Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
- Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
- PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
/repository/upload/ -> lib.php (source)
Differences Between: [Versions 310 and 400] [Versions 310 and 401] [Versions 310 and 402] [Versions 310 and 403]
1 <?php 2 3 // This file is part of Moodle - http://moodle.org/ 4 // 5 // Moodle is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // Moodle is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License 16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 17 18 /** 19 * This plugin is used to upload files 20 * 21 * @since Moodle 2.0 22 * @package repository_upload 23 * @copyright 2010 Dongsheng Cai {@link http://dongsheng.org} 24 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 25 */ 26 require_once($CFG->dirroot . '/repository/lib.php'); 27 28 /** 29 * A repository plugin to allow user uploading files 30 * 31 * @since Moodle 2.0 32 * @package repository_upload 33 * @copyright 2009 Dongsheng Cai {@link http://dongsheng.org} 34 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 35 */ 36 37 class repository_upload extends repository { 38 private $mimetypes = array(); 39 40 /** 41 * Print a upload form 42 * @return array 43 */ 44 public function print_login() { 45 return $this->get_listing(); 46 } 47 48 /** 49 * Process uploaded file 50 * @return array|bool 51 */ 52 public function upload($saveas_filename, $maxbytes) { 53 global $CFG; 54 55 $types = optional_param_array('accepted_types', '*', PARAM_RAW); 56 $savepath = optional_param('savepath', '/', PARAM_PATH); 57 $itemid = optional_param('itemid', 0, PARAM_INT); 58 $license = optional_param('license', $CFG->sitedefaultlicense, PARAM_TEXT); 59 $author = optional_param('author', '', PARAM_TEXT); 60 $areamaxbytes = optional_param('areamaxbytes', FILE_AREA_MAX_BYTES_UNLIMITED, PARAM_INT); 61 $overwriteexisting = optional_param('overwrite', false, PARAM_BOOL); 62 63 return $this->process_upload($saveas_filename, $maxbytes, $types, $savepath, $itemid, $license, $author, $overwriteexisting, $areamaxbytes); 64 } 65 66 /** 67 * Do the actual processing of the uploaded file 68 * @param string $saveas_filename name to give to the file 69 * @param int $maxbytes maximum file size 70 * @param mixed $types optional array of file extensions that are allowed or '*' for all 71 * @param string $savepath optional path to save the file to 72 * @param int $itemid optional the ID for this item within the file area 73 * @param string $license optional the license to use for this file 74 * @param string $author optional the name of the author of this file 75 * @param bool $overwriteexisting optional user has asked to overwrite the existing file 76 * @param int $areamaxbytes maximum size of the file area. 77 * @return object containing details of the file uploaded 78 */ 79 public function process_upload($saveas_filename, $maxbytes, $types = '*', $savepath = '/', $itemid = 0, 80 $license = null, $author = '', $overwriteexisting = false, $areamaxbytes = FILE_AREA_MAX_BYTES_UNLIMITED) { 81 global $USER, $CFG; 82 83 if ((is_array($types) and in_array('*', $types)) or $types == '*') { 84 $this->mimetypes = '*'; 85 } else { 86 foreach ($types as $type) { 87 $this->mimetypes[] = mimeinfo('type', $type); 88 } 89 } 90 91 if ($license == null) { 92 $license = $CFG->sitedefaultlicense; 93 } 94 95 $record = new stdClass(); 96 $record->filearea = 'draft'; 97 $record->component = 'user'; 98 $record->filepath = $savepath; 99 $record->itemid = $itemid; 100 $record->license = $license; 101 $record->author = $author; 102 103 $context = context_user::instance($USER->id); 104 $elname = 'repo_upload_file'; 105 106 $fs = get_file_storage(); 107 $sm = get_string_manager(); 108 109 if ($record->filepath !== '/') { 110 $record->filepath = file_correct_filepath($record->filepath); 111 } 112 113 if (!isset($_FILES[$elname])) { 114 throw new moodle_exception('nofile'); 115 } 116 if (!empty($_FILES[$elname]['error'])) { 117 switch ($_FILES[$elname]['error']) { 118 case UPLOAD_ERR_INI_SIZE: 119 throw new moodle_exception('upload_error_ini_size', 'repository_upload'); 120 break; 121 case UPLOAD_ERR_FORM_SIZE: 122 throw new moodle_exception('upload_error_form_size', 'repository_upload'); 123 break; 124 case UPLOAD_ERR_PARTIAL: 125 throw new moodle_exception('upload_error_partial', 'repository_upload'); 126 break; 127 case UPLOAD_ERR_NO_FILE: 128 throw new moodle_exception('upload_error_no_file', 'repository_upload'); 129 break; 130 case UPLOAD_ERR_NO_TMP_DIR: 131 throw new moodle_exception('upload_error_no_tmp_dir', 'repository_upload'); 132 break; 133 case UPLOAD_ERR_CANT_WRITE: 134 throw new moodle_exception('upload_error_cant_write', 'repository_upload'); 135 break; 136 case UPLOAD_ERR_EXTENSION: 137 throw new moodle_exception('upload_error_extension', 'repository_upload'); 138 break; 139 default: 140 throw new moodle_exception('nofile'); 141 } 142 } 143 144 \core\antivirus\manager::scan_file($_FILES[$elname]['tmp_name'], $_FILES[$elname]['name'], true); 145 146 // {@link repository::build_source_field()} 147 $sourcefield = $this->get_file_source_info($_FILES[$elname]['name']); 148 $record->source = self::build_source_field($sourcefield); 149 150 if (empty($saveas_filename)) { 151 $record->filename = clean_param($_FILES[$elname]['name'], PARAM_FILE); 152 } else { 153 $ext = ''; 154 $match = array(); 155 $filename = clean_param($_FILES[$elname]['name'], PARAM_FILE); 156 if (strpos($filename, '.') === false) { 157 // File has no extension at all - do not add a dot. 158 $record->filename = $saveas_filename; 159 } else { 160 if (preg_match('/\.([a-z0-9]+)$/i', $filename, $match)) { 161 if (isset($match[1])) { 162 $ext = $match[1]; 163 } 164 } 165 $ext = !empty($ext) ? $ext : ''; 166 if (preg_match('#\.(' . $ext . ')$#i', $saveas_filename)) { 167 // saveas filename contains file extension already 168 $record->filename = $saveas_filename; 169 } else { 170 $record->filename = $saveas_filename . '.' . $ext; 171 } 172 } 173 } 174 175 // Check the file has some non-null contents - usually an indication that a user has 176 // tried to upload a folder by mistake 177 if (!$this->check_valid_contents($_FILES[$elname]['tmp_name'])) { 178 throw new moodle_exception('upload_error_invalid_file', 'repository_upload', '', $record->filename); 179 } 180 181 if ($this->mimetypes != '*') { 182 // check filetype 183 $filemimetype = file_storage::mimetype($_FILES[$elname]['tmp_name'], $record->filename); 184 if (!in_array($filemimetype, $this->mimetypes)) { 185 throw new moodle_exception('invalidfiletype', 'repository', '', get_mimetype_description(array('filename' => $_FILES[$elname]['name']))); 186 } 187 } 188 189 if (empty($record->itemid)) { 190 $record->itemid = 0; 191 } 192 193 if (($maxbytes!==-1) && (filesize($_FILES[$elname]['tmp_name']) > $maxbytes)) { 194 $maxbytesdisplay = display_size($maxbytes); 195 throw new file_exception('maxbytesfile', (object) array('file' => $record->filename, 196 'size' => $maxbytesdisplay)); 197 } 198 199 if (file_is_draft_area_limit_reached($record->itemid, $areamaxbytes, filesize($_FILES[$elname]['tmp_name']))) { 200 throw new file_exception('maxareabytes'); 201 } 202 // Ensure the user does not upload too many draft files in a short period. 203 if (file_is_draft_areas_limit_reached($USER->id)) { 204 throw new file_exception('maxdraftitemids'); 205 } 206 207 $record->contextid = $context->id; 208 $record->userid = $USER->id; 209 210 if (repository::draftfile_exists($record->itemid, $record->filepath, $record->filename)) { 211 $existingfilename = $record->filename; 212 $unused_filename = repository::get_unused_filename($record->itemid, $record->filepath, $record->filename); 213 $record->filename = $unused_filename; 214 $stored_file = $fs->create_file_from_pathname($record, $_FILES[$elname]['tmp_name']); 215 if ($overwriteexisting) { 216 repository::overwrite_existing_draftfile($record->itemid, $record->filepath, $existingfilename, $record->filepath, $record->filename); 217 $record->filename = $existingfilename; 218 } else { 219 $event = array(); 220 $event['event'] = 'fileexists'; 221 $event['newfile'] = new stdClass; 222 $event['newfile']->filepath = $record->filepath; 223 $event['newfile']->filename = $unused_filename; 224 $event['newfile']->url = moodle_url::make_draftfile_url($record->itemid, $record->filepath, $unused_filename)->out(false); 225 226 $event['existingfile'] = new stdClass; 227 $event['existingfile']->filepath = $record->filepath; 228 $event['existingfile']->filename = $existingfilename; 229 $event['existingfile']->url = moodle_url::make_draftfile_url($record->itemid, $record->filepath, $existingfilename)->out(false); 230 return $event; 231 } 232 } else { 233 $stored_file = $fs->create_file_from_pathname($record, $_FILES[$elname]['tmp_name']); 234 } 235 236 return array( 237 'url'=>moodle_url::make_draftfile_url($record->itemid, $record->filepath, $record->filename)->out(false), 238 'id'=>$record->itemid, 239 'file'=>$record->filename); 240 } 241 242 243 /** 244 * Checks the contents of the given file is not completely NULL - this can happen if a 245 * user drags & drops a folder onto a filemanager / filepicker element 246 * @param string $filepath full path (including filename) to file to check 247 * @return true if file has at least one non-null byte within it 248 */ 249 protected function check_valid_contents($filepath) { 250 $buffersize = 4096; 251 252 $fp = fopen($filepath, 'r'); 253 if (!$fp) { 254 return false; // Cannot read the file - something has gone wrong 255 } 256 while (!feof($fp)) { 257 // Read the file 4k at a time 258 $data = fread($fp, $buffersize); 259 if (preg_match('/[^\0]+/', $data)) { 260 fclose($fp); 261 return true; // Return as soon as a non-null byte is found 262 } 263 } 264 // Entire file is NULL 265 fclose($fp); 266 return false; 267 } 268 269 /** 270 * Return a upload form 271 * @return array 272 */ 273 public function get_listing($path = '', $page = '') { 274 global $CFG; 275 $ret = array(); 276 $ret['nologin'] = true; 277 $ret['nosearch'] = true; 278 $ret['norefresh'] = true; 279 $ret['list'] = array(); 280 $ret['dynload'] = false; 281 $ret['upload'] = array('label'=>get_string('attachment', 'repository'), 'id'=>'repo-form'); 282 $ret['allowcaching'] = true; // indicates that result of get_listing() can be cached in filepicker.js 283 return $ret; 284 } 285 286 /** 287 * supported return types 288 * @return int 289 */ 290 public function supported_returntypes() { 291 return FILE_INTERNAL; 292 } 293 294 /** 295 * Is this repository accessing private data? 296 * 297 * @return bool 298 */ 299 public function contains_private_data() { 300 return false; 301 } 302 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
