3 // This file is part of Moodle - http://moodle.org/
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 // GNU General Public License for more details.
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
19 * Minimalistic library, usable even when no other moodle libs are loaded.
21 * The only library that gets loaded if you define ABORT_AFTER_CONFIG
22 * before including main config.php. You can resume normal script operation
23 * if you define ABORT_AFTER_CONFIG_CANCEL and require the setup.php
26 * @copyright 2009 Petr Skoda (skodak)
27 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
31 * Minimalistic parameter validation function.
32 * Can not use optional param because moodlelib.php is not loaded yet
34 * @param mixed $default
38 function min_optional_param($name, $default, $type) {
39 if (isset($_GET[$name])) {
40 $value = $_GET[$name];
42 } else if (isset($_GET['amp;'.$name])) {
43 // very, very, very ugly hack, unfortunately $OUTPUT->pix_url() is not used properly in javascript code :-(
44 $value = $_GET['amp;'.$name];
46 } else if (isset($_POST[$name])) {
47 $value = $_POST[$name];
53 return min_clean_param($value, $type);
57 * Minimalistic parameter cleaning function.
59 * Note: Can not use optional param because moodlelib.php is not loaded yet.
61 * @param string $value
65 function min_clean_param($value, $type) {
67 case 'RAW': $value = min_fix_utf8((string)$value);
69 case 'INT': $value = (int)$value;
71 case 'SAFEDIR': $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
73 case 'SAFEPATH': $value = preg_replace('/[^a-zA-Z0-9\/\._-]/', '', $value);
74 $value = preg_replace('/\.+/', '.', $value);
75 $value = preg_replace('#/+#', '/', $value);
77 default: die("Coding error: incorrect parameter type specified ($type).");
84 * Minimalistic UTF-8 sanitisation.
86 * Note: This duplicates fix_utf8() intentionally for now.
88 * @param string $value
91 function min_fix_utf8($value) {
92 // Lower error reporting because glibc throws bogus notices.
93 $olderror = error_reporting();
94 if ($olderror & E_NOTICE
) {
95 error_reporting($olderror ^ E_NOTICE
);
98 // No null bytes expected in our data, so let's remove it.
99 $value = str_replace("\0", '', $value);
101 static $buggyiconv = null;
102 if ($buggyiconv === null) {
103 $buggyiconv = (!function_exists('iconv') or iconv('UTF-8', 'UTF-8//IGNORE', '100'.chr(130).'€') !== '100€');
107 if (function_exists('mb_convert_encoding')) {
108 $subst = mb_substitute_character();
109 mb_substitute_character('');
110 $result = mb_convert_encoding($value, 'utf-8', 'utf-8');
111 mb_substitute_character($subst);
114 // Warn admins on admin/index.php page.
119 $result = iconv('UTF-8', 'UTF-8//IGNORE', $value);
122 if ($olderror & E_NOTICE
) {
123 error_reporting($olderror);
130 * This method tries to enable output compression if possible.
131 * This function must be called before any output or headers.
133 * (IE6 is not supported at all.)
135 * @return boolean, true if compression enabled
137 function min_enable_zlib_compression() {
139 if (headers_sent()) {
143 // zlib.output_compression is preferred over ob_gzhandler()
144 if (!empty($_SERVER['HTTP_USER_AGENT']) and strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 6') !== false) {
145 ini_set('zlib.output_compression', 'Off');
146 if (function_exists('apache_setenv')) {
147 apache_setenv('no-gzip', 1);
152 ini_set('output_handler', '');
155 * docs clearly say 'on' means enable and number means size of buffer,
156 * but unfortunately some PHP version break when we set 'on' here.
157 * 1 probably sets chunk size to 4096. our CSS and JS scripts are much bigger,
158 * so let's try some bigger sizes.
160 ini_set('zlib.output_compression', 65536);
166 * Returns the slashargument part of the URL.
168 * Note: ".php" is NOT allowed in slasharguments,
169 * it is intended for ASCII characters only.
171 * @param boolean $clean - Should we do cleaning on this path argument. If you set this
172 * to false you MUST be very careful and do the cleaning manually.
175 function min_get_slash_argument($clean = true) {
176 // Note: This code has to work in the same cases as normal get_file_argument(),
177 // but at the same time it may be simpler because we do not have to deal
178 // with encodings and other tricky stuff.
182 if (!empty($_GET['file']) and strpos($_GET['file'], '/') === 0) {
183 // Server is using url rewriting, most probably IIS.
184 // Always clean the result of this function as it may be used in unsafe calls to send_file.
185 $relativepath = $_GET['file'];
187 $relativepath = min_clean_param($relativepath, 'SAFEPATH');
190 return $relativepath;
192 } else if (stripos($_SERVER['SERVER_SOFTWARE'], 'iis') !== false) {
193 if (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO'] !== '') {
194 $relativepath = urldecode($_SERVER['PATH_INFO']);
198 if (isset($_SERVER['PATH_INFO'])) {
199 $relativepath = $_SERVER['PATH_INFO'];
204 if (preg_match('|^.+\.php(.*)$|i', $relativepath, $matches)) {
205 $relativepath = $matches[1];
208 // Always clean the result of this function as it may be used in unsafe calls to send_file.
210 $relativepath = min_clean_param($relativepath, 'SAFEPATH');
212 return $relativepath;