forked from moodle/moodle
-
Notifications
You must be signed in to change notification settings - Fork 0
/
configonlylib.php
207 lines (178 loc) · 6.48 KB
/
configonlylib.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Minimalistic library, usable even when no other moodle libs are loaded.
*
* The only library that gets loaded if you define ABORT_AFTER_CONFIG
* before including main config.php. You can resume normal script operation
* if you define ABORT_AFTER_CONFIG_CANCEL and require the setup.php
*
* @package core
* @copyright 2009 Petr Skoda (skodak)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
/**
* Minimalistic parameter validation function.
* Can not use optional param because moodlelib.php is not loaded yet
* @param string $name
* @param mixed $default
* @param string $type
* @return mixed
*/
function min_optional_param($name, $default, $type) {
if (isset($_GET[$name])) {
$value = $_GET[$name];
} else if (isset($_GET['amp;'.$name])) {
// very, very, very ugly hack, unfortunately $OUTPUT->pix_url() is not used properly in javascript code :-(
$value = $_GET['amp;'.$name];
} else if (isset($_POST[$name])) {
$value = $_POST[$name];
} else {
return $default;
}
return min_clean_param($value, $type);
}
/**
* Minimalistic parameter cleaning function.
*
* Note: Can not use optional param because moodlelib.php is not loaded yet.
*
* @param string $value
* @param string $type
* @return mixed
*/
function min_clean_param($value, $type) {
switch($type) {
case 'RAW': $value = min_fix_utf8((string)$value);
break;
case 'INT': $value = (int)$value;
break;
case 'SAFEDIR': $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
break;
case 'SAFEPATH': $value = preg_replace('/[^a-zA-Z0-9\/\._-]/', '', $value);
$value = preg_replace('/\.+/', '.', $value);
$value = preg_replace('#/+#', '/', $value);
break;
default: die("Coding error: incorrect parameter type specified ($type).");
}
return $value;
}
/**
* Minimalistic UTF-8 sanitisation.
*
* Note: This duplicates fix_utf8() intentionally for now.
*
* @param string $value
* @return string
*/
function min_fix_utf8($value) {
// No null bytes expected in our data, so let's remove it.
$value = str_replace("\0", '', $value);
static $buggyiconv = null;
if ($buggyiconv === null) {
set_error_handler(function () {
return true;
});
$buggyiconv = (!function_exists('iconv') or iconv('UTF-8', 'UTF-8//IGNORE', '100'.chr(130).'€') !== '100€');
restore_error_handler();
}
if ($buggyiconv) {
if (function_exists('mb_convert_encoding')) {
$subst = mb_substitute_character();
mb_substitute_character('');
$result = mb_convert_encoding($value, 'utf-8', 'utf-8');
mb_substitute_character($subst);
} else {
// Warn admins on admin/index.php page.
$result = $value;
}
} else {
$result = @iconv('UTF-8', 'UTF-8//IGNORE', $value);
}
return $result;
}
/**
* This method tries to enable output compression if possible.
* This function must be called before any output or headers.
*
* (IE6 is not supported at all.)
*
* @return boolean, true if compression enabled
*/
function min_enable_zlib_compression() {
if (headers_sent()) {
return false;
}
// zlib.output_compression is preferred over ob_gzhandler()
if (!empty($_SERVER['HTTP_USER_AGENT']) and strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 6') !== false) {
ini_set('zlib.output_compression', 'Off');
if (function_exists('apache_setenv')) {
apache_setenv('no-gzip', 1);
}
return false;
}
ini_set('output_handler', '');
/*
* docs clearly say 'on' means enable and number means size of buffer,
* but unfortunately some PHP version break when we set 'on' here.
* 1 probably sets chunk size to 4096. our CSS and JS scripts are much bigger,
* so let's try some bigger sizes.
*/
ini_set('zlib.output_compression', 65536);
return true;
}
/**
* Returns the slashargument part of the URL.
*
* Note: ".php" is NOT allowed in slasharguments,
* it is intended for ASCII characters only.
*
* @param boolean $clean - Should we do cleaning on this path argument. If you set this
* to false you MUST be very careful and do the cleaning manually.
* @return string
*/
function min_get_slash_argument($clean = true) {
// Note: This code has to work in the same cases as normal get_file_argument(),
// but at the same time it may be simpler because we do not have to deal
// with encodings and other tricky stuff.
$relativepath = '';
if (!empty($_GET['file']) and strpos($_GET['file'], '/') === 0) {
// Server is using url rewriting, most probably IIS.
// Always clean the result of this function as it may be used in unsafe calls to send_file.
$relativepath = $_GET['file'];
if ($clean) {
$relativepath = min_clean_param($relativepath, 'SAFEPATH');
}
return $relativepath;
} else if (stripos($_SERVER['SERVER_SOFTWARE'], 'iis') !== false) {
if (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO'] !== '') {
$relativepath = urldecode($_SERVER['PATH_INFO']);
}
} else {
if (isset($_SERVER['PATH_INFO'])) {
$relativepath = $_SERVER['PATH_INFO'];
}
}
$matches = null;
if (preg_match('|^.+\.php(.*)$|i', $relativepath, $matches)) {
$relativepath = $matches[1];
}
// Always clean the result of this function as it may be used in unsafe calls to send_file.
if ($clean) {
$relativepath = min_clean_param($relativepath, 'SAFEPATH');
}
return $relativepath;
}