chamilo-lms/public/main/course_info/download.php

<?php
/* For licensing terms, see /license.txt */

use Chamilo\CourseBundle\Component\CourseCopy\CourseArchiver;

/**
 * Download script for course info.
 *
 * @package chamilo.course_info
 */
require_once __DIR__.'/../inc/global.inc.php';
$this_section = SECTION_COURSES;

if (isset($_GET['archive_path'])) {
    $archive_path = api_get_path(SYS_ARCHIVE_PATH);
} else {
    $archive_path = CourseArchiver::getBackupDir();
}
$archive_file = isset($_GET['archive']) ? $_GET['archive'] : null;
$archive_file = str_replace(['..', '/', '\\'], '', $archive_file);

list($extension) = getextension($archive_file);

if (empty($extension) || !file_exists($archive_path.$archive_file)) {
    exit;
}

$extension = strtolower($extension);
$content_type = '';

if (in_array($extension, ['xml', 'csv']) &&
    (api_is_platform_admin(true) || api_is_drh())
) {
    $content_type = 'application/force-download';
} elseif ($extension === 'zip' && $_cid && (api_is_platform_admin(true) || api_is_course_admin())) {
    $content_type = 'application/force-download';
}

if (empty($content_type)) {
    api_not_allowed(true);
}
if (Security::check_abs_path($archive_path.$archive_file, $archive_path)) {
    DocumentManager::file_send_for_download(
        $archive_path.$archive_file,
        true,
        $archive_file
    );
    exit;
} else {
    api_not_allowed(true);
}
Modified the file backupbyadmin by download.lib.php and test download.lib.test.php, added a condition in the new function and modified the test 15 years ago			`<?php`
			`/* For licensing terms, see /license.txt */`
Minor - format code 8 years ago
Use app/cache/course_backups instead of main app/cache folder 8 years ago			`use Chamilo\CourseBundle\Component\CourseCopy\CourseArchiver;`
Format code. 9 years ago
Minor - Adapting code comments to phpdoc 14 years ago			`/**`
Applied fixes from FlintCI 7 years ago			`* Download script for course info.`
			`*`
Minor - Adapting code comments to phpdoc 14 years ago			`* @package chamilo.course_info`
			`*/`
Use __DIR__ when calling global.inc.php This is needed for an easy migration to chamilo v2 8 years ago			`require_once __DIR__.'/../inc/global.inc.php';`
Issue #306 - Training reporting: Reworks are in progress. 15 years ago			`$this_section = SECTION_COURSES;`
[svn r9834] desactivate upgrade button (not yet tested) 18 years ago
Fix use of course_info/download.php Load course backup path by default otherwise it uses the root of archive path. 8 years ago			`if (isset($_GET['archive_path'])) {`
Minor - format code 7 years ago			`$archive_path = api_get_path(SYS_ARCHIVE_PATH);`
Implemented new functionalities for training sessions - partial DT #5377 15 years ago			`} else {`
Minor - format code 7 years ago			`$archive_path = CourseArchiver::getBackupDir();`
Implemented new functionalities for training sessions - partial DT #5377 15 years ago			`}`
Minor - fixing PHP warnings, format code. 11 years ago			`$archive_file = isset($_GET['archive']) ? $_GET['archive'] : null;`
Applied fixes from FlintCI 7 years ago			`$archive_file = str_replace(['..', '/', '\\'], '', $archive_file);`
[svn r9834] desactivate upgrade button (not yet tested) 18 years ago
Issue #306 - Training reporting: Reworks are in progress. 15 years ago			`list($extension) = getextension($archive_file);`
[svn r9834] desactivate upgrade button (not yet tested) 18 years ago
Issue #306 - Training reporting: Reworks are in progress. 15 years ago			`if (empty($extension) \|\| !file_exists($archive_path.$archive_file)) {`
Use app/cache/course_backups instead of main app/cache folder 8 years ago			`exit;`
[svn r9834] desactivate upgrade button (not yet tested) 18 years ago			`}`

Minor - fixing PHP warnings, format code. 11 years ago			`$extension = strtolower($extension);`
[svn r21562] FS#306 - .../dokeos/main/course_info/download.php: Making file extension reqognition precise. Other cosmetic changes of code have been done. 16 years ago			`$content_type = '';`
[svn r9834] desactivate upgrade button (not yet tested) 18 years ago
Applied fixes from FlintCI 7 years ago			`if (in_array($extension, ['xml', 'csv']) &&`
Minor - format code 7 years ago			`(api_is_platform_admin(true) \|\| api_is_drh())`
			`) {`
			`$content_type = 'application/force-download';`
Minor - replace $is_courseAdmin with api_is_course_admin() - Fix templates - Format code 6 years ago			`} elseif ($extension === 'zip' && $_cid && (api_is_platform_admin(true) \|\| api_is_course_admin())) {`
Minor - format code 7 years ago			`$content_type = 'application/force-download';`
[svn r9834] desactivate upgrade button (not yet tested) 18 years ago			`}`

[svn r21562] FS#306 - .../dokeos/main/course_info/download.php: Making file extension reqognition precise. Other cosmetic changes of code have been done. 16 years ago			`if (empty($content_type)) {`
Format code 9 years ago			`api_not_allowed(true);`
[svn r9834] desactivate upgrade button (not yet tested) 18 years ago			`}`
Minor - fixing PHP warnings, format code. 11 years ago			`if (Security::check_abs_path($archive_path.$archive_file, $archive_path)) {`
Minor - format code 7 years ago			`DocumentManager::file_send_for_download(`
			`$archive_path.$archive_file,`
			`true,`
			`$archive_file`
			`);`
Minor - format code, removing unused commented code. 10 years ago			`exit;`
Adding check_abs_path when using the DocumentManager::file_send_for_download to prevent downloading unwanted files see #2722 14 years ago			`} else {`
Fixing pclzip calls using /archive instead of courses/XXX/temp folder, also removing some useless code in dropbox and fixing/improving code that generates the zip, fixing the layout of the course copy, adding documentation, setting some functions to deprecated, changing icon of LP export to a CD common icon in all platorm 14 years ago			`api_not_allowed(true);`
Minor - Adapting code comments to phpdoc 14 years ago			`}`