moodle/file.php

<?php // $Id$
      // This script fetches files from the dataroot directory
      //
      // You should use the get_file_url() function, available in lib/filelib.php, to link to file.php.
      // This ensures proper formatting and offers useful options.
      //
      // Syntax:      file.php/courseid/dir/dir/dir/filename.ext
      //              file.php/courseid/dir/dir/dir/filename.ext?forcedownload=1 (download instead of inline)
      //              file.php/courseid/dir (returns index.html from dir)
      // Workaround:  file.php?file=/courseid/dir/dir/dir/filename.ext
      // Test:        file.php/testslasharguments


      //TODO: Blog attachments do not have access control implemented - anybody can read them!
      //      It might be better to move the code to separate file because the access
      //      control is quite complex - see bolg/index.php

    require_once('config.php');
    require_once('lib/filelib.php');

    if (!isset($CFG->filelifetime)) {
        $lifetime = 86400;     // Seconds for files to remain in caches
    } else {
        $lifetime = $CFG->filelifetime;
    }

    // disable moodle specific debug messages
    disable_debugging();

    $relativepath = get_file_argument('file.php');
    $forcedownload = optional_param('forcedownload', 0, PARAM_BOOL);

    // relative path must start with '/', because of backup/restore!!!
    if (!$relativepath) {
        print_error('invalidargorconf');
    } else if ($relativepath{0} != '/') {
        print_error('pathdoesnotstartslash');
    }

    // extract relative path components
    $args = explode('/', ltrim($relativepath, '/'));

    if (count($args) == 0) { // always at least courseid, may search for index.html in course root
        print_error('invalidarguments');
    }

    $courseid = (int)array_shift($args);
    $relativepath = '/'.implode('/', $args);

    // security: limit access to existing course subdirectories
    if (!$course = $DB->get_record('course', array('id'=>$courseid))) {
        print_error('invalidcourseid');
    }

    if ($course->id != SITEID) {
        require_login($course->id, true, null, false);

    } else if ($CFG->forcelogin) {
        if (!empty($CFG->sitepolicy)
            and ($CFG->sitepolicy == $CFG->wwwroot.'/file.php'.$relativepath
                 or $CFG->sitepolicy == $CFG->wwwroot.'/file.php?file='.$relativepath)) {
            //do not require login for policy file
        } else {
            require_login(0, true, null, false);
        }
    }

    $context = get_context_instance(CONTEXT_COURSE, $course->id);

    $fs = get_file_storage();

    $fullpath = $context->id.'course_content0'.$relativepath;

    if (!$file = $fs->get_file_by_hash(sha1($fullpath))) {
        if (strrpos($fullpath, '/') !== strlen($fullpath) -1 ) {
            $fullpath .= '/';
        }
        if (!$file = $fs->get_file_by_hash(sha1($fullpath.'/.'))) {
            send_file_not_found();
        }
    }
    // do not serve dirs
    if ($file->get_filename() == '.') {
        if (!$file = $fs->get_file_by_hash(sha1($fullpath.'index.html'))) {
            if (!$file = $fs->get_file_by_hash(sha1($fullpath.'index.htm'))) {
                if (!$file = $fs->get_file_by_hash(sha1($fullpath.'Default.htm'))) {
                    send_file_not_found();
                }
            }
        }
    }

    // ========================================
    // finally send the file
    // ========================================
    session_write_close(); // unlock session during fileserving
    send_stored_file($file, $lifetime, $CFG->filteruploadedfiles, $forcedownload);
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`<?php // $Id$`
			`// This script fetches files from the dataroot directory`
MDL-14279: use get_file_url instead of checking $CFG->slashargument manually (merge from 1.9) 2008-07-10 09:55:11 +00:00			`//`
			`// You should use the get_file_url() function, available in lib/filelib.php, to link to file.php.`
			`// This ensures proper formatting and offers useful options.`
			`//`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`// Syntax: file.php/courseid/dir/dir/dir/filename.ext`
new parameter forcedownload; merged from MOODLE_15_STABLE 2005-07-12 08:05:42 +00:00			`// file.php/courseid/dir/dir/dir/filename.ext?forcedownload=1 (download instead of inline)`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`// file.php/courseid/dir (returns index.html from dir)`
			`// Workaround: file.php?file=/courseid/dir/dir/dir/filename.ext`
slashargument test fix 2005-02-26 20:43:30 +00:00			`// Test: file.php/testslasharguments`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00
MDL-8015 improved file uploading - changed file upload api in formslib - fixed blog attachments and related code in file.php - fixed glossary attachments - fixed embedded images in forum posts and blogs - only gif, png and jpeg; the problme was that svg were embedded using img tag which was wrong, the same applied to other picture formats unsupported by browsers (please note that student submitted svg should be never embedded in moodle page for security reasons) - other minor fixes 2006-12-28 21:21:44 +00:00
			`//TODO: Blog attachments do not have access control implemented - anybody can read them!`
			`// It might be better to move the code to separate file because the access`
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00			`// control is quite complex - see bolg/index.php`
MDL-8015 improved file uploading - changed file upload api in formslib - fixed blog attachments and related code in file.php - fixed glossary attachments - fixed embedded images in forum posts and blogs - only gif, png and jpeg; the problme was that svg were embedded using img tag which was wrong, the same applied to other picture formats unsupported by browsers (please note that student submitted svg should be never embedded in moodle page for security reasons) - other minor fixes 2006-12-28 21:21:44 +00:00
Added a file level phpdoc docblock tag. Also converted double quote strings to single quote literals. 2004-09-29 18:19:39 +00:00			`require_once('config.php');`
Call new lib/filelib.php 2005-03-07 11:34:16 +00:00			`require_once('lib/filelib.php');`
Initial revision 2001-11-22 06:23:56 +00:00
MDL-11434 $CFG->filelifetime = 0 has no effect; patch by Chris Fryer 2007-09-25 09:37:58 +00:00			`if (!isset($CFG->filelifetime)) {`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`$lifetime = 86400; // Seconds for files to remain in caches`
Cleaned up file argument processing a bit 2003-01-12 06:53:25 +00:00			`} else {`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`$lifetime = $CFG->filelifetime;`
removed moodle specific debug messages from file.php 2006-09-21 06:38:27 +00:00			`}`

debugging and error reporting level fixes and improvements MDL-6671 2006-09-23 09:38:39 +00:00			`// disable moodle specific debug messages`
			`disable_debugging();`
Changes to use a new configuration variable: CFG->slasharguments If true, then display of user pictures or filenames will use the method of providing arguments as "slash" arguments - this is much better for caching, proxies, search engines etc. Unfortunately it doesn't seem to work on some PHP installations. If false (the default), then a more compatible method is used (ie usual way of passing parameters to scripts) 2002-08-26 09:48:00 +00:00
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`$relativepath = get_file_argument('file.php');`
new parameter forcedownload; merged from MOODLE_15_STABLE 2005-07-12 08:05:42 +00:00			`$forcedownload = optional_param('forcedownload', 0, PARAM_BOOL);`
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`// relative path must start with '/', because of backup/restore!!!`
			`if (!$relativepath) {`
"MDL-14129, fix print_error call" 2008-04-30 04:09:29 +00:00			`print_error('invalidargorconf');`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`} else if ($relativepath{0} != '/') {`
"MDL-14129, fix print_error call" 2008-04-30 04:09:29 +00:00			`print_error('pathdoesnotstartslash');`
Initial revision 2001-11-22 06:23:56 +00:00			`}`

new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`// extract relative path components`
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00			`$args = explode('/', ltrim($relativepath, '/'));`

new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`if (count($args) == 0) { // always at least courseid, may search for index.html in course root`
"MDL-14129, fix print_error call" 2008-04-30 04:09:29 +00:00			`print_error('invalidarguments');`
Better error message when invalid arguments are supplied. 2002-09-05 11:56:20 +00:00			`}`
Some security fixes with directory listing 2004-03-16 07:20:00 +00:00
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00			`$courseid = (int)array_shift($args);`
			`$relativepath = '/'.implode('/', $args);`

			`// security: limit access to existing course subdirectories`
			`if (!$course = $DB->get_record('course', array('id'=>$courseid))) {`
"MDL-14129, fix print_error call" 2008-04-30 04:09:29 +00:00			`print_error('invalidcourseid');`
Merged from stable 2004-09-07 14:13:19 +00:00			`}`
Several changes related to the front page, so that it now works OK. 2001-11-25 15:48:24 +00:00
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00			`if ($course->id != SITEID) {`
New setting in require_login() to avoid certain scripts (file.php) to mess $SESSION->wantsurl. MDL-14495 ; merged from 19_STABLE 2008-04-25 18:55:36 +00:00			`require_login($course->id, true, null, false);`
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00
Use forcelogin on site files if it's defined bug 1486 2004-05-28 01:17:37 +00:00			`} else if ($CFG->forcelogin) {`
MDL-9168 nested site policy when forcelogin enabled; merged from MOODLE_18_STABLE 2007-04-02 16:13:41 +00:00			`if (!empty($CFG->sitepolicy)`
			`and ($CFG->sitepolicy == $CFG->wwwroot.'/file.php'.$relativepath`
			`or $CFG->sitepolicy == $CFG->wwwroot.'/file.php?file='.$relativepath)) {`
			`//do not require login for policy file`
			`} else {`
New setting in require_login() to avoid certain scripts (file.php) to mess $SESSION->wantsurl. MDL-14495 ; merged from 19_STABLE 2008-04-25 18:55:36 +00:00			`require_login(0, true, null, false);`
MDL-9168 nested site policy when forcelogin enabled; merged from MOODLE_18_STABLE 2007-04-02 16:13:41 +00:00			`}`
Initial revision 2001-11-22 06:23:56 +00:00			`}`

MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00			`$context = get_context_instance(CONTEXT_COURSE, $course->id);`
Initial revision 2001-11-22 06:23:56 +00:00
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00			`$fs = get_file_storage();`
SC#98 protection of uploaded files in resources, please review and test 2005-02-22 23:36:20 +00:00
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00			`$fullpath = $context->id.'course_content0'.$relativepath;`
SC#98 protection of uploaded files in resources, please review and test 2005-02-22 23:36:20 +00:00
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00			`if (!$file = $fs->get_file_by_hash(sha1($fullpath))) {`
			`if (strrpos($fullpath, '/') !== strlen($fullpath) -1 ) {`
			`$fullpath .= '/';`
			`}`
			`if (!$file = $fs->get_file_by_hash(sha1($fullpath.'/.'))) {`
MDL-14589 new file not found general function 2008-08-16 17:23:19 +00:00			`send_file_not_found();`
SC#98 protection of uploaded files in resources, please review and test 2005-02-22 23:36:20 +00:00			`}`
			`}`
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00			`// do not serve dirs`
			`if ($file->get_filename() == '.') {`
			`if (!$file = $fs->get_file_by_hash(sha1($fullpath.'index.html'))) {`
			`if (!$file = $fs->get_file_by_hash(sha1($fullpath.'index.htm'))) {`
			`if (!$file = $fs->get_file_by_hash(sha1($fullpath.'Default.htm'))) {`
MDL-14589 new file not found general function 2008-08-16 17:23:19 +00:00			`send_file_not_found();`
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00			`}`
			`}`
			`}`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`}`
file.php now calculates content-length correctly for filtered text and HTML files. Bug 1240 2004-04-26 03:41:45 +00:00
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`// ========================================`
			`// finally send the file`
			`// ========================================`
Merged from MOODLE_14_STABLE - Unlock session during fileserving. 2005-05-17 01:00:48 +00:00			`session_write_close(); // unlock session during fileserving`
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00			`send_stored_file($file, $lifetime, $CFG->filteruploadedfiles, $forcedownload);`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00
MDL-14589 initial file storage implementation, temporary file manager, migration of course files; blog conversion MDL-15905; assignment conversion MDL-15904; fromslib related file improvements MDL-15906 2008-07-31 22:15:30 +00:00