Search moodle.org's
Developer Documentation
Developer Documentation
See Release Notes
Long Term Support Release
- Bug fixes for general core bugs in 3.9.x will end* 10 May 2021 (12 months).
- Bug fixes for security issues in 3.9.x will end* 8 May 2023 (36 months).
- PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
/mod/url/ -> locallib.php (source)
Differences Between: [Versions 39 and 310] [Versions 39 and 311] [Versions 39 and 400] [Versions 39 and 401] [Versions 39 and 402] [Versions 39 and 403]
1 <?php 2 3 // This file is part of Moodle - http://moodle.org/ 4 // 5 // Moodle is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // Moodle is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License 16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 17 18 /** 19 * Private url module utility functions 20 * 21 * @package mod_url 22 * @copyright 2009 Petr Skoda {@link http://skodak.org} 23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 24 */ 25 26 defined('MOODLE_INTERNAL') || die; 27 28 require_once("$CFG->libdir/filelib.php"); 29 require_once("$CFG->libdir/resourcelib.php"); 30 require_once("$CFG->dirroot/mod/url/lib.php"); 31 32 /** 33 * This methods does weak url validation, we are looking for major problems only, 34 * no strict RFE validation. 35 * 36 * @param $url 37 * @return bool true is seems valid, false if definitely not valid URL 38 */ 39 function url_appears_valid_url($url) { 40 if (preg_match('/^(\/|https?:|ftp:)/i', $url)) { 41 // note: this is not exact validation, we look for severely malformed URLs only 42 return (bool) preg_match('/^[a-z]+:\/\/([^:@\s]+:[^@\s]+@)?[^ @]+(:[0-9]+)?(\/[^#]*)?(#.*)?$/i', $url); 43 } else { 44 return (bool)preg_match('/^[a-z]+:\/\/...*$/i', $url); 45 } 46 } 47 48 /** 49 * Fix common URL problems that we want teachers to see fixed 50 * the next time they edit the resource. 51 * 52 * This function does not include any XSS protection. 53 * 54 * @param string $url 55 * @return string 56 */ 57 function url_fix_submitted_url($url) { 58 // note: empty urls are prevented in form validation 59 $url = trim($url); 60 61 // remove encoded entities - we want the raw URI here 62 $url = html_entity_decode($url, ENT_QUOTES, 'UTF-8'); 63 64 if (!preg_match('|^[a-z]+:|i', $url) and !preg_match('|^/|', $url)) { 65 // invalid URI, try to fix it by making it normal URL, 66 // please note relative urls are not allowed, /xx/yy links are ok 67 $url = 'http://'.$url; 68 } 69 70 return $url; 71 } 72 73 /** 74 * Return full url with all extra parameters 75 * 76 * This function does not include any XSS protection. 77 * 78 * @param string $url 79 * @param object $cm 80 * @param object $course 81 * @param object $config 82 * @return string url with & encoded as & 83 */ 84 function url_get_full_url($url, $cm, $course, $config=null) { 85 86 $parameters = empty($url->parameters) ? [] : (array) unserialize_array($url->parameters); 87 88 // make sure there are no encoded entities, it is ok to do this twice 89 $fullurl = html_entity_decode($url->externalurl, ENT_QUOTES, 'UTF-8'); 90 91 $letters = '\pL'; 92 $latin = 'a-zA-Z'; 93 $digits = '0-9'; 94 $symbols = '\x{20E3}\x{00AE}\x{00A9}\x{203C}\x{2047}\x{2048}\x{2049}\x{3030}\x{303D}\x{2139}\x{2122}\x{3297}\x{3299}' . 95 '\x{2300}-\x{23FF}\x{2600}-\x{27BF}\x{2B00}-\x{2BF0}'; 96 $arabic = '\x{FE00}-\x{FEFF}'; 97 $math = '\x{2190}-\x{21FF}\x{2900}-\x{297F}'; 98 $othernumbers = '\x{2460}-\x{24FF}'; 99 $geometric = '\x{25A0}-\x{25FF}'; 100 $emojis = '\x{1F000}-\x{1F6FF}'; 101 102 if (preg_match('/^(\/|https?:|ftp:)/i', $fullurl) or preg_match('|^/|', $fullurl)) { 103 // encode extra chars in URLs - this does not make it always valid, but it helps with some UTF-8 problems 104 // Thanks to 💩.la emojis count as valid, too. 105 $allowed = "[" . $letters . $latin . $digits . $symbols . $arabic . $math . $othernumbers . $geometric . 106 $emojis . "]" . preg_quote(';/?:@=&$_.+!*(),-#%', '/'); 107 $fullurl = preg_replace_callback("/[^$allowed]/u", 'url_filter_callback', $fullurl); 108 } else { 109 // encode special chars only 110 $fullurl = str_replace('"', '%22', $fullurl); 111 $fullurl = str_replace('\'', '%27', $fullurl); 112 $fullurl = str_replace(' ', '%20', $fullurl); 113 $fullurl = str_replace('<', '%3C', $fullurl); 114 $fullurl = str_replace('>', '%3E', $fullurl); 115 } 116 117 // add variable url parameters 118 if (!empty($parameters)) { 119 if (!$config) { 120 $config = get_config('url'); 121 } 122 $paramvalues = url_get_variable_values($url, $cm, $course, $config); 123 124 foreach ($parameters as $parse=>$parameter) { 125 if (isset($paramvalues[$parameter])) { 126 $parameters[$parse] = rawurlencode($parse).'='.rawurlencode($paramvalues[$parameter]); 127 } else { 128 unset($parameters[$parse]); 129 } 130 } 131 132 if (!empty($parameters)) { 133 if (stripos($fullurl, 'teamspeak://') === 0) { 134 $fullurl = $fullurl.'?'.implode('?', $parameters); 135 } else { 136 $join = (strpos($fullurl, '?') === false) ? '?' : '&'; 137 $fullurl = $fullurl.$join.implode('&', $parameters); 138 } 139 } 140 } 141 142 // encode all & to & entity 143 $fullurl = str_replace('&', '&', $fullurl); 144 145 return $fullurl; 146 } 147 148 /** 149 * Unicode encoding helper callback 150 * @internal 151 * @param array $matches 152 * @return string 153 */ 154 function url_filter_callback($matches) { 155 return rawurlencode($matches[0]); 156 } 157 158 /** 159 * Print url header. 160 * @param object $url 161 * @param object $cm 162 * @param object $course 163 * @return void 164 */ 165 function url_print_header($url, $cm, $course) { 166 global $PAGE, $OUTPUT; 167 168 $PAGE->set_title($course->shortname.': '.$url->name); 169 $PAGE->set_heading($course->fullname); 170 $PAGE->set_activity_record($url); 171 echo $OUTPUT->header(); 172 } 173 174 /** 175 * Print url heading. 176 * @param object $url 177 * @param object $cm 178 * @param object $course 179 * @param bool $notused This variable is no longer used. 180 * @return void 181 */ 182 function url_print_heading($url, $cm, $course, $notused = false) { 183 global $OUTPUT; 184 echo $OUTPUT->heading(format_string($url->name), 2); 185 } 186 187 /** 188 * Print url introduction. 189 * @param object $url 190 * @param object $cm 191 * @param object $course 192 * @param bool $ignoresettings print even if not specified in modedit 193 * @return void 194 */ 195 function url_print_intro($url, $cm, $course, $ignoresettings=false) { 196 global $OUTPUT; 197 198 $options = empty($url->displayoptions) ? [] : (array) unserialize_array($url->displayoptions); 199 if ($ignoresettings or !empty($options['printintro'])) { 200 if (trim(strip_tags($url->intro))) { 201 echo $OUTPUT->box_start('mod_introbox', 'urlintro'); 202 echo format_module_intro('url', $url, $cm->id); 203 echo $OUTPUT->box_end(); 204 } 205 } 206 } 207 208 /** 209 * Display url frames. 210 * @param object $url 211 * @param object $cm 212 * @param object $course 213 * @return does not return 214 */ 215 function url_display_frame($url, $cm, $course) { 216 global $PAGE, $OUTPUT, $CFG; 217 218 $frame = optional_param('frameset', 'main', PARAM_ALPHA); 219 220 if ($frame === 'top') { 221 $PAGE->set_pagelayout('frametop'); 222 url_print_header($url, $cm, $course); 223 url_print_heading($url, $cm, $course); 224 url_print_intro($url, $cm, $course); 225 echo $OUTPUT->footer(); 226 die; 227 228 } else { 229 $config = get_config('url'); 230 $context = context_module::instance($cm->id); 231 $exteurl = url_get_full_url($url, $cm, $course, $config); 232 $navurl = "$CFG->wwwroot/mod/url/view.php?id=$cm->id&frameset=top"; 233 $coursecontext = context_course::instance($course->id); 234 $courseshortname = format_string($course->shortname, true, array('context' => $coursecontext)); 235 $title = strip_tags($courseshortname.': '.format_string($url->name)); 236 $framesize = $config->framesize; 237 $modulename = s(get_string('modulename','url')); 238 $contentframetitle = s(format_string($url->name)); 239 $dir = get_string('thisdirection', 'langconfig'); 240 241 $extframe = <<<EOF 242 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> 243 <html dir="$dir"> 244 <head> 245 <meta http-equiv="content-type" content="text/html; charset=utf-8" /> 246 <title>$title</title> 247 </head> 248 <frameset rows="$framesize,*"> 249 <frame src="$navurl" title="$modulename"/> 250 <frame src="$exteurl" title="$contentframetitle"/> 251 </frameset> 252 </html> 253 EOF; 254 255 @header('Content-Type: text/html; charset=utf-8'); 256 echo $extframe; 257 die; 258 } 259 } 260 261 /** 262 * Print url info and link. 263 * @param object $url 264 * @param object $cm 265 * @param object $course 266 * @return does not return 267 */ 268 function url_print_workaround($url, $cm, $course) { 269 global $OUTPUT; 270 271 url_print_header($url, $cm, $course); 272 url_print_heading($url, $cm, $course, true); 273 url_print_intro($url, $cm, $course, true); 274 275 $fullurl = url_get_full_url($url, $cm, $course); 276 277 $display = url_get_final_display_type($url); 278 if ($display == RESOURCELIB_DISPLAY_POPUP) { 279 $jsfullurl = addslashes_js($fullurl); 280 $options = empty($url->displayoptions) ? [] : (array) unserialize_array($url->displayoptions); 281 $width = empty($options['popupwidth']) ? 620 : $options['popupwidth']; 282 $height = empty($options['popupheight']) ? 450 : $options['popupheight']; 283 $wh = "width=$width,height=$height,toolbar=no,location=no,menubar=no,copyhistory=no,status=no,directories=no,scrollbars=yes,resizable=yes"; 284 $extra = "onclick=\"window.open('$jsfullurl', '', '$wh'); return false;\""; 285 286 } else if ($display == RESOURCELIB_DISPLAY_NEW) { 287 $extra = "onclick=\"this.target='_blank';\""; 288 289 } else { 290 $extra = ''; 291 } 292 293 echo '<div class="urlworkaround">'; 294 print_string('clicktoopen', 'url', "<a href=\"$fullurl\" $extra>$fullurl</a>"); 295 echo '</div>'; 296 297 echo $OUTPUT->footer(); 298 die; 299 } 300 301 /** 302 * Display embedded url file. 303 * @param object $url 304 * @param object $cm 305 * @param object $course 306 * @return does not return 307 */ 308 function url_display_embed($url, $cm, $course) { 309 global $CFG, $PAGE, $OUTPUT; 310 311 $mimetype = resourcelib_guess_url_mimetype($url->externalurl); 312 $fullurl = url_get_full_url($url, $cm, $course); 313 $title = $url->name; 314 315 $link = html_writer::tag('a', $fullurl, array('href'=>str_replace('&', '&', $fullurl))); 316 $clicktoopen = get_string('clicktoopen', 'url', $link); 317 $moodleurl = new moodle_url($fullurl); 318 319 $extension = resourcelib_get_extension($url->externalurl); 320 321 $mediamanager = core_media_manager::instance($PAGE); 322 $embedoptions = array( 323 core_media_manager::OPTION_TRUSTED => true, 324 core_media_manager::OPTION_BLOCK => true 325 ); 326 327 if (in_array($mimetype, array('image/gif','image/jpeg','image/png'))) { // It's an image 328 $code = resourcelib_embed_image($fullurl, $title); 329 330 } else if ($mediamanager->can_embed_url($moodleurl, $embedoptions)) { 331 // Media (audio/video) file. 332 $code = $mediamanager->embed_url($moodleurl, $title, 0, 0, $embedoptions); 333 334 } else { 335 // anything else - just try object tag enlarged as much as possible 336 $code = resourcelib_embed_general($fullurl, $title, $clicktoopen, $mimetype); 337 } 338 339 url_print_header($url, $cm, $course); 340 url_print_heading($url, $cm, $course); 341 342 echo $code; 343 344 url_print_intro($url, $cm, $course); 345 346 echo $OUTPUT->footer(); 347 die; 348 } 349 350 /** 351 * Decide the best display format. 352 * @param object $url 353 * @return int display type constant 354 */ 355 function url_get_final_display_type($url) { 356 global $CFG; 357 358 if ($url->display != RESOURCELIB_DISPLAY_AUTO) { 359 return $url->display; 360 } 361 362 // detect links to local moodle pages 363 if (strpos($url->externalurl, $CFG->wwwroot) === 0) { 364 if (strpos($url->externalurl, 'file.php') === false and strpos($url->externalurl, '.php') !== false ) { 365 // most probably our moodle page with navigation 366 return RESOURCELIB_DISPLAY_OPEN; 367 } 368 } 369 370 static $download = array('application/zip', 'application/x-tar', 'application/g-zip', // binary formats 371 'application/pdf', 'text/html'); // these are known to cause trouble for external links, sorry 372 static $embed = array('image/gif', 'image/jpeg', 'image/png', 'image/svg+xml', // images 373 'application/x-shockwave-flash', 'video/x-flv', 'video/x-ms-wm', // video formats 374 'video/quicktime', 'video/mpeg', 'video/mp4', 375 'audio/mp3', 'audio/x-realaudio-plugin', 'x-realaudio-plugin', // audio formats, 376 ); 377 378 $mimetype = resourcelib_guess_url_mimetype($url->externalurl); 379 380 if (in_array($mimetype, $download)) { 381 return RESOURCELIB_DISPLAY_DOWNLOAD; 382 } 383 if (in_array($mimetype, $embed)) { 384 return RESOURCELIB_DISPLAY_EMBED; 385 } 386 387 // let the browser deal with it somehow 388 return RESOURCELIB_DISPLAY_OPEN; 389 } 390 391 /** 392 * Get the parameters that may be appended to URL 393 * @param object $config url module config options 394 * @return array array describing opt groups 395 */ 396 function url_get_variable_options($config) { 397 global $CFG; 398 399 $options = array(); 400 $options[''] = array('' => get_string('chooseavariable', 'url')); 401 402 $options[get_string('course')] = array( 403 'courseid' => 'id', 404 'coursefullname' => get_string('fullnamecourse'), 405 'courseshortname' => get_string('shortnamecourse'), 406 'courseidnumber' => get_string('idnumbercourse'), 407 'coursesummary' => get_string('summary'), 408 'courseformat' => get_string('format'), 409 ); 410 411 $options[get_string('modulename', 'url')] = array( 412 'urlinstance' => 'id', 413 'urlcmid' => 'cmid', 414 'urlname' => get_string('name'), 415 'urlidnumber' => get_string('idnumbermod'), 416 ); 417 418 $options[get_string('miscellaneous')] = array( 419 'sitename' => get_string('fullsitename'), 420 'serverurl' => get_string('serverurl', 'url'), 421 'currenttime' => get_string('time'), 422 'lang' => get_string('language'), 423 ); 424 if (!empty($config->secretphrase)) { 425 $options[get_string('miscellaneous')]['encryptedcode'] = get_string('encryptedcode'); 426 } 427 428 $options[get_string('user')] = array( 429 'userid' => 'id', 430 'userusername' => get_string('username'), 431 'useridnumber' => get_string('idnumber'), 432 'userfirstname' => get_string('firstname'), 433 'userlastname' => get_string('lastname'), 434 'userfullname' => get_string('fullnameuser'), 435 'useremail' => get_string('email'), 436 'usericq' => get_string('icqnumber'), 437 'userphone1' => get_string('phone1'), 438 'userphone2' => get_string('phone2'), 439 'userinstitution' => get_string('institution'), 440 'userdepartment' => get_string('department'), 441 'useraddress' => get_string('address'), 442 'usercity' => get_string('city'), 443 'usertimezone' => get_string('timezone'), 444 'userurl' => get_string('webpage'), 445 ); 446 447 if ($config->rolesinparams) { 448 $roles = role_fix_names(get_all_roles()); 449 $roleoptions = array(); 450 foreach ($roles as $role) { 451 $roleoptions['course'.$role->shortname] = get_string('yourwordforx', '', $role->localname); 452 } 453 $options[get_string('roles')] = $roleoptions; 454 } 455 456 return $options; 457 } 458 459 /** 460 * Get the parameter values that may be appended to URL 461 * @param object $url module instance 462 * @param object $cm 463 * @param object $course 464 * @param object $config module config options 465 * @return array of parameter values 466 */ 467 function url_get_variable_values($url, $cm, $course, $config) { 468 global $USER, $CFG; 469 470 $site = get_site(); 471 472 $coursecontext = context_course::instance($course->id); 473 474 $values = array ( 475 'courseid' => $course->id, 476 'coursefullname' => format_string($course->fullname, true, array('context' => $coursecontext)), 477 'courseshortname' => format_string($course->shortname, true, array('context' => $coursecontext)), 478 'courseidnumber' => $course->idnumber, 479 'coursesummary' => $course->summary, 480 'courseformat' => $course->format, 481 'lang' => current_language(), 482 'sitename' => format_string($site->fullname, true, array('context' => $coursecontext)), 483 'serverurl' => $CFG->wwwroot, 484 'currenttime' => time(), 485 'urlinstance' => $url->id, 486 'urlcmid' => $cm->id, 487 'urlname' => format_string($url->name, true, array('context' => $coursecontext)), 488 'urlidnumber' => $cm->idnumber, 489 ); 490 491 if (isloggedin()) { 492 $values['userid'] = $USER->id; 493 $values['userusername'] = $USER->username; 494 $values['useridnumber'] = $USER->idnumber; 495 $values['userfirstname'] = $USER->firstname; 496 $values['userlastname'] = $USER->lastname; 497 $values['userfullname'] = fullname($USER); 498 $values['useremail'] = $USER->email; 499 $values['usericq'] = $USER->icq; 500 $values['userphone1'] = $USER->phone1; 501 $values['userphone2'] = $USER->phone2; 502 $values['userinstitution'] = $USER->institution; 503 $values['userdepartment'] = $USER->department; 504 $values['useraddress'] = $USER->address; 505 $values['usercity'] = $USER->city; 506 $now = new DateTime('now', core_date::get_user_timezone_object()); 507 $values['usertimezone'] = $now->getOffset() / 3600.0; // Value in hours for BC. 508 $values['userurl'] = $USER->url; 509 } 510 511 // weak imitation of Single-Sign-On, for backwards compatibility only 512 // NOTE: login hack is not included in 2.0 any more, new contrib auth plugin 513 // needs to be createed if somebody needs the old functionality! 514 if (!empty($config->secretphrase)) { 515 $values['encryptedcode'] = url_get_encrypted_parameter($url, $config); 516 } 517 518 //hmm, this is pretty fragile and slow, why do we need it here?? 519 if ($config->rolesinparams) { 520 $coursecontext = context_course::instance($course->id); 521 $roles = role_fix_names(get_all_roles($coursecontext), $coursecontext, ROLENAME_ALIAS); 522 foreach ($roles as $role) { 523 $values['course'.$role->shortname] = $role->localname; 524 } 525 } 526 527 return $values; 528 } 529 530 /** 531 * BC internal function 532 * @param object $url 533 * @param object $config 534 * @return string 535 */ 536 function url_get_encrypted_parameter($url, $config) { 537 global $CFG; 538 539 if (file_exists("$CFG->dirroot/local/externserverfile.php")) { 540 require_once("$CFG->dirroot/local/externserverfile.php"); 541 if (function_exists('extern_server_file')) { 542 return extern_server_file($url, $config); 543 } 544 } 545 return md5(getremoteaddr().$config->secretphrase); 546 } 547 548 /** 549 * Optimised mimetype detection from general URL 550 * @param $fullurl 551 * @param int $size of the icon. 552 * @return string|null mimetype or null when the filetype is not relevant. 553 */ 554 function url_guess_icon($fullurl, $size = null) { 555 global $CFG; 556 require_once("$CFG->libdir/filelib.php"); 557 558 if (substr_count($fullurl, '/') < 3 or substr($fullurl, -1) === '/') { 559 // Most probably default directory - index.php, index.html, etc. Return null because 560 // we want to use the default module icon instead of the HTML file icon. 561 return null; 562 } 563 564 $icon = file_extension_icon($fullurl, $size); 565 $htmlicon = file_extension_icon('.htm', $size); 566 $unknownicon = file_extension_icon('', $size); 567 568 // We do not want to return those icon types, the module icon is more appropriate. 569 if ($icon === $unknownicon || $icon === $htmlicon) { 570 return null; 571 } 572 573 return $icon; 574 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
