[svn r11147] Added filter on downloaded file (closing bug #1150) http://projects.dokeos.com/?do=details&id=1150

19 years ago · ab5c4774bb
parent 37b6a6c6ea
commit ab5c4774bb
1 changed files with 11 additions and 0 deletions
--- a/main/inc/lib/fckeditor/editor/plugins/Attachment/download.php
+++ b/main/inc/lib/fckeditor/editor/plugins/Attachment/download.php
@ -1,6 +1,17 @@
 <?php
 require_once('../../../../../global.inc.php');
 require_once('../../../../security.lib.php');
 $filename = urldecode(stripslashes($_GET['file']));
 //prevent download of something outside of the course dir
 $course_dir   = $_course['path']."/document";
 $course_path = api_get_path(SYS_COURSE_PATH).$course_dir;
 $in_course = Security::check_abs_path($filename,$course_path);
 if(!$in_course){
 	$filename = "";
 }
 // required for IE, otherwise Content-disposition is ignored
 if(ini_get('zlib.output_compression'))
  ini_set('zlib.output_compression', 'Off');