"MDL-23268, remove file_browser, urldecode, clean filename, fixed fie overriding issue"

2025-08-04 16:36:37 +02:00 · 2010-07-26 08:37:48 +00:00 · 2010-07-26 08:37:48 +00:00 · 64654e78b6
commit 64654e78b6
parent 6c5b99d9f7
2 changed files with 21 additions and 7 deletions
--- a/repository/filepicker.js
+++ b/repository/filepicker.js
@ -109,6 +109,22 @@ M.core_filepicker.init = function(Y, options) {
                    params[i] = args['params'][i];
                }
            }
+            if (args.action == 'upload') {
+                var list = [];
+                for(var k in params) {
+                    var value = params[k];
+                    if(value instanceof Array) {
+                        for(var i in value) {
+                            list.push(k+'[]='+value[i]);
+                        }
+                    } else {
+                        list.push(k+'='+value);
+                    }
+                }
+                params = list.join('&');
+            } else {
+                params = build_querystring(params);
+            }
            var cfg = {
                method: 'POST',
                on: {
@ -145,7 +161,7 @@ M.core_filepicker.init = function(Y, options) {
                headers: {
                    'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'
                },
-                data: build_querystring(params),
+                data: params,
                context: this
            };
            if (args.form) {
--- a/repository/upload/lib.php
+++ b/repository/upload/lib.php
@ -56,7 +56,7 @@ class repository_upload extends repository {
        $record = new stdclass;
        $record->filearea = 'draft';
        $record->component = 'user';
-        $record->filepath = urldecode(optional_param('savepath', '/', PARAM_PATH));
+        $record->filepath = optional_param('savepath', '/', PARAM_PATH);
        $record->itemid   = optional_param('itemid', 0, PARAM_INT);
        $record->license  = optional_param('license', $CFG->sitedefaultlicense, PARAM_TEXT);
        $record->author   = optional_param('author', '', PARAM_TEXT);
@ -65,7 +65,6 @@ class repository_upload extends repository {
        $elname = 'repo_upload_file';

        $fs = get_file_storage();
-        $browser = get_file_browser();
        $sm = get_string_manager();

        if ($record->filepath !== '/') {
@ -81,7 +80,7 @@ class repository_upload extends repository {
        }

        if (empty($record->filename)) {
-            $record->filename = $_FILES[$elname]['name'];
+            $record->filename = clean_param($_FILES[$elname]['name'], PARAM_FILE);
        }

        if ($this->mimetypes != '*') {
@ -104,9 +103,8 @@ class repository_upload extends repository {
            $record->itemid = 0;
        }

-        if ($file = $browser->get_file_info($context, $record->filearea, $record->itemid, $record->filepath, $record->filename)) {
-            $file->delete();
-            //throw new moodle_exception('fileexist');
+        if ($file = $fs->get_file($context->id, $record->component, $record->filearea, $record->itemid, $record->filepath, $record->filename)) {
+            throw new moodle_exception('fileexist');
        }

        $record->contextid = $context->id;