Update of /home/spip-cvs/spip
In directory alan:/tmp/cvs-serv11775

Modified Files:
  inc-urls-html.php3 inc-urls-propres.php3
  inc-urls-standard.php3
Added Files:
  spip_acces_doc.php3
Log Message:
Renommer donne_l_ode.php3 en spip_acces_doc.php3

Index: inc-urls-propres.php3

RCS file: /home/spip-cvs/spip/inc-urls-propres.php3,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- inc-urls-propres.php3 8 Oct 2004 13:01:52 -0000 1.2
+++ inc-urls-propres.php3 13 Oct 2004 12:15:27 -0000 1.3
@@ -104,7 +104,7 @@
   if (intval($id_document) <= 0)
     return '';
   if ((lire_meta("creer_htpasswd")) == 'oui')
- return "donne_l_ode.php3?id_document=$id_document";
+ return "spip_acces_doc.php3?id_document=$id_document";
   if ($row = @spip_fetch_array(spip_query("SELECT fichier FROM spip_documents WHERE id_document = $id_document")))
     return ($row['fichier']);
   return '';

Index: inc-urls-standard.php3

RCS file: /home/spip-cvs/spip/inc-urls-standard.php3,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- inc-urls-standard.php3 8 Oct 2004 13:01:52 -0000 1.12
+++ inc-urls-standard.php3 13 Oct 2004 12:15:27 -0000 1.13
@@ -28,7 +28,7 @@
   if (intval($id_document) <= 0)
     return '';
   if ((lire_meta("creer_htpasswd")) == 'oui')
- return "donne_l_ode.php3?id_document=$id_document";
+ return "spip_acces_doc.php3?id_document=$id_document";
   if ($row = @spip_fetch_array(spip_query("SELECT fichier FROM spip_documents WHERE id_document = $id_document")))
     return ($row['fichier']);
   return '';

--- NEW FILE: spip_acces_doc.php3 ---
<?
# script d'acces aux documents joints
# doit etre appele avec un de ces 2 parametres de GET:
# - id_document
# - file
# il verifie soit que le demandeur est authentifie
# soit que le fichier est joint à au moins 1 article, breve ou rubrique

$id_document = ($_GET['id_document']);
$file = urldecode($_GET['file']);
if (strpos($file,'../') !== false)
  $refus = 1;
else
  {
    $refus = false;
    include ("ecrire/inc_version.php3");
    include ("ecrire/inc_connect.php3");
    include ("ecrire/inc_meta.php3");
    include ("ecrire/inc_session.php3");

    global $auteur_session;
    if ($cookie_session = $HTTP_COOKIE_VARS['spip_session'])
      {
  if (verifier_session($cookie_session))
    {
      if ($auteur_session['statut'] == '0minirezo'
    OR $auteur_session['statut'] == '1comite')
        $auth_login = $auteur_session['login'];
    }
      }

    if (!$id_document) {
      $id_document = @spip_fetch_array(spip_query("select id_document from spip_documents as documents where documents.fichier='".$file."'"));
      if (!$id_document) $refus = 2;
      $id_document = $id_document['id_document'];
    } else {
      $file = @spip_fetch_array(spip_query("select fichier from spip_documents as documents where id_document='". $id_document ."'"));
      if (!$file) $refus = 3;
      $file = $file['fichier'];
    }
  }

if (!$auth_login && !$refus) {
    if (!spip_num_rows(spip_query("select articles.id_article
from spip_documents_articles as rel_articles, spip_articles as articles
where rel_articles.id_article = articles.id_article AND
articles.statut = 'publie' AND rel_articles.id_document ='".
             $id_document .
        "' LIMIT 1"))) {
      if (!spip_num_rows(spip_query("select rubriques.id_rubrique
from spip_documents_rubriques as rel_rubriques, spip_rubriques as rubriques
where rel_rubriques.id_rubrique = rubriques.id_rubrique AND
rubriques.statut = 'publie' AND rel_rubriques.id_document ='".
             $id_document .
          "' LIMIT 1"))) {
  if (!spip_num_rows(spip_query("select breves.id_breve
from spip_documents_breves as rel_breves, spip_breves as breves
where rel_breves.id_breve = breves.id_breve AND
breves.statut = 'publie' AND rel_breves.id_document ='".
             $id_document .
          "' LIMIT 1")))
    $refus = 4; } } }

if (!$refus)
  {
     header("Content-Type: ". mime_content_type($file));
     header("Content-Length: ". filesize($file));
     header("Content-Disposition: attachment; filename=\"". basename($file) ."\";");
     header("Content-Transfer-Encoding: binary");
     readfile($file);
   }
else
   spip_log("Acces refuse ($refus) au document " . ($_GET['id_document']) . ': ' .($_GET['file']));

?>
Index: inc-urls-html.php3

RCS file: /home/spip-cvs/spip/inc-urls-html.php3,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- inc-urls-html.php3 8 Oct 2004 13:01:52 -0000 1.12
+++ inc-urls-html.php3 13 Oct 2004 12:15:27 -0000 1.13
@@ -28,7 +28,7 @@
   if (intval($id_document) <= 0)
     return '';
   if ((lire_meta("creer_htpasswd")) == 'oui')
- return "donne_l_ode.php3?id_document=$id_document";
+ return "spip_acces_doc.php3?id_document=$id_document";
   if ($row = @spip_fetch_array(spip_query("SELECT fichier FROM spip_documents WHERE id_document = $id_document")))
     return ($row['fichier']);
   return '';