From ff092320a7ef28aaa86a65f990042a7ea4640df0 Mon Sep 17 00:00:00 2001
From: Juan Leyva <juanleyvadelgado@gmail.com>
Date: Wed, 15 Jun 2016 09:33:01 +0100
Subject: [PATCH] MDL-54867 webservice: Document webservice/upload.php
 deprecation

The 'private' file area is not supported anymore, only 'draft' is
supported right now.
---
 webservice/upgrade.txt |  4 ++++
 webservice/upload.php  | 30 +++++-------------------------
 2 files changed, 9 insertions(+), 25 deletions(-)

diff --git a/webservice/upgrade.txt b/webservice/upgrade.txt
index 5159d50f118..924cc8ac716 100644
--- a/webservice/upgrade.txt
+++ b/webservice/upgrade.txt
@@ -6,6 +6,8 @@ This information is intended for authors of webservices, not people writing webs
 === 3.2 ===
 
 * webservice->get_external_functions now returns the external function list ordered by name ASC.
+* The filearea optional parameter has been removed from webservice/upload.php.
+  Since Moodle 3.1 all the uploads go to the draft area.
 
 === 3.1 ===
 
@@ -23,6 +25,8 @@ This information is intended for authors of webservices, not people writing webs
 * As mentioned in the 2.9 notes, deprecated web service functions have now been removed.
 * Since our new XML-RPC server implementation does not support introspection, it is critical that all clients send
   parameters in the correct order.
+* File uploading to the user private file area via the webservice/upload.php script is not supported anymore.
+  Only uploads to the draft area are allowed.
 
 === 3.0 ===
 
diff --git a/webservice/upload.php b/webservice/upload.php
index e4fb7b5fa7a..13f8b0a3980 100644
--- a/webservice/upload.php
+++ b/webservice/upload.php
@@ -16,18 +16,15 @@
 
 
 /**
- * Accept uploading files by web service token
+ * Accept uploading files by web service token to the user draft file area.
  *
  * POST params:
  *  token => the web service user token (needed for authentication)
- *  filepath => the private file aera path (where files will be stored)
+ *  filepath => file path (where files will be stored)
  *  [_FILES] => for example you can send the files with <input type=file>,
  *              or with curl magic: 'file_1' => '@/path/to/file', or ...
- *  filearea => 'private' or 'draft' (default = 'private'). These are the only 2 areas we are allowing
- *              direct uploads via webservices. The private file area is deprecated - please don't use it.
- *  itemid   => For draft areas this is the draftid - this can be used to add a list of files
+ *  itemid   => The draftid - this can be used to add a list of files
  *              to a draft area in separate requests. If it is 0, a new draftid will be generated.
- *              For private files, this is ignored.
  *
  * @package    core_webservice
  * @copyright  2011 Dongsheng Cai <dongsheng@moodle.com>
@@ -47,10 +44,6 @@ define('NO_MOODLE_COOKIES', true);
 require_once(__DIR__ . '/../config.php');
 require_once($CFG->dirroot . '/webservice/lib.php');
 $filepath = optional_param('filepath', '/', PARAM_PATH);
-// The default file area is 'private' for user private files. This
-// area is actually deprecated and only supported for backwards compatibility with
-// the mobile app.
-$filearea = optional_param('filearea', 'private', PARAM_ALPHA);
 $itemid = optional_param('itemid', 0, PARAM_INT);
 
 echo $OUTPUT->header();
@@ -64,20 +57,8 @@ if ($fileuploaddisabled) {
     throw new webservice_access_exception('Web service file upload must be enabled in external service settings');
 }
 
-// check the user can manage his own files (can upload)
 $context = context_user::instance($USER->id);
 
-// Allow allways to upload files to the draft area, no matter if the user can't manage his own files.
-// Files required by other webservices (like mod_assign ones) must be uploaded to the draft area.
-if ($filearea === 'private') {
-    throw new moodle_exception('privatefilesupload');
-}
-
-if ($filearea !== 'draft') {
-    // Do not dare to allow more areas here!
-    throw new file_exception('error');
-}
-
 $fs = get_file_storage();
 
 $totalsize = 0;
@@ -129,12 +110,11 @@ foreach ($_FILES as $fieldname=>$uploaded_file) {
 
 $fs = get_file_storage();
 
-if ($filearea == 'draft' && $itemid <= 0) {
+if ($itemid <= 0) {
     $itemid = file_get_unused_draft_itemid();
 }
 
 // Get any existing file size limits.
-$maxareabytes = FILE_AREA_MAX_BYTES_UNLIMITED;
 $maxupload = get_user_max_upload_file_size($context, $CFG->maxbytes);
 
 // Check the size of this upload.
@@ -153,7 +133,7 @@ foreach ($files as $file) {
     $file_record->component = 'user';
     $file_record->contextid = $context->id;
     $file_record->userid    = $USER->id;
-    $file_record->filearea  = $filearea;
+    $file_record->filearea  = 'draft';
     $file_record->filename = $file->filename;
     $file_record->filepath  = $filepath;
     $file_record->itemid    = $itemid;