Ported compatiblity check to trunk

[gosa.git] / html / getkiosk.php

diff --git a/html/getkiosk.php b/html/getkiosk.php
index f4a41e263fcbc045d52c7408f03c51db1e926f3d..1f8d59923e3fa12c8191bce6fe7947eb2a103d7f 100644 (file)
--- a/html/getkiosk.php
+++ b/html/getkiosk.php
@@ -32,12 +32,16 @@ function getkiosk ($id)
   }
 
   $display = file_get_contents($id);
+
+  $nn = preg_replace("/^.*\//","",$id);
+
   header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
   header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
   header("Cache-Control: no-cache");
   header("Pragma: no-cache");
   header("Cache-Control: post-check=0, pre-check=0");
   header("Content-type: application/octet-stream");
+  header("Content-Disposition: attachment; filename=".$nn);
        echo $display;
 }
 
@@ -51,17 +55,18 @@ session_start ();
 /* Logged in? Simple security check */
 if (!isset($_SESSION['ui'])){
   gosa_log ("Error: getkiosk.php called without session");
-  header ("Location: ../index.php");
+  header ("Location: index.php");
   exit;
 }
 $ui= $_SESSION["ui"];
 $config= $_SESSION['config'];
 
 /* Check ACL's */
-$acl= get_permissions ($config->current['BASE'], $ui->subtreeACL);
-$acl= get_module_permission($acl, "all", $config->current['BASE']);
-if (chkacl($acl, "all") != ""){
-  header ("Location: ../index.php");
+#FIXME Use more specific acl categories instead of all/all
+$ui = get_userinfo();
+$acl = $ui->get_permissions(base64_decode($_GET['id']),"all/all");
+if(!preg_match("/r/",$acl)){
+  header ("Location: index.php");
   exit;
 }
 $dir = search_config($config->data,"environment", "KIOSKPATH");