search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-11515:
[moodle-linuxchix.git] / pix / smartpix.php
blobbe0ebd33ee005b3540db7fb18b52be263cce0e65
1 <?php
2 // Outputs pictures from theme or core pix folder. Only used if $CFG->smartpix is
3 // turned on.
4
5 $matches=array(); // Reusable array variable for preg_match
6
7 // This does NOT use config.php. This is because doing that makes database requests
8 // which cause this to take longer (I benchmarked this at 16ms, 256ms with config.php)
9 // A version using normal Moodle functions is included in comment at end in case we
10 // want to switch to it in future.
11
12 function error($text,$notfound=false) {
13 header($notfound ? 'HTTP/1.0 404 Not Found' : 'HTTP/1.0 500 Internal Server Error');
14 header('Content-Type: text/plain');
15 print $text;
16 exit;
17 }
18
19 // Nicked from moodlelib clean_param
20 function makesafe($param) {
21 $param = str_replace('\\\'', '\'', $param);
22 $param = str_replace('\\"', '"', $param);
23 $param = str_replace('\\', '/', $param);
24 $param = ereg_replace('[[:cntrl:]]|[<>"`\|\':]', '', $param);
25 $param = ereg_replace('\.\.+', '', $param);
26 $param = ereg_replace('//+', '/', $param);
27 return ereg_replace('/(\./)+', '/', $param);
28 }
29
30 // Nicked from weblib
31 /**
32 * Remove query string from url
33 *
34 * Takes in a URL and returns it without the querystring portion
35 *
36 * @param string $url the url which may have a query string attached
37 * @return string
38 */
39 function strip_querystring($url) {
40
41 if ($commapos = strpos($url, '?')) {
42 return substr($url, 0, $commapos);
43 } else {
44 return $url;
45 }
46 }
47
48 // Nicked from weblib then cutdown
49 /**
50 * Extracts file argument either from file parameter or PATH_INFO.
51 * @param string $scriptname name of the calling script
52 * @return string file path (only safe characters)
53 */
54 function get_file_argument_limited($scriptname) {
55 $relativepath = FALSE;
56
57 // first try normal parameter (compatible method == no relative links!)
58 if(isset($_GET['file'])) {
59 return makesafe($_GET['file']);
60 }
61
62 // then try extract file from PATH_INFO (slasharguments method)
63 if (!empty($_SERVER['PATH_INFO'])) {
64 $path_info = $_SERVER['PATH_INFO'];
65 // check that PATH_INFO works == must not contain the script name
66 if (!strpos($path_info, $scriptname)) {
67 return makesafe(rawurldecode($path_info));
68 }
69 }
70
71 // now if both fail try the old way
72 // (for compatibility with misconfigured or older buggy php implementations)
73 $arr = explode($scriptname, me());
74 if (!empty($arr[1])) {
75 return makesafe(rawurldecode(strip_querystring($arr[1])));
76 }
77
78 error('Unexpected PHP set up. Turn off the smartpix config option.');
79 }
80
81 // We do need to get dirroot from config.php
82 if(!$config=@file_get_contents(dirname(__FILE__).'/../config.php')) {
83 error("Can't open config.php");
84 }
85 $configlines=preg_split('/[\r\n]+/',$config);
86 foreach($configlines as $configline) {
87 if(preg_match('/^\s?\$CFG->dirroot\s*=\s*[\'"](.*?)[\'"]\s*;/',$configline,$matches)) {
88 $dirroot=$matches[1];
89 }
90 if(preg_match('/^\s?\$CFG->dataroot\s*=\s*[\'"](.*?)[\'"]\s*;/',$configline,$matches)) {
91 $dataroot=$matches[1];
92 }
93 if(isset($dirroot) && isset($dataroot)) {
94 break;
95 }
96 }
97 if(!(isset($dirroot) && isset($dataroot))) {
98 error('No line in config.php like $CFG->dirroot=\'/somewhere/whatever\';');
99 }
100
101 // Split path - starts with theme name, then actual image path inside pix
102 $path=get_file_argument_limited('smartpix.php');
103 $match=array();
104 if(!preg_match('|^/([a-z0-9_\-.]+)/([a-z0-9/_\-.]+)$|',$path,$match)) {
105 error('Unexpected request format');
106 }
107 list($junk,$theme,$path)=$match;
108
109 // Check file type
110 if(preg_match('/\.png$/',$path)) {
111 $mimetype='image/png';
112 } else if(preg_match('/\.gif$/',$path)) {
113 $mimetype='image/gif';
114 } else if(preg_match('/\.jpe?g$/',$path)) {
115 $mimetype='image/jpeg';
116 } else {
117 // Note that this is a security feature as well as a lack of mime type
118 // support :) Means this can't accidentally serve files from places it
119 // shouldn't. Without it, you can actually access any file inside the
120 // module code directory.
121 error('Request for non-image file');
122 }
123
124 // Find actual location of image as $file
125 $file=false;
126 if(file_exists($possibility="$dirroot/theme/$theme/pix/$path")) {
127 // Found the file in theme, stop looking
128 $file=$possibility;
129 } else {
130 // Is there a parent theme?
131 while(true) {
132 require("$dirroot/theme/$theme/config.php"); // Sets up $THEME
133 if(!$THEME->parent) {
134 break;
135 }
136 $theme=$THEME->parent;
137 if(file_exists($possibility="$dirroot/theme/$theme/pix/$path")) {
138 $file=$possibility;
139 // Found in parent theme
140 break;
141 }
142 }
143 if(!$file) {
144 if(preg_match('|^mod/|',$path)) {
145 if(!file_exists($possibility="$dirroot/$path")) {
146 error('Requested image not found.',true);
147 }
148 } else {
149 if(!file_exists($possibility="$dirroot/pix/$path")) {
150 error('Requested image not found.',true);
151 }
152 }
153 $file=$possibility;
154 }
155 }
156
157 // Now we have a file that exists. Not using send_file since it requires
158 // proper $CFG etc.
159
160 // Handle If-Modified-Since
161 $filedate=filemtime($file);
162 $ifmodifiedsince=isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? $_SERVER['HTTP_IF_MODIFIED_SINCE'] : false;
163 if($ifmodifiedsince && strtotime($ifmodifiedsince)>=$filedate) {
164 header('HTTP/1.0 304 Not Modified');
165 exit;
166 }
167 header('Last-Modified: '.gmdate('D, d M Y H:i:s',$filedate).' GMT');
168
169 // As I'm not loading config table from DB, this is hardcoded here; expiry
170 // 4 hours, unless the hacky file reduceimagecache.dat exists in dataroot
171 if(file_exists($reducefile=$dataroot.'/reduceimagecache.dat')) {
172 $lifetime=file_read_contents($reducefile);
173 } else {
174 $lifetime=4*60*60;
175 }
176
177 // Send expire headers
178 header('Cache-Control: max-age='.$lifetime);
179 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
180
181 // Type
182 header('Content-Type: '.$mimetype);
183 header('Content-Length: '.filesize($file));
184
185 // Output file
186 $handle=fopen($file,'r');
187 fpassthru($handle);
188 fclose($handle);
189
190 // Slower Moodle-style version follows:
191
192 //// Outputs pictures from theme or core pix folder. Only used if $CFG->smartpix is
193 //// turned on.
194 //
195 //$nomoodlecookie = true; // Stops it making a session
196 //require_once('../config.php');
197 //require_once('../lib/filelib.php');
198 //global $CFG;
199 //
200 //$matches=array(); // Reusable array variable for preg_match
201 //
202 //// Split path - starts with theme name, then actual image path inside pix
203 //$path=get_file_argument('smartpix.php');
204 //$match=array();
205 //if(!preg_match('|^/([a-z0-9_\-.]+)/([a-z0-9/_\-.]+)$|',$path,$match)) {
206 // error('Unexpected request format');
207 //}
208 //list($junk,$theme,$path)=$match;
209 //
210 //// Check file type - this is not needed for the MIME types as we could
211 //// get those by the existing function, but it provides an extra layer of security
212 //// as otherwise this script could be used to view all files within dirroot/mod
213 //if(preg_match('/\.png$/',$path)) {
214 // $mimetype='image/png';
215 //} else if(preg_match('/\.gif$/',$path)) {
216 // $mimetype='image/gif';
217 //} else if(preg_match('/\.jpe?g$/',$path)) {
218 // $mimetype='image/jpeg';
219 //} else {
220 // error('Request for non-image file');
221 //}
222 //
223 //// Find actual location of image as $file
224 //$file=false;
225 //if(file_exists($possibility="$CFG->dirroot/theme/$theme/pix/$path")) {
226 // // Found the file in theme, stop looking
227 // $file=$possibility;
228 //} else {
229 // // Is there a parent theme?
230 // while(true) {
231 // require("$CFG->dirroot/theme/$theme/config.php"); // Sets up $THEME
232 // if(!$THEME->parent) {
233 // break;
234 // }
235 // $theme=$THEME->parent;
236 // if(file_exists($possibility="$CFG->dirroot/theme/$theme/pix/$path")) {
237 // $file=$possibility;
238 // // Found in parent theme
239 // break;
240 // }
241 // }
242 // if(!$file) {
243 // if(preg_match('|^mod/|',$path)) {
244 // if(!file_exists($possibility="$CFG->dirroot/$path")) {
245 // error('Requested image not found.');
246 // }
247 // } else {
248 // if(!file_exists($possibility="$CFG->dirroot/pix/$path")) {
249 // error('Requested image not found.');
250 // }
251 // }
252 // $file=$possibility;
253 // }
254 //}
255 //
256 //// Handle If-Modified-Since because send_file doesn't
257 //$filedate=filemtime($file);
258 //$ifmodifiedsince=isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? $_SERVER['HTTP_IF_MODIFIED_SINCE'] : false;
259 //if($ifmodifiedsince && strtotime($ifmodifiedsince)>=$filedate) {
260 // header('HTTP/1.0 304 Not Modified');
261 // exit;
262 //}
263 //// Don't need to set last-modified, send_file does that
264 //
265 //if (empty($CFG->filelifetime)) {
266 // $lifetime = 86400; // Seconds for files to remain in caches
267 //} else {
268 // $lifetime = $CFG->filelifetime;
269 //}
270 //send_file($file,preg_replace('|^.*/|','',$file),$lifetime);
271 ?>
Moodle Repo, with LinuxChix modifications