remote.php 3.1 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. <?php
  2. /* See license terms in /license.txt */
  3. /**
  4. * Script that allows download of a specific file from external applications
  5. * @author Arnaud Ligot <arnaud@cblue.be>, Based on work done for old videoconference application (I have about 30 minutes to write this peace of code so if somebody has more time, feel free to rewrite it...)
  6. * @package chamilo.document
  7. */
  8. /**
  9. * Script that allows remote download of a file
  10. * @param string Action parameter (action=...)
  11. * @param string Course code (cidReq=...)
  12. * @param string Current working directory (cwd=...)
  13. * @return string JSON output
  14. */
  15. /* FIX for IE cache when using https */
  16. session_cache_limiter('none');
  17. /*==== DEBUG ====*/
  18. $debug=0;
  19. if ($debug>0) {
  20. // dump the request
  21. $v = array_keys(get_defined_vars());
  22. error_log(var_export($v, true),3, '/tmp/log');
  23. foreach (array_keys(get_defined_vars()) as $k) {
  24. if ($k == 'GLOBALS') {
  25. continue;
  26. }
  27. error_log($k, 3, '/tmp/log');
  28. error_log(var_export($$k, true), 3, '/tmp/log');
  29. }
  30. }
  31. /*==== INCLUDE ====*/
  32. require_once '../inc/global.inc.php';
  33. api_block_anonymous_users();
  34. require_once ('../newscorm/learnpath.class.php');
  35. /*==== Variables initialisation ====*/
  36. $action = $_REQUEST['action']; //safe as only used in if()'s
  37. $seek = array('/','%2F','..');
  38. $destroy = array('','','');
  39. $cidReq = str_replace($seek,$destroy,$_REQUEST["cidReq"]);
  40. $cidReq = Security::remove_XSS($cidReq);
  41. $user_id = api_get_user_id();
  42. $coursePath = api_get_path(SYS_COURSE_PATH).$cidReq.'/document';
  43. $_course = CourseManager::get_course_information($cidReq);
  44. if ($_course == null) die ("problem when fetching course information");
  45. // stupid variable initialisation for old version of DocumentManager functions.
  46. $_course['path'] = $_course['directory'];
  47. $_course['dbName'] = $_course['db_name'];
  48. $is_manager = (CourseManager::get_user_in_course_status($user_id, $cidReq) == COURSEMANAGER);
  49. if ($debug>0) { error_log($coursePath, 0); }
  50. // FIXME: check security around $_REQUEST["cwd"]
  51. $cwd = $_REQUEST['cwd'];
  52. // treat /..
  53. $nParent = 0; // the number of /.. into the url
  54. while (substr($cwd, -3, 3) == '/..') {
  55. // go to parent directory
  56. $cwd= substr($cwd, 0, -3);
  57. if (strlen($cwd) == 0) { $cwd='/'; }
  58. $nParent++;
  59. }
  60. for (;$nParent >0; $nParent--) {
  61. $cwd = (strrpos($cwd,'/')>-1 ? substr($cwd, 0, strrpos($cwd,'/')) : $cwd);
  62. }
  63. if (strlen($cwd) == 0) { $cwd='/'; }
  64. if (Security::check_abs_path($cwd,api_get_path(SYS_PATH))) {
  65. die();
  66. }
  67. if ($action == 'list') {
  68. /*==== List files ====*/
  69. if ($debug>0) { error_log("sending file list",0); }
  70. // get files list
  71. $files = DocumentManager::get_all_document_data($_course, $cwd, 0, NULL, false);
  72. // adding download link to files
  73. foreach ($files as $k=>$f) {
  74. if ($f['filetype'] == 'file') {
  75. //$files[$k]['download'] = api_get_path(WEB_CODE_PATH)."/document/document.php?cidReq=$cidReq&action=download&id=".urlencode($f['path']);
  76. $files[$k]['download'] = api_get_path(WEB_COURSE_PATH).$cidReq."/document".$f['path'];
  77. }
  78. print json_encode($files);
  79. exit;
  80. }
  81. }