Commit 9677eb79 authored by ikawhero's avatar ikawhero
Browse files

Making custom scripts path generic so it is not forced to be in the

dataroot directory which is writable by the web server.
Path cleaned to avoid relative directory links.
parent 7b5aa1b7
......@@ -214,7 +214,7 @@ $CFG->admin = 'admin';
// $CFG->filtermatchoneperpage = true;
//
// Enabling this will allow custom scripts to replace existing moodle scripts.
// For example: if $CFG->dataroot/customscripts/course/view.php exists then
// For example: if $CFG->customscripts/course/view.php exists then
// it will be used instead of $CFG->wwwroot/course/view.php
// At present this will only work for files that include config.php and are called
// as part of the url (index.php is implied).
......@@ -226,7 +226,8 @@ $CFG->admin = 'admin';
// Warning: Replacing standard moodle scripts may pose security risks and/or may not
// be compatible with upgrades. Use this option only if you are aware of the risks
// involved.
// $CFG->customscripts = true;
// Specify the full directory path to the custom scripts
// $CFG->customscripts = '/home/example/customscripts';
//
// Performance profiling
//
......
......@@ -6935,8 +6935,11 @@ function custom_script_path($urlpath='') {
if (!$urlpath) return false;
}
// Strip wwwroot out
$scriptpath = str_replace($CFG->wwwroot, $CFG->dataroot.'/customscripts', $urlpath);
/// Strip wwwroot out
$scriptpath = str_replace($CFG->wwwroot, $CFG->customscripts, $urlpath);
/// Clean the path
$scriptpath = clean_param($scriptpath, PARAM_PATH);
/// Strip the query string out
$parts = parse_url($scriptpath);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment