1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 |
- <?php
- /* See license terms in /license.txt */
- /**
- * Script that allows download of a specific file from external applications
- * @author Arnaud Ligot <arnaud@cblue.be>, Based on work done for old videoconference application (I have about 30 minutes to write this peace of code so if somebody has more time, feel free to rewrite it...)
- * @package chamilo.document
- */
- /**
- * Script that allows remote download of a file
- * @param string Action parameter (action=...)
- * @param string Course code (cidReq=...)
- * @param string Current working directory (cwd=...)
- * @return string JSON output
- */
- /* FIX for IE cache when using https */
- session_cache_limiter('none');
- /*==== DEBUG ====*/
- $debug=0;
- if ($debug>0) {
- // dump the request
- $v = array_keys(get_defined_vars());
- error_log(var_export($v, true),3, '/tmp/log');
- foreach (array_keys(get_defined_vars()) as $k) {
- if ($k == 'GLOBALS') {
- continue;
- }
- error_log($k, 3, '/tmp/log');
- error_log(var_export($$k, true), 3, '/tmp/log');
- }
- }
- /*==== INCLUDE ====*/
- require_once '../inc/global.inc.php';
- api_block_anonymous_users();
- require_once ('../newscorm/learnpath.class.php');
- /*==== Variables initialisation ====*/
- $action = $_REQUEST['action']; //safe as only used in if()'s
- $seek = array('/','%2F','..');
- $destroy = array('','','');
- $cidReq = str_replace($seek,$destroy,$_REQUEST["cidReq"]);
- $cidReq = Security::remove_XSS($cidReq);
- $user_id = api_get_user_id();
- $coursePath = api_get_path(SYS_COURSE_PATH).$cidReq.'/document';
- $_course = CourseManager::get_course_information($cidReq);
- if ($_course == null) die ("problem when fetching course information");
- // stupid variable initialisation for old version of DocumentManager functions.
- $_course['path'] = $_course['directory'];
- $_course['dbName'] = $_course['db_name'];
- $is_manager = (CourseManager::get_user_in_course_status($user_id, $cidReq) == COURSEMANAGER);
- if ($debug>0) { error_log($coursePath, 0); }
- // FIXME: check security around $_REQUEST["cwd"]
- $cwd = $_REQUEST['cwd'];
- // treat /..
- $nParent = 0; // the number of /.. into the url
- while (substr($cwd, -3, 3) == '/..') {
- // go to parent directory
- $cwd= substr($cwd, 0, -3);
- if (strlen($cwd) == 0) { $cwd='/'; }
- $nParent++;
- }
- for (;$nParent >0; $nParent--) {
- $cwd = (strrpos($cwd,'/')>-1 ? substr($cwd, 0, strrpos($cwd,'/')) : $cwd);
- }
- if (strlen($cwd) == 0) { $cwd='/'; }
- if (Security::check_abs_path($cwd,api_get_path(SYS_PATH))) {
- die();
- }
- if ($action == 'list') {
- /*==== List files ====*/
- if ($debug>0) { error_log("sending file list",0); }
- // get files list
- $files = DocumentManager::get_all_document_data($_course, $cwd, 0, NULL, false);
- // adding download link to files
- foreach ($files as $k=>$f) {
- if ($f['filetype'] == 'file') {
- //$files[$k]['download'] = api_get_path(WEB_CODE_PATH)."/document/document.php?cidReq=$cidReq&action=download&id=".urlencode($f['path']);
- $files[$k]['download'] = api_get_path(WEB_COURSE_PATH).$cidReq."/document".$f['path'];
- }
- print json_encode($files);
- exit;
- }
- }
|