/**
* @param HTMLPurifier_URI $uri
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool
*/
public function filter(&$uri, $config, $context)
{
// check if filter not applicable
if (!$config->get('HTML.SafeIframe')) {
return true;
}
// check if the filter should actually trigger
if (!$context->get('EmbeddedURI', true)) {
return true;
}
$token = $context->get('CurrentToken', true);
if (!($token && $token->name == 'iframe')) {
return true;
}
// check if we actually have some whitelists enabled
if ($this->regexp === null) {
return false;
}
// actually check the whitelists
if (!preg_match($this->regexp, $uri->toString())) {
return false;
}
// Make sure that if we're an HTTPS site, the iframe is also HTTPS
if (is_https() && $uri->scheme == 'http') {
// Convert it to a protocol-relative URL
$uri->scheme = null;
}
return $uri;
}
/**
* replace any http images with https urls
*
* @param type $h
* @param type $t
* @param type $r
* @param type $p
* @return type
*/
function view_hook($h, $t, $r, $p)
{
$http_url = str_replace('https://', 'http://', elgg_get_site_url());
if (preg_match_all('/<img[^>]+src\\s*=\\s*["\']?([^"\' ]+)[^>]*>/', $r, $extracted_image)) {
foreach ($extracted_image[0] as $key => $i) {
if (strpos($extracted_image[1][$key], elgg_get_site_url()) !== false) {
continue;
// already one of our links
}
// check if this is our url being requested over http, and rewrite to https
if (strpos($extracted_image[1][$key], $http_url) === 0) {
$https_image = str_replace('http://', 'https://', $extracted_image[1][$key]);
$replacement_image = str_replace($extracted_image[1][$key], $https_image, $i);
$r = str_replace($i, $replacement_image, $r);
continue;
}
if (!is_https($extracted_image[1][$key])) {
// replace this url
$url = urlencode($extracted_image[1][$key]);
if (strpos($url, 'http') === 0) {
$token = get_token($extracted_image[1][$key]);
$new_url = elgg_normalize_url('mod/image_proxy/image.php?url=' . $url . '&token=' . $token);
$replacement_image = str_replace($extracted_image[1][$key], $new_url, $i);
$r = str_replace($i, $replacement_image, $r);
}
}
}
}
return $r;
}
public function __construct()
{
parent::__construct();
/**
* Set no-cache headers so pages are never cached by the browser.
* This is necessary because if the browser caches a page, the
* login or logout link and user specific data may not change when
* the logged in status changes.
*/
header('Expires: Wed, 13 Dec 1972 18:37:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
header('Pragma: no-cache');
/**
* Set the request protocol
*/
if (is_https()) {
$this->protocol = 'https';
}
/**
* If the http user cookie is set, make user data available in views
*/
if (get_cookie(config_item('http_user_cookie_name'))) {
$http_user_data = unserialize_data(get_cookie(config_item('http_user_cookie_name')));
$this->load->vars($http_user_data);
}
//$this->output->enable_profiler();
}
function force_http($port = null)
{
if (is_https()) {
$ci = get_instance();
if (isset($ci->session) && is_object($ci->session)) {
$ci->session->keep_flashdata();
}
redirect(to_http(CURRENT_URL, $port));
}
}
/**
* constructor
*
* @param string $elementName (optional) name of the recaptcha element
* @param string $elementLabel (optional) label for recaptcha element
* @param mixed $attributes (optional) Either a typical HTML attribute string
* or an associative array
*/
function MoodleQuickForm_recaptcha($elementName = null, $elementLabel = null, $attributes = null)
{
global $CFG;
parent::HTML_QuickForm_input($elementName, $elementLabel, $attributes);
$this->_type = 'recaptcha';
if (is_https()) {
$this->_https = true;
} else {
$this->_https = false;
}
}
/**
* constructor
*
* @param string $elementName (optional) name of the recaptcha element
* @param string $elementLabel (optional) label for recaptcha element
* @param mixed $attributes (optional) Either a typical HTML attribute string
* or an associative array
*/
public function __construct($elementName = null, $elementLabel = null, $attributes = null)
{
global $CFG;
parent::__construct($elementName, $elementLabel, $attributes);
$this->_type = 'recaptcha';
if (is_https()) {
$this->_https = true;
} else {
$this->_https = false;
}
}
function show_submit()
{
row1(tra("Submit profile"));
echo "<script>var RecaptchaOptions = { theme : 'white' };</script>";
$config = get_config();
$publickey = parse_config($config, "<recaptcha_public_key>");
if ($publickey) {
table_row(tra("Please enter the words shown in the image.") . "<br>\n" . recaptcha_get_html($publickey, null, is_https()));
}
table_row("<p><input type=\"submit\" value=\"" . tra("Create/edit profile") . "\" name=\"submit\">");
}
function embedly_embed_thumbnails(&$feed)
{
$matched_urls = array();
$embedly_re = '/(www\\.flickr\\.com\\/photos\\/.*|flic\\.kr\\/.*|www\\.mobypicture\\.com\\/user\\/.*\\/view\\/.*|moby\\.to\\/.*|.*imgur\\.com\\/.*|.*\\.posterous\\.com\\/.*|post\\.ly\\/.*|i.*\\.photobucket\\.com\\/albums\\/.*|s.*\\.photobucket\\.com\\/albums\\/.*|phodroid\\.com\\/.*\\/.*\\/.*|xkcd\\.com\\/.*|www\\.xkcd\\.com\\/.*|imgs\\.xkcd\\.com\\/.*|www\\.asofterworld\\.com\\/index\\.php\\?id=.*|www\\.asofterworld\\.com\\/.*\\.jpg|asofterworld\\.com\\/.*\\.jpg|www\\.qwantz\\.com\\/index\\.php\\?comic=.*|23hq\\.com\\/.*\\/photo\\/.*|www\\.23hq\\.com\\/.*\\/photo\\/.*|.*dribbble\\.com\\/shots\\/.*|drbl\\.in\\/.*|.*\\.smugmug\\.com\\/.*|.*\\.smugmug\\.com\\/.*#.*|emberapp\\.com\\/.*\\/images\\/.*|emberapp\\.com\\/.*\\/images\\/.*\\/sizes\\/.*|emberapp\\.com\\/.*\\/collections\\/.*\\/.*|emberapp\\.com\\/.*\\/categories\\/.*\\/.*\\/.*|embr\\.it\\/.*|picasaweb\\.google\\.com.*\\/.*\\/.*#.*|picasaweb\\.google\\.com.*\\/lh\\/photo\\/.*|picasaweb\\.google\\.com.*\\/.*\\/.*|dailybooth\\.com\\/.*\\/.*|brizzly\\.com\\/pic\\/.*|pics\\.brizzly\\.com\\/.*\\.jpg|www\\.tinypic\\.com\\/view\\.php.*|tinypic\\.com\\/view\\.php.*|www\\.tinypic\\.com\\/player\\.php.*|tinypic\\.com\\/player\\.php.*|www\\.tinypic\\.com\\/r\\/.*\\/.*|tinypic\\.com\\/r\\/.*\\/.*|.*\\.tinypic\\.com\\/.*\\.jpg|.*\\.tinypic\\.com\\/.*\\.png|meadd\\.com\\/.*\\/.*|meadd\\.com\\/.*|.*\\.deviantart\\.com\\/art\\/.*|.*\\.deviantart\\.com\\/gallery\\/.*|.*\\.deviantart\\.com\\/#\\/.*|fav\\.me\\/.*|.*\\.deviantart\\.com|.*\\.deviantart\\.com\\/gallery|.*\\.deviantart\\.com\\/.*\\/.*\\.jpg|.*\\.deviantart\\.com\\/.*\\/.*\\.gif|.*\\.deviantart\\.net\\/.*\\/.*\\.jpg|.*\\.deviantart\\.net\\/.*\\/.*\\.gif|plixi\\.com\\/p\\/.*|plixi\\.com\\/profile\\/home\\/.*|plixi\\.com\\/.*|www\\.fotopedia\\.com\\/.*\\/.*|fotopedia\\.com\\/.*\\/.*|photozou\\.jp\\/photo\\/show\\/.*\\/.*|photozou\\.jp\\/photo\\/photo_only\\/.*\\/.*|skitch\\.com\\/.*\\/.*\\/.*|img\\.skitch\\.com\\/.*|https:\\/\\/skitch\\.com\\/.*\\/.*\\/.*|https:\\/\\/img\\.skitch\\.com\\/.*|share\\.ovi\\.com\\/media\\/.*\\/.*|www\\.questionablecontent\\.net\\/|questionablecontent\\.net\\/|www\\.questionablecontent\\.net\\/view\\.php.*|questionablecontent\\.net\\/view\\.php.*|questionablecontent\\.net\\/comics\\/.*\\.png|www\\.questionablecontent\\.net\\/comics\\/.*\\.png|twitrpix\\.com\\/.*|.*\\.twitrpix\\.com\\/.*|www\\.someecards\\.com\\/.*\\/.*|someecards\\.com\\/.*\\/.*|some\\.ly\\/.*|www\\.some\\.ly\\/.*|pikchur\\.com\\/.*|achewood\\.com\\/.*|www\\.achewood\\.com\\/.*|achewood\\.com\\/index\\.php.*|www\\.achewood\\.com\\/index\\.php.*)/i';
$services = array('#twitpic\\.com\\/([\\d\\w]+)#i' => 'http://twitpic.com/show/thumb/%s', '#twitgoo\\.com\\/([\\d\\w]+)#i' => 'http://twitgoo.com/show/thumb/%s', '#tweetphoto\\.com\\/(\\d+)#' => 'http://api.plixi.com/api/tpapi.svc/imagefromurl?url=http://tweetphoto.com/%s', '#img\\.ly\\/([\\w\\d]+)#i' => 'http://img.ly/show/thumb/%s', '#picplz\\.com\\/([\\d\\w\\.]+)#' => 'http://picplz.com/%s/thumb', '#yfrog\\.com\\/([\\d\\w]+)#' => 'http://yfrog.com/%s:small', '#instagr\\.am\\/p\\/([_-\\d\\w]+)#i' => 'http://instagr.am/p/%s/media/?size=t', '#instagram\\.com\\/p\\/([_-\\d\\w]+)#i' => 'http://instagr.am/p/%s/media/?size=t');
foreach ($feed as &$status) {
if ($status->entities) {
if ($status->entities->urls) {
foreach ($status->entities->urls as $urls) {
if (preg_match($embedly_re, $urls->expanded_url) > 0) {
// If it matches an Embedly supported URL
$matched_urls[urlencode($urls->expanded_url)][] = $status->id;
} elseif (preg_match("/.*\\.(jpg|png|gif)/i", $urls->expanded_url)) {
$feed[$status->id]->text .= '<br /><a href="' . $urls->expanded_url . '"><img src="' . img_proxy_url($urls->expanded_url, TRUE) . '" style="max-width:150px;" /></a>';
} else {
foreach ($services as $pattern => $thumbnail_url) {
if (preg_match_all($pattern, $urls->expanded_url, $matches, PREG_PATTERN_ORDER) > 0) {
foreach ($matches[1] as $key => $match) {
$feed[$status->id]->text .= '<br /><a href="' . $urls->expanded_url . '"><img src="' . img_proxy_url(sprintf($thumbnail_url, $match)) . '" style="max-width:150px;" /></a>';
}
}
}
}
}
}
if ($status->entities->media) {
$image = is_https() ? $status->entities->media[0]->media_url_https : $status->entities->media[0]->media_url;
$feed[$status->id]->text .= '<br /><a href="' . $image . '"><img src="' . img_proxy_url($image, TRUE) . '" style="max-width:150px;" /></a>';
}
}
}
// Make a single API call to Embedly.
$justUrls = array_keys($matched_urls);
$count = count($justUrls);
if ($count == 0) {
return;
}
if ($count > 20) {
// Embedly has a limit of 20 URLs processed at a time. Not ideal for @dabr, but fair enough to ignore images after that.
$justUrls = array_chunk($justUrls, 20);
$justUrls = $justUrls[0];
}
$url = 'http://api.embed.ly/1/oembed?key=' . EMBEDLY_KEY . '&urls=' . implode(',', $justUrls) . '&format=json';
$embedly_json = twitter_fetch($url);
$oembeds = json_decode($embedly_json);
// Put the thumbnails into the $feed
foreach ($justUrls as $index => $url) {
if ($thumb = $oembeds[$index]->thumbnail_url) {
foreach ($matched_urls[$url] as $statusId) {
$feed[$statusId]->text .= '<br /><a href="' . urldecode($url) . '"><img src="' . img_proxy_url($thumb) . '" style="max-width:150px;" /></a>';
}
}
}
}
/**
* Current URL
*
* Returns the full URL (including segments) of the page where this
* function is placed
*
* Modified so that current_url() allows for HTTPS. Also modified
* so that a specific host (domain) can replace the current one.
* This is important if you want to be able to have somebody
* switch the current page to another language using i18n domains.
*
* @param string the requested language.
*/
function current_url()
{
$CI =& get_instance();
$url = $CI->config->site_url($CI->uri->uri_string());
if (is_https()) {
if (parse_url($url, PHP_URL_SCHEME) == 'http') {
$url = substr($url, 0, 4) . 's' . substr($url, 4);
}
}
// Return the current URL, making sure to attach any query string that may exist
return $_SERVER['QUERY_STRING'] ? $url . '?' . $_SERVER['QUERY_STRING'] : $url;
}
public function common_functions()
{
echo is_php('5.3');
echo is_really_writable('file.php');
echo config_item('key');
echo set_status_header('200', 'text');
echo remove_invisible_characters('Java\\0script');
echo html_escape(array());
echo get_mimes();
echo is_https();
echo is_cli();
echo function_usable('eval');
}
/**
* Constructor
*
* Sets the $config data from the primary config.php file as a class variable
*
* @access public
* @param string the config file name
* @param boolean if configuration values should be loaded into their own section
* @param boolean true if errors should just return false, false if an error message should be displayed
* @return boolean if the file was successfully loaded or not
*/
public function __construct()
{
$this->config =& get_config();
log_message('debug', 'Config Class Initialized');
// Set the base_url automatically if none was provided
if (empty($this->config['base_url'])) {
if (isset($_SERVER['HTTP_HOST'])) {
$base_url = (is_https() ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME'])));
} else {
$base_url = 'http://localhost/';
}
$this->set_item('base_url', $base_url);
}
}
/**
* Constructor
*
* Sets the $config data from the primary config.php file as a class variable
*
* @access public
* @param string the config file name
* @param boolean if configuration values should be loaded into their own section
* @param boolean true if errors should just return false, false if an error message should be displayed
* @return boolean if the file was successfully loaded or not
*/
function __construct()
{
$this->config =& get_config();
log_message('debug', "Config Class Initialized");
// Set the base_url automatically if none was provided
if ($this->config['base_url'] == '') {
// Modify by ET-NiK
if (isset($_SERVER['HTTP_HOST']) && preg_match('/^((\\[[0-9a-f:]+\\])|(\\d{1,3}(\\.\\d{1,3}){3})|[a-z0-9\\-\\.]+)(:\\d+)?$/i', $_SERVER['HTTP_HOST'])) {
$base_url = (is_https() ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME'])));
} else {
$base_url = 'http://localhost/';
}
$this->set_item('base_url', $base_url);
}
}
/**
* Class constructor
*
* Sets the $config data from the primary config.php file as a class variable.
*
* @return void
*/
public function __construct()
{
$this->config =& get_config();
// Set the base_url automatically if none was provided
if (empty($this->config['base_url'])) {
// The regular expression is only a basic validation for a valid "Host" header.
// It's not exhaustive, only checks for valid characters.
if (isset($_SERVER['HTTP_HOST']) && preg_match('/^((\\[[0-9a-f:]+\\])|(\\d{1,3}(\\.\\d{1,3}){3})|[a-z0-9\\-\\.]+)(:\\d+)?$/i', $_SERVER['HTTP_HOST'])) {
$base_url = (is_https() ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME'])));
} else {
$base_url = 'http://localhost/';
}
$this->set_item('base_url', $base_url);
}
log_message('info', 'Config Class Initialized');
}
/**
*
*
*/
function plugin_ssl_convert()
{
global $script, $script_ssl, $vars, $reg_exp_host;
//------------ [重要かつ複雑なロジック] ----------------------------------
// #sslと記述されたページのみ、ssl通信の対象としたいため以下のような処理をする
// (ナビ、メニュー、ナビ2などは、通常のURLにリンクさせたい)
//
// 0. lib/init.php で、$script_ssl が未設定なら生成される
// 2. 入れ替えた後は、$script_ssl によって、コンテンツ部分の様々なURLが作られる
// 3. lib/html.php 内で、元に戻す
// 4. naviや、menuや、pukiwiki.skin.phpで呼び出すところでは、元の$scriptが使われる
//
// なるべく、ドメインを含めないURL指定を心掛けるとよいかも
//
// lib/html.php でSSL用の処理(HTMLコードの書き換えを実行)をするためのフラグ
$qt = get_qt();
$qt->setv('plugin_ssl_flag', TRUE);
$go_ssl_url = $script_ssl . '?' . rawurlencode($vars['page']);
// 移動を促すメッセージ
$args = func_get_args();
$msg = isset($args[0]) ? h($args[0]) : '暗号化されたページへ移動してください';
// javascriptで判定して、https:に移動させる(PHPのSERVER変数が信用できないから)
$qt->setv('jquery_include', true);
$js_co = check_editable($vars['page'], false, false) ? '//' : '';
$js = <<<EOD
<script type="text/javascript">
if( document.location.protocol != 'https:' ){
\t{$js_co}location.href = '{$go_ssl_url}';
\t\$(function(){
\t\t\$('div#plugin_ssl_msg').html('<a href="{$go_ssl_url}" data-target="nowin">{$msg}</a>');
\t});
}
</script>
EOD;
$qt->appendv_once('plugin_ssl', 'beforescript', $js);
// 外部ウインドウで開くリストから、通常ページへのURLを除外
$p_url = parse_url(is_https() ? $script_ssl : $script);
$reg_exp_host .= ($reg_exp_host == '' ? '' : '|') . $p_url['host'];
return <<<EOD
<div id="plugin_ssl_msg"></div>
EOD;
}
function form_open($action = '', $attributes = array(), $hidden = array())
{
$CI =& get_instance();
// Load URL helper for the site_url and base_url functions
$CI->load->helper('url');
// Set the link protocol to https if secure
$link_protocol = USE_SSL && is_https() ? 'https' : NULL;
// If no action is provided then set to the current url
if (!$action) {
$action = current_url($action);
if (is_https()) {
if (parse_url($action, PHP_URL_SCHEME) == 'http') {
$action = substr($action, 0, 4) . 's' . substr($action, 4);
}
}
$action = $_SERVER['QUERY_STRING'] ? $action . '?' . $_SERVER['QUERY_STRING'] : $action;
} elseif (strpos($action, '://') === FALSE) {
$action = site_url($action, $link_protocol);
}
$attributes = _attributes_to_string($attributes);
if (stripos($attributes, 'method=') === FALSE) {
$attributes .= ' method="post"';
}
if (stripos($attributes, 'accept-charset=') === FALSE) {
$attributes .= ' accept-charset="' . strtolower(config_item('charset')) . '"';
}
$form = '<form action="' . $action . '"' . $attributes . ">\n";
// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
if ($CI->config->item('csrf_protection') === TRUE && strpos($action, base_url('', $link_protocol)) !== FALSE && !stripos($form, 'method="get"')) {
$hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
}
// Add MY CSRF token if MY CSRF library is loaded
if ($CI->load->is_loaded('tokens') && strpos($action, base_url('', $link_protocol)) !== FALSE && !stripos($form, 'method="get"')) {
$hidden[$CI->tokens->name] = $CI->tokens->token();
}
if (is_array($hidden)) {
foreach ($hidden as $name => $value) {
$form .= '<input type="hidden" name="' . $name . '" value="' . html_escape($value) . '" style="display:none;" />' . "\n";
}
}
return $form;
}
public function setup($page, $context)
{
// This only requires execution once per request.
static $jsinitialised = false;
if (empty($jsinitialised)) {
if (is_https()) {
$url = get_config('filter_mathjaxloader', 'httpsurl');
} else {
$url = get_config('filter_mathjaxloader', 'httpurl');
}
$lang = $this->map_language_code(current_language());
$url = new moodle_url($url, array('delayStartupUntil' => 'configured'));
$moduleconfig = array('name' => 'mathjax', 'fullpath' => $url);
$page->requires->js_module($moduleconfig);
$config = get_config('filter_mathjaxloader', 'mathjaxconfig');
$params = array('mathjaxconfig' => $config, 'lang' => $lang);
$page->requires->yui_module('moodle-filter_mathjaxloader-loader', 'M.filter_mathjaxloader.configure', array($params));
$jsinitialised = true;
}
}
/**
* Output file headers to initialise the download of the file.
*/
public function send_http_headers()
{
global $CFG;
if (defined('BEHAT_SITE_RUNNING')) {
// For text based formats - we cannot test the output with behat if we force a file download.
return;
}
if (is_https()) {
// HTTPS sites - watch out for IE! KB812935 and KB316431.
header('Cache-Control: max-age=10');
header('Pragma: ');
} else {
// Normal http - prevent caching at all cost.
header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
header('Pragma: no-cache');
}
header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
header("Content-Type: {$this->mimetype}\n");
$filename = $this->filename . $this->get_extension();
header("Content-Disposition: attachment; filename=\"{$filename}\"");
}
public function __construct()
{
$this->config =& get_config();
// Set the base_url automatically if none was provided
if (empty($this->config['base_url'])) {
$use_host = 'localhost';
if (defined('CI_HTTP_HOST') && CI_HTTP_HOST) {
$use_host = CI_HTTP_HOST;
} else {
if (isset($_SERVER['SERVER_ADDR'])) {
$use_host = $_SERVER['SERVER_ADDR'];
}
}
$base_url = (is_https() ? 'https' : 'http') . '://' . $use_host;
if (isset($_SERVER['SCRIPT_NAME'])) {
$base_url .= substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME'])));
}
$this->set_item('base_url', $base_url);
}
log_message('info', 'Config Class Initialized');
}
public function __construct()
{
$this->config =& get_config();
// Set the base_url automatically if none was provided
if (empty($this->config['base_url'])) {
// The regular expression is only a basic validation for a valid "Host" header.
// It's not exhaustive, only checks for valid characters.
if (isset($_SERVER['HTTP_HOST']) && preg_match('/^((\\[[0-9a-f:]+\\])|(\\d{1,3}(\\.\\d{1,3}){3})|[a-z0-9\\-\\.]+)(:\\d+)?$/i', $_SERVER['HTTP_HOST'])) {
//Check if the SERVER_HOST is a trusted host to avoid HTTP Host header attacks
//TODO: improve this by checking the ENVIRONMENT variable and ignore trusted_hosts when is testing or development
$trusted = false;
if (!empty($this->config['trusted_hosts'])) {
foreach ($this->config['trusted_hosts'] as $trusted_host) {
$parsed_url = parse_url(trim($trusted_host));
$path_explode = explode('/', $parsed_url['path'], 2);
$real_trusted_host = trim(isset($parsed_url['host']) ? $parsed_url['host'] : array_shift($path_explode));
if ($trusted = preg_match("/^((.*?)\\.)?" . $real_trusted_host . "\$/i", $_SERVER['HTTP_HOST'])) {
break;
}
}
} else {
$trusted = true;
}
if ($trusted) {
$base_url = (is_https() ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME'])));
} else {
$_SERVER['HTTP_HOST'] = "localhost";
$base_url = 'http://localhost/';
}
} else {
$base_url = 'http://localhost/';
}
$this->set_item('base_url', $base_url);
}
log_message('info', 'Config Class Initialized');
}
/**
* Works out the URL for the users picture.
*
* This method is recommended as it avoids costly redirects of user pictures
* if requests are made for non-existent files etc.
*
* @param moodle_page $page
* @param renderer_base $renderer
* @return moodle_url
*/
public function get_url(moodle_page $page, renderer_base $renderer = null)
{
global $CFG;
if (is_null($renderer)) {
$renderer = $page->get_renderer('core');
}
// Sort out the filename and size. Size is only required for the gravatar
// implementation presently.
if (empty($this->size)) {
$filename = 'f2';
$size = 35;
} else {
if ($this->size === true or $this->size == 1) {
$filename = 'f1';
$size = 100;
} else {
if ($this->size > 100) {
$filename = 'f3';
$size = (int) $this->size;
} else {
if ($this->size >= 50) {
$filename = 'f1';
$size = (int) $this->size;
} else {
$filename = 'f2';
$size = (int) $this->size;
}
}
}
}
$defaulturl = $renderer->pix_url('u/' . $filename);
// default image
if ((!empty($CFG->forcelogin) and !isloggedin()) || !empty($CFG->forceloginforprofileimage) && (!isloggedin() || isguestuser())) {
// Protect images if login required and not logged in;
// also if login is required for profile images and is not logged in or guest
// do not use require_login() because it is expensive and not suitable here anyway.
return $defaulturl;
}
// First try to detect deleted users - but do not read from database for performance reasons!
if (!empty($this->user->deleted) or strpos($this->user->email, '@') === false) {
// All deleted users should have email replaced by md5 hash,
// all active users are expected to have valid email.
return $defaulturl;
}
// Did the user upload a picture?
if ($this->user->picture > 0) {
if (!empty($this->user->contextid)) {
$contextid = $this->user->contextid;
} else {
$context = context_user::instance($this->user->id, IGNORE_MISSING);
if (!$context) {
// This must be an incorrectly deleted user, all other users have context.
return $defaulturl;
}
$contextid = $context->id;
}
$path = '/';
if (clean_param($page->theme->name, PARAM_THEME) == $page->theme->name) {
// We append the theme name to the file path if we have it so that
// in the circumstance that the profile picture is not available
// when the user actually requests it they still get the profile
// picture for the correct theme.
$path .= $page->theme->name . '/';
}
// Set the image URL to the URL for the uploaded file and return.
$url = moodle_url::make_pluginfile_url($contextid, 'user', 'icon', NULL, $path, $filename);
$url->param('rev', $this->user->picture);
return $url;
}
if ($this->user->picture == 0 and !empty($CFG->enablegravatar)) {
// Normalise the size variable to acceptable bounds
if ($size < 1 || $size > 512) {
$size = 35;
}
// Hash the users email address
$md5 = md5(strtolower(trim($this->user->email)));
// Build a gravatar URL with what we know.
// Find the best default image URL we can (MDL-35669)
if (empty($CFG->gravatardefaulturl)) {
$absoluteimagepath = $page->theme->resolve_image_location('u/' . $filename, 'core');
if (strpos($absoluteimagepath, $CFG->dirroot) === 0) {
$gravatardefault = $CFG->wwwroot . substr($absoluteimagepath, strlen($CFG->dirroot));
} else {
$gravatardefault = $CFG->wwwroot . '/pix/u/' . $filename . '.png';
}
} else {
$gravatardefault = $CFG->gravatardefaulturl;
}
// If the currently requested page is https then we'll return an
// https gravatar page.
if (is_https()) {
$gravatardefault = str_replace($CFG->wwwroot, $CFG->httpswwwroot, $gravatardefault);
// Replace by secure url.
return new moodle_url("https://secure.gravatar.com/avatar/{$md5}", array('s' => $size, 'd' => $gravatardefault));
} else {
return new moodle_url("http://www.gravatar.com/avatar/{$md5}", array('s' => $size, 'd' => $gravatardefault));
}
}
return $defaulturl;
}
/**
* Header Redirect (Overwritten to account for adding language path in site_url function)
*
* Header redirect in two flavors
* For very fine grained control over headers, you could use the Output
* Library's set_header() function.
*
* @access public
* @param string the URL
* @param string the method: location or redirect
* @param string the http response code
* @param string wether to force or not https
* @return string
*/
function redirect($uri = '', $method = 'location', $http_response_code = 302, $use_https = NULL)
{
if (!preg_match('#^https?://#i', $uri)) {
if (is_null($use_https)) {
$use_https = is_https();
}
$uri = site_url($uri, $use_https, FALSE);
}
switch ($method) {
case 'refresh':
header("Refresh:0;url=" . $uri);
break;
default:
header("Location: " . $uri, TRUE, $http_response_code);
break;
}
exit;
}
/**
* Class constructor
*
* Sets the $config data from the primary config.php file as a class variable.
*
* @return void
*/
public function __construct()
{
$this->config =& get_config();
// Set the base_url automatically if none was provided
if (empty($this->config['base_url'])) {
if (isset($_SERVER['SERVER_ADDR'])) {
if (strpos($_SERVER['SERVER_ADDR'], ':') !== FALSE) {
$server_addr = '[' . $_SERVER['SERVER_ADDR'] . ']';
} else {
$server_addr = $_SERVER['SERVER_ADDR'];
}
$base_url = (is_https() ? 'https' : 'http') . '://' . $server_addr . substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME'])));
} else {
$base_url = 'http://localhost/';
}
$this->set_item('base_url', $base_url);
}
log_message('info', 'Config Class Initialized');
}
/**
* attempt to build up a request from what was passed to the server
*/
public static function from_request($http_method = null, $http_url = null, $parameters = null)
{
$scheme = !is_https() ? 'http' : 'https';
$port = "";
if ($_SERVER['SERVER_PORT'] != "80" && $_SERVER['SERVER_PORT'] != "443" && strpos(':', $_SERVER['HTTP_HOST']) < 0) {
$port = ':' . $_SERVER['SERVER_PORT'];
}
@$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $port . $_SERVER['REQUEST_URI'];
@$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
// We weren't handed any parameters, so let's find the ones relevant to
// this request.
// If you run XML-RPC or similar you should use this to provide your own
// parsed parameter-list
if (!$parameters) {
// Find request headers
$request_headers = OAuthUtil::get_headers();
// Parse the query-string to find GET parameters
$parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
$ourpost = $_POST;
// Deal with magic_quotes
// http://www.php.net/manual/en/security.magicquotes.disabling.php
if (get_magic_quotes_gpc()) {
$outpost = array();
foreach ($_POST as $k => $v) {
$v = stripslashes($v);
$ourpost[$k] = $v;
}
}
// Add POST Parameters if they exist
$parameters = array_merge($parameters, $ourpost);
// We have a Authorization-header with OAuth data. Parse the header
// and add those overriding any duplicates from GET or POST
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
$parameters = array_merge($parameters, $header_parameters);
}
}
return new OAuthRequest($http_method, $http_url, $parameters);
}
define('PUBLIC', 1);
define('XMLRPC', 1);
define('TITLE', '');
global $SESSION, $USER;
// Catch anything that goes wrong in init.php
ob_start();
require dirname(dirname(__FILE__)) . '/init.php';
$errors = trim(ob_get_contents());
ob_end_clean();
require_once dirname(__FILE__) . '/lib.php';
if (!webservice_protocol_is_enabled('oauth')) {
header("HTTP/1.0 404 Not Found");
die;
}
// you must use HTTPS as token based auth is a hazzard without it
if (!is_https()) {
header("HTTP/1.0 403 Forbidden - HTTPS must be used");
die;
}
/*
* Always announce XRDS OAuth discovery
*/
header('X-XRDS-Location: ' . get_config('wwwroot') . 'webservice/oauthv1/services.xrds');
/*
* Initialize OAuth store
*/
require_once get_config('docroot') . 'webservice/libs/oauth-php/OAuthServer.php';
require_once get_config('docroot') . 'webservice/libs/oauth-php/OAuthStore.php';
OAuthStore::instance('Mahara');
global $server;
$server = new OAuthServer();
/**
* Returns a block of HTML that the Google Apps block can use to list
* which Google services are supported.
*/
private static function get_html_of_supported_googleapps()
{
$smarty = smarty_core();
$smarty->assign('lang', substr(get_config('lang'), 0, 2));
if (is_https() === true) {
$smarty->assign('protocol', 'https');
} else {
$smarty->assign('protocol', 'http');
}
return $smarty->fetch('blocktype:googleapps:supported.tpl');
}
* This file contains settings used by tool_mobile
*
* @package tool_mobile
* @copyright 2016 Juan Leyva
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die;
if ($hassiteconfig) {
$ADMIN->add('root', new admin_category('mobileapp', new lang_string('mobileapp', 'tool_mobile')), 'development');
$temp = new admin_settingpage('mobilesettings', new lang_string('mobilesettings', 'tool_mobile'), 'moodle/site:config', false);
// We should wait to the installation to finish since we depend on some configuration values that are set once
// the admin user profile is configured.
if (!during_initial_install()) {
$enablemobiledocurl = new moodle_url(get_docs_url('Enable_mobile_web_services'));
$enablemobiledoclink = html_writer::link($enablemobiledocurl, new lang_string('documentation'));
$default = is_https() ? 1 : 0;
$temp->add(new admin_setting_enablemobileservice('enablemobilewebservice', new lang_string('enablemobilewebservice', 'admin'), new lang_string('configenablemobilewebservice', 'admin', $enablemobiledoclink), $default));
}
$ADMIN->add('mobileapp', $temp);
// Show only mobile settings if the mobile service is enabled.
if (!empty($CFG->enablemobilewebservice)) {
// Type of login.
$temp = new admin_settingpage('mobileauthentication', new lang_string('mobileauthentication', 'tool_mobile'));
$options = array(tool_mobile\api::LOGIN_VIA_APP => new lang_string('loginintheapp', 'tool_mobile'), tool_mobile\api::LOGIN_VIA_BROWSER => new lang_string('logininthebrowser', 'tool_mobile'), tool_mobile\api::LOGIN_VIA_EMBEDDED_BROWSER => new lang_string('loginintheembeddedbrowser', 'tool_mobile'));
$temp->add(new admin_setting_configselect('tool_mobile/typeoflogin', new lang_string('typeoflogin', 'tool_mobile'), new lang_string('typeoflogin_desc', 'tool_mobile'), 1, $options));
$temp->add(new admin_setting_configtext('tool_mobile/forcedurlscheme', new lang_string('forcedurlscheme_key', 'tool_mobile'), new lang_string('forcedurlscheme', 'tool_mobile'), '', PARAM_NOTAGS));
$ADMIN->add('mobileapp', $temp);
// Appearance related settings.
$temp = new admin_settingpage('mobileappearance', new lang_string('mobileappearance', 'tool_mobile'));
$temp->add(new admin_setting_configtext('mobilecssurl', new lang_string('mobilecssurl', 'tool_mobile'), new lang_string('configmobilecssurl', 'tool_mobile'), '', PARAM_URL));
$temp->add(new admin_setting_heading('tool_mobile/smartappbanners', new lang_string('smartappbanners', 'tool_mobile'), ''));
/**
* Page requirements constructor.
*/
public function __construct()
{
global $CFG;
// You may need to set up URL rewrite rule because oversized URLs might not be allowed by web server.
$sep = empty($CFG->yuislasharguments) ? '?' : '/';
$this->yui3loader = new stdClass();
$this->YUI_config = new YUI_config();
if (is_https()) {
// On HTTPS sites all JS must be loaded from https sites,
// YUI CDN does not support https yet, sorry.
$CFG->useexternalyui = 0;
}
// Set up some loader options.
$this->yui3loader->local_base = $CFG->httpswwwroot . '/lib/yuilib/' . $CFG->yui3version . '/';
$this->yui3loader->local_comboBase = $CFG->httpswwwroot . '/theme/yui_combo.php' . $sep;
if (!empty($CFG->useexternalyui)) {
$this->yui3loader->base = 'http://yui.yahooapis.com/' . $CFG->yui3version . '/';
$this->yui3loader->comboBase = 'http://yui.yahooapis.com/combo?';
} else {
$this->yui3loader->base = $this->yui3loader->local_base;
$this->yui3loader->comboBase = $this->yui3loader->local_comboBase;
}
// Enable combo loader? This significantly helps with caching and performance!
$this->yui3loader->combine = !empty($CFG->yuicomboloading);
$jsrev = $this->get_jsrev();
// Set up JS YUI loader helper object.
$this->YUI_config->base = $this->yui3loader->base;
$this->YUI_config->comboBase = $this->yui3loader->comboBase;
$this->YUI_config->combine = $this->yui3loader->combine;
// If we've had to patch any YUI modules between releases, we must override the YUI configuration to include them.
// For important information on patching YUI modules, please see http://docs.moodle.org/dev/YUI/Patching.
if (!empty($CFG->yuipatchedmodules) && !empty($CFG->yuipatchlevel)) {
$this->YUI_config->define_patched_core_modules($this->yui3loader->local_comboBase, $CFG->yui3version, $CFG->yuipatchlevel, $CFG->yuipatchedmodules);
}
$configname = $this->YUI_config->set_config_source('lib/yui/config/yui2.js');
$this->YUI_config->add_group('yui2', array('base' => $CFG->httpswwwroot . '/lib/yuilib/2in3/' . $CFG->yui2version . '/build/', 'comboBase' => $CFG->httpswwwroot . '/theme/yui_combo.php' . $sep, 'combine' => $this->yui3loader->combine, 'ext' => false, 'root' => '2in3/' . $CFG->yui2version . '/build/', 'patterns' => array('yui2-' => array('group' => 'yui2', 'configFn' => $configname))));
$configname = $this->YUI_config->set_config_source('lib/yui/config/moodle.js');
$this->YUI_config->add_group('moodle', array('name' => 'moodle', 'base' => $CFG->httpswwwroot . '/theme/yui_combo.php' . $sep . 'm/' . $jsrev . '/', 'combine' => $this->yui3loader->combine, 'comboBase' => $CFG->httpswwwroot . '/theme/yui_combo.php' . $sep, 'ext' => false, 'root' => 'm/' . $jsrev . '/', 'patterns' => array('moodle-' => array('group' => 'moodle', 'configFn' => $configname))));
$this->YUI_config->add_group('gallery', array('name' => 'gallery', 'base' => $CFG->httpswwwroot . '/lib/yuilib/gallery/', 'combine' => $this->yui3loader->combine, 'comboBase' => $CFG->httpswwwroot . '/theme/yui_combo.php' . $sep, 'ext' => false, 'root' => 'gallery/' . $jsrev . '/', 'patterns' => array('gallery-' => array('group' => 'gallery'))));
// Set some more loader options applying to groups too.
if ($CFG->debugdeveloper) {
// When debugging is enabled, we want to load the non-minified (RAW) versions of YUI library modules rather
// than the DEBUG versions as these generally generate too much logging for our purposes.
// However we do want the DEBUG versions of our Moodle-specific modules.
// To debug a YUI-specific issue, change the yui3loader->filter value to DEBUG.
$this->YUI_config->filter = 'RAW';
$this->YUI_config->groups['moodle']['filter'] = 'DEBUG';
// We use the yui3loader->filter setting when writing the YUI3 seed scripts into the header.
$this->yui3loader->filter = $this->YUI_config->filter;
$this->YUI_config->debug = true;
} else {
$this->yui3loader->filter = null;
$this->YUI_config->groups['moodle']['filter'] = null;
$this->YUI_config->debug = false;
}
// Include the YUI config log filters.
if (!empty($CFG->yuilogexclude) && is_array($CFG->yuilogexclude)) {
$this->YUI_config->logExclude = $CFG->yuilogexclude;
}
if (!empty($CFG->yuiloginclude) && is_array($CFG->yuiloginclude)) {
$this->YUI_config->logInclude = $CFG->yuiloginclude;
}
if (!empty($CFG->yuiloglevel)) {
$this->YUI_config->logLevel = $CFG->yuiloglevel;
}
// Add the moodle group's module data.
$this->YUI_config->add_moodle_metadata();
// Every page should include definition of following modules.
$this->js_module($this->find_module('core_filepicker'));
}
/**
* CSRF Set Cookie
*
* @codeCoverageIgnore
* @return CI_Security
*/
public function csrf_set_cookie()
{
$expire = time() + $this->_csrf_expire;
$secure_cookie = (bool) config_item('cookie_secure');
if ($secure_cookie && !is_https()) {
return FALSE;
}
setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie, config_item('cookie_httponly'));
log_message('debug', 'CRSF cookie Set');
return $this;
}
/**
* Constructor for the REST API
*
* @access public
* @param string $config Configuration filename minus the file extension
* e.g: my_rest.php is passed as 'my_rest'
* @return void
*/
public function __construct($config = 'rest')
{
parent::__construct();
// Disable XML Entity (security vulnerability)
libxml_disable_entity_loader(TRUE);
// Check to see if PHP is equal to or greater than 5.4.x
if (is_php('5.4') === FALSE) {
// CodeIgniter 3 is recommended for v5.4 or above
throw new Exception('Using PHP v' . PHP_VERSION . ', though PHP v5.4 or greater is required');
}
// Check to see if this is CI 3.x
if (explode('.', CI_VERSION, 2)[0] < 3) {
throw new Exception('REST Server requires CodeIgniter 3.x');
}
// Set the default value of global xss filtering. Same approach as CodeIgniter 3
$this->_enable_xss = $this->config->item('global_xss_filtering') === TRUE;
// Don't try to parse template variables like {elapsed_time} and {memory_usage}
// when output is displayed for not damaging data accidentally
$this->output->parse_exec_vars = FALSE;
// Start the timer for how long the request takes
$this->_start_rtime = microtime(TRUE);
// Load the rest.php configuration file
$this->load->config($config);
// At present the library is bundled with REST_Controller 2.5+, but will eventually be part of CodeIgniter (no citation)
$this->load->library('format');
// Determine supported output formats from configiguration.
$supported_formats = $this->config->item('rest_supported_formats');
// Validate the configuration setting output formats
if (empty($supported_formats)) {
$supported_formats = [];
}
if (!is_array($supported_formats)) {
$supported_formats = [$supported_formats];
}
// Add silently the default output format if it is missing.
$default_format = $this->_get_default_output_format();
if (!in_array($default_format, $supported_formats)) {
$supported_formats[] = $default_format;
}
// Now update $this->_supported_formats
$this->_supported_formats = array_intersect_key($this->_supported_formats, array_flip($supported_formats));
// Get the language
$language = $this->config->item('rest_language');
if ($language === NULL) {
$language = 'english';
}
// Load the language file
$this->lang->load('rest_controller', $language);
// Initialise the response, request and rest objects
$this->request = new stdClass();
$this->response = new stdClass();
$this->rest = new stdClass();
// Check to see if the current IP address is blacklisted
if ($this->config->item('rest_ip_blacklist_enabled') === TRUE) {
$this->_check_blacklist_auth();
}
// Determine whether the connection is HTTPS
$this->request->ssl = is_https();
// How is this request being made? GET, POST, PATCH, DELETE, INSERT, PUT, HEAD or OPTIONS
$this->request->method = $this->_detect_method();
// Create an argument container if it doesn't exist e.g. _get_args
if (isset($this->{'_' . $this->request->method . '_args'}) === FALSE) {
$this->{'_' . $this->request->method . '_args'} = [];
}
// Set up the query parameters
$this->_parse_query();
// Set up the GET variables
$this->_get_args = array_merge($this->_get_args, $this->uri->ruri_to_assoc());
// Try to find a format for the request (means we have a request body)
$this->request->format = $this->_detect_input_format();
// Not all methods have a body attached with them
$this->request->body = NULL;
$this->{'_parse_' . $this->request->method}();
// Now we know all about our request, let's try and parse the body if it exists
if ($this->request->format && $this->request->body) {
$this->request->body = $this->format->factory($this->request->body, $this->request->format)->to_array();
// Assign payload arguments to proper method container
$this->{'_' . $this->request->method . '_args'} = $this->request->body;
}
// Merge both for one mega-args variable
$this->_args = array_merge($this->_get_args, $this->_options_args, $this->_patch_args, $this->_head_args, $this->_put_args, $this->_post_args, $this->_delete_args, $this->{'_' . $this->request->method . '_args'});
// Which format should the data be returned in?
$this->response->format = $this->_detect_output_format();
// Which language should the data be returned in?
$this->response->lang = $this->_detect_lang();
// Extend this function to apply additional checking early on in the process
$this->early_checks();
// Load DB if its enabled
if ($this->config->item('rest_database_group') && ($this->config->item('rest_enable_keys') || $this->config->item('rest_enable_logging'))) {
$this->rest->db = $this->load->database($this->config->item('rest_database_group'), TRUE);
} elseif (property_exists($this, 'db')) {
$this->rest->db = $this->db;
}
// Check if there is a specific auth type for the current class/method
// _auth_override_check could exit so we need $this->rest->db initialized before
$this->auth_override = $this->_auth_override_check();
// Checking for keys? GET TO WorK!
// Skip keys test for $config['auth_override_class_method']['class'['method'] = 'none'
if ($this->config->item('rest_enable_keys') && $this->auth_override !== TRUE) {
$this->_allow = $this->_detect_api_key();
}
// Only allow ajax requests
if ($this->input->is_ajax_request() === FALSE && $this->config->item('rest_ajax_only')) {
// Display an error response
$this->response([$this->config->item('rest_status_field_name') => FALSE, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ajax_only')], self::HTTP_NOT_ACCEPTABLE);
}
// When there is no specific override for the current class/method, use the default auth value set in the config
if ($this->auth_override === FALSE && !($this->config->item('rest_enable_keys') && $this->_allow === TRUE)) {
$rest_auth = strtolower($this->config->item('rest_auth'));
switch ($rest_auth) {
case 'basic':
$this->_prepare_basic_auth();
break;
case 'digest':
$this->_prepare_digest_auth();
break;
case 'session':
$this->_check_php_session();
break;
}
if ($this->config->item('rest_ip_whitelist_enabled') === TRUE) {
$this->_check_whitelist_auth();
}
}
}
/**
* Handles the sending of file data to the user's browser, including support for
* byteranges etc.
*
* The $options parameter supports the following keys:
* (string|null) preview - send the preview of the file (e.g. "thumb" for a thumbnail)
* (string|null) filename - overrides the implicit filename
* (bool) dontdie - return control to caller afterwards. this is not recommended and only used for cleanup tasks.
* if this is passed as true, ignore_user_abort is called. if you don't want your processing to continue on cancel,
* you must detect this case when control is returned using connection_aborted. Please not that session is closed
* and should not be reopened
* (string|null) cacheability - force the cacheability setting of the HTTP response, "private" or "public",
* when $lifetime is greater than 0. Cacheability defaults to "private" when logged in as other than guest; otherwise,
* defaults to "public".
*
* @category files
* @param stored_file $stored_file local file object
* @param int $lifetime Number of seconds before the file should expire from caches (null means $CFG->filelifetime)
* @param int $filter 0 (default)=no filtering, 1=all files, 2=html files only
* @param bool $forcedownload If true (default false), forces download of file rather than view in browser/plugin
* @param array $options additional options affecting the file serving
* @return null script execution stopped unless $options['dontdie'] is true
*/
function send_stored_file($stored_file, $lifetime = null, $filter = 0, $forcedownload = false, array $options = array())
{
global $CFG, $COURSE;
if (empty($options['filename'])) {
$filename = null;
} else {
$filename = $options['filename'];
}
if (empty($options['dontdie'])) {
$dontdie = false;
} else {
$dontdie = true;
}
if ($lifetime === 'default' or is_null($lifetime)) {
$lifetime = $CFG->filelifetime;
}
if (!empty($options['preview'])) {
// replace the file with its preview
$fs = get_file_storage();
$preview_file = $fs->get_file_preview($stored_file, $options['preview']);
if (!$preview_file) {
// unable to create a preview of the file, send its default mime icon instead
if ($options['preview'] === 'tinyicon') {
$size = 24;
} else {
if ($options['preview'] === 'thumb') {
$size = 90;
} else {
$size = 256;
}
}
$fileicon = file_file_icon($stored_file, $size);
send_file($CFG->dirroot . '/pix/' . $fileicon . '.png', basename($fileicon) . '.png');
} else {
// preview images have fixed cache lifetime and they ignore forced download
// (they are generated by GD and therefore they are considered reasonably safe).
$stored_file = $preview_file;
$lifetime = DAYSECS;
$filter = 0;
$forcedownload = false;
}
}
// handle external resource
if ($stored_file && $stored_file->is_external_file() && !isset($options['sendcachedexternalfile'])) {
$stored_file->send_file($lifetime, $filter, $forcedownload, $options);
die;
}
if (!$stored_file or $stored_file->is_directory()) {
// nothing to serve
if ($dontdie) {
return;
}
die;
}
if ($dontdie) {
ignore_user_abort(true);
}
\core\session\manager::write_close();
// Unlock session during file serving.
$filename = is_null($filename) ? $stored_file->get_filename() : $filename;
// Use given MIME type if specified.
$mimetype = $stored_file->get_mimetype();
// Otherwise guess it.
if (!$mimetype || $mimetype === 'document/unknown') {
$mimetype = get_mimetype_for_sending($filename);
}
// if user is using IE, urlencode the filename so that multibyte file name will show up correctly on popup
if (core_useragent::is_ie()) {
$filename = rawurlencode($filename);
}
if ($forcedownload) {
header('Content-Disposition: attachment; filename="' . $filename . '"');
} else {
if ($mimetype !== 'application/x-shockwave-flash') {
// If this is an swf don't pass content-disposition with filename as this makes the flash player treat the file
// as an upload and enforces security that may prevent the file from being loaded.
header('Content-Disposition: inline; filename="' . $filename . '"');
}
}
if ($lifetime > 0) {
$cacheability = ' public,';
if (!empty($options['cacheability']) && $options['cacheability'] === 'public') {
// This file must be cache-able by both browsers and proxies.
$cacheability = ' public,';
} else {
if (!empty($options['cacheability']) && $options['cacheability'] === 'private') {
// This file must be cache-able only by browsers.
$cacheability = ' private,';
} else {
if (isloggedin() and !isguestuser()) {
$cacheability = ' private,';
}
}
}
header('Cache-Control:' . $cacheability . ' max-age=' . $lifetime . ', no-transform');
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT');
header('Pragma: ');
} else {
// Do not cache files in proxies and browsers
if (is_https()) {
// HTTPS sites - watch out for IE! KB812935 and KB316431.
header('Cache-Control: private, max-age=10, no-transform');
header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
header('Pragma: ');
} else {
//normal http - prevent caching at all cost
header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
header('Pragma: no-cache');
}
}
// Allow cross-origin requests only for Web Services.
// This allow to receive requests done by Web Workers or webapps in different domains.
if (WS_SERVER) {
header('Access-Control-Allow-Origin: *');
}
if (empty($filter)) {
// send the contents
readfile_accel($stored_file, $mimetype, !$dontdie);
} else {
// Try to put the file through filters
if ($mimetype == 'text/html' || $mimetype == 'application/xhtml+xml') {
$options = new stdClass();
$options->noclean = true;
$options->nocache = true;
// temporary workaround for MDL-5136
$text = $stored_file->get_content();
$text = file_modify_html_header($text);
$output = format_text($text, FORMAT_HTML, $options, $COURSE->id);
readstring_accel($output, $mimetype, false);
} else {
if ($mimetype == 'text/plain' and $filter == 1) {
// only filter text if filter all files is selected
$options = new stdClass();
$options->newlines = false;
$options->noclean = true;
$text = $stored_file->get_content();
$output = '<pre>' . format_text($text, FORMAT_MOODLE, $options, $COURSE->id) . '</pre>';
readstring_accel($output, $mimetype, false);
} else {
// Just send it out raw
readfile_accel($stored_file, $mimetype, !$dontdie);
}
}
}
if ($dontdie) {
return;
}
die;
//no more chars to output!!!
}
