download review/approval files

op/op.Download.php

@@ -210,6 +210,68 @@ if (isset($_GET["version"])) {
 	
 	ob_clean();
 	readfile($settings->_contentDir .$filename );
+} elseif (isset($_GET["reviewlogid"])) {
+	if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
+		UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
+	}
+
+	if (!isset($_GET["reviewlogid"]) || !is_numeric($_GET["reviewlogid"]) || intval($_GET["reviewlogid"])<1) {
+		UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_reviewlog_id"));
+	}
+
+	$documentid = $_GET["documentid"];
+	$document = $dms->getDocument($documentid);
+	if (!is_object($document)) {
+		UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_doc_id"));
+	}
+
+	if ($document->getAccessMode($user) < M_READ) {
+		UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
+	}
+
+	$filename = $dms->contentDir . $document->getDir().'r'.(int) $_GET['reviewlogid'];
+	if(file_exists($filename)) {
+		$finfo = finfo_open(FILEINFO_MIME_TYPE);
+		$mimetype = finfo_file($finfo, $filename);
+
+		header("Content-Type: ".$mimetype."; name=\"review-" . $document->getID()."-".(int) $_GET['reviewlogid'] . get_extension($mimetype) . "\"");
+		header("Content-Transfer-Encoding: binary");
+		header("Content-Length: " . filesize($filename ));
+		header("Content-Disposition: attachment; filename=\"review-" . $document->getID()."-".(int) $_GET['reviewlogid'] . get_extension($mimetype) . "\"");
+		header("Cache-Control: must-revalidate");
+		readfile($filename);
+	}
+} elseif (isset($_GET["approvelogid"])) {
+	if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
+		UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
+	}
+
+	if (!isset($_GET["approvelogid"]) || !is_numeric($_GET["approvelogid"]) || intval($_GET["approvelogid"])<1) {
+		UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_approvelog_id"));
+	}
+
+	$documentid = $_GET["documentid"];
+	$document = $dms->getDocument($documentid);
+	if (!is_object($document)) {
+		UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_doc_id"));
+	}
+
+	if ($document->getAccessMode($user) < M_READ) {
+		UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
+	}
+
+	$filename = $dms->contentDir . $document->getDir().'a'.(int) $_GET['approvelogid'];
+	if(file_exists($filename)) {
+		$finfo = finfo_open(FILEINFO_MIME_TYPE);
+		$mimetype = finfo_file($finfo, $filename);
+
+		header("Content-Type: ".$mimetype."; name=\"approval-" . $document->getID()."-".(int) $_GET['approvelogid'] . get_extension($mimetype) . "\"");
+		header("Content-Transfer-Encoding: binary");
+		header("Content-Length: " . filesize($filename ));
+		header("Content-Disposition: attachment; filename=\"approval-" . $document->getID()."-".(int) $_GET['approvelogid'] . get_extension($mimetype) . "\"");
+		header("Cache-Control: must-revalidate");
+		readfile($filename);
+	}
 }
 
 add_log_line();