You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 lines
1.7 KiB
64 lines
1.7 KiB
<?php
|
|
/* For licensing terms, see /license.txt */
|
|
|
|
use ChamiloSession as Session;
|
|
|
|
/**
|
|
* This file is responsible for passing requested documents to the browser.
|
|
*
|
|
* @package chamilo.document
|
|
*/
|
|
|
|
session_cache_limiter('none');
|
|
|
|
require_once __DIR__.'/../inc/global.inc.php';
|
|
$this_section = SECTION_COURSES;
|
|
|
|
// Protection
|
|
api_protect_course_script();
|
|
$_course = api_get_course_info();
|
|
|
|
if (!isset($_course)) {
|
|
api_not_allowed(true);
|
|
}
|
|
|
|
$obj = Session::read('oLP');
|
|
// If LP obj exists
|
|
if (empty($obj)) {
|
|
api_not_allowed();
|
|
}
|
|
|
|
// If is visible for the current user
|
|
if (!learnpath::is_lp_visible_for_student($obj->get_id(), api_get_user_id())) {
|
|
api_not_allowed();
|
|
}
|
|
|
|
$doc_url = isset($_GET['doc_url']) ? $_GET['doc_url'] : null;
|
|
// Change the '&' that got rewritten to '///' by mod_rewrite back to '&'
|
|
$doc_url = str_replace('///', '&', $doc_url);
|
|
// Still a space present? it must be a '+' (that got replaced by mod_rewrite)
|
|
$doc_url = str_replace(' ', '+', $doc_url);
|
|
$doc_url = str_replace(array('../', '\\..', '\\0', '..\\'), array('', '', '', ''), $doc_url); //echo $doc_url;
|
|
|
|
if (strpos($doc_url, '../') || strpos($doc_url, '/..')) {
|
|
$doc_url = '';
|
|
}
|
|
|
|
$sys_course_path = api_get_path(SYS_COURSE_PATH).$_course['path'].'/scorm';
|
|
|
|
if (is_dir($sys_course_path.$doc_url)) {
|
|
api_not_allowed();
|
|
}
|
|
|
|
if (Security::check_abs_path($sys_course_path.$doc_url, $sys_course_path.'/')) {
|
|
$full_file_name = $sys_course_path.$doc_url;
|
|
// Launch event
|
|
Event::event_download($doc_url);
|
|
|
|
$fixLinks = api_get_configuration_value('lp_replace_http_to_https');
|
|
$result = DocumentManager::file_send_for_download($full_file_name, false, '', $fixLinks);
|
|
if ($result === false) {
|
|
api_not_allowed(true);
|
|
}
|
|
}
|
|
exit;
|
|
|