mirror/moodle-auth_outage
1
0
Fork 0
mirror of https://github.com/catalyst/moodle-auth_outage.git synced 2026-05-16 21:41:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

Issue #22 - Split maintenance.php into preview.php and file.php

Browse Source
This commit is contained in:
Daniel Thee Roperto
2016-11-09 16:21:46 +11:00
parent afd17994fe
commit ce2da24b1b
5 changed files with 112 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
file.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This page is used to fetch files while in maintenance mode.
*
* It should avoid as much as possible using code Moodle API.
*
* @package auth_outage
* @author Daniel Thee Roperto <daniel.roperto@catalyst-au.net>
* @copyright 2016 Catalyst IT
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*
* @var stdClass $CFG
*/
if (!isset($_GET['file'])) {
http_response_code(400);
die('Missing file parameter.');
}
define('NO_DEBUG_DISPLAY', true);
define('ABORT_AFTER_CONFIG', true);
require_once(__DIR__.'/../../config.php');
// We are not using any external libraries or references in this file (cli maintenance is active).
// If you change the path below maybe you need to change maintenance_static_page::get_resources_folder() as well.
$resourcedir = $CFG->dataroot.'/auth_outage/climaintenance';
// Protect against path traversal attacks.
$file = $resourcedir.'/'.$_GET['file'];
if (realpath($file) !== $file) {
// @codingStandardsIgnoreStart
error_log('Invalid file: '.$_GET['file']);
// @codingStandardsIgnoreEnd
http_response_code(404);
die('Not found.');
}
// Detect type, we only support css or PNG images.
header('Content-Type: '.(substr($file, -3) == 'css' ? 'text/css' : 'image/png'));
// Use cache.
$lifetime = 60 * 60 * 24; // 1 day.
header('Expires: '.gmdate('D, d M Y H:i:s', time() + $lifetime).' GMT');
header('Pragma: ');
header('Cache-Control: public, max-age='.$lifetime);
header('Accept-Ranges: none');
readfile($file);