MDL-22991, validate data that was encoded in base64
[moodle.git] / repository / user / lib.php
1 <?php
3 // This file is part of Moodle - http://moodle.org/
4 //
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 // GNU General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
18 /**
19  * repository_user class is used to browse user private files
20  *
21  * @since 2.0
22  * @package moodlecore
23  * @subpackage repository
24  * @copyright 2010 Dongsheng Cai <dongsheng@moodle.com>
25  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
26  */
28 class repository_user extends repository {
30     /**
31      * user plugin doesn't require login
32      * @return mixed
33      */
34     public function print_login() {
35         return $this->get_listing();
36     }
38     /**
39      * Get file listing
40      *
41      * @param string $encodedpath
42      * @return mixed
43      */
44     public function get_listing($encodedpath = '') {
45         global $CFG, $USER, $OUTPUT;
46         $ret = array();
47         $ret['dynload'] = true;
48         $ret['nosearch'] = true;
49         $ret['nologin'] = true;
50         $list = array();
52         if (!empty($encodedpath)) {
53             $params = unserialize(base64_decode($encodedpath));
54             if (is_array($params)) {
55                 $itemid   = clean_param($params['itemid'], PARAM_INT);
56                 $filename = clean_param($params['filename'], PARAM_FILE);
57                 $filearea = clean_param($params['filearea'], PARAM_ALPHAEXT);
58                 $filepath = clean_param($params['filepath'], PARAM_PATH);;
59                 $context  = get_context_instance_by_id(clean_param($params['contextid'], PARAM_INT));
60             }
61         } else {
62             $itemid   = 0;
63             $filename = null;
64             $filearea = 'user_private';
65             $filepath = '/';
66             $context = get_context_instance(CONTEXT_USER, $USER->id);
67         }
69         try {
70             $browser = get_file_browser();
72             if ($fileinfo = $browser->get_file_info($context, $filearea, $itemid, $filepath, $filename)) {
73                 $pathnodes = array();
74                 $level = $fileinfo;
75                 $params = $fileinfo->get_params();
76                 while ($level && $params['filearea'] == 'user_private') {
77                     $encodedpath = base64_encode(serialize($level->get_params()));
78                     $pathnodes[] = array('name'=>$level->get_visible_name(), 'path'=>$encodedpath);
79                     $level = $level->get_parent();
80                     $params = $level->get_params();
81                 }
82                 $ret['path'] = array_reverse($pathnodes);
84                 // build file tree
85                 $children = $fileinfo->get_children();
86                 foreach ($children as $child) {
87                     if ($child->is_directory()) {
88                         $encodedpath = base64_encode(serialize($child->get_params()));
89                         $node = array(
90                             'title' => $child->get_visible_name(),
91                             'size' => 0,
92                             'date' => '',
93                             'path' => $encodedpath,
94                             'children'=>array(),
95                             'thumbnail' => $OUTPUT->pix_url('f/folder-32') . ''
96                         );
97                         $list[] = $node;
98                     } else {
99                         $encodedpath = base64_encode(serialize($child->get_params()));
100                         $icon = 'f/'.str_replace('.gif', '', mimeinfo('icon', $child->get_visible_name())).'-32';
101                         $node = array(
102                             'title' => $child->get_visible_name(),
103                             'size' => 0,
104                             'date' => '',
105                             'source'=> $encodedpath,
106                             'thumbnail' => $OUTPUT->pix_url($icon) . '',
107                         );
108                         $list[] = $node;
109                     }
110                 }
111             }
112         } catch (Exception $e) {
113             throw new repository_exception('emptyfilelist', 'repository_user');
114         }
115         $ret['list'] = $list;
116         $ret['list'] = array_filter($list, array($this, 'filter'));
117         return $ret;
118     }
120     /**
121      * Set repository name
122      *
123      * @return string repository name
124      */
125     public function get_name(){
126         return get_string('areauserpersonal', 'repository');;
127     }
129     /**
130      * User file don't support to link to external links
131      *
132      * @return int
133      */
134     public function supported_returntypes() {
135         return FILE_INTERNAL;
136     }
138     /**
139      * Copy a file to file area
140      *
141      * @global object $USER
142      * @global object $DB
143      * @param string $encoded The metainfo of file, it is base64 encoded php seriablized data
144      * @param string $new_filename The intended name of file
145      * @param string $new_itemid itemid
146      * @param string $new_filepath the new path in draft area
147      * @return array The information of file
148      */
149     public function copy_to_area($encoded, $new_filearea='draft', $new_itemid = '', $new_filepath = '/', $new_filename = '') {
150         global $USER, $DB;
152         $browser = get_file_browser();
153         $params = unserialize(base64_decode($encoded));
154         $user_context = get_context_instance(CONTEXT_USER, $USER->id);
156         $contextid  = clean_param($params['contextid'], PARAM_INT);
157         $fileitemid = clean_param($params['itemid'], PARAM_INT);
158         $filename = clean_param($params['filename'], PARAM_FILE);
159         $filepath = clean_param($params['filepath'], PARAM_PATH);;
160         $filearea = clean_param($params['filearea'], PARAM_ALPHAEXT);
162         $context    = get_context_instance_by_id($contextid);
163         $file_info = $browser->get_file_info($context, $filearea, $fileitemid, $filepath, $filename);
164         $file_info->copy_to_storage($user_context->id, $new_filearea, $new_itemid, $new_filepath, $new_filename);
166         $info = array();
167         $info['itemid'] = $new_itemid;
168         $info['title']  = $new_filename;
169         $info['contextid'] = $user_context->id;
170         $info['filesize'] = $file_info->get_filesize();
172         return $info;
173     }