Chamilo is a learning management system focused on ease of use and accessibility
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
chamilo-lms/main/work/download_comment_file.php

60 lines
1.5 KiB

<?php
/* For licensing terms, see /license.txt */
/**
* This file is responsible for passing requested documents to the browser.
* Html files are parsed to fix a few problems with URLs,
* but this code will hopefully be replaced soon by an Apache URL
* rewrite mechanism.
*
* @package chamilo.work
*/
require_once '../inc/global.inc.php';
require_once 'work.lib.php';
// Course protection
api_protect_course_script(true);
$commentId = isset($_GET['comment_id']) ? intval($_GET['comment_id']) : null;
if (empty($commentId)) {
api_not_allowed(true);
}
$workData = getWorkComment($commentId);
$courseInfo = api_get_course_info();
if (!empty($workData)) {
if (
empty($workData['file_path']) ||
(isset($workData['file_path']) && !file_exists($workData['file_path']))
) {
api_not_allowed(true);
}
$work = get_work_data_by_id($workData['work_id']);
protectWork($courseInfo, $work['parent_id']);
10 years ago
if (user_is_author($workData['work_id']) ||
$courseInfo['show_score'] == 0 &&
$work['active'] == 1 &&
$work['accepted'] == 1
) {
if (Security::check_abs_path(
$workData['file_path'],
api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/'
)
) {
DocumentManager::file_send_for_download(
$workData['file_path'],
true,
$workData['file_name_to_show']
);
}
} else {
api_not_allowed(true);
}
} else {
api_not_allowed(true);
}