@ -1,102 +1,83 @@
<?php <?php
// By Arnaud Ligot < arnaud @ cblue . be >
// Based on work done for old videoconference application
// params:
// action=list cidReq=course_Code cwd=folder result: json output
// I have about 30 minutes to write this peace of code so if somebody has more time, feel free to rewrite it...
/* See license terms in /license.txt */ /* See license terms in /license.txt */
/**
* Script that allows download of a specific file from external applications
* @author Arnaud Ligot < arnaud @ cblue . be > , Based on work done for old videoconference application (I have about 30 minutes to write this peace of code so if somebody has more time, feel free to rewrite it...)
*/
/**
* Script that allows remote download of a file
* @param string Action parameter (action=...)
* @param string Course code (cidReq=...)
* @param string Current working directory (cwd=...)
* @return string JSON output
*/
/* FIX for IE cache when using https */ /* FIX for IE cache when using https */
session_cache_limiter("none"); session_cache_limiter('none');
/*==== DEBUG ====*/ /*==== DEBUG ====*/
$debug=0; $debug=0;
if ($debug>0) {
// dump the request
if ($debug>0) $v = array_keys(get_defined_vars());
{ error_log(var_export($v, true),3, '/tmp/log');
// dump the request foreach (array_keys(get_defined_vars()) as $k) {
$v = array_keys(get_defined_vars()); if ($k == 'GLOBALS') {
error_log(var_export($v, true),3, '/tmp/log'); continue;
}
foreach (array_keys(get_defined_vars()) as $k) { error_log($k, 3, '/tmp/log');
if ($k == 'GLOBALS') error_log(var_export($$k, true), 3, '/tmp/log');
continue; }
error_log($k, 3, '/tmp/log');
error_log(var_export($$k, true), 3, '/tmp/log');
}
} }
/*==== INCLUDE ====*/ /*==== INCLUDE ====*/
require_once '../inc/global.inc.php'; require_once '../inc/global.inc.php';
api_block_anonymous_users(); api_block_anonymous_users();
require_once (api_get_path(LIBRARY_PATH)."course.lib.php"); require_once (api_get_path(LIBRARY_PATH).'course.lib.php');
require_once (api_get_path(LIBRARY_PATH)."document.lib.php"); require_once (api_get_path(LIBRARY_PATH).'document.lib.php');
require_once ("../newscorm/learnpath.class.php"); require_once ('../newscorm/learnpath.class.php');
/*==== Variables initialisation ====*/ /*==== Variables initialisation ====*/
$action = $_REQUEST["action" ]; //safe as only used in if()'s $action = $_REQUEST['action' ]; //safe as only used in if()'s
$seek = array('/','%2F','..'); $seek = array('/','%2F','..');
$destroy = array('','',''); $destroy = array('','','');
$cidReq = str_replace($seek,$destroy,$_REQUEST["cidReq"]); $cidReq = str_replace($seek,$destroy,$_REQUEST["cidReq"]);
$cidReq = Security::remove_XSS($cidReq); $cidReq = Security::remove_XSS($cidReq);
$user_id = api_get_user_id(); $user_id = api_get_user_id();
$coursePath = api_get_path(SYS_COURSE_PATH).$cidReq.'/document'; $coursePath = api_get_path(SYS_COURSE_PATH).$cidReq.'/document';
$_course = CourseManager::get_course_information($cidReq); $_course = CourseManager::get_course_information($cidReq);
if ($_course == null) die ("problem when fetching course information"); if ($_course == null) die ("problem when fetching course information");
// stupid variable initialisation for old version of DocumentManager functions. // stupid variable initialisation for old version of DocumentManager functions.
$_course['path'] = $_course['directory']; $_course['path'] = $_course['directory'];
$_course['dbName'] = $_course['db_name']; $_course['dbName'] = $_course['db_name'];
$is_manager = (CourseManager::get_user_in_course_status($user_id, $cidReq) == COURSEMANAGER); $is_manager = (CourseManager::get_user_in_course_status($user_id, $cidReq) == COURSEMANAGER);
if ($debug>0) { error_log($coursePath, 0); }
if ($debug>0) error_log($coursePath, 0);
// FIXME: check security around $_REQUEST["cwd"] // FIXME: check security around $_REQUEST["cwd"]
$cwd = $_REQUEST["cwd"]; $cwd = $_REQUEST['cwd'];
// treat /.. // treat /..
$nParent = 0; // the number of /.. into the url $nParent = 0; // the number of /.. into the url
while (substr($cwd, -3, 3) == "/..") while (substr($cwd, -3, 3) == '/..') {
{ // go to parent directory
// go to parent directory $cwd= substr($cwd, 0, -3);
$cwd= substr($cwd, 0, -3); if (strlen($cwd) == 0) { $cwd='/'; }
if (strlen($cwd) == 0) $cwd="/"; $nParent++;
$nParent++;
} }
for (;$nParent >0; $nParent--){ for (;$nParent >0; $nParent--) {
$cwd = (strrpos($cwd,'/')>-1 ? substr($cwd, 0, strrpos($cwd,'/')) : $cwd); $cwd = (strrpos($cwd,'/')>-1 ? substr($cwd, 0, strrpos($cwd,'/')) : $cwd);
} }
if (strlen($cwd) == 0) { $cwd='/'; }
if (strlen($cwd) == 0) $cwd="/"; if (Security::check_abs_path($cwd,api_get_path(SYS_PATH))) {
die();
if (Security::check_abs_path($cwd,api_get_path(SYS_PATH))) }
die(); if ($action == 'list') {
/*==== List files ====*/
if ($debug>0) { error_log("sending file list",0); }
if ($action == "list")
{ // get files list
/*==== List files ====*/ $files = DocumentManager::get_all_document_data($_course, $cwd, 0, NULL, false);
if ($debug>0) error_log("sending file list",0);
// adding download link to files
// get files list foreach ($files as $k=>$f) {
$files = DocumentManager::get_all_document_data($_course, $cwd, 0, NULL, false); if ($f['filetype'] == 'file') {
//$files[$k]['download'] = api_get_path(WEB_CODE_PATH)."/document/document.php?cidReq=$cidReq&action=download&id=".urlencode($f['path']);
// adding download link to files $files[$k]['download'] = api_get_path(WEB_COURSE_PATH).$cidReq."/document".$f['path'];
foreach($files as $k=>$f) }
if ($f['filetype'] == 'file') print json_encode($files);
// $files[$k]['download'] = api_get_path(WEB_CODE_PATH)."/document/document.php?cidReq=$cidReq&action=download&id=".urlencode($f['path']); exit;
$files[$k]['download'] = api_get_path(WEB_COURSE_PATH).$cidReq."/document".$f['path'];
print json_encode($files);
exit;
} }
?>
Yannick Warnier
13 years ago