download.php 1.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * This file is responsible for passing requested documents to the browser.
  5. * @package chamilo.document
  6. */
  7. session_cache_limiter('none');
  8. require_once '../inc/global.inc.php';
  9. $this_section = SECTION_COURSES;
  10. // Protection
  11. api_protect_course_script();
  12. if (!isset($_course)) {
  13. api_not_allowed(true);
  14. }
  15. $doc_url = $_GET['doc_url'];
  16. // Change the '&' that got rewritten to '///' by mod_rewrite back to '&'
  17. $doc_url = str_replace('///', '&', $doc_url);
  18. // Still a space present? it must be a '+' (that got replaced by mod_rewrite)
  19. $doc_url = str_replace(' ', '+', $doc_url);
  20. $doc_url = str_replace(array('../', '\\..', '\\0', '..\\'), array('', '', '', ''), $doc_url); //echo $doc_url;
  21. if (strpos($doc_url,'../') OR strpos($doc_url,'/..')) {
  22. $doc_url = '';
  23. }
  24. $sys_course_path = api_get_path(SYS_COURSE_PATH).$_course['path'].'/scorm';
  25. $user_id = api_get_user_id();
  26. if ($_SESSION['oLP']) {
  27. $lp_id = $_SESSION['oLP']->get_id();
  28. $lp_item_id = $_SESSION['oLP']->current;
  29. $lp_item_info = new learnpathItem($lp_item_id);
  30. if (!empty($lp_item_info)) {
  31. //if (basename($lp_item_info->path) == basename($doc_url)) {
  32. $visible = learnpath::is_lp_visible_for_student($lp_id, $user_id);
  33. if ($visible) {
  34. event_download($doc_url);
  35. if (Security::check_abs_path($sys_course_path.$doc_url, $sys_course_path.'/')) {
  36. $full_file_name = $sys_course_path.$doc_url;
  37. DocumentManager::file_send_for_download($full_file_name);
  38. exit;
  39. }
  40. }
  41. //}
  42. }
  43. }
  44. Display::display_error_message(get_lang('ProtectedDocument'));//api_not_allowed backbutton won't work.
  45. exit;