chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

When clicking in the dropbox file name now we can download the file with the correct dropbox file name see #1198

Browse Source
skala
Julio Montoya 15 years ago
parent baf8f34a9f
commit 26f79343f7
2 changed files with 33 additions and 216 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 218
      main/dropbox/dropbox_download.php
  2. 31
      main/dropbox/index.php

218
main/dropbox/dropbox_download.php
Unescape View File

@ -90,7 +90,7 @@ if (Database::num_rows($result) > 0) {
if (!$allowed_to_download) {
Display::display_header($nameTools, 'Dropbox');
Display :: display_error_message(get_lang('YouAreNotAllowedToDownloadThisFile'));
Display::display_error_message(get_lang('YouAreNotAllowedToDownloadThisFile'));
Display::display_footer();
exit;
} else {
@ -100,26 +100,31 @@ if (!$allowed_to_download) {
$work = new Dropbox_work($_GET['id']);
$path = dropbox_cnf('sysPath') . '/' . $work -> filename; //path to file as stored on server
if (!Security::check_abs_path($path, dropbox_cnf('sysPath').'/')) {
exit;
}
$file = $work->title;
require_once api_get_path(LIBRARY_PATH).'document.lib.php';
$mimetype = DocumentManager::file_get_mime_type(true);
$fileparts = explode('.', $file);
$filepartscount = count($fileparts);
if (($filepartscount > 1) && isset($mimetype[$fileparts[$filepartscount - 1]]) && $_GET['action'] != 'download') {
$fileinfo = pathinfo($file);
$extension = $fileinfo['extension'];
if (!empty($extension) && isset($mimetype[$extension]) && $_GET['action'] != 'download') {
// give hint to browser about filetype
header( 'Content-type: ' . $mimetype[$fileparts[$filepartscount - 1]] . "\n");
header( 'Content-type: ' . $mimetype[$extension] . "\n");
} else {
//no information about filetype: force a download dialog window in browser
header( "Content-type: application/octet-stream\n");
}
if (!in_array(strtolower($fileparts [$filepartscount - 1]), array('doc', 'xls', 'ppt', 'pps', 'sxw', 'sxc', 'sxi'))) {
/*if (!in_array(strtolower($extension), array('doc', 'xls', 'ppt', 'pps', 'sxw', 'sxc', 'sxi'))) {
header('Content-Disposition: inline; filename='.$file); // bugs with open office
} else {
header('Content-Disposition: attachment; filename='.$file);
}
}*/
header('Content-Disposition: attachment; filename='.$file);
/**
* Note that if you use these two headers from a previous example:
@ -143,9 +148,10 @@ if (!$allowed_to_download) {
header("Cache-Control: no-store, no-cache, must-revalidate\n"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0\n", false);
}*/
header('Content-Description: ' . trim(htmlentities($file)) . "\n");
header("Content-Transfer-Encoding: binary\n");
header('Content-Description: '.trim(htmlentities($file)));
header('Content-transfer-encoding: binary');
header("Content-Length: " . filesize($path)."\n" );
$fp = fopen( $path, 'rb');
@ -153,195 +159,5 @@ if (!$allowed_to_download) {
exit();
}
//@todo clean this file the code below is useless there are 2 exits in previous conditions ... maybe a bad copy/paste/merge?
exit;
/**
* Dropbox module for Chamilo
* handles downloads of files. Direct downloading is prevented because of an .htaccess file in the
* dropbox directory. So everything goes through this script.
*
* 1. Initialising vars
* 2. Authorisation
* 3. Sanity check of get data & file
* 4. Send headers
* 5. Send file
*
*
* NOTE :
* When testing this with PHP4.0.4 on WinXP and Apache2 there were problems with downloading in IE6
* After searching the only explanation I could find is a problem with the headers:
*
* HEADERS SENT WITH PHP4.3:
* HTTP/1.1 200 OK(CR)
* (LF)
* Date: Fri, 12 Sep 2003 19:07:33 GMT(CR)
* (LF)
* Server: Apache/2.0.47 (Win32) PHP/4.3.3(CR)
* (LF)
* X-Powered-By: PHP/4.3.3(CR)
* (LF)
* Set-Cookie: PHPSESSID=06880edcc8363be3f60929576fc1bc6e; path=/(CR)
* (LF)
* Expires: Thu, 19 Nov 1981 08:52:00 GMT(CR)
* (LF)
* Cache-Control: public(CR)
* (LF)
* Pragma: (CR)
* (LF)
* Content-Transfer-Encoding: binary(CR)
* (LF)
* Content-Disposition: attachment; filename=SV-262E4.png(CR)
* (LF)
* Content-Length: 92178(CR)
* (LF)
* Connection: close(CR)
* (LF)
* Content-Type: application/octet-stream(CR)
* (LF)
* (CR)
* (LF)
*
* HEADERS SENT WITH PHP4.0.4:
* HTTP/1.1 200 OK(CR)
* (LF)
* Date: Fri, 12 Sep 2003 18:28:21 GMT(CR)
* (LF)
* Server: Apache/2.0.47 (Win32)(CR)
* (LF)
* X-Powered-By: PHP/4.0.4(CR)
* (LF)
* Expires: Thu, 19 Nov 1981 08:52:00 GMT(CR)
* (LF)
* Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, , public(CR)
* (LF)
* Pragma: no-cache, (CR)
* (LF)
* Content-Disposition: attachment; filename=SV-262E4.png(CR)
* (LF)
* Content-Transfer-Encoding: binary(CR)
* (LF)
* Set-Cookie: PHPSESSID=0a5b1c1b9d5e3b474fef359ee55e82d0; path=/(CR)
* (LF)
* Content-Length: 92178(CR)
* (LF)
* Connection: close(CR)
* (LF)
* Content-Type: application/octet-stream(CR)
* (LF)
* (CR)
* (LF)
*
* As you can see the there is a difference in the Cache-Control directive. I suspect that this
* explains the problem. Also have a look at http://bugs.php.net/bug.php?id=16458.
*
* @version 1.21
* @copyright 2004-2005
* @author Jan Bols <jan@ivpv.UGent.be>, main programmer
* @author René Haentjens <rene.haentjens@UGent.be>, several contributions
* @author Roan Embrechts, virtual course support
*
*/
// INITIALISING VARIABLES
require_once 'dropbox_init.inc.php'; //only call init1 because init2 outputs data
require_once 'dropbox_class.inc.php';
// AUTHORISATION SECTION
if (!isset($_user['user_id']) || !$is_course_member) {
exit();
}
if ($_GET['mailing']) {
getUserOwningThisMailing($_GET['mailing'], $_user['user_id'], '500');
}
// SANITY CHECKS OF GET DATA & FILE
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) die(get_lang('GeneralError').' (code 501)');
$work = new Dropbox_work($_GET['id']);
$path = dropbox_cnf('sysPath') . '/' . $work -> filename; //path to file as stored on server
$file = $work->title;
// check that this file exists and that it doesn't include any special characters
//if (!is_file($path) || ! eregi('^[A-Z0-9_\-][A-Z0-9._\-]*$', $file))
if (!is_file($path)) {
die(get_lang('GeneralError').' (code 504)');
}
// SEND HEADERS
require_once api_get_path(LIBRARY_PATH).'document.lib.php';
$mimetype = DocumentManager::file_get_mime_type(true);
$fileparts = explode('.', $file);
$filepartscount = count($fileparts);
if (($filepartscount > 1) && isset($mimetype[$fileparts[$filepartscount - 1]])) {
// give hint to browser about filetype
header('Content-type: ' . $mimetype[$fileparts[$filepartscount - 1]] . "\n");
} else {
//no information about filetype: force a download dialog window in browser
header("Content-type: application/octet-stream\n");
}
if (!in_array(strtolower($fileparts [$filepartscount - 1]), array('doc', 'xls', 'ppt', 'pps', 'sxw', 'sxc', 'sxi'))) {
header('Content-Disposition: inline; filename='.$file); // bugs with open office
} else {
header('Content-Disposition: attachment; filename='.$file);
}
/**
* Note that if you use these two headers from a previous example:
* header('Cache-Control: no-cache, must-revalidate');
* header('Pragma: no-cache');
* before sending a file to the browser, the "Open" option on Internet Explorer's file download dialog will not work properly. If the user clicks "Open" instead of "Save," the target application will open an empty file, because the downloaded file was not cached. The user will have to save the file to their hard drive in order to use it.
* Make sure to leave these headers out if you'd like your visitors to be able to use IE's "Open" option.
*/
header("Pragma: \n");
header("Cache-Control: \n");
header("Cache-Control: public\n"); // IE cannot download from sessions without a cache
/*if (isset($_SERVER['HTTPS'])) {
/**
* We need to set the following headers to make downloads work using IE in HTTPS mode.
*
//header('Pragma: ');
//header('Cache-Control: ');
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . " GMT\n");
header("Cache-Control: no-store, no-cache, must-revalidate\n"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0\n", false);
}*/
header('Content-Description: ' . trim(htmlentities($file)) . "\n");
header("Content-Transfer-Encoding: binary\n");
header('Content-Length: ' . filesize($path)."\n" );
// SEND FILE
$fp = fopen( $path, 'rb');
fpassthru($fp);
exit();
/**
* Found a workaround to another headache that just cropped up tonight. Apparently Opera 6.1 on Linux (unsure of other versions/platforms) has problems downloading files using the above methods if you have enabled compression via zlib.output_compression in php.ini.
* It seems that Opera sees that the actual transfer size is less than the size in the "Content-length" header for the download and decides that the transfer was incomplete or corrupted. It then either continuously retries the download or else leaves you with a corrupted file.
* Solution: Make sure your download script/section is off in its own directory. and add the following to your .htaccess file for that directory:
* php_flag zlib.output_compression off
*/
exit;

31
main/dropbox/index.php
Unescape View File

@ -104,6 +104,7 @@ if ($_SESSION[$_course['id']]['last_access'][TOOL_DROPBOX] == '') {
$last_access = $_SESSION[$_course['id']]['last_access'][TOOL_DROPBOX];
}
// Do the tracking
event_access_tool(TOOL_DROPBOX);
@ -131,11 +132,11 @@ if (isset($_GET['dropbox_direction'])) {
$sort_params = Security::remove_XSS(implode('&', $sort_params));
$action = isset($_GET['action']) ? $_GET['action'] : null;
/* ACTIONS: add a dropbox file, add a dropbox category. */
// Display the form for adding a new dropbox item.
if ($_GET['action'] == 'add') {
if ($action == 'add') {
if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) {
api_not_allowed();
}
@ -151,7 +152,7 @@ if (isset($_POST['submitWork'])) {
}
// Display the form for adding a category
if ($_GET['action'] == 'addreceivedcategory' or $_GET['action'] == 'addsentcategory') {
if ($action == 'addreceivedcategory' or $action == 'addsentcategory') {
if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) {
api_not_allowed();
}
@ -159,7 +160,7 @@ if ($_GET['action'] == 'addreceivedcategory' or $_GET['action'] == 'addsentcateg
}
// Editing a category: displaying the form
if ($_GET['action'] == 'editcategory' and isset($_GET['id'])) {
if ($action == 'editcategory' and isset($_GET['id'])) {
if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) {
api_not_allowed();
}
@ -188,27 +189,27 @@ if (isset($_POST['StoreCategory'])) {
// Move a File
if (($_GET['action'] == 'movesent' OR $_GET['action'] == 'movereceived') AND isset($_GET['move_id'])) {
if (($action == 'movesent' OR $action == 'movereceived') AND isset($_GET['move_id'])) {
if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) {
api_not_allowed();
}
display_move_form(str_replace('move', '', $_GET['action']), $_GET['move_id'], get_dropbox_categories(str_replace('move', '', $_GET['action'])), $sort_params);
display_move_form(str_replace('move', '', $action), $_GET['move_id'], get_dropbox_categories(str_replace('move', '', $action)), $sort_params);
}
if ($_POST['do_move']) {
if (isset($_POST['do_move']) && $_POST['do_move']) {
Display :: display_confirmation_message(store_move($_POST['id'], $_POST['move_target'], $_POST['part']));
}
// Delete a file
if (($_GET['action'] == 'deletereceivedfile' OR $_GET['action'] == 'deletesentfile') AND isset($_GET['id']) AND is_numeric($_GET['id'])) {
if (($action == 'deletereceivedfile' OR $action == 'deletesentfile') AND isset($_GET['id']) AND is_numeric($_GET['id'])) {
if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) {
api_not_allowed();
}
$dropboxfile = new Dropbox_Person($_user['user_id'], $is_courseAdmin, $is_courseTutor);
if ($_GET['action'] == 'deletereceivedfile') {
if ($action == 'deletereceivedfile') {
$dropboxfile->deleteReceivedWork($_GET['id']);
$message = get_lang('ReceivedFileDeleted');
}
if ($_GET['action'] == 'deletesentfile') {
if ($action == 'deletesentfile') {
$dropboxfile->deleteSentWork($_GET['id']);
$message = get_lang('SentFileDeleted');
}
@ -216,11 +217,11 @@ if (($_GET['action'] == 'deletereceivedfile' OR $_GET['action'] == 'deletesentfi
}
// Delete a category
if (($_GET['action'] == 'deletereceivedcategory' OR $_GET['action'] == 'deletesentcategory') AND isset($_GET['id']) AND is_numeric($_GET['id'])) {
if (($action == 'deletereceivedcategory' OR $action == 'deletesentcategory') AND isset($_GET['id']) AND is_numeric($_GET['id'])) {
if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) {
api_not_allowed();
}
$message = delete_category($_GET['action'], $_GET['id']);
$message = delete_category($action, $_GET['id']);
Display :: display_confirmation_message($message);
}
@ -256,7 +257,7 @@ if (isset($_GET['error']) AND !empty($_GET['error'])) {
}
if ($_GET['action'] != 'add') {
if ($action != 'add') {
// Getting all the categories in the dropbox for the given user
$dropbox_categories = get_dropbox_categories();
@ -460,7 +461,7 @@ if ($_GET['action'] != 'add') {
// <a href="'.api_get_self().'?'.api_get_cidreq().'&view_received_category='.$_GET['view_received_category'].'&amp;view_sent_category='.$_GET['view_sent_category'].'&amp;action=deletereceivedfile&amp;id='.$dropbox_file->id.'" onclick="javascript: return confirmation(\''.$dropbox_file->title.'\');">'.Display::return_icon('delete.gif', get_lang('Delete')).'</a>';
// This is a hack to have an additional row in a sortable table
if ($_GET['action'] == 'viewfeedback' AND isset($_GET['id']) and is_numeric($_GET['id']) AND $dropbox_file->id == $_GET['id']) {
if ($action == 'viewfeedback' AND isset($_GET['id']) and is_numeric($_GET['id']) AND $dropbox_file->id == $_GET['id']) {
$action_icons .= "</td></tr>"; // Ending the normal row of the sortable table
$action_icons .= '<tr><td colspan="2"><a href="index.php?"'.api_get_cidreq().'&view_received_category='.Security::remove_XSS($_GET['view_received_category'])."&amp;view_sent_category=".Security::remove_XSS($_GET['view_sent_category'])."&amp;view=".Security::remove_XSS($_GET['view']).'&'.$sort_params."\">".get_lang('CloseFeedback')."</a></td><td colspan=\"7\">".feedback($dropbox_file->feedback2)."</td></tr>";
}
@ -607,7 +608,7 @@ if ($_GET['action'] != 'add') {
<a href="'.api_get_self().'?'.api_get_cidreq().'&view_received_category='.Security::remove_XSS($_GET['view_received_category']).'&amp;view_sent_category='.Security::remove_XSS($_GET['view_sent_category']).'&amp;view='.Security::remove_XSS($_GET['view']).'&amp;action=movesent&amp;move_id='.$dropbox_file->id.'&'.$sort_params.'">'.Display::return_icon('move.png', get_lang('Move'),'',22).'</a>
<a href="'.api_get_self().'?'.api_get_cidreq().'&view_received_category='.Security::remove_XSS($_GET['view_received_category']).'&amp;view_sent_category='.Security::remove_XSS($_GET['view_sent_category']).'&amp;view='.Security::remove_XSS($_GET['view']).'&amp;action=deletesentfile&amp;id='.$dropbox_file->id.'&'.$sort_params.'" onclick="javascript: return confirmation(\''.$dropbox_file->title.'\');">'.Display::return_icon('delete.png', get_lang('Delete'),'',22).'</a>';
// This is a hack to have an additional row in a sortable table
if ($_GET['action'] == 'viewfeedback' && isset($_GET['id']) && is_numeric($_GET['id']) && $dropbox_file->id == $_GET['id']) {
if ($action == 'viewfeedback' && isset($_GET['id']) && is_numeric($_GET['id']) && $dropbox_file->id == $_GET['id']) {
$action_icons .= "</td></tr>\n"; // ending the normal row of the sortable table
$action_icons .= "<tr><td colspan=\"2\">";
$action_icons .= "<a href=\"index.php?".api_get_cidreq()."&view_received_category=".Security::remove_XSS($_GET['view_received_category'])."&view_sent_category=".Security::remove_XSS($_GET['view_sent_category'])."&view=".Security::remove_XSS($_GET['view']).'&'.$sort_params."\">".get_lang('CloseFeedback')."</a>";

Write Preview
Loading…
Cancel
Save