Search moodle.org's
Developer Documentation


Long Term Support Release

  • Bug fixes for general core bugs in 3.9.x will end* 10 May 2021 (12 months).
  • Bug fixes for security issues in 3.9.x will end* 8 May 2023 (36 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
  • /lib/ -> javascript.php (source)
       1  <?php
       2  // This file is part of Moodle - http://moodle.org/
       3  //
       4  // Moodle is free software: you can redistribute it and/or modify
       5  // it under the terms of the GNU General Public License as published by
       6  // the Free Software Foundation, either version 3 of the License, or
       7  // (at your option) any later version.
       8  //
       9  // Moodle is distributed in the hope that it will be useful,
      10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
      11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      12  // GNU General Public License for more details.
      13  //
      14  // You should have received a copy of the GNU General Public License
      15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
      16  
      17  /**
      18   * This file is serving optimised JS
      19   *
      20   * @package    core_lib
      21   * @copyright  2010 Petr Skoda (skodak)
      22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
      23   */
      24  
      25  // disable moodle specific debug messages and any errors in output,
      26  // comment out when debugging or better look into error log!
      27  define('NO_DEBUG_DISPLAY', true);
      28  
      29  // we need just the values from config.php and minlib.php
      30  define('ABORT_AFTER_CONFIG', true);
      31  require('../config.php'); // this stops immediately at the beginning of lib/setup.php
      32  require_once("$CFG->dirroot/lib/jslib.php");
      33  
      34  if ($slashargument = min_get_slash_argument()) {
      35      $slashargument = ltrim($slashargument, '/');
      36      if (substr_count($slashargument, '/') < 1) {
      37          header('HTTP/1.0 404 not found');
      38          die('Slash argument must contain both a revision and a file path');
      39      }
      40      // image must be last because it may contain "/"
      41      list($rev, $file) = explode('/', $slashargument, 2);
      42      $rev  = min_clean_param($rev, 'INT');
      43      $file = '/'.min_clean_param($file, 'SAFEPATH');
      44  
      45  } else {
      46      $rev  = min_optional_param('rev', -1, 'INT');
      47      $file = min_optional_param('jsfile', '', 'RAW'); // 'file' would collide with URL rewriting!
      48  }
      49  
      50  // some security first - pick only files with .js extension in dirroot
      51  $jsfiles = array();
      52  $files = explode(',', $file);
      53  foreach ($files as $fsfile) {
      54      $jsfile = realpath($CFG->dirroot.$fsfile);
      55      if ($jsfile === false) {
      56          // does not exist
      57          continue;
      58      }
      59      if ($CFG->dirroot === '/') {
      60          // Some shared hosting sites serve files directly from '/',
      61          // this is NOT supported, but at least allow JS when showing
      62          // errors and warnings.
      63      } else if (strpos($jsfile, $CFG->dirroot . DIRECTORY_SEPARATOR) !== 0) {
      64          // hackers - not in dirroot
      65          continue;
      66      }
      67      if (substr($jsfile, -3) !== '.js') {
      68          // hackers - not a JS file
      69          continue;
      70      }
      71      $jsfiles[] = $jsfile;
      72  }
      73  
      74  if (!$jsfiles) {
      75      // bad luck - no valid files
      76      header('HTTP/1.0 404 not found');
      77      die('No valid javascript files found');
      78  }
      79  
      80  $etag = sha1($rev.implode(',', $jsfiles));
      81  
      82  // Use the caching only for meaningful revision numbers which prevents future cache poisoning.
      83  if ($rev > 0 and $rev < (time() + 60*60)) {
      84      $candidate = $CFG->localcachedir.'/js/'.$etag;
      85  
      86      if (file_exists($candidate)) {
      87          if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) || !empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
      88              // we do not actually need to verify the etag value because our files
      89              // never change in cache because we increment the rev parameter
      90              js_send_unmodified(filemtime($candidate), $etag);
      91          }
      92          js_send_cached($candidate, $etag);
      93  
      94      } else {
      95          // The JS needs minfifying, so we're gonna have to load our full Moodle
      96          // environment to process it..
      97          define('ABORT_AFTER_CONFIG_CANCEL', true);
      98  
      99          define('NO_MOODLE_COOKIES', true); // Session not used here.
     100          define('NO_UPGRADE_CHECK', true);  // Ignore upgrade check.
     101  
     102          require("$CFG->dirroot/lib/setup.php");
     103  
     104          js_write_cache_file_content($candidate, core_minify::js_files($jsfiles));
     105          // verify nothing failed in cache file creation
     106          clearstatcache();
     107          if (file_exists($candidate)) {
     108              js_send_cached($candidate, $etag);
     109          }
     110      }
     111  }
     112  
     113  $content = '';
     114  foreach ($jsfiles as $jsfile) {
     115      $content .= file_get_contents($jsfile)."\n";
     116  }
     117  js_send_uncached($content);
    

    Search This Site: