ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
module.php
Go to the documentation of this file.
1<?php
12require_once('_include.php');
13
14// index pages - file names to attempt when accessing directories
15$indexFiles = array('index.php', 'index.html', 'index.htm', 'index.txt');
16
17// MIME types - key is file extension, value is MIME type
18$mimeTypes = array(
19 'bmp' => 'image/x-ms-bmp',
20 'css' => 'text/css',
21 'gif' => 'image/gif',
22 'htm' => 'text/html',
23 'html' => 'text/html',
24 'shtml' => 'text/html',
25 'ico' => 'image/vnd.microsoft.icon',
26 'jpe' => 'image/jpeg',
27 'jpeg' => 'image/jpeg',
28 'jpg' => 'image/jpeg',
29 'js' => 'text/javascript',
30 'pdf' => 'application/pdf',
31 'png' => 'image/png',
32 'svg' => 'image/svg+xml',
33 'svgz' => 'image/svg+xml',
34 'swf' => 'application/x-shockwave-flash',
35 'swfl' => 'application/x-shockwave-flash',
36 'txt' => 'text/plain',
37 'xht' => 'application/xhtml+xml',
38 'xhtml' => 'application/xhtml+xml',
39);
40
41if (empty($_SERVER['PATH_INFO'])) {
42 throw new SimpleSAML_Error_NotFound('No PATH_INFO to module.php');
43}
44
45$url = $_SERVER['PATH_INFO'];
46assert(substr($url, 0, 1) === '/');
47
48/* clear the PATH_INFO option, so that a script can detect whether it is called with anything following the
49 *'.php'-ending.
50 */
51unset($_SERVER['PATH_INFO']);
52
53$modEnd = strpos($url, '/', 1);
54if ($modEnd === false) {
55 // the path must always be on the form /module/
56 throw new SimpleSAML_Error_NotFound('The URL must at least contain a module name followed by a slash.');
57}
58
59$module = substr($url, 1, $modEnd - 1);
60$url = substr($url, $modEnd + 1);
61if ($url === false) {
62 $url = '';
63}
64
65if (!SimpleSAML\Module::isModuleEnabled($module)) {
66 throw new SimpleSAML_Error_NotFound('The module \''.$module.'\' was either not found, or wasn\'t enabled.');
67}
68
69/* Make sure that the request isn't suspicious (contains references to current directory or parent directory or
70 * anything like that. Searching for './' in the URL will detect both '../' and './'. Searching for '\' will detect
71 * attempts to use Windows-style paths.
72 */
73if (strpos($url, '\\') !== false) {
74 throw new SimpleSAML_Error_BadRequest('Requested URL contained a backslash.');
75} elseif (strpos($url, './') !== false) {
76 throw new SimpleSAML_Error_BadRequest('Requested URL contained \'./\'.');
77}
78
80
81// check for '.php/' in the path, the presence of which indicates that another php-script should handle the request
82for ($phpPos = strpos($url, '.php/'); $phpPos !== false; $phpPos = strpos($url, '.php/', $phpPos + 1)) {
83
84 $newURL = substr($url, 0, $phpPos + 4);
85 $param = substr($url, $phpPos + 4);
86
87 if (is_file($moduleDir.$newURL)) {
88 /* $newPath points to a normal file. Point execution to that file, and
89 * save the remainder of the path in PATH_INFO.
90 */
91 $url = $newURL;
92 $_SERVER['PATH_INFO'] = $param;
93 break;
94 }
95}
96
98
99if ($path[strlen($path) - 1] === '/') {
100 // path ends with a slash - directory reference. Attempt to find index file in directory
101 foreach ($indexFiles as $if) {
102 if (file_exists($path.$if)) {
103 $path .= $if;
104 break;
105 }
106 }
107}
108
109if (is_dir($path)) {
110 /* Path is a directory - maybe no index file was found in the previous step, or maybe the path didn't end with
111 * a slash. Either way, we don't do directory listings.
112 */
113 throw new SimpleSAML_Error_NotFound('Directory listing not available.');
114}
115
116if (!file_exists($path)) {
117 // file not found
118 SimpleSAML\Logger::info('Could not find file \''.$path.'\'.');
119 throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
120}
121
122// ilias-patch: begin
123if (preg_match('#\.php$#D', mb_strtolower($path, 'UTF-8'))) {
124// ilias-patch: end
125 // PHP file - attempt to run it
126
127 /* In some environments, $_SERVER['SCRIPT_NAME'] is already set with $_SERVER['PATH_INFO']. Check for that case,
128 * and append script name only if necessary.
129 *
130 * Contributed by Travis Hegner.
131 */
132 $script = "/$module/$url";
133 if (stripos($_SERVER['SCRIPT_NAME'], $script) === false) {
134 $_SERVER['SCRIPT_NAME'] .= '/'.$module.'/'.$url;
135 }
136
137 require($path);
138 exit();
139}
140
141// some other file type - attempt to serve it
142
143// find MIME type for file, based on extension
145if (preg_match('#\.([^/\.]+)$#D', $path, $type)) {
146 $type = strtolower($type[1]);
147 if (array_key_exists($type, $mimeTypes)) {
149 }
150}
151
152if ($contentType === null) {
153 /* We were unable to determine the MIME type from the file extension. Fall back to mime_content_type (if it
154 * exists).
155 */
156 if (function_exists('mime_content_type')) {
157 $contentType = mime_content_type($path);
158 } else {
159 // mime_content_type doesn't exist. Return a default MIME type
160 SimpleSAML\Logger::warning('Unable to determine mime content type of file: '.$path);
161 $contentType = 'application/octet-stream';
162 }
163}
164
165$contentLength = sprintf('%u', filesize($path)); // force filesize to an unsigned number
166
167header('Content-Type: '.$contentType);
168header('Content-Length: '.$contentLength);
169header('Cache-Control: public,max-age=86400');
170header('Expires: '.gmdate('D, j M Y H:i:s \G\M\T', time() + 10 * 60));
171header('Last-Modified: '.gmdate('D, j M Y H:i:s \G\M\T', filemtime($path)));
172
173readfile($path);
exit
Definition: backend.php:16
An exception for terminatinating execution or to throw for unit testing.
static info($string)
Definition: Logger.php:199
static warning($string)
Definition: Logger.php:177
static getModuleDir($module)
Retrieve the base directory for a module.
Definition: Module.php:39
$modEnd
Definition: module.php:53
if($modEnd===false) $module
Definition: module.php:59
if(preg_match('#\.( $contentLength[^/\.]+) $#D', $path, $type)) if($contentType===null)
Definition: module.php:165
$indexFiles
Definition: module.php:15
if( $url===false) if(!SimpleSAML\Module::isModuleEnabled($module)) if(strpos( $url, '\\') !==false) elseif(strpos($url, './') !==false) $moduleDir
Definition: module.php:79
$mimeTypes
Definition: module.php:18
if(empty($_SERVER['PATH_INFO'])) $url
Definition: module.php:45
for($phpPos=strpos($url, '.php/'); $phpPos !==false; $phpPos=strpos($url, '.php/', $phpPos+1)) $path
Definition: module.php:97
if( $path[strlen( $path) - 1]==='/') if(is_dir($path)) if(!file_exists( $path)) if(preg_match('#\.php$#D', mb_strtolower($path, 'UTF-8'))) $contentType
Definition: module.php:144
Attribute-related utility methods.
$type
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']