Merge pull request #7472 from christianbeeznest/dolot-23189

NicoDucou · web-flow · commit 3752ede19044 · 2026-02-02T08:44:56.000+01:00
Learnpath: Fix course backup import and LP restore flow - refs BT#23189
diff --git a/main/lp/lp_upload.php b/main/lp/lp_upload.php
@@ -12,6 +12,84 @@
  */
 require_once __DIR__.'/../inc/global.inc.php';
 api_protect_course_script();
+
+/**
+ * Imports a Chamilo CourseBackup zip that contains LP data into the current course.
+ * Returns true only if something was actually restored (basic DB verification).
+ */
+function chamilo_lp_import_from_zip(string $zipPath, int $sessionId): bool
+{
+    $cid = (int) api_get_course_int_id();
+
+    // Basic input validation
+    if (!is_file($zipPath) || !is_readable($zipPath)) {
+        return false;
+    }
+
+    // Minimal snapshot to detect real changes
+    $snapshot = static function () use ($cid): array {
+        $lp = Database::fetch_array(Database::query(
+            "SELECT COUNT(*) AS cnt, COALESCE(MAX(iid), 0) AS max_iid
+             FROM c_lp WHERE c_id = ".$cid
+        ));
+        $lpItem = Database::fetch_array(Database::query(
+            "SELECT COUNT(*) AS cnt, COALESCE(MAX(iid), 0) AS max_iid
+             FROM c_lp_item WHERE c_id = ".$cid
+        ));
+
+        return [
+            'lp_cnt' => (int) ($lp['cnt'] ?? 0),
+            'lp_max' => (int) ($lp['max_iid'] ?? 0),
+            'lpi_cnt' => (int) ($lpItem['cnt'] ?? 0),
+            'lpi_max' => (int) ($lpItem['max_iid'] ?? 0),
+        ];
+    };
+
+    $before = $snapshot();
+
+    // Store inside course_backups/
+    $backupFile = CourseArchiver::importUploadedFile($zipPath);
+    if ($backupFile === false || $backupFile === '') {
+        return false;
+    }
+
+    // Guard: ensure file is really there before readCourse()
+    $backupAbs = CourseArchiver::getBackupDir().$backupFile;
+    if (!is_file($backupAbs) || !is_readable($backupAbs)) {
+        return false;
+    }
+
+    // true => delete backup zip after extracting
+    $course = CourseArchiver::readCourse($backupFile, true);
+    if (!is_object($course)) {
+        return false;
+    }
+
+    $restorer = new CourseRestorer($course);
+    $restorer->set_file_option(FILE_OVERWRITE);
+
+    // Restore only what LP import needs (avoid side effects from full course restore)
+    $allowedTools = ['documents', 'learnpath_category', 'learnpaths', 'scorm_documents', 'assets'];
+    if (isset($restorer->tools_to_restore) && is_array($restorer->tools_to_restore)) {
+        $restorer->tools_to_restore = array_values(array_intersect($restorer->tools_to_restore, $allowedTools));
+    }
+
+    // Destination MUST be course code (api_get_course_id)
+    $destination = (string) api_get_course_id();
+    if ($destination === '') {
+        return false;
+    }
+
+    $res = $restorer->restore($destination, (int) $sessionId);
+    if ($res === false) {
+        return false;
+    }
+
+    $after = $snapshot();
+
+    return $after !== $before;
+}
+
 $course_dir = api_get_course_path().'/scorm';
 $course_sys_dir = api_get_path(SYS_COURSE_PATH).$course_dir;
 if (empty($_POST['current_dir'])) {
@@ -68,14 +146,17 @@
 
     switch ($type) {
         case 'chamilo':
-            $filename = CourseArchiver::importUploadedFile($_FILES['user_file']['tmp_name']);
-            if ($filename) {
-                $course = CourseArchiver::readCourse($filename, false);
-                $courseRestorer = new CourseRestorer($course);
-                // FILE_SKIP, FILE_RENAME or FILE_OVERWRITE
-                $courseRestorer->set_file_option(FILE_OVERWRITE);
-                $courseRestorer->restore('', api_get_session_id());
-                Display::addFlash(Display::return_message(get_lang('UplUploadSucceeded')));
+            if (empty($_configuration['allow_lp_chamilo_export'])) {
+                Display::addFlash(Display::return_message(get_lang('ScormUnknownPackageFormat'), 'warning'));
+                break;
+            }
+
+            $ok = chamilo_lp_import_from_zip($_FILES['user_file']['tmp_name'], api_get_session_id());
+
+            if ($ok) {
+                Display::addFlash(Display::return_message(get_lang('UplUploadSucceeded'), 'confirmation'));
+            } else {
+                Display::addFlash(Display::return_message(get_lang('UploadError'), 'error'));
             }
             break;
         case 'scorm':
@@ -168,6 +249,23 @@
     $type = learnpath::getPackageType($s, basename($s));
 
     switch ($type) {
+        case 'chamilo':
+            if (empty($_configuration['allow_lp_chamilo_export'])) {
+                $is_error = true;
+                Display::addFlash(Display::return_message(get_lang('UnknownPackageFormat'), 'error'));
+                break;
+            }
+
+            $ok = chamilo_lp_import_from_zip($s, api_get_session_id());
+            @unlink($s);
+
+            if ($ok) {
+                Display::addFlash(Display::return_message(get_lang('UplUploadSucceeded'), 'confirmation'));
+            } else {
+                $is_error = true;
+                Display::addFlash(Display::return_message(get_lang('UploadError'), 'error'));
+            }
+            break;
         case 'scorm':
             $oScorm = new scorm();
             $manifest = $oScorm->import_local_package($s, $current_dir);
diff --git a/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php b/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php
@@ -258,25 +258,59 @@ public static function getAvailableBackups($user_id = null)
     }
 
     /**
-     * @param array $file
+     * @param array|string $file Either $_FILES['...'] array or a tmp path string
      *
-     * @return bool|string
+     * @return bool|string Returns the stored zip filename (not full path) or false on failure
      */
     public static function importUploadedFile($file)
     {
-        $new_filename = uniqid('import_file', true).'.zip';
-        $new_dir = self::getBackupDir();
-        if (!is_dir($new_dir)) {
-            $fs = new Filesystem();
-            $fs->mkdir($new_dir);
+        $newFilename = uniqid('import_file', true).'.zip';
+        $newDir = self::getBackupDir();
+
+        // Ensure backup directory exists
+        if (!is_dir($newDir)) {
+            @mkdir($newDir, api_get_permissions_for_new_directories(), true);
+        }
+
+        if (!is_dir($newDir) || !is_writable($newDir)) {
+            return false;
+        }
+
+        // Normalize input
+        $tmpPath = '';
+        $uploadErr = 0;
+
+        if (is_array($file)) {
+            $uploadErr = (int) ($file['error'] ?? 0);
+            $tmpPath = (string) ($file['tmp_name'] ?? '');
+        } else {
+            $tmpPath = (string) $file;
         }
-        if (is_dir($new_dir) && is_writable($new_dir)) {
-            move_uploaded_file($file, $new_dir.$new_filename);
 
-            return $new_filename;
+        if ($uploadErr !== 0 || $tmpPath === '') {
+            return false;
         }
 
-        return false;
+        $destPath = $newDir.$newFilename;
+
+        // Prefer move_uploaded_file for real HTTP uploads, fallback to copy for non-upload contexts
+        $ok = false;
+        if (function_exists('is_uploaded_file') && is_uploaded_file($tmpPath)) {
+            $ok = @move_uploaded_file($tmpPath, $destPath);
+        } elseif (is_file($tmpPath) && is_readable($tmpPath)) {
+            $ok = @copy($tmpPath, $destPath);
+        } else {
+            return false;
+        }
+
+        clearstatcache(true, $destPath);
+
+        if (!$ok || !is_file($destPath) || (int) filesize($destPath) <= 0) {
+            @unlink($destPath);
+            return false;
+        }
+
+        return $newFilename;
     }
 
     /**
@@ -297,36 +331,73 @@ public static function readCourse($filename, $delete = false)
         $unzip_dir = self::getBackupDir().$tmp_dir_name;
         $filePath = self::getBackupDir().$filename;
 
-        @mkdir($unzip_dir, api_get_permissions_for_new_directories(), true);
-        @copy(
-            $filePath,
-            $unzip_dir.'/backup.zip'
-        );
+        $perms = api_get_permissions_for_new_directories();
+
+        if (!is_dir($unzip_dir) && !@mkdir($unzip_dir, $perms, true)) {
+            error_log('[COURSE_ARCHIVER] readCourse: failed to create unzip_dir="'.$unzip_dir.'"');
+            return new Course();
+        }
+
+        if (!is_file($filePath)) {
+            error_log('[COURSE_ARCHIVER] readCourse: backup zip not found filePath="'.$filePath.'"');
+            return new Course();
+        }
 
-        // unzip the archive
+        if (!@copy($filePath, $unzip_dir.'/backup.zip')) {
+            error_log('[COURSE_ARCHIVER] readCourse: failed to copy zip filePath="'.$filePath.'" to "'.$unzip_dir.'/backup.zip"');
+            return new Course();
+        }
+
+        // Unzip the archive
         $zip = new \PclZip($unzip_dir.'/backup.zip');
-        @chdir($unzip_dir);
+
+        if (!@chdir($unzip_dir)) {
+            error_log('[COURSE_ARCHIVER] readCourse: chdir failed unzip_dir="'.$unzip_dir.'"');
+            return new Course();
+        }
 
         // For course backups we must preserve original filenames so that
         // paths in course_info.dat still match the files in backup_path.
-        $zip->extract(
-            PCLZIP_OPT_TEMP_FILE_ON
-        );
+        $extractResult = $zip->extract(PCLZIP_OPT_TEMP_FILE_ON);
+
+        if ($extractResult === 0) {
+            error_log('[COURSE_ARCHIVER] readCourse: extract failed error="'.$zip->errorInfo(true).'" unzip_dir="'.$unzip_dir.'"');
+            return new Course();
+        }
 
-        // remove the archive-file
+        // Remove the archive-file
         if ($delete) {
             @unlink($filePath);
         }
 
-        // read the course
+        // Read the course
         if (!is_file('course_info.dat')) {
+            error_log('[COURSE_ARCHIVER] readCourse: missing course_info.dat cwd="'.getcwd().'" unzip_dir="'.$unzip_dir.'"');
+            return new Course();
+        }
+
+        $size = (int) @filesize('course_info.dat');
+        if ($size <= 0) {
+            error_log('[COURSE_ARCHIVER] readCourse: empty course_info.dat size='.$size.' cwd="'.getcwd().'"');
             return new Course();
         }
 
-        $fp = @fopen('course_info.dat', "r");
-        $contents = @fread($fp, filesize('course_info.dat'));
+        $fp = @fopen('course_info.dat', 'r');
+        if (false === $fp) {
+            error_log('[COURSE_ARCHIVER] readCourse: failed to open course_info.dat cwd="'.getcwd().'"');
+            return new Course();
+        }
+
+        $contents = @fread($fp, $size);
         @fclose($fp);
 
+        $readLen = is_string($contents) ? strlen($contents) : -1;
+        if (!is_string($contents) || $readLen <= 0) {
+            error_log('[COURSE_ARCHIVER] readCourse: failed to read course_info.dat');
+            return new Course();
+        }
+
+        // Backward compatibility aliases used by serialized payloads
         class_alias('Chamilo\CourseBundle\Component\CourseCopy\Course', 'Course');
         class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Announcement', 'Announcement');
         class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Attendance', 'Attendance');
@@ -357,17 +428,25 @@ class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki', 'Wiki');
         class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Work', 'Work');
         class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\XapiTool', 'XapiTool');
 
-        /** @var Course $course */
-        $course = \UnserializeApi::unserialize('course', base64_decode($contents));
+        $decoded = base64_decode($contents, true);
+        if (false === $decoded) {
+            error_log('[COURSE_ARCHIVER] readCourse: base64_decode strict failed, retry non-strict');
+            $decoded = base64_decode($contents);
+        }
+
+        if (!is_string($decoded) || $decoded === '') {
+            error_log('[COURSE_ARCHIVER] readCourse: base64_decode produced empty payload');
+            return new Course();
+        }
 
-        if (!in_array(
-            get_class($course),
-            ['Course', 'Chamilo\CourseBundle\Component\CourseCopy\Course']
-        )
-        ) {
+        /** @var mixed $course */
+        $course = \UnserializeApi::unserialize('course', $decoded);
+        if (!is_object($course) || !in_array(get_class($course), ['Course', 'Chamilo\CourseBundle\Component\CourseCopy\Course'], true)) {
+            error_log('[COURSE_ARCHIVER] readCourse: invalid class after unserialize, returning empty Course');
             return new Course();
         }
 
+        // Ensure backup_path is always set when unserialize is successful
         $course->backup_path = $unzip_dir;
 
         return $course;
