// +---------------------------------------------------------------------------+ ob_start(); require '../lib/bootstrap.php'; page_open(array("sess" => "Seminar_Session", "auth" => "Seminar_Default_Auth", "perm" => "Seminar_Perm", "user" => "Seminar_User")); require_once 'lib/datei.inc.php'; //basename() needs setlocale() init_i18n($_SESSION['_language']); // Set Base URL, otherwise links will fail on SENDFILE_LINK_MODE = rewrite URLHelper::setBaseURL($GLOBALS['ABSOLUTE_URI_STUDIP']); $file_id = escapeshellcmd(basename(Request::get('file_id'))); $type = Request::int('type'); if ($type < 0 || $type > 7) { $type = 0; } $document = new StudipDocument($file_id); $object_id = $document->getValue('seminar_id'); $no_access = true; //download from course or institute or document is a message attachement if ($object_id && in_array($type, array(0, 6, 7))) { $no_access = !$document->checkAccess($GLOBALS['user']->id); } //download from archive, allowed if former participant if ($type == 1) { $query = "SELECT seminar_id FROM archiv WHERE archiv_file_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($file_id)); $archiv_seminar_id = $statement->fetchColumn(); if ($archiv_seminar_id) { $no_access = !archiv_check_perm($archiv_seminar_id); } else { $query = "SELECT seminar_id FROM archiv WHERE archiv_protected_file_id = ?";
public function upload_attachment_action() { if ($GLOBALS['user']->id === "nobody") { throw new AccessDeniedException(); } if (!$GLOBALS['ENABLE_EMAIL_ATTACHMENTS']) { throw new AccessDeniedException(_('Mailanhänge sind nicht erlaubt.')); } $file = studip_utf8decode($_FILES['file']); $output = array('name' => $file['name'], 'size' => $file['size']); $output['message_id'] = Request::option("message_id"); if (!validate_upload($file)) { list($type, $error) = explode("§", $GLOBALS['msg']); throw new Exception($error); } $document = new StudipDocument(); $document->setValue('range_id', 'provisional'); $document->setValue('seminar_id', $GLOBALS['user']->id); $document->setValue('name', $output['name']); $document->setValue('filename', $document->getValue('name')); $document->setValue('filesize', (int) $output['size']); $document->setValue('autor_host', $_SERVER['REMOTE_ADDR']); $document->setValue('user_id', $GLOBALS['user']->id); $document->setValue('description', Request::option('message_id')); $success = $document->store(); if (!$success) { throw new Exception("Unable to handle uploaded file."); } $file_moved = move_uploaded_file($file['tmp_name'], get_upload_file_path($document->getId())); if (!$file_moved) { throw new Exception("No permission to move file to destination."); } $output['document_id'] = $document->getId(); $output['icon'] = GetFileIcon(getFileExtension($output['name']))->asImg(['class' => "text-bottom"]); $this->render_json($output); }
/** * * checks if the 'protected' flag of a file is set and if * the course access is closed * * @param string MD5 id of the file * @return bool */ function check_protected_download($document_id) { $ok = true; if (Config::GetInstance()->getValue('ENABLE_PROTECTED_DOWNLOAD_RESTRICTION')) { $doc = new StudipDocument($document_id); if ($doc->getValue('protected')) { $ok = false; $range_id = $doc->getValue('seminar_id'); if (get_object_type($range_id) == 'sem') { $seminar = Seminar::GetInstance($range_id); $timed_admission = $seminar->getAdmissionTimeFrame(); if ($seminar->isPasswordProtected() || $seminar->isAdmissionLocked() || ($timed_admission['end_time'] > 0 && $timed_admission['end_time'] < time())) { $ok = true; } else if (StudygroupModel::isStudygroup($range_id)) { $studygroup = Seminar::GetInstance($range_id); if ($studygroup->admission_prelim == 1) { $ok = true; } } } } } return $ok; }
/** * @param $dokument_id * @return StudipMail provides fluent interface */ function addStudipAttachment($dokument_id) { $doc = new StudipDocument($dokument_id); if (!$doc->isNew()) { $this->addFileAttachment(get_upload_file_path($doc->getId()), $doc->getValue('filename')); } return $this; }