Add download_uploaded_files.php to process course/X/tool/upload/(*)

Files inside course/X/tool/upload/(*) are process internally in order to get the correct file location (vchamilo).
9 years ago · a189b0edc0
parent e5840e28d7
commit a189b0edc0
2 changed files with 35 additions and 1 deletions
--- a/.htaccess
+++ b/.htaccess
@ -31,7 +31,7 @@ RewriteRule ^courses/([^/]+)/document/(.*)$ main/document/download.php?doc_url=/
 RewriteRule ^courses/([^/]+)/work/(.*)$ main/work/download.php?file=work/$2&cDir=$1 [QSA,L]

 # Course upload files
-RewriteRule ^courses/([^/]+)/upload/(.*)$ app/courses/$1/upload/$2 [QSA,L]
+RewriteRule ^courses/([^/]+)/upload/([^/]+)/(.*)$ main/document/download_uploaded_files.php?code=$1&type=$2&file=$3 [QSA,L]
 RewriteRule ^courses/([^/]+)/(.*)$ app/courses/$1/$2 [QSA,L]

 RewriteRule ^courses/([^/]+)/course-pic85x85.png$ app/courses/$1/course-pic85x85.png [QSA,L]
--- a/main/document/download_uploaded_files.php
+++ b/main/document/download_uploaded_files.php
@ -0,0 +1,34 @@
+<?php
+/* For licensing terms, see /license.txt */
+
+session_cache_limiter('none');
+
+require_once __DIR__.'/../inc/global.inc.php';
+$this_section = SECTION_COURSES;
+
+// Protection
+api_protect_course_script();
+
+$courseCode = isset($_GET['code']) ? $_GET['code'] : '';
+$type = isset($_GET['type']) ? $_GET['type'] : '';
+$file = isset($_GET['file']) ? $_GET['file'] : '';
+$courseInfo = api_get_course_info($courseCode);
+
+if (empty($courseInfo) || empty($type) || empty($file)) {
+    api_not_allowed(true);
+}
+
+$toolPath = api_get_path(SYS_COURSE_PATH).$courseInfo['path'].'/upload/'.$type.'/';
+
+if (!is_dir($toolPath)) {
+    api_not_allowed(true);
+}
+
+if (Security::check_abs_path($toolPath.$file, $toolPath.'/')) {
+    $fullFilePath = $toolPath.$file;
+    $result = DocumentManager::file_send_for_download($fullFilePath, false, '');
+    if ($result === false) {
+        api_not_allowed(true);
+    }
+}
+exit;