MDL-41807 repository_filesystem: Prevent access to parent directories
[moodle.git] / index.php
1 <?php
3 // This file is part of Moodle - http://moodle.org/
4 //
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 // GNU General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
18 /**
19  * Moodle frontpage.
20  *
21  * @package    core
22  * @copyright  1999 onwards Martin Dougiamas (http://dougiamas.com)
23  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
24  */
26     if (!file_exists('./config.php')) {
27         header('Location: install.php');
28         die;
29     }
31     require_once('config.php');
32     require_once($CFG->dirroot .'/course/lib.php');
33     require_once($CFG->libdir .'/filelib.php');
35     redirect_if_major_upgrade_required();
37     $urlparams = array();
38     if (!empty($CFG->defaulthomepage) && ($CFG->defaulthomepage == HOMEPAGE_MY) && optional_param('redirect', 1, PARAM_BOOL) === 0) {
39         $urlparams['redirect'] = 0;
40     }
41     $PAGE->set_url('/', $urlparams);
42     $PAGE->set_course($SITE);
43     $PAGE->set_other_editing_capability('moodle/course:update');
44     $PAGE->set_other_editing_capability('moodle/course:manageactivities');
45     $PAGE->set_other_editing_capability('moodle/course:activityvisibility');
47     // Prevent caching of this page to stop confusion when changing page after making AJAX changes
48     $PAGE->set_cacheable(false);
50     if ($CFG->forcelogin) {
51         require_login();
52     } else {
53         user_accesstime_log();
54     }
56     $hassiteconfig = has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM));
58 /// If the site is currently under maintenance, then print a message
59     if (!empty($CFG->maintenance_enabled) and !$hassiteconfig) {
60         print_maintenance_message();
61     }
63     if ($hassiteconfig && moodle_needs_upgrading()) {
64         redirect($CFG->wwwroot .'/'. $CFG->admin .'/index.php');
65     }
67     if (get_home_page() != HOMEPAGE_SITE) {
68         // Redirect logged-in users to My Moodle overview if required
69         if (optional_param('setdefaulthome', false, PARAM_BOOL)) {
70             set_user_preference('user_home_page_preference', HOMEPAGE_SITE);
71         } else if (!empty($CFG->defaulthomepage) && ($CFG->defaulthomepage == HOMEPAGE_MY) && optional_param('redirect', 1, PARAM_BOOL) === 1) {
72             redirect($CFG->wwwroot .'/my/');
73         } else if (!empty($CFG->defaulthomepage) && ($CFG->defaulthomepage == HOMEPAGE_USER)) {
74             $PAGE->settingsnav->get('usercurrentsettings')->add(get_string('makethismyhome'), new moodle_url('/', array('setdefaulthome'=>true)), navigation_node::TYPE_SETTING);
75         }
76     }
78     if (isloggedin()) {
79         add_to_log(SITEID, 'course', 'view', 'view.php?id='.SITEID, SITEID);
80     }
82 /// If the hub plugin is installed then we let it take over the homepage here
83     if (file_exists($CFG->dirroot.'/local/hub/lib.php') and get_config('local_hub', 'hubenabled')) {
84         require_once($CFG->dirroot.'/local/hub/lib.php');
85         $hub = new local_hub();
86         $continue = $hub->display_homepage();
87         //display_homepage() return true if the hub home page is not displayed
88         //mostly when search form is not displayed for not logged users
89         if (empty($continue)) {
90             exit;
91         }
92     }
94     $PAGE->set_pagetype('site-index');
95     $PAGE->set_docs_path('');
96     $PAGE->set_pagelayout('frontpage');
97     $editing = $PAGE->user_is_editing();
98     $PAGE->set_title($SITE->fullname);
99     $PAGE->set_heading($SITE->fullname);
100     echo $OUTPUT->header();
102 /// Print Section or custom info
103     get_all_mods($SITE->id, $mods, $modnames, $modnamesplural, $modnamesused);
104     if (!empty($CFG->customfrontpageinclude)) {
105         include($CFG->customfrontpageinclude);
107     } else if ($SITE->numsections > 0) {
109         if (!$section = $DB->get_record('course_sections', array('course'=>$SITE->id, 'section'=>1))) {
110             $DB->delete_records('course_sections', array('course'=>$SITE->id, 'section'=>1)); // Just in case
111             $section = new stdClass();
112             $section->course = $SITE->id;
113             $section->section = 1;
114             $section->summary = '';
115             $section->summaryformat = FORMAT_HTML;
116             $section->sequence = '';
117             $section->visible = 1;
118             $section->id = $DB->insert_record('course_sections', $section);
119             rebuild_course_cache($SITE->id, true);
120         }
122         if (!empty($section->sequence) or !empty($section->summary) or $editing) {
123             echo $OUTPUT->box_start('generalbox sitetopic');
125             /// If currently moving a file then show the current clipboard
126             if (ismoving($SITE->id)) {
127                 $stractivityclipboard = strip_tags(get_string('activityclipboard', '', $USER->activitycopyname));
128                 echo '<p><font size="2">';
129                 echo "$stractivityclipboard&nbsp;&nbsp;(<a href=\"course/mod.php?cancelcopy=true&amp;sesskey=".sesskey()."\">". get_string('cancel') .'</a>)';
130                 echo '</font></p>';
131             }
133             $context = get_context_instance(CONTEXT_COURSE, SITEID);
134             $summarytext = file_rewrite_pluginfile_urls($section->summary, 'pluginfile.php', $context->id, 'course', 'section', $section->id);
135             $summaryformatoptions = new stdClass();
136             $summaryformatoptions->noclean = true;
137             $summaryformatoptions->overflowdiv = true;
139             echo format_text($summarytext, $section->summaryformat, $summaryformatoptions);
141             if ($editing && has_capability('moodle/course:update', $context)) {
142                 $streditsummary = get_string('editsummary');
143                 echo "<a title=\"$streditsummary\" ".
144                      " href=\"course/editsection.php?id=$section->id\"><img src=\"" . $OUTPUT->pix_url('t/edit') . "\" ".
145                      " class=\"iconsmall\" alt=\"$streditsummary\" /></a><br /><br />";
146             }
148             print_section($SITE, $section, $mods, $modnamesused, true);
150             if ($editing) {
151                 print_section_add_menus($SITE, $section->section, $modnames);
152             }
153             echo $OUTPUT->box_end();
154         }
155     }
156     // Include course AJAX
157     if (include_course_ajax($SITE, $modnamesused)) {
158         // Add the module chooser
159         $renderer = $PAGE->get_renderer('core', 'course');
160         echo $renderer->course_modchooser(get_module_metadata($SITE, $modnames), $SITE);
161     }
163     if (isloggedin() and !isguestuser() and isset($CFG->frontpageloggedin)) {
164         $frontpagelayout = $CFG->frontpageloggedin;
165     } else {
166         $frontpagelayout = $CFG->frontpage;
167     }
169     foreach (explode(',',$frontpagelayout) as $v) {
170         switch ($v) {     /// Display the main part of the front page.
171             case FRONTPAGENEWS:
172                 if ($SITE->newsitems) { // Print forums only when needed
173                     require_once($CFG->dirroot .'/mod/forum/lib.php');
175                     if (! $newsforum = forum_get_course_forum($SITE->id, 'news')) {
176                         print_error('cannotfindorcreateforum', 'forum');
177                     }
179                     // fetch news forum context for proper filtering to happen
180                     $newsforumcm = get_coursemodule_from_instance('forum', $newsforum->id, $SITE->id, false, MUST_EXIST);
181                     $newsforumcontext = get_context_instance(CONTEXT_MODULE, $newsforumcm->id, MUST_EXIST);
183                     $forumname = format_string($newsforum->name, true, array('context' => $newsforumcontext));
184                     echo html_writer::tag('a', get_string('skipa', 'access', textlib::strtolower(strip_tags($forumname))), array('href'=>'#skipsitenews', 'class'=>'skip-block'));
186                     if (isloggedin()) {
187                         $SESSION->fromdiscussion = $CFG->wwwroot;
188                         $subtext = '';
189                         if (forum_is_subscribed($USER->id, $newsforum)) {
190                             if (!forum_is_forcesubscribed($newsforum)) {
191                                 $subtext = get_string('unsubscribe', 'forum');
192                             }
193                         } else {
194                             $subtext = get_string('subscribe', 'forum');
195                         }
196                         echo $OUTPUT->heading($forumname, 2, 'headingblock header');
197                         $suburl = new moodle_url('/mod/forum/subscribe.php', array('id' => $newsforum->id, 'sesskey' => sesskey()));
198                         echo html_writer::tag('div', html_writer::link($suburl, $subtext), array('class' => 'subscribelink'));
199                     } else {
200                         echo $OUTPUT->heading($forumname, 2, 'headingblock header');
201                     }
203                     forum_print_latest_discussions($SITE, $newsforum, $SITE->newsitems, 'plain', 'p.modified DESC');
204                     echo html_writer::tag('span', '', array('class'=>'skip-block-to', 'id'=>'skipsitenews'));
205                 }
206             break;
208             case FRONTPAGECOURSELIST:
209                 $ncourses = $DB->count_records('course');
210                 if (isloggedin() and !$hassiteconfig and !isguestuser() and empty($CFG->disablemycourses)) {
211                     echo html_writer::tag('a', get_string('skipa', 'access', textlib::strtolower(get_string('mycourses'))), array('href'=>'#skipmycourses', 'class'=>'skip-block'));
212                     echo $OUTPUT->heading(get_string('mycourses'), 2, 'headingblock header');
213                     print_my_moodle();
214                     echo html_writer::tag('span', '', array('class'=>'skip-block-to', 'id'=>'skipmycourses'));
215                 } else if ((!$hassiteconfig and !isguestuser()) or ($ncourses <= FRONTPAGECOURSELIMIT)) {
216                     // admin should not see list of courses when there are too many of them
217                     echo html_writer::tag('a', get_string('skipa', 'access', textlib::strtolower(get_string('availablecourses'))), array('href'=>'#skipavailablecourses', 'class'=>'skip-block'));
218                     echo $OUTPUT->heading(get_string('availablecourses'), 2, 'headingblock header');
219                     print_courses(0);
220                     echo html_writer::tag('span', '', array('class'=>'skip-block-to', 'id'=>'skipavailablecourses'));
221                 } else {
222                     echo html_writer::tag('div', get_string('therearecourses', '', $ncourses), array('class' => 'notifyproblem'));
223                     print_course_search('', false, 'short');
224                 }
225             break;
227             case FRONTPAGECATEGORYNAMES:
228                 echo html_writer::tag('a', get_string('skipa', 'access', textlib::strtolower(get_string('categories'))), array('href'=>'#skipcategories', 'class'=>'skip-block'));
229                 echo $OUTPUT->heading(get_string('categories'), 2, 'headingblock header');
230                 echo $OUTPUT->box_start('generalbox categorybox');
231                 print_whole_category_list(NULL, NULL, NULL, -1, false);
232                 echo $OUTPUT->box_end();
233                 print_course_search('', false, 'short');
234                 echo html_writer::tag('span', '', array('class'=>'skip-block-to', 'id'=>'skipcategories'));
235             break;
237             case FRONTPAGECATEGORYCOMBO:
238                 echo html_writer::tag('a', get_string('skipa', 'access', textlib::strtolower(get_string('courses'))), array('href'=>'#skipcourses', 'class'=>'skip-block'));
239                 echo $OUTPUT->heading(get_string('courses'), 2, 'headingblock header');
240                 $renderer = $PAGE->get_renderer('core','course');
241                 // if there are too many courses, budiling course category tree could be slow,
242                 // users should go to course index page to see the whole list.
243                 $coursecount = $DB->count_records('course');
244                 if (empty($CFG->numcoursesincombo)) {
245                     // if $CFG->numcoursesincombo hasn't been set, use default value 500
246                     $CFG->numcoursesincombo = 500;
247                 }
248                 if ($coursecount > $CFG->numcoursesincombo) {
249                     $link = new moodle_url('/course/');
250                     echo $OUTPUT->notification(get_string('maxnumcoursesincombo', 'moodle', array('link'=>$link->out(), 'maxnumofcourses'=>$CFG->numcoursesincombo, 'numberofcourses'=>$coursecount)));
251                 } else {
252                     echo $renderer->course_category_tree(get_course_category_tree());
253                 }
254                 print_course_search('', false, 'short');
255                 echo html_writer::tag('span', '', array('class'=>'skip-block-to', 'id'=>'skipcourses'));
256             break;
258             case FRONTPAGETOPICONLY:    // Do nothing!!  :-)
259             break;
261         }
262         echo '<br />';
263     }
265     echo $OUTPUT->footer();