MDL-22955 output: Added block to ensure that SVG is not used within CSS
[moodle.git] / theme / image.php
CommitLineData
78946b9b
PS
1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * This file is responsible for serving the one theme and plugin images.
20 *
21 * @package moodlecore
22 * @copyright 2009 Petr Skoda (skodak) {@link http://skodak.org}
23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
24 */
25
73e504bc 26
c198390a
PS
27// disable moodle specific debug messages and any errors in output,
28// comment out when debugging or better look into error log!
29define('NO_DEBUG_DISPLAY', true);
30
78946b9b
PS
31// we need just the values from config.php and minlib.php
32define('ABORT_AFTER_CONFIG', true);
33require('../config.php'); // this stops immediately at the beginning of lib/setup.php
34
9d473266
PS
35if ($slashargument = min_get_slash_argument()) {
36 $slashargument = ltrim($slashargument, '/');
37 if (substr_count($slashargument, '/') < 3) {
38 image_not_found();
39 }
436dbeec
SH
40 if (strpos($slashargument, '_s/') === 0) {
41 // Can't use SVG
42 $slashargument = substr($slashargument, 3);
43 $usesvg = false;
44 } else {
45 $usesvg = true;
46 }
9d473266
PS
47 // image must be last because it may contain "/"
48 list($themename, $component, $rev, $image) = explode('/', $slashargument, 4);
49 $themename = min_clean_param($themename, 'SAFEDIR');
50 $component = min_clean_param($component, 'SAFEDIR');
51 $rev = min_clean_param($rev, 'INT');
52 $image = min_clean_param($image, 'SAFEPATH');
78946b9b 53
9d473266
PS
54} else {
55 $themename = min_optional_param('theme', 'standard', 'SAFEDIR');
56 $component = min_optional_param('component', 'core', 'SAFEDIR');
57 $rev = min_optional_param('rev', -1, 'INT');
58 $image = min_optional_param('image', '', 'SAFEPATH');
436dbeec 59 $usesvg = (bool)min_optional_param('svg', '1', 'INT');
9d473266
PS
60}
61
62if (empty($component) or $component === 'moodle' or $component === 'core') {
63 $component = 'moodle';
64}
65
66if (empty($image)) {
78946b9b
PS
67 image_not_found();
68}
69
73e504bc
PS
70if (file_exists("$CFG->dirroot/theme/$themename/config.php")) {
71 // exists
72} else if (!empty($CFG->themedir) and file_exists("$CFG->themedir/$themename/config.php")) {
73 // exists
74} else {
78946b9b
PS
75 image_not_found();
76}
77
365bec4c 78$candidatelocation = "$CFG->cachedir/theme/$themename/pix/$component";
71d4c603 79$etag = sha1("$themename/$component/$rev/$image");
78946b9b
PS
80
81if ($rev > -1) {
82 if (file_exists("$candidatelocation/$image.error")) {
83 // this is a major speedup if there are multiple missing images,
84 // the only problem is that random requests may pollute our cache.
85 image_not_found();
86 }
87 $cacheimage = false;
436dbeec
SH
88 if ($usesvg && file_exists("$candidatelocation/$image.svg")) {
89 $cacheimage = "$candidatelocation/$image.svg";
90 $ext = 'svg';
78946b9b
PS
91 } else if (file_exists("$candidatelocation/$image.png")) {
92 $cacheimage = "$candidatelocation/$image.png";
ccc0fff9 93 $ext = 'png';
436dbeec
SH
94 } else if (file_exists("$candidatelocation/$image.gif")) {
95 $cacheimage = "$candidatelocation/$image.gif";
96 $ext = 'gif';
78946b9b
PS
97 } else if (file_exists("$candidatelocation/$image.jpg")) {
98 $cacheimage = "$candidatelocation/$image.jpg";
ccc0fff9 99 $ext = 'jpg';
78946b9b
PS
100 } else if (file_exists("$candidatelocation/$image.jpeg")) {
101 $cacheimage = "$candidatelocation/$image.jpeg";
ccc0fff9 102 $ext = 'jpeg';
78946b9b
PS
103 } else if (file_exists("$candidatelocation/$image.ico")) {
104 $cacheimage = "$candidatelocation/$image.ico";
ccc0fff9 105 $ext = 'ico';
78946b9b
PS
106 }
107 if ($cacheimage) {
aa603b14 108 if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) || !empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
78946b9b
PS
109 // we do not actually need to verify the etag value because our files
110 // never change in cache because we increment the rev parameter
71d4c603 111 $lifetime = 60*60*24*60; // 60 days only - the revision may get incremented quite often
ccc0fff9 112 $mimetype = get_contenttype_from_ext($ext);
aa603b14 113 header('HTTP/1.1 304 Not Modified');
ccc0fff9 114 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
8c672cf9 115 header('Cache-Control: public, max-age='.$lifetime);
ccc0fff9 116 header('Content-Type: '.$mimetype);
71d4c603 117 header('Etag: '.$etag);
78946b9b
PS
118 die;
119 }
71d4c603 120 send_cached_image($cacheimage, $etag);
78946b9b
PS
121 }
122}
123
124//=================================================================================
125// ok, now we need to start normal moodle script, we need to load all libs and $DB
126define('ABORT_AFTER_CONFIG_CANCEL', true);
127
128define('NO_MOODLE_COOKIES', true); // Session not used here
129define('NO_UPGRADE_CHECK', true); // Ignore upgrade check
130
131require("$CFG->dirroot/lib/setup.php");
132
133$theme = theme_config::load($themename);
436dbeec 134$imagefile = $theme->resolve_image_location($image, $component, $usesvg);
78946b9b
PS
135
136$rev = theme_get_revision();
71d4c603 137$etag = sha1("$themename/$component/$rev/$image");
78946b9b
PS
138
139if (empty($imagefile) or !is_readable($imagefile)) {
140 if ($rev > -1) {
acc165aa
PS
141 if (!file_exists($candidatelocation)) {
142 @mkdir($candidatelocation, $CFG->directorypermissions, true);
143 }
78946b9b
PS
144 // make note we can not find this file
145 $cacheimage = "$candidatelocation/$image.error";
146 $fp = fopen($cacheimage, 'w');
147 fclose($fp);
148 }
149 image_not_found();
150}
151
78946b9b
PS
152if ($rev > -1) {
153 $pathinfo = pathinfo($imagefile);
154 $cacheimage = "$candidatelocation/$image.".$pathinfo['extension'];
979d3207
PS
155
156 clearstatcache();
157 if (!file_exists(dirname($cacheimage))) {
158 @mkdir(dirname($cacheimage), $CFG->directorypermissions, true);
78946b9b 159 }
78946b9b 160
979d3207
PS
161 // Prevent serving of incomplete file from concurrent request,
162 // the rename() should be more atomic than copy().
163 ignore_user_abort(true);
164 if (@copy($imagefile, $cacheimage.'.tmp')) {
165 rename($cacheimage.'.tmp', $cacheimage);
166 @chmod($cacheimage, $CFG->filepermissions);
167 @unlink($cacheimage.'.tmp'); // just in case anything fails
168 }
169 ignore_user_abort(false);
170 if (connection_aborted()) {
171 die;
172 }
173 // make sure nothing failed
174 clearstatcache();
175 if (file_exists($cacheimage)) {
176 send_cached_image($cacheimage, $etag);
177 }
78946b9b
PS
178}
179
979d3207
PS
180send_uncached_image($imagefile);
181
78946b9b
PS
182
183//=================================================================================
184//=== utility functions ==
185// we are not using filelib because we need to fine tune all header
186// parameters to get the best performance.
187
71d4c603 188function send_cached_image($imagepath, $etag) {
7e9f1b63
PS
189 global $CFG;
190 require("$CFG->dirroot/lib/xsendfilelib.php");
191
71d4c603 192 $lifetime = 60*60*24*60; // 60 days only - the revision may get incremented quite often
78946b9b
PS
193 $pathinfo = pathinfo($imagepath);
194 $imagename = $pathinfo['filename'].'.'.$pathinfo['extension'];
195
ccc0fff9 196 $mimetype = get_contenttype_from_ext($pathinfo['extension']);
78946b9b 197
71d4c603 198 header('Etag: '.$etag);
78946b9b 199 header('Content-Disposition: inline; filename="'.$imagename.'"');
71d4c603 200 header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
78946b9b
PS
201 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
202 header('Pragma: ');
8c672cf9 203 header('Cache-Control: public, max-age='.$lifetime);
78946b9b
PS
204 header('Accept-Ranges: none');
205 header('Content-Type: '.$mimetype);
206 header('Content-Length: '.filesize($imagepath));
207
7e9f1b63
PS
208 if (xsendfile($imagepath)) {
209 die;
210 }
211
7c986f04
PS
212 // no need to gzip already compressed images ;-)
213
78946b9b
PS
214 readfile($imagepath);
215 die;
216}
217
218function send_uncached_image($imagepath) {
219 $pathinfo = pathinfo($imagepath);
220 $imagename = $pathinfo['filename'].'.'.$pathinfo['extension'];
221
ccc0fff9 222 $mimetype = get_contenttype_from_ext($pathinfo['extension']);
78946b9b
PS
223
224 header('Content-Disposition: inline; filename="'.$imagename.'"');
225 header('Last-Modified: '. gmdate('D, d M Y H:i:s', time()) .' GMT');
13ea159e 226 header('Expires: '. gmdate('D, d M Y H:i:s', time() + 15) .' GMT');
78946b9b
PS
227 header('Pragma: ');
228 header('Accept-Ranges: none');
229 header('Content-Type: '.$mimetype);
230 header('Content-Length: '.filesize($imagepath));
231
78946b9b
PS
232 readfile($imagepath);
233 die;
234}
235
236function image_not_found() {
237 header('HTTP/1.0 404 not found');
238 die('Image was not found, sorry.');
ccc0fff9
TL
239}
240
241function get_contenttype_from_ext($ext) {
242 switch ($ext) {
436dbeec
SH
243 case 'svg':
244 return 'image/svg+xml';
ccc0fff9
TL
245 case 'png':
246 return 'image/png';
436dbeec
SH
247 case 'gif':
248 return 'image/gif';
ccc0fff9
TL
249 case 'jpg':
250 case 'jpeg':
251 return 'image/jpeg';
252 case 'ico':
253 return 'image/vnd.microsoft.icon';
254 }
255 return 'document/unknown';
436dbeec 256}