[Summary view] [Print] [Text view]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Flowplayer library.
  19   *
  20   * @package core
  21   * @copyright  Petr Skoda <petr.skoda@totaralms.com>
  22   * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  
  26  defined('MOODLE_INTERNAL') || die();
  27  
  28  /**
  29   * Safer flash serving code.
  30   *
  31   * @param string $filename
  32   * @return void does not return, ends with die()
  33   */
  34  function flowplayer_send_flash_content($filename) {
  35      global $CFG;
  36      // Note: Do not use any fancy APIs here, this must work in all supported versions.
  37  
  38      // No url params.
  39      if (!empty($_GET) or !empty($_POST)) {
  40          header("HTTP/1.1 404 Not Found");
  41          die;
  42      }
  43  
  44      // Our referrers only, nobody else should embed these scripts.
  45      if (!empty($_SERVER['HTTP_REFERER'])) {
  46          $refhost = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
  47          $host = parse_url($CFG->wwwroot . '/', PHP_URL_HOST);
  48          if ($refhost and $host and strtolower($refhost) !== strtolower($host)) {
  49              header("HTTP/1.1 404 Not Found");
  50              die;
  51          }
  52      }
  53  
  54      // Fetch and decode the original content.
  55      $content = file_get_contents($CFG->dirroot . '/lib/flowplayer/' . $filename . '.bin');
  56      if (!$content) {
  57          header("HTTP/1.1 404 Not Found");
  58          die;
  59      }
  60      $content = base64_decode($content);
  61  
  62      // No caching allowed.
  63      if (strpos($CFG->wwwroot, 'https://') === 0) {
  64          // HTTPS sites - watch out for IE! KB812935 and KB316431.
  65          header('Cache-Control: private, max-age=10, no-transform');
  66          header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
  67          header('Pragma: ');
  68      } else {
  69          header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
  70          header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
  71          header('Pragma: no-cache');
  72      }
  73  
  74      // Send the original binary code.
  75      header('Content-Type: application/x-shockwave-flash');
  76      echo $content;
  77      die;
  78  }