Home Verkennen Help
Inloggen
aj
/
chamilo-lms2
Volgen 1
Ster 0
Vork 0
Bestanden Kwesties 0 Pull-aanvragen 0 Wiki
Aftakking: master
Aftakkingen Labels
chamilo-lms2
/
main
/
document
/
download.php

download.php 4.4 KB
Permalink Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. /**
    4. 

  4.  * This file is responsible for passing requested documents to the browser.
    5. 

  5.  * Many functions updated and moved to lib/document.lib.php.
    6. 

  6.  *
    7. 

  7.  * @package chamilo.document
    8. 

  8.  */
    9. 

  9. session_cache_limiter('none');
    10. 

  10. 

  11. require_once __DIR__.'/../inc/global.inc.php';
    12. 

  12. $this_section = SECTION_COURSES;
    13. 

  13. 

  14. // Protection
    15. 

  15. api_protect_course_script();
    16. 

  16. 

  17. $_course = api_get_course_info();
    18. 

  18. 

  19. if (!isset($_course)) {
    20. 

  20.     api_not_allowed(true);
    21. 

  21. }
    22. 

  22. 

  23. $doc_url = $_GET['doc_url'];
    24. 

  24. // Change the '&' that got rewritten to '///' by mod_rewrite back to '&'
    25. 

  25. $doc_url = str_replace('///', '&', $doc_url);
    26. 

  26. // Still a space present? it must be a '+' (that got replaced by mod_rewrite)
    27. 

  27. $doc_url = str_replace(' ', '+', $doc_url);
    28. 

  28. 

  29. $docUrlParts = preg_split('/\/|\\\/', $doc_url);
    30. 

  30. $doc_url = '';
    31. 

  31. 

  32. foreach ($docUrlParts as $docUrlPart) {
    33. 

  33.     if (empty($docUrlPart) || in_array($docUrlPart, ['.', '..', '0'])) {
    34. 

  34.         continue;
    35. 

  35.     }
    36. 

  36. 

  37.     $doc_url .= '/'.$docUrlPart;
    38. 

  38. }
    39. 

  39. 

  40. if (empty($doc_url)) {
    41. 

  41.     api_not_allowed(
    42. 

  42.         !empty($_GET['origin']) && $_GET['origin'] === 'learnpath'
    43. 

  43.     );
    44. 

  44. }
    45. 

  45. 

  46. // Dealing with image included into survey: when users receive a link towards a
    47. 

  47. // survey while not being authenticated on the platform.
    48. 

  48. // The administrator should probably be able to disable this code through admin
    49. 

  49. // inteface.
    50. 

  50. $refer_script = isset($_SERVER["HTTP_REFERER"]) ? strrchr($_SERVER["HTTP_REFERER"], '/') : null;
    51. 

  51. 

  52. $sys_course_path = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document';
    53. 

  53. 

  54. if (substr($refer_script, 0, 15) == '/fillsurvey.php') {
    55. 

  55.     $invitation = substr(strstr($refer_script, 'invitationcode='), 15);
    56. 

  56.     $course = strstr($refer_script, 'course=');
    57. 

  57.     $course = substr($course, 7, strpos($course, '&') - 7);
    58. 

  58.     include '../survey/survey.download.inc.php';
    59. 

  59.     $_course = check_download_survey($course, $invitation, $doc_url);
    60. 

  60.     $_course['path'] = $_course['directory'];
    61. 

  61. } else {
    62. 

  62.     // If the rewrite rule asks for a directory, we redirect to the document explorer
    63. 

  63.     if (is_dir($sys_course_path.$doc_url)) {
    64. 

  64.         // Remove last slash if present
    65. 

  65.         // mod_rewrite can change /some/path/ to /some/path// in some cases, so clean them all off (René)
    66. 

  66.         while ($doc_url[$dul = strlen($doc_url) - 1] == '/') {
    67. 

  67.             $doc_url = substr($doc_url, 0, $dul);
    68. 

  68.         }
    69. 

  69.         // Group folder?
    70. 

  70.         $gid_req = ($_GET['gidReq']) ? '&gidReq='.intval($_GET['gidReq']) : '';
    71. 

  71.         // Create the path
    72. 

  72.         $document_explorer = api_get_path(WEB_CODE_PATH).'document/document.php?curdirpath='.urlencode($doc_url).'&'.api_get_cidreq_params(Security::remove_XSS($_GET['cidReq'], 0, $gid_req));
    73. 

  73.         // Redirect
    74. 

  74.         header('Location: '.$document_explorer);
    75. 

  75.         exit;
    76. 

  76.     }
    77. 

  77. }
    78. 

  78. 

  79. //Fixes swf upload problem in chamilo 1.8.x. When uploading a file with
    80. 

  80. //the character "-" the filename was changed from "-" to "_" in the DB for no reason
    81. 

  81. $path_info = pathinfo($doc_url);
    82. 

  82. 

  83. $fix_file_name = false;
    84. 

  84. if (isset($path_info['extension']) && $path_info['extension'] == 'swf') {
    85. 

  85.     $fixed_url = str_replace('-', '_', $doc_url);
    86. 

  86.     $doc_id = DocumentManager::get_document_id(api_get_course_info(), $doc_url);
    87. 

  87.     if (!$doc_id) {
    88. 

  88.         $doc_id = DocumentManager::get_document_id(api_get_course_info(), $doc_url, '0');
    89. 

  89.         if (!$doc_id) {
    90. 

  90.             $fix_file_name = true;
    91. 

  91.         }
    92. 

  92.     }
    93. 

  93. }
    94. 

  94. 

  95. if (Security::check_abs_path($sys_course_path.$doc_url, $sys_course_path.'/')) {
    96. 

  96.     $fullFileName = $sys_course_path.$doc_url;
    97. 

  97.     if ($fix_file_name) {
    98. 

  98.         $doc_url = $fixed_url;
    99. 

  99.     }
    100. 

  100.     // Check visibility of document and paths
    101. 

  101.     $is_visible = DocumentManager::is_visible($doc_url, $_course, api_get_session_id());
    102. 

  102. 

  103.     //Document's slideshow thumbnails
    104. 

  104.     //correct $is_visible used in below and ??. Now the students can view the thumbnails too
    105. 

  105.     if (preg_match('/\.thumbs\/\./', $doc_url)) {
    106. 

  106.         $doc_url_thumbs = str_replace('.thumbs/.', '', $doc_url);
    107. 

  107.         $is_visible = DocumentManager::is_visible($doc_url_thumbs, $_course, api_get_session_id());
    108. 

  108.     }
    109. 

  109. 

  110.     if (!api_is_allowed_to_edit() && !$is_visible) {
    111. 

  111.         echo Display::return_message(get_lang('Protected Document'), 'error'); //api_not_allowed backbutton won't work.
    112. 

  112.         exit; // You shouldn't be here anyway.
    113. 

  113.     }
    114. 

  114.     // Launch event
    115. 

  115.     Event::event_download($doc_url);
    116. 

  116.     $download = !empty($_GET['dl']) ? true : false;
    117. 

  117. 

  118.     $result = DocumentManager::file_send_for_download($fullFileName, $download);
    119. 

  119.     if ($result === false) {
    120. 

  120.         api_not_allowed(true);
    121. 

  121.     }
    122. 

  122. }
    123. 

  123. exit;
    124. 

  124.