Merge branch '1.11.x' of github.com:chamilo/chamilo-lms into 1.11.x

main/auth/external_login/login.azure.php

@@ -5,37 +5,41 @@ require_once __DIR__.'/functions.inc.php';
 
 /** @var array $uData */
 
-$plugin = AzureActiveDirectory::create();
+if ($uData['auth_source'] === 'azure') {
+    $plugin = AzureActiveDirectory::create();
 
-if ('true' !== $plugin->get(AzureActiveDirectory::SETTING_ENABLE)) {
-    api_not_allowed(true);
-}
+    if ('true' !== $plugin->get(AzureActiveDirectory::SETTING_ENABLE)) {
+        api_not_allowed(true);
+    }
 
-$azureIdField = new ExtraFieldValue('user');
-$azureIdValue = $azureIdField->get_values_by_handler_and_field_variable(
-    $uData['user_id'],
-    AzureActiveDirectory::EXTRA_FIELD_AZURE_ID
-);
+    $azureIdField = new ExtraFieldValue('user');
+    $azureIdValue = $azureIdField->get_values_by_handler_and_field_variable(
+        $uData['user_id'],
+        AzureActiveDirectory::EXTRA_FIELD_AZURE_ID
+    );
 
-if (empty($azureIdValue) || empty($azureIdValue['value'])) {
-    api_not_allowed(true);
-}
+    if (empty($azureIdValue) || empty($azureIdValue['value'])) {
+        api_not_allowed(true);
+    }
 
-$organsationEmailField = new ExtraFieldValue('user');
-$organsationEmailValue = $organsationEmailField->get_values_by_handler_and_field_variable(
-    $uData['user_id'],
-    AzureActiveDirectory::EXTRA_FIELD_ORGANISATION_EMAIL
-);
+    $organsationEmailField = new ExtraFieldValue('user');
+    $organsationEmailValue = $organsationEmailField->get_values_by_handler_and_field_variable(
+        $uData['user_id'],
+        AzureActiveDirectory::EXTRA_FIELD_ORGANISATION_EMAIL
+    );
 
-if (empty($organsationEmailValue) || empty($organsationEmailValue['value'])) {
-    api_not_allowed(true);
-}
+    if (empty($organsationEmailValue) || empty($organsationEmailValue['value'])) {
+        api_not_allowed(true);
+    }
 
-$provider = $plugin->getProvider();
+    $provider = $plugin->getProvider();
 
-$authUrl = $provider->getAuthorizationUrl(['login_hint' => $organsationEmailValue['value']]);
+    $authUrl = $provider->getAuthorizationUrl(['login_hint' => $organsationEmailValue['value']]);
 
-ChamiloSession::write('oauth2state', $provider->getState());
+    ChamiloSession::write('oauth2state', $provider->getState());
 
-header('Location: '.$authUrl);
-exit;
+    // Redirect to Azure login.
+    header('Location: '.$authUrl);
+    // Avoid execution from here in local.inc.php script.
+    exit;
+}

main/document/download.php

@@ -20,10 +20,10 @@ if (!isset($_course)) {
     api_not_allowed(true);
 }
 
-$doc_url = $_GET['doc_url'];
 // Change the '&' that got rewritten to '///' by mod_rewrite back to '&'
-$doc_url = str_replace('///', '&', $doc_url);
+$doc_url = str_replace('///', '&', $_GET['doc_url']);
 // Still a space present? it must be a '+' (that got replaced by mod_rewrite)
+$docUrlNoPlus = $doc_url;
 $doc_url = str_replace(' ', '+', $doc_url);
 
 $docUrlParts = preg_split('/\/|\\\/', $doc_url);
@@ -95,6 +95,14 @@ if (isset($path_info['extension']) && $path_info['extension'] == 'swf') {
     }
 }
 
+// When dealing with old systems or wierd migrations, it might so happen that
+// the filename contains spaces, that were replaced above by '+' signs, but
+// these '+' signs might not match the real filename. Give files with spaces
+// another chance if the '+' version doesn't exist.
+if (!is_file($sys_course_path.$doc_url) && is_file($sys_course_path.$docUrlNoPlus)) {
+    $doc_url = $docUrlNoPlus;
+}
+
 if (Security::check_abs_path($sys_course_path.$doc_url, $sys_course_path.'/')) {
     $fullFileName = $sys_course_path.$doc_url;
     if ($fix_file_name) {