lib/configonlylib.php

   1 <?php
   2
   3 // This file is part of Moodle - http://moodle.org/
   4 //
   5 // Moodle is free software: you can redistribute it and/or modify
   6 // it under the terms of the GNU General Public License as published by
   7 // the Free Software Foundation, either version 3 of the License, or
   8 // (at your option) any later version.
   9 //
  10 // Moodle is distributed in the hope that it will be useful,
  11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 // GNU General Public License for more details.
  14 //
  15 // You should have received a copy of the GNU General Public License
  16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  17
  18 /**
  19  * Minimalistic library, usable even when no other moodle libs are loaded.
  20  *
  21  * The only library that gets loaded if you define ABORT_AFTER_CONFIG
  22  * before including main config.php. You can resume normal script operation
  23  * if you define ABORT_AFTER_CONFIG_CANCEL and require the setup.php
  24  *
  25  * @package   core
  26  * @copyright 2009 Petr Skoda (skodak)
  27  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  28  */
  29
  30 /**
  31  * Minimalistic parameter validation function.
  32  * Can not use optional param because moodlelib.php is not loaded yet
  33  * @param string $name
  34  * @param mixed $default
  35  * @param string $type
  36  * @return mixed
  37  */
  38 function min_optional_param($name, $default, $type) {
  39     if (isset($_GET[$name])) {
  40         $value = $_GET[$name];
  41
  42     } else if (isset($_GET['amp;'.$name])) {
  43         // very, very, very ugly hack, unfortunately $OUTPUT->pix_url() is not used properly in javascript code :-(
  44         $value = $_GET['amp;'.$name];
  45
  46     } else if (isset($_POST[$name])) {
  47         $value = $_POST[$name];
  48
  49     } else {
  50         return $default;
  51     }
  52
  53     return min_clean_param($value, $type);
  54 }
  55
  56 /**
  57  * Minimalistic parameter cleaning function.
  58  *
  59  * Note: Can not use optional param because moodlelib.php is not loaded yet.
  60  *
  61  * @param string $value
  62  * @param string $type
  63  * @return mixed
  64  */
  65 function min_clean_param($value, $type) {
  66     switch($type) {
  67         case 'RAW':      $value = min_fix_utf8((string)$value);
  68                          break;
  69         case 'INT':      $value = (int)$value;
  70                          break;
  71         case 'SAFEDIR':  $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
  72                          break;
  73         case 'SAFEPATH': $value = preg_replace('/[^a-zA-Z0-9\/\._-]/', '', $value);
  74                          $value = preg_replace('/\.+/', '.', $value);
  75                          $value = preg_replace('#/+#', '/', $value);
  76                          break;
  77         default:         die("Coding error: incorrect parameter type specified ($type).");
  78     }
  79
  80     return $value;
  81 }
  82
  83 /**
  84  * Minimalistic UTF-8 sanitisation.
  85  *
  86  * Note: This duplicates fix_utf8() intentionally for now.
  87  *
  88  * @param string $value
  89  * @return string
  90  */
  91 function min_fix_utf8($value) {
  92     // Lower error reporting because glibc throws bogus notices.
  93     $olderror = error_reporting();
  94     if ($olderror & E_NOTICE) {
  95         error_reporting($olderror ^ E_NOTICE);
  96     }
  97
  98     static $buggyiconv = null;
  99     if ($buggyiconv === null) {
 100         $buggyiconv = (!function_exists('iconv') or iconv('UTF-8', 'UTF-8//IGNORE', '100'.chr(130).'€') !== '100€');
 101     }
 102
 103     if ($buggyiconv) {
 104         if (function_exists('mb_convert_encoding')) {
 105             $subst = mb_substitute_character();
 106             mb_substitute_character('');
 107             $result = mb_convert_encoding($value, 'utf-8', 'utf-8');
 108             mb_substitute_character($subst);
 109
 110         } else {
 111             // Warn admins on admin/index.php page.
 112             $result = $value;
 113         }
 114
 115     } else {
 116         $result = iconv('UTF-8', 'UTF-8//IGNORE', $value);
 117     }
 118
 119     if ($olderror & E_NOTICE) {
 120         error_reporting($olderror);
 121     }
 122
 123     return $result;
 124 }
 125
 126 /**
 127  * This method tries to enable output compression if possible.
 128  * This function must be called before any output or headers.
 129  *
 130  * (IE6 is not supported at all.)
 131  *
 132  * @return boolean, true if compression enabled
 133  */
 134 function min_enable_zlib_compression() {
 135
 136     if (headers_sent()) {
 137         return false;
 138     }
 139
 140     // zlib.output_compression is preferred over ob_gzhandler()
 141     if (!empty($_SERVER['HTTP_USER_AGENT']) and strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 6') !== false) {
 142         @ini_set('zlib.output_compression', 'Off');
 143         if (function_exists('apache_setenv')) {
 144             @apache_setenv('no-gzip', 1);
 145         }
 146         return false;
 147     }
 148
 149     @ini_set('output_handler', '');
 150
 151     /*
 152      * docs clearly say 'on' means enable and number means size of buffer,
 153      * but unfortunately some PHP version break when we set 'on' here.
 154      * 1 probably sets chunk size to 4096. our CSS and JS scripts are much bigger,
 155      * so let's try some bigger sizes.
 156      */
 157     @ini_set('zlib.output_compression', 65536);
 158
 159     return true;
 160 }
 161
 162 /**
 163  * Returns the slashargument part of the URL.
 164  *
 165  * Note: ".php" is NOT allowed in slasharguments,
 166  *       it is intended for ASCII characters only.
 167  *
 168  * @return string
 169  */
 170 function min_get_slash_argument() {
 171     // Note: This code has to work in the same cases as normal get_slash_argument(),
 172     //       but at the same time it may be simpler because we do not have to deal
 173     //       with encodings and other tricky stuff.
 174
 175     $relativepath = '';
 176
 177     if (!empty($_GET['file']) and strpos($_GET['file'], '/') === 0) {
 178         // server is using url rewriting, most probably IIS
 179         return $_GET['file'];
 180
 181     } else if (stripos($_SERVER['SERVER_SOFTWARE'], 'iis') !== false) {
 182         if (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO'] !== '') {
 183             $relativepath = urldecode($_SERVER['PATH_INFO']);
 184         }
 185
 186     } else {
 187         if (isset($_SERVER['PATH_INFO'])) {
 188             $relativepath = $_SERVER['PATH_INFO'];
 189         }
 190     }
 191
 192     $matches = null;
 193     if (preg_match('|^.+\.php(.*)$|i', $relativepath, $matches)) {
 194         $relativepath = $matches[1];
 195     }
 196
 197     return $relativepath;
 198 }