From 690f358b626dc78ea0c1cddec79bfbbb91ecd222 Mon Sep 17 00:00:00 2001 From: skodak Date: Tue, 30 Nov 2004 19:44:08 +0000 Subject: [PATCH] merged from MOODLE_14_STABLE; Preparation for new file.php, new function get_file_argument() SC#5 --- lib/weblib.php | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/lib/weblib.php b/lib/weblib.php index f2b587cc54..0c05a1b065 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -790,6 +790,54 @@ function validate_email($address) { $address)); } +/** + * Extracts file argument either from file parameter or PATH_INFO + * + * @param string $scriptname name of the calling script + * @return string file path (only safe characters) + */ +function get_file_argument($scriptname) { + global $_SERVER; + + $relativepath = FALSE; + + // first try normal parameter (compatible method == no relative links!) + $relativepath = optional_param('file', FALSE, PARAM_PATH); + + // then try extract file from PATH_INFO (slasharguments method) + if (!$relativepath and !empty($_SERVER['PATH_INFO'])) { + $path_info = $_SERVER['PATH_INFO']; + // check that PATH_INFO works == must not contain the script name + if (!strpos($path_info, $scriptname)) { + $relativepath = clean_param(rawurldecode($path_info), PARAM_PATH); + if ($relativepath === '/test') { + print_header(); + notice ('Slasharguments work - using PATH_INFO parameter :-D'); + print_footer(); + die; + } + } + } + + // now if both fail try the old way + // (for compatibility with misconfigured or older buggy php implementations) + if (!$relativepath) { + $arr = explode($scriptname, me()); + if (!empty($arr[1])) { + $path_info = strip_querystring($arr[1]); + $relativepath = clean_param(rawurldecode($path_info), PARAM_PATH); + if ($relativepath === '/test') { + print_header(); + notice ('Slasharguments work - using compatibility hack :-|'); + print_footer(); + die; + } + } + } + + return $relativepath; +} + /** * Check for bad characters ? * -- 2.39.5