Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.

Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403] [Versions 401 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Form for editing HTML block instances.
  19   *
  20   * @copyright 2010 Petr Skoda (http://skodak.org)
  21   * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  22   * @package   block_html
  23   * @category  files
  24   * @param stdClass $course course object
  25   * @param stdClass $birecord_or_cm block instance record
  26   * @param context $context context object
  27   * @param string $filearea file area
  28   * @param array $args extra arguments
  29   * @param bool $forcedownload whether or not force download
  30   * @param array $options additional options affecting the file serving
  31   * @return bool
  32   * @todo MDL-36050 improve capability check on stick blocks, so we can check user capability before sending images.
  33   */
  34  function block_html_pluginfile($course, $birecord_or_cm, $context, $filearea, $args, $forcedownload, array $options=array()) {
  35      global $DB, $CFG, $USER;
  36  
  37      if ($context->contextlevel != CONTEXT_BLOCK) {
  38          send_file_not_found();
  39      }
  40  
  41      // If block is in course context, then check if user has capability to access course.
  42      if ($context->get_course_context(false)) {
  43          require_course_login($course);
  44      } else if ($CFG->forcelogin) {
  45          require_login();
  46      } else {
  47          // Get parent context and see if user have proper permission.
  48          $parentcontext = $context->get_parent_context();
  49          if ($parentcontext->contextlevel === CONTEXT_COURSECAT) {
  50              // Check if category is visible and user can view this category.
  51              if (!core_course_category::get($parentcontext->instanceid, IGNORE_MISSING)) {
  52                  send_file_not_found();
  53              }
  54          } else if ($parentcontext->contextlevel === CONTEXT_USER && $parentcontext->instanceid != $USER->id) {
  55              // The block is in the context of a user, it is only visible to the user who it belongs to.
  56              send_file_not_found();
  57          }
  58          // At this point there is no way to check SYSTEM context, so ignoring it.
  59      }
  60  
  61      if ($filearea !== 'content') {
  62          send_file_not_found();
  63      }
  64  
  65      $fs = get_file_storage();
  66  
  67      $filename = array_pop($args);
  68      $filepath = $args ? '/'.implode('/', $args).'/' : '/';
  69  
  70      if (!$file = $fs->get_file($context->id, 'block_html', 'content', 0, $filepath, $filename) or $file->is_directory()) {
  71          send_file_not_found();
  72      }
  73  
  74      if ($parentcontext = context::instance_by_id($birecord_or_cm->parentcontextid, IGNORE_MISSING)) {
  75          if ($parentcontext->contextlevel == CONTEXT_USER) {
  76              // force download on all personal pages including /my/
  77              //because we do not have reliable way to find out from where this is used
  78              $forcedownload = true;
  79          }
  80      } else {
  81          // weird, there should be parent context, better force dowload then
  82          $forcedownload = true;
  83      }
  84  
  85      // NOTE: it woudl be nice to have file revisions here, for now rely on standard file lifetime,
  86      //       do not lower it because the files are dispalyed very often.
  87      \core\session\manager::write_close();
  88      send_stored_file($file, null, 0, $forcedownload, $options);
  89  }
  90  
  91  /**
  92   * Perform global search replace such as when migrating site to new URL.
  93   * @param  $search
  94   * @param  $replace
  95   * @return void
  96   */
  97  function block_html_global_db_replace($search, $replace) {
  98      global $DB;
  99  
 100      $instances = $DB->get_recordset('block_instances', array('blockname' => 'html'));
 101      foreach ($instances as $instance) {
 102          // TODO: intentionally hardcoded until MDL-26800 is fixed
 103          $config = unserialize_object(base64_decode($instance->configdata));
 104          if (isset($config->text) and is_string($config->text)) {
 105              $config->text = str_replace($search, $replace, $config->text);
 106              $DB->update_record('block_instances', ['id' => $instance->id,
 107                      'configdata' => base64_encode(serialize($config)), 'timemodified' => time()]);
 108          }
 109      }
 110      $instances->close();
 111  }
 112  
 113  /**
 114   * Given an array with a file path, it returns the itemid and the filepath for the defined filearea.
 115   *
 116   * @param  string $filearea The filearea.
 117   * @param  array  $args The path (the part after the filearea and before the filename).
 118   * @return array The itemid and the filepath inside the $args path, for the defined filearea.
 119   */
 120  function block_html_get_path_from_pluginfile(string $filearea, array $args) : array {
 121      // This block never has an itemid (the number represents the revision but it's not stored in database).
 122      array_shift($args);
 123  
 124      // Get the filepath.
 125      if (empty($args)) {
 126          $filepath = '/';
 127      } else {
 128          $filepath = '/' . implode('/', $args) . '/';
 129      }
 130  
 131      return [
 132          'itemid' => 0,
 133          'filepath' => $filepath,
 134      ];
 135  }