/**
* Converts URLs in images so that the webserver can access them without proxy.
* @param string $url of an image
* @return string " src=\"".$converted_url."\""
*/
protected function convertURL($url)
{
$convurl = $url;
$url_elements = @parse_url($url);
$url = $url_elements['path'] . '?' . $url_elements['query'];
if (strpos(implode('#', $this->domains), $url_elements['host']) !== false) {
if (strpos($url, 'dispatch.php/media_proxy?url=') !== false) {
$targeturl = urldecode(substr($url, 4));
try {
// is file in cache?
if (!($metadata = $this->media_proxy->getMetaData($targeturl))) {
$convurl = $targeturl;
} else {
$convurl = $this->config->getValue('MEDIA_CACHE_PATH') . '/' . md5($targeturl);
}
} catch (Exception $e) {
$convurl = '';
}
} else {
if (stripos($url, 'dispatch.php/document/download') !== false) {
if (preg_match('#([a-f0-9]{32})#', $url, $matches)) {
$convurl = DirectoryEntry::find($matches[1])->file->getStorageObject()->getPath();
}
} else {
if (stripos($url, 'download') !== false || stripos($url, 'sendfile.php') !== false) {
//// get file id
if (preg_match('#([a-f0-9]{32})#', $url, $matches)) {
$document = new StudipDocument($matches[1]);
if ($document->checkAccess($GLOBALS['user']->id)) {
$convurl = get_upload_file_path($matches[1]);
} else {
$convurl = Assets::image_path('messagebox/exception.png');
}
}
}
}
}
}
return 'src="' . $convurl . '"';
}
require_once 'lib/datei.inc.php';
//basename() needs setlocale()
init_i18n($_SESSION['_language']);
// Set Base URL, otherwise links will fail on SENDFILE_LINK_MODE = rewrite
URLHelper::setBaseURL($GLOBALS['ABSOLUTE_URI_STUDIP']);
$file_id = escapeshellcmd(basename(Request::get('file_id')));
$type = Request::int('type');
if ($type < 0 || $type > 7) {
$type = 0;
}
$document = new StudipDocument($file_id);
$object_id = $document->getValue('seminar_id');
$no_access = true;
//download from course or institute or document is a message attachement
if ($object_id && in_array($type, array(0, 6, 7))) {
$no_access = !$document->checkAccess($GLOBALS['user']->id);
}
//download from archive, allowed if former participant
if ($type == 1) {
$query = "SELECT seminar_id FROM archiv WHERE archiv_file_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($file_id));
$archiv_seminar_id = $statement->fetchColumn();
if ($archiv_seminar_id) {
$no_access = !archiv_check_perm($archiv_seminar_id);
} else {
$query = "SELECT seminar_id FROM archiv WHERE archiv_protected_file_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($file_id));
$archiv_seminar_id = $statement->fetchColumn();
if ($archiv_seminar_id) {
/**
* Returns the file indicated by the $id if it exists otherwise
* returns NULL. If the file exists, halt the router with a 403,
* if the user does not have access.
*/
private function loadFile($id)
{
$file = new \StudipDocument($id);
// return NULL unless it exists
if ($file->isNew()) {
return null;
}
if (!$file->checkAccess($GLOBALS['user']->id)) {
$this->error(401);
}
return $file;
}