mirror/moodle-auth_outage
1
0
Fork 0
mirror of https://github.com/catalyst/moodle-auth_outage.git synced 2026-05-16 21:41:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

Issue #22 - Generation of HTML and copying images ready.

Browse Source
This commit is contained in:
Daniel Thee Roperto
2016-11-09 10:52:38 +11:00
parent 6f4b6d3240
commit db85ea06cf
2 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
classes/local/controllers/maintenance_static_page.php
View File

@@ -64,6 +64,7 @@ class maintenance_static_page {
*/
public static function get_resources_folder() {
global $CFG;
// If you change the path, also change file auth/outage/maintenance.php as it does not use this reference.
return $CFG->dataroot.'/auth_outage/climaintenance';
}
@@ -120,6 +121,7 @@ class maintenance_static_page {
private static function delete_directory_recursively($dir) {
// It should never come from user, but protect against possible attacks anyway.
$dir = realpath($dir);
$safedir = self::get_resources_folder();
if (substr($dir, 0, strlen($safedir)) !== $safedir) {
throw new invalid_parameter_exception('Unsafe to delete: '.$dir);
@@ -208,7 +210,7 @@ class maintenance_static_page {
copy($url, $path);
}
$url = (string)new moodle_url('/auth/outage/maintenance.php/'.$file);
$url = (string)new moodle_url('/auth/outage/maintenance.php?file='.$file);
return $url;
}
}

30
maintenance.php
View File

@@ -26,8 +26,30 @@
use auth_outage\dml\outagedb;
use auth_outage\local\controllers\maintenance_static_page;
require_once(__DIR__.'/../../config.php');
if (isset($_GET['file'])) {
define('NO_DEBUG_DISPLAY', true);
define('ABORT_AFTER_CONFIG', true);
require_once(__DIR__.'/../../config.php');
$outage = outagedb::get_next_starting();
maintenance_static_page::create_from_outage($outage);
readfile(maintenance_static_page::get_template_file());
// We are not using any external libraries or references in this file (cli maintenance is active).
// If you change the path below maybe you need to change maintenance_static_page::get_resources_folder() as well.
$resourcedir = $CFG->dataroot.'/auth_outage/climaintenance';
// Protect against path traversal attacks.
$file = $resourcedir.'/'.basename($_GET['file']);
if (realpath($file) !== $file) {
error_log('Invalid file: '.$_GET['file']);
http_response_code(404);
die('Not found.');
}
// Detect type, we only support css or PNG images.
$type = substr($file, -3);
if ($type == 'css') {
header('Content-type: text/css');
} else {
header('Content-type: image/png');
}
readfile($file);
return;
}