moodle/draftfile.php

<?php

// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

/**
 * This script serves draft files of current user
 *
 * @package    core
 * @subpackage file
 * @copyright  2008 Petr Skoda (http://skodak.org)
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */

// disable moodle specific debug messages and any errors in output
define('NO_DEBUG_DISPLAY', true);

require_once('config.php');
require_once('lib/filelib.php');

require_login();
if (isguestuser()) {
    throw new \moodle_exception('noguest');
}

$relativepath = get_file_argument();
$preview = optional_param('preview', null, PARAM_ALPHANUM);

// relative path must start with '/'
if (!$relativepath) {
    throw new \moodle_exception('invalidargorconf');
} else if ($relativepath[0] != '/') {
    throw new \moodle_exception('pathdoesnotstartslash');
}

// extract relative path components
$args = explode('/', ltrim($relativepath, '/'));

if (count($args) == 0) { // always at least user id
    throw new \moodle_exception('invalidarguments');
}

$contextid = (int)array_shift($args);
$component = array_shift($args);
$filearea  = array_shift($args);
$draftid   = (int)array_shift($args);

if ($component !== 'user' or $filearea !== 'draft') {
    send_file_not_found();
}

$context = context::instance_by_id($contextid);
if ($context->contextlevel != CONTEXT_USER) {
    send_file_not_found();
}

$userid = $context->instanceid;
if ($USER->id != $userid) {
    throw new \moodle_exception('invaliduserid');
}


$fs = get_file_storage();

$relativepath = implode('/', $args);
$fullpath = "/$context->id/user/draft/$draftid/$relativepath";

if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') {
    send_file_not_found();
}

// ========================================
// finally send the file
// ========================================
\core\session\manager::write_close(); // Unlock session during file serving.
send_stored_file($file, 0, false, true, array('preview' => $preview)); // force download - security first!
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`<?php`

			`// This file is part of Moodle - http://moodle.org/`
			`//`
			`// Moodle is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// Moodle is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU General Public License`
			`// along with Moodle. If not, see <http://www.gnu.org/licenses/>.`

			`/**`
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:52:00 +00:00			`* This script serves draft files of current user`
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`*`
MDL-22950 adding new component column to the files table, unfortunately this change requires changes in all 2.0dev code, please review all custom code that was already upgraded to 2.0; fixing multiple problems and regressions in mod/assignment 2010-07-03 13:37:13 +00:00			`* @package core`
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`* @subpackage file`
			`* @copyright 2008 Petr Skoda (http://skodak.org)`
			`* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later`
			`*/`

MDL-20693 new NO_DEBUG_DISPLAY define 2009-10-31 22:02:05 +00:00			`// disable moodle specific debug messages and any errors in output`
			`define('NO_DEBUG_DISPLAY', true);`

MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`require_once('config.php');`
			`require_once('lib/filelib.php');`

			`require_login();`
			`if (isguestuser()) {`
MDL-71062 core: Step 1 deprecation of print_error function 2022-04-12 09:38:41 +05:30			`throw new \moodle_exception('noguest');`
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`}`

			`$relativepath = get_file_argument();`
MDL-31901 draftfile.php supports the preview parameter 2012-05-12 16:20:40 +02:00			`$preview = optional_param('preview', null, PARAM_ALPHANUM);`
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00
			`// relative path must start with '/'`
			`if (!$relativepath) {`
MDL-71062 core: Step 1 deprecation of print_error function 2022-04-12 09:38:41 +05:30			`throw new \moodle_exception('invalidargorconf');`
MDL-66965 core: php74 curly 2 square braces changes Note this only modified core files, still there are a lot of curly brace uses but all them are within 3rd part libraries and will be handled apart. 2019-10-19 20:52:24 +02:00			`} else if ($relativepath[0] != '/') {`
MDL-71062 core: Step 1 deprecation of print_error function 2022-04-12 09:38:41 +05:30			`throw new \moodle_exception('pathdoesnotstartslash');`
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`}`

			`// extract relative path components`
			`$args = explode('/', ltrim($relativepath, '/'));`

			`if (count($args) == 0) { // always at least user id`
MDL-71062 core: Step 1 deprecation of print_error function 2022-04-12 09:38:41 +05:30			`throw new \moodle_exception('invalidarguments');`
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`}`

			`$contextid = (int)array_shift($args);`
MDL-22950 adding new component column to the files table, unfortunately this change requires changes in all 2.0dev code, please review all custom code that was already upgraded to 2.0; fixing multiple problems and regressions in mod/assignment 2010-07-03 13:37:13 +00:00			`$component = array_shift($args);`
			`$filearea = array_shift($args);`
			`$draftid = (int)array_shift($args);`

			`if ($component !== 'user' or $filearea !== 'draft') {`
			`send_file_not_found();`
			`}`
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00
MDL-34549 libraries: Replace get_context_instance_by_id() by context::instance_by_id() 2012-08-21 14:20:30 +08:00			`$context = context::instance_by_id($contextid);`
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`if ($context->contextlevel != CONTEXT_USER) {`
MDL-22950 adding new component column to the files table, unfortunately this change requires changes in all 2.0dev code, please review all custom code that was already upgraded to 2.0; fixing multiple problems and regressions in mod/assignment 2010-07-03 13:37:13 +00:00			`send_file_not_found();`
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`}`

			`$userid = $context->instanceid;`
			`if ($USER->id != $userid) {`
MDL-71062 core: Step 1 deprecation of print_error function 2022-04-12 09:38:41 +05:30			`throw new \moodle_exception('invaliduserid');`
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`}`

MDL-15919 oops, reverting previous commit - not finished yet 2008-09-06 21:16:59 +00:00
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`$fs = get_file_storage();`
This makes draft files appear inHTML editor etc It's almost an exact copy of userfile.php 2008-08-29 06:03:52 +00:00
MDL-22950 adding new component column to the files table, unfortunately this change requires changes in all 2.0dev code, please review all custom code that was already upgraded to 2.0; fixing multiple problems and regressions in mod/assignment 2010-07-03 13:37:13 +00:00			`$relativepath = implode('/', $args);`
			`$fullpath = "/$context->id/user/draft/$draftid/$relativepath";`
This makes draft files appear inHTML editor etc It's almost an exact copy of userfile.php 2008-08-29 06:03:52 +00:00
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') {`
			`send_file_not_found();`
			`}`
This makes draft files appear inHTML editor etc It's almost an exact copy of userfile.php 2008-08-29 06:03:52 +00:00
MDL-18111 improving file api comments and docs, fixing license header 2009-05-21 09:50:04 +00:00			`// ========================================`
			`// finally send the file`
			`// ========================================`
MDL-31501 rework user session architecture List of changes: * New OOP API using PHP namespace \core\session\. * All handlers now update the sessions table consistently. * Experimental DB session support in Oracle. * Full support for session file handler (filesystem locking required). * New option for alternative session directory. * Official memcached session handler support. * Workaround for memcached version with non-functional gc. * Improved security - forced session id regeneration. * Improved compatibility with recent PHP releases. * Fixed borked CSS during install in debug mode. * Switched to file based sessions in new installs. * DB session setting disappears if DB does not support sessions. * DB session setting disappears if session handler specified in config.php. * Fast purging of sessions used in request only. * No legacy distinction - file, database and memcached support the same functionality. * Session handler name included in performance info. * Fixed user_loggedin and user_loggedout event triggering. * Other minor bugfixing and improvements. * Fixed database session segfault if MUC disposed before $DB. Limitations: * Session access time is now updated right after session start. * Support for $CFG->sessionlockloggedinonly was removed. * First request does not update userid in sessions table. * The timeouts may break badly if server hosting forces PHP.ini session settings. * The session GC is a lot slower, we do not rely on external session timeouts. * There cannot be any hooks triggered at the session write time. * File and memcached handlers do not support session lock acquire timeouts. * Some low level PHP session functions can not be used directly in Moodle code. 2013-09-08 08:38:52 +02:00			`\core\session\manager::write_close(); // Unlock session during file serving.`
MDL-31901 draftfile.php supports the preview parameter 2012-05-12 16:20:40 +02:00			`send_stored_file($file, 0, false, true, array('preview' => $preview)); // force download - security first!`