/**
* Handles the sending of file data to the user's browser, including support for
* byteranges etc.
*
* The $options parameter supports the following keys:
* (string|null) preview - send the preview of the file (e.g. "thumb" for a thumbnail)
* (string|null) filename - overrides the implicit filename
* (bool) dontdie - return control to caller afterwards. this is not recommended and only used for cleanup tasks.
* if this is passed as true, ignore_user_abort is called. if you don't want your processing to continue on cancel,
* you must detect this case when control is returned using connection_aborted. Please not that session is closed
* and should not be reopened
* (string|null) cacheability - force the cacheability setting of the HTTP response, "private" or "public",
* when $lifetime is greater than 0. Cacheability defaults to "private" when logged in as other than guest; otherwise,
* defaults to "public".
*
* @category files
* @param stored_file $stored_file local file object
* @param int $lifetime Number of seconds before the file should expire from caches (null means $CFG->filelifetime)
* @param int $filter 0 (default)=no filtering, 1=all files, 2=html files only
* @param bool $forcedownload If true (default false), forces download of file rather than view in browser/plugin
* @param array $options additional options affecting the file serving
* @return null script execution stopped unless $options['dontdie'] is true
*/
function send_stored_file($stored_file, $lifetime = null, $filter = 0, $forcedownload = false, array $options = array())
{
global $CFG, $COURSE;
if (empty($options['filename'])) {
$filename = null;
} else {
$filename = $options['filename'];
}
if (empty($options['dontdie'])) {
$dontdie = false;
} else {
$dontdie = true;
}
if ($lifetime === 'default' or is_null($lifetime)) {
$lifetime = $CFG->filelifetime;
}
if (!empty($options['preview'])) {
// replace the file with its preview
$fs = get_file_storage();
$preview_file = $fs->get_file_preview($stored_file, $options['preview']);
if (!$preview_file) {
// unable to create a preview of the file, send its default mime icon instead
if ($options['preview'] === 'tinyicon') {
$size = 24;
} else {
if ($options['preview'] === 'thumb') {
$size = 90;
} else {
$size = 256;
}
}
$fileicon = file_file_icon($stored_file, $size);
send_file($CFG->dirroot . '/pix/' . $fileicon . '.png', basename($fileicon) . '.png');
} else {
// preview images have fixed cache lifetime and they ignore forced download
// (they are generated by GD and therefore they are considered reasonably safe).
$stored_file = $preview_file;
$lifetime = DAYSECS;
$filter = 0;
$forcedownload = false;
}
}
// handle external resource
if ($stored_file && $stored_file->is_external_file() && !isset($options['sendcachedexternalfile'])) {
$stored_file->send_file($lifetime, $filter, $forcedownload, $options);
die;
}
if (!$stored_file or $stored_file->is_directory()) {
// nothing to serve
if ($dontdie) {
return;
}
die;
}
if ($dontdie) {
ignore_user_abort(true);
}
\core\session\manager::write_close();
// Unlock session during file serving.
$filename = is_null($filename) ? $stored_file->get_filename() : $filename;
// Use given MIME type if specified.
$mimetype = $stored_file->get_mimetype();
// Otherwise guess it.
if (!$mimetype || $mimetype === 'document/unknown') {
$mimetype = get_mimetype_for_sending($filename);
}
// if user is using IE, urlencode the filename so that multibyte file name will show up correctly on popup
if (core_useragent::is_ie()) {
$filename = rawurlencode($filename);
}
if ($forcedownload) {
header('Content-Disposition: attachment; filename="' . $filename . '"');
} else {
if ($mimetype !== 'application/x-shockwave-flash') {
// If this is an swf don't pass content-disposition with filename as this makes the flash player treat the file
// as an upload and enforces security that may prevent the file from being loaded.
header('Content-Disposition: inline; filename="' . $filename . '"');
}
}
if ($lifetime > 0) {
$cacheability = ' public,';
if (!empty($options['cacheability']) && $options['cacheability'] === 'public') {
// This file must be cache-able by both browsers and proxies.
$cacheability = ' public,';
} else {
if (!empty($options['cacheability']) && $options['cacheability'] === 'private') {
// This file must be cache-able only by browsers.
$cacheability = ' private,';
} else {
if (isloggedin() and !isguestuser()) {
$cacheability = ' private,';
}
}
}
header('Cache-Control:' . $cacheability . ' max-age=' . $lifetime . ', no-transform');
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT');
header('Pragma: ');
} else {
// Do not cache files in proxies and browsers
if (is_https()) {
// HTTPS sites - watch out for IE! KB812935 and KB316431.
header('Cache-Control: private, max-age=10, no-transform');
header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
header('Pragma: ');
} else {
//normal http - prevent caching at all cost
header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
header('Pragma: no-cache');
}
}
// Allow cross-origin requests only for Web Services.
// This allow to receive requests done by Web Workers or webapps in different domains.
if (WS_SERVER) {
header('Access-Control-Allow-Origin: *');
}
if (empty($filter)) {
// send the contents
readfile_accel($stored_file, $mimetype, !$dontdie);
} else {
// Try to put the file through filters
if ($mimetype == 'text/html' || $mimetype == 'application/xhtml+xml') {
$options = new stdClass();
$options->noclean = true;
$options->nocache = true;
// temporary workaround for MDL-5136
$text = $stored_file->get_content();
$text = file_modify_html_header($text);
$output = format_text($text, FORMAT_HTML, $options, $COURSE->id);
readstring_accel($output, $mimetype, false);
} else {
if ($mimetype == 'text/plain' and $filter == 1) {
// only filter text if filter all files is selected
$options = new stdClass();
$options->newlines = false;
$options->noclean = true;
$text = $stored_file->get_content();
$output = '<pre>' . format_text($text, FORMAT_MOODLE, $options, $COURSE->id) . '</pre>';
readstring_accel($output, $mimetype, false);
} else {
// Just send it out raw
readfile_accel($stored_file, $mimetype, !$dontdie);
}
}
}
if ($dontdie) {
return;
}
die;
//no more chars to output!!!
}
/**
* Handles the sending of file data to the user's browser, including support for
* byteranges etc.
*
* The $options parameter supports the following keys:
* (string|null) preview - send the preview of the file (e.g. "thumb" for a thumbnail)
* (string|null) filename - overrides the implicit filename
* (bool) dontdie - return control to caller afterwards. this is not recommended and only used for cleanup tasks.
* if this is passed as true, ignore_user_abort is called. if you don't want your processing to continue on cancel,
* you must detect this case when control is returned using connection_aborted. Please not that session is closed
* and should not be reopened.
*
* @category files
* @param stored_file $stored_file local file object
* @param int $lifetime Number of seconds before the file should expire from caches (null means $CFG->filelifetime)
* @param int $filter 0 (default)=no filtering, 1=all files, 2=html files only
* @param bool $forcedownload If true (default false), forces download of file rather than view in browser/plugin
* @param array $options additional options affecting the file serving
* @return null script execution stopped unless $options['dontdie'] is true
*/
function send_stored_file($stored_file, $lifetime = null, $filter = 0, $forcedownload = false, array $options = array())
{
global $CFG, $COURSE;
if (empty($options['filename'])) {
$filename = null;
} else {
$filename = $options['filename'];
}
if (empty($options['dontdie'])) {
$dontdie = false;
} else {
$dontdie = true;
}
if ($lifetime === 'default' or is_null($lifetime)) {
$lifetime = $CFG->filelifetime;
}
if (!empty($options['preview'])) {
// replace the file with its preview
$fs = get_file_storage();
$preview_file = $fs->get_file_preview($stored_file, $options['preview']);
if (!$preview_file) {
// unable to create a preview of the file, send its default mime icon instead
if ($options['preview'] === 'tinyicon') {
$size = 24;
} else {
if ($options['preview'] === 'thumb') {
$size = 90;
} else {
$size = 256;
}
}
$fileicon = file_file_icon($stored_file, $size);
send_file($CFG->dirroot . '/pix/' . $fileicon . '.png', basename($fileicon) . '.png');
} else {
// preview images have fixed cache lifetime and they ignore forced download
// (they are generated by GD and therefore they are considered reasonably safe).
$stored_file = $preview_file;
$lifetime = DAYSECS;
$filter = 0;
$forcedownload = false;
}
}
// handle external resource
if ($stored_file && $stored_file->is_external_file() && !isset($options['sendcachedexternalfile'])) {
$stored_file->send_file($lifetime, $filter, $forcedownload, $options);
die;
}
if (!$stored_file or $stored_file->is_directory()) {
// nothing to serve
if ($dontdie) {
return;
}
die;
}
if ($dontdie) {
ignore_user_abort(true);
}
\core\session\manager::write_close();
// Unlock session during file serving.
// Use given MIME type if specified, otherwise guess it using mimeinfo.
// IE, Konqueror and Opera open html file directly in browser from web even when directed to save it to disk :-O
// only Firefox saves all files locally before opening when content-disposition: attachment stated
$filename = is_null($filename) ? $stored_file->get_filename() : $filename;
$isFF = core_useragent::is_firefox();
// only FF properly tested
$mimetype = ($forcedownload and !$isFF) ? 'application/x-forcedownload' : ($stored_file->get_mimetype() ? $stored_file->get_mimetype() : mimeinfo('type', $filename));
// if user is using IE, urlencode the filename so that multibyte file name will show up correctly on popup
if (core_useragent::is_ie()) {
$filename = rawurlencode($filename);
}
if ($forcedownload) {
header('Content-Disposition: attachment; filename="' . $filename . '"');
} else {
header('Content-Disposition: inline; filename="' . $filename . '"');
}
if ($lifetime > 0) {
$private = '';
if (isloggedin() and !isguestuser()) {
$private = ' private,';
}
header('Cache-Control:' . $private . ' max-age=' . $lifetime . ', no-transform');
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT');
header('Pragma: ');
} else {
// Do not cache files in proxies and browsers
if (strpos($CFG->wwwroot, 'https://') === 0) {
//https sites - watch out for IE! KB812935 and KB316431
header('Cache-Control: private, max-age=10, no-transform');
header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
header('Pragma: ');
} else {
//normal http - prevent caching at all cost
header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
header('Pragma: no-cache');
}
}
if (empty($filter)) {
// send the contents
readfile_accel($stored_file, $mimetype, !$dontdie);
} else {
// Try to put the file through filters
if ($mimetype == 'text/html') {
$options = new stdClass();
$options->noclean = true;
$options->nocache = true;
// temporary workaround for MDL-5136
$text = $stored_file->get_content();
$text = file_modify_html_header($text);
$output = format_text($text, FORMAT_HTML, $options, $COURSE->id);
readstring_accel($output, $mimetype, false);
} else {
if ($mimetype == 'text/plain' and $filter == 1) {
// only filter text if filter all files is selected
$options = new stdClass();
$options->newlines = false;
$options->noclean = true;
$text = $stored_file->get_content();
$output = '<pre>' . format_text($text, FORMAT_MOODLE, $options, $COURSE->id) . '</pre>';
readstring_accel($output, $mimetype, false);
} else {
// Just send it out raw
readfile_accel($stored_file, $mimetype, !$dontdie);
}
}
}
if ($dontdie) {
return;
}
die;
//no more chars to output!!!
}
/**
* Handles the sending of file data to the user's browser, including support for
* byteranges etc.
*
* @global object
* @global object
* @global object
* @param object $stored_file local file object
* @param int $lifetime Number of seconds before the file should expire from caches (default 24 hours)
* @param int $filter 0 (default)=no filtering, 1=all files, 2=html files only
* @param bool $forcedownload If true (default false), forces download of file rather than view in browser/plugin
* @param string $filename Override filename
* @param bool $dontdie - return control to caller afterwards. this is not recommended and only used for cleanup tasks.
* if this is passed as true, ignore_user_abort is called. if you don't want your processing to continue on cancel,
* you must detect this case when control is returned using connection_aborted. Please not that session is closed
* and should not be reopened.
* @return void no return or void, script execution stopped unless $dontdie is true
*/
function send_stored_file($stored_file, $lifetime = 86400, $filter = 0, $forcedownload = false, $filename = null, $dontdie = false)
{
global $CFG, $COURSE, $SESSION;
if (!$stored_file or $stored_file->is_directory()) {
// nothing to serve
if ($dontdie) {
return;
}
die;
}
if ($dontdie) {
ignore_user_abort(true);
}
session_get_instance()->write_close();
// unlock session during fileserving
// Use given MIME type if specified, otherwise guess it using mimeinfo.
// IE, Konqueror and Opera open html file directly in browser from web even when directed to save it to disk :-O
// only Firefox saves all files locally before opening when content-disposition: attachment stated
$filename = is_null($filename) ? $stored_file->get_filename() : $filename;
$isFF = check_browser_version('Firefox', '1.5');
// only FF > 1.5 properly tested
$mimetype = ($forcedownload and !$isFF) ? 'application/x-forcedownload' : ($stored_file->get_mimetype() ? $stored_file->get_mimetype() : mimeinfo('type', $filename));
$lastmodified = $stored_file->get_timemodified();
$filesize = $stored_file->get_filesize();
//try to disable automatic sid rewrite in cookieless mode
@ini_set("session.use_trans_sid", "false");
if ($lifetime > 0 && !empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
// get unixtime of request header; clip extra junk off first
$since = strtotime(preg_replace('/;.*$/', '', $_SERVER["HTTP_IF_MODIFIED_SINCE"]));
if ($since && $since >= $lastmodified) {
header('HTTP/1.1 304 Not Modified');
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT');
header('Cache-Control: max-age=' . $lifetime);
header('Content-Type: ' . $mimetype);
if ($dontdie) {
return;
}
die;
}
}
//do not put '@' before the next header to detect incorrect moodle configurations,
//error should be better than "weird" empty lines for admins/users
//TODO: should we remove all those @ before the header()? Are all of the values supported on all servers?
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastmodified) . ' GMT');
// if user is using IE, urlencode the filename so that multibyte file name will show up correctly on popup
if (check_browser_version('MSIE')) {
$filename = rawurlencode($filename);
}
if ($forcedownload) {
header('Content-Disposition: attachment; filename="' . $filename . '"');
} else {
header('Content-Disposition: inline; filename="' . $filename . '"');
}
if ($lifetime > 0) {
header('Cache-Control: max-age=' . $lifetime);
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT');
header('Pragma: ');
if (empty($CFG->disablebyteserving) && $mimetype != 'text/plain' && $mimetype != 'text/html') {
header('Accept-Ranges: bytes');
if (!empty($_SERVER['HTTP_RANGE']) && strpos($_SERVER['HTTP_RANGE'], 'bytes=') !== FALSE) {
// byteserving stuff - for acrobat reader and download accelerators
// see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
// inspired by: http://www.coneural.org/florian/papers/04_byteserving.php
$ranges = false;
if (preg_match_all('/(\\d*)-(\\d*)/', $_SERVER['HTTP_RANGE'], $ranges, PREG_SET_ORDER)) {
foreach ($ranges as $key => $value) {
if ($ranges[$key][1] == '') {
//suffix case
$ranges[$key][1] = $filesize - $ranges[$key][2];
$ranges[$key][2] = $filesize - 1;
} else {
if ($ranges[$key][2] == '' || $ranges[$key][2] > $filesize - 1) {
//fix range length
$ranges[$key][2] = $filesize - 1;
}
}
if ($ranges[$key][2] != '' && $ranges[$key][2] < $ranges[$key][1]) {
//invalid byte-range ==> ignore header
$ranges = false;
break;
}
//prepare multipart header
$ranges[$key][0] = "\r\n--" . BYTESERVING_BOUNDARY . "\r\nContent-Type: {$mimetype}\r\n";
$ranges[$key][0] .= "Content-Range: bytes {$ranges[$key][1]}-{$ranges[$key][2]}/{$filesize}\r\n\r\n";
}
} else {
$ranges = false;
}
if ($ranges) {
byteserving_send_file($stored_file->get_content_file_handle(), $mimetype, $ranges, $filesize);
}
}
} else {
/// Do not byteserve (disabled, strings, text and html files).
header('Accept-Ranges: none');
}
} else {
// Do not cache files in proxies and browsers
if (strpos($CFG->wwwroot, 'https://') === 0) {
//https sites - watch out for IE! KB812935 and KB316431
header('Cache-Control: max-age=10');
header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
header('Pragma: ');
} else {
//normal http - prevent caching at all cost
header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
header('Pragma: no-cache');
}
header('Accept-Ranges: none');
// Do not allow byteserving when caching disabled
}
if (empty($filter)) {
$filtered = false;
if ($mimetype == 'text/html' && !empty($CFG->usesid)) {
//cookieless mode - rewrite links
header('Content-Type: text/html');
$text = $stored_file->get_content();
$text = sid_ob_rewrite($text);
$filesize = strlen($text);
$filtered = true;
} else {
if ($mimetype == 'text/plain') {
header('Content-Type: Text/plain; charset=utf-8');
//add encoding
} else {
header('Content-Type: ' . $mimetype);
}
}
header('Content-Length: ' . $filesize);
//flush the buffers - save memory and disable sid rewrite
//this also disables zlib compression
prepare_file_content_sending();
// send the contents
if ($filtered) {
echo $text;
} else {
$stored_file->readfile();
}
} else {
// Try to put the file through filters
if ($mimetype == 'text/html') {
$options = new stdClass();
$options->noclean = true;
$options->nocache = true;
// temporary workaround for MDL-5136
$text = $stored_file->get_content();
$text = file_modify_html_header($text);
$output = format_text($text, FORMAT_HTML, $options, $COURSE->id);
if (!empty($CFG->usesid)) {
//cookieless mode - rewrite links
$output = sid_ob_rewrite($output);
}
header('Content-Length: ' . strlen($output));
header('Content-Type: text/html');
//flush the buffers - save memory and disable sid rewrite
//this also disables zlib compression
prepare_file_content_sending();
// send the contents
echo $output;
} else {
if ($mimetype == 'text/plain' and $filter == 1) {
// only filter text if filter all files is selected
$options = new stdClass();
$options->newlines = false;
$options->noclean = true;
$text = $stored_file->get_content();
$output = '<pre>' . format_text($text, FORMAT_MOODLE, $options, $COURSE->id) . '</pre>';
if (!empty($CFG->usesid)) {
//cookieless mode - rewrite links
$output = sid_ob_rewrite($output);
}
header('Content-Length: ' . strlen($output));
header('Content-Type: text/html; charset=utf-8');
//add encoding
//flush the buffers - save memory and disable sid rewrite
//this also disables zlib compression
prepare_file_content_sending();
// send the contents
echo $output;
} else {
// Just send it out raw
header('Content-Length: ' . $filesize);
header('Content-Type: ' . $mimetype);
//flush the buffers - save memory and disable sid rewrite
//this also disables zlib compression
prepare_file_content_sending();
// send the contents
$stored_file->readfile();
}
}
}
if ($dontdie) {
return;
}
die;
//no more chars to output!!!
}
/**
* Handles the sending of file data to the user's browser, including support for
* byteranges etc.
* @param string $path Path of file on disk (including real filename), or actual content of file as string
* @param string $filename Filename to send
* @param int $lifetime Number of seconds before the file should expire from caches (default 24 hours)
* @param int $filter 0 (default)=no filtering, 1=all files, 2=html files only
* @param bool $pathisstring If true (default false), $path is the content to send and not the pathname
* @param bool $forcedownload If true (default false), forces download of file rather than view in browser/plugin
* @param string $mimetype Include to specify the MIME type; leave blank to have it guess the type from $filename
*/
function send_file($path, $filename, $lifetime = 'default', $filter = 0, $pathisstring = false, $forcedownload = false, $mimetype = '')
{
global $CFG, $COURSE, $SESSION;
// MDL-11789, apply $CFG->filelifetime here
if ($lifetime === 'default') {
if (!empty($CFG->filelifetime)) {
$lifetime = $CFG->filelifetime;
} else {
$lifetime = 86400;
}
}
// Use given MIME type if specified, otherwise guess it using mimeinfo.
// IE, Konqueror and Opera open html file directly in browser from web even when directed to save it to disk :-O
// only Firefox saves all files locally before opening when content-disposition: attachment stated
$isFF = check_browser_version('Firefox', '1.5');
// only FF > 1.5 properly tested
$mimetype = ($forcedownload and !$isFF) ? 'application/x-forcedownload' : ($mimetype ? $mimetype : mimeinfo('type', $filename));
// If the file is a Flash file and that the user flash player is outdated return a flash upgrader MDL-20841
if (!empty($CFG->excludeoldflashclients) && $mimetype == 'application/x-shockwave-flash' && !empty($SESSION->flashversion)) {
$userplayerversion = explode('.', $SESSION->flashversion);
$requiredplayerversion = explode('.', $CFG->excludeoldflashclients);
if ($userplayerversion[0] < $requiredplayerversion[0] || $userplayerversion[0] == $requiredplayerversion[0] && $userplayerversion[1] < $requiredplayerversion[1] || $userplayerversion[0] == $requiredplayerversion[0] && $userplayerversion[1] == $requiredplayerversion[1] && $userplayerversion[2] < $requiredplayerversion[2]) {
$path = $CFG->dirroot . "/lib/flashdetect/flashupgrade.swf";
// Alternate content asking user to upgrade Flash
$filename = "flashupgrade.swf";
$lifetime = 0;
// Do not cache
}
}
$lastmodified = $pathisstring ? time() : filemtime($path);
$filesize = $pathisstring ? strlen($path) : filesize($path);
/* - MDL-13949
//Adobe Acrobat Reader XSS prevention
if ($mimetype=='application/pdf' or mimeinfo('type', $filename)=='application/pdf') {
//please note that it prevents opening of pdfs in browser when http referer disabled
//or file linked from another site; browser caching of pdfs is now disabled too
if (!empty($_SERVER['HTTP_RANGE'])) {
//already byteserving
$lifetime = 1; // >0 needed for byteserving
} else if (empty($_SERVER['HTTP_REFERER']) or strpos($_SERVER['HTTP_REFERER'], $CFG->wwwroot)!==0) {
$mimetype = 'application/x-forcedownload';
$forcedownload = true;
$lifetime = 0;
} else {
$lifetime = 1; // >0 needed for byteserving
}
}
*/
//IE compatibiltiy HACK!
if (ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', 'Off');
}
//try to disable automatic sid rewrite in cookieless mode
@ini_set("session.use_trans_sid", "false");
//do not put '@' before the next header to detect incorrect moodle configurations,
//error should be better than "weird" empty lines for admins/users
//TODO: should we remove all those @ before the header()? Are all of the values supported on all servers?
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastmodified) . ' GMT');
// if user is using IE, urlencode the filename so that multibyte file name will show up correctly on popup
if (check_browser_version('MSIE')) {
$filename = rawurlencode($filename);
}
if ($forcedownload) {
@header('Content-Disposition: attachment; filename="' . $filename . '"');
} else {
@header('Content-Disposition: inline; filename="' . $filename . '"');
}
if ($lifetime > 0) {
@header('Cache-Control: max-age=' . $lifetime);
@header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT');
@header('Pragma: ');
if (empty($CFG->disablebyteserving) && !$pathisstring && $mimetype != 'text/plain' && $mimetype != 'text/html') {
@header('Accept-Ranges: bytes');
if (!empty($_SERVER['HTTP_RANGE']) && strpos($_SERVER['HTTP_RANGE'], 'bytes=') !== FALSE) {
// byteserving stuff - for acrobat reader and download accelerators
// see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
// inspired by: http://www.coneural.org/florian/papers/04_byteserving.php
$ranges = false;
if (preg_match_all('/(\\d*)-(\\d*)/', $_SERVER['HTTP_RANGE'], $ranges, PREG_SET_ORDER)) {
foreach ($ranges as $key => $value) {
if ($ranges[$key][1] == '') {
//suffix case
$ranges[$key][1] = $filesize - $ranges[$key][2];
$ranges[$key][2] = $filesize - 1;
} else {
if ($ranges[$key][2] == '' || $ranges[$key][2] > $filesize - 1) {
//fix range length
$ranges[$key][2] = $filesize - 1;
}
}
if ($ranges[$key][2] != '' && $ranges[$key][2] < $ranges[$key][1]) {
//invalid byte-range ==> ignore header
$ranges = false;
break;
}
//prepare multipart header
$ranges[$key][0] = "\r\n--" . BYTESERVING_BOUNDARY . "\r\nContent-Type: {$mimetype}\r\n";
$ranges[$key][0] .= "Content-Range: bytes {$ranges[$key][1]}-{$ranges[$key][2]}/{$filesize}\r\n\r\n";
}
} else {
$ranges = false;
}
if ($ranges) {
byteserving_send_file($path, $mimetype, $ranges);
}
}
} else {
/// Do not byteserve (disabled, strings, text and html files).
@header('Accept-Ranges: none');
}
} else {
// Do not cache files in proxies and browsers
if (strpos($CFG->wwwroot, 'https://') === 0) {
//https sites - watch out for IE! KB812935 and KB316431
@header('Cache-Control: max-age=10');
@header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
@header('Pragma: ');
} else {
//normal http - prevent caching at all cost
@header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
@header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
@header('Pragma: no-cache');
}
@header('Accept-Ranges: none');
// Do not allow byteserving when caching disabled
}
if (empty($filter)) {
if ($mimetype == 'text/html' && !empty($CFG->usesid) && empty($_COOKIE['MoodleSession' . $CFG->sessioncookie])) {
//cookieless mode - rewrite links
@header('Content-Type: text/html');
$path = $pathisstring ? $path : implode('', file($path));
$path = sid_ob_rewrite($path);
$filesize = strlen($path);
$pathisstring = true;
} else {
if ($mimetype == 'text/plain') {
@header('Content-Type: Text/plain; charset=utf-8');
//add encoding
} else {
@header('Content-Type: ' . $mimetype);
}
}
@header('Content-Length: ' . $filesize);
while (@ob_end_flush()) {
}
//flush the buffers - save memory and disable sid rewrite
if ($pathisstring) {
echo $path;
} else {
readfile_chunked($path);
}
} else {
// Try to put the file through filters
if ($mimetype == 'text/html') {
$options = new object();
$options->noclean = true;
$options->nocache = true;
// temporary workaround for MDL-5136
$text = $pathisstring ? $path : implode('', file($path));
$text = file_modify_html_header($text);
$output = format_text($text, FORMAT_HTML, $options, $COURSE->id);
if (!empty($CFG->usesid) && empty($_COOKIE['MoodleSession' . $CFG->sessioncookie])) {
//cookieless mode - rewrite links
$output = sid_ob_rewrite($output);
}
@header('Content-Length: ' . strlen($output));
@header('Content-Type: text/html');
while (@ob_end_flush()) {
}
//flush the buffers - save memory and disable sid rewrite
echo $output;
// only filter text if filter all files is selected
} else {
if ($mimetype == 'text/plain' and $filter == 1) {
$options = new object();
$options->newlines = false;
$options->noclean = true;
$text = htmlentities($pathisstring ? $path : implode('', file($path)));
$output = '<pre>' . format_text($text, FORMAT_MOODLE, $options, $COURSE->id) . '</pre>';
if (!empty($CFG->usesid) && empty($_COOKIE['MoodleSession' . $CFG->sessioncookie])) {
//cookieless mode - rewrite links
$output = sid_ob_rewrite($output);
}
@header('Content-Length: ' . strlen($output));
@header('Content-Type: text/html; charset=utf-8');
//add encoding
while (@ob_end_flush()) {
}
//flush the buffers - save memory and disable sid rewrite
echo $output;
} else {
// Just send it out raw
@header('Content-Length: ' . $filesize);
@header('Content-Type: ' . $mimetype);
while (@ob_end_flush()) {
}
//flush the buffers - save memory and disable sid rewrite
if ($pathisstring) {
echo $path;
} else {
readfile_chunked($path);
}
}
}
}
die;
//no more chars to output!!!
}
