Differences Between: [Versions 311 and 401] [Versions 311 and 402] [Versions 311 and 403]
1 <?php 2 3 // This file is part of Moodle - http://moodle.org/ 4 // 5 // Moodle is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // Moodle is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License 16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 17 18 /** 19 * This script serves draft files of current user 20 * 21 * @package core 22 * @subpackage file 23 * @copyright 2008 Petr Skoda (http://skodak.org) 24 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 25 */ 26 27 // disable moodle specific debug messages and any errors in output 28 define('NO_DEBUG_DISPLAY', true); 29 30 require_once('config.php'); 31 require_once ('lib/filelib.php'); 32 33 require_login(); 34 if (isguestuser()) { 35 print_error('noguest'); 36 } 37 38 $relativepath = get_file_argument(); 39 $preview = optional_param('preview', null, PARAM_ALPHANUM); 40 41 // relative path must start with '/' 42 if (!$relativepath) { 43 print_error('invalidargorconf'); 44 } else if ($relativepath[0] != '/') { 45 print_error('pathdoesnotstartslash'); 46 } 47 48 // extract relative path components 49 $args = explode('/', ltrim($relativepath, '/')); 50 51 if (count($args) == 0) { // always at least user id 52 print_error('invalidarguments'); 53 } 54 55 $contextid = (int)array_shift($args); 56 $component = array_shift($args); 57 $filearea = array_shift($args); 58 $draftid = (int)array_shift($args); 59 60 if ($component !== 'user' or $filearea !== 'draft') { 61 send_file_not_found(); 62 } 63 64 $context = context::instance_by_id($contextid); 65 if ($context->contextlevel != CONTEXT_USER) { 66 send_file_not_found(); 67 } 68 69 $userid = $context->instanceid; 70 if ($USER->id != $userid) { 71 print_error('invaliduserid'); 72 } 73 74 75 $fs = get_file_storage(); 76 77 $relativepath = implode('/', $args); 78 $fullpath = "/$context->id/user/draft/$draftid/$relativepath"; 79 80 if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') { 81 send_file_not_found(); 82 } 83 84 // ======================================== 85 // finally send the file 86 // ======================================== 87 \core\session\manager::write_close(); // Unlock session during file serving. 88 send_stored_file($file, 0, false, true, array('preview' => $preview)); // force download - security first!
title
Description
Body
title
Description
Body
title
Description
Body
title
Body