chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fi

Browse Source
1.9.x
Julio Montoya 12 years ago
parent b86e302017
commit fb19ff6f7d
1 changed files with 62 additions and 52 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 114
      main/document/downloadfolder.inc.php

114
main/document/downloadfolder.inc.php
Unescape View File

@ -11,14 +11,13 @@
set_time_limit(0);
require_once '../inc/global.inc.php';
api_protect_course_script();
$document_data = DocumentManager::get_document_data_by_id($_GET['id'], api_get_course_id());
$path = $document_data['path'];
$path = $document_data['path'];
$sys_course_path = api_get_path(SYS_COURSE_PATH);
if (empty($path)) {
$path = '/';
}
@ -27,7 +26,7 @@ if (empty($document_data)) {
}
//a student should not be able to download a root shared directory
if (($path == '/shared_folder' || $path=='/shared_folder_session_'.api_get_session_id()) && (!api_is_allowed_to_edit() || !api_is_platform_admin())){
if (($path == '/shared_folder' || $path=='/shared_folder_session_'.api_get_session_id()) && (!api_is_allowed_to_edit() || !api_is_platform_admin())){
echo '<div align="center">';
Display::display_error_message(get_lang('NotAllowedClickBack'));
echo '</div>';
@ -46,9 +45,7 @@ $prop_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$course_id = api_get_course_int_id();
$session_id = api_get_session_id();
//$to_group_id = api_get_group_id(); variable loaded in document.php
$groupId = api_get_group_id();
// We need this path to clean it out of the zip file
// I'm not using dirname as it gives too much problems (cfr.)
@ -68,23 +65,29 @@ if (api_is_allowed_to_edit()) {
}
$querypath = Database::escape_string($querypath);
// Search for all files that are not deleted => visibility != 2
$sql = "SELECT path FROM $doc_table AS docs, $prop_table AS props
WHERE props.tool ='".TOOL_DOCUMENT."' AND
docs.id = props.ref AND
docs.path LIKE '".$querypath."/%' AND
docs.filetype = 'file' AND props.visibility<>'2' AND
props.to_group_id = ".$to_group_id." AND
props.c_id = ".$course_id." AND
props.id_session IN ('0', '$session_id') AND
docs.c_id = ".$course_id." ";
$sql = "SELECT path
FROM $doc_table AS docs, $prop_table AS props
WHERE
props.tool ='".TOOL_DOCUMENT."' AND
docs.id = props.ref AND
docs.path LIKE '".$querypath."/%' AND
docs.filetype = 'file' AND props.visibility<>'2' AND
props.to_group_id = ".$groupId." AND
props.c_id = ".$course_id." AND
props.id_session IN ('0', '$session_id') AND
docs.c_id = ".$course_id." ";
$query = Database::query($sql);
// Add tem to the zip file
while ($not_deleted_file = Database::fetch_assoc($query)) {
$zip_folder->add($sys_course_path.$_course['path'].'/document'.$not_deleted_file['path'], PCLZIP_OPT_REMOVE_PATH, $sys_course_path.$_course['path'].'/document'.$remove_dir);
}
$zip_folder->add(
$sys_course_path.$_course['path'].'/document'.$not_deleted_file['path'],
PCLZIP_OPT_REMOVE_PATH,
$sys_course_path.$_course['path'].'/document'.$remove_dir
);
}
} else {
// For other users, we need to create a zipfile with only visible files and folders
if ($path == '/') {
$querypath = ''; // To prevent ...path LIKE '//%'... in query
} else {
@ -94,50 +97,57 @@ if (api_is_allowed_to_edit()) {
// So... I do it in a couple of steps:
// 1st: Get all files that are visible in the given path
$querypath = Database::escape_string($querypath);
$query = Database::query("SELECT path FROM $doc_table AS docs, $prop_table AS props
WHERE docs.c_id = $course_id AND
props.c_id = $course_id AND
props.tool = '".TOOL_DOCUMENT."' AND
docs.id = props.ref AND
docs.path LIKE '".$querypath."/%' AND
props.visibility = '1' AND
docs.filetype = 'file' AND
props.id_session IN ('0', '$session_id') AND
props.to_group_id = ".$to_group_id);
$sql = "SELECT path
FROM $doc_table AS docs, $prop_table AS props
WHERE
docs.c_id = $course_id AND
props.c_id = $course_id AND
props.tool = '".TOOL_DOCUMENT."' AND
docs.id = props.ref AND
docs.path LIKE '".$querypath."/%' AND
props.visibility = '1' AND
docs.filetype = 'file' AND
props.id_session IN ('0', '$session_id') AND
props.to_group_id = ".$groupId;
$query = Database::query($sql);
// Add them to an array
while ($all_visible_files = Database::fetch_assoc($query)) {
$all_visible_files_path[] = $all_visible_files['path'];
}
// 2nd: Get all folders that are invisible in the given path
$query2 = Database::query("SELECT path FROM $doc_table AS docs, $prop_table AS props
WHERE docs.c_id = $course_id AND
props.c_id = $course_id AND
props.tool = '".TOOL_DOCUMENT."' AND
docs.id = props.ref AND
docs.path LIKE '".$querypath."/%' AND
props.visibility <> '1' AND
props.id_session IN ('0', '$session_id') AND
docs.filetype = 'folder'");
$sql = "SELECT path
FROM $doc_table AS docs, $prop_table AS props
WHERE
docs.c_id = $course_id AND
props.c_id = $course_id AND
props.tool = '".TOOL_DOCUMENT."' AND
docs.id = props.ref AND
docs.path LIKE '".$querypath."/%' AND
props.visibility <> '1' AND
props.id_session IN ('0', '$session_id') AND
docs.filetype = 'folder'";
$query2 = Database::query($sql);
// If we get invisible folders, we have to filter out these results from all visible files we found
if (Database::num_rows($query2) > 0) {
// Add tem to an array
// Add item to an array
while ($invisible_folders = Database::fetch_assoc($query2)) {
//3rd: Get all files that are in the found invisible folder (these are "invisible" too)
//echo "<br /><br />invisible folders: ".$sys_course_path.$_course['path'].'/document'.$invisible_folders['path'].'<br />';
$query3 = Database::query("SELECT path FROM $doc_table AS docs,$prop_table AS props
WHERE docs.c_id = $course_id AND
props.c_id = $course_id AND
props.tool ='".TOOL_DOCUMENT."' AND
docs.id = props.ref AND
docs.path LIKE '".$invisible_folders['path']."/%' AND
docs.filetype ='file' AND
props.id_session IN ('0', '$session_id') AND
props.visibility ='1'");
//3rd: Get all files that are in the found invisible folder (these are "invisible" too)
$sql = "SELECT path
FROM $doc_table AS docs, $prop_table AS props
WHERE
docs.c_id = $course_id AND
props.c_id = $course_id AND
props.tool ='".TOOL_DOCUMENT."' AND
docs.id = props.ref AND
docs.path LIKE '".$invisible_folders['path']."/%' AND
docs.filetype ='file' AND
props.id_session IN ('0', '$session_id') AND
props.visibility ='1'";
$query3 = Database::query($sql);
// Add tem to an array
while ($files_in_invisible_folder = Database::fetch_assoc($query3)) {
$files_in_invisible_folder_path[] = $files_in_invisible_folder['path'];
//echo '<br /><br />files in invisible folders: '.$sys_course_path.$_course['path'].'/document'.$files_in_invisible_folder['path'].' <b>id '.$files_in_invisible_folder['id'].'</b><br />';
}
}
// Compare the array with visible files and the array with files in invisible folders
@ -163,7 +173,7 @@ $name = ($path == '/') ? 'documents.zip' : $document_data['title'].'.zip';
if (Security::check_abs_path($temp_zip_file, api_get_path(SYS_ARCHIVE_PATH))) {
DocumentManager::file_send_for_download($temp_zip_file, true, $name);
@unlink($temp_zip_file);
@unlink($temp_zip_file);
exit;
}

Write Preview
Loading…
Cancel
Save