|
Moodle
2.2.1
http://www.collinsharper.com
|
|
Moodle
2.2.1
http://www.collinsharper.com
|
00001 <?php 00002 00003 // This file is part of Moodle - http://moodle.org/ 00004 // 00005 // Moodle is free software: you can redistribute it and/or modify 00006 // it under the terms of the GNU General Public License as published by 00007 // the Free Software Foundation, either version 3 of the License, or 00008 // (at your option) any later version. 00009 // 00010 // Moodle is distributed in the hope that it will be useful, 00011 // but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00013 // GNU General Public License for more details. 00014 // 00015 // You should have received a copy of the GNU General Public License 00016 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 00017 00027 // disable moodle specific debug messages and any errors in output 00028 define('NO_DEBUG_DISPLAY', true); 00029 00030 require_once('config.php'); 00031 require_once('lib/filelib.php'); 00032 00033 require_login(); 00034 if (isguestuser()) { 00035 print_error('noguest'); 00036 } 00037 00038 $relativepath = get_file_argument(); 00039 00040 // relative path must start with '/' 00041 if (!$relativepath) { 00042 print_error('invalidargorconf'); 00043 } else if ($relativepath{0} != '/') { 00044 print_error('pathdoesnotstartslash'); 00045 } 00046 00047 // extract relative path components 00048 $args = explode('/', ltrim($relativepath, '/')); 00049 00050 if (count($args) == 0) { // always at least user id 00051 print_error('invalidarguments'); 00052 } 00053 00054 $contextid = (int)array_shift($args); 00055 $component = array_shift($args); 00056 $filearea = array_shift($args); 00057 $draftid = (int)array_shift($args); 00058 00059 if ($component !== 'user' or $filearea !== 'draft') { 00060 send_file_not_found(); 00061 } 00062 00063 $context = get_context_instance_by_id($contextid); 00064 if ($context->contextlevel != CONTEXT_USER) { 00065 send_file_not_found(); 00066 } 00067 00068 $userid = $context->instanceid; 00069 if ($USER->id != $userid) { 00070 print_error('invaliduserid'); 00071 } 00072 00073 00074 $fs = get_file_storage(); 00075 00076 $relativepath = implode('/', $args); 00077 $fullpath = "/$context->id/user/draft/$draftid/$relativepath"; 00078 00079 if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') { 00080 send_file_not_found(); 00081 } 00082 00083 // ======================================== 00084 // finally send the file 00085 // ======================================== 00086 session_get_instance()->write_close(); // unlock session during fileserving 00087 send_stored_file($file, 0, false, true); // force download - security first!
1.7.6.1 
