Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.0.x will end 8 May 2023 (12 months).
- Bug fixes for security issues in 4.0.x will end 13 November 2023 (18 months).
- PHP version: minimum PHP 7.3.0 Note: the minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is also supported.
/mod/url/ -> locallib.php (source)
Differences Between: [Versions 310 and 400] [Versions 311 and 400] [Versions 39 and 400] [Versions 400 and 401] [Versions 400 and 402] [Versions 400 and 403]
1 <?php 2 3 // This file is part of Moodle - http://moodle.org/ 4 // 5 // Moodle is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // Moodle is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License 16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 17 18 /** 19 * Private url module utility functions 20 * 21 * @package mod_url 22 * @copyright 2009 Petr Skoda {@link http://skodak.org} 23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 24 */ 25 26 defined('MOODLE_INTERNAL') || die; 27 28 require_once("$CFG->libdir/filelib.php"); 29 require_once("$CFG->libdir/resourcelib.php"); 30 require_once("$CFG->dirroot/mod/url/lib.php"); 31 32 /** 33 * This methods does weak url validation, we are looking for major problems only, 34 * no strict RFE validation. 35 * 36 * @param $url 37 * @return bool true is seems valid, false if definitely not valid URL 38 */ 39 function url_appears_valid_url($url) { 40 if (preg_match('/^(\/|https?:|ftp:)/i', $url)) { 41 // note: this is not exact validation, we look for severely malformed URLs only 42 return (bool) preg_match('/^[a-z]+:\/\/([^:@\s]+:[^@\s]+@)?[^ @]+(:[0-9]+)?(\/[^#]*)?(#.*)?$/i', $url); 43 } else { 44 return (bool)preg_match('/^[a-z]+:\/\/...*$/i', $url); 45 } 46 } 47 48 /** 49 * Fix common URL problems that we want teachers to see fixed 50 * the next time they edit the resource. 51 * 52 * This function does not include any XSS protection. 53 * 54 * @param string $url 55 * @return string 56 */ 57 function url_fix_submitted_url($url) { 58 // note: empty urls are prevented in form validation 59 $url = trim($url); 60 61 // remove encoded entities - we want the raw URI here 62 $url = html_entity_decode($url, ENT_QUOTES, 'UTF-8'); 63 64 if (!preg_match('|^[a-z]+:|i', $url) and !preg_match('|^/|', $url)) { 65 // invalid URI, try to fix it by making it normal URL, 66 // please note relative urls are not allowed, /xx/yy links are ok 67 $url = 'http://'.$url; 68 } 69 70 return $url; 71 } 72 73 /** 74 * Return full url with all extra parameters 75 * 76 * This function does not include any XSS protection. 77 * 78 * @param string $url 79 * @param object $cm 80 * @param object $course 81 * @param object $config 82 * @return string url with & encoded as & 83 */ 84 function url_get_full_url($url, $cm, $course, $config=null) { 85 86 $parameters = empty($url->parameters) ? [] : (array) unserialize_array($url->parameters); 87 88 // make sure there are no encoded entities, it is ok to do this twice 89 $fullurl = html_entity_decode($url->externalurl, ENT_QUOTES, 'UTF-8'); 90 91 $letters = '\pL'; 92 $latin = 'a-zA-Z'; 93 $digits = '0-9'; 94 $symbols = '\x{20E3}\x{00AE}\x{00A9}\x{203C}\x{2047}\x{2048}\x{2049}\x{3030}\x{303D}\x{2139}\x{2122}\x{3297}\x{3299}' . 95 '\x{2300}-\x{23FF}\x{2600}-\x{27BF}\x{2B00}-\x{2BF0}'; 96 $arabic = '\x{FE00}-\x{FEFF}'; 97 $math = '\x{2190}-\x{21FF}\x{2900}-\x{297F}'; 98 $othernumbers = '\x{2460}-\x{24FF}'; 99 $geometric = '\x{25A0}-\x{25FF}'; 100 $emojis = '\x{1F000}-\x{1F6FF}'; 101 102 if (preg_match('/^(\/|https?:|ftp:)/i', $fullurl) or preg_match('|^/|', $fullurl)) { 103 // encode extra chars in URLs - this does not make it always valid, but it helps with some UTF-8 problems 104 // Thanks to 💩.la emojis count as valid, too. 105 $allowed = "[" . $letters . $latin . $digits . $symbols . $arabic . $math . $othernumbers . $geometric . 106 $emojis . "]" . preg_quote(';/?:@=&$_.+!*(),-#%', '/'); 107 $fullurl = preg_replace_callback("/[^$allowed]/u", 'url_filter_callback', $fullurl); 108 } else { 109 // encode special chars only 110 $fullurl = str_replace('"', '%22', $fullurl); 111 $fullurl = str_replace('\'', '%27', $fullurl); 112 $fullurl = str_replace(' ', '%20', $fullurl); 113 $fullurl = str_replace('<', '%3C', $fullurl); 114 $fullurl = str_replace('>', '%3E', $fullurl); 115 } 116 117 // add variable url parameters 118 if (!empty($parameters)) { 119 if (!$config) { 120 $config = get_config('url'); 121 } 122 $paramvalues = url_get_variable_values($url, $cm, $course, $config); 123 124 foreach ($parameters as $parse=>$parameter) { 125 if (isset($paramvalues[$parameter])) { 126 $parameters[$parse] = rawurlencode($parse).'='.rawurlencode($paramvalues[$parameter]); 127 } else { 128 unset($parameters[$parse]); 129 } 130 } 131 132 if (!empty($parameters)) { 133 if (stripos($fullurl, 'teamspeak://') === 0) { 134 $fullurl = $fullurl.'?'.implode('?', $parameters); 135 } else { 136 $join = (strpos($fullurl, '?') === false) ? '?' : '&'; 137 $fullurl = $fullurl.$join.implode('&', $parameters); 138 } 139 } 140 } 141 142 // encode all & to & entity 143 $fullurl = str_replace('&', '&', $fullurl); 144 145 return $fullurl; 146 } 147 148 /** 149 * Unicode encoding helper callback 150 * @internal 151 * @param array $matches 152 * @return string 153 */ 154 function url_filter_callback($matches) { 155 return rawurlencode($matches[0]); 156 } 157 158 /** 159 * Print url header. 160 * @param object $url 161 * @param object $cm 162 * @param object $course 163 * @return void 164 */ 165 function url_print_header($url, $cm, $course) { 166 global $PAGE, $OUTPUT; 167 168 $PAGE->set_title($course->shortname.': '.$url->name); 169 $PAGE->set_heading($course->fullname); 170 $PAGE->set_activity_record($url); 171 echo $OUTPUT->header(); 172 } 173 174 /** 175 * Get url introduction. 176 * 177 * @param object $url 178 * @param object $cm 179 * @param bool $ignoresettings print even if not specified in modedit 180 * @return string 181 */ 182 function url_get_intro(object $url, object $cm, bool $ignoresettings = false): string { 183 $options = empty($url->displayoptions) ? [] : (array) unserialize_array($url->displayoptions); 184 if ($ignoresettings or !empty($options['printintro'])) { 185 if (trim(strip_tags($url->intro))) { 186 return format_module_intro('url', $url, $cm->id); 187 } 188 } 189 190 return ''; 191 } 192 193 /** 194 * Display url frames. 195 * @param object $url 196 * @param object $cm 197 * @param object $course 198 * @return does not return 199 */ 200 function url_display_frame($url, $cm, $course) { 201 global $PAGE, $OUTPUT, $CFG; 202 203 $frame = optional_param('frameset', 'main', PARAM_ALPHA); 204 205 if ($frame === 'top') { 206 $PAGE->set_pagelayout('frametop'); 207 $PAGE->activityheader->set_attrs([ 208 'description' => url_get_intro($url, $cm), 209 'title' => format_string($url->name) 210 ]); 211 url_print_header($url, $cm, $course); 212 echo $OUTPUT->footer(); 213 die; 214 215 } else { 216 $config = get_config('url'); 217 $context = context_module::instance($cm->id); 218 $exteurl = url_get_full_url($url, $cm, $course, $config); 219 $navurl = "$CFG->wwwroot/mod/url/view.php?id=$cm->id&frameset=top"; 220 $coursecontext = context_course::instance($course->id); 221 $courseshortname = format_string($course->shortname, true, array('context' => $coursecontext)); 222 $title = strip_tags($courseshortname.': '.format_string($url->name)); 223 $framesize = $config->framesize; 224 $modulename = s(get_string('modulename','url')); 225 $contentframetitle = s(format_string($url->name)); 226 $dir = get_string('thisdirection', 'langconfig'); 227 228 $extframe = <<<EOF 229 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> 230 <html dir="$dir"> 231 <head> 232 <meta http-equiv="content-type" content="text/html; charset=utf-8" /> 233 <title>$title</title> 234 </head> 235 <frameset rows="$framesize,*"> 236 <frame src="$navurl" title="$modulename"/> 237 <frame src="$exteurl" title="$contentframetitle"/> 238 </frameset> 239 </html> 240 EOF; 241 242 @header('Content-Type: text/html; charset=utf-8'); 243 echo $extframe; 244 die; 245 } 246 } 247 248 /** 249 * Print url info and link. 250 * @param object $url 251 * @param object $cm 252 * @param object $course 253 * @return does not return 254 */ 255 function url_print_workaround($url, $cm, $course) { 256 global $OUTPUT, $PAGE, $USER; 257 258 $PAGE->activityheader->set_description(url_get_intro($url, $cm, true)); 259 url_print_header($url, $cm, $course); 260 261 $fullurl = url_get_full_url($url, $cm, $course); 262 263 $display = url_get_final_display_type($url); 264 if ($display == RESOURCELIB_DISPLAY_POPUP) { 265 $jsfullurl = addslashes_js($fullurl); 266 $options = empty($url->displayoptions) ? [] : (array) unserialize_array($url->displayoptions); 267 $width = empty($options['popupwidth']) ? 620 : $options['popupwidth']; 268 $height = empty($options['popupheight']) ? 450 : $options['popupheight']; 269 $wh = "width=$width,height=$height,toolbar=no,location=no,menubar=no,copyhistory=no,status=no,directories=no,scrollbars=yes,resizable=yes"; 270 $extra = "onclick=\"window.open('$jsfullurl', '', '$wh'); return false;\""; 271 272 } else if ($display == RESOURCELIB_DISPLAY_NEW) { 273 $extra = "onclick=\"this.target='_blank';\""; 274 275 } else { 276 $extra = ''; 277 } 278 279 echo '<div class="urlworkaround">'; 280 print_string('clicktoopen', 'url', "<a href=\"$fullurl\" $extra>$fullurl</a>"); 281 echo '</div>'; 282 283 echo $OUTPUT->footer(); 284 die; 285 } 286 287 /** 288 * Display embedded url file. 289 * @param object $url 290 * @param object $cm 291 * @param object $course 292 * @return does not return 293 */ 294 function url_display_embed($url, $cm, $course) { 295 global $PAGE, $OUTPUT; 296 297 $mimetype = resourcelib_guess_url_mimetype($url->externalurl); 298 $fullurl = url_get_full_url($url, $cm, $course); 299 $title = $url->name; 300 301 $link = html_writer::tag('a', $fullurl, array('href'=>str_replace('&', '&', $fullurl))); 302 $clicktoopen = get_string('clicktoopen', 'url', $link); 303 $moodleurl = new moodle_url($fullurl); 304 305 $extension = resourcelib_get_extension($url->externalurl); 306 307 $mediamanager = core_media_manager::instance($PAGE); 308 $embedoptions = array( 309 core_media_manager::OPTION_TRUSTED => true, 310 core_media_manager::OPTION_BLOCK => true 311 ); 312 313 if (in_array($mimetype, array('image/gif','image/jpeg','image/png'))) { // It's an image 314 $code = resourcelib_embed_image($fullurl, $title); 315 316 } else if ($mediamanager->can_embed_url($moodleurl, $embedoptions)) { 317 // Media (audio/video) file. 318 $code = $mediamanager->embed_url($moodleurl, $title, 0, 0, $embedoptions); 319 320 } else { 321 // anything else - just try object tag enlarged as much as possible 322 $code = resourcelib_embed_general($fullurl, $title, $clicktoopen, $mimetype); 323 } 324 325 $PAGE->activityheader->set_description(url_get_intro($url, $cm)); 326 url_print_header($url, $cm, $course); 327 328 echo $code; 329 330 echo $OUTPUT->footer(); 331 die; 332 } 333 334 /** 335 * Decide the best display format. 336 * @param object $url 337 * @return int display type constant 338 */ 339 function url_get_final_display_type($url) { 340 global $CFG; 341 342 if ($url->display != RESOURCELIB_DISPLAY_AUTO) { 343 return $url->display; 344 } 345 346 // detect links to local moodle pages 347 if (strpos($url->externalurl, $CFG->wwwroot) === 0) { 348 if (strpos($url->externalurl, 'file.php') === false and strpos($url->externalurl, '.php') !== false ) { 349 // most probably our moodle page with navigation 350 return RESOURCELIB_DISPLAY_OPEN; 351 } 352 } 353 354 // Binaries and other formats that are known to cause trouble for external links. 355 static $download = ['application/zip', 'application/x-tar', 'application/g-zip', 356 'application/pdf', 'text/html', 'document/unknown']; 357 static $embed = array('image/gif', 'image/jpeg', 'image/png', 'image/svg+xml', // images 358 'application/x-shockwave-flash', 'video/x-flv', 'video/x-ms-wm', // video formats 359 'video/quicktime', 'video/mpeg', 'video/mp4', 360 'audio/mp3', 'audio/x-realaudio-plugin', 'x-realaudio-plugin', // audio formats, 361 ); 362 363 $mimetype = resourcelib_guess_url_mimetype($url->externalurl); 364 365 if (in_array($mimetype, $download)) { 366 return RESOURCELIB_DISPLAY_DOWNLOAD; 367 } 368 if (in_array($mimetype, $embed)) { 369 return RESOURCELIB_DISPLAY_EMBED; 370 } 371 372 // let the browser deal with it somehow 373 return RESOURCELIB_DISPLAY_OPEN; 374 } 375 376 /** 377 * Get the parameters that may be appended to URL 378 * @param object $config url module config options 379 * @return array array describing opt groups 380 */ 381 function url_get_variable_options($config) { 382 global $CFG; 383 384 $options = array(); 385 $options[''] = array('' => get_string('chooseavariable', 'url')); 386 387 $options[get_string('course')] = array( 388 'courseid' => 'id', 389 'coursefullname' => get_string('fullnamecourse'), 390 'courseshortname' => get_string('shortnamecourse'), 391 'courseidnumber' => get_string('idnumbercourse'), 392 'coursesummary' => get_string('summary'), 393 'courseformat' => get_string('format'), 394 ); 395 396 $options[get_string('modulename', 'url')] = array( 397 'urlinstance' => 'id', 398 'urlcmid' => 'cmid', 399 'urlname' => get_string('name'), 400 'urlidnumber' => get_string('idnumbermod'), 401 ); 402 403 $options[get_string('miscellaneous')] = array( 404 'sitename' => get_string('fullsitename'), 405 'serverurl' => get_string('serverurl', 'url'), 406 'currenttime' => get_string('time'), 407 'lang' => get_string('language'), 408 ); 409 if (!empty($config->secretphrase)) { 410 $options[get_string('miscellaneous')]['encryptedcode'] = get_string('encryptedcode'); 411 } 412 413 $options[get_string('user')] = array( 414 'userid' => 'id', 415 'userusername' => get_string('username'), 416 'useridnumber' => get_string('idnumber'), 417 'userfirstname' => get_string('firstname'), 418 'userlastname' => get_string('lastname'), 419 'userfullname' => get_string('fullnameuser'), 420 'useremail' => get_string('email'), 421 'userphone1' => get_string('phone1'), 422 'userphone2' => get_string('phone2'), 423 'userinstitution' => get_string('institution'), 424 'userdepartment' => get_string('department'), 425 'useraddress' => get_string('address'), 426 'usercity' => get_string('city'), 427 'usertimezone' => get_string('timezone'), 428 ); 429 430 if ($config->rolesinparams) { 431 $roles = role_fix_names(get_all_roles()); 432 $roleoptions = array(); 433 foreach ($roles as $role) { 434 $roleoptions['course'.$role->shortname] = get_string('yourwordforx', '', $role->localname); 435 } 436 $options[get_string('roles')] = $roleoptions; 437 } 438 439 return $options; 440 } 441 442 /** 443 * Get the parameter values that may be appended to URL 444 * @param object $url module instance 445 * @param object $cm 446 * @param object $course 447 * @param object $config module config options 448 * @return array of parameter values 449 */ 450 function url_get_variable_values($url, $cm, $course, $config) { 451 global $USER, $CFG; 452 453 $site = get_site(); 454 455 $coursecontext = context_course::instance($course->id); 456 457 $values = array ( 458 'courseid' => $course->id, 459 'coursefullname' => format_string($course->fullname, true, array('context' => $coursecontext)), 460 'courseshortname' => format_string($course->shortname, true, array('context' => $coursecontext)), 461 'courseidnumber' => $course->idnumber, 462 'coursesummary' => $course->summary, 463 'courseformat' => $course->format, 464 'lang' => current_language(), 465 'sitename' => format_string($site->fullname, true, array('context' => $coursecontext)), 466 'serverurl' => $CFG->wwwroot, 467 'currenttime' => time(), 468 'urlinstance' => $url->id, 469 'urlcmid' => $cm->id, 470 'urlname' => format_string($url->name, true, array('context' => $coursecontext)), 471 'urlidnumber' => $cm->idnumber, 472 ); 473 474 if (isloggedin()) { 475 $values['userid'] = $USER->id; 476 $values['userusername'] = $USER->username; 477 $values['useridnumber'] = $USER->idnumber; 478 $values['userfirstname'] = $USER->firstname; 479 $values['userlastname'] = $USER->lastname; 480 $values['userfullname'] = fullname($USER); 481 $values['useremail'] = $USER->email; 482 $values['userphone1'] = $USER->phone1; 483 $values['userphone2'] = $USER->phone2; 484 $values['userinstitution'] = $USER->institution; 485 $values['userdepartment'] = $USER->department; 486 $values['useraddress'] = $USER->address; 487 $values['usercity'] = $USER->city; 488 $now = new DateTime('now', core_date::get_user_timezone_object()); 489 $values['usertimezone'] = $now->getOffset() / 3600.0; // Value in hours for BC. 490 } 491 492 // weak imitation of Single-Sign-On, for backwards compatibility only 493 // NOTE: login hack is not included in 2.0 any more, new contrib auth plugin 494 // needs to be createed if somebody needs the old functionality! 495 if (!empty($config->secretphrase)) { 496 $values['encryptedcode'] = url_get_encrypted_parameter($url, $config); 497 } 498 499 //hmm, this is pretty fragile and slow, why do we need it here?? 500 if ($config->rolesinparams) { 501 $coursecontext = context_course::instance($course->id); 502 $roles = role_fix_names(get_all_roles($coursecontext), $coursecontext, ROLENAME_ALIAS); 503 foreach ($roles as $role) { 504 $values['course'.$role->shortname] = $role->localname; 505 } 506 } 507 508 return $values; 509 } 510 511 /** 512 * BC internal function 513 * @param object $url 514 * @param object $config 515 * @return string 516 */ 517 function url_get_encrypted_parameter($url, $config) { 518 global $CFG; 519 520 if (file_exists("$CFG->dirroot/local/externserverfile.php")) { 521 require_once("$CFG->dirroot/local/externserverfile.php"); 522 if (function_exists('extern_server_file')) { 523 return extern_server_file($url, $config); 524 } 525 } 526 return md5(getremoteaddr().$config->secretphrase); 527 } 528 529 /** 530 * Optimised mimetype detection from general URL 531 * @param $fullurl 532 * @param int $size of the icon. 533 * @return string|null mimetype or null when the filetype is not relevant. 534 */ 535 function url_guess_icon($fullurl, $size = null) { 536 global $CFG; 537 require_once("$CFG->libdir/filelib.php"); 538 539 if (substr_count($fullurl, '/') < 3 or substr($fullurl, -1) === '/') { 540 // Most probably default directory - index.php, index.html, etc. Return null because 541 // we want to use the default module icon instead of the HTML file icon. 542 return null; 543 } 544 545 try { 546 // There can be some cases where the url is invalid making parse_url() to return false. 547 // That will make moodle_url class to throw an exception, so we need to catch the exception to prevent errors. 548 $moodleurl = new moodle_url($fullurl); 549 $fullurl = $moodleurl->out_omit_querystring(); 550 } catch (\moodle_exception $e) { 551 // If an exception is thrown, means the url is invalid. No need to log exception. 552 return null; 553 } 554 555 $icon = file_extension_icon($fullurl, $size); 556 $htmlicon = file_extension_icon('.htm', $size); 557 $unknownicon = file_extension_icon('', $size); 558 $phpicon = file_extension_icon('.php', $size); // Exception for php files. 559 560 // We do not want to return those icon types, the module icon is more appropriate. 561 if ($icon === $unknownicon || $icon === $htmlicon || $icon === $phpicon) { 562 return null; 563 } 564 565 return $icon; 566 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
