download_uploaded_files.php 901 B

12345678910111213141516171819202122232425262728293031323334
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. session_cache_limiter('none');
  4. require_once __DIR__.'/../inc/global.inc.php';
  5. $this_section = SECTION_COURSES;
  6. // Protection
  7. api_protect_course_script();
  8. $courseCode = isset($_GET['code']) ? $_GET['code'] : '';
  9. $type = isset($_GET['type']) ? $_GET['type'] : '';
  10. $file = isset($_GET['file']) ? $_GET['file'] : '';
  11. $courseInfo = api_get_course_info($courseCode);
  12. if (empty($courseInfo) || empty($type) || empty($file)) {
  13. api_not_allowed(true);
  14. }
  15. $toolPath = api_get_path(SYS_COURSE_PATH).$courseInfo['path'].'/upload/'.$type.'/';
  16. if (!is_dir($toolPath)) {
  17. api_not_allowed(true);
  18. }
  19. if (Security::check_abs_path($toolPath.$file, $toolPath.'/')) {
  20. $fullFilePath = $toolPath.$file;
  21. $result = DocumentManager::file_send_for_download($fullFilePath, false, '');
  22. if ($result === false) {
  23. api_not_allowed(true);
  24. }
  25. }
  26. exit;