You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
1.5 KiB
57 lines
1.5 KiB
<?php
|
|
/* For licensing terms, see /license.txt */
|
|
|
|
/**
|
|
* This file is responsible for passing requested documents to the browser.
|
|
* Html files are parsed to fix a few problems with URLs,
|
|
* but this code will hopefully be replaced soon by an Apache URL
|
|
* rewrite mechanism.
|
|
*
|
|
* @package chamilo.work
|
|
*/
|
|
require_once __DIR__.'/../inc/global.inc.php';
|
|
require_once 'work.lib.php';
|
|
|
|
// Course protection
|
|
api_protect_course_script(true);
|
|
|
|
$commentId = isset($_GET['comment_id']) ? intval($_GET['comment_id']) : null;
|
|
if (empty($commentId)) {
|
|
api_not_allowed(true);
|
|
}
|
|
$workData = getWorkComment($commentId);
|
|
$courseInfo = api_get_course_info();
|
|
|
|
if (!empty($workData)) {
|
|
if (empty($workData['file_path']) ||
|
|
(isset($workData['file_path']) && !file_exists($workData['file_path']))
|
|
) {
|
|
api_not_allowed(true);
|
|
}
|
|
|
|
$work = get_work_data_by_id($workData['work_id']);
|
|
|
|
protectWork($courseInfo, $work['parent_id']);
|
|
|
|
if (user_is_author($workData['work_id']) ||
|
|
$courseInfo['show_score'] == 0 &&
|
|
$work['active'] == 1 &&
|
|
$work['accepted'] == 1
|
|
) {
|
|
if (Security::check_abs_path(
|
|
$workData['file_path'],
|
|
api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'
|
|
)
|
|
) {
|
|
DocumentManager::file_send_for_download(
|
|
$workData['file_path'],
|
|
true,
|
|
$workData['file_name_to_show']
|
|
);
|
|
}
|
|
} else {
|
|
api_not_allowed(true);
|
|
}
|
|
} else {
|
|
api_not_allowed(true);
|
|
}
|
|
|