-
Notifications
You must be signed in to change notification settings - Fork 34
/
Copy pathlib.php
79 lines (71 loc) · 2.86 KB
/
lib.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* auth_outage plugin lib
*
* @package auth_outage
* @author Daniel Thee Roperto <[email protected]>
* @copyright 2016 Catalyst IT
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
use auth_outage\local\outagelib;
/**
* Used for adminlib::set_updatedcallback which requires a string that resolves to a function.
*
* Related to: MDL-57264 and MDL-32984
*/
function auth_outage_outagelib_prepare_next_outage() {
outagelib::prepare_next_outage();
}
/**
* Used by file.php to fetch a file from sitedata, protecting it from path traversal attacks.
*
* To keep it minimalist it was not added to the outagelib.php class.
*
* @param string $file Filename to fetch from sitedata
* @return string|null Full path to the sitedata file or null if file is not valid.
*/
function auth_outage_get_climaintenance_resource_file($file) {
global $CFG;
// We are not using any external libraries or references in this file (we have not gully loaded config.php yet).
// If you change the path below maybe you need to change maintenance_static_page::get_resources_folder() as well.
$resourcedir = rtrim($CFG->dataroot, '/'); // In case the configuration has a trailing slash.
$resourcedir = $resourcedir.'/auth_outage/climaintenance';
// Protect against path traversal attacks.
$basename = basename($file);
if ($basename !== $file && $file !== 'preview/' . $basename) {
// @codingStandardsIgnoreStart
if (!PHPUNIT_TEST) {
error_log('Possible attempt for Path Traversal Attack (only filename expected): '.$file);
}
// @codingStandardsIgnoreEnd
return null;
}
$realpath = realpath($resourcedir.'/'.$file);
return ($realpath == false) ? null : $realpath;
}
/**
* Inject the warning bar into the page if there is currently an outage.
*
* This is a legacy callback that is used for compatibility with older Moodle versions.
* Moodle 4.4+ will use auth_outage\hook_callbacks::before_standard_top_of_body_html_generation instead.
*
* @return string|void
*/
function auth_outage_before_standard_top_of_body_html() {
// Get code to inject.
return outagelib::get_inject_code();
}