Search moodle.org's
Developer Documentation
Developer Documentation
See Release Notes
Long Term Support Release
- Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
- Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
- PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
/repository/upload/ -> lib.php (source)
Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 400 and 401] [Versions 401 and 402] [Versions 401 and 403]
1 <?php 2 3 // This file is part of Moodle - http://moodle.org/ 4 // 5 // Moodle is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // Moodle is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License 16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 17 18 /** 19 * This plugin is used to upload files 20 * 21 * @since Moodle 2.0 22 * @package repository_upload 23 * @copyright 2010 Dongsheng Cai {@link http://dongsheng.org} 24 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 25 */ 26 require_once($CFG->dirroot . '/repository/lib.php'); 27 28 /** 29 * A repository plugin to allow user uploading files 30 * 31 * @since Moodle 2.0 32 * @package repository_upload 33 * @copyright 2009 Dongsheng Cai {@link http://dongsheng.org} 34 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 35 */ 36 37 class repository_upload extends repository { 38 private $mimetypes = array(); 39 40 /** 41 * Print a upload form 42 * @return array 43 */ 44 public function print_login() { 45 return $this->get_listing(); 46 } 47 48 /** 49 * Process uploaded file 50 * @return array|bool 51 */ 52 public function upload($saveas_filename, $maxbytes) { 53 global $CFG; 54 55 $types = optional_param_array('accepted_types', '*', PARAM_RAW); 56 $savepath = optional_param('savepath', '/', PARAM_PATH); 57 $itemid = optional_param('itemid', 0, PARAM_INT); 58 $license = optional_param('license', $CFG->sitedefaultlicense, PARAM_TEXT); 59 $author = optional_param('author', '', PARAM_TEXT); 60 $areamaxbytes = optional_param('areamaxbytes', FILE_AREA_MAX_BYTES_UNLIMITED, PARAM_INT); 61 $overwriteexisting = optional_param('overwrite', false, PARAM_BOOL); 62 63 return $this->process_upload($saveas_filename, $maxbytes, $types, $savepath, $itemid, $license, $author, $overwriteexisting, $areamaxbytes); 64 } 65 66 /** 67 * Do the actual processing of the uploaded file 68 * @param string $saveas_filename name to give to the file 69 * @param int $maxbytes maximum file size 70 * @param mixed $types optional array of file extensions that are allowed or '*' for all 71 * @param string $savepath optional path to save the file to 72 * @param int $itemid optional the ID for this item within the file area 73 * @param string $license optional the license to use for this file 74 * @param string $author optional the name of the author of this file 75 * @param bool $overwriteexisting optional user has asked to overwrite the existing file 76 * @param int $areamaxbytes maximum size of the file area. 77 * @return object containing details of the file uploaded 78 */ 79 public function process_upload($saveas_filename, $maxbytes, $types = '*', $savepath = '/', $itemid = 0, 80 $license = null, $author = '', $overwriteexisting = false, $areamaxbytes = FILE_AREA_MAX_BYTES_UNLIMITED) { 81 global $USER, $CFG; 82 83 \core\session\manager::write_close(); 84 85 if ((is_array($types) and in_array('*', $types)) or $types == '*') { 86 $this->mimetypes = '*'; 87 } else { 88 foreach ($types as $type) { 89 $this->mimetypes[] = mimeinfo('type', $type); 90 } 91 } 92 93 if ($license == null) { 94 $license = $CFG->sitedefaultlicense; 95 } 96 97 $record = new stdClass(); 98 $record->filearea = 'draft'; 99 $record->component = 'user'; 100 $record->filepath = $savepath; 101 $record->itemid = $itemid; 102 $record->license = $license; 103 $record->author = $author; 104 105 $context = context_user::instance($USER->id); 106 $elname = 'repo_upload_file'; 107 108 $fs = get_file_storage(); 109 $sm = get_string_manager(); 110 111 if ($record->filepath !== '/') { 112 $record->filepath = file_correct_filepath($record->filepath); 113 } 114 115 if (!isset($_FILES[$elname])) { 116 throw new moodle_exception('nofile'); 117 } 118 if (!empty($_FILES[$elname]['error'])) { 119 switch ($_FILES[$elname]['error']) { 120 case UPLOAD_ERR_INI_SIZE: 121 throw new moodle_exception('upload_error_ini_size', 'repository_upload'); 122 break; 123 case UPLOAD_ERR_FORM_SIZE: 124 throw new moodle_exception('upload_error_form_size', 'repository_upload'); 125 break; 126 case UPLOAD_ERR_PARTIAL: 127 throw new moodle_exception('upload_error_partial', 'repository_upload'); 128 break; 129 case UPLOAD_ERR_NO_FILE: 130 throw new moodle_exception('upload_error_no_file', 'repository_upload'); 131 break; 132 case UPLOAD_ERR_NO_TMP_DIR: 133 throw new moodle_exception('upload_error_no_tmp_dir', 'repository_upload'); 134 break; 135 case UPLOAD_ERR_CANT_WRITE: 136 throw new moodle_exception('upload_error_cant_write', 'repository_upload'); 137 break; 138 case UPLOAD_ERR_EXTENSION: 139 throw new moodle_exception('upload_error_extension', 'repository_upload'); 140 break; 141 default: 142 throw new moodle_exception('nofile'); 143 } 144 } 145 146 \core\antivirus\manager::scan_file($_FILES[$elname]['tmp_name'], $_FILES[$elname]['name'], true); 147 148 // {@link repository::build_source_field()} 149 $sourcefield = $this->get_file_source_info($_FILES[$elname]['name']); 150 $record->source = self::build_source_field($sourcefield); 151 152 if (empty($saveas_filename)) { 153 $record->filename = clean_param($_FILES[$elname]['name'], PARAM_FILE); 154 } else { 155 $ext = ''; 156 $match = array(); 157 $filename = clean_param($_FILES[$elname]['name'], PARAM_FILE); 158 if (strpos($filename, '.') === false) { 159 // File has no extension at all - do not add a dot. 160 $record->filename = $saveas_filename; 161 } else { 162 if (preg_match('/\.([a-z0-9]+)$/i', $filename, $match)) { 163 if (isset($match[1])) { 164 $ext = $match[1]; 165 } 166 } 167 $ext = !empty($ext) ? $ext : ''; 168 if (preg_match('#\.(' . $ext . ')$#i', $saveas_filename)) { 169 // saveas filename contains file extension already 170 $record->filename = $saveas_filename; 171 } else { 172 $record->filename = $saveas_filename . '.' . $ext; 173 } 174 } 175 } 176 177 // Check the file has some non-null contents - usually an indication that a user has 178 // tried to upload a folder by mistake 179 if (!$this->check_valid_contents($_FILES[$elname]['tmp_name'])) { 180 throw new moodle_exception('upload_error_invalid_file', 'repository_upload', '', $record->filename); 181 } 182 183 if ($this->mimetypes != '*') { 184 // check filetype 185 $filemimetype = file_storage::mimetype($_FILES[$elname]['tmp_name'], $record->filename); 186 if (!in_array($filemimetype, $this->mimetypes)) { 187 throw new moodle_exception('invalidfiletype', 'repository', '', get_mimetype_description(array('filename' => $_FILES[$elname]['name']))); 188 } 189 } 190 191 if (empty($record->itemid)) { 192 $record->itemid = 0; 193 } 194 195 if (($maxbytes!==-1) && (filesize($_FILES[$elname]['tmp_name']) > $maxbytes)) { 196 $maxbytesdisplay = display_size($maxbytes, 0); 197 throw new file_exception('maxbytesfile', (object) array('file' => $record->filename, 198 'size' => $maxbytesdisplay)); 199 } 200 201 if (file_is_draft_area_limit_reached($record->itemid, $areamaxbytes, filesize($_FILES[$elname]['tmp_name']))) { 202 throw new file_exception('maxareabytes'); 203 } 204 // Ensure the user does not upload too many draft files in a short period. 205 if (file_is_draft_areas_limit_reached($USER->id)) { 206 throw new file_exception('maxdraftitemids'); 207 } 208 209 $record->contextid = $context->id; 210 $record->userid = $USER->id; 211 212 if (repository::draftfile_exists($record->itemid, $record->filepath, $record->filename)) { 213 $existingfilename = $record->filename; 214 $unused_filename = repository::get_unused_filename($record->itemid, $record->filepath, $record->filename); 215 $record->filename = $unused_filename; 216 $stored_file = $fs->create_file_from_pathname($record, $_FILES[$elname]['tmp_name']); 217 if ($overwriteexisting) { 218 repository::overwrite_existing_draftfile($record->itemid, $record->filepath, $existingfilename, $record->filepath, $record->filename); 219 $record->filename = $existingfilename; 220 } else { 221 $event = array(); 222 $event['event'] = 'fileexists'; 223 $event['newfile'] = new stdClass; 224 $event['newfile']->filepath = $record->filepath; 225 $event['newfile']->filename = $unused_filename; 226 $event['newfile']->url = moodle_url::make_draftfile_url($record->itemid, $record->filepath, $unused_filename)->out(false); 227 228 $event['existingfile'] = new stdClass; 229 $event['existingfile']->filepath = $record->filepath; 230 $event['existingfile']->filename = $existingfilename; 231 $event['existingfile']->url = moodle_url::make_draftfile_url($record->itemid, $record->filepath, $existingfilename)->out(false); 232 return $event; 233 } 234 } else { 235 $stored_file = $fs->create_file_from_pathname($record, $_FILES[$elname]['tmp_name']); 236 } 237 238 return array( 239 'url'=>moodle_url::make_draftfile_url($record->itemid, $record->filepath, $record->filename)->out(false), 240 'id'=>$record->itemid, 241 'file'=>$record->filename); 242 } 243 244 245 /** 246 * Checks the contents of the given file is not completely NULL - this can happen if a 247 * user drags & drops a folder onto a filemanager / filepicker element 248 * @param string $filepath full path (including filename) to file to check 249 * @return true if file has at least one non-null byte within it 250 */ 251 protected function check_valid_contents($filepath) { 252 $buffersize = 4096; 253 254 $fp = fopen($filepath, 'r'); 255 if (!$fp) { 256 return false; // Cannot read the file - something has gone wrong 257 } 258 while (!feof($fp)) { 259 // Read the file 4k at a time 260 $data = fread($fp, $buffersize); 261 if (preg_match('/[^\0]+/', $data)) { 262 fclose($fp); 263 return true; // Return as soon as a non-null byte is found 264 } 265 } 266 // Entire file is NULL 267 fclose($fp); 268 return false; 269 } 270 271 /** 272 * Return a upload form 273 * @return array 274 */ 275 public function get_listing($path = '', $page = '') { 276 global $CFG; 277 $ret = array(); 278 $ret['nologin'] = true; 279 $ret['nosearch'] = true; 280 $ret['norefresh'] = true; 281 $ret['list'] = array(); 282 $ret['dynload'] = false; 283 $ret['upload'] = array('label'=>get_string('attachment', 'repository'), 'id'=>'repo-form'); 284 $ret['allowcaching'] = true; // indicates that result of get_listing() can be cached in filepicker.js 285 return $ret; 286 } 287 288 /** 289 * supported return types 290 * @return int 291 */ 292 public function supported_returntypes() { 293 return FILE_INTERNAL; 294 } 295 296 /** 297 * Is this repository accessing private data? 298 * 299 * @return bool 300 */ 301 public function contains_private_data() { 302 return false; 303 } 304 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
