forked from moodle/moodle
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsmartpix.php
271 lines (248 loc) · 8.81 KB
/
smartpix.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
<?php
// Outputs pictures from theme or core pix folder. Only used if $CFG->smartpix is
// turned on.
$matches=array(); // Reusable array variable for preg_match
// This does NOT use config.php. This is because doing that makes database requests
// which cause this to take longer (I benchmarked this at 16ms, 256ms with config.php)
// A version using normal Moodle functions is included in comment at end in case we
// want to switch to it in future.
function error($text,$notfound=false) {
header($notfound ? 'HTTP/1.0 404 Not Found' : 'HTTP/1.0 500 Internal Server Error');
header('Content-Type: text/plain');
print $text;
exit;
}
// Nicked from moodlelib clean_param
function makesafe($param) {
$param = str_replace('\\\'', '\'', $param);
$param = str_replace('\\"', '"', $param);
$param = str_replace('\\', '/', $param);
$param = ereg_replace('[[:cntrl:]]|[<>"`\|\':]', '', $param);
$param = ereg_replace('\.\.+', '', $param);
$param = ereg_replace('//+', '/', $param);
return ereg_replace('/(\./)+', '/', $param);
}
// Nicked from weblib
/**
* Remove query string from url
*
* Takes in a URL and returns it without the querystring portion
*
* @param string $url the url which may have a query string attached
* @return string
*/
function strip_querystring($url) {
if ($commapos = strpos($url, '?')) {
return substr($url, 0, $commapos);
} else {
return $url;
}
}
// Nicked from weblib then cutdown
/**
* Extracts file argument either from file parameter or PATH_INFO.
* @param string $scriptname name of the calling script
* @return string file path (only safe characters)
*/
function get_file_argument_limited($scriptname) {
$relativepath = FALSE;
// first try normal parameter (compatible method == no relative links!)
if(isset($_GET['file'])) {
return makesafe($_GET['file']);
}
// then try extract file from PATH_INFO (slasharguments method)
if (!empty($_SERVER['PATH_INFO'])) {
$path_info = $_SERVER['PATH_INFO'];
// check that PATH_INFO works == must not contain the script name
if (!strpos($path_info, $scriptname)) {
return makesafe(rawurldecode($path_info));
}
}
// now if both fail try the old way
// (for compatibility with misconfigured or older buggy php implementations)
$arr = explode($scriptname, me());
if (!empty($arr[1])) {
return makesafe(rawurldecode(strip_querystring($arr[1])));
}
error('Unexpected PHP set up. Turn off the smartpix config option.');
}
// We do need to get dirroot from config.php
if(!$config=@file_get_contents(dirname(__FILE__).'/../config.php')) {
error("Can't open config.php");
}
$configlines=preg_split('/[\r\n]+/',$config);
foreach($configlines as $configline) {
if(preg_match('/^\s?\$CFG->dirroot\s*=\s*[\'"](.*?)[\'"]\s*;/',$configline,$matches)) {
$dirroot=$matches[1];
}
if(preg_match('/^\s?\$CFG->dataroot\s*=\s*[\'"](.*?)[\'"]\s*;/',$configline,$matches)) {
$dataroot=$matches[1];
}
if(isset($dirroot) && isset($dataroot)) {
break;
}
}
if(!(isset($dirroot) && isset($dataroot))) {
error('No line in config.php like $CFG->dirroot=\'/somewhere/whatever\';');
}
// Split path - starts with theme name, then actual image path inside pix
$path=get_file_argument_limited('smartpix.php');
$match=array();
if(!preg_match('|^/([a-z0-9_\-.]+)/([a-z0-9/_\-.]+)$|',$path,$match)) {
error('Unexpected request format');
}
list($junk,$theme,$path)=$match;
// Check file type
if(preg_match('/\.png$/',$path)) {
$mimetype='image/png';
} else if(preg_match('/\.gif$/',$path)) {
$mimetype='image/gif';
} else if(preg_match('/\.jpe?g$/',$path)) {
$mimetype='image/jpeg';
} else {
// Note that this is a security feature as well as a lack of mime type
// support :) Means this can't accidentally serve files from places it
// shouldn't. Without it, you can actually access any file inside the
// module code directory.
error('Request for non-image file');
}
// Find actual location of image as $file
$file=false;
if(file_exists($possibility="$dirroot/theme/$theme/pix/$path")) {
// Found the file in theme, stop looking
$file=$possibility;
} else {
// Is there a parent theme?
while(true) {
require("$dirroot/theme/$theme/config.php"); // Sets up $THEME
if(!$THEME->parent) {
break;
}
$theme=$THEME->parent;
if(file_exists($possibility="$dirroot/theme/$theme/pix/$path")) {
$file=$possibility;
// Found in parent theme
break;
}
}
if(!$file) {
if(preg_match('|^mod/|',$path)) {
if(!file_exists($possibility="$dirroot/$path")) {
error('Requested image not found.',true);
}
} else {
if(!file_exists($possibility="$dirroot/pix/$path")) {
error('Requested image not found.',true);
}
}
$file=$possibility;
}
}
// Now we have a file that exists. Not using send_file since it requires
// proper $CFG etc.
// Handle If-Modified-Since
$filedate=filemtime($file);
$ifmodifiedsince=isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? $_SERVER['HTTP_IF_MODIFIED_SINCE'] : false;
if($ifmodifiedsince && strtotime($ifmodifiedsince)>=$filedate) {
header('HTTP/1.0 304 Not Modified');
exit;
}
header('Last-Modified: '.gmdate('D, d M Y H:i:s',$filedate).' GMT');
// As I'm not loading config table from DB, this is hardcoded here; expiry
// 4 hours, unless the hacky file reduceimagecache.dat exists in dataroot
if(file_exists($reducefile=$dataroot.'/reduceimagecache.dat')) {
$lifetime=file_read_contents($reducefile);
} else {
$lifetime=4*60*60;
}
// Send expire headers
header('Cache-Control: max-age='.$lifetime);
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
// Type
header('Content-Type: '.$mimetype);
header('Content-Length: '.filesize($file));
// Output file
$handle=fopen($file,'r');
fpassthru($handle);
fclose($handle);
// Slower Moodle-style version follows:
//// Outputs pictures from theme or core pix folder. Only used if $CFG->smartpix is
//// turned on.
//
//$nomoodlecookie = true; // Stops it making a session
//require_once('../config.php');
//require_once('../lib/filelib.php');
//global $CFG;
//
//$matches=array(); // Reusable array variable for preg_match
//
//// Split path - starts with theme name, then actual image path inside pix
//$path=get_file_argument('smartpix.php');
//$match=array();
//if(!preg_match('|^/([a-z0-9_\-.]+)/([a-z0-9/_\-.]+)$|',$path,$match)) {
// error('Unexpected request format');
//}
//list($junk,$theme,$path)=$match;
//
//// Check file type - this is not needed for the MIME types as we could
//// get those by the existing function, but it provides an extra layer of security
//// as otherwise this script could be used to view all files within dirroot/mod
//if(preg_match('/\.png$/',$path)) {
// $mimetype='image/png';
//} else if(preg_match('/\.gif$/',$path)) {
// $mimetype='image/gif';
//} else if(preg_match('/\.jpe?g$/',$path)) {
// $mimetype='image/jpeg';
//} else {
// error('Request for non-image file');
//}
//
//// Find actual location of image as $file
//$file=false;
//if(file_exists($possibility="$CFG->dirroot/theme/$theme/pix/$path")) {
// // Found the file in theme, stop looking
// $file=$possibility;
//} else {
// // Is there a parent theme?
// while(true) {
// require("$CFG->dirroot/theme/$theme/config.php"); // Sets up $THEME
// if(!$THEME->parent) {
// break;
// }
// $theme=$THEME->parent;
// if(file_exists($possibility="$CFG->dirroot/theme/$theme/pix/$path")) {
// $file=$possibility;
// // Found in parent theme
// break;
// }
// }
// if(!$file) {
// if(preg_match('|^mod/|',$path)) {
// if(!file_exists($possibility="$CFG->dirroot/$path")) {
// error('Requested image not found.');
// }
// } else {
// if(!file_exists($possibility="$CFG->dirroot/pix/$path")) {
// error('Requested image not found.');
// }
// }
// $file=$possibility;
// }
//}
//
//// Handle If-Modified-Since because send_file doesn't
//$filedate=filemtime($file);
//$ifmodifiedsince=isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? $_SERVER['HTTP_IF_MODIFIED_SINCE'] : false;
//if($ifmodifiedsince && strtotime($ifmodifiedsince)>=$filedate) {
// header('HTTP/1.0 304 Not Modified');
// exit;
//}
//// Don't need to set last-modified, send_file does that
//
//if (empty($CFG->filelifetime)) {
// $lifetime = 86400; // Seconds for files to remain in caches
//} else {
// $lifetime = $CFG->filelifetime;
//}
//send_file($file,preg_replace('|^.*/|','',$file),$lifetime);
?>