Remove use of Course::unserialize() when exporting/importing course bk

Author: jmontoyaa

main/coursecopy/copy_course.php

@@ -35,17 +35,17 @@
 Display::display_header(get_lang('CopyCourse'));
 echo Display::page_header(get_lang('CopyCourse'));
 
-/* MAIN CODE */
+$action = isset($_POST['action']) ? $_POST['action'] : '';
 
 // If a CourseSelectForm is posted or we should copy all resources, then copy them
 if (Security::check_token('post') && (
-    (isset($_POST['action']) && $_POST['action'] == 'course_select_form') ||
-    (isset($_POST['copy_option']) && $_POST['copy_option'] == 'full_copy')
+    ($action === 'course_select_form') ||
+    (isset($_POST['copy_option']) && $_POST['copy_option'] === 'full_copy')
     )
 ) {
     // Clear token
     Security::clear_token();
-    if (isset($_POST['action']) && $_POST['action'] == 'course_select_form') {
+    if ($action === 'course_select_form') {
         $course = CourseSelectForm::get_posted_course('copy_course');
     } else {
         $cb = new CourseBuilder();
@@ -63,7 +63,7 @@
     );
 } elseif (Security::check_token('post') && (
         isset($_POST['copy_option']) &&
-        $_POST['copy_option'] == 'select_items'
+        $_POST['copy_option'] === 'select_items'
     )
 ) {
     // Clear token

main/coursecopy/copy_course_session.php

@@ -20,6 +20,7 @@
 
 api_protect_global_admin_script();
 api_protect_limit_for_session_admin();
+api_set_more_memory_and_time_limits();
 
 $xajax = new xajax();
 $xajax->registerFunction('search_courses');
@@ -28,8 +29,7 @@
     api_not_allowed(true);
 }
 
-api_set_more_memory_and_time_limits();
-
+$action = isset($_POST['action']) ? $_POST['action'] : '';
 $this_section = SECTION_PLATFORM_ADMIN;
 
 $nameTools = get_lang('CopyCourse');
@@ -163,7 +163,7 @@ function search_courses($id_session, $type)
     $return = null;
 
     if (!empty($type)) {
-        $id_session = intval($id_session);
+        $id_session = (int) $id_session;
         if ($type == 'origin') {
             $course_list = SessionManager::get_course_list_by_session_id($id_session);
             $temp_course_list = [];
@@ -279,10 +279,7 @@ function checkSelected(id_select,id_radio,id_title,id_destination) {
 
 /*  MAIN CODE  */
 if (Security::check_token('post') && (
-        (
-            isset($_POST['action']) &&
-            $_POST['action'] == 'course_select_form'
-        ) || (
+        ($action === 'course_select_form') || (
             isset($_POST['copy_option']) &&
             $_POST['copy_option'] == 'full_copy'
         )
@@ -291,7 +288,7 @@ function checkSelected(id_select,id_radio,id_title,id_destination) {
     // Clear token
     Security::clear_token();
     $destination_course = $origin_course = $destination_session = $origin_session = '';
-    if (isset($_POST['action']) && $_POST['action'] == 'course_select_form') {
+    if ($action === 'course_select_form') {
         $destination_course = $_POST['destination_course'];
         $origin_course = $_POST['origin_course'];
         $destination_session = $_POST['destination_session'];

main/coursecopy/copy_course_session_selected.php

@@ -20,6 +20,7 @@
 $current_course_tool = TOOL_COURSE_MAINTENANCE;
 
 api_protect_course_script(true, true);
+api_set_more_memory_and_time_limits();
 
 $xajax = new xajax();
 $xajax->registerFunction('searchCourses');
@@ -32,6 +33,8 @@
     api_not_allowed(true);
 }
 
+$action = isset($_POST['action']) ? $_POST['action'] : '';
+
 $courseId = api_get_course_int_id();
 $courseInfo = api_get_course_info_by_id($courseId);
 $courseCode = $courseInfo['code'];
@@ -41,8 +44,6 @@
     api_not_allowed(true);
 }
 
-api_set_more_memory_and_time_limits();
-
 $this_section = SECTION_COURSES;
 $nameTools = get_lang('CopyCourse');
 $returnLink = api_get_path(WEB_CODE_PATH).'course_info/maintenance_coach.php?'.api_get_cidreq();
@@ -58,7 +59,6 @@
 $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
 $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
 
-/* FUNCTIONS */
 /**
  * @param string $name
  */
@@ -128,8 +128,7 @@ function displayForm()
             get_lang('CopyCourseFromSessionToSessionExplanation')
     );
 
-    $html .= '<form name="formulaire" method="post" action="'.api_get_self(
-        ).'?'.api_get_cidreq().'" >';
+    $html .= '<form name="formulaire" method="post" action="'.api_get_self().'?'.api_get_cidreq().'" >';
     $html .= '<table border="0" cellpadding="5" cellspacing="0" width="100%">';
 
     // Source
@@ -199,7 +198,7 @@ function searchCourses($idSession, $type)
     $courseCode = api_get_course_id();
 
     if (!empty($type)) {
-        $idSession = intval($idSession);
+        $idSession = (int) $idSession;
         $courseList = SessionManager::get_course_list_by_session_id($idSession);
 
         $return .= '<select id="destination" name="SessionCoursesListDestination[]" style="width:380px;" >';
@@ -236,8 +235,6 @@ function searchCourses($idSession, $type)
 
 $xajax->processRequests();
 
-/* HTML head extra */
-
 $htmlHeadXtra[] = $xajax->getJavascript(
     api_get_path(WEB_LIBRARY_PATH).'xajax/'
 );
@@ -283,14 +280,14 @@ function checkSelected(id_select,id_radio,id_title,id_destination) {
 
 /* MAIN CODE */
 
-if ((isset($_POST['action']) && $_POST['action'] == 'course_select_form') ||
+if (($action === 'course_select_form') ||
     (isset($_POST['copy_option']) && $_POST['copy_option'] == 'full_copy')
 ) {
     $destinationCourse = $destinationSession = '';
     $originCourse = api_get_course_id();
     $originSession = api_get_session_id();
 
-    if (isset($_POST['action']) && $_POST['action'] == 'course_select_form') {
+    if ($action === 'course_select_form') {
         $destinationCourse = $_POST['destination_course'];
         $destinationSession = $_POST['destination_session'];
         $course = CourseSelectForm::get_posted_course(

main/coursecopy/import_backup.php

@@ -4,6 +4,7 @@
 use Chamilo\CourseBundle\Component\CourseCopy\CourseArchiver;
 use Chamilo\CourseBundle\Component\CourseCopy\CourseRestorer;
 use Chamilo\CourseBundle\Component\CourseCopy\CourseSelectForm;
+use ChamiloSession as Session;
 
 /**
  * Import a backup.
@@ -40,45 +41,34 @@
 // Display the tool title
 echo Display::page_header($nameTools);
 
+$action = isset($_POST['action']) ? $_POST['action'] : '';
+$importOption = isset($_POST['import_option']) ? $_POST['import_option'] : '';
+
 /* MAIN CODE */
 $filename = '';
-if (Security::check_token('post') && (
-        (
-            isset($_POST['action']) &&
-            $_POST['action'] == 'course_select_form'
-        ) || (
-            isset($_POST['import_option']) &&
-            $_POST['import_option'] == 'full_backup'
-        )
-    )
-) {
+if (Security::check_token('post') && ($action === 'course_select_form' || $importOption === 'full_backup')) {
     // Clear token
     Security::clear_token();
 
     $error = false;
-    if (isset($_POST['action']) &&
-        $_POST['action'] == 'course_select_form'
-    ) {
+    if ($action === 'course_select_form') {
         // Partial backup here we recover the documents posted
-        // This gets $_POST['course']. Beware that when using Suhosin,
-        // the post.max_value_length limit might get in the way of the
-        // restoration of a course with many items. A value of 1,000,000 bytes
-        // might be too short.
-        $course = CourseSelectForm::get_posted_course();
+        $filename = Session::read('backup_file');
+        $course = CourseArchiver::readCourse($filename, false);
+        $course = CourseSelectForm::get_posted_course(null, null, null, $course);
     } else {
-        if ($_POST['backup_type'] == 'server') {
+        if ($_POST['backup_type'] === 'server') {
             $filename = $_POST['backup_server'];
             $delete_file = false;
         } else {
             if ($_FILES['backup']['error'] == 0) {
-                $filename = CourseArchiver::importUploadedFile(
-                    $_FILES['backup']['tmp_name']
-                );
+                $filename = CourseArchiver::importUploadedFile($_FILES['backup']['tmp_name']);
                 if ($filename === false) {
                     $error = true;
                 } else {
-                    $delete_file = true;
+                    $delete_file = false;
                 }
+                Session::write('backup_file', $filename);
             } else {
                 $error = true;
             }
@@ -115,24 +105,21 @@
         }
     }
     CourseArchiver::cleanBackupDir();
-} elseif (Security::check_token('post') && (
-        isset($_POST['import_option']) &&
-        $_POST['import_option'] == 'select_items'
-    )
-) {
+} elseif (Security::check_token('post') && $importOption === 'select_items') {
     // Clear token
     Security::clear_token();
 
-    if ($_POST['backup_type'] == 'server') {
+    if ($_POST['backup_type'] === 'server') {
         $filename = $_POST['backup_server'];
         $delete_file = false;
     } else {
         $filename = CourseArchiver::importUploadedFile($_FILES['backup']['tmp_name']);
-        $delete_file = true;
+        $delete_file = false;
+        Session::write('backup_file', $filename);
     }
     $course = CourseArchiver::readCourse($filename, $delete_file);
 
-    if ($course->has_resources() && ($filename !== false)) {
+    if ($course->has_resources() && $filename !== false) {
         $hiddenFields['same_file_name_option'] = $_POST['same_file_name_option'];
         // Add token to Course select form
         $hiddenFields['sec_token'] = Security::get_token();
@@ -146,9 +133,7 @@
     }
 } else {
     $user = api_get_user_info();
-    $backups = CourseArchiver::getAvailableBackups(
-        $is_platformAdmin ? null : $user['user_id']
-    );
+    $backups = CourseArchiver::getAvailableBackups($is_platformAdmin ? null : $user['user_id']);
     $backups_available = count($backups) > 0;
 
     $form = new FormValidator(
@@ -282,4 +267,9 @@
     $form->display();
 }
 
+if (!isset($_POST['action'])) {
+    Session::erase('backup_file');
+}
+
+
 Display::display_footer();

main/coursecopy/recycle_course.php

@@ -36,10 +36,10 @@
 
 // Display the tool title
 echo Display::page_header($nameTools);
+$action = isset($_POST['action']) ? $_POST['action'] : '';
 
 if (Security::check_token('post') && (
-        isset($_POST['action']) &&
-        $_POST['action'] == 'course_select_form' ||
+        $action === 'course_select_form' ||
         (
             isset($_POST['recycle_option']) &&
             $_POST['recycle_option'] == 'full_backup'
@@ -48,25 +48,24 @@
 ) {
     // Clear token
     Security::clear_token();
-
-    if (isset($_POST['action']) && $_POST['action'] == 'course_select_form') {
+    if (isset($_POST['action']) && $_POST['action'] === 'course_select_form') {
         $course = CourseSelectForm::get_posted_course();
     } else {
         $cb = new CourseBuilder();
         $course = $cb->build();
     }
     $recycle_type = '';
-    if (isset($_POST['recycle_option']) && $_POST['recycle_option'] == 'full_backup') {
+    if (isset($_POST['recycle_option']) && $_POST['recycle_option'] === 'full_backup') {
         $recycle_type = 'full_backup';
-    } elseif (isset($_POST['action']) && $_POST['action'] == 'course_select_form') {
+    } elseif (isset($_POST['action']) && $_POST['action'] === 'course_select_form') {
         $recycle_type = 'select_items';
     }
     $cr = new CourseRecycler($course);
     $cr->recycle($recycle_type);
     echo Display::return_message(get_lang('RecycleFinished'), 'confirm');
 } elseif (Security::check_token('post') && (
         isset($_POST['recycle_option']) &&
-        $_POST['recycle_option'] == 'select_items'
+        $_POST['recycle_option'] === 'select_items'
     )
 ) {
     // Clear token

src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php

@@ -251,7 +251,7 @@ public static function getAvailableBackups($user_id = null)
      */
     public static function importUploadedFile($file)
     {
-        $new_filename = uniqid('').'.zip';
+        $new_filename = uniqid('import_file', true).'.zip';
         $new_dir = self::getBackupDir();
         if (!is_dir($new_dir)) {
             $fs = new Filesystem();

src/Chamilo/CourseBundle/Component/CourseCopy/CourseRestorer.php

@@ -153,9 +153,7 @@ public function restore(
         $this->destination_course_id = $course_info['real_id'];
 
         // Getting first teacher (for the forums)
-        $teacher_list = CourseManager::get_teacher_list_from_course_code(
-            $course_info['code']
-        );
+        $teacher_list = CourseManager::get_teacher_list_from_course_code($course_info['code']);
         $this->first_teacher_id = api_get_user_id();
 
         if (!empty($teacher_list)) {

src/Chamilo/CourseBundle/Component/CourseCopy/CourseSelectForm.php

@@ -444,7 +444,7 @@ public static function display_hidden_quiz_questions($course)
     {
         if (is_array($course->resources)) {
             foreach ($course->resources as $type => $resources) {
-                if (count($resources) > 0) {
+                if (!empty($resources) && count($resources) > 0) {
                     switch ($type) {
                         case RESOURCE_QUIZQUESTION:
                             foreach ($resources as $id => $resource) {
@@ -467,7 +467,7 @@ public static function display_hidden_scorm_directories($course)
     {
         if (is_array($course->resources)) {
             foreach ($course->resources as $type => $resources) {
-                if (count($resources) > 0) {
+                if (!empty($resources) && count($resources) > 0) {
                     switch ($type) {
                         case RESOURCE_SCORM:
                             foreach ($resources as $id => $resource) {
@@ -497,13 +497,11 @@ public static function display_hidden_scorm_directories($course)
      */
     public static function get_posted_course($from = '', $session_id = 0, $course_code = '', $postedCourse = null)
     {
-        $course = null;
-        if (isset($_POST['course'])) {
-            $course = Course::unserialize(base64_decode($_POST['course']));
-        }
-
-        if ($postedCourse) {
-            $course = $postedCourse;
+        $course = $postedCourse;
+        if (empty($postedCourse)) {
+            $cb = new CourseBuilder();
+            $postResource = isset($_POST['resource']) ? $_POST['resource'] : [];
+            $course = $cb->build(0, null, false, array_keys($postResource), $postResource);
         }
 
         if (empty($course)) {
@@ -527,7 +525,7 @@ public static function get_posted_course($from = '', $session_id = 0, $course_co
                 foreach ($resource as $resource_item) {
                     $conditionSession = '';
                     if (!empty($session_id)) {
-                        $session_id = intval($session_id);
+                        $session_id = (int) $session_id;
                         $conditionSession = ' AND d.session_id ='.$session_id;
                     }
 
@@ -645,7 +643,7 @@ public static function get_posted_course($from = '', $session_id = 0, $course_co
                         $documents = isset($_POST['resource'][RESOURCE_DOCUMENT]) ? $_POST['resource'][RESOURCE_DOCUMENT] : null;
                         if (!empty($resources) && is_array($resources)) {
                             foreach ($resources as $id => $obj) {
-                                if (isset($obj->file_type) && $obj->file_type == 'folder' &&
+                                if (isset($obj->file_type) && $obj->file_type === 'folder' &&
                                     !isset($_POST['resource'][RESOURCE_DOCUMENT][$id]) &&
                                     is_array($documents)
                                 ) {