AutorÃa | Ultima modificación | Ver Log |
<?php// This file is part of Moodle - http://moodle.org///// Moodle is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.//// Moodle is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.//// You should have received a copy of the GNU General Public License// along with Moodle. If not, see <http://www.gnu.org/licenses/>./*** This script serves draft files of current user** @package core* @subpackage file* @copyright 2008 Petr Skoda (http://skodak.org)* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later*/// disable moodle specific debug messages and any errors in outputdefine('NO_DEBUG_DISPLAY', true);require_once('config.php');require_once('lib/filelib.php');require_login();if (isguestuser()) {throw new \moodle_exception('noguest');}$relativepath = get_file_argument();$preview = optional_param('preview', null, PARAM_ALPHANUM);// relative path must start with '/'if (!$relativepath) {throw new \moodle_exception('invalidargorconf');} else if ($relativepath[0] != '/') {throw new \moodle_exception('pathdoesnotstartslash');}// extract relative path components$args = explode('/', ltrim($relativepath, '/'));if (count($args) == 0) { // always at least user idthrow new \moodle_exception('invalidarguments');}$contextid = (int)array_shift($args);$component = array_shift($args);$filearea = array_shift($args);$draftid = (int)array_shift($args);if ($component !== 'user' or $filearea !== 'draft') {send_file_not_found();}$context = context::instance_by_id($contextid);if ($context->contextlevel != CONTEXT_USER) {send_file_not_found();}$userid = $context->instanceid;if ($USER->id != $userid) {throw new \moodle_exception('invaliduserid');}$fs = get_file_storage();$relativepath = implode('/', $args);$fullpath = "/$context->id/user/draft/$draftid/$relativepath";if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') {send_file_not_found();}// ========================================// finally send the file// ========================================\core\session\manager::write_close(); // Unlock session during file serving.send_stored_file($file, 0, false, true, array('preview' => $preview)); // force download - security first!