PageRenderTime 49ms CodeModel.GetById 24ms RepoModel.GetById 0ms app.codeStats 0ms

/theme/chameleon/pix/smartpix.php

https://bitbucket.org/systime/screening2
PHP | 271 lines | 128 code | 21 blank | 122 comment | 20 complexity | d8a40fd54723dd26deb7622013580b84 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1, GPL-3.0, BSD-3-Clause, LGPL-2.0 
    

  1. <?php 
    2. 

  2. // Outputs pictures from theme or core pix folder. Only used if $CFG->smartpix is
    3. 

  3. // turned on.
    4. 

  4. 

  5. $matches=array(); // Reusable array variable for preg_match
    6. 

  6.  
    7. 

  7. // This does NOT use config.php. This is because doing that makes database requests
    8. 

  8. // which cause this to take longer (I benchmarked this at 16ms, 256ms with config.php)
    9. 

  9. // A version using normal Moodle functions is included in comment at end in case we
    10. 

  10. // want to switch to it in future. 
    11. 

  11. 

  12. function error($text,$notfound=false) {
    13. 

  13.     header($notfound ? 'HTTP/1.0 404 Not Found' : 'HTTP/1.0 500 Internal Server Error');
    14. 

  14.     header('Content-Type: text/plain');
    15. 

  15.     print $text;
    16. 

  16.     exit;
    17. 

  17. }
    18. 

  18. 

  19. // Nicked from moodlelib clean_param
    20. 

  20. function makesafe($param) {
    21. 

  21.     $param = str_replace('\\\'', '\'', $param);
    22. 

  22.     $param = str_replace('\\"', '"', $param);
    23. 

  23.     $param = str_replace('\\', '/', $param);
    24. 

  24.     $param = ereg_replace('[[:cntrl:]]|[<>"`\|\':]', '', $param);
    25. 

  25.     $param = ereg_replace('\.\.+', '', $param);
    26. 

  26.     $param = ereg_replace('//+', '/', $param);
    27. 

  27.     return ereg_replace('/(\./)+', '/', $param);
    28. 

  28. }
    29. 

  29. 

  30. // Nicked from weblib
    31. 

  31. /**
    32. 

  32.  * Remove query string from url
    33. 

  33.  *
    34. 

  34.  * Takes in a URL and returns it without the querystring portion
    35. 

  35.  *
    36. 

  36.  * @param string $url the url which may have a query string attached
    37. 

  37.  * @return string
    38. 

  38.  */
    39. 

  39.  function strip_querystring($url) {
    40. 

  40. 

  41.     if ($commapos = strpos($url, '?')) {
    42. 

  42.         return substr($url, 0, $commapos);
    43. 

  43.     } else {
    44. 

  44.         return $url;
    45. 

  45.     }
    46. 

  46. }
    47. 

  47.  
    48. 

  48. // Nicked from weblib then cutdown
    49. 

  49. /**
    50. 

  50.  * Extracts file argument either from file parameter or PATH_INFO. 
    51. 

  51.  * @param string $scriptname name of the calling script
    52. 

  52.  * @return string file path (only safe characters)
    53. 

  53.  */
    54. 

  54. function get_file_argument_limited($scriptname) {
    55. 

  55.     $relativepath = FALSE;
    56. 

  56. 

  57.     // first try normal parameter (compatible method == no relative links!)
    58. 

  58.     if(isset($_GET['file'])) {
    59. 

  59.         return makesafe($_GET['file']);
    60. 

  60.     }
    61. 

  61. 

  62.     // then try extract file from PATH_INFO (slasharguments method)
    63. 

  63.     if (!empty($_SERVER['PATH_INFO'])) {
    64. 

  64.         $path_info = $_SERVER['PATH_INFO'];
    65. 

  65.         // check that PATH_INFO works == must not contain the script name
    66. 

  66.         if (!strpos($path_info, $scriptname)) {
    67. 

  67.             return makesafe(rawurldecode($path_info));
    68. 

  68.         }
    69. 

  69.     }
    70. 

  70. 

  71.     // now if both fail try the old way
    72. 

  72.     // (for compatibility with misconfigured or older buggy php implementations)
    73. 

  73.     $arr = explode($scriptname, me());
    74. 

  74.     if (!empty($arr[1])) {
    75. 

  75.         return makesafe(rawurldecode(strip_querystring($arr[1])));
    76. 

  76.     }
    77. 

  77.     
    78. 

  78.     error('Unexpected PHP set up. Turn off the smartpix config option.');
    79. 

  79. } 
    80. 

  80.  
    81. 

  81. // We do need to get dirroot from config.php
    82. 

  82. if(!$config=@file_get_contents(dirname(__FILE__).'/../config.php')) {
    83. 

  83.     error("Can't open config.php");
    84. 

  84. }
    85. 

  85. $configlines=preg_split('/[\r\n]+/',$config);
    86. 

  86. foreach($configlines as $configline) {
    87. 

  87.     if(preg_match('/^\s?\$CFG->dirroot\s*=\s*[\'"](.*?)[\'"]\s*;/',$configline,$matches)) {
    88. 

  88.         $dirroot=$matches[1];
    89. 

  89.     }
    90. 

  90.     if(preg_match('/^\s?\$CFG->dataroot\s*=\s*[\'"](.*?)[\'"]\s*;/',$configline,$matches)) {
    91. 

  91.         $dataroot=$matches[1];
    92. 

  92.     }
    93. 

  93.     if(isset($dirroot) && isset($dataroot)) {
    94. 

  94.         break;
    95. 

  95.     }
    96. 

  96. }
    97. 

  97. if(!(isset($dirroot) && isset($dataroot))) {
    98. 

  98.     error('No line in config.php like $CFG->dirroot=\'/somewhere/whatever\';');
    99. 

  99. }
    100. 

  100. 

  101. // Split path - starts with theme name, then actual image path inside pix
    102. 

  102. $path=get_file_argument_limited('smartpix.php');
    103. 

  103. $match=array();
    104. 

  104. if(!preg_match('|^/([a-z0-9_\-.]+)/([a-z0-9/_\-.]+)$|',$path,$match)) {
    105. 

  105.     error('Unexpected request format');
    106. 

  106. }
    107. 

  107. list($junk,$theme,$path)=$match;
    108. 

  108. 

  109. // Check file type
    110. 

  110. if(preg_match('/\.png$/',$path)) {
    111. 

  111.     $mimetype='image/png';
    112. 

  112. } else if(preg_match('/\.gif$/',$path)) {
    113. 

  113.     $mimetype='image/gif';
    114. 

  114. } else if(preg_match('/\.jpe?g$/',$path)) {
    115. 

  115.     $mimetype='image/jpeg';
    116. 

  116. } else {
    117. 

  117.     // Note that this is a security feature as well as a lack of mime type
    118. 

  118.     // support :) Means this can't accidentally serve files from places it
    119. 

  119.     // shouldn't. Without it, you can actually access any file inside the
    120. 

  120.     // module code directory.
    121. 

  121.     error('Request for non-image file');
    122. 

  122. }
    123. 

  123. 

  124. // Find actual location of image as $file
    125. 

  125. $file=false;
    126. 

  126. if(file_exists($possibility="$dirroot/theme/$theme/pix/$path")) {
    127. 

  127.     // Found the file in theme, stop looking
    128. 

  128.     $file=$possibility;
    129. 

  129. } else {
    130. 

  130.     // Is there a parent theme?
    131. 

  131.     while(true) {        
    132. 

  132.         require("$dirroot/theme/$theme/config.php"); // Sets up $THEME
    133. 

  133.         if(!$THEME->parent) {
    134. 

  134.             break;
    135. 

  135.         }        
    136. 

  136.         $theme=$THEME->parent;
    137. 

  137.         if(file_exists($possibility="$dirroot/theme/$theme/pix/$path")) {
    138. 

  138.             $file=$possibility;
    139. 

  139.             // Found in parent theme
    140. 

  140.             break;
    141. 

  141.         }    
    142. 

  142.     }
    143. 

  143.     if(!$file) {
    144. 

  144.         if(preg_match('|^mod/|',$path)) {
    145. 

  145.             if(!file_exists($possibility="$dirroot/$path")) {
    146. 

  146.                 error('Requested image not found.',true);
    147. 

  147.             }
    148. 

  148.         } else {
    149. 

  149.             if(!file_exists($possibility="$dirroot/pix/$path")) {
    150. 

  150.                 error('Requested image not found.',true);
    151. 

  151.             }
    152. 

  152.         }
    153. 

  153.         $file=$possibility;
    154. 

  154.     }
    155. 

  155. }
    156. 

  156. 

  157. // Now we have a file that exists. Not using send_file since it requires
    158. 

  158. // proper $CFG etc.
    159. 

  159. 

  160. // Handle If-Modified-Since
    161. 

  161. $filedate=filemtime($file);
    162. 

  162. $ifmodifiedsince=isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? $_SERVER['HTTP_IF_MODIFIED_SINCE'] : false;
    163. 

  163. if($ifmodifiedsince && strtotime($ifmodifiedsince)>=$filedate) {
    164. 

  164.     header('HTTP/1.0 304 Not Modified');
    165. 

  165.     exit;
    166. 

  166. }
    167. 

  167. header('Last-Modified: '.gmdate('D, d M Y H:i:s',$filedate).' GMT');
    168. 

  168. 

  169. // As I'm not loading config table from DB, this is hardcoded here; expiry 
    170. 

  170. // 4 hours, unless the hacky file reduceimagecache.dat exists in dataroot
    171. 

  171. if(file_exists($reducefile=$dataroot.'/reduceimagecache.dat')) {
    172. 

  172.     $lifetime=file_read_contents($reducefile);
    173. 

  173. } else {   
    174. 

  174.     $lifetime=4*60*60;
    175. 

  175. }
    176. 

  176. 

  177. // Send expire headers
    178. 

  178. header('Cache-Control: max-age='.$lifetime);
    179. 

  179. header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
    180. 

  180. 

  181. // Type
    182. 

  182. header('Content-Type: '.$mimetype);
    183. 

  183. header('Content-Length: '.filesize($file));
    184. 

  184. 

  185. // Output file
    186. 

  186. $handle=fopen($file,'r');
    187. 

  187. fpassthru($handle);
    188. 

  188. fclose($handle);
    189. 

  189. 

  190. // Slower Moodle-style version follows:
    191. 

  191.  
    192. 

  192. //// Outputs pictures from theme or core pix folder. Only used if $CFG->smartpix is
    193. 

  193. //// turned on.
    194. 

  194. //
    195. 

  195. //$nomoodlecookie = true; // Stops it making a session
    196. 

  196. //require_once('../config.php');
    197. 

  197. //require_once('../lib/filelib.php');
    198. 

  198. //global $CFG;
    199. 

  199. //
    200. 

  200. //$matches=array(); // Reusable array variable for preg_match
    201. 

  201. // 
    202. 

  202. //// Split path - starts with theme name, then actual image path inside pix
    203. 

  203. //$path=get_file_argument('smartpix.php');
    204. 

  204. //$match=array();
    205. 

  205. //if(!preg_match('|^/([a-z0-9_\-.]+)/([a-z0-9/_\-.]+)$|',$path,$match)) {
    206. 

  206. //    error('Unexpected request format');
    207. 

  207. //}
    208. 

  208. //list($junk,$theme,$path)=$match;
    209. 

  209. //
    210. 

  210. //// Check file type - this is not needed for the MIME types as we could
    211. 

  211. //// get those by the existing function, but it provides an extra layer of security
    212. 

  212. //// as otherwise this script could be used to view all files within dirroot/mod
    213. 

  213. //if(preg_match('/\.png$/',$path)) {
    214. 

  214. //    $mimetype='image/png';
    215. 

  215. //} else if(preg_match('/\.gif$/',$path)) {
    216. 

  216. //    $mimetype='image/gif';
    217. 

  217. //} else if(preg_match('/\.jpe?g$/',$path)) {
    218. 

  218. //    $mimetype='image/jpeg';
    219. 

  219. //} else {
    220. 

  220. //    error('Request for non-image file');
    221. 

  221. //}
    222. 

  222. //
    223. 

  223. //// Find actual location of image as $file
    224. 

  224. //$file=false;
    225. 

  225. //if(file_exists($possibility="$CFG->dirroot/theme/$theme/pix/$path")) {
    226. 

  226. //    // Found the file in theme, stop looking
    227. 

  227. //    $file=$possibility;
    228. 

  228. //} else {
    229. 

  229. //    // Is there a parent theme?
    230. 

  230. //    while(true) {        
    231. 

  231. //        require("$CFG->dirroot/theme/$theme/config.php"); // Sets up $THEME
    232. 

  232. //        if(!$THEME->parent) {
    233. 

  233. //            break;
    234. 

  234. //        }        
    235. 

  235. //        $theme=$THEME->parent;
    236. 

  236. //        if(file_exists($possibility="$CFG->dirroot/theme/$theme/pix/$path")) {
    237. 

  237. //            $file=$possibility;
    238. 

  238. //            // Found in parent theme
    239. 

  239. //            break;
    240. 

  240. //        }    
    241. 

  241. //    }
    242. 

  242. //    if(!$file) {
    243. 

  243. //        if(preg_match('|^mod/|',$path)) {
    244. 

  244. //            if(!file_exists($possibility="$CFG->dirroot/$path")) {
    245. 

  245. //                error('Requested image not found.');
    246. 

  246. //            }
    247. 

  247. //        } else {
    248. 

  248. //            if(!file_exists($possibility="$CFG->dirroot/pix/$path")) {
    249. 

  249. //                error('Requested image not found.');
    250. 

  250. //            }
    251. 

  251. //        }
    252. 

  252. //        $file=$possibility;
    253. 

  253. //    }
    254. 

  254. //}
    255. 

  255. //
    256. 

  256. //// Handle If-Modified-Since because send_file doesn't
    257. 

  257. //$filedate=filemtime($file);
    258. 

  258. //$ifmodifiedsince=isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? $_SERVER['HTTP_IF_MODIFIED_SINCE'] : false;
    259. 

  259. //if($ifmodifiedsince && strtotime($ifmodifiedsince)>=$filedate) {
    260. 

  260. //    header('HTTP/1.0 304 Not Modified');
    261. 

  261. //    exit;
    262. 

  262. //}
    263. 

  263. //// Don't need to set last-modified, send_file does that
    264. 

  264. //
    265. 

  265. //if (empty($CFG->filelifetime)) {
    266. 

  266. //    $lifetime = 86400;     // Seconds for files to remain in caches
    267. 

  267. //} else {
    268. 

  268. //    $lifetime = $CFG->filelifetime;
    269. 

  269. //}
    270. 

  270. //send_file($file,preg_replace('|^.*/|','',$file),$lifetime);
    271. 

  271. ?>
    272. 

  272.