8adcb49f |
1 | <?PHP //$Id |
2 | //This file returns the required rss feeds |
3 | //The URL format MUST include: |
4 | // course: the course id |
5 | // user: the user id |
6 | // name: the name of the module (forum...) |
7 | // id: the id of the module (forumid...) |
8 | //If the course has a password or it doesn't |
9 | //allow guest access then the user field is |
10 | //required to see that the user is enrolled |
11 | //in the course, else no check is performed. |
12 | //This allows to limit a bit the rss access |
13 | //to correct users. It isn't unbreakable, |
14 | //obviously, but its the best I've thought!! |
15 | |
16 | require_once("../config.php"); |
17 | require_once("$CFG->dirroot/files/mimetypes.php"); |
18 | |
19 | $allowed = true; |
20 | $error = false; |
21 | |
22 | if (empty($CFG->filelifetime)) { |
23 | $CFG->filelifetime = 86400; /// Seconds for files to remain in caches |
24 | } |
25 | |
26 | if (isset($file)) { // workaround for situations where / syntax doesn't work |
27 | $pathinfo = $file; |
28 | } else { |
29 | $pathinfo = get_slash_arguments("file.php"); |
30 | } |
31 | |
32 | if (!$pathinfo) { |
33 | $error = true; |
34 | } |
35 | |
36 | $pathinfo = urldecode($pathinfo); |
37 | |
38 | if (! $args = parse_slash_arguments($pathinfo)) { |
39 | $error = true; |
40 | } |
41 | |
42 | $numargs = count($args); |
43 | if ($numargs < 5 or empty($args[1])) { |
44 | $error = true; |
45 | } |
46 | |
47 | $courseid = (integer)$args[0]; |
48 | if (! $course = get_record("course", "id", $courseid)) { |
49 | $error = true; |
50 | } |
51 | |
52 | //Check for "security" if !course->guest or course->password |
53 | if (!$course->guest || $course->password) { |
54 | $allowed = (isstudent($course->id,$args[1]) || isteacher($course->id,$args[1])); |
55 | } |
56 | |
57 | $pathname = $CFG->dataroot."/rss/".$args[2]."/".$args[3].".xml"; |
58 | $filename = $args[$numargs-1]; |
59 | |
60 | //If the file exists and its allowed for me, download it! |
61 | if (file_exists($pathname) && $allowed && !$error) { |
62 | $lastmodified = filemtime($pathname); |
63 | $mimetype = mimeinfo("type", $filename); |
64 | |
65 | header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT"); |
66 | header("Expires: " . gmdate("D, d M Y H:i:s", time() + $CFG->filelifetime) . " GMT"); |
67 | header("Cache-control: max_age = $CFG->filelifetime"); |
68 | header("Pragma: "); |
69 | header("Content-disposition: inline; filename=$filename"); |
70 | |
71 | header("Content-length: ".filesize($pathname)); |
72 | header("Content-type: $mimetype"); |
73 | readfile($pathname); |
74 | } |
75 | |
76 | ?> |