Skip to content
Browse files

Changes to RSS. SC#23.

Retrofitted from HEAD
  • Loading branch information...
1 parent bbb34b7 commit 391d1268bd44c9f01a245208524fe33177978670 stronk7 committed Dec 16, 2004
Showing with 45 additions and 58 deletions.
  1. +45 −58 rss/file.php
View
103 rss/file.php
@@ -2,9 +2,9 @@
//This file returns the required rss feeds
//The URL format MUST include:
// course: the course id
- // user: the user id
- // name: the name of the module (forum...)
- // id: the id (instance) of the module (forumid...)
+ // user: the user id
+ // name: the name of the module (forum...)
+ // id: the id (instance) of the module (forumid...)
//If the course has a password or it doesn't
//allow guest access then the user field is
//required to see that the user is enrolled
@@ -13,88 +13,75 @@
//to correct users. It isn't unbreakable,
//obviously, but its the best I've thought!!
- require_once("../config.php");
- require_once("$CFG->dirroot/files/mimetypes.php");
+ $nomoodlecookie = true; // Because it interferes with caching
+
+ require_once('../config.php');
+ require_once('../files/mimetypes.php');
+ require_once('rsslib.php');
- $allowed = true;
- $error = false;
- if (empty($CFG->filelifetime)) {
- $CFG->filelifetime = 86400; /// Seconds for files to remain in caches
- }
+ $lifetime = 3600; // Seconds for files to remain in caches - 1 hour
- if (isset($file)) { // workaround for situations where / syntax doesn't work
- $pathinfo = $file;
- } else {
- $pathinfo = get_slash_arguments("file.php");
- }
+ $relativepath = get_file_argument('file.php');
- if (!$pathinfo) {
- $error = true;
+ if (!$relativepath) {
+ not_found();
}
- $pathinfo = urldecode($pathinfo);
-
- if (! $args = parse_slash_arguments($pathinfo)) {
- $error = true;
+ // extract relative path components
+ $args = explode('/', trim($relativepath, '/'));
+
+ if (count($args) < 5) {
+ not_found();
}
- $numargs = count($args);
- if ($numargs < 5 or empty($args[1])) {
- $error = true;
+ $courseid = (int)$args[0];
+ $userid = (int)$args[1];
+ $modulename = clean_param($args[2], PARAM_FILE);
+ $instance = (int)$args[3];
+ $filename = 'rss.xml';
+
+ if (!$course = get_record("course", "id", $courseid)) {
+ not_found();
}
-
- $courseid = (integer)$args[0];
- $userid = (integer)$args[1];
- $modulename = $args[2];
- $instance = (integer)$args[3];
-
+
//Check name of module
$mods = get_list_of_plugins("mod");
if (!in_array(strtolower($modulename), $mods)) {
- error("This module doesn't exist!");
- }
-
- if (! $course = get_record("course", "id", $courseid)) {
- $error = true;
+ not_found();
}
//Get course_module to check it's visible
- if (! $cm = get_coursemodule_from_instance($modulename,$instance,$courseid)) {
- $error = true;
+ if (!$cm = get_coursemodule_from_instance($modulename,$instance,$courseid)) {
+ not_found();
}
- $cmvisible = $cm->visible;
$isstudent = isstudent($courseid,$userid);
$isteacher = isteacher($courseid,$userid);
//Check for "security" if !course->guest or course->password
- if (!$course->guest || $course->password) {
- $allowed = ($isstudent || $isteacher);
+ if ((!$course->guest || $course->password) && (!($isstudent || $isteacher))) {
+ not_found();
}
//Check for "security" if the course is hidden or the activity is hidden
- if ($allowed && (!$course->visible || !$cmvisible)) {
- $allowed = $isteacher;
+ if ((!$course->visible || !$cm->visible) && (!$isteacher)) {
+ not_found();
}
- $pathname = $CFG->dataroot."/rss/".$modulename."/".$instance.".xml";
- $filename = $args[$numargs-1];
+ $pathname = $CFG->dataroot.'/rss/'.$modulename.'/'.$instance.'.xml';
- //If the file exists and its allowed for me, download it!
- if (file_exists($pathname) && $allowed && !$error) {
- $lastmodified = filemtime($pathname);
- $mimetype = mimeinfo("type", $filename);
-
- header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
- header("Expires: " . gmdate("D, d M Y H:i:s", time() + $CFG->filelifetime) . " GMT");
- header("Cache-control: max_age = $CFG->filelifetime");
- header("Pragma: ");
- header("Content-disposition: inline; filename=$filename");
-
- header("Content-length: ".filesize($pathname));
- header("Content-type: $mimetype");
- readfile($pathname);
+ //Check that file exists
+ if (!file_exists($pathname)) {
+ not_found();
}
+ //Send it to user!
+ send_file($pathname, $filename, $lifetime);
+
+ function not_found() {
+ /// error, send some XML with error message
+ global $lifetime, $filename;
+ send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true);
+ }
?>

0 comments on commit 391d126

Please sign in to comment.
Something went wrong with that request. Please try again.