search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-52651 htmlpurifier: Append rel=noreferrer to links.
[moodle.git] / webservice / upload.php
blob619bb37e4bbbe8d1cd90a524744600db25636e54
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17
18 /**
19 * Accept uploading files by web service token
20 *
21 * POST params:
22 * token => the web service user token (needed for authentication)
23 * filepath => the private file aera path (where files will be stored)
24 * [_FILES] => for example you can send the files with <input type=file>,
25 * or with curl magic: 'file_1' => '@/path/to/file', or ...
26 * filearea => 'private' or 'draft' (default = 'private'). These are the only 2 areas we are allowing
27 * direct uploads via webservices. The private file area is deprecated - please don't use it.
28 * itemid => For draft areas this is the draftid - this can be used to add a list of files
29 * to a draft area in separate requests. If it is 0, a new draftid will be generated.
30 * For private files, this is ignored.
31 *
32 * @package core_webservice
33 * @copyright 2011 Dongsheng Cai <dongsheng@moodle.com>
34 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
35 */
36
37 /**
38 * AJAX_SCRIPT - exception will be converted into JSON
39 */
40 define('AJAX_SCRIPT', true);
41
42 /**
43 * NO_MOODLE_COOKIES - we don't want any cookie
44 */
45 define('NO_MOODLE_COOKIES', true);
46
47 require_once(dirname(dirname(__FILE__)) . '/config.php');
48 require_once($CFG->dirroot . '/webservice/lib.php');
49 $filepath = optional_param('filepath', '/', PARAM_PATH);
50 // The default file area is 'private' for user private files. This
51 // area is actually deprecated and only supported for backwards compatibility with
52 // the mobile app.
53 $filearea = optional_param('filearea', 'private', PARAM_ALPHA);
54 $itemid = optional_param('itemid', 0, PARAM_INT);
55
56 echo $OUTPUT->header();
57
58 // authenticate the user
59 $token = required_param('token', PARAM_ALPHANUM);
60 $webservicelib = new webservice();
61 $authenticationinfo = $webservicelib->authenticate_user($token);
62 $fileuploaddisabled = empty($authenticationinfo['service']->uploadfiles);
63 if ($fileuploaddisabled) {
64 throw new webservice_access_exception('Web service file upload must be enabled in external service settings');
65 }
66
67 // check the user can manage his own files (can upload)
68 $context = context_user::instance($USER->id);
69
70 // Allow allways to upload files to the draft area, no matter if the user can't manage his own files.
71 // Files required by other webservices (like mod_assign ones) must be uploaded to the draft area.
72 if ($filearea === 'private') {
73 require_capability('moodle/user:manageownfiles', $context);
74 }
75
76 if ($filearea !== 'private' and $filearea !== 'draft') {
77 // Do not dare to allow more areas here!
78 throw new file_exception('error');
79 }
80
81 $fs = get_file_storage();
82
83 $totalsize = 0;
84 $files = array();
85 foreach ($_FILES as $fieldname=>$uploaded_file) {
86 // check upload errors
87 if (!empty($_FILES[$fieldname]['error'])) {
88 switch ($_FILES[$fieldname]['error']) {
89 case UPLOAD_ERR_INI_SIZE:
90 throw new moodle_exception('upload_error_ini_size', 'repository_upload');
91 break;
92 case UPLOAD_ERR_FORM_SIZE:
93 throw new moodle_exception('upload_error_form_size', 'repository_upload');
94 break;
95 case UPLOAD_ERR_PARTIAL:
96 throw new moodle_exception('upload_error_partial', 'repository_upload');
97 break;
98 case UPLOAD_ERR_NO_FILE:
99 throw new moodle_exception('upload_error_no_file', 'repository_upload');
100 break;
101 case UPLOAD_ERR_NO_TMP_DIR:
102 throw new moodle_exception('upload_error_no_tmp_dir', 'repository_upload');
103 break;
104 case UPLOAD_ERR_CANT_WRITE:
105 throw new moodle_exception('upload_error_cant_write', 'repository_upload');
106 break;
107 case UPLOAD_ERR_EXTENSION:
108 throw new moodle_exception('upload_error_extension', 'repository_upload');
109 break;
110 default:
111 throw new moodle_exception('nofile');
112 }
113 }
114 $file = new stdClass();
115 $file->filename = clean_param($_FILES[$fieldname]['name'], PARAM_FILE);
116 // check system maxbytes setting
117 if (($_FILES[$fieldname]['size'] > get_max_upload_file_size($CFG->maxbytes))) {
118 // oversize file will be ignored, error added to array to notify
119 // web service client
120 $file->errortype = 'fileoversized';
121 $file->error = get_string('maxbytes', 'error');
122 } else {
123 $file->filepath = $_FILES[$fieldname]['tmp_name'];
124 // calculate total size of upload
125 $totalsize += $_FILES[$fieldname]['size'];
126 }
127 $files[] = $file;
128 }
129
130 $fs = get_file_storage();
131
132 if ($filearea == 'draft' && $itemid <= 0) {
133 $itemid = file_get_unused_draft_itemid();
134 }
135
136 // Get any existing file size limits.
137 $maxareabytes = FILE_AREA_MAX_BYTES_UNLIMITED;
138 $maxupload = get_user_max_upload_file_size($context, $CFG->maxbytes);
139 if ($filearea == 'private') {
140 // Private files area is limited by $CFG->userquota.
141 if (!has_capability('moodle/user:ignoreuserquota', $context)) {
142 $maxareabytes = $CFG->userquota;
143 }
144
145 // Count the size of all existing files in this area.
146 if ($maxareabytes > 0) {
147 $usedspace = 0;
148 $existingfiles = $fs->get_area_files($context->id, 'user', $filearea, false, 'id', false);
149 foreach ($existingfiles as $file) {
150 $usedspace += $file->get_filesize();
151 }
152 if ($totalsize > ($maxareabytes - $usedspace)) {
153 throw new file_exception('userquotalimit');
154 }
155 }
156 }
157
158 // Check the size of this upload.
159 if ($maxupload !== USER_CAN_IGNORE_FILE_SIZE_LIMITS && $totalsize > $maxupload) {
160 throw new file_exception('userquotalimit');
161 }
162
163 $results = array();
164 foreach ($files as $file) {
165 if (!empty($file->error)) {
166 // including error and filename
167 $results[] = $file;
168 continue;
169 }
170 $file_record = new stdClass;
171 $file_record->component = 'user';
172 $file_record->contextid = $context->id;
173 $file_record->userid = $USER->id;
174 $file_record->filearea = $filearea;
175 $file_record->filename = $file->filename;
176 $file_record->filepath = $filepath;
177 $file_record->itemid = $itemid;
178 $file_record->license = $CFG->sitedefaultlicense;
179 $file_record->author = fullname($authenticationinfo['user']);
180 $file_record->source = '';
181
182 //Check if the file already exist
183 $existingfile = $fs->file_exists($file_record->contextid, $file_record->component, $file_record->filearea,
184 $file_record->itemid, $file_record->filepath, $file_record->filename);
185 if ($existingfile) {
186 $file->errortype = 'filenameexist';
187 $file->error = get_string('filenameexist', 'webservice', $file->filename);
188 $results[] = $file;
189 } else {
190 $stored_file = $fs->create_file_from_pathname($file_record, $file->filepath);
191 $results[] = $file_record;
192 }
193 }
194 echo json_encode($results);
Read-only mirror of the Moodle CVS