download_scorm.php 1.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. use ChamiloSession as Session;
  4. /**
  5. * This file is responsible for passing requested documents to the browser.
  6. *
  7. * @package chamilo.document
  8. */
  9. session_cache_limiter('none');
  10. require_once __DIR__.'/../inc/global.inc.php';
  11. $this_section = SECTION_COURSES;
  12. // Protection
  13. api_protect_course_script();
  14. $_course = api_get_course_info();
  15. if (!isset($_course)) {
  16. api_not_allowed(true);
  17. }
  18. /** @var learnpath $obj */
  19. $obj = Session::read('oLP');
  20. // If LP obj exists
  21. if (empty($obj)) {
  22. api_not_allowed();
  23. }
  24. // If is visible for the current user
  25. if (!learnpath::is_lp_visible_for_student($obj->get_id(), api_get_user_id(), $_course)) {
  26. api_not_allowed();
  27. }
  28. $doc_url = isset($_GET['doc_url']) ? $_GET['doc_url'] : null;
  29. // Change the '&' that got rewritten to '///' by mod_rewrite back to '&'
  30. $doc_url = str_replace('///', '&', $doc_url);
  31. // Still a space present? it must be a '+' (that got replaced by mod_rewrite)
  32. $doc_url = str_replace(' ', '+', $doc_url);
  33. $doc_url = str_replace(['../', '\\..', '\\0', '..\\'], ['', '', '', ''], $doc_url); //echo $doc_url;
  34. if (strpos($doc_url, '../') || strpos($doc_url, '/..')) {
  35. $doc_url = '';
  36. }
  37. $sys_course_path = api_get_path(SYS_COURSE_PATH).$_course['path'].'/scorm';
  38. if (is_dir($sys_course_path.$doc_url)) {
  39. api_not_allowed();
  40. }
  41. if (Security::check_abs_path($sys_course_path.$doc_url, $sys_course_path.'/')) {
  42. $full_file_name = $sys_course_path.$doc_url;
  43. // Launch event
  44. Event::event_download($doc_url);
  45. $fixLinks = api_get_configuration_value('lp_replace_http_to_https');
  46. $result = DocumentManager::file_send_for_download($full_file_name, false, '', $fixLinks);
  47. if ($result === false) {
  48. api_not_allowed(true, get_lang('The file was not found'), 404);
  49. }
  50. } else {
  51. api_not_allowed(true, get_lang('The file was not found'), 404);
  52. }