Correction of 'location' string translation (thanks to Arnaud Saint-Georges)
[moodle.git] / file.php
CommitLineData
e7f927a0 1<?php // $Id$
2 // This script fetches files from the dataroot directory
3 // Syntax: file.php/courseid/dir/dir/dir/filename.ext
4 // file.php/courseid/dir (returns index.html from dir)
5 // Workaround: file.php?file=/courseid/dir/dir/dir/filename.ext
6 // Test: file.php/test
7
822a1063 8 require_once('config.php');
9 require_once('files/mimetypes.php');
f9903ed0 10
66e5f959 11 if (empty($CFG->filelifetime)) {
e7f927a0 12 $lifetime = 86400; // Seconds for files to remain in caches
6ed3da1d 13 } else {
e7f927a0 14 $lifetime = $CFG->filelifetime;
3f8247c2 15 }
e7f927a0 16
3f8247c2 17
e7f927a0 18 $relativepath = get_file_argument('file.php');
19
20 // relative path must start with '/', because of backup/restore!!!
21 if (!$relativepath) {
22 error('No valid arguments supplied or incorrect server configuration');
23 } else if ($relativepath{0} != '/') {
24 error('No valid arguments supplied, path does not start with slash!');
f9903ed0 25 }
26
e7f927a0 27 $pathname = $CFG->dataroot.$relativepath;
ae67d9cd 28
e7f927a0 29 // extract relative path components
30 $args = explode('/', trim($relativepath, '/'));
31 if (count($args) == 0) { // always at least courseid, may search for index.html in course root
822a1063 32 error('No valid arguments supplied');
55b8ac31 33 }
34
e7f927a0 35 // security: limit access to existing course subdirectories
36 // note: course ID must be specified
37 // note: the lang field is needed for the course language switching hack in weblib.php
38 if (!$course = get_record_sql("SELECT id, lang FROM {$CFG->prefix}course WHERE id='".(int)$args[0]."'")) {
39 error('Invalid course ID');
a4557331 40 }
41
e7f927a0 42 // security: prevent access to "000" or "1 something" directories
43 if ($args[0] != $course->id) {
822a1063 44 error('Invalid course ID');
76112421 45 }
21ddaf60 46
e7f927a0 47 // security: login to course if necessary
48 if ($course->id != SITEID) {
49 require_login($course->id);
f57cd38b 50 } else if ($CFG->forcelogin) {
51 require_login();
f9903ed0 52 }
53
e7f927a0 54 // security: only editing teachers can access backups
55 if ((!isteacheredit($course->id))
56 and (count($args) >= 2)
57 and (strtolower($args[1]) == 'backupdata')) {
f9903ed0 58
e7f927a0 59 error('Access not allowed');
60 }
f9903ed0 61
e7f927a0 62 // security: teachers can view all assignments, students only their own
63 if ((count($args) >= 3)
64 and (strtolower($args[1]) == 'moddata')
65 and (strtolower($args[2]) == 'assignment')) {
b7a3d3b2 66
e7f927a0 67 $lifetime = 0; // do not cache assignments, students may reupload them
68 if ((!isteacher($course->id)) && (count($args) != 6 || $args[4] != $USER->id)) {
69 error('Access not allowed');
70 }
71 }
f0507011 72
e7f927a0 73 if (is_dir($pathname)) {
74 if (file_exists($pathname.'/index.html')) {
75 $pathname = rtrim($pathname, '/').'/index.html';
76 $args[] = 'index.html';
77 } else if (file_exists($pathname.'/index.htm')) {
78 $pathname = rtrim($pathname, '/').'/index.htm';
79 $args[] = 'index.htm';
80 } else if (file_exists($pathname.'/Default.htm')) {
81 $pathname = rtrim($pathname, '/').'/Default.htm';
82 $args[] = 'Default.htm';
83 } else {
84 // security: do not return directory node!
85 not_found($course->id);
86 }
87 }
3cf4ab97 88
e7f927a0 89 // check that file exists
90 if (!file_exists($pathname)) {
91 not_found($course->id);
92 }
e5890e71 93
e7f927a0 94 // extra security: keep symbolic links inside dataroot/courseid if required
95 /*if (!empty($CFG->checksymlinks)) {
96 $realpath = realpath($pathname);
97 $realdataroot = realpath($CFG->dataroot.'/'.$course->id);
98 if (strpos($realpath, $realdataroot) !== 0) {
99 not_found($course->id);
f0507011 100 }
e7f927a0 101 }*/
102
103 // ========================================
104 // finally send the file
105 // ========================================
106 $filename = $args[count($args)-1];
107 send_file($pathname, $filename, $lifetime, !empty($CFG->filteruploadedfiles));
108
109 function not_found($courseid) {
110 global $CFG;
822a1063 111 header('HTTP/1.0 404 not found');
e7f927a0 112 error(get_string('filenotfound', 'error'), $CFG->wwwroot.'/course/view.php?id='.$courseid); //this is not displayed on IIS??
f9903ed0 113 }
e7f927a0 114?>