Commit | Line | Data |
---|---|---|
2e9b772f | 1 | <?PHP |
8adcb49f | 2 | //This file returns the required rss feeds |
3 | //The URL format MUST include: | |
fcce139a | 4 | // context: the context id |
e7f927a0 | 5 | // user: the user id |
6 | // name: the name of the module (forum...) | |
7 | // id: the id (instance) of the module (forumid...) | |
8adcb49f | 8 | //If the course has a password or it doesn't |
7fe0ce4e | 9 | //allow guest access then the user field is |
8adcb49f | 10 | //required to see that the user is enrolled |
11 | //in the course, else no check is performed. | |
12 | //This allows to limit a bit the rss access | |
13 | //to correct users. It isn't unbreakable, | |
14 | //obviously, but its the best I've thought!! | |
15 | ||
2e9b772f | 16 | // disable moodle specific debug messages and any errors in output |
fcce139a AD |
17 | define('NO_DEBUG_DISPLAY', true);//comment this out to see any error messages during RSS generation |
18 | ||
19 | // session not used here | |
20 | if (!defined('NO_MOODLE_COOKIES')) { define('NO_MOODLE_COOKIES', true); } | |
21 | if (!defined('USER_KEY_LOGIN')) { define('USER_KEY_LOGIN', true); } | |
22 | ||
23 | require_once('../config.php'); | |
24 | require_once($CFG->libdir.'/filelib.php'); | |
25 | require_once($CFG->libdir.'/rsslib.php'); | |
26 | ||
27 | //Check RSS feeds are enabled | |
28 | if (empty($CFG->enablerssfeeds)) { | |
29 | debugging('DISABLED (admin variables)'); | |
30 | rss_not_found(); | |
31 | } | |
32 | ||
33 | $lifetime = 3600; // Seconds for files to remain in caches - 1 hour | |
34 | $filename = 'rss.xml'; | |
35 | ||
36 | // this is a big one big hack - NO_MOODLE_COOKIES is not compatible with capabilities MDL-7243 | |
37 | // it should be replaced once we get to codes in urls | |
38 | ||
39 | $relativepath = get_file_argument(); | |
40 | if (!$relativepath) { | |
41 | rss_not_found(); | |
42 | } | |
43 | ||
44 | // extract relative path components | |
45 | $args = explode('/', trim($relativepath, '/')); | |
46 | if (count($args) < 5) { | |
47 | rss_not_found(); | |
48 | } | |
49 | ||
50 | $contextid = (int)$args[0]; | |
51 | $token = $args[1]; | |
52 | $modulename = clean_param($args[2], PARAM_FILE); | |
53 | $instance = $args[3]; | |
54 | ||
55 | $userid = rss_get_userid_from_token($token); | |
56 | if (!$userid) { | |
57 | rss_not_authenticated(); | |
58 | } | |
59 | $user = get_complete_user_data('id', $userid); | |
60 | session_set_user($user); | |
61 | ||
62 | $context = get_context_instance_by_id($contextid); | |
63 | if (!$context) { | |
64 | rss_not_found(); | |
65 | } | |
66 | $PAGE->set_context($context); | |
67 | ||
68 | $coursecontext = get_course_context($context); | |
69 | $course = $DB->get_record('course', array('id' => $coursecontext->instanceid), '*', MUST_EXIST); | |
70 | ||
71 | $isblog = ($modulename == 'blog'); | |
72 | if ($isblog) { | |
73 | $blogid = (int)$args[4]; // could be groupid / courseid / userid depending on $instance | |
74 | if ($args[5] != 'rss.xml') { | |
75 | $tagid = (int)$args[5]; | |
76 | } else { | |
77 | $tagid = 0; | |
78 | } | |
79 | } else { | |
80 | $instance = (int)$instance; // we know it's an id number | |
81 | } | |
82 | ||
83 | //Check name of module | |
84 | if (!$isblog) { | |
85 | $mods = get_plugin_list('mod'); | |
86 | $mods = array_keys($mods); | |
87 | if (!in_array(strtolower($modulename), $mods)) { | |
66c52fdf | 88 | rss_not_found(); |
8adcb49f | 89 | } |
fcce139a AD |
90 | //Get course_module to check it's visible |
91 | if (!$cm = get_coursemodule_from_instance($modulename,$instance)) { | |
66c52fdf | 92 | rss_not_found(); |
8adcb49f | 93 | } |
fcce139a AD |
94 | $modcontext = get_context_instance(CONTEXT_MODULE, $cm->id); |
95 | //will $modcontext always be the same object as $context? | |
96 | $isuser = has_capability('moodle/course:participate', $modcontext); | |
97 | } else { | |
98 | $isuser = has_capability('moodle/course:participate', $coursecontext); | |
99 | } | |
100 | ||
101 | //Check if course allows guests | |
102 | if ($course->id != SITEID) { | |
103 | if ((!$course->guest || $course->password) && (!$isuser)) { | |
66c52fdf | 104 | rss_not_found(); |
8adcb49f | 105 | } |
fcce139a AD |
106 | } |
107 | ||
108 | //Check for "security" if the course is hidden or the activity is hidden | |
109 | if (!$isblog and (!$course->visible || !$cm->visible) && (!has_capability('moodle/course:viewhiddenactivities', $context))) { | |
110 | rss_not_found(); | |
111 | } | |
112 | ||
113 | $pathname = null; | |
114 | //Work out the filename of the cached RSS file | |
115 | if ($isblog) { | |
116 | require_once($CFG->dirroot.'/blog/rsslib.php'); | |
117 | $pathname = blog_generate_rss_feed($instance, $blogid, $tagid); | |
118 | } else { | |
119 | $functionname = $cm->modname.'_rss_get_feed'; | |
120 | require_once($CFG->dirroot."/mod/{$cm->modname}/rsslib.php"); | |
121 | if(function_exists($functionname)) { | |
122 | $pathname = $functionname($context, $cm, $instance, $args); | |
8adcb49f | 123 | } |
fcce139a | 124 | } |
6f5e0852 | 125 | |
fcce139a AD |
126 | //Check that file exists |
127 | if (empty($pathname) || !file_exists($pathname)) { | |
128 | rss_not_found(); | |
129 | } | |
8adcb49f | 130 | |
fcce139a | 131 | //rss_update_token_last_access($USER->id); |
6619a7f4 | 132 | |
fcce139a AD |
133 | //Send it to user! |
134 | send_file($pathname, $filename, $lifetime); | |
8adcb49f | 135 | |
fcce139a AD |
136 | function rss_not_found() { |
137 | /// error, send some XML with error message | |
138 | global $lifetime, $filename; | |
139 | send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true); | |
140 | } | |
e7f927a0 | 141 | |
fcce139a AD |
142 | function rss_not_authenticated() { |
143 | global $lifetime, $filename; | |
144 | send_file(rss_geterrorxmlfile('rsserrorauth'), $filename, $lifetime, false, true); | |
145 | } | |
2e9b772f | 146 |