--- ivp-old/file.php 2010-08-23 15:57:11.000000000 +0200
+++ ivp/file.php 2010-08-23 16:53:41.000000000 +0200
@@ -126,7 +126,10 @@
// security: force download of all attachments submitted by students
if (count($args) >= 3 and strtolower($args[1]) === 'moddata') {
$mod = clean_param($args[2], PARAM_SAFEDIR);
- if (file_exists("$CFG->dirroot/mod/$mod/lib.php")) {
+ // Hack by Karsten Burger - LET
+ // to allow wiki content is delivered
+ $isWiki = strstr($mod,'wiki');
+ if (file_exists("$CFG->dirroot/mod/$mod/lib.php")) {
if (!$forcedownload) {
require_once("$CFG->dirroot/mod/$mod/lib.php");
$trustedfunction = $mod.'_is_moddata_trusted';
@@ -134,10 +137,16 @@
// force download of all attachments that are not trusted
$forcedownload = !$trustedfunction();
} else {
- $forcedownload = 1;
+ $forcedownload = 1;
}
}
- } else {
+ } else if ($isWiki)
+ // If it is a wiki file, deliver it
+ // !! This opens a security hole !!
+ // Modified by Karsten Burger - LET
+ // 23. August 2010
+ {
+ } else {
// module is not installed - better not serve file at all
not_found($course->id);
}
@@ -175,6 +184,7 @@
// check that file exists
if (!file_exists($pathname)) {
+ //echo "
$pathname";
not_found($course->id);
}
@@ -183,6 +193,7 @@
// ========================================
session_write_close(); // unlock session during fileserving
$filename = $args[count($args)-1];
+ //echo "
pathname:$pathname, filename:$filename, lifetime:$lifetime, $CFG->filteruploadedfiles, false, $forcedownload";
send_file($pathname, $filename, $lifetime, $CFG->filteruploadedfiles, false, $forcedownload);
function not_found($courseid) {