12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 |
- <?php
- session_cache_limiter('none');
- require_once __DIR__.'/../inc/global.inc.php';
- api_protect_course_script(true);
- api_block_anonymous_users();
- $action = $_REQUEST['action'];
- $seek = ['/', '%2F', '..'];
- $destroy = ['', '', ''];
- $cidReq = str_replace($seek, $destroy, $_REQUEST["cidReq"]);
- $cidReq = Security::remove_XSS($cidReq);
- $user_id = api_get_user_id();
- $coursePath = api_get_path(SYS_COURSE_PATH).$cidReq.'/document';
- $_course = api_get_course_info($cidReq);
- if (empty($_course)) {
- die("problem when fetching course information");
- }
- $_course['path'] = $_course['directory'];
- $is_manager = (CourseManager::getUserInCourseStatus($user_id, $_course['real_id']) == COURSEMANAGER);
- if ($debug > 0) {
- error_log($coursePath, 0);
- }
- $cwd = $_REQUEST['cwd'];
- $nParent = 0;
- while (substr($cwd, -3, 3) == '/..') {
-
- $cwd = substr($cwd, 0, -3);
- if (strlen($cwd) == 0) {
- $cwd = '/';
- }
- $nParent++;
- }
- for (; $nParent > 0; $nParent--) {
- $cwd = (strrpos($cwd, '/') > -1 ? substr($cwd, 0, strrpos($cwd, '/')) : $cwd);
- }
- if (strlen($cwd) == 0) {
- $cwd = '/';
- }
- if (Security::check_abs_path($cwd, api_get_path(SYS_PATH))) {
- die();
- }
- if ($action == 'list') {
-
- if ($debug > 0) {
- error_log("sending file list", 0);
- }
-
- $files = DocumentManager::getAllDocumentData($_course, $cwd, 0, null, false);
-
- foreach ($files as $k => $f) {
- if ($f['filetype'] == 'file') {
- $files[$k]['download'] = api_get_path(WEB_COURSE_PATH).$cidReq."/document".$f['path'];
- }
- echo json_encode($files);
- exit;
- }
- }
|