Home Explore Help
Sign In
aj
/
chamilo-lms2
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: ofajdev2017
Branches Tags
chamilo-lms2
/
main
/
document
/
download.php

download.php 4.3 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. /**
    4. 

  4.  *  This file is responsible for passing requested documents to the browser.
    5. 

  5.  *  Many functions updated and moved to lib/document.lib.php
    6. 

  6.  *	@package chamilo.document
    7. 

  7.  */
    8. 

  8. 

  9. session_cache_limiter('none');
    10. 

  10. 

  11. require_once __DIR__.'/../inc/global.inc.php';
    12. 

  12. $this_section = SECTION_COURSES;
    13. 

  13. 

  14. // Protection
    15. 

  15. api_protect_course_script();
    16. 

  16. 

  17. $_course = api_get_course_info();
    18. 

  18. 

  19. if (!isset($_course)) {
    20. 

  20.     api_not_allowed(true);
    21. 

  21. }
    22. 

  22. 

  23. $doc_url = $_GET['doc_url'];
    24. 

  24. // Change the '&' that got rewritten to '///' by mod_rewrite back to '&'
    25. 

  25. $doc_url = str_replace('///', '&', $doc_url);
    26. 

  26. // Still a space present? it must be a '+' (that got replaced by mod_rewrite)
    27. 

  27. $doc_url = str_replace(' ', '+', $doc_url);
    28. 

  28. 

  29. $doc_url = str_replace(array('../', '\\..', '\\0', '..\\'), array('', '', '', ''), $doc_url); //echo $doc_url;
    30. 

  30. 

  31. if (strpos($doc_url, '../') || strpos($doc_url, '/..')) {
    32. 

  32.     $doc_url = '';
    33. 

  33. }
    34. 

  34. 

  35. // Dealing with image included into survey: when users receive a link towards a
    36. 

  36. // survey while not being authenticated on the platform.
    37. 

  37. // The administrator should probably be able to disable this code through admin
    38. 

  38. // inteface.
    39. 

  39. $refer_script = isset($_SERVER["HTTP_REFERER"]) ? strrchr($_SERVER["HTTP_REFERER"], '/') : null;
    40. 

  40. 

  41. $sys_course_path = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document';
    42. 

  42. 

  43. if (substr($refer_script, 0, 15) == '/fillsurvey.php') {
    44. 

  44.     $invitation = substr(strstr($refer_script, 'invitationcode='), 15);
    45. 

  45.     $course = strstr($refer_script, 'course=');
    46. 

  46.     $course = substr($course, 7, strpos($course, '&') - 7);
    47. 

  47.     include '../survey/survey.download.inc.php';
    48. 

  48.     $_course = check_download_survey($course, $invitation, $doc_url);
    49. 

  49.     $_course['path'] = $_course['directory'];
    50. 

  50. } else {
    51. 

  51.     // If the rewrite rule asks for a directory, we redirect to the document explorer
    52. 

  52.     if (is_dir($sys_course_path.$doc_url)) {
    53. 

  53.         // Remove last slash if present
    54. 

  54.         // mod_rewrite can change /some/path/ to /some/path// in some cases, so clean them all off (René)
    55. 

  55.         while ($doc_url{$dul = strlen($doc_url) - 1} == '/') {
    56. 

  56.             $doc_url = substr($doc_url, 0, $dul);
    57. 

  57.         }
    58. 

  58.         // Group folder?
    59. 

  59.         $gid_req = ($_GET['gidReq']) ? '&gidReq='.intval($_GET['gidReq']) : '';
    60. 

  60.         // Create the path
    61. 

  61.         $document_explorer = api_get_path(WEB_CODE_PATH).'document/document.php?curdirpath='.urlencode($doc_url).'&'.api_get_cidreq_params(Security::remove_XSS($_GET['cidReq'], 0, $gid_req));
    62. 

  62.         // Redirect
    63. 

  63.         header('Location: '.$document_explorer);
    64. 

  64.         exit;
    65. 

  65.     }
    66. 

  66. }
    67. 

  67. 

  68. //Fixes swf upload problem in chamilo 1.8.x. When uploading a file with
    69. 

  69. //the character "-" the filename was changed from "-" to "_" in the DB for no reason
    70. 

  70. $path_info = pathinfo($doc_url);
    71. 

  71. 

  72. $fix_file_name = false;
    73. 

  73. if (isset($path_info['extension']) && $path_info['extension'] == 'swf') {
    74. 

  74.     $fixed_url = str_replace('-', '_', $doc_url);
    75. 

  75.     $doc_id = DocumentManager::get_document_id(api_get_course_info(), $doc_url);
    76. 

  76.     if (!$doc_id) {
    77. 

  77.         $doc_id = DocumentManager::get_document_id(api_get_course_info(), $doc_url, '0');
    78. 

  78.         if (!$doc_id) {
    79. 

  79.             $fix_file_name = true;
    80. 

  80.         }
    81. 

  81.     }
    82. 

  82. }
    83. 

  83. 

  84. if (Security::check_abs_path($sys_course_path.$doc_url, $sys_course_path.'/')) {
    85. 

  85.     $full_file_name = $sys_course_path.$doc_url;
    86. 

  86.     if ($fix_file_name) {
    87. 

  87.         $doc_url = $fixed_url;
    88. 

  88.     }
    89. 

  89.     // Check visibility of document and paths
    90. 

  90.     $is_visible = DocumentManager::is_visible($doc_url, $_course, api_get_session_id());
    91. 

  91. 

  92.     //Document's slideshow thumbnails
    93. 

  93.     //correct $is_visible used in below and ??. Now the students can view the thumbnails too
    94. 

  94.     if (preg_match('/\.thumbs\/\./', $doc_url)) {
    95. 

  95.         $doc_url_thumbs = str_replace('.thumbs/.', '', $doc_url);
    96. 

  96.         $is_visible = DocumentManager::is_visible($doc_url_thumbs, $_course, api_get_session_id());
    97. 

  97.     }
    98. 

  98. 

  99.     if (!api_is_allowed_to_edit() && !$is_visible) {
    100. 

  100.         echo Display::return_message(get_lang('ProtectedDocument'), 'error'); //api_not_allowed backbutton won't work.
    101. 

  101.         exit; // You shouldn't be here anyway.
    102. 

  102.     }
    103. 

  103.     // Launch event
    104. 

  104.     Event::event_download($doc_url);
    105. 

  105.     $download = (!empty($_GET['dl']) ? true : false);
    106. 

  106.     $result = DocumentManager::file_send_for_download($full_file_name, $download);
    107. 

  107.     if ($result === false) {
    108. 

  108.         api_not_allowed(true);
    109. 

  109.     }
    110. 

  110. }
    111. 

  111. exit;
    112. 

  112.