mirror of
https://github.com/moodle/moodle.git
synced 2025-01-19 14:27:22 +01:00
c0f778a269
Now if the course is hidden or the activity is hidden, only teachers cand download the feed.
95 lines
2.9 KiB
PHP
95 lines
2.9 KiB
PHP
<?PHP //$Id
|
|
//This file returns the required rss feeds
|
|
//The URL format MUST include:
|
|
// course: the course id
|
|
// user: the user id
|
|
// name: the name of the module (forum...)
|
|
// id: the id (instance) of the module (forumid...)
|
|
//If the course has a password or it doesn't
|
|
//allow guest access then the user field is
|
|
//required to see that the user is enrolled
|
|
//in the course, else no check is performed.
|
|
//This allows to limit a bit the rss access
|
|
//to correct users. It isn't unbreakable,
|
|
//obviously, but its the best I've thought!!
|
|
|
|
require_once("../config.php");
|
|
require_once("$CFG->dirroot/files/mimetypes.php");
|
|
|
|
$allowed = true;
|
|
$error = false;
|
|
|
|
if (empty($CFG->filelifetime)) {
|
|
$CFG->filelifetime = 86400; /// Seconds for files to remain in caches
|
|
}
|
|
|
|
if (isset($file)) { // workaround for situations where / syntax doesn't work
|
|
$pathinfo = $file;
|
|
} else {
|
|
$pathinfo = get_slash_arguments("file.php");
|
|
}
|
|
|
|
if (!$pathinfo) {
|
|
$error = true;
|
|
}
|
|
|
|
$pathinfo = urldecode($pathinfo);
|
|
|
|
if (! $args = parse_slash_arguments($pathinfo)) {
|
|
$error = true;
|
|
}
|
|
|
|
$numargs = count($args);
|
|
if ($numargs < 5 or empty($args[1])) {
|
|
$error = true;
|
|
}
|
|
|
|
$courseid = (integer)$args[0];
|
|
$userid = (integer)$args[1];
|
|
$modulename = $args[2];
|
|
$instance = (integer)$args[3];
|
|
|
|
if (! $course = get_record("course", "id", $courseid)) {
|
|
$error = true;
|
|
}
|
|
|
|
//Get course_module to check it's visible
|
|
if (! $cm = get_coursemodule_from_instance($modulename,$instance,$courseid)) {
|
|
$error = true;
|
|
}
|
|
$cmvisible = $cm->visible;
|
|
|
|
$isstudent = isstudent($courseid,$userid);
|
|
$isteacher = isteacher($courseid,$userid);
|
|
|
|
//Check for "security" if !course->guest or course->password
|
|
if (!$course->guest || $course->password) {
|
|
$allowed = ($isstudent || $isteacher);
|
|
}
|
|
|
|
//Check for "security" if the course is hidden or the activity is hidden
|
|
if ($allowed && (!$course->visible || !$cmvisible)) {
|
|
$allowed = $isteacher;
|
|
}
|
|
|
|
$pathname = $CFG->dataroot."/rss/".$modulename."/".$instance.".xml";
|
|
$filename = $args[$numargs-1];
|
|
|
|
//If the file exists and its allowed for me, download it!
|
|
if (file_exists($pathname) && $allowed && !$error) {
|
|
$lastmodified = filemtime($pathname);
|
|
$mimetype = mimeinfo("type", $filename);
|
|
|
|
header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
|
|
header("Expires: " . gmdate("D, d M Y H:i:s", time() + $CFG->filelifetime) . " GMT");
|
|
header("Cache-control: max_age = $CFG->filelifetime");
|
|
header("Pragma: ");
|
|
header("Content-disposition: inline; filename=$filename");
|
|
|
|
header("Content-length: ".filesize($pathname));
|
|
header("Content-type: $mimetype");
|
|
readfile($pathname);
|
|
}
|
|
|
|
?>
|