Skip to content

Commit

Permalink
new handling of uploaded files, please TEST, TEST, TEST
Browse files Browse the repository at this point in the history
  • Loading branch information
skodak committed Dec 14, 2004
1 parent 93c7d6d commit e7f927a
Show file tree
Hide file tree
Showing 9 changed files with 377 additions and 394 deletions.
163 changes: 83 additions & 80 deletions file.php
View file
Original file line number Diff line number Diff line change
@@ -1,111 +1,114 @@
<?php

/**
* file.php - Used to fetch file from the data directory
*
* This script file fetches files from the data directory (dataroot)<br>
* Syntax: file.php/courseid/dir/.../dir/filename.ext
*
* @uses $CFG
* @uses FORMAT_HTML
* @uses FORMAT_MOODLE
* @author Martin Dougiamas
* @version $Id$
* @package moodlecore
*/

<?php // $Id$
// This script fetches files from the dataroot directory
// Syntax: file.php/courseid/dir/dir/dir/filename.ext
// file.php/courseid/dir (returns index.html from dir)
// Workaround: file.php?file=/courseid/dir/dir/dir/filename.ext
// Test: file.php/test

require_once('config.php');
require_once('files/mimetypes.php');

if (empty($CFG->filelifetime)) {
$CFG->filelifetime = 86400; /// Seconds for files to remain in caches
}

if (isset($file)) { // workaround for situations where / syntax doesn't work
$pathinfo = $file;
$lifetime = 86400; // Seconds for files to remain in caches
} else {
$pathinfo = get_slash_arguments('file.php');
$lifetime = $CFG->filelifetime;
}


if (!$pathinfo) {
error('No file parameters!');
$relativepath = get_file_argument('file.php');

// relative path must start with '/', because of backup/restore!!!
if (!$relativepath) {
error('No valid arguments supplied or incorrect server configuration');
} else if ($relativepath{0} != '/') {
error('No valid arguments supplied, path does not start with slash!');
}

$pathinfo = urldecode($pathinfo);
$pathname = $CFG->dataroot.$relativepath;

if (! $args = parse_slash_arguments($pathinfo)) {
// extract relative path components
$args = explode('/', trim($relativepath, '/'));
if (count($args) == 0) { // always at least courseid, may search for index.html in course root
error('No valid arguments supplied');
}

$numargs = count($args);
if ($numargs < 2 or empty($args[1])) {
error('No valid arguments supplied');
// security: limit access to existing course subdirectories
// note: course ID must be specified
// note: the lang field is needed for the course language switching hack in weblib.php
if (!$course = get_record_sql("SELECT id, lang FROM {$CFG->prefix}course WHERE id='".(int)$args[0]."'")) {
error('Invalid course ID');
}

$courseid = (integer)$args[0];

if (!$course = get_record('course', 'id', $courseid)) { // Course ID must be specified
// security: prevent access to "000" or "1 something" directories
if ($args[0] != $course->id) {
error('Invalid course ID');
}

if ($course->category) {
require_login($courseid);
// security: login to course if necessary
if ($course->id != SITEID) {
require_login($course->id);
} else if ($CFG->forcelogin) {
require_login();
}

$pathname = $CFG->dataroot . $pathinfo;
if ($pathargs = explode('?', $pathname)) {
$pathname = $pathargs[0]; // Only keep what's before the '?'
}
$filename = $args[$numargs-1];
if ($fileargs = explode('?', $filename)) {
$filename = $fileargs[0]; // Only keep what's before the '?'
}
// security: only editing teachers can access backups
if ((!isteacheredit($course->id))
and (count($args) >= 2)
and (strtolower($args[1]) == 'backupdata')) {

if (file_exists($pathname)) {
$lastmodified = filemtime($pathname);
$mimetype = mimeinfo('type', $filename);
error('Access not allowed');
}

header('Last-Modified: ' . gmdate("D, d M Y H:i:s", $lastmodified) . ' GMT');
header('Expires: ' . gmdate("D, d M Y H:i:s", time() + $CFG->filelifetime) . ' GMT');
header('Cache-control: max_age = '. $CFG->filelifetime);
header('Pragma: ');
header('Content-disposition: inline; filename='. $filename);
// security: teachers can view all assignments, students only their own
if ((count($args) >= 3)
and (strtolower($args[1]) == 'moddata')
and (strtolower($args[2]) == 'assignment')) {

$lifetime = 0; // do not cache assignments, students may reupload them
if ((!isteacher($course->id)) && (count($args) != 6 || $args[4] != $USER->id)) {
error('Access not allowed');
}
}

if (empty($CFG->filteruploadedfiles)) {
header('Content-length: '. filesize($pathname));
header('Content-type: '. $mimetype);
readfile($pathname);
if (is_dir($pathname)) {
if (file_exists($pathname.'/index.html')) {
$pathname = rtrim($pathname, '/').'/index.html';
$args[] = 'index.html';
} else if (file_exists($pathname.'/index.htm')) {
$pathname = rtrim($pathname, '/').'/index.htm';
$args[] = 'index.htm';
} else if (file_exists($pathname.'/Default.htm')) {
$pathname = rtrim($pathname, '/').'/Default.htm';
$args[] = 'Default.htm';
} else {
// security: do not return directory node!
not_found($course->id);
}
}

} else { /// Try and put the file through filters
if ($mimetype == 'text/html') {
$options->noclean = true;
$output = format_text(implode('', file($pathname)), FORMAT_HTML, $options, $courseid);
// check that file exists
if (!file_exists($pathname)) {
not_found($course->id);
}

header('Content-length: '. strlen($output));
header('Content-type: text/html');
echo $output;

} else if ($mimetype == 'text/plain') {
$options->newlines = false;
$options->noclean = true;
$output = '<pre>'. format_text(implode('', file($pathname)), FORMAT_MOODLE, $options, $courseid) .'</pre>';
header('Content-length: '. strlen($output));
header('Content-type: text/html');
echo $output;

} else { /// Just send it out raw
header('Content-length: '. filesize($pathname));
header('Content-type: '. $mimetype);
readfile($pathname);
}
// extra security: keep symbolic links inside dataroot/courseid if required
/*if (!empty($CFG->checksymlinks)) {
$realpath = realpath($pathname);
$realdataroot = realpath($CFG->dataroot.'/'.$course->id);
if (strpos($realpath, $realdataroot) !== 0) {
not_found($course->id);
}
} else {
}*/

// ========================================
// finally send the file
// ========================================
$filename = $args[count($args)-1];
send_file($pathname, $filename, $lifetime, !empty($CFG->filteruploadedfiles));

function not_found($courseid) {
global $CFG;
header('HTTP/1.0 404 not found');
error(get_string('filenotfound', 'error'), $CFG->wwwroot .'/course/view.php?id='. $courseid);
error(get_string('filenotfound', 'error'), $CFG->wwwroot.'/course/view.php?id='.$courseid); //this is not displayed on IIS??
}

exit;
?>
?>
66 changes: 65 additions & 1 deletion files/mimetypes.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ function mimeinfo($element, $filename) {
);

if (eregi("\.([a-z0-9]+)$", $filename, $match)) {
if(isset($mimeinfo[strtolower($match[1])][$element])) {
if (isset($mimeinfo[strtolower($match[1])][$element])) {
return $mimeinfo[strtolower($match[1])][$element];
} else {
return $mimeinfo["xxx"][$element]; // By default
Expand All @@ -89,4 +89,68 @@ function mimeinfo($element, $filename) {
}
}

function send_file($path, $filename, $lifetime=86400 , $filter=false, $pathisstring=false) {

$mimetype = mimeinfo('type', $filename);
$lastmodified = $pathisstring ? time() : filemtime($path);
$filesize = $pathisstring ? strlen($path) : filesize($path);

@header('Last-Modified: '. gmdate("D, d M Y H:i:s", $lastmodified) .' GMT');
if ($lifetime > 0) {
@header('Cache-control: max-age='.$lifetime);
@header('Expires: '. gmdate("D, d M Y H:i:s", time() + $lifetime) .'GMT');
@header('Pragma: ');
} else {
// this part is tricky, displaying of MS Office documents in IE needs
// to store the file on disk, but no-cache may prevent it
@header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=10');
@header('Expires: '. gmdate("D, d M Y H:i:s", 0) .'GMT');
@header('Pragma: no-cache');
}
@header('Accept-Ranges: none'); // PDF compatibility
@header('Content-disposition: inline; filename='.$filename);

if (!$filter) {
@header('Content-length: '.$filesize);
if ($mimetype == 'text/plain') {
@header('Content-type: text/plain; charset='.get_string('thischarset')); //add encoding
} else {
@header('Content-type: '.$mimetype);
}
if ($pathisstring) {
echo $path;
}else {
readfile($path);
}
} else { // Try to put the file through filters
if ($mimetype == 'text/html') {
$options->noclean = true;
$text = $pathisstring ? $path : implode('', file($path));
$output = format_text($text, FORMAT_HTML, $options, $course->id);

@header('Content-length: '.strlen($output));
@header('Content-type: text/html');
echo $output;
} else if ($mimetype == 'text/plain') {
$options->newlines = false;
$options->noclean = true;
$text = htmlentities($pathisstring ? $path : implode('', file($path)));
$output = '<pre>'. format_text($text, FORMAT_MOODLE, $options, $course->id) .'</pre>';

@header('Content-length: '.strlen($output));
@header('Content-type: text/html; charset='. get_string('thischarset')); //add encoding
echo $output;
} else { // Just send it out raw
@header('Content-length: '.$filesize);
@header('Content-type: '.$mimetype);
if ($pathisstring) {
echo $path;
}else {
readfile($path);
}
}
}
die; //no more chars to output!!!
}

?>
84 changes: 38 additions & 46 deletions filter/algebra/pix.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,43 +5,34 @@

$nomoodlecookie = true; // Because it interferes with caching

require_once("../../config.php");
require_once('../../config.php');
require_once('../../files/mimetypes.php');

$CFG->algebrafilterdir = "filter/algebra";
$CFG->texfilterdir = "filter/tex";
$CFG->algebraimagedir = "filter/algebra";
$CFG->texfilterdir = 'filter/tex';
$CFG->algebrafilterdir = 'filter/algebra';
$CFG->algebraimagedir = 'filter/algebra';

$cmd = ''; // Initialise these variables

$cmd = ''; // Initialise these variables
$status = '';

error_reporting(E_ALL);
//error_reporting(E_ALL);

$lifetime = 86400;
if (isset($file)) { // workaround for situations where / syntax doesn't work
$pathinfo = '/' . $file;
} else {
$pathinfo = get_slash_arguments("pix.php");
}

if (! $args = parse_slash_arguments($pathinfo)) {
error("No valid arguments supplied");
}
$relativepath = get_file_argument('pix.php');

$numargs = count($args);
$args = explode('/', trim($relativepath, '/'));

if ($numargs == 1) {
$image = $args[0];
$pathname = "$CFG->dataroot/$CFG->algebraimagedir/$image";
$filetype = "image/gif";
if (count($args) == 1) {
$image = $args[0];
$pathname = $CFG->dataroot.'/'.$CFG->algebraimagedir.'/'.$image;
} else {
error("No valid arguments supplied");
error('No valid arguments supplied');
}


if (!file_exists($pathname)) {
$md5 = str_replace('.gif','',$image);
if ($texcache = get_record("cache_filters", "filter", "algebra", "md5key", $md5)) {
if (!file_exists("$CFG->dataroot/$CFG->algebraimagedir")) {
if ($texcache = get_record('cache_filters', 'filter', 'algebra', 'md5key', $md5)) {
if (!file_exists($CFG->dataroot.'/'.$CFG->algebraimagedir)) {
make_upload_directory($CFG->algebraimagedir);
}

Expand All @@ -59,7 +50,7 @@
} else if (is_executable("$CFG->dirroot/$CFG->texfilterdir/mimetex")) { /// Use the custom binary

$cmd = "$CFG->dirroot/$CFG->texfilterdir/mimetex -e $pathname ". escapeshellarg($texexp);

} else { /// Auto-detect the right TeX binary
switch (PHP_OS) {

Expand All @@ -72,12 +63,17 @@
break;

default: /// Nothing was found, so tell them how to fix it.
echo "Make sure you have an appropriate MimeTeX binary here:\n\n";
echo " $CFG->dirroot/$CFG->texfilterdir/mimetex\n\n";
echo "and that it has the right permissions set on it as executable program.\n\n";
echo "You can get the latest binaries for your ".PHP_OS." platform from: \n\n";
echo " http://moodle.org/download/mimetex/";
exit;
if ($CFG->debug > 7) {
echo "Make sure you have an appropriate MimeTeX binary here:\n\n";
echo " $CFG->dirroot/$CFG->texfilterdir/mimetex\n\n";
echo "and that it has the right permissions set on it as executable program.\n\n";
echo "You can get the latest binaries for your ".PHP_OS." platform from: \n\n";
echo " http://moodle.org/download/mimetex/";
} else {
echo "Mimetex executable was not found,\n";
echo "Please turn on debug mode in site configuration to see more info here.";
}
die;
break;
}
}
Expand All @@ -86,20 +82,16 @@
}

if (file_exists($pathname)) {
$lastmodified = filemtime($pathname);
header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
header("Expires: " . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT");
header("Cache-control: max_age = $lifetime"); // a day
header("Pragma: ");
header("Content-disposition: inline; filename=$image");
header("Content-length: ".filesize($pathname));
header("Content-type: $filetype");
readfile("$pathname");
send_file($pathname, $image);
} else {
echo "The shell command<br />$cmd<br />returned status = $status<br />\n";
echo "Image not found!<br />";
echo "Please try the <a href=\"$CFG->wwwroot/filter/algebra/algebradebug.php\">debugging script</a>";
if ($CFG->debug > 7) {
echo "The shell command<br />$cmd<br />returned status = $status<br />\n";
echo "Image not found!<br />";
echo "Please try the <a href=\"$CFG->wwwroot/$CFG->algebrafilterdir/algebradebug.php\">debugging script</a>";
} else {
echo "Image not found!<br />";
echo "Please try the <a href=\"$CFG->wwwroot/$CFG->algebrafilterdir/algebradebug.php\">debugging script</a><br />";
echo "Please turn on debug mode in site configuration to see more info here.";
}
}

exit;
?>
Loading

0 comments on commit e7f927a

Please sign in to comment.