if (!$doc->getFromDB($_GET['docid'])) { Html::displayErrorAndDie(__('Unknown file'), true); } if (!file_exists(GLPI_DOC_DIR . "/" . $doc->fields['filepath'])) { Html::displayErrorAndDie(__('File not found'), true); // Not found } if ($doc->fields['sha1sum'] && $doc->fields['sha1sum'] != sha1_file(GLPI_DOC_DIR . "/" . $doc->fields['filepath'])) { Html::displayErrorAndDie(__('File is altered (bad checksum)'), true); // Doc alterated } else { $doc->send(); } } else { if (isset($_GET["file"]) && isset($_GET["type"])) { PluginPositionsPosition::sendFile(GLPI_PLUGIN_DOC_DIR . "/positions/" . $_GET["type"] . "/" . $_GET["file"], $_GET["file"], $_GET["type"]); } else { if (isset($_GET["file"])) { // for other file $splitter = explode("/", $_GET["file"]); if (count($splitter) == 2) { $send = false; if ($splitter[0] == "_dumps" && Session::haveRight("backup", "w")) { $send = true; } if ($send && file_exists(GLPI_DOC_DIR . "/" . $_GET["file"])) { Toolbox::sendFile(GLPI_DOC_DIR . "/" . $_GET["file"], $splitter[1]); } else { Html::displayErrorAndDie(__('Unauthorized access to this file'), true); } } else {