Главная Обзор Помощь
Регистрация Вход
aj
/
chamilo-lms2
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Ветка: ofaj_dev
Ветки Метки
chamilo-lms2
/
main
/
forum
/
download.php

download.php 2.4 KB
Постоянная ссылка История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. 

  4. /**
    5. 

  5.  * This file is responsible for  passing requested documents to the browser.
    6. 

  6.  * Html files are parsed to fix a few problems with URLs,
    7. 

  7.  * but this code will hopefully be replaced soon by an Apache URL
    8. 

  8.  * rewrite mechanism.
    9. 

  9.  *
    10. 

  10.  * @package chamilo.document
    11. 

  11.  */
    12. 

  12. session_cache_limiter('public');
    13. 

  13. 

  14. require_once __DIR__.'/../inc/global.inc.php';
    15. 

  15. 

  16. api_protect_course_script(true);
    17. 

  17. 

  18. $this_section = SECTION_COURSES;
    19. 

  19. 

  20. // IMPORTANT to avoid caching of documents
    21. 

  21. header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
    22. 

  22. header('Cache-Control: public');
    23. 

  23. header('Pragma: no-cache');
    24. 

  24. 

  25. $doc_url = $_GET['file'];
    26. 

  26. //change the '&' that got rewritten to '///' by mod_rewrite back to '&'
    27. 

  27. $doc_url = str_replace('///', '&', $doc_url);
    28. 

  28. //still a space present? it must be a '+' (that got replaced by mod_rewrite)
    29. 

  29. $doc_url = str_replace(' ', '+', $doc_url);
    30. 

  30. $doc_url = str_replace('/..', '', $doc_url);
    31. 

  31. 

  32. $tbl_forum_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
    33. 

  33. $tbl_forum_post = Database::get_course_table(TABLE_FORUM_POST);
    34. 

  34. 

  35. $course_id = api_get_course_int_id();
    36. 

  36. $courseInfo = api_get_course_info_by_id($course_id);
    37. 

  37. 

  38. $sql = 'SELECT thread_id, forum_id,filename
    39. 

  39.         FROM '.$tbl_forum_post.'  f
    40. 

  40.         INNER JOIN '.$tbl_forum_attachment.' a
    41. 

  41.         ON a.post_id=f.post_id
    42. 

  42.         WHERE
    43. 

  43.             f.c_id = '.$course_id.' AND
    44. 

  44.             a.c_id = '.$course_id.' AND
    45. 

  45.             path LIKE BINARY "'.$doc_url.'"';
    46. 

  46. 

  47. $result = Database::query($sql);
    48. 

  48. $row = Database::fetch_array($result);
    49. 

  49. 

  50. if (empty($row)) {
    51. 

  51.     api_not_allowed();
    52. 

  52. }
    53. 

  53. 

  54. $forum_thread_visibility = api_get_item_visibility(
    55. 

  55.     $courseInfo,
    56. 

  56.     TOOL_FORUM_THREAD,
    57. 

  57.     $row['thread_id'],
    58. 

  58.     api_get_session_id()
    59. 

  59. );
    60. 

  60. $forum_forum_visibility = api_get_item_visibility(
    61. 

  61.     $courseInfo,
    62. 

  62.     TOOL_FORUM,
    63. 

  63.     $row['forum_id'],
    64. 

  64.     api_get_session_id()
    65. 

  65. );
    66. 

  66. 

  67. if ($forum_thread_visibility == 1 && $forum_forum_visibility == 1) {
    68. 

  68.     $full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/upload/forum/'.$doc_url;
    69. 

  69.     if (Security::check_abs_path(
    70. 

  70.         $full_file_name,
    71. 

  71.         api_get_path(SYS_COURSE_PATH).$courseInfo['path'].'/upload/forum/'
    72. 

  72.     )) {
    73. 

  73.         // launch event
    74. 

  74.         Event::event_download($doc_url);
    75. 

  75. 

  76.         $result = DocumentManager::file_send_for_download(
    77. 

  77.             $full_file_name,
    78. 

  78.             true,
    79. 

  79.             $row['filename']
    80. 

  80.         );
    81. 

  81. 

  82.         if ($result === false) {
    83. 

  83.             api_not_allowed(true);
    84. 

  84.         }
    85. 

  85.     }
    86. 

  86. }
    87. 

  87. 

  88. api_not_allowed();
    89.