Permalink
Browse files

new parameter forcedownload

  • Loading branch information...
skodak
skodak committed Jul 12, 2005
1 parent 5bccb31 commit 6ba567ac6302d91c5278c497117efdbdf549b44e
Showing with 33 additions and 9 deletions.
  1. +16 −3 file.php
  2. +17 −6 lib/filelib.php
View
@@ -1,6 +1,7 @@
<?php // $Id$
// This script fetches files from the dataroot directory
// Syntax: file.php/courseid/dir/dir/dir/filename.ext
+ // file.php/courseid/dir/dir/dir/filename.ext?forcedownload=1 (download instead of inline)
// file.php/courseid/dir (returns index.html from dir)
// Workaround: file.php?file=/courseid/dir/dir/dir/filename.ext
// Test: file.php/testslasharguments
@@ -16,6 +17,7 @@
$relativepath = get_file_argument('file.php');
+ $forcedownload = optional_param('forcedownload', 0, PARAM_BOOL);
// relative path must start with '/', because of backup/restore!!!
if (!$relativepath) {
@@ -86,10 +88,21 @@
}
}
+ // security: force download of all attachments submitted by students
+ if ((count($args) >= 3)
+ and (strtolower($args[1]) == 'moddata')
+ and ((strtolower($args[2]) == 'forum')
+ or (strtolower($args[2]) == 'assignment')
+ or (strtolower($args[2]) == 'glossary')
+ or (strtolower($args[2]) == 'wiki')
+ or (strtolower($args[2]) == 'exercise')
+ or (strtolower($args[2]) == 'workshop')
+ )) {
+ $forcedownload = 1; // force download of all attachments
+ }
+
// security: some protection of hidden resource files
// warning: it may break backwards compatibility
- // TODO: case sensitive in PostgresQL, case insensitive in MySQL (ok?)
- // TODO: should we protect directories too?
if ((!empty($CFG->preventaccesstohiddenfiles))
and (count($args) >= 2)
and (!isteacher($course->id))) {
@@ -131,7 +144,7 @@
// ========================================
session_write_close(); // unlock session during fileserving
$filename = $args[count($args)-1];
- send_file($pathname, $filename, $lifetime, !empty($CFG->filteruploadedfiles));
+ send_file($pathname, $filename, $lifetime, !empty($CFG->filteruploadedfiles), false, $forcedownload);
function not_found($courseid) {
global $CFG;
View
@@ -136,26 +136,37 @@ function mimeinfo($element, $filename) {
}
}
-function send_file($path, $filename, $lifetime=86400 , $filter=false, $pathisstring=false) {
+function send_file($path, $filename, $lifetime=86400 , $filter=false, $pathisstring=false,$forcedownload=false) {
- $mimetype = mimeinfo('type', $filename);
+ $mimetype = $forcedownload ? 'application/force-download' : mimeinfo('type', $filename);
$lastmodified = $pathisstring ? time() : filemtime($path);
$filesize = $pathisstring ? strlen($path) : filesize($path);
+ //IE compatibiltiy HACK!
+ if(ini_get('zlib.output_compression')) {
+ ini_set('zlib.output_compression', 'Off');
+ }
+
@header('Last-Modified: '. gmdate('D, d M Y H:i:s', $lastmodified) .' GMT');
if ($lifetime > 0) {
@header('Cache-control: max-age='.$lifetime);
@header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .'GMT');
@header('Pragma: ');
} else {
- // this part is tricky, displaying of MS Office documents in IE needs
- // to store the file on disk, but no-cache may prevent it
+ // This part is tricky, displaying of MS Office documents in IE needs
+ // to store the file on disk, but no-cache may prevent it.
+ // HTTPS:// sites might have problems with following code in IE, tweak it yourself if needed ;-)
@header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=10');
@header('Expires: '. gmdate('D, d M Y H:i:s', 0) .'GMT');
@header('Pragma: no-cache');
}
- @header('Accept-Ranges: none'); // PDF compatibility
- @header('Content-disposition: inline; filename='.$filename);
+ @header('Accept-Ranges: none'); // Comment out if PDFs do not work...
+
+ if ($forcedownload) {
+ @header('Content-disposition: attachment; filename='.$filename);
+ } else {
+ @header('Content-disposition: inline; filename='.$filename);
+ }
if (!$filter) {
@header('Content-length: '.$filesize);

0 comments on commit 6ba567a

Please sign in to comment.