From e359234d0f529cc87589f89df072d31bc9c5523b Mon Sep 17 00:00:00 2001
From: moodler <moodler>
Date: Tue, 9 Mar 2004 06:20:11 +0000
Subject: [PATCH] Fix for bug 1106

When resource_filterexternalpages are turned on then uploaded HTML
files are also now filtered properly.
---
 mod/resource/fetch.php | 50 ++++++++++++++++++++++++++++++++++++++----
 mod/resource/view.php  |  2 +-
 2 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/mod/resource/fetch.php b/mod/resource/fetch.php
index e5722cffc79..9ce62b58c12 100644
--- a/mod/resource/fetch.php
+++ b/mod/resource/fetch.php
@@ -3,8 +3,9 @@
     require_once("../../config.php");
     require_once("lib.php");
  
-    require_variable($id);    // Course Module ID
-    require_variable($url);   // url to fetch
+    require_variable($id);     // Course Module ID
+    optional_variable($url);   // url to fetch, or
+    optional_variable($file);  // file to fetch
     
     if (! $cm = get_record("course_modules", "id", $id)) {
         error("Course Module ID was incorrect");
@@ -18,7 +19,48 @@
         error("Resource ID was incorrect");
     }
 
-    $content = resource_fetch_remote_file($cm, $url);
+    if ($url) {
+
+        $content = resource_fetch_remote_file($cm, $url);
+
+        echo format_text($content->results, FORMAT_HTML);
+
+    } else if ($file) {
+
+        $pathinfo = urldecode($file);
     
-    echo format_text($content->results,FORMAT_HTML);
+        if (! $args = parse_slash_arguments($pathinfo)) {
+            error("No valid arguments supplied");
+        }
+    
+        $numargs = count($args);
+        $courseid = (integer)$args[0];
+
+        if ($courseid != $course->id) {      // Light security check
+            error("Course IDs don't match");
+        }
+    
+        if ($course->category) {
+            require_login($courseid);
+        }
+    
+        $pathname = "$CFG->dataroot$pathinfo";
+        $filename = $args[$numargs-1];
+    
+        if (file_exists($pathname)) {
+            $lastmodified = filemtime($pathname);
+    
+            header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
+            header("Pragma: ");
+            header("Content-disposition: inline; filename=$filename");
+            header("Content-length: ".filesize($pathname));
+            header("Content-type: text/html");
+
+            $content = implode('', file($pathname));
+            echo format_text($content, FORMAT_HTML);
+
+        } else {
+            error("Sorry, but the file you are looking for was not found ($pathname)", "course/view.php?id=$courseid");
+        }
+    }
 ?>
diff --git a/mod/resource/view.php b/mod/resource/view.php
index dfb3f64ff64..ef1f834072c 100644
--- a/mod/resource/view.php
+++ b/mod/resource/view.php
@@ -166,7 +166,7 @@
             $fullurl = "$CFG->wwwroot$relativeurl";
 
             if ($CFG->resource_filterexternalpages and $resourcetype == "html") {
-                $fullurl = "$CFG->wwwroot/mod/resource/fetch.php?id=$cm->id&url=$fullurl";
+                $fullurl = "$CFG->wwwroot/mod/resource/fetch.php?id=$cm->id&file=/$course->id/$resource->reference";
             }