forked from moodle/moodle
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfigonlylib.php
264 lines (230 loc) · 8.19 KB
/
configonlylib.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Minimalistic library, usable even when no other moodle libs are loaded.
*
* The only library that gets loaded if you define ABORT_AFTER_CONFIG
* before including main config.php. You can resume normal script operation
* if you define ABORT_AFTER_CONFIG_CANCEL and require the setup.php
*
* @package core
* @copyright 2009 Petr Skoda (skodak)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
/**
* Minimalistic parameter validation function.
* Can not use optional param because moodlelib.php is not loaded yet
* @param string $name
* @param mixed $default
* @param string $type
* @return mixed
*/
function min_optional_param($name, $default, $type) {
if (isset($_GET[$name])) {
$value = $_GET[$name];
} else if (isset($_GET['amp;'.$name])) {
// very, very, very ugly hack, unfortunately $OUTPUT->pix_url() is not used properly in javascript code :-(
$value = $_GET['amp;'.$name];
} else if (isset($_POST[$name])) {
$value = $_POST[$name];
} else {
return $default;
}
return min_clean_param($value, $type);
}
/**
* Minimalistic parameter cleaning function.
*
* Note: Can not use optional param because moodlelib.php is not loaded yet.
*
* @param string $value
* @param string $type
* @return mixed
*/
function min_clean_param($value, $type) {
switch($type) {
case 'RAW': $value = min_fix_utf8((string)$value);
break;
case 'INT': $value = (int)$value;
break;
case 'SAFEDIR': $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
break;
case 'SAFEPATH': $value = preg_replace('/[^a-zA-Z0-9\/\._-]/', '', $value);
$value = preg_replace('/\.+/', '.', $value);
$value = preg_replace('#/+#', '/', $value);
break;
default: die("Coding error: incorrect parameter type specified ($type).");
}
return $value;
}
/**
* Minimalistic UTF-8 sanitisation.
*
* Note: This duplicates fix_utf8() intentionally for now.
*
* @param string $value
* @return string
*/
function min_fix_utf8($value) {
// No null bytes expected in our data, so let's remove it.
$value = str_replace("\0", '', $value);
static $buggyiconv = null;
if ($buggyiconv === null) {
set_error_handler(function () {
return true;
});
$buggyiconv = (!function_exists('iconv') or iconv('UTF-8', 'UTF-8//IGNORE', '100'.chr(130).'€') !== '100€');
restore_error_handler();
}
if ($buggyiconv) {
if (function_exists('mb_convert_encoding')) {
$subst = mb_substitute_character();
mb_substitute_character('none');
$result = mb_convert_encoding($value, 'utf-8', 'utf-8');
mb_substitute_character($subst);
} else {
// Warn admins on admin/index.php page.
$result = $value;
}
} else {
$result = @iconv('UTF-8', 'UTF-8//IGNORE', $value);
}
return $result;
}
/**
* This method tries to enable output compression if possible.
* This function must be called before any output or headers.
*
* (IE6 is not supported at all.)
*
* @return boolean, true if compression enabled
*/
function min_enable_zlib_compression() {
if (headers_sent()) {
return false;
}
// zlib.output_compression is preferred over ob_gzhandler()
if (!empty($_SERVER['HTTP_USER_AGENT']) and strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 6') !== false) {
ini_set('zlib.output_compression', 'Off');
if (function_exists('apache_setenv')) {
apache_setenv('no-gzip', 1);
}
return false;
}
ini_set('output_handler', '');
/*
* docs clearly say 'on' means enable and number means size of buffer,
* but unfortunately some PHP version break when we set 'on' here.
* 1 probably sets chunk size to 4096. our CSS and JS scripts are much bigger,
* so let's try some bigger sizes.
*/
ini_set('zlib.output_compression', 65536);
return true;
}
/**
* Returns the slashargument part of the URL.
*
* Note: ".php" is NOT allowed in slasharguments,
* it is intended for ASCII characters only.
*
* @param boolean $clean - Should we do cleaning on this path argument. If you set this
* to false you MUST be very careful and do the cleaning manually.
* @return string
*/
function min_get_slash_argument($clean = true) {
// Note: This code has to work in the same cases as normal get_file_argument(),
// but at the same time it may be simpler because we do not have to deal
// with encodings and other tricky stuff.
$relativepath = '';
if (!empty($_GET['file']) and strpos($_GET['file'], '/') === 0) {
// Server is using url rewriting, most probably IIS.
// Always clean the result of this function as it may be used in unsafe calls to send_file.
$relativepath = $_GET['file'];
if ($clean) {
$relativepath = min_clean_param($relativepath, 'SAFEPATH');
}
return $relativepath;
} else if (stripos($_SERVER['SERVER_SOFTWARE'], 'iis') !== false) {
if (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO'] !== '') {
$relativepath = urldecode($_SERVER['PATH_INFO']);
}
} else {
if (isset($_SERVER['PATH_INFO'])) {
$relativepath = $_SERVER['PATH_INFO'];
}
}
$matches = null;
if (preg_match('|^.+\.php(.*)$|i', $relativepath, $matches)) {
$relativepath = $matches[1];
}
// Always clean the result of this function as it may be used in unsafe calls to send_file.
if ($clean) {
$relativepath = min_clean_param($relativepath, 'SAFEPATH');
}
return $relativepath;
}
/**
* Get the lowest possible currently valid revision number.
*
* This is based on the current Moodle version.
*
* @return int Unix timestamp
*/
function min_get_minimum_revision(): int {
static $timestamp = null;
// Days that will be deducted.
// Avoids errors when date comparisons are made at time of packaging for next release.
$tolerancedays = 2;
if ($timestamp === null) {
global $CFG;
require("{$CFG->dirroot}/version.php");
// Get YYYYMMDD from version.
$datestring = floor($version / 100);
// Parse the date components.
$year = intval(substr($datestring, 0, 4));
$month = intval(substr($datestring, 4, 2));
$day = intval(substr($datestring, 6, 2)) - $tolerancedays;
// Return converted GMT Unix timestamp.
$timestamp = gmmktime(0, 0, 0, $month, $day, $year);
}
return $timestamp;
}
/**
* Get the highest possible currently valid revision number.
*
* This is based on the current time, allowing for a small amount of clock skew between servers.
*
* Future values beyond the clock skew are not allowed to avoid the possibility of cache poisoning.
*
* @return int
*/
function min_get_maximum_revision(): int {
return time() + 60;
}
/**
* Helper function to determine if the given revision number is valid.
*
* @param int $revision A numeric revision to check for validity
* @return bool Whether the revision is valid
*/
function min_is_revision_valid_and_current(int $revision): bool {
// Invalid revision.
if ($revision <= 0) {
return false;
}
// Check revision is within range.
return $revision >= min_get_minimum_revision() && $revision <= min_get_maximum_revision();
}