Home Explore Help
Sign In
aj
/
chamilo-lms2
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: ofajdev2017
Branches Tags
chamilo-lms2
/
main
/
document
/
download_scorm.php

download_scorm.php 1.7 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. /**
    4. 

  4.  *	This file is responsible for passing requested documents to the browser.
    5. 

  5.  *
    6. 

  6.  *	@package chamilo.document
    7. 

  7.  */
    8. 

  8. 

  9. session_cache_limiter('none');
    10. 

  10. 

  11. require_once __DIR__.'/../inc/global.inc.php';
    12. 

  12. $this_section = SECTION_COURSES;
    13. 

  13. 

  14. // Protection
    15. 

  15. api_protect_course_script();
    16. 

  16. 

  17. $_course = api_get_course_info();
    18. 

  18. 

  19. if (!isset($_course)) {
    20. 

  20.     api_not_allowed(true);
    21. 

  21. }
    22. 

  22. 

  23. // If LP obj exists
    24. 

  24. if (isset($_SESSION['oLP'])) {
    25. 

  25.     $obj = $_SESSION['oLP'];
    26. 

  26. } else {
    27. 

  27.     api_not_allowed();
    28. 

  28. }
    29. 

  29. 

  30. // If is visible for the current user
    31. 

  31. if (!learnpath::is_lp_visible_for_student($obj->get_id(), api_get_user_id())) {
    32. 

  32.     api_not_allowed();
    33. 

  33. }
    34. 

  34. 

  35. $doc_url = isset($_GET['doc_url']) ? $_GET['doc_url'] : null;
    36. 

  36. // Change the '&' that got rewritten to '///' by mod_rewrite back to '&'
    37. 

  37. $doc_url = str_replace('///', '&', $doc_url);
    38. 

  38. // Still a space present? it must be a '+' (that got replaced by mod_rewrite)
    39. 

  39. $doc_url = str_replace(' ', '+', $doc_url);
    40. 

  40. $doc_url = str_replace(array('../', '\\..', '\\0', '..\\'), array('', '', '', ''), $doc_url); //echo $doc_url;
    41. 

  41. 

  42. if (strpos($doc_url, '../') || strpos($doc_url, '/..')) {
    43. 

  43.     $doc_url = '';
    44. 

  44. }
    45. 

  45. 

  46. $sys_course_path = api_get_path(SYS_COURSE_PATH).$_course['path'].'/scorm';
    47. 

  47. 

  48. if (is_dir($sys_course_path.$doc_url)) {
    49. 

  49.     api_not_allowed();
    50. 

  50. }
    51. 

  51. 

  52. if (Security::check_abs_path($sys_course_path.$doc_url, $sys_course_path.'/')) {
    53. 

  53.     $full_file_name = $sys_course_path.$doc_url;
    54. 

  54.     // Launch event
    55. 

  55.     Event::event_download($doc_url);
    56. 

  56. 

  57.     $fixLinks = api_get_configuration_value('lp_replace_http_to_https');
    58. 

  58.     $result = DocumentManager::file_send_for_download($full_file_name, false, '', $fixLinks);
    59. 

  59.     if ($result === false) {
    60. 

  60.         api_not_allowed(true);
    61. 

  61.     }
    62. 

  62. }
    63. 

  63. exit;
    64. 

  64.