rss MDL-24508 fixed guest access to rss feeds
[moodle.git] / rss / file.php
CommitLineData
b111858d
MD
1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * rss/file.php - entry point to serve rss streams
19 *
20 * This script simply checks the parameters to construct a $USER
21 * then finds and calls a function in the relevant component to
22 * actually check security and create the RSS stream
23 *
24 * @package moodlecore
25 * @copyright 1999 onwards Martin Dougiamas http://moodle.com
26 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
27 */
28
29
30// Disable moodle specific debug messages and any errors in output
fcce139a
AD
31define('NO_DEBUG_DISPLAY', true);//comment this out to see any error messages during RSS generation
32
b111858d 33// Sessions not used here, we recreate $USER every time we are called
30d24538 34define('NO_MOODLE_COOKIES', true);
fcce139a
AD
35
36require_once('../config.php');
37require_once($CFG->libdir.'/filelib.php');
38require_once($CFG->libdir.'/rsslib.php');
39
b111858d 40// RSS feeds must be enabled site-wide
fcce139a
AD
41if (empty($CFG->enablerssfeeds)) {
42 debugging('DISABLED (admin variables)');
b111858d 43 rss_error();
fcce139a
AD
44}
45
fcce139a 46
b111858d 47// All the arguments are in the path
fcce139a
AD
48$relativepath = get_file_argument();
49if (!$relativepath) {
b111858d 50 rss_error();
fcce139a
AD
51}
52
b111858d
MD
53
54// Extract relative path components into variables
fcce139a
AD
55$args = explode('/', trim($relativepath, '/'));
56if (count($args) < 5) {
b111858d 57 rss_error();
fcce139a
AD
58}
59
60$contextid = (int)$args[0];
83b912e0 61$token = clean_param($args[1], PARAM_ALPHANUM);
aa60291e 62$componentname = clean_param($args[2], PARAM_FILE);
fcce139a 63
b111858d
MD
64
65// Authenticate the user from the token
fcce139a
AD
66$userid = rss_get_userid_from_token($token);
67if (!$userid) {
b111858d 68 rss_error('rsserrorauth');
fcce139a 69}
b111858d 70
fcce139a 71$user = get_complete_user_data('id', $userid);
690aa229 72session_set_user($user); //for login and capability checks
fcce139a 73
b111858d
MD
74
75// Check the context actually exists
fcce139a
AD
76$context = get_context_instance_by_id($contextid);
77if (!$context) {
b111858d 78 rss_error();
fcce139a
AD
79}
80$PAGE->set_context($context);
81
b111858d
MD
82
83// Work out which component in Moodle we want (from the frankenstyle name)
690aa229
AD
84$componentdir = get_component_directory($componentname);
85list($type, $plugin) = normalize_component($componentname);
fcce139a 86
b111858d
MD
87
88// Call the component to check/update the feed and tell us the path to the cached file
fcce139a 89$pathname = null;
e417be4c 90
aa60291e
AD
91if (file_exists($componentdir)) {
92 require_once("$componentdir/rsslib.php");
93 $functionname = $plugin.'_rss_get_feed';
94
95 if (function_exists($functionname)) {
b111858d
MD
96 // $pathname will be null if there was a problem (eg user doesn't have the necessary capabilities)
97 // NOTE:the component providing the feed must do its own capability checks and security
274f9840 98 $pathname = $functionname($context, $args);
aa60291e 99 }
fcce139a 100}
6f5e0852 101
b111858d
MD
102
103// Check that file exists
fcce139a 104if (empty($pathname) || !file_exists($pathname)) {
b111858d 105 rss_error();
fcce139a 106}
8adcb49f 107
b111858d
MD
108// Send the RSS file to the user!
109send_file($pathname, 'rss.xml', 3600); // Cached by browsers for 1 hour
8adcb49f 110
e7f927a0 111
b111858d
MD
112/*
113 * Sends an error formatted as an rss file and then dies
114 */
115function rss_error($error='rsserror', $filename='rss.xml', $lifetime=0) {
116 send_file(rss_geterrorxmlfile($error), $filename, $lifetime, false, true);
117 exit;
fcce139a 118}