Commit | Line | Data |
---|---|---|
2e9b772f | 1 | <?PHP |
8adcb49f | 2 | //This file returns the required rss feeds |
3 | //The URL format MUST include: | |
4 | // course: the course id | |
e7f927a0 | 5 | // user: the user id |
6 | // name: the name of the module (forum...) | |
7 | // id: the id (instance) of the module (forumid...) | |
8adcb49f | 8 | //If the course has a password or it doesn't |
7fe0ce4e | 9 | //allow guest access then the user field is |
8adcb49f | 10 | //required to see that the user is enrolled |
11 | //in the course, else no check is performed. | |
12 | //This allows to limit a bit the rss access | |
13 | //to correct users. It isn't unbreakable, | |
14 | //obviously, but its the best I've thought!! | |
15 | ||
2e9b772f PS |
16 | // disable moodle specific debug messages and any errors in output |
17 | define('NO_DEBUG_DISPLAY', true); | |
18 | define('NO_MOODLE_COOKIES', true); // session not used here | |
7fe0ce4e | 19 | |
e7f927a0 | 20 | require_once('../config.php'); |
7ade05c5 | 21 | require_once($CFG->libdir.'/filelib.php'); |
48b29ba4 | 22 | require_once($CFG->libdir.'/rsslib.php'); |
8adcb49f | 23 | |
e7f927a0 | 24 | $lifetime = 3600; // Seconds for files to remain in caches - 1 hour |
8adcb49f | 25 | |
1b813f5c | 26 | // this is a big one big hack - NO_MOODLE_COOKIES is not compatible with capabilities MDL-7243 |
6f5e0852 | 27 | // it should be replaced once we get to codes in urls |
a015506a | 28 | |
11e7b506 | 29 | $relativepath = get_file_argument(); |
8adcb49f | 30 | |
7fe0ce4e | 31 | |
e7f927a0 | 32 | if (!$relativepath) { |
66c52fdf | 33 | rss_not_found(); |
8adcb49f | 34 | } |
35 | ||
e7f927a0 | 36 | // extract relative path components |
37 | $args = explode('/', trim($relativepath, '/')); | |
7fe0ce4e | 38 | |
a848c48c | 39 | if (count($args) < 5) { |
66c52fdf | 40 | rss_not_found(); |
8adcb49f | 41 | } |
42 | ||
e7f927a0 | 43 | $courseid = (int)$args[0]; |
44 | $userid = (int)$args[1]; | |
45 | $modulename = clean_param($args[2], PARAM_FILE); | |
a848c48c | 46 | $instance = $args[3]; |
c5152930 | 47 | $filename = 'rss.xml'; |
7fe0ce4e | 48 | |
a848c48c | 49 | if ($isblog = $modulename == 'blog') { |
50 | $blogid = (int)$args[4]; // could be groupid / courseid / userid depending on $instance | |
51 | if ($args[5] != 'rss.xml') { | |
6619a7f4 | 52 | $tagid = (int)$args[5]; |
53 | } else { | |
54 | $tagid = 0; | |
a848c48c | 55 | } |
56 | } else { | |
57 | $instance = (int)$instance; // we know it's an id number | |
58 | } | |
59 | ||
60 | ||
b3829d0a | 61 | if (!$course = $DB->get_record('course', array('id'=>$courseid))) { |
66c52fdf | 62 | rss_not_found(); |
8adcb49f | 63 | } |
7fe0ce4e | 64 | |
c062fee6 | 65 | //Check name of module |
a848c48c | 66 | if (!$isblog) { |
17da2e6f | 67 | $mods = get_plugin_list('mod'); |
68 | $mods = array_keys($mods); | |
a848c48c | 69 | if (!in_array(strtolower($modulename), $mods)) { |
70 | rss_not_found(); | |
71 | } | |
72f383b1 | 72 | //Get course_module to check it's visible |
73 | if (!$cm = get_coursemodule_from_instance($modulename,$instance,$courseid)) { | |
74 | rss_not_found(); | |
75 | } | |
76 | $context = get_context_instance(CONTEXT_MODULE, $cm->id); | |
4f0c2d00 | 77 | $isuser = has_capability('moodle/course:participate', $context, $userid); // Not ideal, this should be module-specific, but deferring until RSS gets a revamp with codes in the URLs |
72f383b1 | 78 | } else { |
79 | $context = get_context_instance(CONTEXT_COURSE, $course->id); | |
4f0c2d00 | 80 | $isuser = has_capability('moodle/course:participate', $context, $userid); |
8adcb49f | 81 | } |
6f5e0852 | 82 | |
8adcb49f | 83 | //Check for "security" if !course->guest or course->password |
56e8032e | 84 | if ($course->id != SITEID) { |
d02eeded | 85 | if ((!$course->guest || $course->password) && (!$isuser)) { |
66c52fdf | 86 | rss_not_found(); |
56e8032e | 87 | } |
c0f778a2 | 88 | } |
89 | ||
7fe0ce4e | 90 | //Check for "security" if the course is hidden or the activity is hidden |
d02eeded | 91 | if (!$isblog and (!$course->visible || !$cm->visible) && (!has_capability('moodle/course:viewhiddenactivities', $context))) { |
66c52fdf | 92 | rss_not_found(); |
8adcb49f | 93 | } |
94 | ||
6619a7f4 | 95 | //Work out the filename of the RSS file |
7fe0ce4e | 96 | if ($isblog) { |
6619a7f4 | 97 | require_once($CFG->dirroot.'/blog/rsslib.php'); |
98 | $pathname = blog_generate_rss_feed($instance, $blogid, $tagid); | |
7fe0ce4e | 99 | } else { |
100 | $pathname = $CFG->dataroot.'/rss/'.$modulename.'/'.$instance.'.xml'; | |
101 | } | |
6619a7f4 | 102 | |
e7f927a0 | 103 | //Check that file exists |
104 | if (!file_exists($pathname)) { | |
6619a7f4 | 105 | rss_not_found(); |
8adcb49f | 106 | } |
107 | ||
e7f927a0 | 108 | //Send it to user! |
109 | send_file($pathname, $filename, $lifetime); | |
110 | ||
66c52fdf | 111 | function rss_not_found() { |
e7f927a0 | 112 | /// error, send some XML with error message |
be88433c | 113 | global $lifetime, $filename; |
114 | send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true); | |
e7f927a0 | 115 | } |
2e9b772f | 116 |