首頁 探索 說明
登入
aj
/
chamilo-lms2
關註 1
讚好 0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
分支: master
分支列表 標籤列表
chamilo-lms2
/
main
/
announcements
/
download.php

download.php 2.6 KB
永久連結 文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. /**
    4. 

  4.  * This file is responsible for  passing requested documents to the browser.
    5. 

  5.  * Html files are parsed to fix a few problems with URLs,
    6. 

  6.  * but this code will hopefully be replaced soon by an Apache URL
    7. 

  7.  * rewrite mechanism.
    8. 

  8.  *
    9. 

  9.  * @package chamilo.announcements
    10. 

  10.  */
    11. 

  11. session_cache_limiter('nocache');
    12. 

  12. 

  13. require_once __DIR__.'/../inc/global.inc.php';
    14. 

  14. 

  15. // IMPORTANT to avoid caching of documents
    16. 

  16. header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
    17. 

  17. header('Cache-Control: public');
    18. 

  18. header('Pragma: no-cache');
    19. 

  19. 

  20. //protection
    21. 

  21. api_protect_course_script(true);
    22. 

  22. 

  23. $doc_url = $_GET['file'];
    24. 

  24. //change the '&' that got rewritten to '///' by mod_rewrite back to '&'
    25. 

  25. $doc_url = str_replace('///', '&', $doc_url);
    26. 

  26. //still a space present? it must be a '+' (that got replaced by mod_rewrite)
    27. 

  27. $doc_url = str_replace(' ', '+', $doc_url);
    28. 

  28. $doc_url = str_replace('/..', '', $doc_url); //echo $doc_url;
    29. 

  29. 

  30. if (strpos($doc_url, '../') || strpos($doc_url, '/..')) {
    31. 

  31.     $doc_url = '';
    32. 

  32. }
    33. 

  33. 

  34. if (!isset($_course)) {
    35. 

  35.     api_not_allowed(true);
    36. 

  36. }
    37. 

  37. 

  38. $full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/upload/announcements/'.$doc_url;
    39. 

  39. 

  40. //if the rewrite rule asks for a directory, we redirect to the document explorer
    41. 

  41. if (is_dir($full_file_name)) {
    42. 

  42.     //remove last slash if present
    43. 

  43.     //$doc_url = ($doc_url{strlen($doc_url)-1}=='/')?substr($doc_url,0,strlen($doc_url)-1):$doc_url;
    44. 

  44.     //mod_rewrite can change /some/path/ to /some/path// in some cases, so clean them all off (René)
    45. 

  45.     while ($doc_url[$dul = strlen($doc_url) - 1] == '/') {
    46. 

  46.         $doc_url = substr($doc_url, 0, $dul);
    47. 

  47.     }
    48. 

  48.     //create the path
    49. 

  49.     $document_explorer = api_get_path(WEB_COURSE_PATH).api_get_course_path(); // home course path
    50. 

  50.     //redirect
    51. 

  51.     header('Location: '.$document_explorer);
    52. 

  52.     exit;
    53. 

  53. }
    54. 

  54. 

  55. $table = Database::get_course_table(TABLE_ANNOUNCEMENT_ATTACHMENT);
    56. 

  56. 

  57. // launch event
    58. 

  58. Event::event_download($doc_url);
    59. 

  59. $course_id = api_get_course_int_id();
    60. 

  60. $doc_url = Database::escape_string($doc_url);
    61. 

  61. 

  62. $sql = "SELECT filename FROM $table
    63. 

  63.   	  	WHERE c_id = $course_id AND path LIKE BINARY '$doc_url'";
    64. 

  64. 

  65. $result = Database::query($sql);
    66. 

  66. if (Database::num_rows($result) > 0) {
    67. 

  67.     $row = Database::fetch_array($result);
    68. 

  68.     $title = str_replace(' ', '_', $row['filename']);
    69. 

  69.     if (Security::check_abs_path(
    70. 

  70.         $full_file_name,
    71. 

  71.         api_get_path(SYS_COURSE_PATH).api_get_course_path().'/upload/announcements/'
    72. 

  72.     )
    73. 

  73.     ) {
    74. 

  74.         $result = DocumentManager::file_send_for_download($full_file_name, true, $title);
    75. 

  75.         if ($result === false) {
    76. 

  76.             api_not_allowed(true);
    77. 

  77.         }
    78. 

  78.     }
    79. 

  79. }
    80. 

  80. exit;
    81. 

  81.