navigation_node::override_active_url(new moodle_url('/local/amos/stage.php'));
$PAGE->set_title('AMOS ' . get_string('importfile', 'local_amos'));
$PAGE->set_heading('AMOS ' . get_string('importfile', 'local_amos'));
$importform = new local_amos_importfile_form(null, local_amos_importfile_options());
if ($data = $importform->get_data() and has_capability('local/amos:stage', get_system_context())) {
$tmpdir = $CFG->dataroot . '/amos/temp/import-uploads/' . $USER->id;
check_dir_exists($tmpdir);
$filenameorig = basename($importform->get_new_filename('importfile'));
$filename = $filenameorig . '-' . md5(time() . '-' . $USER->id . '-' . random_string(20));
$pathname = $tmpdir . '/' . $filename;
if ($importform->save_file('importfile', $pathname)) {
if (substr($filenameorig, -4) === '.php') {
$name = mlang_component::name_from_filename($filenameorig);
$version = mlang_version::by_code($data->version);
$component = new mlang_component($name, $data->language, $version);
$parser = mlang_parser_factory::get_parser('php');
try {
$parser->parse(file_get_contents($pathname), $component);
} catch (mlang_parser_exception $e) {
notice($e->getMessage(), new moodle_url('/local/amos/stage.php'));
}
$encomponent = mlang_component::from_snapshot($component->name, 'en', $version);
$component->intersect($encomponent);
if (!$component->has_string()) {
notice(get_string('nostringtoimport', 'local_amos'), new moodle_url('/local/amos/stage.php'));
}
$stage = mlang_persistent_stage::instance_for_user($USER->id, sesskey());
$stage->add($component, true);
$stage->store();
mlang_stash::autosave($stage);
} else {
public function test_php_parser_security_variable_expansion()
{
// security issues
$parser = mlang_parser_factory::get_parser('php');
$data = '<?php $string[\'dbpass\'] = $CFG->dbpass;';
// this would give the user sensitive data about AMOS portal
$component = new mlang_component('test', 'xx', mlang_version::by_branch('MOODLE_20_STABLE'));
$this->expectException('mlang_parser_exception');
$parser->parse($data, $component);
}
