Chamilo is a learning management system focused on ease of use and accessibility
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
chamilo-lms/main/document/download.php

125 lines
4.5 KiB

<?php // $Id: download.php 22201 2009-07-17 19:57:03Z cfasanando $
/*
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2004 Dokeos S.A.
Copyright (c) 2003 Ghent University (UGent)
Copyright (c) 2001 Universite catholique de Louvain (UCL)
Copyright (c) Olivier Brouckaert
Copyright (c) Roan Embrechts
Copyright (c) Sergio A. Kessler aka "sak"
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact: Dokeos, 181 rue Royale, B-1000 Brussels, Belgium, info@dokeos.com
==============================================================================
*/
/**
==============================================================================
* This file is responsible for passing requested documents to the browser.
* Html files are parsed to fix a few problems with URLs,
* but this code will hopefully be replaced soon by an Apache URL
* rewrite mechanism.
*
* @package dokeos.document
==============================================================================
*/
/*
==============================================================================
FUNCTIONS
==============================================================================
*/
/* file_html_dynamic_parsing removed */
/* other functions updated and moved to lib/document.lib.php */
/*
==============================================================================
MAIN CODE
==============================================================================
*/
session_cache_limiter('none');
require_once '../inc/global.inc.php';
$this_section=SECTION_COURSES;
require_once api_get_path(LIBRARY_PATH).'document.lib.php';
$doc_url = $_GET['doc_url'];
//change the '&' that got rewritten to '///' by mod_rewrite back to '&'
$doc_url = str_replace('///', '&', $doc_url);
//still a space present? it must be a '+' (that got replaced by mod_rewrite)
$doc_url = str_replace(' ', '+', $doc_url);
$doc_url = str_replace(array('../','\\..','\\0','..\\'),array('','','',''), $doc_url); //echo $doc_url;
// dealing with image included into survey: when users receive a link towards a
// survey while not being authenticated on the plateform.
// the administrator should probably be able to disable this code through admin
// inteface
$refer_script = strrchr($_SERVER["HTTP_REFERER"],'/');
if (substr($refer_script,0,15) == "/fillsurvey.php") {
$invitation = substr(strstr($refer_script, 'invitationcode='),15);
$course = strstr($refer_script, 'course=');
$course = substr($course, 7, strpos($course, '&')-7);
include ("../survey/survey.download.inc.php");
$_course = check_download_survey($course, $invitation, $doc_url);
$_course['path']=$_course['directory'];
} else {
//protection
api_protect_course_script();
if (! isset($_course))
{
api_not_allowed(true);
}
//if the rewrite rule asks for a directory, we redirect to the document explorer
if(is_dir(api_get_path(SYS_COURSE_PATH).$_course['path']."/document".$doc_url))
{
//remove last slash if present
//$doc_url = ($doc_url{strlen($doc_url)-1}=='/')?substr($doc_url,0,strlen($doc_url)-1):$doc_url;
//mod_rewrite can change /some/path/ to /some/path// in some cases, so clean them all off (Ren<EFBFBD>)
while ($doc_url{$dul = strlen($doc_url)-1}=='/') $doc_url = substr($doc_url,0,$dul);
//group folder?
$gid_req = ($_GET['gidReq'])?'&gidReq='.Security::remove_XSS($_GET['gidReq']):'';
//create the path
$document_explorer = api_get_path(WEB_CODE_PATH).'document/document.php?curdirpath='.urlencode($doc_url).'&cidReq='.Security::remove_XSS($_GET['cidReq']).$gid_req;
//redirect
header('Location: '.$document_explorer);
}
// launch event
event_download($doc_url);
}
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$full_file_name = $sys_course_path.$_course['path'].'/document'.$doc_url;
// check visibility of document and paths
$is_allowed_to_edit = api_is_allowed_to_edit();
if (!$is_allowed_to_edit &&
!DocumentManager::is_visible($doc_url, $_course)){
echo "document not visible"; //api_not_allowed backbutton won't work
exit; // you shouldn't be here anyway
}
DocumentManager::file_send_for_download($full_file_name);
?>