download_comment_file.php 1.6 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * This file is responsible for passing requested documents to the browser.
  5. * Html files are parsed to fix a few problems with URLs,
  6. * but this code will hopefully be replaced soon by an Apache URL
  7. * rewrite mechanism.
  8. *
  9. * @package chamilo.work
  10. */
  11. require_once '../inc/global.inc.php';
  12. require_once 'work.lib.php';
  13. // Course protection
  14. api_protect_course_script(true);
  15. $commentId = isset($_GET['comment_id']) ? intval($_GET['comment_id']) : null;
  16. if (empty($commentId)) {
  17. api_not_allowed(true);
  18. }
  19. $workData = getWorkComment($commentId);
  20. $courseInfo = api_get_course_info();
  21. if (!empty($workData)) {
  22. if (
  23. empty($workData['file_path']) ||
  24. (isset($workData['file_path']) && !file_exists($workData['file_path']))
  25. ) {
  26. api_not_allowed(true);
  27. }
  28. $work = get_work_data_by_id($workData['work_id']);
  29. allowOnlySubscribedUser(api_get_user_id(), $work['parent_id'], $courseInfo['real_id']);
  30. if (user_is_author($workData['work_id']) ||
  31. $courseInfo['show_score'] == 0 &&
  32. $work['active'] == 1 &&
  33. $work['accepted'] == 1
  34. ) {
  35. if (Security::check_abs_path(
  36. $workData['file_path'],
  37. api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/'
  38. )
  39. ) {
  40. DocumentManager::file_send_for_download(
  41. $workData['file_path'],
  42. true,
  43. $workData['file_name_to_show']
  44. );
  45. }
  46. } else {
  47. api_not_allowed(true);
  48. }
  49. } else {
  50. api_not_allowed(true);
  51. }