download.php 2.1 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * This file is responsible for passing requested documents to the browser.
  5. * Html files are parsed to fix a few problems with URLs,
  6. * but this code will hopefully be replaced soon by an Apache URL
  7. * rewrite mechanism.
  8. *
  9. * @package chamilo.blogs
  10. */
  11. /**
  12. * MAIN CODE
  13. */
  14. session_cache_limiter('public');
  15. require_once '../inc/global.inc.php';
  16. $this_section=SECTION_COURSES;
  17. // IMPORTANT to avoid caching of documents
  18. header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
  19. header('Cache-Control: public');
  20. header('Pragma: no-cache');
  21. //protection
  22. api_protect_course_script(true);
  23. $doc_url = $_GET['file'];
  24. //change the '&' that got rewritten to '///' by mod_rewrite back to '&'
  25. $doc_url = str_replace('///', '&', $doc_url);
  26. //still a space present? it must be a '+' (that got replaced by mod_rewrite)
  27. $doc_url = str_replace(' ', '+', $doc_url);
  28. $doc_url = str_replace('/..', '', $doc_url); //echo $doc_url;
  29. if (! isset($_course)) {
  30. api_not_allowed(true);
  31. }
  32. $full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/upload/blog/'.$doc_url;
  33. //if the rewrite rule asks for a directory, we redirect to the course view
  34. if (is_dir($full_file_name)) {
  35. //remove last slash if present
  36. while ($doc_url{$dul = strlen($doc_url)-1}=='/') $doc_url = substr($doc_url,0,$dul);
  37. //create the path
  38. $document_explorer = api_get_path(WEB_COURSE_PATH).api_get_course_path(); // home course path
  39. //redirect
  40. header('Location: '.$document_explorer);
  41. }
  42. $tbl_blogs_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT);
  43. $course_id = api_get_course_int_id();
  44. // launch event
  45. event_download($doc_url);
  46. $sql = 'SELECT filename FROM '.$tbl_blogs_attachment.'
  47. WHERE c_id = '.$course_id.' AND path LIKE BINARY "'.Database::escape_string($doc_url).'"';
  48. $result = Database::query($sql);
  49. if (Database::num_rows($result) > 0) {
  50. $row = Database::fetch_array($result);
  51. if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH).api_get_course_path().'/upload/blog/')) {
  52. DocumentManager::file_send_for_download($full_file_name, TRUE, $row['filename']);
  53. }
  54. }
  55. exit;