diff --git a/main/document/downloadfolder.inc.php b/main/document/downloadfolder.inc.php
index a25b8c9906..e22a2187d3 100644
--- a/main/document/downloadfolder.inc.php
+++ b/main/document/downloadfolder.inc.php
@@ -11,14 +11,13 @@
set_time_limit(0);
require_once '../inc/global.inc.php';
-
api_protect_course_script();
$document_data = DocumentManager::get_document_data_by_id($_GET['id'], api_get_course_id());
-$path = $document_data['path'];
+$path = $document_data['path'];
$sys_course_path = api_get_path(SYS_COURSE_PATH);
-
+
if (empty($path)) {
$path = '/';
}
@@ -27,7 +26,7 @@ if (empty($document_data)) {
}
//a student should not be able to download a root shared directory
-if (($path == '/shared_folder' || $path=='/shared_folder_session_'.api_get_session_id()) && (!api_is_allowed_to_edit() || !api_is_platform_admin())){
+if (($path == '/shared_folder' || $path=='/shared_folder_session_'.api_get_session_id()) && (!api_is_allowed_to_edit() || !api_is_platform_admin())){
echo '';
Display::display_error_message(get_lang('NotAllowedClickBack'));
echo '
';
@@ -46,9 +45,7 @@ $prop_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$course_id = api_get_course_int_id();
$session_id = api_get_session_id();
-
-//$to_group_id = api_get_group_id(); variable loaded in document.php
-
+$groupId = api_get_group_id();
// We need this path to clean it out of the zip file
// I'm not using dirname as it gives too much problems (cfr.)
@@ -68,23 +65,29 @@ if (api_is_allowed_to_edit()) {
}
$querypath = Database::escape_string($querypath);
// Search for all files that are not deleted => visibility != 2
- $sql = "SELECT path FROM $doc_table AS docs, $prop_table AS props
- WHERE props.tool ='".TOOL_DOCUMENT."' AND
- docs.id = props.ref AND
- docs.path LIKE '".$querypath."/%' AND
- docs.filetype = 'file' AND props.visibility<>'2' AND
- props.to_group_id = ".$to_group_id." AND
- props.c_id = ".$course_id." AND
- props.id_session IN ('0', '$session_id') AND
- docs.c_id = ".$course_id." ";
+ $sql = "SELECT path
+ FROM $doc_table AS docs, $prop_table AS props
+ WHERE
+ props.tool ='".TOOL_DOCUMENT."' AND
+ docs.id = props.ref AND
+ docs.path LIKE '".$querypath."/%' AND
+ docs.filetype = 'file' AND props.visibility<>'2' AND
+ props.to_group_id = ".$groupId." AND
+ props.c_id = ".$course_id." AND
+ props.id_session IN ('0', '$session_id') AND
+ docs.c_id = ".$course_id." ";
$query = Database::query($sql);
// Add tem to the zip file
while ($not_deleted_file = Database::fetch_assoc($query)) {
- $zip_folder->add($sys_course_path.$_course['path'].'/document'.$not_deleted_file['path'], PCLZIP_OPT_REMOVE_PATH, $sys_course_path.$_course['path'].'/document'.$remove_dir);
- }
+ $zip_folder->add(
+ $sys_course_path.$_course['path'].'/document'.$not_deleted_file['path'],
+ PCLZIP_OPT_REMOVE_PATH,
+ $sys_course_path.$_course['path'].'/document'.$remove_dir
+ );
+ }
} else {
// For other users, we need to create a zipfile with only visible files and folders
-
+
if ($path == '/') {
$querypath = ''; // To prevent ...path LIKE '//%'... in query
} else {
@@ -94,50 +97,57 @@ if (api_is_allowed_to_edit()) {
// So... I do it in a couple of steps:
// 1st: Get all files that are visible in the given path
$querypath = Database::escape_string($querypath);
- $query = Database::query("SELECT path FROM $doc_table AS docs, $prop_table AS props
- WHERE docs.c_id = $course_id AND
- props.c_id = $course_id AND
- props.tool = '".TOOL_DOCUMENT."' AND
- docs.id = props.ref AND
- docs.path LIKE '".$querypath."/%' AND
- props.visibility = '1' AND
- docs.filetype = 'file' AND
- props.id_session IN ('0', '$session_id') AND
- props.to_group_id = ".$to_group_id);
+ $sql = "SELECT path
+ FROM $doc_table AS docs, $prop_table AS props
+ WHERE
+ docs.c_id = $course_id AND
+ props.c_id = $course_id AND
+ props.tool = '".TOOL_DOCUMENT."' AND
+ docs.id = props.ref AND
+ docs.path LIKE '".$querypath."/%' AND
+ props.visibility = '1' AND
+ docs.filetype = 'file' AND
+ props.id_session IN ('0', '$session_id') AND
+ props.to_group_id = ".$groupId;
+ $query = Database::query($sql);
// Add them to an array
while ($all_visible_files = Database::fetch_assoc($query)) {
$all_visible_files_path[] = $all_visible_files['path'];
}
// 2nd: Get all folders that are invisible in the given path
- $query2 = Database::query("SELECT path FROM $doc_table AS docs, $prop_table AS props
- WHERE docs.c_id = $course_id AND
- props.c_id = $course_id AND
- props.tool = '".TOOL_DOCUMENT."' AND
- docs.id = props.ref AND
- docs.path LIKE '".$querypath."/%' AND
- props.visibility <> '1' AND
- props.id_session IN ('0', '$session_id') AND
- docs.filetype = 'folder'");
+ $sql = "SELECT path
+ FROM $doc_table AS docs, $prop_table AS props
+ WHERE
+ docs.c_id = $course_id AND
+ props.c_id = $course_id AND
+ props.tool = '".TOOL_DOCUMENT."' AND
+ docs.id = props.ref AND
+ docs.path LIKE '".$querypath."/%' AND
+ props.visibility <> '1' AND
+ props.id_session IN ('0', '$session_id') AND
+ docs.filetype = 'folder'";
+ $query2 = Database::query($sql);
// If we get invisible folders, we have to filter out these results from all visible files we found
if (Database::num_rows($query2) > 0) {
- // Add tem to an array
+ // Add item to an array
while ($invisible_folders = Database::fetch_assoc($query2)) {
- //3rd: Get all files that are in the found invisible folder (these are "invisible" too)
- //echo "
invisible folders: ".$sys_course_path.$_course['path'].'/document'.$invisible_folders['path'].'
';
- $query3 = Database::query("SELECT path FROM $doc_table AS docs,$prop_table AS props
- WHERE docs.c_id = $course_id AND
- props.c_id = $course_id AND
- props.tool ='".TOOL_DOCUMENT."' AND
- docs.id = props.ref AND
- docs.path LIKE '".$invisible_folders['path']."/%' AND
- docs.filetype ='file' AND
- props.id_session IN ('0', '$session_id') AND
- props.visibility ='1'");
+ //3rd: Get all files that are in the found invisible folder (these are "invisible" too)
+ $sql = "SELECT path
+ FROM $doc_table AS docs, $prop_table AS props
+ WHERE
+ docs.c_id = $course_id AND
+ props.c_id = $course_id AND
+ props.tool ='".TOOL_DOCUMENT."' AND
+ docs.id = props.ref AND
+ docs.path LIKE '".$invisible_folders['path']."/%' AND
+ docs.filetype ='file' AND
+ props.id_session IN ('0', '$session_id') AND
+ props.visibility ='1'";
+ $query3 = Database::query($sql);
// Add tem to an array
while ($files_in_invisible_folder = Database::fetch_assoc($query3)) {
$files_in_invisible_folder_path[] = $files_in_invisible_folder['path'];
- //echo '
files in invisible folders: '.$sys_course_path.$_course['path'].'/document'.$files_in_invisible_folder['path'].' id '.$files_in_invisible_folder['id'].'
';
}
}
// Compare the array with visible files and the array with files in invisible folders
@@ -163,7 +173,7 @@ $name = ($path == '/') ? 'documents.zip' : $document_data['title'].'.zip';
if (Security::check_abs_path($temp_zip_file, api_get_path(SYS_ARCHIVE_PATH))) {
DocumentManager::file_send_for_download($temp_zip_file, true, $name);
- @unlink($temp_zip_file);
+ @unlink($temp_zip_file);
exit;
}