/**
* This method parses the $_POST and $_GET superglobals and looks for the following information:
* - User authentication parameters:
* - Username + password (wsusername and wspassword), or
* - Token (wstoken)
*/
protected function parse_request()
{
// Retrieve and clean the POST/GET parameters from the parameters specific to the server.
parent::set_web_service_call_settings();
if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) {
$this->username = optional_param('wsusername', null, PARAM_RAW);
$this->password = optional_param('wspassword', null, PARAM_RAW);
if (!$this->username or !$this->password) {
// Workaround for the trouble with & in soap urls.
$authdata = get_file_argument();
$authdata = explode('/', trim($authdata, '/'));
if (count($authdata) == 2) {
list($this->username, $this->password) = $authdata;
}
}
$this->serverurl = new moodle_url('/webservice/soap/simpleserver.php/' . $this->username . '/' . $this->password);
} else {
$this->token = optional_param('wstoken', null, PARAM_RAW);
$this->serverurl = new moodle_url('/webservice/soap/server.php');
$this->serverurl->param('wstoken', $this->token);
}
if ($wsdl = optional_param('wsdl', 0, PARAM_INT)) {
$this->wsdlmode = true;
}
}
/**
* Run REST server
*/
public function run()
{
$enable = $this->get_enable();
if (empty($enable)) {
die;
}
require_once 'locallib.php';
//retrieve path and function name from the URL
$rest_arguments = get_file_argument('server.php');
header("Content-type: text/xml");
echo call_moodle_function($rest_arguments);
}
// It might be better to move the code to separate file because the access
// control is quite complex - see bolg/index.php
require_once '../../../config.php';
require_once '../../../lib/filelib.php';
// eMail - Toni Mas
require_once $CFG->dirroot . '/blocks/email_list/email/email.class.php';
// Alert! FIXME
if (!isset($CFG->filelifetime)) {
$lifetime = 86400;
// Seconds for files to remain in caches
} else {
$lifetime = $CFG->filelifetime;
}
// disable moodle specific debug messages
disable_debugging();
$relativepath = get_file_argument('file.php');
$forcedownload = optional_param('forcedownload', 0, PARAM_BOOL);
// relative path must start with '/', because of backup/restore!!!
if (!$relativepath) {
error('No valid arguments supplied or incorrect server configuration');
} else {
if ($relativepath[0] != '/') {
error('No valid arguments supplied, path does not start with slash!');
}
}
$pathname = $CFG->dataroot . $relativepath;
// extract relative path components
$args = explode('/', trim($relativepath, '/'));
if (count($args) == 0) {
// always at least courseid, may search for index.html in course root
error('No valid arguments supplied');
<?php
require_once '../../config.php';
require_once $CFG->libdir . '/filelib.php';
require_once 'lib.php';
disable_debugging();
$argument = get_file_argument('pic.php');
$thumb = optional_param('thumb', 0, PARAM_BOOL);
$forcedownload = optional_param('forcedownload', 0, PARAM_BOOL);
if (!$argument) {
error('No valid arguments supplied or incorrect server configuration');
} else {
if ($argument[0] != '/') {
error('No valid arguments supplied, path does not start with slash!');
}
}
$args = explode('/', trim($argument, '/'));
if (count($args) < 2) {
error('Not enough valid arguments supplied');
}
if (!($gallery = get_record('lightboxgallery', 'id', $args[0]))) {
error('Course module is incorrect');
}
if (!($course = get_record('course', 'id', $gallery->course))) {
error('Course is misconfigured');
}
if (!($gallery->ispublic || lightboxgallery_rss_enabled() && $gallery->rss)) {
require_login($course->id);
}
$filename = clean_param($args[1], PARAM_PATH);
if ($thumb) {
/**
* This method parses the $_POST and $_GET superglobals and looks for
* the following information:
* user authentication - username+password or token (wsusername, wspassword and wstoken parameters)
*/
protected function parse_request()
{
parent::parse_request();
if (!$this->username or !$this->password) {
//note: this is the workaround for the trouble with & in soap urls
$authdata = get_file_argument();
$authdata = explode('/', trim($authdata, '/'));
if (count($authdata) == 2) {
list($this->username, $this->password) = $authdata;
}
}
}
<?php
// based on /user/pix.php
require_once '../../config.php';
require_once dirname(__FILE__) . '/dblib.php';
require_once $CFG->libdir . '/filelib.php';
if (!empty($CFG->forcelogin) and !isloggedin()) {
// protect images if login required and not logged in;
// do not use require_login() because it is expensive and not suitable here anyway
redirect('img/error.png');
}
// disable moodle specific debug messages
disable_debugging();
$relativepath = get_file_argument('download.php');
$args = explode('/', trim($relativepath, '/'));
if (count($args) == 2) {
$pathname = $CFG->dataroot . '/user/d0' . $relativepath;
$lifetime = 0;
/// Verify role assignment of the student in the specified course
$pos = strrpos($args[1], '.pdf');
$coursename = substr($args[1], 0, $pos);
$user = get_record('user', 'id', $args[0]);
if ($user === false) {
redirect('img/error.png');
}
$course = get_record('course', 'fullname', $coursename);
if ($course === false) {
redirect('img/error.png');
}
$validdip = get_record('diplome_diploma', 'userid', $user->id, 'courseid', $course->id);
$validra = get_valid_roleassign((int) $args[0], $course->id);
* requests are set to never expire from cache, to improve performance. Only
* files within the 'tinymce' folder of the plugin will be served.
*
* Note there are no access checks in this script - you do not have to be
* logged in to retrieve the plugin resource files.
*
* @package editor_tinymce
* @copyright 2012 The Open University
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
define('NO_MOODLE_COOKIES', true);
require_once '../../../../config.php';
require_once $CFG->dirroot . '/lib/filelib.php';
require_once $CFG->dirroot . '/lib/jslib.php';
// Safely get slash params (cleaned using PARAM_PATH, without /../).
$path = get_file_argument();
// Param must be of the form [plugin]/[version]/[path] where path is a relative
// path inside the plugin tinymce folder.
$matches = array();
if (!preg_match('~^/([a-z0-9_]+)/((?:[0-9.]+)|-1)(/.*)$~', $path, $matches)) {
print_error('filenotfound');
}
list($junk, $tinymceplugin, $version, $innerpath) = $matches;
// Note that version number is totally ignored, user can specify anything,
// except for the difference between '-1' and anything else.
// Check the file exists.
$pluginfolder = $CFG->dirroot . '/lib/editor/tinymce/plugins/' . $tinymceplugin;
$file = $pluginfolder . '/tinymce' . $innerpath;
if (!file_exists($file)) {
print_error('filenotfound');
}
// Syntax:
// Files in the portfolio:
// portfoliofile.php/files/$userid/$portfolioid/filename.ext
// Exported SCORM-File (user has to be logged in)
// portfoliofile.php/temp/export/$userid/filename.ext
require_once dirname(__FILE__) . '/inc.php';
require_once dirname(__FILE__) . '/lib/sharelib.php';
if (empty($CFG->filelifetime)) {
$lifetime = 86400;
// Seconds for files to remain in caches
} else {
$lifetime = $CFG->filelifetime;
}
// disable moodle specific debug messages
disable_debugging();
$relativepath = get_file_argument('portfoliofile.php');
// the check of the parameter to PARAM_PATH is executed inside get_file_argument
$access = optional_param('access', 0, PARAM_TEXT);
$itemid = optional_param('itemid', 0, PARAM_INT);
require_login();
if ($access && $itemid) {
$item = block_exabis_eportfolio_get_item($itemid, $access);
if (!$item || $item->type != 'file' || !$item->attachment) {
error('No valid arguments supplied');
}
$filepath = $CFG->dataroot . '/' . block_exabis_eportfolio_file_area_name($item) . '/' . $item->attachment;
} else {
if (!$relativepath) {
error('No valid arguments supplied or incorrect server configuration');
} else {
if ($relativepath[0] != '/') {
/**
* Run Zend SOAP server
* @global <type> $CFG
* @global <type> $USER
*/
public function run()
{
$enable = $this->get_enable();
if (empty($enable)) {
die;
}
global $CFG;
include "Zend/Loader.php";
Zend_Loader::registerAutoload();
// retrieve the token from the url
// if the token doesn't exist, set a class containing only get_token()
$token = optional_param('token', null, PARAM_ALPHANUM);
///this is a hack, because there is a bug in Zend framework (http://framework.zend.com/issues/browse/ZF-5736)
if (empty($token)) {
$relativepath = get_file_argument();
$args = explode('/', trim($relativepath, '/'));
if (count($args) == 2) {
$token = (int) $args[0];
$classpath = $args[1];
}
}
if (empty($token)) {
if (isset($_GET['wsdl'])) {
$autodiscover = new Zend_Soap_AutoDiscover();
/*
$autodiscover->setComplexTypeStrategy('Zend_Soap_Wsdl_Strategy_ArrayOfTypeComplex');
$autodiscover->setOperationBodyStyle(
array('use' => 'literal',
'namespace' => $CFG->wwwroot)
);
$autodiscover->setBindingStyle(
array('style' => 'rpc')
);
*/
$autodiscover->setClass('ws_authentication');
$autodiscover->handle();
} else {
$soap = new Zend_Soap_Server($CFG->wwwroot . "/webservice/soap/server.php?wsdl");
// this current file here
$soap->registerFaultException('moodle_exception');
$soap->setClass('ws_authentication');
$soap->handle();
}
} else {
// if token exist, do the authentication here
/// TODO: following function will need to be modified
$user = webservice_lib::mock_check_token($token);
if (empty($user)) {
throw new moodle_exception('wrongidentification');
} else {
/// TODO: probably change this
global $USER;
$USER = $user;
}
//retrieve the api name
if (empty($classpath)) {
$classpath = optional_param('classpath', null, PARAM_ALPHANUM);
}
require_once dirname(__FILE__) . '/../../' . $classpath . '/external.php';
/// run the server
if (isset($_GET['wsdl'])) {
$autodiscover = new Zend_Soap_AutoDiscover();
//this is a hack, because there is a bug in Zend framework (http://framework.zend.com/issues/browse/ZF-5736)
$autodiscover->setUri($CFG->wwwroot . "/webservice/soap/server.php/" . $token . "/" . $classpath);
$autodiscover->setClass($classpath . "_external");
$autodiscover->handle();
} else {
$soap = new Zend_Soap_Server($CFG->wwwroot . "/webservice/soap/server.php?token=" . $token . "&classpath=" . $classpath . "&wsdl");
// this current file here
$soap->setClass($classpath . "_external");
$soap->registerFaultException('moodle_exception');
$soap->handle();
}
}
}
function get_content()
{
global $CFG, $USER, $SITE, $COURSE;
if ($this->content !== NULL) {
return $this->content;
}
$pagename = optional_param('page', '', PARAM_FILE);
$pageid = optional_param('pid', 0, PARAM_INT);
if (defined('SITEID') && SITEID == $this->instance->pageid && $CFG->slasharguments) {
// Support sitelevel slasharguments
// in form /index.php/<pagename>
$relativepath = get_file_argument(basename($_SERVER['SCRIPT_FILENAME']));
if (preg_match("/^(\\/[a-z0-9\\_\\-]+)/i", $relativepath)) {
$args = explode("/", $relativepath);
$pagename = clean_param($args[1], PARAM_FILE);
}
unset($args, $relativepath);
}
// set menuid according to block configuration or if no menu has been configured yet use
// the first available menu if it exists
if (!empty($this->config->menu)) {
$menuid = intval($this->config->menu);
} else {
if ($menus = get_records('cmsnavi', 'course', $this->instance->pageid, 'id ASC')) {
$menu = array_pop($menus);
$menuid = $menu->id;
$this->config->menu = $menuid;
$this->instance_config_commit();
} else {
$menuid = 0;
}
}
$this->content = new stdClass();
$this->content->text = '';
$this->content->footer = '';
$menurequirelogin = $this->is_login_required($menuid);
$menuallowguest = $this->is_guest_allowed($menuid);
if ($menurequirelogin && empty($USER->loggedin) or $menurequirelogin && isguest() && !$menuallowguest) {
return $this->content;
}
$this->navidata = get_records_sql("SELECT n.pageid, n.parentid, n.title, n.isfp, n.pagename,\n n.url, n.target, p.publish, cn.requirelogin, cn.course\n FROM {$CFG->prefix}cmsnavi_data n,\n {$CFG->prefix}cmspages p,\n {$CFG->prefix}cmsnavi cn\n WHERE n.pageid = p.id AND p.publish = 1\n AND n.naviid = '{$menuid}'\n AND (cn.id = '{$menuid}')\n AND n.showinmenu = '1'\n ORDER BY sortorder");
if (empty($pageid) && !empty($pagename)) {
$pageid = get_field('cmsnavi_data', 'pageid', 'pagename', $pagename, 'naviid', $menuid);
}
$path = $this->get_path($pageid);
// Wrap it inside div element which width you can control
// with CSS styles in styles.php file.
$this->content->text .= "\n" . '<div class="cms-navi">' . "\n";
$this->construct_tree_menu(0, $path, $menuid);
$this->content->text .= '</div>' . "\n";
if (!empty($USER->editing) and !empty($pageid)) {
$toolbar = '';
$stradd = get_string('add');
$addlink = $CFG->wwwroot . '/cms/pageadd.php?id=' . $pageid . '&' . 'sesskey=' . $USER->sesskey . '&parentid=0&course=' . $COURSE->id . '';
$addicon = $CFG->wwwroot . '/cms/pix/add.gif';
$toolbar .= '<a href="' . $addlink . '" target="reorder"><img src="' . $addicon . '"' . ' width="11" height="11" alt="' . $stradd . '"' . ' title="' . $stradd . '" /></a>';
$strreorder = get_string('reorder', 'cms');
$reorderlink = $CFG->wwwroot . '/cms/reorder.php?source=' . $pageid . '&sesskey=' . $USER->sesskey;
$reordericon = $CFG->wwwroot . '/pix/t/move.gif';
$toolbar .= ' <a href="' . $reorderlink . '" target="reorder"><img src="' . $reordericon . '"' . ' width="11" height="11" alt="' . $strreorder . '"' . ' title="' . $strreorder . '" /></a>';
$this->content->footer = $toolbar;
}
return $this->content;
}
<?php
// $Id: pixgroup.php,v 1.7.8.1 2008/04/02 06:10:08 dongsheng Exp $
// This function fetches group pictures from the data directory
// Syntax: pix.php/groupid/f1.jpg or pix.php/groupid/f2.jpg
// OR: ?file=groupid/f1.jpg or ?file=groupid/f2.jpg
$nomoodlecookie = true;
// Because it interferes with caching
require_once '../config.php';
require_once $CFG->libdir . '/filelib.php';
// disable moodle specific debug messages
disable_debugging();
$relativepath = get_file_argument('pixgroup.php');
$args = explode('/', trim($relativepath, '/'));
if (count($args) == 2) {
$groupid = (int) $args[0];
$image = $args[1];
$pathname = $CFG->dataroot . '/groups/' . $groupid . '/' . $image;
} else {
$image = 'f1.png';
$pathname = $CFG->dirroot . '/pix/g/f1.png';
}
if (file_exists($pathname) and !is_dir($pathname)) {
send_file($pathname, $image);
} else {
header('HTTP/1.0 404 not found');
print_error('filenotfound', 'error');
//this is not displayed on IIS??
}
$query .= "\r\n";
$query .= $postdata;
fwrite($socket, $query);
$content = '';
while (!feof($socket)) {
$content .= fgets($socket, 128);
}
fclose($socket);
$content_splited = explode("\r\n\r\n", $content, 2);
$handle = fopen($filepath, 'w');
fwrite($handle, $content_splited[1]);
fclose($handle);
}
}
}
$relativepath = get_file_argument('wrs_showimage.php');
$args = explode('/', trim($relativepath, '/'));
if (!isset($args[0])) {
echo '<h1>Error</h1>No valid arguments supplied.';
exit;
}
$image = $args[0];
$pathname = $CFG->dataroot . '/' . $CFG->wirisimagedir . '/' . $image;
// If image doesn't exists, create it from database information
if (!file_exists($pathname)) {
$md5 = str_replace('.png', '', $image);
// Getting params from database through md5sum
if (($wrscache = get_record('cache_filters', 'filter', 'wiris', 'md5key', $md5)) !== false) {
if (!file_exists($CFG->dataroot . '/' . $CFG->wirisimagedir) and make_upload_directory($CFG->wirisimagedir) === false) {
echo '<h1>Error</h1>WIRIS cache directory could not be created.';
}
}
if (empty($CFG->langmenu)) {
$langmenu = '';
} else {
$currlang = current_language();
$langs = get_list_of_languages();
$langlabel = get_accesshide(get_string('language'));
$langmenu = popup_form($CFG->wwwroot . '/index.php?lang=', $langs, 'chooselang', $currlang, '', '', '', true, 'self', $langlabel);
}
// CMS Plugin
if (!$CFG->slasharguments) {
$pagename = optional_param('page', '', PARAM_FILE);
} else {
// Support sitelevel slasharguments
// in form /index.php/<pagename>
$relativepath = get_file_argument(basename($_SERVER['SCRIPT_FILENAME']));
if (preg_match("/^(\\/[a-z0-9\\_\\-]+)/i", $relativepath)) {
$args = explode("/", $relativepath);
$pagename = clean_param($args[1], PARAM_FILE);
}
unset($args, $relativepath);
}
if (isloggedin() and !isguest() and isset($CFG->frontpageloggedin)) {
$frontpagelayout = $CFG->frontpageloggedin;
} else {
$frontpagelayout = $CFG->frontpage;
}
if ($frontpagelayout == FRONTPAGECMS or !empty($pagename)) {
error_reporting(E_ALL);
require_once $CFG->dirroot . '/cms/view.php';
die;
<?php
// $Id$
require_once dirname(__FILE__) . '/../config.php';
require_once $CFG->libdir . '/filelib.php';
// Note: file.php always calls require_login() with $setwantsurltome=false
// in order to avoid messing redirects. MDL-14495
require_login(0, true, null, false);
$relativepath = get_file_argument('question/exportfile.php');
if (!$relativepath) {
error('No valid arguments supplied or incorrect server configuration');
}
$pathname = $CFG->dataroot . '/temp/questionexport/' . $USER->id . '/' . $relativepath;
send_temp_file($pathname, $relativepath);
if (!file_exists($docsroot . '/index.md')) {
$docsroot = $CFG->dirroot . '/question/type/stack/doc/en';
}
$docsurl = $CFG->wwwroot . '/question/type/stack/doc/doc.php';
// The URL to the directory for static content to be served by the docs
// access this string in the docs with %CONTENT.
$docscontent = $CFG->wwwroot . '/question/type/stack/doc/content';
$context = context_system::instance();
$PAGE->set_context($context);
$PAGE->set_url('/question/type/stack/doc/doc.php');
$PAGE->set_title(stack_string('stackDoc_docs'));
if (substr($_SERVER['REQUEST_URI'], -7) == 'doc.php') {
// Don't access doc.php directly, treat it like a directory instead.
$uri = '/';
} else {
$uri = get_file_argument();
}
$segs = explode('/', $uri);
$lastseg = $segs[count($segs) - 1];
// Links for the end of the page.
if ($uri == '/') {
// The docs front page at .../doc.php/.
$linkurls = array($docsurl . '/Site_map' => stack_string('stackDoc_siteMap'));
} else {
if ('/Site_map' == $uri) {
$linkurls = array($docsurl => stack_string('stackDoc_home'));
} else {
$linkurls = array($docsurl => stack_string('stackDoc_home'), './' => stack_string('stackDoc_index'), '../' => stack_string('stackDoc_parent'), $docsurl . '/Site_map' => stack_string('stackDoc_siteMap'));
}
}
$links = array();
* This script serves draft files of current user
*
* @package core
* @subpackage file
* @copyright 2008 Petr Skoda (http://skodak.org)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
// disable moodle specific debug messages and any errors in output
define('NO_DEBUG_DISPLAY', true);
require_once 'config.php';
require_once 'lib/filelib.php';
require_login();
if (isguestuser()) {
print_error('noguest');
}
$relativepath = get_file_argument();
$preview = optional_param('preview', null, PARAM_ALPHANUM);
// relative path must start with '/'
if (!$relativepath) {
print_error('invalidargorconf');
} else {
if ($relativepath[0] != '/') {
print_error('pathdoesnotstartslash');
}
}
// extract relative path components
$args = explode('/', ltrim($relativepath, '/'));
if (count($args) == 0) {
// always at least user id
print_error('invalidarguments');
}
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Generates an XML IMS Cartridge with the details for the given tool
*
* @package enrol_lti
* @copyright 2016 John Okely <*****@*****.**>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
require_once dirname(__FILE__) . '/../../config.php';
require_once $CFG->dirroot . '/lib/weblib.php';
$toolid = null;
$token = null;
$filearguments = get_file_argument();
$arguments = explode('/', trim($filearguments, '/'));
if (count($arguments) >= 2) {
// Can put cartridge.xml at the end, or anything really.
list($toolid, $token) = $arguments;
}
$toolid = optional_param('id', $toolid, PARAM_INT);
$token = optional_param('token', $token, PARAM_ALPHANUM);
// Only show the cartridge if the token parameter is correct.
// If we do not compare with a shared secret, someone could very easily
// guess an id for the enrolment.
if (!\enrol_lti\helper::verify_tool_token($toolid, $token)) {
throw new \moodle_exception('incorrecttoken', 'enrol_lti');
}
$tool = \enrol_lti\helper::get_lti_tool($toolid);
if (!is_enabled_auth('lti')) {
// Stack is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Stack. If not, see <http://www.gnu.org/licenses/>.
/**
* This script serves plot files that have been saved in the moodledata folder.
*
* @copyright 2012 The Open University
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
require_once __DIR__ . '/../../../config.php';
require_once $CFG->libdir . '/filelib.php';
$plot = $CFG->dataroot . '/stack/plots/' . clean_filename(get_file_argument());
if (!is_readable($plot)) {
header('HTTP/1.0 404 Not Found');
header('Content-Type: text/plain;charset=UTF-8');
echo 'File not found';
die;
}
// Handle If-Modified-Since.
$filedate = filemtime($plot);
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $filedate) {
header('HTTP/1.0 304 Not Modified');
die;
}
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $filedate) . ' GMT');
// Type.
header('Content-Type: ' . mimeinfo('type', 'x.png'));
