コード例 #1
0
navigation_node::override_active_url(new moodle_url('/local/amos/stage.php'));
$PAGE->set_title('AMOS ' . get_string('importfile', 'local_amos'));
$PAGE->set_heading('AMOS ' . get_string('importfile', 'local_amos'));
$importform = new local_amos_importfile_form(null, local_amos_importfile_options());
if ($data = $importform->get_data() and has_capability('local/amos:stage', get_system_context())) {
    $tmpdir = $CFG->dataroot . '/amos/temp/import-uploads/' . $USER->id;
    check_dir_exists($tmpdir);
    $filenameorig = basename($importform->get_new_filename('importfile'));
    $filename = $filenameorig . '-' . md5(time() . '-' . $USER->id . '-' . random_string(20));
    $pathname = $tmpdir . '/' . $filename;
    if ($importform->save_file('importfile', $pathname)) {
        if (substr($filenameorig, -4) === '.php') {
            $name = mlang_component::name_from_filename($filenameorig);
            $version = mlang_version::by_code($data->version);
            $component = new mlang_component($name, $data->language, $version);
            $parser = mlang_parser_factory::get_parser('php');
            try {
                $parser->parse(file_get_contents($pathname), $component);
            } catch (mlang_parser_exception $e) {
                notice($e->getMessage(), new moodle_url('/local/amos/stage.php'));
            }
            $encomponent = mlang_component::from_snapshot($component->name, 'en', $version);
            $component->intersect($encomponent);
            if (!$component->has_string()) {
                notice(get_string('nostringtoimport', 'local_amos'), new moodle_url('/local/amos/stage.php'));
            }
            $stage = mlang_persistent_stage::instance_for_user($USER->id, sesskey());
            $stage->add($component, true);
            $stage->store();
            mlang_stash::autosave($stage);
        } else {
コード例 #2
0
 public function test_php_parser_security_variable_expansion()
 {
     // security issues
     $parser = mlang_parser_factory::get_parser('php');
     $data = '<?php $string[\'dbpass\'] = $CFG->dbpass;';
     // this would give the user sensitive data about AMOS portal
     $component = new mlang_component('test', 'xx', mlang_version::by_branch('MOODLE_20_STABLE'));
     $this->expectException('mlang_parser_exception');
     $parser->parse($data, $component);
 }