/** * Handles the sending of file data to the user's browser, including support for * byteranges etc. * * The $options parameter supports the following keys: * (string|null) preview - send the preview of the file (e.g. "thumb" for a thumbnail) * (string|null) filename - overrides the implicit filename * (bool) dontdie - return control to caller afterwards. this is not recommended and only used for cleanup tasks. * if this is passed as true, ignore_user_abort is called. if you don't want your processing to continue on cancel, * you must detect this case when control is returned using connection_aborted. Please not that session is closed * and should not be reopened * (string|null) cacheability - force the cacheability setting of the HTTP response, "private" or "public", * when $lifetime is greater than 0. Cacheability defaults to "private" when logged in as other than guest; otherwise, * defaults to "public". * * @category files * @param stored_file $stored_file local file object * @param int $lifetime Number of seconds before the file should expire from caches (null means $CFG->filelifetime) * @param int $filter 0 (default)=no filtering, 1=all files, 2=html files only * @param bool $forcedownload If true (default false), forces download of file rather than view in browser/plugin * @param array $options additional options affecting the file serving * @return null script execution stopped unless $options['dontdie'] is true */ function send_stored_file($stored_file, $lifetime = null, $filter = 0, $forcedownload = false, array $options = array()) { global $CFG, $COURSE; if (empty($options['filename'])) { $filename = null; } else { $filename = $options['filename']; } if (empty($options['dontdie'])) { $dontdie = false; } else { $dontdie = true; } if ($lifetime === 'default' or is_null($lifetime)) { $lifetime = $CFG->filelifetime; } if (!empty($options['preview'])) { // replace the file with its preview $fs = get_file_storage(); $preview_file = $fs->get_file_preview($stored_file, $options['preview']); if (!$preview_file) { // unable to create a preview of the file, send its default mime icon instead if ($options['preview'] === 'tinyicon') { $size = 24; } else { if ($options['preview'] === 'thumb') { $size = 90; } else { $size = 256; } } $fileicon = file_file_icon($stored_file, $size); send_file($CFG->dirroot . '/pix/' . $fileicon . '.png', basename($fileicon) . '.png'); } else { // preview images have fixed cache lifetime and they ignore forced download // (they are generated by GD and therefore they are considered reasonably safe). $stored_file = $preview_file; $lifetime = DAYSECS; $filter = 0; $forcedownload = false; } } // handle external resource if ($stored_file && $stored_file->is_external_file() && !isset($options['sendcachedexternalfile'])) { $stored_file->send_file($lifetime, $filter, $forcedownload, $options); die; } if (!$stored_file or $stored_file->is_directory()) { // nothing to serve if ($dontdie) { return; } die; } if ($dontdie) { ignore_user_abort(true); } \core\session\manager::write_close(); // Unlock session during file serving. $filename = is_null($filename) ? $stored_file->get_filename() : $filename; // Use given MIME type if specified. $mimetype = $stored_file->get_mimetype(); // Otherwise guess it. if (!$mimetype || $mimetype === 'document/unknown') { $mimetype = get_mimetype_for_sending($filename); } // if user is using IE, urlencode the filename so that multibyte file name will show up correctly on popup if (core_useragent::is_ie()) { $filename = rawurlencode($filename); } if ($forcedownload) { header('Content-Disposition: attachment; filename="' . $filename . '"'); } else { if ($mimetype !== 'application/x-shockwave-flash') { // If this is an swf don't pass content-disposition with filename as this makes the flash player treat the file // as an upload and enforces security that may prevent the file from being loaded. header('Content-Disposition: inline; filename="' . $filename . '"'); } } if ($lifetime > 0) { $cacheability = ' public,'; if (!empty($options['cacheability']) && $options['cacheability'] === 'public') { // This file must be cache-able by both browsers and proxies. $cacheability = ' public,'; } else { if (!empty($options['cacheability']) && $options['cacheability'] === 'private') { // This file must be cache-able only by browsers. $cacheability = ' private,'; } else { if (isloggedin() and !isguestuser()) { $cacheability = ' private,'; } } } header('Cache-Control:' . $cacheability . ' max-age=' . $lifetime . ', no-transform'); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT'); header('Pragma: '); } else { // Do not cache files in proxies and browsers if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431. header('Cache-Control: private, max-age=10, no-transform'); header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT'); header('Pragma: '); } else { //normal http - prevent caching at all cost header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform'); header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT'); header('Pragma: no-cache'); } } // Allow cross-origin requests only for Web Services. // This allow to receive requests done by Web Workers or webapps in different domains. if (WS_SERVER) { header('Access-Control-Allow-Origin: *'); } if (empty($filter)) { // send the contents readfile_accel($stored_file, $mimetype, !$dontdie); } else { // Try to put the file through filters if ($mimetype == 'text/html' || $mimetype == 'application/xhtml+xml') { $options = new stdClass(); $options->noclean = true; $options->nocache = true; // temporary workaround for MDL-5136 $text = $stored_file->get_content(); $text = file_modify_html_header($text); $output = format_text($text, FORMAT_HTML, $options, $COURSE->id); readstring_accel($output, $mimetype, false); } else { if ($mimetype == 'text/plain' and $filter == 1) { // only filter text if filter all files is selected $options = new stdClass(); $options->newlines = false; $options->noclean = true; $text = $stored_file->get_content(); $output = '<pre>' . format_text($text, FORMAT_MOODLE, $options, $COURSE->id) . '</pre>'; readstring_accel($output, $mimetype, false); } else { // Just send it out raw readfile_accel($stored_file, $mimetype, !$dontdie); } } } if ($dontdie) { return; } die; //no more chars to output!!! }
/** * Handles the sending of file data to the user's browser, including support for * byteranges etc. * * The $options parameter supports the following keys: * (string|null) preview - send the preview of the file (e.g. "thumb" for a thumbnail) * (string|null) filename - overrides the implicit filename * (bool) dontdie - return control to caller afterwards. this is not recommended and only used for cleanup tasks. * if this is passed as true, ignore_user_abort is called. if you don't want your processing to continue on cancel, * you must detect this case when control is returned using connection_aborted. Please not that session is closed * and should not be reopened. * * @category files * @param stored_file $stored_file local file object * @param int $lifetime Number of seconds before the file should expire from caches (null means $CFG->filelifetime) * @param int $filter 0 (default)=no filtering, 1=all files, 2=html files only * @param bool $forcedownload If true (default false), forces download of file rather than view in browser/plugin * @param array $options additional options affecting the file serving * @return null script execution stopped unless $options['dontdie'] is true */ function send_stored_file($stored_file, $lifetime = null, $filter = 0, $forcedownload = false, array $options = array()) { global $CFG, $COURSE; if (empty($options['filename'])) { $filename = null; } else { $filename = $options['filename']; } if (empty($options['dontdie'])) { $dontdie = false; } else { $dontdie = true; } if ($lifetime === 'default' or is_null($lifetime)) { $lifetime = $CFG->filelifetime; } if (!empty($options['preview'])) { // replace the file with its preview $fs = get_file_storage(); $preview_file = $fs->get_file_preview($stored_file, $options['preview']); if (!$preview_file) { // unable to create a preview of the file, send its default mime icon instead if ($options['preview'] === 'tinyicon') { $size = 24; } else { if ($options['preview'] === 'thumb') { $size = 90; } else { $size = 256; } } $fileicon = file_file_icon($stored_file, $size); send_file($CFG->dirroot . '/pix/' . $fileicon . '.png', basename($fileicon) . '.png'); } else { // preview images have fixed cache lifetime and they ignore forced download // (they are generated by GD and therefore they are considered reasonably safe). $stored_file = $preview_file; $lifetime = DAYSECS; $filter = 0; $forcedownload = false; } } // handle external resource if ($stored_file && $stored_file->is_external_file() && !isset($options['sendcachedexternalfile'])) { $stored_file->send_file($lifetime, $filter, $forcedownload, $options); die; } if (!$stored_file or $stored_file->is_directory()) { // nothing to serve if ($dontdie) { return; } die; } if ($dontdie) { ignore_user_abort(true); } \core\session\manager::write_close(); // Unlock session during file serving. // Use given MIME type if specified, otherwise guess it using mimeinfo. // IE, Konqueror and Opera open html file directly in browser from web even when directed to save it to disk :-O // only Firefox saves all files locally before opening when content-disposition: attachment stated $filename = is_null($filename) ? $stored_file->get_filename() : $filename; $isFF = core_useragent::is_firefox(); // only FF properly tested $mimetype = ($forcedownload and !$isFF) ? 'application/x-forcedownload' : ($stored_file->get_mimetype() ? $stored_file->get_mimetype() : mimeinfo('type', $filename)); // if user is using IE, urlencode the filename so that multibyte file name will show up correctly on popup if (core_useragent::is_ie()) { $filename = rawurlencode($filename); } if ($forcedownload) { header('Content-Disposition: attachment; filename="' . $filename . '"'); } else { header('Content-Disposition: inline; filename="' . $filename . '"'); } if ($lifetime > 0) { $private = ''; if (isloggedin() and !isguestuser()) { $private = ' private,'; } header('Cache-Control:' . $private . ' max-age=' . $lifetime . ', no-transform'); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT'); header('Pragma: '); } else { // Do not cache files in proxies and browsers if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431 header('Cache-Control: private, max-age=10, no-transform'); header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT'); header('Pragma: '); } else { //normal http - prevent caching at all cost header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform'); header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT'); header('Pragma: no-cache'); } } if (empty($filter)) { // send the contents readfile_accel($stored_file, $mimetype, !$dontdie); } else { // Try to put the file through filters if ($mimetype == 'text/html') { $options = new stdClass(); $options->noclean = true; $options->nocache = true; // temporary workaround for MDL-5136 $text = $stored_file->get_content(); $text = file_modify_html_header($text); $output = format_text($text, FORMAT_HTML, $options, $COURSE->id); readstring_accel($output, $mimetype, false); } else { if ($mimetype == 'text/plain' and $filter == 1) { // only filter text if filter all files is selected $options = new stdClass(); $options->newlines = false; $options->noclean = true; $text = $stored_file->get_content(); $output = '<pre>' . format_text($text, FORMAT_MOODLE, $options, $COURSE->id) . '</pre>'; readstring_accel($output, $mimetype, false); } else { // Just send it out raw readfile_accel($stored_file, $mimetype, !$dontdie); } } } if ($dontdie) { return; } die; //no more chars to output!!! }
/** * Handles the sending of file data to the user's browser, including support for * byteranges etc. * * @global object * @global object * @global object * @param object $stored_file local file object * @param int $lifetime Number of seconds before the file should expire from caches (default 24 hours) * @param int $filter 0 (default)=no filtering, 1=all files, 2=html files only * @param bool $forcedownload If true (default false), forces download of file rather than view in browser/plugin * @param string $filename Override filename * @param bool $dontdie - return control to caller afterwards. this is not recommended and only used for cleanup tasks. * if this is passed as true, ignore_user_abort is called. if you don't want your processing to continue on cancel, * you must detect this case when control is returned using connection_aborted. Please not that session is closed * and should not be reopened. * @return void no return or void, script execution stopped unless $dontdie is true */ function send_stored_file($stored_file, $lifetime = 86400, $filter = 0, $forcedownload = false, $filename = null, $dontdie = false) { global $CFG, $COURSE, $SESSION; if (!$stored_file or $stored_file->is_directory()) { // nothing to serve if ($dontdie) { return; } die; } if ($dontdie) { ignore_user_abort(true); } session_get_instance()->write_close(); // unlock session during fileserving // Use given MIME type if specified, otherwise guess it using mimeinfo. // IE, Konqueror and Opera open html file directly in browser from web even when directed to save it to disk :-O // only Firefox saves all files locally before opening when content-disposition: attachment stated $filename = is_null($filename) ? $stored_file->get_filename() : $filename; $isFF = check_browser_version('Firefox', '1.5'); // only FF > 1.5 properly tested $mimetype = ($forcedownload and !$isFF) ? 'application/x-forcedownload' : ($stored_file->get_mimetype() ? $stored_file->get_mimetype() : mimeinfo('type', $filename)); $lastmodified = $stored_file->get_timemodified(); $filesize = $stored_file->get_filesize(); //try to disable automatic sid rewrite in cookieless mode @ini_set("session.use_trans_sid", "false"); if ($lifetime > 0 && !empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) { // get unixtime of request header; clip extra junk off first $since = strtotime(preg_replace('/;.*$/', '', $_SERVER["HTTP_IF_MODIFIED_SINCE"])); if ($since && $since >= $lastmodified) { header('HTTP/1.1 304 Not Modified'); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT'); header('Cache-Control: max-age=' . $lifetime); header('Content-Type: ' . $mimetype); if ($dontdie) { return; } die; } } //do not put '@' before the next header to detect incorrect moodle configurations, //error should be better than "weird" empty lines for admins/users //TODO: should we remove all those @ before the header()? Are all of the values supported on all servers? header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastmodified) . ' GMT'); // if user is using IE, urlencode the filename so that multibyte file name will show up correctly on popup if (check_browser_version('MSIE')) { $filename = rawurlencode($filename); } if ($forcedownload) { header('Content-Disposition: attachment; filename="' . $filename . '"'); } else { header('Content-Disposition: inline; filename="' . $filename . '"'); } if ($lifetime > 0) { header('Cache-Control: max-age=' . $lifetime); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT'); header('Pragma: '); if (empty($CFG->disablebyteserving) && $mimetype != 'text/plain' && $mimetype != 'text/html') { header('Accept-Ranges: bytes'); if (!empty($_SERVER['HTTP_RANGE']) && strpos($_SERVER['HTTP_RANGE'], 'bytes=') !== FALSE) { // byteserving stuff - for acrobat reader and download accelerators // see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35 // inspired by: http://www.coneural.org/florian/papers/04_byteserving.php $ranges = false; if (preg_match_all('/(\\d*)-(\\d*)/', $_SERVER['HTTP_RANGE'], $ranges, PREG_SET_ORDER)) { foreach ($ranges as $key => $value) { if ($ranges[$key][1] == '') { //suffix case $ranges[$key][1] = $filesize - $ranges[$key][2]; $ranges[$key][2] = $filesize - 1; } else { if ($ranges[$key][2] == '' || $ranges[$key][2] > $filesize - 1) { //fix range length $ranges[$key][2] = $filesize - 1; } } if ($ranges[$key][2] != '' && $ranges[$key][2] < $ranges[$key][1]) { //invalid byte-range ==> ignore header $ranges = false; break; } //prepare multipart header $ranges[$key][0] = "\r\n--" . BYTESERVING_BOUNDARY . "\r\nContent-Type: {$mimetype}\r\n"; $ranges[$key][0] .= "Content-Range: bytes {$ranges[$key][1]}-{$ranges[$key][2]}/{$filesize}\r\n\r\n"; } } else { $ranges = false; } if ($ranges) { byteserving_send_file($stored_file->get_content_file_handle(), $mimetype, $ranges, $filesize); } } } else { /// Do not byteserve (disabled, strings, text and html files). header('Accept-Ranges: none'); } } else { // Do not cache files in proxies and browsers if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431 header('Cache-Control: max-age=10'); header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT'); header('Pragma: '); } else { //normal http - prevent caching at all cost header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0'); header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT'); header('Pragma: no-cache'); } header('Accept-Ranges: none'); // Do not allow byteserving when caching disabled } if (empty($filter)) { $filtered = false; if ($mimetype == 'text/html' && !empty($CFG->usesid)) { //cookieless mode - rewrite links header('Content-Type: text/html'); $text = $stored_file->get_content(); $text = sid_ob_rewrite($text); $filesize = strlen($text); $filtered = true; } else { if ($mimetype == 'text/plain') { header('Content-Type: Text/plain; charset=utf-8'); //add encoding } else { header('Content-Type: ' . $mimetype); } } header('Content-Length: ' . $filesize); //flush the buffers - save memory and disable sid rewrite //this also disables zlib compression prepare_file_content_sending(); // send the contents if ($filtered) { echo $text; } else { $stored_file->readfile(); } } else { // Try to put the file through filters if ($mimetype == 'text/html') { $options = new stdClass(); $options->noclean = true; $options->nocache = true; // temporary workaround for MDL-5136 $text = $stored_file->get_content(); $text = file_modify_html_header($text); $output = format_text($text, FORMAT_HTML, $options, $COURSE->id); if (!empty($CFG->usesid)) { //cookieless mode - rewrite links $output = sid_ob_rewrite($output); } header('Content-Length: ' . strlen($output)); header('Content-Type: text/html'); //flush the buffers - save memory and disable sid rewrite //this also disables zlib compression prepare_file_content_sending(); // send the contents echo $output; } else { if ($mimetype == 'text/plain' and $filter == 1) { // only filter text if filter all files is selected $options = new stdClass(); $options->newlines = false; $options->noclean = true; $text = $stored_file->get_content(); $output = '<pre>' . format_text($text, FORMAT_MOODLE, $options, $COURSE->id) . '</pre>'; if (!empty($CFG->usesid)) { //cookieless mode - rewrite links $output = sid_ob_rewrite($output); } header('Content-Length: ' . strlen($output)); header('Content-Type: text/html; charset=utf-8'); //add encoding //flush the buffers - save memory and disable sid rewrite //this also disables zlib compression prepare_file_content_sending(); // send the contents echo $output; } else { // Just send it out raw header('Content-Length: ' . $filesize); header('Content-Type: ' . $mimetype); //flush the buffers - save memory and disable sid rewrite //this also disables zlib compression prepare_file_content_sending(); // send the contents $stored_file->readfile(); } } } if ($dontdie) { return; } die; //no more chars to output!!! }
/** * Handles the sending of file data to the user's browser, including support for * byteranges etc. * @param string $path Path of file on disk (including real filename), or actual content of file as string * @param string $filename Filename to send * @param int $lifetime Number of seconds before the file should expire from caches (default 24 hours) * @param int $filter 0 (default)=no filtering, 1=all files, 2=html files only * @param bool $pathisstring If true (default false), $path is the content to send and not the pathname * @param bool $forcedownload If true (default false), forces download of file rather than view in browser/plugin * @param string $mimetype Include to specify the MIME type; leave blank to have it guess the type from $filename */ function send_file($path, $filename, $lifetime = 'default', $filter = 0, $pathisstring = false, $forcedownload = false, $mimetype = '') { global $CFG, $COURSE, $SESSION; // MDL-11789, apply $CFG->filelifetime here if ($lifetime === 'default') { if (!empty($CFG->filelifetime)) { $lifetime = $CFG->filelifetime; } else { $lifetime = 86400; } } // Use given MIME type if specified, otherwise guess it using mimeinfo. // IE, Konqueror and Opera open html file directly in browser from web even when directed to save it to disk :-O // only Firefox saves all files locally before opening when content-disposition: attachment stated $isFF = check_browser_version('Firefox', '1.5'); // only FF > 1.5 properly tested $mimetype = ($forcedownload and !$isFF) ? 'application/x-forcedownload' : ($mimetype ? $mimetype : mimeinfo('type', $filename)); // If the file is a Flash file and that the user flash player is outdated return a flash upgrader MDL-20841 if (!empty($CFG->excludeoldflashclients) && $mimetype == 'application/x-shockwave-flash' && !empty($SESSION->flashversion)) { $userplayerversion = explode('.', $SESSION->flashversion); $requiredplayerversion = explode('.', $CFG->excludeoldflashclients); if ($userplayerversion[0] < $requiredplayerversion[0] || $userplayerversion[0] == $requiredplayerversion[0] && $userplayerversion[1] < $requiredplayerversion[1] || $userplayerversion[0] == $requiredplayerversion[0] && $userplayerversion[1] == $requiredplayerversion[1] && $userplayerversion[2] < $requiredplayerversion[2]) { $path = $CFG->dirroot . "/lib/flashdetect/flashupgrade.swf"; // Alternate content asking user to upgrade Flash $filename = "flashupgrade.swf"; $lifetime = 0; // Do not cache } } $lastmodified = $pathisstring ? time() : filemtime($path); $filesize = $pathisstring ? strlen($path) : filesize($path); /* - MDL-13949 //Adobe Acrobat Reader XSS prevention if ($mimetype=='application/pdf' or mimeinfo('type', $filename)=='application/pdf') { //please note that it prevents opening of pdfs in browser when http referer disabled //or file linked from another site; browser caching of pdfs is now disabled too if (!empty($_SERVER['HTTP_RANGE'])) { //already byteserving $lifetime = 1; // >0 needed for byteserving } else if (empty($_SERVER['HTTP_REFERER']) or strpos($_SERVER['HTTP_REFERER'], $CFG->wwwroot)!==0) { $mimetype = 'application/x-forcedownload'; $forcedownload = true; $lifetime = 0; } else { $lifetime = 1; // >0 needed for byteserving } } */ //IE compatibiltiy HACK! if (ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } //try to disable automatic sid rewrite in cookieless mode @ini_set("session.use_trans_sid", "false"); //do not put '@' before the next header to detect incorrect moodle configurations, //error should be better than "weird" empty lines for admins/users //TODO: should we remove all those @ before the header()? Are all of the values supported on all servers? header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastmodified) . ' GMT'); // if user is using IE, urlencode the filename so that multibyte file name will show up correctly on popup if (check_browser_version('MSIE')) { $filename = rawurlencode($filename); } if ($forcedownload) { @header('Content-Disposition: attachment; filename="' . $filename . '"'); } else { @header('Content-Disposition: inline; filename="' . $filename . '"'); } if ($lifetime > 0) { @header('Cache-Control: max-age=' . $lifetime); @header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT'); @header('Pragma: '); if (empty($CFG->disablebyteserving) && !$pathisstring && $mimetype != 'text/plain' && $mimetype != 'text/html') { @header('Accept-Ranges: bytes'); if (!empty($_SERVER['HTTP_RANGE']) && strpos($_SERVER['HTTP_RANGE'], 'bytes=') !== FALSE) { // byteserving stuff - for acrobat reader and download accelerators // see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35 // inspired by: http://www.coneural.org/florian/papers/04_byteserving.php $ranges = false; if (preg_match_all('/(\\d*)-(\\d*)/', $_SERVER['HTTP_RANGE'], $ranges, PREG_SET_ORDER)) { foreach ($ranges as $key => $value) { if ($ranges[$key][1] == '') { //suffix case $ranges[$key][1] = $filesize - $ranges[$key][2]; $ranges[$key][2] = $filesize - 1; } else { if ($ranges[$key][2] == '' || $ranges[$key][2] > $filesize - 1) { //fix range length $ranges[$key][2] = $filesize - 1; } } if ($ranges[$key][2] != '' && $ranges[$key][2] < $ranges[$key][1]) { //invalid byte-range ==> ignore header $ranges = false; break; } //prepare multipart header $ranges[$key][0] = "\r\n--" . BYTESERVING_BOUNDARY . "\r\nContent-Type: {$mimetype}\r\n"; $ranges[$key][0] .= "Content-Range: bytes {$ranges[$key][1]}-{$ranges[$key][2]}/{$filesize}\r\n\r\n"; } } else { $ranges = false; } if ($ranges) { byteserving_send_file($path, $mimetype, $ranges); } } } else { /// Do not byteserve (disabled, strings, text and html files). @header('Accept-Ranges: none'); } } else { // Do not cache files in proxies and browsers if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431 @header('Cache-Control: max-age=10'); @header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT'); @header('Pragma: '); } else { //normal http - prevent caching at all cost @header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0'); @header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT'); @header('Pragma: no-cache'); } @header('Accept-Ranges: none'); // Do not allow byteserving when caching disabled } if (empty($filter)) { if ($mimetype == 'text/html' && !empty($CFG->usesid) && empty($_COOKIE['MoodleSession' . $CFG->sessioncookie])) { //cookieless mode - rewrite links @header('Content-Type: text/html'); $path = $pathisstring ? $path : implode('', file($path)); $path = sid_ob_rewrite($path); $filesize = strlen($path); $pathisstring = true; } else { if ($mimetype == 'text/plain') { @header('Content-Type: Text/plain; charset=utf-8'); //add encoding } else { @header('Content-Type: ' . $mimetype); } } @header('Content-Length: ' . $filesize); while (@ob_end_flush()) { } //flush the buffers - save memory and disable sid rewrite if ($pathisstring) { echo $path; } else { readfile_chunked($path); } } else { // Try to put the file through filters if ($mimetype == 'text/html') { $options = new object(); $options->noclean = true; $options->nocache = true; // temporary workaround for MDL-5136 $text = $pathisstring ? $path : implode('', file($path)); $text = file_modify_html_header($text); $output = format_text($text, FORMAT_HTML, $options, $COURSE->id); if (!empty($CFG->usesid) && empty($_COOKIE['MoodleSession' . $CFG->sessioncookie])) { //cookieless mode - rewrite links $output = sid_ob_rewrite($output); } @header('Content-Length: ' . strlen($output)); @header('Content-Type: text/html'); while (@ob_end_flush()) { } //flush the buffers - save memory and disable sid rewrite echo $output; // only filter text if filter all files is selected } else { if ($mimetype == 'text/plain' and $filter == 1) { $options = new object(); $options->newlines = false; $options->noclean = true; $text = htmlentities($pathisstring ? $path : implode('', file($path))); $output = '<pre>' . format_text($text, FORMAT_MOODLE, $options, $COURSE->id) . '</pre>'; if (!empty($CFG->usesid) && empty($_COOKIE['MoodleSession' . $CFG->sessioncookie])) { //cookieless mode - rewrite links $output = sid_ob_rewrite($output); } @header('Content-Length: ' . strlen($output)); @header('Content-Type: text/html; charset=utf-8'); //add encoding while (@ob_end_flush()) { } //flush the buffers - save memory and disable sid rewrite echo $output; } else { // Just send it out raw @header('Content-Length: ' . $filesize); @header('Content-Type: ' . $mimetype); while (@ob_end_flush()) { } //flush the buffers - save memory and disable sid rewrite if ($pathisstring) { echo $path; } else { readfile_chunked($path); } } } } die; //no more chars to output!!! }