/** * This method parses the $_POST and $_GET superglobals and looks for the following information: * - User authentication parameters: * - Username + password (wsusername and wspassword), or * - Token (wstoken) */ protected function parse_request() { // Retrieve and clean the POST/GET parameters from the parameters specific to the server. parent::set_web_service_call_settings(); if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) { $this->username = optional_param('wsusername', null, PARAM_RAW); $this->password = optional_param('wspassword', null, PARAM_RAW); if (!$this->username or !$this->password) { // Workaround for the trouble with & in soap urls. $authdata = get_file_argument(); $authdata = explode('/', trim($authdata, '/')); if (count($authdata) == 2) { list($this->username, $this->password) = $authdata; } } $this->serverurl = new moodle_url('/webservice/soap/simpleserver.php/' . $this->username . '/' . $this->password); } else { $this->token = optional_param('wstoken', null, PARAM_RAW); $this->serverurl = new moodle_url('/webservice/soap/server.php'); $this->serverurl->param('wstoken', $this->token); } if ($wsdl = optional_param('wsdl', 0, PARAM_INT)) { $this->wsdlmode = true; } }
/** * Run REST server */ public function run() { $enable = $this->get_enable(); if (empty($enable)) { die; } require_once 'locallib.php'; //retrieve path and function name from the URL $rest_arguments = get_file_argument('server.php'); header("Content-type: text/xml"); echo call_moodle_function($rest_arguments); }
// It might be better to move the code to separate file because the access // control is quite complex - see bolg/index.php require_once '../../../config.php'; require_once '../../../lib/filelib.php'; // eMail - Toni Mas require_once $CFG->dirroot . '/blocks/email_list/email/email.class.php'; // Alert! FIXME if (!isset($CFG->filelifetime)) { $lifetime = 86400; // Seconds for files to remain in caches } else { $lifetime = $CFG->filelifetime; } // disable moodle specific debug messages disable_debugging(); $relativepath = get_file_argument('file.php'); $forcedownload = optional_param('forcedownload', 0, PARAM_BOOL); // relative path must start with '/', because of backup/restore!!! if (!$relativepath) { error('No valid arguments supplied or incorrect server configuration'); } else { if ($relativepath[0] != '/') { error('No valid arguments supplied, path does not start with slash!'); } } $pathname = $CFG->dataroot . $relativepath; // extract relative path components $args = explode('/', trim($relativepath, '/')); if (count($args) == 0) { // always at least courseid, may search for index.html in course root error('No valid arguments supplied');
<?php require_once '../../config.php'; require_once $CFG->libdir . '/filelib.php'; require_once 'lib.php'; disable_debugging(); $argument = get_file_argument('pic.php'); $thumb = optional_param('thumb', 0, PARAM_BOOL); $forcedownload = optional_param('forcedownload', 0, PARAM_BOOL); if (!$argument) { error('No valid arguments supplied or incorrect server configuration'); } else { if ($argument[0] != '/') { error('No valid arguments supplied, path does not start with slash!'); } } $args = explode('/', trim($argument, '/')); if (count($args) < 2) { error('Not enough valid arguments supplied'); } if (!($gallery = get_record('lightboxgallery', 'id', $args[0]))) { error('Course module is incorrect'); } if (!($course = get_record('course', 'id', $gallery->course))) { error('Course is misconfigured'); } if (!($gallery->ispublic || lightboxgallery_rss_enabled() && $gallery->rss)) { require_login($course->id); } $filename = clean_param($args[1], PARAM_PATH); if ($thumb) {
/** * This method parses the $_POST and $_GET superglobals and looks for * the following information: * user authentication - username+password or token (wsusername, wspassword and wstoken parameters) */ protected function parse_request() { parent::parse_request(); if (!$this->username or !$this->password) { //note: this is the workaround for the trouble with & in soap urls $authdata = get_file_argument(); $authdata = explode('/', trim($authdata, '/')); if (count($authdata) == 2) { list($this->username, $this->password) = $authdata; } } }
<?php // based on /user/pix.php require_once '../../config.php'; require_once dirname(__FILE__) . '/dblib.php'; require_once $CFG->libdir . '/filelib.php'; if (!empty($CFG->forcelogin) and !isloggedin()) { // protect images if login required and not logged in; // do not use require_login() because it is expensive and not suitable here anyway redirect('img/error.png'); } // disable moodle specific debug messages disable_debugging(); $relativepath = get_file_argument('download.php'); $args = explode('/', trim($relativepath, '/')); if (count($args) == 2) { $pathname = $CFG->dataroot . '/user/d0' . $relativepath; $lifetime = 0; /// Verify role assignment of the student in the specified course $pos = strrpos($args[1], '.pdf'); $coursename = substr($args[1], 0, $pos); $user = get_record('user', 'id', $args[0]); if ($user === false) { redirect('img/error.png'); } $course = get_record('course', 'fullname', $coursename); if ($course === false) { redirect('img/error.png'); } $validdip = get_record('diplome_diploma', 'userid', $user->id, 'courseid', $course->id); $validra = get_valid_roleassign((int) $args[0], $course->id);
* requests are set to never expire from cache, to improve performance. Only * files within the 'tinymce' folder of the plugin will be served. * * Note there are no access checks in this script - you do not have to be * logged in to retrieve the plugin resource files. * * @package editor_tinymce * @copyright 2012 The Open University * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ define('NO_MOODLE_COOKIES', true); require_once '../../../../config.php'; require_once $CFG->dirroot . '/lib/filelib.php'; require_once $CFG->dirroot . '/lib/jslib.php'; // Safely get slash params (cleaned using PARAM_PATH, without /../). $path = get_file_argument(); // Param must be of the form [plugin]/[version]/[path] where path is a relative // path inside the plugin tinymce folder. $matches = array(); if (!preg_match('~^/([a-z0-9_]+)/((?:[0-9.]+)|-1)(/.*)$~', $path, $matches)) { print_error('filenotfound'); } list($junk, $tinymceplugin, $version, $innerpath) = $matches; // Note that version number is totally ignored, user can specify anything, // except for the difference between '-1' and anything else. // Check the file exists. $pluginfolder = $CFG->dirroot . '/lib/editor/tinymce/plugins/' . $tinymceplugin; $file = $pluginfolder . '/tinymce' . $innerpath; if (!file_exists($file)) { print_error('filenotfound'); }
// Syntax: // Files in the portfolio: // portfoliofile.php/files/$userid/$portfolioid/filename.ext // Exported SCORM-File (user has to be logged in) // portfoliofile.php/temp/export/$userid/filename.ext require_once dirname(__FILE__) . '/inc.php'; require_once dirname(__FILE__) . '/lib/sharelib.php'; if (empty($CFG->filelifetime)) { $lifetime = 86400; // Seconds for files to remain in caches } else { $lifetime = $CFG->filelifetime; } // disable moodle specific debug messages disable_debugging(); $relativepath = get_file_argument('portfoliofile.php'); // the check of the parameter to PARAM_PATH is executed inside get_file_argument $access = optional_param('access', 0, PARAM_TEXT); $itemid = optional_param('itemid', 0, PARAM_INT); require_login(); if ($access && $itemid) { $item = block_exabis_eportfolio_get_item($itemid, $access); if (!$item || $item->type != 'file' || !$item->attachment) { error('No valid arguments supplied'); } $filepath = $CFG->dataroot . '/' . block_exabis_eportfolio_file_area_name($item) . '/' . $item->attachment; } else { if (!$relativepath) { error('No valid arguments supplied or incorrect server configuration'); } else { if ($relativepath[0] != '/') {
/** * Run Zend SOAP server * @global <type> $CFG * @global <type> $USER */ public function run() { $enable = $this->get_enable(); if (empty($enable)) { die; } global $CFG; include "Zend/Loader.php"; Zend_Loader::registerAutoload(); // retrieve the token from the url // if the token doesn't exist, set a class containing only get_token() $token = optional_param('token', null, PARAM_ALPHANUM); ///this is a hack, because there is a bug in Zend framework (http://framework.zend.com/issues/browse/ZF-5736) if (empty($token)) { $relativepath = get_file_argument(); $args = explode('/', trim($relativepath, '/')); if (count($args) == 2) { $token = (int) $args[0]; $classpath = $args[1]; } } if (empty($token)) { if (isset($_GET['wsdl'])) { $autodiscover = new Zend_Soap_AutoDiscover(); /* $autodiscover->setComplexTypeStrategy('Zend_Soap_Wsdl_Strategy_ArrayOfTypeComplex'); $autodiscover->setOperationBodyStyle( array('use' => 'literal', 'namespace' => $CFG->wwwroot) ); $autodiscover->setBindingStyle( array('style' => 'rpc') ); */ $autodiscover->setClass('ws_authentication'); $autodiscover->handle(); } else { $soap = new Zend_Soap_Server($CFG->wwwroot . "/webservice/soap/server.php?wsdl"); // this current file here $soap->registerFaultException('moodle_exception'); $soap->setClass('ws_authentication'); $soap->handle(); } } else { // if token exist, do the authentication here /// TODO: following function will need to be modified $user = webservice_lib::mock_check_token($token); if (empty($user)) { throw new moodle_exception('wrongidentification'); } else { /// TODO: probably change this global $USER; $USER = $user; } //retrieve the api name if (empty($classpath)) { $classpath = optional_param('classpath', null, PARAM_ALPHANUM); } require_once dirname(__FILE__) . '/../../' . $classpath . '/external.php'; /// run the server if (isset($_GET['wsdl'])) { $autodiscover = new Zend_Soap_AutoDiscover(); //this is a hack, because there is a bug in Zend framework (http://framework.zend.com/issues/browse/ZF-5736) $autodiscover->setUri($CFG->wwwroot . "/webservice/soap/server.php/" . $token . "/" . $classpath); $autodiscover->setClass($classpath . "_external"); $autodiscover->handle(); } else { $soap = new Zend_Soap_Server($CFG->wwwroot . "/webservice/soap/server.php?token=" . $token . "&classpath=" . $classpath . "&wsdl"); // this current file here $soap->setClass($classpath . "_external"); $soap->registerFaultException('moodle_exception'); $soap->handle(); } } }
function get_content() { global $CFG, $USER, $SITE, $COURSE; if ($this->content !== NULL) { return $this->content; } $pagename = optional_param('page', '', PARAM_FILE); $pageid = optional_param('pid', 0, PARAM_INT); if (defined('SITEID') && SITEID == $this->instance->pageid && $CFG->slasharguments) { // Support sitelevel slasharguments // in form /index.php/<pagename> $relativepath = get_file_argument(basename($_SERVER['SCRIPT_FILENAME'])); if (preg_match("/^(\\/[a-z0-9\\_\\-]+)/i", $relativepath)) { $args = explode("/", $relativepath); $pagename = clean_param($args[1], PARAM_FILE); } unset($args, $relativepath); } // set menuid according to block configuration or if no menu has been configured yet use // the first available menu if it exists if (!empty($this->config->menu)) { $menuid = intval($this->config->menu); } else { if ($menus = get_records('cmsnavi', 'course', $this->instance->pageid, 'id ASC')) { $menu = array_pop($menus); $menuid = $menu->id; $this->config->menu = $menuid; $this->instance_config_commit(); } else { $menuid = 0; } } $this->content = new stdClass(); $this->content->text = ''; $this->content->footer = ''; $menurequirelogin = $this->is_login_required($menuid); $menuallowguest = $this->is_guest_allowed($menuid); if ($menurequirelogin && empty($USER->loggedin) or $menurequirelogin && isguest() && !$menuallowguest) { return $this->content; } $this->navidata = get_records_sql("SELECT n.pageid, n.parentid, n.title, n.isfp, n.pagename,\n n.url, n.target, p.publish, cn.requirelogin, cn.course\n FROM {$CFG->prefix}cmsnavi_data n,\n {$CFG->prefix}cmspages p,\n {$CFG->prefix}cmsnavi cn\n WHERE n.pageid = p.id AND p.publish = 1\n AND n.naviid = '{$menuid}'\n AND (cn.id = '{$menuid}')\n AND n.showinmenu = '1'\n ORDER BY sortorder"); if (empty($pageid) && !empty($pagename)) { $pageid = get_field('cmsnavi_data', 'pageid', 'pagename', $pagename, 'naviid', $menuid); } $path = $this->get_path($pageid); // Wrap it inside div element which width you can control // with CSS styles in styles.php file. $this->content->text .= "\n" . '<div class="cms-navi">' . "\n"; $this->construct_tree_menu(0, $path, $menuid); $this->content->text .= '</div>' . "\n"; if (!empty($USER->editing) and !empty($pageid)) { $toolbar = ''; $stradd = get_string('add'); $addlink = $CFG->wwwroot . '/cms/pageadd.php?id=' . $pageid . '&' . 'sesskey=' . $USER->sesskey . '&parentid=0&course=' . $COURSE->id . ''; $addicon = $CFG->wwwroot . '/cms/pix/add.gif'; $toolbar .= '<a href="' . $addlink . '" target="reorder"><img src="' . $addicon . '"' . ' width="11" height="11" alt="' . $stradd . '"' . ' title="' . $stradd . '" /></a>'; $strreorder = get_string('reorder', 'cms'); $reorderlink = $CFG->wwwroot . '/cms/reorder.php?source=' . $pageid . '&sesskey=' . $USER->sesskey; $reordericon = $CFG->wwwroot . '/pix/t/move.gif'; $toolbar .= ' <a href="' . $reorderlink . '" target="reorder"><img src="' . $reordericon . '"' . ' width="11" height="11" alt="' . $strreorder . '"' . ' title="' . $strreorder . '" /></a>'; $this->content->footer = $toolbar; } return $this->content; }
<?php // $Id: pixgroup.php,v 1.7.8.1 2008/04/02 06:10:08 dongsheng Exp $ // This function fetches group pictures from the data directory // Syntax: pix.php/groupid/f1.jpg or pix.php/groupid/f2.jpg // OR: ?file=groupid/f1.jpg or ?file=groupid/f2.jpg $nomoodlecookie = true; // Because it interferes with caching require_once '../config.php'; require_once $CFG->libdir . '/filelib.php'; // disable moodle specific debug messages disable_debugging(); $relativepath = get_file_argument('pixgroup.php'); $args = explode('/', trim($relativepath, '/')); if (count($args) == 2) { $groupid = (int) $args[0]; $image = $args[1]; $pathname = $CFG->dataroot . '/groups/' . $groupid . '/' . $image; } else { $image = 'f1.png'; $pathname = $CFG->dirroot . '/pix/g/f1.png'; } if (file_exists($pathname) and !is_dir($pathname)) { send_file($pathname, $image); } else { header('HTTP/1.0 404 not found'); print_error('filenotfound', 'error'); //this is not displayed on IIS?? }
$query .= "\r\n"; $query .= $postdata; fwrite($socket, $query); $content = ''; while (!feof($socket)) { $content .= fgets($socket, 128); } fclose($socket); $content_splited = explode("\r\n\r\n", $content, 2); $handle = fopen($filepath, 'w'); fwrite($handle, $content_splited[1]); fclose($handle); } } } $relativepath = get_file_argument('wrs_showimage.php'); $args = explode('/', trim($relativepath, '/')); if (!isset($args[0])) { echo '<h1>Error</h1>No valid arguments supplied.'; exit; } $image = $args[0]; $pathname = $CFG->dataroot . '/' . $CFG->wirisimagedir . '/' . $image; // If image doesn't exists, create it from database information if (!file_exists($pathname)) { $md5 = str_replace('.png', '', $image); // Getting params from database through md5sum if (($wrscache = get_record('cache_filters', 'filter', 'wiris', 'md5key', $md5)) !== false) { if (!file_exists($CFG->dataroot . '/' . $CFG->wirisimagedir) and make_upload_directory($CFG->wirisimagedir) === false) { echo '<h1>Error</h1>WIRIS cache directory could not be created.'; }
} if (empty($CFG->langmenu)) { $langmenu = ''; } else { $currlang = current_language(); $langs = get_list_of_languages(); $langlabel = get_accesshide(get_string('language')); $langmenu = popup_form($CFG->wwwroot . '/index.php?lang=', $langs, 'chooselang', $currlang, '', '', '', true, 'self', $langlabel); } // CMS Plugin if (!$CFG->slasharguments) { $pagename = optional_param('page', '', PARAM_FILE); } else { // Support sitelevel slasharguments // in form /index.php/<pagename> $relativepath = get_file_argument(basename($_SERVER['SCRIPT_FILENAME'])); if (preg_match("/^(\\/[a-z0-9\\_\\-]+)/i", $relativepath)) { $args = explode("/", $relativepath); $pagename = clean_param($args[1], PARAM_FILE); } unset($args, $relativepath); } if (isloggedin() and !isguest() and isset($CFG->frontpageloggedin)) { $frontpagelayout = $CFG->frontpageloggedin; } else { $frontpagelayout = $CFG->frontpage; } if ($frontpagelayout == FRONTPAGECMS or !empty($pagename)) { error_reporting(E_ALL); require_once $CFG->dirroot . '/cms/view.php'; die;
<?php // $Id$ require_once dirname(__FILE__) . '/../config.php'; require_once $CFG->libdir . '/filelib.php'; // Note: file.php always calls require_login() with $setwantsurltome=false // in order to avoid messing redirects. MDL-14495 require_login(0, true, null, false); $relativepath = get_file_argument('question/exportfile.php'); if (!$relativepath) { error('No valid arguments supplied or incorrect server configuration'); } $pathname = $CFG->dataroot . '/temp/questionexport/' . $USER->id . '/' . $relativepath; send_temp_file($pathname, $relativepath);
if (!file_exists($docsroot . '/index.md')) { $docsroot = $CFG->dirroot . '/question/type/stack/doc/en'; } $docsurl = $CFG->wwwroot . '/question/type/stack/doc/doc.php'; // The URL to the directory for static content to be served by the docs // access this string in the docs with %CONTENT. $docscontent = $CFG->wwwroot . '/question/type/stack/doc/content'; $context = context_system::instance(); $PAGE->set_context($context); $PAGE->set_url('/question/type/stack/doc/doc.php'); $PAGE->set_title(stack_string('stackDoc_docs')); if (substr($_SERVER['REQUEST_URI'], -7) == 'doc.php') { // Don't access doc.php directly, treat it like a directory instead. $uri = '/'; } else { $uri = get_file_argument(); } $segs = explode('/', $uri); $lastseg = $segs[count($segs) - 1]; // Links for the end of the page. if ($uri == '/') { // The docs front page at .../doc.php/. $linkurls = array($docsurl . '/Site_map' => stack_string('stackDoc_siteMap')); } else { if ('/Site_map' == $uri) { $linkurls = array($docsurl => stack_string('stackDoc_home')); } else { $linkurls = array($docsurl => stack_string('stackDoc_home'), './' => stack_string('stackDoc_index'), '../' => stack_string('stackDoc_parent'), $docsurl . '/Site_map' => stack_string('stackDoc_siteMap')); } } $links = array();
* This script serves draft files of current user * * @package core * @subpackage file * @copyright 2008 Petr Skoda (http://skodak.org) * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ // disable moodle specific debug messages and any errors in output define('NO_DEBUG_DISPLAY', true); require_once 'config.php'; require_once 'lib/filelib.php'; require_login(); if (isguestuser()) { print_error('noguest'); } $relativepath = get_file_argument(); $preview = optional_param('preview', null, PARAM_ALPHANUM); // relative path must start with '/' if (!$relativepath) { print_error('invalidargorconf'); } else { if ($relativepath[0] != '/') { print_error('pathdoesnotstartslash'); } } // extract relative path components $args = explode('/', ltrim($relativepath, '/')); if (count($args) == 0) { // always at least user id print_error('invalidarguments'); }
// GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with Moodle. If not, see <http://www.gnu.org/licenses/>. /** * Generates an XML IMS Cartridge with the details for the given tool * * @package enrol_lti * @copyright 2016 John Okely <*****@*****.**> * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ require_once dirname(__FILE__) . '/../../config.php'; require_once $CFG->dirroot . '/lib/weblib.php'; $toolid = null; $token = null; $filearguments = get_file_argument(); $arguments = explode('/', trim($filearguments, '/')); if (count($arguments) >= 2) { // Can put cartridge.xml at the end, or anything really. list($toolid, $token) = $arguments; } $toolid = optional_param('id', $toolid, PARAM_INT); $token = optional_param('token', $token, PARAM_ALPHANUM); // Only show the cartridge if the token parameter is correct. // If we do not compare with a shared secret, someone could very easily // guess an id for the enrolment. if (!\enrol_lti\helper::verify_tool_token($toolid, $token)) { throw new \moodle_exception('incorrecttoken', 'enrol_lti'); } $tool = \enrol_lti\helper::get_lti_tool($toolid); if (!is_enabled_auth('lti')) {
// Stack is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with Stack. If not, see <http://www.gnu.org/licenses/>. /** * This script serves plot files that have been saved in the moodledata folder. * * @copyright 2012 The Open University * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ require_once __DIR__ . '/../../../config.php'; require_once $CFG->libdir . '/filelib.php'; $plot = $CFG->dataroot . '/stack/plots/' . clean_filename(get_file_argument()); if (!is_readable($plot)) { header('HTTP/1.0 404 Not Found'); header('Content-Type: text/plain;charset=UTF-8'); echo 'File not found'; die; } // Handle If-Modified-Since. $filedate = filemtime($plot); if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $filedate) { header('HTTP/1.0 304 Not Modified'); die; } header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $filedate) . ' GMT'); // Type. header('Content-Type: ' . mimeinfo('type', 'x.png'));