From: dongsheng Date: Thu, 25 Jun 2009 05:18:22 +0000 (+0000) Subject: "MDL-18520, for security, we use a fixed repository path for filesystem plugin" X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=fdcf5320a8c6787a9e00148f25cc7bfd36455827;p=moodle.git "MDL-18520, for security, we use a fixed repository path for filesystem plugin" --- diff --git a/repository/filesystem/repository.class.php b/repository/filesystem/repository.class.php index 4eb6bdd711..abfa07a60c 100644 --- a/repository/filesystem/repository.class.php +++ b/repository/filesystem/repository.class.php @@ -1,63 +1,34 @@ + * @license http://www.gnu.org/copyleft/gpl.html GNU Public License + */ class repository_filesystem extends repository { - public static $block_list = array( - '/etc', - '/', - 'c:\windows', - 'c:/windows' - ); public function __construct($repositoryid, $context = SITEID, $options = array()) { + global $CFG; parent::__construct($repositoryid, $context, $options); - if (empty($this->options['root_path'])) { - return; - } - $this->root_path = trim($this->options['root_path']); + $this->root_path = $CFG->dataroot.'/repository/'; if (!empty($options['ajax'])) { - // if created from filepicker - if (empty($this->root_path)) { + if (!is_dir($this->root_path)) { $ret = array(); $ret['msg'] = get_string('invalidpath', 'repository_filesystem'); $ret['nosearch'] = true; - echo json_encode($ret); - exit; - } else { - if (!is_dir($this->root_path)) { - $ret = array(); - $ret['msg'] = get_string('invalidpath', 'repository_filesystem'); - $ret['nosearch'] = true; - if ($options['ajax']) { - echo json_encode($ret); - exit; - } + if ($options['ajax']) { + echo json_encode($ret); + exit; } } - if ($this->root_path{strlen($this->root_path)-1} !== '/') { - $this->root_path .= '/'; - } } } - public function security_check($path) { - $blocked = false; - foreach (self::$block_list as $item) { - if ($path == $item or $path == $item.'/') { - $blocked = true; - break; - } - } - return $blocked; - } public function get_listing($path = '', $page = '') { global $CFG; - if ($this->security_check($this->root_path)) { - $ret = array(); - $ret['msg'] = get_string('blockedpath', 'repository_filesystem'); - $ret['nosearch'] = true; - echo json_encode($ret); - exit; - } - $list = array(); $list['list'] = array(); // process breacrumb trail @@ -79,14 +50,9 @@ class repository_filesystem extends repository { } $this->root_path .= ($path.'/'); } - // set options $list['manage'] = false; - // dynamically loading $list['dynload'] = true; - // the current path of this list. - // set to true, the login link will be removed $list['nologin'] = true; - // set to true, the search button will be removed $list['nosearch'] = true; if ($dh = opendir($this->root_path)) { while (($file = readdir($dh)) != false) { @@ -97,7 +63,7 @@ class repository_filesystem extends repository { 'source' => $path.'/'.$file, 'size' => filesize($this->root_path.$file), 'date' => time(), - 'thumbnail' => $CFG->httpswwwroot .'/pix/f/'. mimeinfo('icon32', $this->root_path.$file) + 'thumbnail' => $CFG->pixpath .'/f/'. mimeinfo('icon32', $this->root_path.$file) ); } else { if (!empty($path)) { @@ -108,7 +74,7 @@ class repository_filesystem extends repository { $list['list'][] = array( 'title' => $file, 'children' => array(), - 'thumbnail' => $CFG->httpswwwroot .'/pix/f/folder-32.png', + 'thumbnail' => $CFG->pixpath .'/f/folder-32.png', 'path' => $current_path ); } @@ -117,26 +83,15 @@ class repository_filesystem extends repository { } return $list; } - // login public function check_login() { return true; } - // if check_login returns false, - // this function will be called to print a login form. public function print_login() { return true; } - //search - // if this plugin support global search, if this function return - // true, search function will be called when global searching working public function global_search() { return false; } - public function search($text) { - $search_result = array(); - $search_result['list'] = array(); - return $search_result; - } // move file to local moodle public function get_file($file, $title = '') { global $CFG; @@ -154,18 +109,7 @@ class repository_filesystem extends repository { } public static function get_instance_option_names() { - return array('root_path'); - } - - public function instance_config_form(&$mform) { - $mform->addElement('text', 'root_path', get_string('path', 'repository_filesystem'), array('value'=>'','size' => '40')); - $warning = get_string('donotusesysdir', 'repository_filesystem'); - $warning .= ''; - $mform->addElement('static', null, '', $warning); + return null; } public static function get_type_option_names() {