Пример #1
0
/**
 * Handles the sending of file data to the user's browser, including support for
 * byteranges etc.
 *
 * @global object
 * @global object
 * @global object
 * @param object $stored_file local file object
 * @param int $lifetime Number of seconds before the file should expire from caches (default 24 hours)
 * @param int $filter 0 (default)=no filtering, 1=all files, 2=html files only
 * @param bool $forcedownload If true (default false), forces download of file rather than view in browser/plugin
 * @param string $filename Override filename
 * @param bool $dontdie - return control to caller afterwards. this is not recommended and only used for cleanup tasks.
 *                        if this is passed as true, ignore_user_abort is called.  if you don't want your processing to continue on cancel,
 *                        you must detect this case when control is returned using connection_aborted. Please not that session is closed
 *                        and should not be reopened.
 * @return void no return or void, script execution stopped unless $dontdie is true
 */
function send_stored_file($stored_file, $lifetime = 86400, $filter = 0, $forcedownload = false, $filename = null, $dontdie = false)
{
    global $CFG, $COURSE, $SESSION;
    if (!$stored_file or $stored_file->is_directory()) {
        // nothing to serve
        if ($dontdie) {
            return;
        }
        die;
    }
    if ($dontdie) {
        ignore_user_abort(true);
    }
    session_get_instance()->write_close();
    // unlock session during fileserving
    // Use given MIME type if specified, otherwise guess it using mimeinfo.
    // IE, Konqueror and Opera open html file directly in browser from web even when directed to save it to disk :-O
    // only Firefox saves all files locally before opening when content-disposition: attachment stated
    $filename = is_null($filename) ? $stored_file->get_filename() : $filename;
    $isFF = check_browser_version('Firefox', '1.5');
    // only FF > 1.5 properly tested
    $mimetype = ($forcedownload and !$isFF) ? 'application/x-forcedownload' : ($stored_file->get_mimetype() ? $stored_file->get_mimetype() : mimeinfo('type', $filename));
    $lastmodified = $stored_file->get_timemodified();
    $filesize = $stored_file->get_filesize();
    //try to disable automatic sid rewrite in cookieless mode
    @ini_set("session.use_trans_sid", "false");
    if ($lifetime > 0 && !empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
        // get unixtime of request header; clip extra junk off first
        $since = strtotime(preg_replace('/;.*$/', '', $_SERVER["HTTP_IF_MODIFIED_SINCE"]));
        if ($since && $since >= $lastmodified) {
            header('HTTP/1.1 304 Not Modified');
            header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT');
            header('Cache-Control: max-age=' . $lifetime);
            header('Content-Type: ' . $mimetype);
            if ($dontdie) {
                return;
            }
            die;
        }
    }
    //do not put '@' before the next header to detect incorrect moodle configurations,
    //error should be better than "weird" empty lines for admins/users
    //TODO: should we remove all those @ before the header()? Are all of the values supported on all servers?
    header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastmodified) . ' GMT');
    // if user is using IE, urlencode the filename so that multibyte file name will show up correctly on popup
    if (check_browser_version('MSIE')) {
        $filename = rawurlencode($filename);
    }
    if ($forcedownload) {
        header('Content-Disposition: attachment; filename="' . $filename . '"');
    } else {
        header('Content-Disposition: inline; filename="' . $filename . '"');
    }
    if ($lifetime > 0) {
        header('Cache-Control: max-age=' . $lifetime);
        header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT');
        header('Pragma: ');
        if (empty($CFG->disablebyteserving) && $mimetype != 'text/plain' && $mimetype != 'text/html') {
            header('Accept-Ranges: bytes');
            if (!empty($_SERVER['HTTP_RANGE']) && strpos($_SERVER['HTTP_RANGE'], 'bytes=') !== FALSE) {
                // byteserving stuff - for acrobat reader and download accelerators
                // see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
                // inspired by: http://www.coneural.org/florian/papers/04_byteserving.php
                $ranges = false;
                if (preg_match_all('/(\\d*)-(\\d*)/', $_SERVER['HTTP_RANGE'], $ranges, PREG_SET_ORDER)) {
                    foreach ($ranges as $key => $value) {
                        if ($ranges[$key][1] == '') {
                            //suffix case
                            $ranges[$key][1] = $filesize - $ranges[$key][2];
                            $ranges[$key][2] = $filesize - 1;
                        } else {
                            if ($ranges[$key][2] == '' || $ranges[$key][2] > $filesize - 1) {
                                //fix range length
                                $ranges[$key][2] = $filesize - 1;
                            }
                        }
                        if ($ranges[$key][2] != '' && $ranges[$key][2] < $ranges[$key][1]) {
                            //invalid byte-range ==> ignore header
                            $ranges = false;
                            break;
                        }
                        //prepare multipart header
                        $ranges[$key][0] = "\r\n--" . BYTESERVING_BOUNDARY . "\r\nContent-Type: {$mimetype}\r\n";
                        $ranges[$key][0] .= "Content-Range: bytes {$ranges[$key][1]}-{$ranges[$key][2]}/{$filesize}\r\n\r\n";
                    }
                } else {
                    $ranges = false;
                }
                if ($ranges) {
                    byteserving_send_file($stored_file->get_content_file_handle(), $mimetype, $ranges, $filesize);
                }
            }
        } else {
            /// Do not byteserve (disabled, strings, text and html files).
            header('Accept-Ranges: none');
        }
    } else {
        // Do not cache files in proxies and browsers
        if (strpos($CFG->wwwroot, 'https://') === 0) {
            //https sites - watch out for IE! KB812935 and KB316431
            header('Cache-Control: max-age=10');
            header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
            header('Pragma: ');
        } else {
            //normal http - prevent caching at all cost
            header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
            header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
            header('Pragma: no-cache');
        }
        header('Accept-Ranges: none');
        // Do not allow byteserving when caching disabled
    }
    if (empty($filter)) {
        $filtered = false;
        if ($mimetype == 'text/html' && !empty($CFG->usesid)) {
            //cookieless mode - rewrite links
            header('Content-Type: text/html');
            $text = $stored_file->get_content();
            $text = sid_ob_rewrite($text);
            $filesize = strlen($text);
            $filtered = true;
        } else {
            if ($mimetype == 'text/plain') {
                header('Content-Type: Text/plain; charset=utf-8');
                //add encoding
            } else {
                header('Content-Type: ' . $mimetype);
            }
        }
        header('Content-Length: ' . $filesize);
        //flush the buffers - save memory and disable sid rewrite
        //this also disables zlib compression
        prepare_file_content_sending();
        // send the contents
        if ($filtered) {
            echo $text;
        } else {
            $stored_file->readfile();
        }
    } else {
        // Try to put the file through filters
        if ($mimetype == 'text/html') {
            $options = new stdClass();
            $options->noclean = true;
            $options->nocache = true;
            // temporary workaround for MDL-5136
            $text = $stored_file->get_content();
            $text = file_modify_html_header($text);
            $output = format_text($text, FORMAT_HTML, $options, $COURSE->id);
            if (!empty($CFG->usesid)) {
                //cookieless mode - rewrite links
                $output = sid_ob_rewrite($output);
            }
            header('Content-Length: ' . strlen($output));
            header('Content-Type: text/html');
            //flush the buffers - save memory and disable sid rewrite
            //this also disables zlib compression
            prepare_file_content_sending();
            // send the contents
            echo $output;
        } else {
            if ($mimetype == 'text/plain' and $filter == 1) {
                // only filter text if filter all files is selected
                $options = new stdClass();
                $options->newlines = false;
                $options->noclean = true;
                $text = $stored_file->get_content();
                $output = '<pre>' . format_text($text, FORMAT_MOODLE, $options, $COURSE->id) . '</pre>';
                if (!empty($CFG->usesid)) {
                    //cookieless mode - rewrite links
                    $output = sid_ob_rewrite($output);
                }
                header('Content-Length: ' . strlen($output));
                header('Content-Type: text/html; charset=utf-8');
                //add encoding
                //flush the buffers - save memory and disable sid rewrite
                //this also disables zlib compression
                prepare_file_content_sending();
                // send the contents
                echo $output;
            } else {
                // Just send it out raw
                header('Content-Length: ' . $filesize);
                header('Content-Type: ' . $mimetype);
                //flush the buffers - save memory and disable sid rewrite
                //this also disables zlib compression
                prepare_file_content_sending();
                // send the contents
                $stored_file->readfile();
            }
        }
    }
    if ($dontdie) {
        return;
    }
    die;
    //no more chars to output!!!
}
Пример #2
0
/**
 * Handles the sending of file data to the user's browser, including support for
 * byteranges etc.
 * @param string $path Path of file on disk (including real filename), or actual content of file as string
 * @param string $filename Filename to send
 * @param int $lifetime Number of seconds before the file should expire from caches (default 24 hours)
 * @param int $filter 0 (default)=no filtering, 1=all files, 2=html files only
 * @param bool $pathisstring If true (default false), $path is the content to send and not the pathname
 * @param bool $forcedownload If true (default false), forces download of file rather than view in browser/plugin
 * @param string $mimetype Include to specify the MIME type; leave blank to have it guess the type from $filename
 */
function send_file($path, $filename, $lifetime = 'default', $filter = 0, $pathisstring = false, $forcedownload = false, $mimetype = '')
{
    global $CFG, $COURSE, $SESSION;
    // MDL-11789, apply $CFG->filelifetime here
    if ($lifetime === 'default') {
        if (!empty($CFG->filelifetime)) {
            $lifetime = $CFG->filelifetime;
        } else {
            $lifetime = 86400;
        }
    }
    // Use given MIME type if specified, otherwise guess it using mimeinfo.
    // IE, Konqueror and Opera open html file directly in browser from web even when directed to save it to disk :-O
    // only Firefox saves all files locally before opening when content-disposition: attachment stated
    $isFF = check_browser_version('Firefox', '1.5');
    // only FF > 1.5 properly tested
    $mimetype = ($forcedownload and !$isFF) ? 'application/x-forcedownload' : ($mimetype ? $mimetype : mimeinfo('type', $filename));
    // If the file is a Flash file and that the user flash player is outdated return a flash upgrader MDL-20841
    if (!empty($CFG->excludeoldflashclients) && $mimetype == 'application/x-shockwave-flash' && !empty($SESSION->flashversion)) {
        $userplayerversion = explode('.', $SESSION->flashversion);
        $requiredplayerversion = explode('.', $CFG->excludeoldflashclients);
        if ($userplayerversion[0] < $requiredplayerversion[0] || $userplayerversion[0] == $requiredplayerversion[0] && $userplayerversion[1] < $requiredplayerversion[1] || $userplayerversion[0] == $requiredplayerversion[0] && $userplayerversion[1] == $requiredplayerversion[1] && $userplayerversion[2] < $requiredplayerversion[2]) {
            $path = $CFG->dirroot . "/lib/flashdetect/flashupgrade.swf";
            // Alternate content asking user to upgrade Flash
            $filename = "flashupgrade.swf";
            $lifetime = 0;
            // Do not cache
        }
    }
    $lastmodified = $pathisstring ? time() : filemtime($path);
    $filesize = $pathisstring ? strlen($path) : filesize($path);
    /* - MDL-13949
        //Adobe Acrobat Reader XSS prevention
        if ($mimetype=='application/pdf' or mimeinfo('type', $filename)=='application/pdf') {
            //please note that it prevents opening of pdfs in browser when http referer disabled
            //or file linked from another site; browser caching of pdfs is now disabled too
            if (!empty($_SERVER['HTTP_RANGE'])) {
                //already byteserving
                $lifetime = 1; // >0 needed for byteserving
            } else if (empty($_SERVER['HTTP_REFERER']) or strpos($_SERVER['HTTP_REFERER'], $CFG->wwwroot)!==0) {
                $mimetype = 'application/x-forcedownload';
                $forcedownload = true;
                $lifetime = 0;
            } else {
                $lifetime = 1; // >0 needed for byteserving
            }
        }
    */
    //IE compatibiltiy HACK!
    if (ini_get('zlib.output_compression')) {
        ini_set('zlib.output_compression', 'Off');
    }
    //try to disable automatic sid rewrite in cookieless mode
    @ini_set("session.use_trans_sid", "false");
    //do not put '@' before the next header to detect incorrect moodle configurations,
    //error should be better than "weird" empty lines for admins/users
    //TODO: should we remove all those @ before the header()? Are all of the values supported on all servers?
    header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastmodified) . ' GMT');
    // if user is using IE, urlencode the filename so that multibyte file name will show up correctly on popup
    if (check_browser_version('MSIE')) {
        $filename = rawurlencode($filename);
    }
    if ($forcedownload) {
        @header('Content-Disposition: attachment; filename="' . $filename . '"');
    } else {
        @header('Content-Disposition: inline; filename="' . $filename . '"');
    }
    if ($lifetime > 0) {
        @header('Cache-Control: max-age=' . $lifetime);
        @header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $lifetime) . ' GMT');
        @header('Pragma: ');
        if (empty($CFG->disablebyteserving) && !$pathisstring && $mimetype != 'text/plain' && $mimetype != 'text/html') {
            @header('Accept-Ranges: bytes');
            if (!empty($_SERVER['HTTP_RANGE']) && strpos($_SERVER['HTTP_RANGE'], 'bytes=') !== FALSE) {
                // byteserving stuff - for acrobat reader and download accelerators
                // see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
                // inspired by: http://www.coneural.org/florian/papers/04_byteserving.php
                $ranges = false;
                if (preg_match_all('/(\\d*)-(\\d*)/', $_SERVER['HTTP_RANGE'], $ranges, PREG_SET_ORDER)) {
                    foreach ($ranges as $key => $value) {
                        if ($ranges[$key][1] == '') {
                            //suffix case
                            $ranges[$key][1] = $filesize - $ranges[$key][2];
                            $ranges[$key][2] = $filesize - 1;
                        } else {
                            if ($ranges[$key][2] == '' || $ranges[$key][2] > $filesize - 1) {
                                //fix range length
                                $ranges[$key][2] = $filesize - 1;
                            }
                        }
                        if ($ranges[$key][2] != '' && $ranges[$key][2] < $ranges[$key][1]) {
                            //invalid byte-range ==> ignore header
                            $ranges = false;
                            break;
                        }
                        //prepare multipart header
                        $ranges[$key][0] = "\r\n--" . BYTESERVING_BOUNDARY . "\r\nContent-Type: {$mimetype}\r\n";
                        $ranges[$key][0] .= "Content-Range: bytes {$ranges[$key][1]}-{$ranges[$key][2]}/{$filesize}\r\n\r\n";
                    }
                } else {
                    $ranges = false;
                }
                if ($ranges) {
                    byteserving_send_file($path, $mimetype, $ranges);
                }
            }
        } else {
            /// Do not byteserve (disabled, strings, text and html files).
            @header('Accept-Ranges: none');
        }
    } else {
        // Do not cache files in proxies and browsers
        if (strpos($CFG->wwwroot, 'https://') === 0) {
            //https sites - watch out for IE! KB812935 and KB316431
            @header('Cache-Control: max-age=10');
            @header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
            @header('Pragma: ');
        } else {
            //normal http - prevent caching at all cost
            @header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
            @header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
            @header('Pragma: no-cache');
        }
        @header('Accept-Ranges: none');
        // Do not allow byteserving when caching disabled
    }
    if (empty($filter)) {
        if ($mimetype == 'text/html' && !empty($CFG->usesid) && empty($_COOKIE['MoodleSession' . $CFG->sessioncookie])) {
            //cookieless mode - rewrite links
            @header('Content-Type: text/html');
            $path = $pathisstring ? $path : implode('', file($path));
            $path = sid_ob_rewrite($path);
            $filesize = strlen($path);
            $pathisstring = true;
        } else {
            if ($mimetype == 'text/plain') {
                @header('Content-Type: Text/plain; charset=utf-8');
                //add encoding
            } else {
                @header('Content-Type: ' . $mimetype);
            }
        }
        @header('Content-Length: ' . $filesize);
        while (@ob_end_flush()) {
        }
        //flush the buffers - save memory and disable sid rewrite
        if ($pathisstring) {
            echo $path;
        } else {
            readfile_chunked($path);
        }
    } else {
        // Try to put the file through filters
        if ($mimetype == 'text/html') {
            $options = new object();
            $options->noclean = true;
            $options->nocache = true;
            // temporary workaround for MDL-5136
            $text = $pathisstring ? $path : implode('', file($path));
            $text = file_modify_html_header($text);
            $output = format_text($text, FORMAT_HTML, $options, $COURSE->id);
            if (!empty($CFG->usesid) && empty($_COOKIE['MoodleSession' . $CFG->sessioncookie])) {
                //cookieless mode - rewrite links
                $output = sid_ob_rewrite($output);
            }
            @header('Content-Length: ' . strlen($output));
            @header('Content-Type: text/html');
            while (@ob_end_flush()) {
            }
            //flush the buffers - save memory and disable sid rewrite
            echo $output;
            // only filter text if filter all files is selected
        } else {
            if ($mimetype == 'text/plain' and $filter == 1) {
                $options = new object();
                $options->newlines = false;
                $options->noclean = true;
                $text = htmlentities($pathisstring ? $path : implode('', file($path)));
                $output = '<pre>' . format_text($text, FORMAT_MOODLE, $options, $COURSE->id) . '</pre>';
                if (!empty($CFG->usesid) && empty($_COOKIE['MoodleSession' . $CFG->sessioncookie])) {
                    //cookieless mode - rewrite links
                    $output = sid_ob_rewrite($output);
                }
                @header('Content-Length: ' . strlen($output));
                @header('Content-Type: text/html; charset=utf-8');
                //add encoding
                while (@ob_end_flush()) {
                }
                //flush the buffers - save memory and disable sid rewrite
                echo $output;
            } else {
                // Just send it out raw
                @header('Content-Length: ' . $filesize);
                @header('Content-Type: ' . $mimetype);
                while (@ob_end_flush()) {
                }
                //flush the buffers - save memory and disable sid rewrite
                if ($pathisstring) {
                    echo $path;
                } else {
                    readfile_chunked($path);
                }
            }
        }
    }
    die;
    //no more chars to output!!!
}