MDL-19247 Cleaned up most of the sniffer files and adjusted some rules such as do...
[moodle.git] / draftfile.php
CommitLineData
7070268e 1<?php // $Id$
2
3 require_once('config.php');
4 require_once('lib/filelib.php');
5
6 require_login();
7 if (isguestuser()) {
8 print_error('noguest');
9 }
10
11 // disable moodle specific debug messages
12 disable_debugging();
13
11e7b506 14 $relativepath = get_file_argument();
7070268e 15
16 // relative path must start with '/'
17 if (!$relativepath) {
18 print_error('invalidargorconf');
19 } else if ($relativepath{0} != '/') {
20 print_error('pathdoesnotstartslash');
21 }
22
23 // extract relative path components
24 $args = explode('/', ltrim($relativepath, '/'));
25
26 if (count($args) == 0) { // always at least user id
27 print_error('invalidarguments');
28 }
29
30 $contextid = (int)array_shift($args);
4149edbd 31 $filearea = array_shift($args);
7070268e 32
33 $context = get_context_instance_by_id($contextid);
34 if ($context->contextlevel != CONTEXT_USER) {
35 print_error('invalidarguments');
36 }
37
38 $userid = $context->instanceid;
39 if ($USER->id != $userid) {
40 print_error('invaliduserid');
41 }
42
4149edbd 43 switch ($filearea) {
8546def3 44 case 'user_draft':
45 $itemid = (int)array_shift($args);
46 break;
47 default:
48 send_file_not_found();
4149edbd 49 }
50
7070268e 51 $relativepath = '/'.implode('/', $args);
52
4149edbd 53
7070268e 54 $fs = get_file_storage();
55
4149edbd 56 $fullpath = $context->id.$filearea.$itemid.$relativepath;
7070268e 57
58 if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') {
2aea0c5e 59 send_file_not_found();
7070268e 60 }
61
62 // ========================================
63 // finally send the file
64 // ========================================
56949c17 65 session_get_instance()->write_close(); // unlock session during fileserving
ac84a07d 66 send_stored_file($file, 0, false, true); // force download - security first!