1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 |
- <?php
- /* For licensing terms, see /license.txt */
- /**
- * This file is responsible for passing requested documents to the browser.
- * Html files are parsed to fix a few problems with URLs,
- * but this code will hopefully be replaced soon by an Apache URL
- * rewrite mechanism.
- *
- * @package chamilo.work
- */
- require_once '../inc/global.inc.php';
- require_once 'work.lib.php';
- // Course protection
- api_protect_course_script(true);
- $commentId = isset($_GET['comment_id']) ? intval($_GET['comment_id']) : null;
- if (empty($commentId)) {
- api_not_allowed(true);
- }
- $workData = getWorkComment($commentId);
- $courseInfo = api_get_course_info();
- if (!empty($workData)) {
- if (
- empty($workData['file_path']) ||
- (isset($workData['file_path']) && !file_exists($workData['file_path']))
- ) {
- api_not_allowed(true);
- }
- $work = get_work_data_by_id($workData['work_id']);
- protectWork($courseInfo, $work['parent_id']);
- if (user_is_author($workData['work_id']) ||
- $courseInfo['show_score'] == 0 &&
- $work['active'] == 1 &&
- $work['accepted'] == 1
- ) {
- if (Security::check_abs_path(
- $workData['file_path'],
- api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/'
- )
- ) {
- DocumentManager::file_send_for_download(
- $workData['file_path'],
- true,
- $workData['file_name_to_show']
- );
- }
- } else {
- api_not_allowed(true);
- }
- } else {
- api_not_allowed(true);
- }
|