moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 00:46:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-22991, validate data that was encoded in base64

Browse source
This commit is contained in:
Dongsheng Cai 2010-07-06 05:33:43 +00:00
parent 203bbcbe79
commit 955b6e09b8
3 changed files with 104 additions and 160 deletions
Download patch file Download diff file Expand all files Collapse all files

173
repository/local/lib.php
View file

@ -21,23 +21,12 @@
* @since 2.0 * @since 2.0
* @package moodlecore * @package moodlecore
* @subpackage repository * @subpackage repository
* @copyright 2009 Dongsheng Cai * @copyright 2009 Dongsheng Cai <dongsheng@moodle.com>
* @author Dongsheng Cai <dongsheng@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/ */
class repository_local extends repository { class repository_local extends repository {
/**
* initialize local plugin
* @param int $repositoryid
* @param int $context
* @param array $options
*/
public function __construct($repositoryid, $context = SYSCONTEXTID, $options = array()) {
parent::__construct($repositoryid, $context, $options);
}
/** /**
* local plugin doesn't require login, so list all files * local plugin doesn't require login, so list all files
* @return mixed * @return mixed
@ -46,15 +35,6 @@ class repository_local extends repository {
return $this->get_listing(); return $this->get_listing();
} }
/**
* Not supported by File API yet
* @param string $search_text
* @return mixed
*/
public function search($search_text) {
return array();
}
/** /**
* Get file listing * Get file listing
* *
@ -72,11 +52,11 @@ class repository_local extends repository {
if (!empty($encodedpath)) { if (!empty($encodedpath)) {
$params = unserialize(base64_decode($encodedpath)); $params = unserialize(base64_decode($encodedpath));
if (is_array($params)) { if (is_array($params)) {
$itemid = $params['itemid']; $itemid = clean_param($params['itemid'], PARAM_INT);
$filename = $params['filename']; $filename = clean_param($params['filename'], PARAM_FILE);
$filearea = $params['filearea']; $filearea = clean_param($params['filearea'], PARAM_ALPHAEXT);
$filepath = $params['filepath']; $filepath = clean_param($params['filepath'], PARAM_PATH);;
$context = get_context_instance_by_id($params['contextid']); $context = get_context_instance_by_id(clean_param($params['contextid'], PARAM_INT));
} }
} else { } else {
$itemid = null; $itemid = null;
@ -86,69 +66,65 @@ class repository_local extends repository {
$context = get_system_context(); $context = get_system_context();
} }
try { $browser = get_file_browser();
$browser = get_file_browser();
if ($fileinfo = $browser->get_file_info($context, $filearea, $itemid, $filepath, $filename)) { if ($fileinfo = $browser->get_file_info($context, $filearea, $itemid, $filepath, $filename)) {
// build path navigation echo_fb($fileinfo);
$pathnodes = array(); // build path navigation
$encodedpath = base64_encode(serialize($fileinfo->get_params())); $pathnodes = array();
$pathnodes[] = array('name'=>$fileinfo->get_visible_name(), 'path'=>$encodedpath); $encodedpath = base64_encode(serialize($fileinfo->get_params()));
$level = $fileinfo->get_parent(); $pathnodes[] = array('name'=>$fileinfo->get_visible_name(), 'path'=>$encodedpath);
while ($level) { $level = $fileinfo->get_parent();
$encodedpath = base64_encode(serialize($level->get_params())); while ($level) {
$pathnodes[] = array('name'=>$level->get_visible_name(), 'path'=>$encodedpath); $encodedpath = base64_encode(serialize($level->get_params()));
$level = $level->get_parent(); $pathnodes[] = array('name'=>$level->get_visible_name(), 'path'=>$encodedpath);
} $level = $level->get_parent();
if (!empty($pathnodes) && is_array($pathnodes)) { }
$pathnodes = array_reverse($pathnodes); if (!empty($pathnodes) && is_array($pathnodes)) {
$ret['path'] = $pathnodes; $pathnodes = array_reverse($pathnodes);
} $ret['path'] = $pathnodes;
// build file tree }
$children = $fileinfo->get_children(); // build file tree
foreach ($children as $child) { $children = $fileinfo->get_children();
$shorttitle = $this->get_short_filename($child->get_visible_name(), 12); foreach ($children as $child) {
if ($child->is_directory()) { $shorttitle = $this->get_short_filename($child->get_visible_name(), 12);
$params = $child->get_params(); if ($child->is_directory()) {
$subdir_children = $child->get_children(); $params = $child->get_params();
if (empty($subdir_children)) { $subdir_children = $child->get_children();
continue; //if (empty($subdir_children)) {
} //continue;
$encodedpath = base64_encode(serialize($params)); //}
// hide user_private area from local plugin, user should $encodedpath = base64_encode(serialize($params));
// use private file plugin to access private files // hide user_private area from local plugin, user should
if ($params['filearea'] == 'user_private') { // use private file plugin to access private files
continue; //if ($params['filearea'] == 'user_private') {
} //continue;
$node = array( //}
'title' => $child->get_visible_name(), $node = array(
'shorttitle'=>$shorttitle, 'title' => $child->get_visible_name(),
'size' => 0, 'shorttitle'=>$shorttitle,
'date' => '', 'size' => 0,
'path' => $encodedpath, 'date' => '',
'children'=>array(), 'path' => $encodedpath,
'thumbnail' => $OUTPUT->pix_url('f/folder-32') . '' 'children'=>array(),
); 'thumbnail' => $OUTPUT->pix_url('f/folder-32') . ''
$list[] = $node; );
} else { $list[] = $node;
$encodedpath = base64_encode(serialize($child->get_params())); } else {
$icon = 'f/'.str_replace('.gif', '', mimeinfo('icon', $child->get_visible_name())).'-32'; $encodedpath = base64_encode(serialize($child->get_params()));
$node = array( $icon = 'f/'.str_replace('.gif', '', mimeinfo('icon', $child->get_visible_name())).'-32';
'title' => $child->get_visible_name(), $node = array(
'shorttitle'=>$shorttitle, 'title' => $child->get_visible_name(),
'size' => 0, 'shorttitle'=>$shorttitle,
'date' => '', 'size' => 0,
'source'=> $encodedpath, 'date' => '',
'thumbnail' => $OUTPUT->pix_url($icon) . '', 'source'=> $encodedpath,
); 'thumbnail' => $OUTPUT->pix_url($icon) . '',
$list[] = $node; );
} $list[] = $node;
} }
} }
} catch (Exception $e) {
throw new repository_exception('emptyfilelist', 'repository_local');
} }
$ret['list'] = $list;
$ret['list'] = array_filter($list, array($this, 'filter')); $ret['list'] = array_filter($list, array($this, 'filter'));
return $ret; return $ret;
} }
@ -182,26 +158,25 @@ class repository_local extends repository {
* @param string $new_filepath the new path in draft area * @param string $new_filepath the new path in draft area
* @return array The information of file * @return array The information of file
*/ */
public function copy_to_area($encoded, $new_filearea='user_draft', $new_itemid = '', $new_filepath = '/', $new_filename = '') { public function copy_to_area($encoded, $new_filearea='draft', $new_itemid = '', $new_filepath = '/', $new_filename = '') {
global $USER, $DB; global $USER, $DB;
$info = array(); $info = array();
$browser = get_file_browser(); $browser = get_file_browser();
$params = unserialize(base64_decode($encoded));
$user_context = get_context_instance(CONTEXT_USER, $USER->id); $user_context = get_context_instance(CONTEXT_USER, $USER->id);
// the final file // the final file
$contextid = $params['contextid']; $params = unserialize(base64_decode($encoded));
$filearea = $params['filearea']; $contextid = clean_param($params['contextid'], PARAM_INT);
$filepath = $params['filepath']; $fileitemid = clean_param($params['itemid'], PARAM_INT);
$filename = $params['filename']; $filename = clean_param($params['filename'], PARAM_FILE);
$fileitemid = $params['itemid']; $filepath = clean_param($params['filepath'], PARAM_PATH);;
$context = get_context_instance_by_id($contextid); $filearea = clean_param($params['filearea'], PARAM_ALPHAEXT);
try {
$file_info = $browser->get_file_info($context, $filearea, $fileitemid, $filepath, $filename); $context = get_context_instance_by_id($contextid);
$file_info->copy_to_storage($user_context->id, $new_filearea, $new_itemid, $new_filepath, $new_filename);
} catch (Exception $e) { $file_info = $browser->get_file_info($context, $filearea, $fileitemid, $filepath, $filename);
throw $e; $file_info->copy_to_storage($user_context->id, $new_filearea, $new_itemid, $new_filepath, $new_filename);
}
$info['itemid'] = $new_itemid; $info['itemid'] = $new_itemid;
$info['title'] = $new_filename; $info['title'] = $new_filename;

30
repository/recent/lib.php
View file

@ -21,8 +21,7 @@
* @since 2.0 * @since 2.0
* @package moodlecore * @package moodlecore
* @subpackage repository * @subpackage repository
* @copyright 2010 Dongsheng Cai * @copyright 2010 Dongsheng Cai <dongsheng@moodle.com>
* @author Dongsheng Cai <dongsheng@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/ */
@ -54,15 +53,6 @@ class repository_recent extends repository {
return $this->get_listing(); return $this->get_listing();
} }
/**
* Not supported by File API yet
* @param string $search_text
* @return mixed
*/
public function search($search_text) {
return array();
}
private function get_recent_files($limitfrom = 0, $limit = DEFAULT_RECENT_FILES_NUM) { private function get_recent_files($limitfrom = 0, $limit = DEFAULT_RECENT_FILES_NUM) {
global $USER, $DB; global $USER, $DB;
// TODO: should exclude user_draft area files? // TODO: should exclude user_draft area files?
@ -167,19 +157,20 @@ class repository_recent extends repository {
* @param string $new_filepath the new path in draft area * @param string $new_filepath the new path in draft area
* @return array The information of file * @return array The information of file
*/ */
public function copy_to_area($encoded, $new_filearea='user_draft', $new_itemid = '', $new_filepath = '/', $new_filename = '') { public function copy_to_area($encoded, $new_filearea='draft', $new_itemid = '', $new_filepath = '/', $new_filename = '') {
global $USER, $DB; global $USER, $DB;
$info = array();
$user_context = get_context_instance(CONTEXT_USER, $USER->id);
$fs = get_file_storage(); $fs = get_file_storage();
$params = unserialize(base64_decode($encoded)); $params = unserialize(base64_decode($encoded));
$user_context = get_context_instance(CONTEXT_USER, $USER->id);
$contextid = $params['contextid']; $contextid = clean_param($params['contextid'], PARAM_INT);
$filearea = $params['filearea']; $fileitemid = clean_param($params['itemid'], PARAM_INT);
$filepath = $params['filepath']; $filename = clean_param($params['filename'], PARAM_FILE);
$filename = $params['filename']; $filepath = clean_param($params['filepath'], PARAM_PATH);;
$fileitemid = $params['itemid']; $filearea = clean_param($params['filearea'], PARAM_ALPHAEXT);
// XXX: // XXX:
// When user try to pick a file from other filearea, normally file api will use file browse to // When user try to pick a file from other filearea, normally file api will use file browse to
@ -197,6 +188,7 @@ class repository_recent extends repository {
$fs->create_file_from_storedfile($file_record, $stored_file); $fs->create_file_from_storedfile($file_record, $stored_file);
} }
$info = array();
$info['title'] = $new_filename; $info['title'] = $new_filename;
$info['itemid'] = $new_itemid; $info['itemid'] = $new_itemid;
$info['filesize'] = $stored_file->get_filesize(); $info['filesize'] = $stored_file->get_filesize();

61
repository/user/lib.php
View file

@ -21,23 +21,12 @@
* @since 2.0 * @since 2.0
* @package moodlecore * @package moodlecore
* @subpackage repository * @subpackage repository
* @copyright 2010 Dongsheng Cai * @copyright 2010 Dongsheng Cai <dongsheng@moodle.com>
* @author Dongsheng Cai <dongsheng@moodle.com> * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/ */
class repository_user extends repository { class repository_user extends repository {
/**
* initialize user plugin
* @param int $repositoryid
* @param int $context
* @param array $options
*/
public function __construct($repositoryid, $context = SYSCONTEXTID, $options = array()) {
parent::__construct($repositoryid, $context, $options);
}
/** /**
* user plugin doesn't require login * user plugin doesn't require login
* @return mixed * @return mixed
@ -46,15 +35,6 @@ class repository_user extends repository {
return $this->get_listing(); return $this->get_listing();
} }
/**
* Not supported by File API yet
* @param string $search_text
* @return mixed
*/
public function search($search_text) {
return array();
}
/** /**
* Get file listing * Get file listing
* *
@ -72,11 +52,11 @@ class repository_user extends repository {
if (!empty($encodedpath)) { if (!empty($encodedpath)) {
$params = unserialize(base64_decode($encodedpath)); $params = unserialize(base64_decode($encodedpath));
if (is_array($params)) { if (is_array($params)) {
$itemid = $params['itemid']; $itemid = clean_param($params['itemid'], PARAM_INT);
$filename = $params['filename']; $filename = clean_param($params['filename'], PARAM_FILE);
$filearea = $params['filearea']; $filearea = clean_param($params['filearea'], PARAM_ALPHAEXT);
$filepath = $params['filepath']; $filepath = clean_param($params['filepath'], PARAM_PATH);;
$context = get_context_instance_by_id($params['contextid']); $context = get_context_instance_by_id(clean_param($params['contextid'], PARAM_INT));
} }
} else { } else {
$itemid = 0; $itemid = 0;
@ -166,27 +146,24 @@ class repository_user extends repository {
* @param string $new_filepath the new path in draft area * @param string $new_filepath the new path in draft area
* @return array The information of file * @return array The information of file
*/ */
public function copy_to_area($encoded, $new_filearea='user_draft', $new_itemid = '', $new_filepath = '/', $new_filename = '') { public function copy_to_area($encoded, $new_filearea='draft', $new_itemid = '', $new_filepath = '/', $new_filename = '') {
global $USER, $DB; global $USER, $DB;
$info = array();
$browser = get_file_browser(); $browser = get_file_browser();
$params = unserialize(base64_decode($encoded)); $params = unserialize(base64_decode($encoded));
$user_context = get_context_instance(CONTEXT_USER, $USER->id); $user_context = get_context_instance(CONTEXT_USER, $USER->id);
// the final file
$contextid = $params['contextid'];
$filearea = $params['filearea'];
$filepath = $params['filepath'];
$filename = $params['filename'];
$fileitemid = $params['itemid'];
$context = get_context_instance_by_id($contextid);
try {
$file_info = $browser->get_file_info($context, $filearea, $fileitemid, $filepath, $filename);
$file_info->copy_to_storage($user_context->id, $new_filearea, $new_itemid, $new_filepath, $new_filename);
} catch (Exception $e) {
throw $e;
}
$contextid = clean_param($params['contextid'], PARAM_INT);
$fileitemid = clean_param($params['itemid'], PARAM_INT);
$filename = clean_param($params['filename'], PARAM_FILE);
$filepath = clean_param($params['filepath'], PARAM_PATH);;
$filearea = clean_param($params['filearea'], PARAM_ALPHAEXT);
$context = get_context_instance_by_id($contextid);
$file_info = $browser->get_file_info($context, $filearea, $fileitemid, $filepath, $filename);
$file_info->copy_to_storage($user_context->id, $new_filearea, $new_itemid, $new_filepath, $new_filename);
$info = array();
$info['itemid'] = $new_itemid; $info['itemid'] = $new_itemid;
$info['title'] = $new_filename; $info['title'] = $new_filename;
$info['contextid'] = $user_context->id; $info['contextid'] = $user_context->id;