* @param int $connecttimeout timeout for connection to server; this is the timeout that
* usually happens if the remote server is completely down (default 20 seconds);
* may not work when using proxy
- * @param bool $skipcertverify If true, the peer's SSL certificate will not be checked.
+ * @param bool $skipcertverify If true, the peer's SSL certificate will not be checked.
* Only use this when already in a trusted location.
* @param string $tofile store the downloaded content to file instead of returning it.
- * @param bool $calctimeout false by default, true enables an extra head request to try and determine
+ * @param bool $calctimeout false by default, true enables an extra head request to try and determine
* filesize and appropriately larger timeout based on $CFG->curltimeoutkbitrate
* @return mixed false if request failed or content of the file as string if ok. True if file downloaded into $tofile successfully.
*/
}
if (empty($filter)) {
- if ($mimetype == 'text/html' && !empty($CFG->usesid)) {
- //cookieless mode - rewrite links
- header('Content-Type: text/html');
- $path = $pathisstring ? $path : implode('', file($path));
- $path = sid_ob_rewrite($path);
- $filesize = strlen($path);
- $pathisstring = true;
- } else if ($mimetype == 'text/plain') {
+ if ($mimetype == 'text/plain') {
header('Content-Type: Text/plain; charset=utf-8'); //add encoding
} else {
header('Content-Type: '.$mimetype);
$text = file_modify_html_header($text);
$output = format_text($text, FORMAT_HTML, $options, $COURSE->id);
- if (!empty($CFG->usesid)) {
- //cookieless mode - rewrite links
- $output = sid_ob_rewrite($output);
- }
header('Content-Length: '.strlen($output));
header('Content-Type: text/html');
$options->noclean = true;
$text = htmlentities($pathisstring ? $path : implode('', file($path)));
$output = '<pre>'. format_text($text, FORMAT_MOODLE, $options, $COURSE->id) .'</pre>';
- if (!empty($CFG->usesid)) {
- //cookieless mode - rewrite links
- $output = sid_ob_rewrite($output);
- }
header('Content-Length: '.strlen($output));
header('Content-Type: text/html; charset=utf-8'); //add encoding
if (empty($filter)) {
$filtered = false;
- if ($mimetype == 'text/html' && !empty($CFG->usesid)) {
- //cookieless mode - rewrite links
- header('Content-Type: text/html');
- $text = $stored_file->get_content();
- $text = sid_ob_rewrite($text);
- $filesize = strlen($text);
- $filtered = true;
- } else if ($mimetype == 'text/plain') {
+ if ($mimetype == 'text/plain') {
header('Content-Type: Text/plain; charset=utf-8'); //add encoding
} else {
header('Content-Type: '.$mimetype);
$text = $stored_file->get_content();
$text = file_modify_html_header($text);
$output = format_text($text, FORMAT_HTML, $options, $COURSE->id);
- if (!empty($CFG->usesid)) {
- //cookieless mode - rewrite links
- $output = sid_ob_rewrite($output);
- }
header('Content-Length: '.strlen($output));
header('Content-Type: text/html');
$options->noclean = true;
$text = $stored_file->get_content();
$output = '<pre>'. format_text($text, FORMAT_MOODLE, $options, $COURSE->id) .'</pre>';
- if (!empty($CFG->usesid)) {
- //cookieless mode - rewrite links
- $output = sid_ob_rewrite($output);
- }
header('Content-Length: '.strlen($output));
header('Content-Type: text/html; charset=utf-8'); //add encoding
if (NO_MOODLE_COOKIES) {
// session not used at all
- $CFG->usesid = 0;
-
$_SESSION = array();
$_SESSION['SESSION'] = new stdClass();
$_SESSION['USER'] = new stdClass();
$newsession = empty($_COOKIE['MoodleSession'.$CFG->sessioncookie]);
- if (!empty($CFG->usesid) && $newsession) {
- sid_start_ob();
- } else {
- $CFG->usesid = 0;
- ini_set('session.use_trans_sid', '0');
- }
+ ini_set('session.use_trans_sid', '0');
session_name('MoodleSession'.$CFG->sessioncookie);
session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
}
//discard session ID from POST, GET and globals to tighten security,
- //this session fixation prevention can not be used in cookieless mode
- if (empty($CFG->usesid)) {
- unset(${'MoodleSession'.$CFG->sessioncookie});
- unset($_GET['MoodleSession'.$CFG->sessioncookie]);
- unset($_POST['MoodleSession'.$CFG->sessioncookie]);
- unset($_REQUEST['MoodleSession'.$CFG->sessioncookie]);
- }
+ //this is session fixation prevention
+ unset(${'MoodleSession'.$CFG->sessioncookie});
+ unset($_GET['MoodleSession'.$CFG->sessioncookie]);
+ unset($_POST['MoodleSession'.$CFG->sessioncookie]);
+ unset($_REQUEST['MoodleSession'.$CFG->sessioncookie]);
+
//compatibility hack for Moodle Cron, cookies not deleted, but set to "deleted" - should not be needed with NO_MOODLE_COOKIES in cron.php now
if (!empty($_COOKIE['MoodleSession'.$CFG->sessioncookie]) && $_COOKIE['MoodleSession'.$CFG->sessioncookie] == "deleted") {
unset($_COOKIE['MoodleSession'.$CFG->sessioncookie]);
// TODO: it should be possible to improve perf by caching some limited number of users here ;-)
}
-
-/**
-* Enable cookieless sessions by including $CFG->usesid=true;
-* in config.php.
-* Based on code from php manual by Richard at postamble.co.uk
-* Attempts to use cookies if cookies not present then uses session ids attached to all urls and forms to pass session id from page to page.
-* If site is open to google, google is given guest access as usual and there are no sessions. No session ids will be attached to urls for googlebot.
-* This doesn't require trans_sid to be turned on but this is recommended for better performance
-* you should put :
-* session.use_trans_sid = 1
-* in your php.ini file and make sure that you don't have a line like this in your php.ini
-* session.use_only_cookies = 1
-* @author Richard at postamble.co.uk and Jamie Pratt
-* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
-*/
-/**
-* You won't call this function directly. This function is used to process
-* text buffered by php in an output buffer. All output is run through this function
-* before it is ouput.
-* @param string $buffer is the output sent from php
-* @return string the output sent to the browser
-*/
-function sid_ob_rewrite($buffer){
- $replacements = array(
- '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*")([^"]*)(")/i',
- '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*\')([^\']*)(\')/i');
-
- $buffer = preg_replace_callback($replacements, 'sid_rewrite_link_tag', $buffer);
- $buffer = preg_replace('/<form\s[^>]*>/i',
- '\0<input type="hidden" name="' . session_name() . '" value="' . session_id() . '"/>', $buffer);
-
- return $buffer;
-}
-/**
-* You won't call this function directly. This function is used to process
-* text buffered by php in an output buffer. All output is run through this function
-* before it is ouput.
-* This function only processes absolute urls, it is used when we decide that
-* php is processing other urls itself but needs some help with internal absolute urls still.
-* @param string $buffer is the output sent from php
-* @return string the output sent to the browser
-*/
-function sid_ob_rewrite_absolute($buffer){
- $replacements = array(
- '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*")((?:http|https)[^"]*)(")/i',
- '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*\')((?:http|https)[^\']*)(\')/i');
-
- $buffer = preg_replace_callback($replacements, 'sid_rewrite_link_tag', $buffer);
- $buffer = preg_replace('/<form\s[^>]*>/i',
- '\0<input type="hidden" name="' . session_name() . '" value="' . session_id() . '"/>', $buffer);
- return $buffer;
-}
-
-/**
-* A function to process link, a and script tags found
-* by preg_replace_callback in {@link sid_ob_rewrite($buffer)}.
-*/
-function sid_rewrite_link_tag($matches){
- $url = $matches[4];
- $url = sid_process_url($url);
- return $matches[1].$url.$matches[5];
-}
-
-/**
-* You can call this function directly. This function is used to process
-* urls to add a moodle session id to the url for internal links.
-* @param string $url is a url
-* @return string the processed url
-*/
-function sid_process_url($url) {
- global $CFG;
-
- if ((preg_match('/^(http|https):/i', $url)) // absolute url
- && ((stripos($url, $CFG->wwwroot)!==0) && stripos($url, $CFG->httpswwwroot)!==0)) { // and not local one
- return $url; //don't attach sessid to non local urls
- }
- if ($url[0]=='#' || (stripos($url, 'javascript:')===0)) {
- return $url; //don't attach sessid to anchors
- }
- if (strpos($url, session_name())!==FALSE) {
- return $url; //don't attach sessid to url that already has one sessid
- }
- if (strpos($url, "?")===FALSE) {
- $append = "?".strip_tags(session_name() . '=' . session_id());
- } else {
- $append = "&".strip_tags(session_name() . '=' . session_id());
- }
- //put sessid before any anchor
- $p = strpos($url, "#");
- if ($p!==FALSE){
- $anch = substr($url, $p);
- $url = substr($url, 0, $p).$append.$anch ;
- } else {
- $url .= $append ;
- }
- return $url;
-}
-
-/**
-* Call this function before there has been any output to the browser to
-* buffer output and add session ids to all internal links.
-*/
-function sid_start_ob(){
- global $CFG;
- //don't attach sess id for bots
-
- if (!empty($_SERVER['HTTP_USER_AGENT'])) {
- if (!empty($CFG->opentogoogle)) {
- if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false) {
- @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
- $CFG->usesid=false;
- return;
- }
- if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false) {
- @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
- $CFG->usesid=false;
- return;
- }
- }
- if (strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false) {
- @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
- $CFG->usesid=false;
- return;
- }
- }
-
- @ini_set('session.use_trans_sid', '1'); // try and turn on trans_sid
-
- if (ini_get('session.use_trans_sid') != 0) {
- // use trans sid as its available
- ini_set('url_rewriter.tags', 'a=href,area=href,script=src,link=href,frame=src,form=fakeentry');
- ob_start('sid_ob_rewrite_absolute');
- } else {
- //rewrite all links ourselves
- ob_start('sid_ob_rewrite');
- }
-}
-