MDL-41807 repository_filesystem: Prevent access to parent directories
[moodle.git] / files / filebrowser_ajax.php
1 <?php
3 // This file is part of Moodle - http://moodle.org/
4 //
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 // GNU General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
18 /**
19  * File manager support
20  *
21  * @package    core
22  * @subpackage file
23  * @copyright  2010 Dongsheng Cai <dongsheng@moodle.com>
24  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
25  */
27 define('AJAX_SCRIPT', true);
29 require('../config.php');
30 require_once($CFG->libdir.'/filelib.php');
32 $action = optional_param('action', 'list', PARAM_ALPHA);
34 $PAGE->set_context(get_system_context());
35 require_login();
37 echo $OUTPUT->header(); // send headers
39 $err = new stdClass();
40 if (isguestuser()) {
41     $err->error = get_string('noguest');
42     die(json_encode($err));
43 }
45 switch ($action) {
46     // used by course file tree viewer
47     case 'getfiletree':
48         $contextid  = required_param('contextid', PARAM_INT);
49         $component  = required_param('component', PARAM_COMPONENT);
50         $filearea   = required_param('filearea', PARAM_AREA);
51         $itemid     = required_param('itemid', PARAM_INT);
52         $filepath   = required_param('filepath', PARAM_PATH);
54         $browser = get_file_browser();
55         $fileinfo = $browser->get_file_info(get_context_instance_by_id($contextid), $component, $filearea, $itemid, $filepath);
56         $children = $fileinfo->get_children();
57         $tree = array();
58         foreach ($children as $child) {
59             $filedate = $child->get_timemodified();
60             $filesize = $child->get_filesize();
61             $mimetype = $child->get_mimetype();
62             $params = $child->get_params();
63             $url = new moodle_url('/files/index.php', $params);
64             $fileitem = array(
65                     'params'=>$params,
66                     'filename'=>$child->get_visible_name(),
67                     'filedate'=>$filedate ? userdate($filedate) : '',
68                     'filesize'=>$filesize ? display_size($filesize) : '',
69                     );
70             if ($child->is_directory()) {
71                 $fileitem['isdir'] = true;
72                 $fileitem['url'] = $url->out(false);
73                 $fileitem['icon'] = $OUTPUT->pix_icon(file_folder_icon(), get_string('icon'));
74             } else {
75                 $fileitem['url'] = $child->get_url();
76                 $fileitem['icon'] = $OUTPUT->pix_icon(file_file_icon($child), get_string('icon'));
77             }
78             $tree[] = $fileitem;
79         }
80         echo json_encode($tree);
81         break;
83     default:
84         break;
85 }