Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.
/ -> draftfile.php (source)

Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403]

   1  <?php
   2  
   3  // This file is part of Moodle - http://moodle.org/
   4  //
   5  // Moodle is free software: you can redistribute it and/or modify
   6  // it under the terms of the GNU General Public License as published by
   7  // the Free Software Foundation, either version 3 of the License, or
   8  // (at your option) any later version.
   9  //
  10  // Moodle is distributed in the hope that it will be useful,
  11  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13  // GNU General Public License for more details.
  14  //
  15  // You should have received a copy of the GNU General Public License
  16  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  17  
  18  /**
  19   * This script serves draft files of current user
  20   *
  21   * @package    core
  22   * @subpackage file
  23   * @copyright  2008 Petr Skoda (http://skodak.org)
  24   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  25   */
  26  
  27  // disable moodle specific debug messages and any errors in output
  28  define('NO_DEBUG_DISPLAY', true);
  29  
  30  require_once('config.php');
  31  require_once ('lib/filelib.php');
  32  
  33  require_login();
  34  if (isguestuser()) {
  35      throw new \moodle_exception('noguest');
  36  }
  37  
  38  $relativepath = get_file_argument();
  39  $preview = optional_param('preview', null, PARAM_ALPHANUM);
  40  
  41  // relative path must start with '/'
  42  if (!$relativepath) {
  43      throw new \moodle_exception('invalidargorconf');
  44  } else if ($relativepath[0] != '/') {
  45      throw new \moodle_exception('pathdoesnotstartslash');
  46  }
  47  
  48  // extract relative path components
  49  $args = explode('/', ltrim($relativepath, '/'));
  50  
  51  if (count($args) == 0) { // always at least user id
  52      throw new \moodle_exception('invalidarguments');
  53  }
  54  
  55  $contextid = (int)array_shift($args);
  56  $component = array_shift($args);
  57  $filearea  = array_shift($args);
  58  $draftid   = (int)array_shift($args);
  59  
  60  if ($component !== 'user' or $filearea !== 'draft') {
  61      send_file_not_found();
  62  }
  63  
  64  $context = context::instance_by_id($contextid);
  65  if ($context->contextlevel != CONTEXT_USER) {
  66      send_file_not_found();
  67  }
  68  
  69  $userid = $context->instanceid;
  70  if ($USER->id != $userid) {
  71      throw new \moodle_exception('invaliduserid');
  72  }
  73  
  74  
  75  $fs = get_file_storage();
  76  
  77  $relativepath = implode('/', $args);
  78  $fullpath = "/$context->id/user/draft/$draftid/$relativepath";
  79  
  80  if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') {
  81      send_file_not_found();
  82  }
  83  
  84  // ========================================
  85  // finally send the file
  86  // ========================================
  87  \core\session\manager::write_close(); // Unlock session during file serving.
  88  send_stored_file($file, 0, false, true, array('preview' => $preview)); // force download - security first!