Browse files

flash detection MDL-20841 New config setting excludeoldflashclients w…

…ill set a minimum version for flash clients. A check in print_header is run once, and will set a session variable with the current flash version. If the current flash version is lower than the minimum requirement, then Moodle will serve alternate content whenever a flash file is requested. The alternate file will ask the user to upgrade flash. Still requires wider testing, and some lang support. Credits to Jerome Mouneyrac.
  • Loading branch information...
1 parent 69df27c commit b8d7ecaa489620fa9eed753742033b0b88037036 @moodler moodler committed Nov 24, 2009
@@ -66,6 +66,7 @@
$temp->add(new admin_setting_configcheckbox('cookiesecure', get_string('cookiesecure', 'admin'), get_string('configcookiesecure', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('cookiehttponly', get_string('cookiehttponly', 'admin'), get_string('configcookiehttponly', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('regenloginsession', get_string('regenloginsession', 'admin'), get_string('configregenloginsession', 'admin'), 0));
+ $temp->add(new admin_setting_configtext('excludeoldflashclients', get_string('excludeoldflashclients', 'admin'), get_string('configexcludeoldflashclients', 'admin'), '10.0.12', PARAM_TEXT));
$ADMIN->add('security', $temp);
@@ -123,6 +123,7 @@
$string['configenabletrusttext'] = 'By default Moodle will always thoroughly clean text that comes from users to remove any possible bad scripts, media etc that could be a security risk. The Trusted Content system is a way of giving particular users that you trust the ability to include these advanced features in their content without interference. To enable this system, you need to first enable this setting, and then grant the Trusted Content permission to a specific Moodle role. Texts created or uploaded by such users will be marked as trusted and will not be cleaned before display.';
$string['configenrolmentplugins'] = 'Please choose the enrolment plugins you wish to use. Don\'t forget to configure the settings properly.<br /><br />You have to indicate which plugins are enabled, and <strong>one</strong> plugin can be set as the default plugin for <em>interactive</em> enrolment. To disable interactive enrolment, set \"enrollable\" to \"No\" in required courses.';
$string['configerrorlevel'] = 'Choose the amount of PHP warnings that you want to be displayed. Normal is usually the best choice.';
+$string['configexcludeoldflashclients'] = 'Some versions of the Adobe Flash plugin are known to be vulnerable to attacks from malicious Flash content. You can specify a minimum supported version here, and Moodle will not show Flash files to users with lower versions. Instead they will see an alternate Flash file telling them how to upgrade. Leave this empty to disable all checks.' ;
$string['configexperimentalsplitrestore'] = 'If enabled, course backup files will be checked for XML errors and split into smaller parts for use in the restore process. This will result in improvements to restore robustness and execution times, particularly for medium to large course backups.';
$string['configextendedusernamechars'] = 'Enable this setting to allow students to use any characters in their usernames (note this does not affect their actual names). The default is \"false\" which restricts usernames to be alphanumeric characters only';
$string['configextramemorylimit'] = 'Some scripts like search, backup/restore or cron require more memory. Set higher values for large sites.';
@@ -378,6 +379,7 @@
$string['errorsetting'] = 'Could not save setting:';
$string['errorwithsettings'] = 'Some settings were not changed due to an error.';
$string['everyonewhocan'] = 'Everyone who can \'$a\'';
+$string['excludeoldflashclients'] ='Required Flash player version';
$string['experimental'] = 'Experimental';
$string['experimentalsplitrestore'] = 'Experimental split restore';
$string['extendedusernamechars'] = 'Allow extended characters in usernames';
@@ -652,7 +652,7 @@ function send_temp_file_finished($path) {
* @param string $mimetype Include to specify the MIME type; leave blank to have it guess the type from $filename
function send_file($path, $filename, $lifetime = 'default' , $filter=0, $pathisstring=false, $forcedownload=false, $mimetype='') {
- global $CFG, $COURSE;
+ global $CFG, $COURSE, $SESSION;
// MDL-11789, apply $CFG->filelifetime here
if ($lifetime === 'default') {
@@ -669,6 +669,21 @@ function send_file($path, $filename, $lifetime = 'default' , $filter=0, $pathiss
$isFF = check_browser_version('Firefox', '1.5'); // only FF > 1.5 properly tested
$mimetype = ($forcedownload and !$isFF) ? 'application/x-forcedownload' :
($mimetype ? $mimetype : mimeinfo('type', $filename));
+ // If the file is a Flash file and that the user flash player is outdated return a flash upgrader MDL-20841
+ if (!empty($CFG->excludeoldflashclients) && $mimetype == 'application/x-shockwave-flash'&& !empty($SESSION->flashversion)) {
+ $userplayerversion = explode('.', $SESSION->flashversion);
+ $requiredplayerversion = explode('.', $CFG->excludeoldflashclients);
+ if (($userplayerversion[0] < $requiredplayerversion[0]) ||
+ ($userplayerversion[0] == $requiredplayerversion[0] && $userplayerversion[1] < $requiredplayerversion[1]) ||
+ ($userplayerversion[0] == $requiredplayerversion[0] && $userplayerversion[1] == $requiredplayerversion[1]
+ && $userplayerversion[2] < $requiredplayerversion[2])) {
+ $path = $CFG->dirroot."/lib/flashdetect/flashupgrade.swf"; // Alternate content asking user to upgrade Flash
+ $filename = "flashupgrade.swf";
+ $lifetime = 0; // Do not cache
+ }
+ }
$lastmodified = $pathisstring ? time() : filemtime($path);
$filesize = $pathisstring ? strlen($path) : filesize($path);
Binary file not shown.
Binary file not shown.
Binary file not shown.
Oops, something went wrong.

0 comments on commit b8d7eca

Please sign in to comment.