NOBUG: Fixed file access permissions
[moodle.git] / lib / editor / tinymce / plugins / loader.php
CommitLineData
fae91170 1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Loader for resource files within TinyMCE plugins.
19 *
20 * This loader handles requests which have the plugin version number in. These
21 * requests are set to never expire from cache, to improve performance. Only
22 * files within the 'tinymce' folder of the plugin will be served.
23 *
24 * Note there are no access checks in this script - you do not have to be
25 * logged in to retrieve the plugin resource files.
26 *
27 * @package editor_tinymce
28 * @copyright 2012 The Open University
29 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
30 */
31
32define('NO_MOODLE_COOKIES', true);
33require_once('../../../../config.php');
34require_once($CFG->dirroot . '/lib/filelib.php');
35require_once($CFG->dirroot . '/lib/jslib.php');
36
8ccb3ce8 37// Safely get slash params (cleaned using PARAM_PATH, without /../).
fae91170 38$path = get_file_argument();
39
40// Param must be of the form [plugin]/[version]/[path] where path is a relative
41// path inside the plugin tinymce folder.
42$matches = array();
43if (!preg_match('~^/([a-z0-9_]+)/((?:[0-9.]+)|-1)(/.*)$~', $path, $matches)) {
44 print_error('filenotfound');
45}
46list($junk, $tinymceplugin, $version, $innerpath) = $matches;
47
48// Note that version number is totally ignored, user can specify anything,
8ccb3ce8 49// except for the difference between '-1' and anything else.
fae91170 50
51// Check the file exists.
52$pluginfolder = $CFG->dirroot . '/lib/editor/tinymce/plugins/' . $tinymceplugin;
53$file = $pluginfolder . '/tinymce' .$innerpath;
54if (!file_exists($file)) {
55 print_error('filenotfound');
56}
57
58// We don't actually care what the version number is but there is a special
59// case for '-1' which means, set the files to not be cached.
8ccb3ce8 60$allowcache = ($version !== '-1');
fae91170 61if ($allowcache) {
62 // Set it to expire a year later. Note that this means we should never get
63 // If-Modified-Since requests so there is no need to handle them specially.
64 header('Expires: ' . date('r', time() + 365 * 24 * 3600));
65 header('Cache-Control: max-age=' . 365 * 24 * 3600);
66 // Pragma is set to no-cache by default so must be overridden.
67 header('Pragma:');
68}
69
70// Get the right MIME type.
71$mimetype = mimeinfo('type', $file);
72
73// For JS files, these can be minified and stored in cache.
74if ($mimetype === 'application/x-javascript' && $allowcache) {
75 // The cached file is stored without version number etc. This is okay
76 // because $CFG->cachedir is cleared each time there is a plugin update,
77 // such as a new version of a tinymce plugin.
78
79 // Flatten filename and include cache location.
80 $cache = $CFG->cachedir . '/editor_tinymce/pluginjs';
81 $cachefile = $cache . '/' . $tinymceplugin .
82 str_replace('/', '_', $innerpath);
83
84 // If it doesn't exist, minify it and save to that location.
85 if (!file_exists($cachefile)) {
6b32d6bc 86 $content = core_minify::js_files(array($file));
fae91170 87 js_write_cache_file_content($cachefile, $content);
88 }
89
90 $file = $cachefile;
398862b9
PS
91} else if ($mimetype === 'text/html') {
92 header('X-UA-Compatible: IE=edge');
fae91170 93}
94
95// Serve file.
96header('Content-Length: ' . filesize($file));
97header('Content-Type: ' . $mimetype);
98readfile($file);