Search moodle.org's
Developer Documentation


  • Bug fixes for general core bugs in 3.7.x will end 11 May 2020 (12 months).
  • Bug fixes for security issues in 3.7.x will end 9 November 2020 (18 months).
  • minimum PHP 7.1.0 Note: minimum PHP version has increased since Moodle 3.6. PHP 7.2.x and 7.3.x are supported too. PHP 7.x could have some engine limitations.
  • / -> draftfile.php (source)
       1  <?php
       2  
       3  // This file is part of Moodle - http://moodle.org/
       4  //
       5  // Moodle is free software: you can redistribute it and/or modify
       6  // it under the terms of the GNU General Public License as published by
       7  // the Free Software Foundation, either version 3 of the License, or
       8  // (at your option) any later version.
       9  //
      10  // Moodle is distributed in the hope that it will be useful,
      11  // but WITHOUT ANY WARRANTY; without even the implied warranty of
      12  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      13  // GNU General Public License for more details.
      14  //
      15  // You should have received a copy of the GNU General Public License
      16  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
      17  
      18  /**
      19   * This script serves draft files of current user
      20   *
      21   * @package    core
      22   * @subpackage file
      23   * @copyright  2008 Petr Skoda (http://skodak.org)
      24   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
      25   */
      26  
      27  // disable moodle specific debug messages and any errors in output
      28  define('NO_DEBUG_DISPLAY', true);
      29  
      30  require_once('config.php');
      31  require_once ('lib/filelib.php');
      32  
      33  require_login();
      34  if (isguestuser()) {
      35      print_error('noguest');
      36  }
      37  
      38  $relativepath = get_file_argument();
      39  $preview = optional_param('preview', null, PARAM_ALPHANUM);
      40  
      41  // relative path must start with '/'
      42  if (!$relativepath) {
      43      print_error('invalidargorconf');
      44  } else if ($relativepath{0} != '/') {
      45      print_error('pathdoesnotstartslash');
      46  }
      47  
      48  // extract relative path components
      49  $args = explode('/', ltrim($relativepath, '/'));
      50  
      51  if (count($args) == 0) { // always at least user id
      52      print_error('invalidarguments');
      53  }
      54  
      55  $contextid = (int)array_shift($args);
      56  $component = array_shift($args);
      57  $filearea  = array_shift($args);
      58  $draftid   = (int)array_shift($args);
      59  
      60  if ($component !== 'user' or $filearea !== 'draft') {
      61      send_file_not_found();
      62  }
      63  
      64  $context = context::instance_by_id($contextid);
      65  if ($context->contextlevel != CONTEXT_USER) {
      66      send_file_not_found();
      67  }
      68  
      69  $userid = $context->instanceid;
      70  if ($USER->id != $userid) {
      71      print_error('invaliduserid');
      72  }
      73  
      74  
      75  $fs = get_file_storage();
      76  
      77  $relativepath = implode('/', $args);
      78  $fullpath = "/$context->id/user/draft/$draftid/$relativepath";
      79  
      80  if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') {
      81      send_file_not_found();
      82  }
      83  
      84  // ========================================
      85  // finally send the file
      86  // ========================================
      87  \core\session\manager::write_close(); // Unlock session during file serving.
      88  send_stored_file($file, 0, false, true, array('preview' => $preview)); // force download - security first!
    

    Search This Site: