/** * @param HTMLPurifier_URI $uri * @param HTMLPurifier_Config $config * @param HTMLPurifier_Context $context * @return bool */ public function filter(&$uri, $config, $context) { // check if filter not applicable if (!$config->get('HTML.SafeIframe')) { return true; } // check if the filter should actually trigger if (!$context->get('EmbeddedURI', true)) { return true; } $token = $context->get('CurrentToken', true); if (!($token && $token->name == 'iframe')) { return true; } // check if we actually have some whitelists enabled if ($this->regexp === null) { return false; } // actually check the whitelists if (!preg_match($this->regexp, $uri->toString())) { return false; } // Make sure that if we're an HTTPS site, the iframe is also HTTPS if (is_https() && $uri->scheme == 'http') { // Convert it to a protocol-relative URL $uri->scheme = null; } return $uri; }
/** * replace any http images with https urls * * @param type $h * @param type $t * @param type $r * @param type $p * @return type */ function view_hook($h, $t, $r, $p) { $http_url = str_replace('https://', 'http://', elgg_get_site_url()); if (preg_match_all('/<img[^>]+src\\s*=\\s*["\']?([^"\' ]+)[^>]*>/', $r, $extracted_image)) { foreach ($extracted_image[0] as $key => $i) { if (strpos($extracted_image[1][$key], elgg_get_site_url()) !== false) { continue; // already one of our links } // check if this is our url being requested over http, and rewrite to https if (strpos($extracted_image[1][$key], $http_url) === 0) { $https_image = str_replace('http://', 'https://', $extracted_image[1][$key]); $replacement_image = str_replace($extracted_image[1][$key], $https_image, $i); $r = str_replace($i, $replacement_image, $r); continue; } if (!is_https($extracted_image[1][$key])) { // replace this url $url = urlencode($extracted_image[1][$key]); if (strpos($url, 'http') === 0) { $token = get_token($extracted_image[1][$key]); $new_url = elgg_normalize_url('mod/image_proxy/image.php?url=' . $url . '&token=' . $token); $replacement_image = str_replace($extracted_image[1][$key], $new_url, $i); $r = str_replace($i, $replacement_image, $r); } } } } return $r; }
public function __construct() { parent::__construct(); /** * Set no-cache headers so pages are never cached by the browser. * This is necessary because if the browser caches a page, the * login or logout link and user specific data may not change when * the logged in status changes. */ header('Expires: Wed, 13 Dec 1972 18:37:00 GMT'); header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0'); header('Pragma: no-cache'); /** * Set the request protocol */ if (is_https()) { $this->protocol = 'https'; } /** * If the http user cookie is set, make user data available in views */ if (get_cookie(config_item('http_user_cookie_name'))) { $http_user_data = unserialize_data(get_cookie(config_item('http_user_cookie_name'))); $this->load->vars($http_user_data); } //$this->output->enable_profiler(); }
function force_http($port = null) { if (is_https()) { $ci = get_instance(); if (isset($ci->session) && is_object($ci->session)) { $ci->session->keep_flashdata(); } redirect(to_http(CURRENT_URL, $port)); } }
/** * constructor * * @param string $elementName (optional) name of the recaptcha element * @param string $elementLabel (optional) label for recaptcha element * @param mixed $attributes (optional) Either a typical HTML attribute string * or an associative array */ function MoodleQuickForm_recaptcha($elementName = null, $elementLabel = null, $attributes = null) { global $CFG; parent::HTML_QuickForm_input($elementName, $elementLabel, $attributes); $this->_type = 'recaptcha'; if (is_https()) { $this->_https = true; } else { $this->_https = false; } }
/** * constructor * * @param string $elementName (optional) name of the recaptcha element * @param string $elementLabel (optional) label for recaptcha element * @param mixed $attributes (optional) Either a typical HTML attribute string * or an associative array */ public function __construct($elementName = null, $elementLabel = null, $attributes = null) { global $CFG; parent::__construct($elementName, $elementLabel, $attributes); $this->_type = 'recaptcha'; if (is_https()) { $this->_https = true; } else { $this->_https = false; } }
function show_submit() { row1(tra("Submit profile")); echo "<script>var RecaptchaOptions = { theme : 'white' };</script>"; $config = get_config(); $publickey = parse_config($config, "<recaptcha_public_key>"); if ($publickey) { table_row(tra("Please enter the words shown in the image.") . "<br>\n" . recaptcha_get_html($publickey, null, is_https())); } table_row("<p><input type=\"submit\" value=\"" . tra("Create/edit profile") . "\" name=\"submit\">"); }
function embedly_embed_thumbnails(&$feed) { $matched_urls = array(); $embedly_re = '/(www\\.flickr\\.com\\/photos\\/.*|flic\\.kr\\/.*|www\\.mobypicture\\.com\\/user\\/.*\\/view\\/.*|moby\\.to\\/.*|.*imgur\\.com\\/.*|.*\\.posterous\\.com\\/.*|post\\.ly\\/.*|i.*\\.photobucket\\.com\\/albums\\/.*|s.*\\.photobucket\\.com\\/albums\\/.*|phodroid\\.com\\/.*\\/.*\\/.*|xkcd\\.com\\/.*|www\\.xkcd\\.com\\/.*|imgs\\.xkcd\\.com\\/.*|www\\.asofterworld\\.com\\/index\\.php\\?id=.*|www\\.asofterworld\\.com\\/.*\\.jpg|asofterworld\\.com\\/.*\\.jpg|www\\.qwantz\\.com\\/index\\.php\\?comic=.*|23hq\\.com\\/.*\\/photo\\/.*|www\\.23hq\\.com\\/.*\\/photo\\/.*|.*dribbble\\.com\\/shots\\/.*|drbl\\.in\\/.*|.*\\.smugmug\\.com\\/.*|.*\\.smugmug\\.com\\/.*#.*|emberapp\\.com\\/.*\\/images\\/.*|emberapp\\.com\\/.*\\/images\\/.*\\/sizes\\/.*|emberapp\\.com\\/.*\\/collections\\/.*\\/.*|emberapp\\.com\\/.*\\/categories\\/.*\\/.*\\/.*|embr\\.it\\/.*|picasaweb\\.google\\.com.*\\/.*\\/.*#.*|picasaweb\\.google\\.com.*\\/lh\\/photo\\/.*|picasaweb\\.google\\.com.*\\/.*\\/.*|dailybooth\\.com\\/.*\\/.*|brizzly\\.com\\/pic\\/.*|pics\\.brizzly\\.com\\/.*\\.jpg|www\\.tinypic\\.com\\/view\\.php.*|tinypic\\.com\\/view\\.php.*|www\\.tinypic\\.com\\/player\\.php.*|tinypic\\.com\\/player\\.php.*|www\\.tinypic\\.com\\/r\\/.*\\/.*|tinypic\\.com\\/r\\/.*\\/.*|.*\\.tinypic\\.com\\/.*\\.jpg|.*\\.tinypic\\.com\\/.*\\.png|meadd\\.com\\/.*\\/.*|meadd\\.com\\/.*|.*\\.deviantart\\.com\\/art\\/.*|.*\\.deviantart\\.com\\/gallery\\/.*|.*\\.deviantart\\.com\\/#\\/.*|fav\\.me\\/.*|.*\\.deviantart\\.com|.*\\.deviantart\\.com\\/gallery|.*\\.deviantart\\.com\\/.*\\/.*\\.jpg|.*\\.deviantart\\.com\\/.*\\/.*\\.gif|.*\\.deviantart\\.net\\/.*\\/.*\\.jpg|.*\\.deviantart\\.net\\/.*\\/.*\\.gif|plixi\\.com\\/p\\/.*|plixi\\.com\\/profile\\/home\\/.*|plixi\\.com\\/.*|www\\.fotopedia\\.com\\/.*\\/.*|fotopedia\\.com\\/.*\\/.*|photozou\\.jp\\/photo\\/show\\/.*\\/.*|photozou\\.jp\\/photo\\/photo_only\\/.*\\/.*|skitch\\.com\\/.*\\/.*\\/.*|img\\.skitch\\.com\\/.*|https:\\/\\/skitch\\.com\\/.*\\/.*\\/.*|https:\\/\\/img\\.skitch\\.com\\/.*|share\\.ovi\\.com\\/media\\/.*\\/.*|www\\.questionablecontent\\.net\\/|questionablecontent\\.net\\/|www\\.questionablecontent\\.net\\/view\\.php.*|questionablecontent\\.net\\/view\\.php.*|questionablecontent\\.net\\/comics\\/.*\\.png|www\\.questionablecontent\\.net\\/comics\\/.*\\.png|twitrpix\\.com\\/.*|.*\\.twitrpix\\.com\\/.*|www\\.someecards\\.com\\/.*\\/.*|someecards\\.com\\/.*\\/.*|some\\.ly\\/.*|www\\.some\\.ly\\/.*|pikchur\\.com\\/.*|achewood\\.com\\/.*|www\\.achewood\\.com\\/.*|achewood\\.com\\/index\\.php.*|www\\.achewood\\.com\\/index\\.php.*)/i'; $services = array('#twitpic\\.com\\/([\\d\\w]+)#i' => 'http://twitpic.com/show/thumb/%s', '#twitgoo\\.com\\/([\\d\\w]+)#i' => 'http://twitgoo.com/show/thumb/%s', '#tweetphoto\\.com\\/(\\d+)#' => 'http://api.plixi.com/api/tpapi.svc/imagefromurl?url=http://tweetphoto.com/%s', '#img\\.ly\\/([\\w\\d]+)#i' => 'http://img.ly/show/thumb/%s', '#picplz\\.com\\/([\\d\\w\\.]+)#' => 'http://picplz.com/%s/thumb', '#yfrog\\.com\\/([\\d\\w]+)#' => 'http://yfrog.com/%s:small', '#instagr\\.am\\/p\\/([_-\\d\\w]+)#i' => 'http://instagr.am/p/%s/media/?size=t', '#instagram\\.com\\/p\\/([_-\\d\\w]+)#i' => 'http://instagr.am/p/%s/media/?size=t'); foreach ($feed as &$status) { if ($status->entities) { if ($status->entities->urls) { foreach ($status->entities->urls as $urls) { if (preg_match($embedly_re, $urls->expanded_url) > 0) { // If it matches an Embedly supported URL $matched_urls[urlencode($urls->expanded_url)][] = $status->id; } elseif (preg_match("/.*\\.(jpg|png|gif)/i", $urls->expanded_url)) { $feed[$status->id]->text .= '<br /><a href="' . $urls->expanded_url . '"><img src="' . img_proxy_url($urls->expanded_url, TRUE) . '" style="max-width:150px;" /></a>'; } else { foreach ($services as $pattern => $thumbnail_url) { if (preg_match_all($pattern, $urls->expanded_url, $matches, PREG_PATTERN_ORDER) > 0) { foreach ($matches[1] as $key => $match) { $feed[$status->id]->text .= '<br /><a href="' . $urls->expanded_url . '"><img src="' . img_proxy_url(sprintf($thumbnail_url, $match)) . '" style="max-width:150px;" /></a>'; } } } } } } if ($status->entities->media) { $image = is_https() ? $status->entities->media[0]->media_url_https : $status->entities->media[0]->media_url; $feed[$status->id]->text .= '<br /><a href="' . $image . '"><img src="' . img_proxy_url($image, TRUE) . '" style="max-width:150px;" /></a>'; } } } // Make a single API call to Embedly. $justUrls = array_keys($matched_urls); $count = count($justUrls); if ($count == 0) { return; } if ($count > 20) { // Embedly has a limit of 20 URLs processed at a time. Not ideal for @dabr, but fair enough to ignore images after that. $justUrls = array_chunk($justUrls, 20); $justUrls = $justUrls[0]; } $url = 'http://api.embed.ly/1/oembed?key=' . EMBEDLY_KEY . '&urls=' . implode(',', $justUrls) . '&format=json'; $embedly_json = twitter_fetch($url); $oembeds = json_decode($embedly_json); // Put the thumbnails into the $feed foreach ($justUrls as $index => $url) { if ($thumb = $oembeds[$index]->thumbnail_url) { foreach ($matched_urls[$url] as $statusId) { $feed[$statusId]->text .= '<br /><a href="' . urldecode($url) . '"><img src="' . img_proxy_url($thumb) . '" style="max-width:150px;" /></a>'; } } } }
/** * Current URL * * Returns the full URL (including segments) of the page where this * function is placed * * Modified so that current_url() allows for HTTPS. Also modified * so that a specific host (domain) can replace the current one. * This is important if you want to be able to have somebody * switch the current page to another language using i18n domains. * * @param string the requested language. */ function current_url() { $CI =& get_instance(); $url = $CI->config->site_url($CI->uri->uri_string()); if (is_https()) { if (parse_url($url, PHP_URL_SCHEME) == 'http') { $url = substr($url, 0, 4) . 's' . substr($url, 4); } } // Return the current URL, making sure to attach any query string that may exist return $_SERVER['QUERY_STRING'] ? $url . '?' . $_SERVER['QUERY_STRING'] : $url; }
public function common_functions() { echo is_php('5.3'); echo is_really_writable('file.php'); echo config_item('key'); echo set_status_header('200', 'text'); echo remove_invisible_characters('Java\\0script'); echo html_escape(array()); echo get_mimes(); echo is_https(); echo is_cli(); echo function_usable('eval'); }
/** * Constructor * * Sets the $config data from the primary config.php file as a class variable * * @access public * @param string the config file name * @param boolean if configuration values should be loaded into their own section * @param boolean true if errors should just return false, false if an error message should be displayed * @return boolean if the file was successfully loaded or not */ public function __construct() { $this->config =& get_config(); log_message('debug', 'Config Class Initialized'); // Set the base_url automatically if none was provided if (empty($this->config['base_url'])) { if (isset($_SERVER['HTTP_HOST'])) { $base_url = (is_https() ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME']))); } else { $base_url = 'http://localhost/'; } $this->set_item('base_url', $base_url); } }
/** * Constructor * * Sets the $config data from the primary config.php file as a class variable * * @access public * @param string the config file name * @param boolean if configuration values should be loaded into their own section * @param boolean true if errors should just return false, false if an error message should be displayed * @return boolean if the file was successfully loaded or not */ function __construct() { $this->config =& get_config(); log_message('debug', "Config Class Initialized"); // Set the base_url automatically if none was provided if ($this->config['base_url'] == '') { // Modify by ET-NiK if (isset($_SERVER['HTTP_HOST']) && preg_match('/^((\\[[0-9a-f:]+\\])|(\\d{1,3}(\\.\\d{1,3}){3})|[a-z0-9\\-\\.]+)(:\\d+)?$/i', $_SERVER['HTTP_HOST'])) { $base_url = (is_https() ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME']))); } else { $base_url = 'http://localhost/'; } $this->set_item('base_url', $base_url); } }
/** * Class constructor * * Sets the $config data from the primary config.php file as a class variable. * * @return void */ public function __construct() { $this->config =& get_config(); // Set the base_url automatically if none was provided if (empty($this->config['base_url'])) { // The regular expression is only a basic validation for a valid "Host" header. // It's not exhaustive, only checks for valid characters. if (isset($_SERVER['HTTP_HOST']) && preg_match('/^((\\[[0-9a-f:]+\\])|(\\d{1,3}(\\.\\d{1,3}){3})|[a-z0-9\\-\\.]+)(:\\d+)?$/i', $_SERVER['HTTP_HOST'])) { $base_url = (is_https() ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME']))); } else { $base_url = 'http://localhost/'; } $this->set_item('base_url', $base_url); } log_message('info', 'Config Class Initialized'); }
/** * * */ function plugin_ssl_convert() { global $script, $script_ssl, $vars, $reg_exp_host; //------------ [重要かつ複雑なロジック] ---------------------------------- // #sslと記述されたページのみ、ssl通信の対象としたいため以下のような処理をする // (ナビ、メニュー、ナビ2などは、通常のURLにリンクさせたい) // // 0. lib/init.php で、$script_ssl が未設定なら生成される // 2. 入れ替えた後は、$script_ssl によって、コンテンツ部分の様々なURLが作られる // 3. lib/html.php 内で、元に戻す // 4. naviや、menuや、pukiwiki.skin.phpで呼び出すところでは、元の$scriptが使われる // // なるべく、ドメインを含めないURL指定を心掛けるとよいかも // // lib/html.php でSSL用の処理(HTMLコードの書き換えを実行)をするためのフラグ $qt = get_qt(); $qt->setv('plugin_ssl_flag', TRUE); $go_ssl_url = $script_ssl . '?' . rawurlencode($vars['page']); // 移動を促すメッセージ $args = func_get_args(); $msg = isset($args[0]) ? h($args[0]) : '暗号化されたページへ移動してください'; // javascriptで判定して、https:に移動させる(PHPのSERVER変数が信用できないから) $qt->setv('jquery_include', true); $js_co = check_editable($vars['page'], false, false) ? '//' : ''; $js = <<<EOD <script type="text/javascript"> if( document.location.protocol != 'https:' ){ \t{$js_co}location.href = '{$go_ssl_url}'; \t\$(function(){ \t\t\$('div#plugin_ssl_msg').html('<a href="{$go_ssl_url}" data-target="nowin">{$msg}</a>'); \t}); } </script> EOD; $qt->appendv_once('plugin_ssl', 'beforescript', $js); // 外部ウインドウで開くリストから、通常ページへのURLを除外 $p_url = parse_url(is_https() ? $script_ssl : $script); $reg_exp_host .= ($reg_exp_host == '' ? '' : '|') . $p_url['host']; return <<<EOD <div id="plugin_ssl_msg"></div> EOD; }
function form_open($action = '', $attributes = array(), $hidden = array()) { $CI =& get_instance(); // Load URL helper for the site_url and base_url functions $CI->load->helper('url'); // Set the link protocol to https if secure $link_protocol = USE_SSL && is_https() ? 'https' : NULL; // If no action is provided then set to the current url if (!$action) { $action = current_url($action); if (is_https()) { if (parse_url($action, PHP_URL_SCHEME) == 'http') { $action = substr($action, 0, 4) . 's' . substr($action, 4); } } $action = $_SERVER['QUERY_STRING'] ? $action . '?' . $_SERVER['QUERY_STRING'] : $action; } elseif (strpos($action, '://') === FALSE) { $action = site_url($action, $link_protocol); } $attributes = _attributes_to_string($attributes); if (stripos($attributes, 'method=') === FALSE) { $attributes .= ' method="post"'; } if (stripos($attributes, 'accept-charset=') === FALSE) { $attributes .= ' accept-charset="' . strtolower(config_item('charset')) . '"'; } $form = '<form action="' . $action . '"' . $attributes . ">\n"; // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites if ($CI->config->item('csrf_protection') === TRUE && strpos($action, base_url('', $link_protocol)) !== FALSE && !stripos($form, 'method="get"')) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); } // Add MY CSRF token if MY CSRF library is loaded if ($CI->load->is_loaded('tokens') && strpos($action, base_url('', $link_protocol)) !== FALSE && !stripos($form, 'method="get"')) { $hidden[$CI->tokens->name] = $CI->tokens->token(); } if (is_array($hidden)) { foreach ($hidden as $name => $value) { $form .= '<input type="hidden" name="' . $name . '" value="' . html_escape($value) . '" style="display:none;" />' . "\n"; } } return $form; }
public function setup($page, $context) { // This only requires execution once per request. static $jsinitialised = false; if (empty($jsinitialised)) { if (is_https()) { $url = get_config('filter_mathjaxloader', 'httpsurl'); } else { $url = get_config('filter_mathjaxloader', 'httpurl'); } $lang = $this->map_language_code(current_language()); $url = new moodle_url($url, array('delayStartupUntil' => 'configured')); $moduleconfig = array('name' => 'mathjax', 'fullpath' => $url); $page->requires->js_module($moduleconfig); $config = get_config('filter_mathjaxloader', 'mathjaxconfig'); $params = array('mathjaxconfig' => $config, 'lang' => $lang); $page->requires->yui_module('moodle-filter_mathjaxloader-loader', 'M.filter_mathjaxloader.configure', array($params)); $jsinitialised = true; } }
/** * Output file headers to initialise the download of the file. */ public function send_http_headers() { global $CFG; if (defined('BEHAT_SITE_RUNNING')) { // For text based formats - we cannot test the output with behat if we force a file download. return; } if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431. header('Cache-Control: max-age=10'); header('Pragma: '); } else { // Normal http - prevent caching at all cost. header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0'); header('Pragma: no-cache'); } header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT'); header("Content-Type: {$this->mimetype}\n"); $filename = $this->filename . $this->get_extension(); header("Content-Disposition: attachment; filename=\"{$filename}\""); }
public function __construct() { $this->config =& get_config(); // Set the base_url automatically if none was provided if (empty($this->config['base_url'])) { $use_host = 'localhost'; if (defined('CI_HTTP_HOST') && CI_HTTP_HOST) { $use_host = CI_HTTP_HOST; } else { if (isset($_SERVER['SERVER_ADDR'])) { $use_host = $_SERVER['SERVER_ADDR']; } } $base_url = (is_https() ? 'https' : 'http') . '://' . $use_host; if (isset($_SERVER['SCRIPT_NAME'])) { $base_url .= substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME']))); } $this->set_item('base_url', $base_url); } log_message('info', 'Config Class Initialized'); }
public function __construct() { $this->config =& get_config(); // Set the base_url automatically if none was provided if (empty($this->config['base_url'])) { // The regular expression is only a basic validation for a valid "Host" header. // It's not exhaustive, only checks for valid characters. if (isset($_SERVER['HTTP_HOST']) && preg_match('/^((\\[[0-9a-f:]+\\])|(\\d{1,3}(\\.\\d{1,3}){3})|[a-z0-9\\-\\.]+)(:\\d+)?$/i', $_SERVER['HTTP_HOST'])) { //Check if the SERVER_HOST is a trusted host to avoid HTTP Host header attacks //TODO: improve this by checking the ENVIRONMENT variable and ignore trusted_hosts when is testing or development $trusted = false; if (!empty($this->config['trusted_hosts'])) { foreach ($this->config['trusted_hosts'] as $trusted_host) { $parsed_url = parse_url(trim($trusted_host)); $path_explode = explode('/', $parsed_url['path'], 2); $real_trusted_host = trim(isset($parsed_url['host']) ? $parsed_url['host'] : array_shift($path_explode)); if ($trusted = preg_match("/^((.*?)\\.)?" . $real_trusted_host . "\$/i", $_SERVER['HTTP_HOST'])) { break; } } } else { $trusted = true; } if ($trusted) { $base_url = (is_https() ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME']))); } else { $_SERVER['HTTP_HOST'] = "localhost"; $base_url = 'http://localhost/'; } } else { $base_url = 'http://localhost/'; } $this->set_item('base_url', $base_url); } log_message('info', 'Config Class Initialized'); }
/** * Works out the URL for the users picture. * * This method is recommended as it avoids costly redirects of user pictures * if requests are made for non-existent files etc. * * @param moodle_page $page * @param renderer_base $renderer * @return moodle_url */ public function get_url(moodle_page $page, renderer_base $renderer = null) { global $CFG; if (is_null($renderer)) { $renderer = $page->get_renderer('core'); } // Sort out the filename and size. Size is only required for the gravatar // implementation presently. if (empty($this->size)) { $filename = 'f2'; $size = 35; } else { if ($this->size === true or $this->size == 1) { $filename = 'f1'; $size = 100; } else { if ($this->size > 100) { $filename = 'f3'; $size = (int) $this->size; } else { if ($this->size >= 50) { $filename = 'f1'; $size = (int) $this->size; } else { $filename = 'f2'; $size = (int) $this->size; } } } } $defaulturl = $renderer->pix_url('u/' . $filename); // default image if ((!empty($CFG->forcelogin) and !isloggedin()) || !empty($CFG->forceloginforprofileimage) && (!isloggedin() || isguestuser())) { // Protect images if login required and not logged in; // also if login is required for profile images and is not logged in or guest // do not use require_login() because it is expensive and not suitable here anyway. return $defaulturl; } // First try to detect deleted users - but do not read from database for performance reasons! if (!empty($this->user->deleted) or strpos($this->user->email, '@') === false) { // All deleted users should have email replaced by md5 hash, // all active users are expected to have valid email. return $defaulturl; } // Did the user upload a picture? if ($this->user->picture > 0) { if (!empty($this->user->contextid)) { $contextid = $this->user->contextid; } else { $context = context_user::instance($this->user->id, IGNORE_MISSING); if (!$context) { // This must be an incorrectly deleted user, all other users have context. return $defaulturl; } $contextid = $context->id; } $path = '/'; if (clean_param($page->theme->name, PARAM_THEME) == $page->theme->name) { // We append the theme name to the file path if we have it so that // in the circumstance that the profile picture is not available // when the user actually requests it they still get the profile // picture for the correct theme. $path .= $page->theme->name . '/'; } // Set the image URL to the URL for the uploaded file and return. $url = moodle_url::make_pluginfile_url($contextid, 'user', 'icon', NULL, $path, $filename); $url->param('rev', $this->user->picture); return $url; } if ($this->user->picture == 0 and !empty($CFG->enablegravatar)) { // Normalise the size variable to acceptable bounds if ($size < 1 || $size > 512) { $size = 35; } // Hash the users email address $md5 = md5(strtolower(trim($this->user->email))); // Build a gravatar URL with what we know. // Find the best default image URL we can (MDL-35669) if (empty($CFG->gravatardefaulturl)) { $absoluteimagepath = $page->theme->resolve_image_location('u/' . $filename, 'core'); if (strpos($absoluteimagepath, $CFG->dirroot) === 0) { $gravatardefault = $CFG->wwwroot . substr($absoluteimagepath, strlen($CFG->dirroot)); } else { $gravatardefault = $CFG->wwwroot . '/pix/u/' . $filename . '.png'; } } else { $gravatardefault = $CFG->gravatardefaulturl; } // If the currently requested page is https then we'll return an // https gravatar page. if (is_https()) { $gravatardefault = str_replace($CFG->wwwroot, $CFG->httpswwwroot, $gravatardefault); // Replace by secure url. return new moodle_url("https://secure.gravatar.com/avatar/{$md5}", array('s' => $size, 'd' => $gravatardefault)); } else { return new moodle_url("http://www.gravatar.com/avatar/{$md5}", array('s' => $size, 'd' => $gravatardefault)); } } return $defaulturl; }
/** * Header Redirect (Overwritten to account for adding language path in site_url function) * * Header redirect in two flavors * For very fine grained control over headers, you could use the Output * Library's set_header() function. * * @access public * @param string the URL * @param string the method: location or redirect * @param string the http response code * @param string wether to force or not https * @return string */ function redirect($uri = '', $method = 'location', $http_response_code = 302, $use_https = NULL) { if (!preg_match('#^https?://#i', $uri)) { if (is_null($use_https)) { $use_https = is_https(); } $uri = site_url($uri, $use_https, FALSE); } switch ($method) { case 'refresh': header("Refresh:0;url=" . $uri); break; default: header("Location: " . $uri, TRUE, $http_response_code); break; } exit; }
/** * Class constructor * * Sets the $config data from the primary config.php file as a class variable. * * @return void */ public function __construct() { $this->config =& get_config(); // Set the base_url automatically if none was provided if (empty($this->config['base_url'])) { if (isset($_SERVER['SERVER_ADDR'])) { if (strpos($_SERVER['SERVER_ADDR'], ':') !== FALSE) { $server_addr = '[' . $_SERVER['SERVER_ADDR'] . ']'; } else { $server_addr = $_SERVER['SERVER_ADDR']; } $base_url = (is_https() ? 'https' : 'http') . '://' . $server_addr . substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME']))); } else { $base_url = 'http://localhost/'; } $this->set_item('base_url', $base_url); } log_message('info', 'Config Class Initialized'); }
/** * attempt to build up a request from what was passed to the server */ public static function from_request($http_method = null, $http_url = null, $parameters = null) { $scheme = !is_https() ? 'http' : 'https'; $port = ""; if ($_SERVER['SERVER_PORT'] != "80" && $_SERVER['SERVER_PORT'] != "443" && strpos(':', $_SERVER['HTTP_HOST']) < 0) { $port = ':' . $_SERVER['SERVER_PORT']; } @$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $port . $_SERVER['REQUEST_URI']; @$http_method or $http_method = $_SERVER['REQUEST_METHOD']; // We weren't handed any parameters, so let's find the ones relevant to // this request. // If you run XML-RPC or similar you should use this to provide your own // parsed parameter-list if (!$parameters) { // Find request headers $request_headers = OAuthUtil::get_headers(); // Parse the query-string to find GET parameters $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']); $ourpost = $_POST; // Deal with magic_quotes // http://www.php.net/manual/en/security.magicquotes.disabling.php if (get_magic_quotes_gpc()) { $outpost = array(); foreach ($_POST as $k => $v) { $v = stripslashes($v); $ourpost[$k] = $v; } } // Add POST Parameters if they exist $parameters = array_merge($parameters, $ourpost); // We have a Authorization-header with OAuth data. Parse the header // and add those overriding any duplicates from GET or POST if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") { $header_parameters = OAuthUtil::split_header($request_headers['Authorization']); $parameters = array_merge($parameters, $header_parameters); } } return new OAuthRequest($http_method, $http_url, $parameters); }
define('PUBLIC', 1); define('XMLRPC', 1); define('TITLE', ''); global $SESSION, $USER; // Catch anything that goes wrong in init.php ob_start(); require dirname(dirname(__FILE__)) . '/init.php'; $errors = trim(ob_get_contents()); ob_end_clean(); require_once dirname(__FILE__) . '/lib.php'; if (!webservice_protocol_is_enabled('oauth')) { header("HTTP/1.0 404 Not Found"); die; } // you must use HTTPS as token based auth is a hazzard without it if (!is_https()) { header("HTTP/1.0 403 Forbidden - HTTPS must be used"); die; } /* * Always announce XRDS OAuth discovery */ header('X-XRDS-Location: ' . get_config('wwwroot') . 'webservice/oauthv1/services.xrds'); /* * Initialize OAuth store */ require_once get_config('docroot') . 'webservice/libs/oauth-php/OAuthServer.php'; require_once get_config('docroot') . 'webservice/libs/oauth-php/OAuthStore.php'; OAuthStore::instance('Mahara'); global $server; $server = new OAuthServer();
/** * Returns a block of HTML that the Google Apps block can use to list * which Google services are supported. */ private static function get_html_of_supported_googleapps() { $smarty = smarty_core(); $smarty->assign('lang', substr(get_config('lang'), 0, 2)); if (is_https() === true) { $smarty->assign('protocol', 'https'); } else { $smarty->assign('protocol', 'http'); } return $smarty->fetch('blocktype:googleapps:supported.tpl'); }
* This file contains settings used by tool_mobile * * @package tool_mobile * @copyright 2016 Juan Leyva * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ defined('MOODLE_INTERNAL') || die; if ($hassiteconfig) { $ADMIN->add('root', new admin_category('mobileapp', new lang_string('mobileapp', 'tool_mobile')), 'development'); $temp = new admin_settingpage('mobilesettings', new lang_string('mobilesettings', 'tool_mobile'), 'moodle/site:config', false); // We should wait to the installation to finish since we depend on some configuration values that are set once // the admin user profile is configured. if (!during_initial_install()) { $enablemobiledocurl = new moodle_url(get_docs_url('Enable_mobile_web_services')); $enablemobiledoclink = html_writer::link($enablemobiledocurl, new lang_string('documentation')); $default = is_https() ? 1 : 0; $temp->add(new admin_setting_enablemobileservice('enablemobilewebservice', new lang_string('enablemobilewebservice', 'admin'), new lang_string('configenablemobilewebservice', 'admin', $enablemobiledoclink), $default)); } $ADMIN->add('mobileapp', $temp); // Show only mobile settings if the mobile service is enabled. if (!empty($CFG->enablemobilewebservice)) { // Type of login. $temp = new admin_settingpage('mobileauthentication', new lang_string('mobileauthentication', 'tool_mobile')); $options = array(tool_mobile\api::LOGIN_VIA_APP => new lang_string('loginintheapp', 'tool_mobile'), tool_mobile\api::LOGIN_VIA_BROWSER => new lang_string('logininthebrowser', 'tool_mobile'), tool_mobile\api::LOGIN_VIA_EMBEDDED_BROWSER => new lang_string('loginintheembeddedbrowser', 'tool_mobile')); $temp->add(new admin_setting_configselect('tool_mobile/typeoflogin', new lang_string('typeoflogin', 'tool_mobile'), new lang_string('typeoflogin_desc', 'tool_mobile'), 1, $options)); $temp->add(new admin_setting_configtext('tool_mobile/forcedurlscheme', new lang_string('forcedurlscheme_key', 'tool_mobile'), new lang_string('forcedurlscheme', 'tool_mobile'), '', PARAM_NOTAGS)); $ADMIN->add('mobileapp', $temp); // Appearance related settings. $temp = new admin_settingpage('mobileappearance', new lang_string('mobileappearance', 'tool_mobile')); $temp->add(new admin_setting_configtext('mobilecssurl', new lang_string('mobilecssurl', 'tool_mobile'), new lang_string('configmobilecssurl', 'tool_mobile'), '', PARAM_URL)); $temp->add(new admin_setting_heading('tool_mobile/smartappbanners', new lang_string('smartappbanners', 'tool_mobile'), ''));
/** * Page requirements constructor. */ public function __construct() { global $CFG; // You may need to set up URL rewrite rule because oversized URLs might not be allowed by web server. $sep = empty($CFG->yuislasharguments) ? '?' : '/'; $this->yui3loader = new stdClass(); $this->YUI_config = new YUI_config(); if (is_https()) { // On HTTPS sites all JS must be loaded from https sites, // YUI CDN does not support https yet, sorry. $CFG->useexternalyui = 0; } // Set up some loader options. $this->yui3loader->local_base = $CFG->httpswwwroot . '/lib/yuilib/' . $CFG->yui3version . '/'; $this->yui3loader->local_comboBase = $CFG->httpswwwroot . '/theme/yui_combo.php' . $sep; if (!empty($CFG->useexternalyui)) { $this->yui3loader->base = 'http://yui.yahooapis.com/' . $CFG->yui3version . '/'; $this->yui3loader->comboBase = 'http://yui.yahooapis.com/combo?'; } else { $this->yui3loader->base = $this->yui3loader->local_base; $this->yui3loader->comboBase = $this->yui3loader->local_comboBase; } // Enable combo loader? This significantly helps with caching and performance! $this->yui3loader->combine = !empty($CFG->yuicomboloading); $jsrev = $this->get_jsrev(); // Set up JS YUI loader helper object. $this->YUI_config->base = $this->yui3loader->base; $this->YUI_config->comboBase = $this->yui3loader->comboBase; $this->YUI_config->combine = $this->yui3loader->combine; // If we've had to patch any YUI modules between releases, we must override the YUI configuration to include them. // For important information on patching YUI modules, please see http://docs.moodle.org/dev/YUI/Patching. if (!empty($CFG->yuipatchedmodules) && !empty($CFG->yuipatchlevel)) { $this->YUI_config->define_patched_core_modules($this->yui3loader->local_comboBase, $CFG->yui3version, $CFG->yuipatchlevel, $CFG->yuipatchedmodules); } $configname = $this->YUI_config->set_config_source('lib/yui/config/yui2.js'); $this->YUI_config->add_group('yui2', array('base' => $CFG->httpswwwroot . '/lib/yuilib/2in3/' . $CFG->yui2version . '/build/', 'comboBase' => $CFG->httpswwwroot . '/theme/yui_combo.php' . $sep, 'combine' => $this->yui3loader->combine, 'ext' => false, 'root' => '2in3/' . $CFG->yui2version . '/build/', 'patterns' => array('yui2-' => array('group' => 'yui2', 'configFn' => $configname)))); $configname = $this->YUI_config->set_config_source('lib/yui/config/moodle.js'); $this->YUI_config->add_group('moodle', array('name' => 'moodle', 'base' => $CFG->httpswwwroot . '/theme/yui_combo.php' . $sep . 'm/' . $jsrev . '/', 'combine' => $this->yui3loader->combine, 'comboBase' => $CFG->httpswwwroot . '/theme/yui_combo.php' . $sep, 'ext' => false, 'root' => 'm/' . $jsrev . '/', 'patterns' => array('moodle-' => array('group' => 'moodle', 'configFn' => $configname)))); $this->YUI_config->add_group('gallery', array('name' => 'gallery', 'base' => $CFG->httpswwwroot . '/lib/yuilib/gallery/', 'combine' => $this->yui3loader->combine, 'comboBase' => $CFG->httpswwwroot . '/theme/yui_combo.php' . $sep, 'ext' => false, 'root' => 'gallery/' . $jsrev . '/', 'patterns' => array('gallery-' => array('group' => 'gallery')))); // Set some more loader options applying to groups too. if ($CFG->debugdeveloper) { // When debugging is enabled, we want to load the non-minified (RAW) versions of YUI library modules rather // than the DEBUG versions as these generally generate too much logging for our purposes. // However we do want the DEBUG versions of our Moodle-specific modules. // To debug a YUI-specific issue, change the yui3loader->filter value to DEBUG. $this->YUI_config->filter = 'RAW'; $this->YUI_config->groups['moodle']['filter'] = 'DEBUG'; // We use the yui3loader->filter setting when writing the YUI3 seed scripts into the header. $this->yui3loader->filter = $this->YUI_config->filter; $this->YUI_config->debug = true; } else { $this->yui3loader->filter = null; $this->YUI_config->groups['moodle']['filter'] = null; $this->YUI_config->debug = false; } // Include the YUI config log filters. if (!empty($CFG->yuilogexclude) && is_array($CFG->yuilogexclude)) { $this->YUI_config->logExclude = $CFG->yuilogexclude; } if (!empty($CFG->yuiloginclude) && is_array($CFG->yuiloginclude)) { $this->YUI_config->logInclude = $CFG->yuiloginclude; } if (!empty($CFG->yuiloglevel)) { $this->YUI_config->logLevel = $CFG->yuiloglevel; } // Add the moodle group's module data. $this->YUI_config->add_moodle_metadata(); // Every page should include definition of following modules. $this->js_module($this->find_module('core_filepicker')); }
/** * CSRF Set Cookie * * @codeCoverageIgnore * @return CI_Security */ public function csrf_set_cookie() { $expire = time() + $this->_csrf_expire; $secure_cookie = (bool) config_item('cookie_secure'); if ($secure_cookie && !is_https()) { return FALSE; } setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie, config_item('cookie_httponly')); log_message('debug', 'CRSF cookie Set'); return $this; }
/** * Constructor for the REST API * * @access public * @param string $config Configuration filename minus the file extension * e.g: my_rest.php is passed as 'my_rest' * @return void */ public function __construct($config = 'rest') { parent::__construct(); // Disable XML Entity (security vulnerability) libxml_disable_entity_loader(TRUE); // Check to see if PHP is equal to or greater than 5.4.x if (is_php('5.4') === FALSE) { // CodeIgniter 3 is recommended for v5.4 or above throw new Exception('Using PHP v' . PHP_VERSION . ', though PHP v5.4 or greater is required'); } // Check to see if this is CI 3.x if (explode('.', CI_VERSION, 2)[0] < 3) { throw new Exception('REST Server requires CodeIgniter 3.x'); } // Set the default value of global xss filtering. Same approach as CodeIgniter 3 $this->_enable_xss = $this->config->item('global_xss_filtering') === TRUE; // Don't try to parse template variables like {elapsed_time} and {memory_usage} // when output is displayed for not damaging data accidentally $this->output->parse_exec_vars = FALSE; // Start the timer for how long the request takes $this->_start_rtime = microtime(TRUE); // Load the rest.php configuration file $this->load->config($config); // At present the library is bundled with REST_Controller 2.5+, but will eventually be part of CodeIgniter (no citation) $this->load->library('format'); // Determine supported output formats from configiguration. $supported_formats = $this->config->item('rest_supported_formats'); // Validate the configuration setting output formats if (empty($supported_formats)) { $supported_formats = []; } if (!is_array($supported_formats)) { $supported_formats = [$supported_formats]; } // Add silently the default output format if it is missing. $default_format = $this->_get_default_output_format(); if (!in_array($default_format, $supported_formats)) { $supported_formats[] = $default_format; } // Now update $this->_supported_formats $this->_supported_formats = array_intersect_key($this->_supported_formats, array_flip($supported_formats)); // Get the language $language = $this->config->item('rest_language'); if ($language === NULL) { $language = 'english'; } // Load the language file $this->lang->load('rest_controller', $language); // Initialise the response, request and rest objects $this->request = new stdClass(); $this->response = new stdClass(); $this->rest = new stdClass(); // Check to see if the current IP address is blacklisted if ($this->config->item('rest_ip_blacklist_enabled') === TRUE) { $this->_check_blacklist_auth(); } // Determine whether the connection is HTTPS $this->request->ssl = is_https(); // How is this request being made? GET, POST, PATCH, DELETE, INSERT, PUT, HEAD or OPTIONS $this->request->method = $this->_detect_method(); // Create an argument container if it doesn't exist e.g. _get_args if (isset($this->{'_' . $this->request->method . '_args'}) === FALSE) { $this->{'_' . $this->request->method . '_args'} = []; } // Set up the query parameters $this->_parse_query(); // Set up the GET variables $this->_get_args = array_merge($this->_get_args, $this->uri->ruri_to_assoc()); // Try to find a format for the request (means we have a request body) $this->request->format = $this->_detect_input_format(); // Not all methods have a body attached with them $this->request->body = NULL; $this->{'_parse_' . $this->request->method}(); // Now we know all about our request, let's try and parse the body if it exists if ($this->request->format && $this->request->body) { $this->request->body = $this->format->factory($this->request->body, $this->request->format)->to_array(); // Assign payload arguments to proper method container $this->{'_' . $this->request->method . '_args'} = $this->request->body; } // Merge both for one mega-args variable $this->_args = array_merge($this->_get_args, $this->_options_args, $this->_patch_args, $this->_head_args, $this->_put_args, $this->_post_args, $this->_delete_args, $this->{'_' . $this->request->method . '_args'}); // Which format should the data be returned in? $this->response->format = $this->_detect_output_format(); // Which language should the data be returned in? $this->response->lang = $this->_detect_lang(); // Extend this function to apply additional checking early on in the process $this->early_checks(); // Load DB if its enabled if ($this->config->item('rest_database_group') && ($this->config->item('rest_enable_keys') || $this->config->item('rest_enable_logging'))) { $this->rest->db = $this->load->database($this->config->item('rest_database_group'), TRUE); } elseif (property_exists($this, 'db')) { $this->rest->db = $this->db; } // Check if there is a specific auth type for the current class/method // _auth_override_check could exit so we need $this->rest->db initialized before $this->auth_override = $this->_auth_override_check(); // Checking for keys? GET TO WorK! // Skip keys test for $config['auth_override_class_method']['class'['method'] = 'none' if ($this->config->item('rest_enable_keys') && $this->auth_override !== TRUE) { $this->_allow = $this->_detect_api_key(); } // Only allow ajax requests if ($this->input->is_ajax_request() === FALSE && $this->config->item('rest_ajax_only')) { // Display an error response $this->response([$this->config->item('rest_status_field_name') => FALSE, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ajax_only')], self::HTTP_NOT_ACCEPTABLE); } // When there is no specific override for the current class/method, use the default auth value set in the config if ($this->auth_override === FALSE && !($this->config->item('rest_enable_keys') && $this->_allow === TRUE)) { $rest_auth = strtolower($this->config->item('rest_auth')); switch ($rest_auth) { case 'basic': $this->_prepare_basic_auth(); break; case 'digest': $this->_prepare_digest_auth(); break; case 'session': $this->_check_php_session(); break; } if ($this->config->item('rest_ip_whitelist_enabled') === TRUE) { $this->_check_whitelist_auth(); } } }
/** * Handles the sending of file data to the user's browser, including support for * byteranges etc. * * The $options parameter supports the following keys: * (string|null) preview - send the preview of the file (e.g. "thumb" for a thumbnail) * (string|null) filename - overrides the implicit filename * (bool) dontdie - return control to caller afterwards. this is not recommended and only used for cleanup tasks. * if this is passed as true, ignore_user_abort is called. if you don't want your processing to continue on cancel, * you must detect this case when control is returned using connection_aborted. Please not that session is closed * and should not be reopened * (string|null) cacheability - force the cacheability setting of the HTTP response, "private" or "public", * when $lifetime is greater than 0. Cacheability defaults to "private" when logged in as other than guest; otherwise, * defaults to "public". * * @category files * @param stored_file $stored_file local file object * @param int $lifetime Number of seconds before the file should expire from caches (null means $CFG->filelifetime) * @param int $filter 0 (default)=no filtering, 1=all files, 2=html files only * @param bool $forcedownload If true (default false), forces download of file rather than view in browser/plugin * @param array $options additional options affecting the file serving * @return null script execution stopped unless $options['dontdie'] is true */ function send_stored_file($stored_file, $lifetime = null, $filter = 0, $forcedownload = false, array $options = array()) { global $CFG, $COURSE; if (empty($options['filename'])) { $filename = null; } else { $filename = $options['filename']; } if (empty($options['dontdie'])) { $dontdie = false; } else { $dontdie = true; } if ($lifetime === 'default' or is_null($lifetime)) { $lifetime = $CFG->filelifetime; } if (!empty($options['preview'])) { // replace the file with its preview $fs = get_file_storage(); $preview_file = $fs->get_file_preview($stored_file, $options['preview']); if (!$preview_file) { // unable to create a preview of the file, send its default mime icon instead if ($options['preview'] === 'tinyicon') { $size = 24; } else { if ($options['preview'] === 'thumb') { $size = 90; } else { $size = 256; } } $fileicon = file_file_icon($stored_file, $size); send_file($CFG->dirroot . '/pix/' . $fileicon . '.png', basename($fileicon) . '.png'); } else { // preview images have fixed cache lifetime and they ignore forced download // (they are generated by GD and therefore they are considered reasonably safe). $stored_file = $preview_file; $lifetime = DAYSECS; $filter = 0; $forcedownload = false; } } // handle external resource if ($stored_file && $stored_file->is_external_file() && !isset($options['sendcachedexternalfile'])) { $stored_file->send_file($lifetime, $filter, $forcedownload, $options); die; } if (!$stored_file or $stored_file->is_directory()) { // nothing to serve if ($dontdie) { return; } die; } if ($dontdie) { ignore_user_abort(true); } \core\session\manager::write_close(); // Unlock session during file serving. $filename = is_null($filename) ? $stored_file->get_filename() : $filename; // Use given MIME type if specified. $mimetype = $stored_file->get_mimetype(); // Otherwise guess it. if (!$mimetype || $mimetype === 'document/unknown') { $mimetype = get_mimetype_for_sending($filename); } // if user is using IE, urlencode the filename so that multibyte file name will show up correctly on popup if (core_useragent::is_ie()) { $filename = rawurlencode($filename); } if ($forcedownload) { header('Content-Disposition: attachment; filename="' . $filename . '"'); } else { if ($mimetype !== 'application/x-shockwave-flash') { // If this is an swf don't pass content-disposition with filename as this makes the flash player treat the file // as an upload and enforces security that may prevent the file from being loaded. header('Content-Disposition: inline; filename="' . $filename . '"'); } } if ($lifetime > 0) { $cacheability = ' public,'; if (!empty($options['cacheability']) && $options['cacheability'] === 'public') { // This file must be cache-able by both browsers and proxies. $cacheability = ' public,'; } else { if (!empty($options['cacheability']) && $options['cacheability'] === 'private') { // This file must be cache-able only by browsers. $cacheability = ' private,'; } else { if (isloggedin() and !isguestuser()) { $cacheability = ' private,'; } } } header('Cache-Control:' . $cacheability . ' max-age=' . $lifetime . ', no-transform'); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT'); header('Pragma: '); } else { // Do not cache files in proxies and browsers if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431. header('Cache-Control: private, max-age=10, no-transform'); header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT'); header('Pragma: '); } else { //normal http - prevent caching at all cost header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform'); header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT'); header('Pragma: no-cache'); } } // Allow cross-origin requests only for Web Services. // This allow to receive requests done by Web Workers or webapps in different domains. if (WS_SERVER) { header('Access-Control-Allow-Origin: *'); } if (empty($filter)) { // send the contents readfile_accel($stored_file, $mimetype, !$dontdie); } else { // Try to put the file through filters if ($mimetype == 'text/html' || $mimetype == 'application/xhtml+xml') { $options = new stdClass(); $options->noclean = true; $options->nocache = true; // temporary workaround for MDL-5136 $text = $stored_file->get_content(); $text = file_modify_html_header($text); $output = format_text($text, FORMAT_HTML, $options, $COURSE->id); readstring_accel($output, $mimetype, false); } else { if ($mimetype == 'text/plain' and $filter == 1) { // only filter text if filter all files is selected $options = new stdClass(); $options->newlines = false; $options->noclean = true; $text = $stored_file->get_content(); $output = '<pre>' . format_text($text, FORMAT_MOODLE, $options, $COURSE->id) . '</pre>'; readstring_accel($output, $mimetype, false); } else { // Just send it out raw readfile_accel($stored_file, $mimetype, !$dontdie); } } } if ($dontdie) { return; } die; //no more chars to output!!! }