function combo_params() { if (isset($_SERVER['QUERY_STRING']) and strpos($_SERVER['QUERY_STRING'], 'file=/') === 0) { // url rewriting $slashargument = substr($_SERVER['QUERY_STRING'], 6); return array($slashargument, true); } else if (isset($_SERVER['REQUEST_URI']) and strpos($_SERVER['REQUEST_URI'], '?') !== false) { $parts = explode('?', $_SERVER['REQUEST_URI'], 2); return array($parts[1], false); } else if (isset($_SERVER['QUERY_STRING']) and strpos($_SERVER['QUERY_STRING'], '?') !== false) { // note: buggy or misconfigured IIS does return the query string in REQUEST_URI return array($_SERVER['QUERY_STRING'], false); } else if ($slashargument = min_get_slash_argument()) { $slashargument = ltrim($slashargument, '/'); return array($slashargument, true); } else { // unsupported server, sorry! combo_not_found('Unsupported server - query string can not be determined, try disabling YUI combo loading in admin settings.'); } }
/** * Test fail-safe minimalistic slashargument processing. */ public function test_min_get_slash_argument() { global $CFG; $this->resetAfterTest(); $this->assertEquals('http://www.example.com/moodle', $CFG->wwwroot); $_SERVER = array(); $_SERVER['SERVER_SOFTWARE'] = 'Apache/2.2.22 (Unix)'; $_SERVER['QUERY_STRING'] = 'theme=standard&component=core&rev=5&image=u/f1'; $_SERVER['REQUEST_URI'] = '/moodle/theme/image.php?theme=standard&component=core&rev=5&image=u/f1'; $_SERVER['SCRIPT_NAME'] = '/moodle/theme/image.php'; $this->assertSame('', min_get_slash_argument()); $_SERVER = array(); $_SERVER['SERVER_SOFTWARE'] = 'Apache/2.2.22 (Unix)'; $_SERVER['QUERY_STRING'] = ''; $_SERVER['REQUEST_URI'] = '/moodle/theme/image.php/standard/core/5/u/f1'; $_SERVER['PATH_INFO'] = '/standard/core/5/u/f1'; $_SERVER['SCRIPT_NAME'] = '/moodle/theme/image.php'; $_GET = array(); $this->assertSame('/standard/core/5/u/f1', min_get_slash_argument()); // IIS no url rewriting. $_SERVER = array(); $_SERVER['SERVER_SOFTWARE'] = 'Microsoft-IIS/7.0'; $_SERVER['QUERY_STRING'] = ''; $_SERVER['REQUEST_URI'] = '/moodle/theme/image.php/standard/core/5/u/f1'; $_SERVER['PATH_INFO'] = '/standard/core/5/u/f1'; $_SERVER['SCRIPT_NAME'] = '/moodle/theme/image.php'; $_GET = array(); $this->assertSame('/standard/core/5/u/f1', min_get_slash_argument()); // IIS with url rewriting. $_SERVER = array(); $_SERVER['SERVER_SOFTWARE'] = 'Microsoft-IIS/7.0'; $_SERVER['QUERY_STRING'] = 'file=/standard/core/5/u/f1'; $_SERVER['REQUEST_URI'] = '/moodle/theme/image.php/standard/core/5/u/f1'; $_SERVER['PATH_INFO'] = '/'; $_SERVER['SCRIPT_NAME'] = '/moodle/theme/image.php'; $_GET = array(); $_GET['file'] = '/standard/core/5/u/f1'; $this->assertSame('/standard/core/5/u/f1', min_get_slash_argument()); $_SERVER = array(); $_SERVER['SERVER_SOFTWARE'] = 'Weird server'; $_SERVER['QUERY_STRING'] = ''; $_SERVER['REQUEST_URI'] = '/moodle/theme/image.php/standard/core/5/u/f1'; $_SERVER['PATH_INFO'] = '/moodle/theme/image.php/standard/core/5/u/f1'; $_SERVER['SCRIPT_NAME'] = '/moodle/theme/image.php'; $_GET = array(); $this->assertSame('/standard/core/5/u/f1', min_get_slash_argument()); $_SERVER = array(); $_SERVER['SERVER_SOFTWARE'] = 'Hacker server'; $_SERVER['QUERY_STRING'] = ''; $_SERVER['REQUEST_URI'] = '/moodle/theme/image.php/standard/core/5/u/f1'; $_SERVER['PATH_INFO'] = '/moodle/theme/image.php/standard\\core/..\\../5/u/f1'; $_SERVER['SCRIPT_NAME'] = '/moodle/theme/image.php'; $_GET = array(); // Windows dir separators are removed, multiple ... gets collapsed to one . $this->assertSame('/standardcore/./5/u/f1', min_get_slash_argument()); }
* * @package core * @copyright 2009 Petr Skoda (skodak) {@link http://skodak.org} * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ // disable moodle specific debug messages and any errors in output, // comment out when debugging or better look into error log! define('NO_DEBUG_DISPLAY', true); // we need just the values from config.php and minlib.php define('ABORT_AFTER_CONFIG', true); require('../config.php'); // this stops immediately at the beginning of lib/setup.php if ($slashargument = min_get_slash_argument()) { $path = ltrim($slashargument, '/'); } else { $path = min_optional_param('file', '', 'SAFEPATH'); } $etag = sha1($path); $parts = explode('/', $path); $version = array_shift($parts); if ($version == 'moodle' && count($parts) >= 3) { if (!defined('ABORT_AFTER_CONFIG_CANCEL')) { define('ABORT_AFTER_CONFIG_CANCEL', true); define('NO_UPGRADE_CHECK', true); define('NO_MOODLE_COOKIES', true); require($CFG->libdir.'/setup.php'); }
/** * Test fail-safe minimalistic slashargument processing. */ public function min_get_slash_argument() { global $CFG; $this->resetAfterTest(); $this->assertEquals('http://www.example.com/moode', $CFG->wwwroot); $_SERVER = array(); $_SERVER['SERVER_SOFTWARE'] = 'Apache/2.2.22 (Unix)'; $_SERVER['QUERY_STRING'] = 'theme=standard&component=core&rev=5&image=u/f1'; $_SEREVR['REQUEST_URI'] = '/moodle/theme/image.php?theme=standard&component=core&rev=5&image=u/f1'; $_SERVER['SCRIPT_NAME'] = '/moodle/theme/image.php'; $this->assertSame('', min_get_slash_argument()); $_SERVER = array(); $_SERVER['SERVER_SOFTWARE'] = 'Apache/2.2.22 (Unix)'; $_SERVER['QUERY_STRING'] = ''; $_SEREVR['REQUEST_URI'] = '/moodle/theme/image.php/standard/core/5/u/f1'; $_SERVER['PATH_INFO'] = '/standard/core/5/u/f1'; $_SERVER['SCRIPT_NAME'] = '/moodle/theme/image.php'; $_GET = array(); $this->assertSame('/standard/core/5/u/f1', min_get_slash_argument()); // IIS no url rewriting $_SERVER = array(); $_SERVER['SERVER_SOFTWARE'] = 'Microsoft-IIS/7.0'; $_SERVER['QUERY_STRING'] = ''; $_SEREVR['REQUEST_URI'] = '/moodle/theme/image.php/standard/core/5/u/f1'; $_SERVER['PATH_INFO'] = '/standard/core/5/u/f1'; $_SERVER['SCRIPT_NAME'] = '/moodle/theme/image.php'; $_GET = array(); $this->assertSame('/standard/core/5/u/f1', min_get_slash_argument()); // IIS with url rewriting $_SERVER = array(); $_SERVER['SERVER_SOFTWARE'] = 'Microsoft-IIS/7.0'; $_SERVER['QUERY_STRING'] = 'file=/standard/core/5/u/f1'; $_SEREVR['REQUEST_URI'] = '/moodle/theme/image.php/standard/core/5/u/f1'; $_SERVER['PATH_INFO'] = '/'; $_SERVER['SCRIPT_NAME'] = '/moodle/theme/image.php'; $_GET = array(); $_GET['file'] = '/standard/core/5/u/f1'; $this->assertSame('/standard/core/5/u/f1', min_get_slash_argument()); $_SERVER = array(); $_SERVER['SERVER_SOFTWARE'] = 'Weird server'; $_SERVER['QUERY_STRING'] = ''; $_SEREVR['REQUEST_URI'] = '/moodle/theme/image.php/standard/core/5/u/f1'; $_SERVER['PATH_INFO'] = '/moodle/theme/image.php/standard/core/5/u/f1'; $_SERVER['SCRIPT_NAME'] = '/moodle/theme/image.php'; $_GET = array(); $this->assertSame('/standard/core/5/u/f1', min_get_slash_argument()); }