,7 @@ function writeq($qd,$rights,$qn) {
 		$nogz = false;
 		$handle = gzopen($file,"r");
 	}
+
 	$line = '';
 	while ((!$nogz || !feof($handle)) && ($nogz || !gzeof($handle))) {
 		if ($nogz) {
@@ -340,11 +341,12 @@ function parselibs($file) {
 
 	//FORM HAS BEEN POSTED, STEP 3 DATA MANIPULATION
 	if (isset($_POST['process'])) {
-		$filename = rtrim(dirname(__FILE__), '/\\') .'/import/' . Sanitize::sanitizeFilenameAndCheckBlacklist($_POST['filename']);
+		$filekey = Sanitize::simplestring($_POST['filekey']);
+		$uploadfile = getimportfilepath($filekey);
 
 		$libstoadd = array_map('intval',$_POST['libs']);
 
-		list($packname,$names,$parents,$libitems,$unique,$lastmoddate,$ownerid,$userights,$sourceinstall) = parselibs($filename);
+		list($packname,$names,$parents,$libitems,$unique,$lastmoddate,$ownerid,$userights,$sourceinstall) = parselibs($uploadfile);
 
 		$root = Sanitize::onlyInt(trim($_POST['parent']));
         $librights = Sanitize::onlyInt(trim($_POST['librights']));
@@ -436,7 +438,7 @@ function parselibs($file) {
 		}
 
 		//write questions, get qsetids
-		$qids = parseqs($filename,$touse,$qrights);
+		$qids = parseqs($uploadfile,$touse,$qrights);
 		if (count($qids)>0) {
 			//resolve any includecodefrom links
 			$qidstocheck = implode(',', array_map('intval', $qids));
@@ -522,7 +524,7 @@ function parselibs($file) {
 		}
 		$DBH->commit();
 
-		unlink($filename);
+		deleteimport($filekey);
 		$page_uploadSuccessMsg = "Import Successful.<br>\n";
 		$page_uploadSuccessMsg .= "New Libraries: $newl.<br>";
 		$page_uploadSuccessMsg .= "New Questions: $newq.<br>";
@@ -533,14 +535,14 @@ function parselibs($file) {
 
 	} elseif ($_FILES['userfile']['name']!='') { // STEP 2 DATA MANIPULATION
 		$page_fileErrorMsg = "";
-		$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/import/';
-		$uploadfile = $uploaddir . Sanitize::sanitizeFilenameAndCheckBlacklist($_FILES['userfile']['name']);
-
-		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-			$page_fileHiddenInput = "<input type=hidden name=\"filename\" value=\"".Sanitize::encodeStringForDisplay(basename($uploadfile))."\" />\n";
-		} else {
-			$page_fileErrorMsg .= "<p>Error uploading file!</p>\n";
-		}
+		if ($filekey = storeimportfile('userfile')) {
+	    $page_fileHiddenInput = "<input type=hidden name=\"filekey\" value=\"".Sanitize::encodeStringForDisplay($filekey)."\" />\n";
+	  } else {
+	    echo "<p>Error uploading file!</p>\n";
+	    echo Sanitize::encodeStringForDisplay($_FILES["userfile"]['error']);
+	    exit;
+	  }
+		$uploadfile = getimportfilepath($filekey);
 
 		list($packname,$names,$parents,$libitems,$unique,$lastmoddate,$ownerid,$userights,$sourceinstall) = parselibs($uploadfile);
 

diff --git a/admin/importstu.php b/admin/importstu.php
@@ -6,6 +6,7 @@
 require("../init.php");
 require("../includes/htmlutil.php");
 require("../includes/newusercommon.php");
+require_once("../includes/filehandler.php");
 
 /*** pre-html data manipulation, including function code *******/
 // Reads past the UTF-8 bom if it is there.
@@ -116,9 +117,10 @@ function parsecsv($data) {
 		$stm = $DBH->prepare("SELECT deflatepass FROM imas_courses WHERE id=:cid");
 		$stm->execute(array(':cid'=>$ncid));
 		$deflatepass = $stm->fetchColumn(0);
-
-		$filename = rtrim(dirname(__FILE__), '/\\') .'/import/' . Sanitize::sanitizeFilenameAndCheckBlacklist($_POST['filename']);
-		$handle = fopen_utf8($filename,'r');
+
+    $filekey = Sanitize::simplestring($_POST['filekey']);
+    $uploadfile = getimportfilepath($filekey);
+    $handle = fopen_utf8($uploadfile,'r');
 		if ($_POST['hdr']==1) {
 			$data = fgetcsv($handle,2096);
 		}
@@ -186,7 +188,7 @@ function parsecsv($data) {
 		}
 
 		fclose($handle);
-		unlink($filename);
+		deleteimport($filekey);
 		$overwriteBody = 1;
 		$body = "Import Successful<br/>\n";
 		$body .= "<p>";
@@ -198,15 +200,15 @@ function parsecsv($data) {
 		$body .= "</a></p>\n";
 
 	} elseif (isset($_FILES['userfile'])) {  //STEP 2 DATA MANIPULATION
-		$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/import/';
-		$uploadfile = $uploaddir . Sanitize::sanitizeFilenameAndCheckBlacklist($_FILES['userfile']['name']);
-		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-			$uploadfilename = basename($uploadfile);
-			$page_fileHiddenInput = "<input type=hidden name=\"filename\" value=\"".Sanitize::encodeStringForDisplay($uploadfilename)."\" />\n";
-		} else {
-			$overwriteBody = 1;
-			$body = "<p>Error uploading file!</p>\n";
-		}
+    if ($filekey = storeimportfile('userfile')) {
+      $page_fileHiddenInput = "<input type=hidden name=\"filekey\" value=\"".Sanitize::encodeStringForDisplay($filekey)."\" />\n";
+    } else {
+      echo "<p>Error uploading file!</p>\n";
+      echo Sanitize::encodeStringForDisplay($_FILES["userfile"]['error']);
+      exit;
+    }
+    $uploadfile = getimportfilepath($filekey);
+    
 		$handle = fopen_utf8($uploadfile,'r');
 		if ($_POST['hdr']==1) {
 			$data = fgetcsv($handle,2096);
@@ -297,7 +299,7 @@ function parsecsv($data) {
 ?>
 			</tbody>
 			</table>
- 
+
 <?php
 		foreach($_POST as $k=>$v) {
 			echo "<input type=hidden name=\"" . Sanitize::encodeStringForDisplay($k) . "\" value=\"".Sanitize::encodeStringForDisplay($v)."\">\n";

diff --git a/course/testquestion.php b/course/testquestion.php
@@ -279,7 +279,7 @@ function chguseinfixed(state) {
 
 	echo '<code id="qhtml" style="display:none">';
 	$message = displayq($qn,$_GET['qsetid'],$seed,false,false,0,true);
-	$message = printfilter(forcefiltergraph($message));
+	$message = printfilter($message);
 	$message = preg_replace('/(`[^`]*`)/',"<span class=\"AM\">$1</span>",$message);
 	$message = str_replacE('`','\`',$message);
 	echo htmlentities($message);