|
Moodle
2.2.1
http://www.collinsharper.com
|
|
Moodle
2.2.1
http://www.collinsharper.com
|
00001 <?php 00002 // This file is part of Moodle - http://moodle.org/ 00003 // 00004 // Moodle is free software: you can redistribute it and/or modify 00005 // it under the terms of the GNU General Public License as published by 00006 // the Free Software Foundation, either version 3 of the License, or 00007 // (at your option) any later version. 00008 // 00009 // Moodle is distributed in the hope that it will be useful, 00010 // but WITHOUT ANY WARRANTY; without even the implied warranty of 00011 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00012 // GNU General Public License for more details. 00013 // 00014 // You should have received a copy of the GNU General Public License 00015 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 00016 00029 // disable moodle specific debug messages and any errors in output 00030 define('NO_DEBUG_DISPLAY', true); 00031 00032 require(dirname(__FILE__) . '/../../../config.php'); 00033 require_once($CFG->libdir . '/filelib.php'); 00034 00035 // basic security, require login + require site config cap 00036 require_login(); 00037 require_capability('tool/unittest:execute', get_context_instance(CONTEXT_SYSTEM)); 00038 00039 // get file requested 00040 $relativepath = get_file_argument(); 00041 00042 // basic check, start by slash 00043 if (!$relativepath) { 00044 print_error('invalidargorconf'); 00045 } else if ($relativepath{0} != '/') { 00046 print_error('pathdoesnotstartslash'); 00047 } 00048 00049 // determine which disk file is going to be served 00050 // and how it's going to be named 00051 $filepath = $CFG->dataroot . '/codecoverage' . $relativepath; 00052 $filename = basename($filepath); 00053 00054 // extract relative path components 00055 $args = explode('/', ltrim($relativepath, '/')); 00056 00057 // only serve from some controlled subdirs 00058 $alloweddirs = array('dbtest', 'unittest'); 00059 if (!isset($args[0]) || !in_array($args[0], $alloweddirs)) { 00060 print_error('invalidarguments'); 00061 } 00062 00063 // only serve some controlled extensions 00064 $allowedextensions = array('text/html', 'text/css', 'image/gif', 'application/x-javascript'); 00065 if (!in_array(mimeinfo('type', $filepath), $allowedextensions)) { 00066 print_error('invalidarguments'); 00067 } 00068 00069 // arrived here, send the file 00070 session_get_instance()->write_close(); // unlock session during fileserving 00071 send_file($filepath, $filename, 0, false); 00072
1.7.6.1 
