chamilo-lms/main/lp/download.php

<?php
/* For licensing terms, see /license.txt */
/**
 *	This file is responsible for  passing requested documents to the browser.
 *	@package chamilo.document
 */

session_cache_limiter('none');
require_once __DIR__.'/../inc/global.inc.php';
$this_section = SECTION_COURSES;

// Protection
api_protect_course_script();

if (!isset($_course)) {
    api_not_allowed(true);
}

$doc_url = $_GET['doc_url'];
// Change the '&' that got rewritten to '///' by mod_rewrite back to '&'
$doc_url = str_replace('///', '&', $doc_url);
// Still a space present? it must be a '+' (that got replaced by mod_rewrite)
$doc_url = str_replace(' ', '+', $doc_url);

$doc_url = str_replace(array('../', '\\..', '\\0', '..\\'), array('', '', '', ''), $doc_url); //echo $doc_url;

if (strpos($doc_url, '../') || strpos($doc_url, '/..')) {
    $doc_url = '';
}
$sys_course_path = api_get_path(SYS_COURSE_PATH).$_course['path'].'/scorm';
$user_id = api_get_user_id();

if ($_SESSION['oLP']) {
    $lp_id = $_SESSION['oLP']->get_id();
    $lp_item_id = $_SESSION['oLP']->current;
    $lp_item_info = new learnpathItem($lp_item_id);
    if (!empty($lp_item_info)) {
        //if (basename($lp_item_info->path) == basename($doc_url)) {
        $visible = learnpath::is_lp_visible_for_student($lp_id, $user_id);

        if ($visible) {
            Event::event_download($doc_url);
            if (Security::check_abs_path($sys_course_path.$doc_url, $sys_course_path.'/')) {
                $full_file_name = $sys_course_path.$doc_url;
                DocumentManager::file_send_for_download($full_file_name);
                exit;
            }
        }
        //}
    }
}

echo Display::return_message(get_lang('ProtectedDocument'), 'error');
//api_not_allowed backbutton won't work.
exit;
Trying to fix the LP scorm import/export still doesn't work for all cases (working on it) see #4706 13 years ago			`<?php`
			`/* For licensing terms, see /license.txt */`
			`/**`
			`* This file is responsible for passing requested documents to the browser.`
			`* @package chamilo.document`
			`*/`

Minor - format code. 10 years ago			`session_cache_limiter('none');`
Use __DIR__ when calling global.inc.php This is needed for an easy migration to chamilo v2 8 years ago			`require_once __DIR__.'/../inc/global.inc.php';`
Trying to fix the LP scorm import/export still doesn't work for all cases (working on it) see #4706 13 years ago			`$this_section = SECTION_COURSES;`

			`// Protection`
			`api_protect_course_script();`

			`if (!isset($_course)) {`
			`api_not_allowed(true);`
			`}`

			`$doc_url = $_GET['doc_url'];`
			`// Change the '&' that got rewritten to '///' by mod_rewrite back to '&'`
			`$doc_url = str_replace('///', '&', $doc_url);`
			`// Still a space present? it must be a '+' (that got replaced by mod_rewrite)`
			`$doc_url = str_replace(' ', '+', $doc_url);`

			`$doc_url = str_replace(array('../', '\\..', '\\0', '..\\'), array('', '', '', ''), $doc_url); //echo $doc_url;`

Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 8 years ago			`if (strpos($doc_url, '../') \|\| strpos($doc_url, '/..')) {`
Minor - format code. 10 years ago			`$doc_url = '';`
Trying to fix the LP scorm import/export still doesn't work for all cases (working on it) see #4706 13 years ago			`}`
			`$sys_course_path = api_get_path(SYS_COURSE_PATH).$_course['path'].'/scorm';`
			`$user_id = api_get_user_id();`

			`if ($_SESSION['oLP']) {`
Minor - format code 8 years ago			`$lp_id = $_SESSION['oLP']->get_id();`
Minor - format code. 10 years ago			`$lp_item_id = $_SESSION['oLP']->current;`
Trying to fix the LP scorm import/export still doesn't work for all cases (working on it) see #4706 13 years ago			`$lp_item_info = new learnpathItem($lp_item_id);`
			`if (!empty($lp_item_info)) {`
Minor - format code. 10 years ago			`//if (basename($lp_item_info->path) == basename($doc_url)) {`
Minor - Adding static into some classes to avoid PHP warnings 13 years ago			`$visible = learnpath::is_lp_visible_for_student($lp_id, $user_id);`
Minor - format code. 10 years ago
Trying to fix the LP scorm import/export still doesn't work for all cases (working on it) see #4706 13 years ago			`if ($visible) {`
Adding Event and ExerciseLib classes. 10 years ago			`Event::event_download($doc_url);`
Trying to fix the LP scorm import/export still doesn't work for all cases (working on it) see #4706 13 years ago			`if (Security::check_abs_path($sys_course_path.$doc_url, $sys_course_path.'/')) {`
			`$full_file_name = $sys_course_path.$doc_url;`
			`DocumentManager::file_send_for_download($full_file_name);`
			`exit;`
			`}`
			`}`
Minor - format code. 10 years ago			`//}`
			`}`
Trying to fix the LP scorm import/export still doesn't work for all cases (working on it) see #4706 13 years ago			`}`

Minor - Replace deprecated display_x_message() by return_message(..., 'x') 8 years ago			`echo Display::return_message(get_lang('ProtectedDocument'), 'error');`
Minor - format code 8 years ago			`//api_not_allowed backbutton won't work.`
Minor - format code. 10 years ago			`exit;`