mahara.php 21.8 KB
Newer Older
1
2
<?php
/**
Nigel McNie's avatar
Nigel McNie committed
3
 * This program is part of Mahara
4
 *
5
6
7
8
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
9
 *
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 *
 * @package    mahara
 * @subpackage core
 * @author     Penny Leach <penny@catalyst.net.nz>
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
 * @copyright  (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
 * @copyright  (C) portions from Moodle, (C) Martin Dougiamas http://dougiamas.com
25
26
 */

27
defined('INTERNAL') || die();
28
29
30
31
32
33
34


/**
 * This function checks core and plugins
 * for which need to be upgraded/installed
 * @returns array of objects
 */
Penny Leach's avatar
Penny Leach committed
35
function check_upgrades($name = null) {
36
37
38
    // An array of plugins to check
    static $pluginstocheck = array('artefact', 'auth');

39
    $toupgrade = array();
40
    $installing = false;
41

42
    require('version.php');
43
    // check core first...
Penny Leach's avatar
Penny Leach committed
44
    if (empty($name) || $name == 'core') {
45
46
47
48
49
50
51
        try {
            $coreversion = get_config('version');
        } 
        catch (Exception $e) {
            $coreversion = 0;
        }
        if (empty($coreversion)) {
Penny Leach's avatar
Penny Leach committed
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
            $core = new StdClass;
            $core->install = true;
            $core->to = $config->version;
            $core->torelease = $config->release;
            $toupgrade['core'] = $core;
            $installing = true;
        } 
        else if ($config->version > $coreversion) {
            $core = new StdClass;
            $core->upgrade = true;
            $core->from = $coreversion;
            $core->fromrelease = get_config('release');
            $core->to = $config->version;
            $core->torelease = $config->release;
            $toupgrade['core'] = $core;
        }
    }

70
71
72
73
74
75
    // If we were just checking if the core needed to be upgraded, we can stop
    // here.
    if ($name == 'core') {
        return $toupgrade['core'];
    }

Penny Leach's avatar
Penny Leach committed
76
    $plugins = array();
77
78
79
    //if (strpos($name, 'artefact.') === 0) {
    //    $plugins[] = substr($name, 9);
    //}
80
    if (!empty($name)) {
81
82
83
84
85
86
87
88
89
90
91
92
        $plugins[] = explode('.', $name);
    }
    else {
        foreach ($pluginstocheck as $plugin) {
            $dirhandle = opendir(get_config('docroot') . $plugin);
            while (false !== ($dir = readdir($dirhandle))) {
                if (strpos($dir, '.') === 0) {
                    continue;
                }
                if (!empty($installing) && $dir != 'internal') {
                    continue;
                }
93
94
95
                if (!is_dir(get_config('docroot') . $plugin . '/' . $dir)) {
                    continue;
                }
96
                $plugins[] = array($plugin, $dir);
Penny Leach's avatar
Penny Leach committed
97
            }
98
        }
Penny Leach's avatar
Penny Leach committed
99
100
    }

101
102
103
104
105
106
107
    foreach ($plugins as $plugin) {
        $plugintype = $plugin[0];
        $pluginname = $plugin[1];
        $pluginpath = "$plugin[0]/$plugin[1]";
        $pluginkey  = "$plugin[0].$plugin[1]";

        require(get_config('docroot') . $pluginpath . '/version.php');
108
        $pluginversion = 0;
109
110
111
112
113
114
115
        // Don't try to get a plugin version if we are installing - it will
        // definitely fail
        if (!$installing) {
            try {
                $pluginversion = get_config_plugin($plugintype, $pluginname, 'version');
            }
            catch (Exception $e) { }
116
        }
117

118
        if (empty($pluginversion)) {
119
120
121
122
123
            $plugininfo = new StdClass;
            $plugininfo->install = true;
            $plugininfo->to = $config->version;
            $plugininfo->torelease = $config->release;
            $toupgrade[$pluginkey] = $plugininfo;
124
        }
125
        else if ($config->version > $pluginversion) {
126
127
128
            $plugininfo = new StdClass;
            $plugininfo->upgrade = true;
            $plugininfo->from = $pluginversion;
Penny Leach's avatar
Penny Leach committed
129
            try {
130
                $plugininfo->fromrelease = get_config_plugin('artefact', $dir, 'release');
Penny Leach's avatar
Penny Leach committed
131
132
            }
            catch (Exception $e) { }
133
134
135
136
            $plugininfo->to = $config->version;
            $plugininfo->torelease = $config->release;
            $toupgrade[$pluginkey] = $plugininfo;
        }
137
138
    }

Penny Leach's avatar
Penny Leach committed
139
140
141
142
143
144
    // if we've just asked for one, don't return an array...
    if (!empty($name) && count($toupgrade) == 1) {
        $upgrade = new StdClass;
        $upgrade->name = $name;
        foreach ((array)$toupgrade[$name] as $key => $value) {
            $upgrade->{$key} = $value;
145
146
147
        }
        log_dbg('thing to upgrade:');
        log_dbg($upgrade);
Penny Leach's avatar
Penny Leach committed
148
149
        return $upgrade;
    }
150
151
    log_dbg('stuff to upgrade:');
    log_dbg($toupgrade);
152
153
154
    return $toupgrade;
}

Penny Leach's avatar
Penny Leach committed
155
function upgrade_core($upgrade) {
156
    global $db;
Penny Leach's avatar
Penny Leach committed
157
158

    $location = get_config('libroot') . '/db/';
159
160
    $db->StartTrans();

Penny Leach's avatar
Penny Leach committed
161
162
163
164
165
166
167
168
169
170
171
172
173
    if (!empty($upgrade->install)) {
        $status = install_from_xmldb_file($location . 'install.xml'); 
    }
    else {
        require_once($location . 'upgrade.php');
        $status = xmldb_core_upgrade($upgrade->from);
    }
    if (!$status) {
        throw new DatalibException("Failed to upgrade core");
    }

    $status = set_config('version', $upgrade->to);
    $status = $status && set_config('release', $upgrade->torelease);
174
175
176
177
178
179
    
    if ($db->HasFailedTrans()) {
        $status = false;
    }
    $db->CompleteTrans();

Penny Leach's avatar
Penny Leach committed
180
181
182
183
    return $status;
}

function upgrade_plugin($upgrade) {
184
185
    global $db;

Penny Leach's avatar
Penny Leach committed
186
187
188
    $plugintype = '';
    $pluginname = '';

189
    list($plugintype, $pluginname) = explode('.', $upgrade->name);
Penny Leach's avatar
Penny Leach committed
190
191

    $location = get_config('dirroot') . $plugintype . '/' . $pluginname . '/db/';
192
    $db->StartTrans();
193

Penny Leach's avatar
Penny Leach committed
194
    if (!empty($upgrade->install)) {
195
        // @todo add to installed_artefacts
196
197
198
199
200
201
        if (is_readable($location . 'install.xml')) {
            $status = install_from_xmldb_file($location . 'install.xml');
        }
        else {
            $status = true;
        }
Penny Leach's avatar
Penny Leach committed
202
203
204
    }
    else {
        require_once($location . 'upgrade.php');
205
206
        // @todo check file exists first - reasonable for it not to have 
        // db tables at all. should still insert version number and cron etc
Penny Leach's avatar
Penny Leach committed
207
208
209
210
        $function = 'xmldb_' . $plugintype . '_' . $pluginname . '_upgrade';
        $status = $function($upgrade->from);
    }
    
211
212
    if (!$status || $db->HasFailedTrans()) {
        $db->CompleteTrans();
Penny Leach's avatar
Penny Leach committed
213
214
        throw new DatalibException("Failed to upgrade $upgrade->name");
    }
215
216
217

    $status = set_config_plugin($plugintype, $pluginname, 'version', $upgrade->to);
    $status = $status && set_config_plugin($plugintype, $pluginname, 'release', $upgrade->torelease);
Penny Leach's avatar
Penny Leach committed
218
219
220

    // @todo here is where plugins register events and set their crons up
    
221
222
223
224
225
    if ($db->HasFailedTrans()) {
        $status = false;
    }
    $db->CompleteTrans();
    
Penny Leach's avatar
Penny Leach committed
226
227
228
    return $status;
}

229
230
231
232
233
234
235
236
237
/** 
 * work around silly php settings
 * and broken setup stuff about the install
 * and raise a warning/fail depending on severity
 */
function ensure_sanity() {

    // register globals workaround
    if (ini_get_bool('register_globals')) {
238
        log_environ(get_string('registerglobals', 'error'));
239
240
241
242
243
244
245
246
        $massivearray = array_keys(array_merge($_POST,$_GET,$_COOKIE,$_SERVER,$_REQUEST,$_FILES));
        foreach ($massivearray as $tounset) {
            unset($GLOBALS[$tounset]);
        }
    }

    // magic_quotes_gpc workaround
    if (ini_get_bool('magic_quotes_gpc')) {
247
        log_environ(get_string('magicquotesgpc', 'error'));
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
        function stripslashes_deep($value) {
            $value = is_array($value) ?
                array_map('stripslashes_deep', $value) :
                stripslashes($value);
            return $value;
        }
        $_POST = array_map('stripslashes_deep', $_POST);
        $_GET = array_map('stripslashes_deep', $_GET);
        $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
        $_REQUEST = array_map('stripslashes_deep', $_REQUEST);

        $servervars = array('REQUEST_URI','QUERY_STRING','HTTP_REFERER','PATH_INFO','PHP_SELF','PATH_TRANSLATED');
        foreach ($servervars as $tocheck) {
            if (array_key_exists($tocheck,$_SERVER) && !empty($_SERVER[$tocheck])) {
                $_SERVER[$tocheck] = stripslashes($_SERVER[$tocheck]);
            }
        }
    }

267
    if (ini_get_bool('magic_quotes_runtime')) {
268
269
270
271
272
273
274
275
276
        // Turn of magic_quotes_runtime. Anyone with this on deserves a slap in the face
        set_magic_quotes_runtime(0);
        log_environ(get_string('magicquotesruntime', 'error'));
    }

    if (ini_get_bool('magic_quotes_sybase')) {
        // See above comment re. magic_quotes_runtime
        @ini_set('magic_quotes_sybase', 0);
        log_environ(get_string('magicquotessybase', 'error'));
277
278
    }

279
280
281
    if (ini_get_bool('safe_mode')) {
        // We don't run with safe mode
        throw new ConfigSanityException(get_string('safemodeon', 'error'));
282
283
    }

284
285
286
287
288
289
290
    // Other things that might be worth checking:
    //    memory limit
    //    file_uploads (off|on)
    //    upload_max_filesize
    //    allow_url_fopen (only if we use this)
    //

291
292
    // dataroot inside document root.
    if (strpos(get_config('dataroot'),get_config('docroot')) !== false) {
293
        throw new ConfigSanityException(get_string('datarootinsidedocroot','error'));
294
295
    }

296
297
    // dataroot not writable..
    if (!check_dir_exists(get_config('dataroot')) || !is_writable(get_config('dataroot'))) {
298
        throw new ConfigSanityException(get_string('datarootnotwritable', 'error', get_config('dataroot')));
299
    }
300
301
302
303
304

    // Json functions not available
    if (!function_exists('json_encode') || !function_exists('json_decode')) {
        throw new ConfigSanityException(get_string('jsonextensionnotloaded', 'error'));
    }
305
306
307
308
    
    check_dir_exists(get_config('dataroot').'smarty/compile');
    check_dir_exists(get_config('dataroot').'smarty/cache');

309
310
}

311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
function get_string($identifier,$section) {

    $langconfigstrs = array('parentlanguage', 'strftimedate', 'strftimedateshort', 'strftimedatetime',
                            'strftimedaydate', 'strftimedaydatetime', 'strftimedayshort', 'strftimedaytime',
                            'strftimemonthyear', 'strftimerecent', 'strftimerecentfull', 'strftimetime',
                            'thislanguage');

    if (in_array($identifier, $langconfigstrs)) {
        $section = 'langconfig';  
    }

    $variables = func_get_args();
    if (count($variables) > 2) { // we have some stuff we need to sprintf
        array_shift($variables);
        array_shift($variables); //shift off the first two.
    } else {
        $variables = array();
    }
    
    $lang = current_language();

    if ($section == '') {
        $section = 'mahara';
    }

    // Define the locations of language strings for this section
    $docroot = get_config('docroot');
    $locations = array();
    
    if ($section == 'mahara' || $section != 'langconfig') {
Penny Leach's avatar
Penny Leach committed
341
        $locations[] = $docroot.'lang/';
342
343
344
345
346
347
348
349
350
    } else {
        $extras = array('artefacts','auth'); // more later..
        foreach ($extras as $tocheck) {
            if (strpos($section,$tocheck.'.') === 0) {
                $pluginname = substr($section,strlen($tocheck));
                $locations[] = $docroot.$tocheck.'/'.$pluginname.'/lang/';
            }
        }
    }
351

352
353
354
355
    // First check all the normal locations for the string in the current language
    foreach ($locations as $location) {
        //if local directory not found, or particular string does not exist in local direcotry
        $langfile = $location.$lang.'/'.$section.'.php';
Penny Leach's avatar
Penny Leach committed
356
        if (is_readable($langfile)) {
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
            if ($result = get_string_from_file($identifier, $langfile)) {
                return format_langstring($result,$variables);
            }
        }
    }

    // If the preferred language was English (utf8) we can abort now
    // saving some checks beacuse it's the only "root" lang
    if ($lang == 'en.utf8') {
        return '[['. $identifier .']]';
    }

    // Is a parent language defined?  If so, try to find this string in a parent language file

    foreach ($locations as $location) {
        $langfile = $location.$lang.'/langconfig.php';
Penny Leach's avatar
Penny Leach committed
373
        if (is_readable($langfile)) {
374
375
            if ($parentlang = get_string_from_file('parentlanguage', $langfile)) {
                $langfile = $location.$parentlang.'/'.$section.'.php';
Penny Leach's avatar
Penny Leach committed
376
                if (is_readable($langfile)) {
377
378
379
380
381
382
383
384
385
386
387
388
                    if ($result = get_string_from_file($identifier, $langfile)) {
                        return format_langstring($result,$variables);
                    }
                }
            }
        }
    }

    /// Our only remaining option is to try English
    foreach ($locations as $location) {
        //if local_en not found, or string not found in local_en
        $langfile = $location.'en.utf8/'.$module.'.php';
Penny Leach's avatar
Penny Leach committed
389
        if (is_readable($langfile)) {
390
391
392
393
394
395
396
            if ($result = get_string_from_file($identifier, $langfile)) {
                return format_langstring($result,$variables);
            }
        }
    }

    return '[['.$identifier.']]';  // Last resort
397
}
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438



/**
 * This function is only used from {@link get_string()}.
 *
 * @internal Only used from get_string, not meant to be public API
 * @param string $identifier ?
 * @param string $langfile ?
 * @param string $destination ?
 * @return string|false ?
 * @staticvar array $strings Localized strings
 * @access private
 * @todo Finish documenting this function.
 */
function get_string_from_file($identifier, $langfile) {

    static $strings;    // Keep the strings cached in memory.

    if (empty($strings[$langfile])) {
        $string = array();
        include ($langfile);
        $strings[$langfile] = $string;
    } else {
        $string = &$strings[$langfile];
    }

    if (!isset ($string[$identifier])) {
        return false;
    }

    return $string[$identifier];
}

/**
 * This function makes the return value of ini_get consistent if you are
 * setting server directives through the .htaccess file in apache.
 * Current behavior for value set from php.ini On = 1, Off = [blank]
 * Current behavior for value set from .htaccess On = On, Off = Off
 * Contributed by jdell @ unr.edu
 *
439
 * @param string $ini_get_arg setting to look for
440
441
442
443
444
445
446
447
448
449
450
 * @return bool
 */
function ini_get_bool($ini_get_arg) {
    $temp = ini_get($ini_get_arg);

    if ($temp == '1' or strtolower($temp) == 'on') {
        return true;
    }
    return false;
}

451
452
453
454
455
456
457
458
459
460
461
462
463
/**
 * This function loads up the basic $CFG
 * from the database table
 * note that it doesn't load plugin config
 * as not every page needs them
 * @return boolean false if the assignment fails (generally if the databse is not installed)
 */
function load_config() {
    global $CFG;
    
    try {
        $dbconfig = get_records('config');
    } 
464
    catch (DatalibException $e) {
465
466
467
468
        return false;
    }
    
    foreach ($dbconfig as $cfg) {
469
        if (isset($CFG->{$cfg->field}) && $CFG->{$cfg->field} != $cfg->value) {
Penny Leach's avatar
Penny Leach committed
470
            // @todo warn that we're overriding db config with $CFG
471
472
473
474
475
476
477
478
479
            continue;
        }
        $CFG->{$cfg->field} = $cfg->value;
    }

    return true;
}

/**
480
481
482
483
484
485
 * This function returns a value from $CFG
 * or null if it is not found
 * 
 * @param string $key config setting to look for 
 * @return mixed
 */
486
487
488
489
490
491
492
493
function get_config($key) {
    global $CFG;
    if (array_key_exists($key,$CFG)) {
        return $CFG->$key;
    }
    return null;
}

494
495
496
497
498
499
500
501
502

/**
 * This function sets a config variable
 * both in $CFG and in the database
 *
 * @param string $key config field to set
 * @param string $value config value
 */
function set_config($key, $value) {
503
504
505
506
    global $CFG;

    if (get_record('config', 'field', $key)) {
        if (set_field('config', 'value', $value, 'field', $key)) {
Penny Leach's avatar
Penny Leach committed
507
508
509
510
511
512
513
            $status = true;
        }
    } 
    else {
        $config = new StdClass;
        $config->field = $key;
        $config->value = $value;
514
        $status = insert_record('config', $config);
Penny Leach's avatar
Penny Leach committed
515
516
517
    }

    if (!empty($status)) {
518
519
520
        $CFG->{$key} = $value;
        return true;
    }
Penny Leach's avatar
Penny Leach committed
521

522
523
524
525
526
527
528
529
530
531
532
533
534
535
    return false;
}

/**
 * This function returns a value for $CFG for a plugin
 * or null if it is not found
 * note that it may go and look in the database
 *
 * @param string $plugintype eg artefact
 * @param string $pluginname eg blog
 * @param string $key the config setting to look for
 */
function get_config_plugin($plugintype, $pluginname, $key) {
    global $CFG;
536

537
538
539
540
541
542
543
    if (array_key_exists('plugin',$CFG)
        && array_key_exists($plugintype,$CFG->plugin)
        && array_key_exists($pluginname,$CFG->plugin->{$plugintype})
        && array_key_exists($key,$CFG->plugin->{$plugintype}->{$pluginname})) {
        return  $CFG->plugin->{$plugintype}->{$pluginname}->{$key};
    }
    
544
545
546
    // @todo: an optimisation might be to get all fields related to the plugin instead, as
    // it may be quite likely that if one config item is requested for a plugin another
    // might be.
547
548
549
550
551
552
553
554
    if (!$value = get_field('config_'.$plugintype,'value','plugin',$pluginname,'field',$key)) {
        $value = null;
    } 
    
    $CFG->plugin->{$plugintype}->{$pluginname}->{$key} = $value;
    return $value;
}

Penny Leach's avatar
Penny Leach committed
555
function set_config_plugin($plugintype, $pluginname, $key, $value) {
556
    $table = 'config_' . $plugintype;
Penny Leach's avatar
Penny Leach committed
557

558
    if (get_field($table, 'value', 'plugin', $pluginname, 'field', $key)) {
Penny Leach's avatar
Penny Leach committed
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
        if (set_field($table,'value',$key,'plugin',$pluginname, 'field',$value)) { 
            $status = true;
        }
    }
    else {
        $pconfig = new StdClass;
        $pconfig->plugin = $pluginname;
        $pconfig->field  = $key;
        $pconfig->value  = $value;
        $status = insert_record($table,$pconfig);
    }
    if ($status) {
        $CFG->plugin->{$plugintype}->{$pluginname}->{$key} = $value;
        return true;
    }
    return false;
}

577
/**
578
579
580
581
582
 * This function prints an array or object
 * wrapped inside <pre></pre>
 * 
 * @param $mixed value to print
 */
583
584
585
586
587
588
function print_object($mixed) {
    echo '<pre>';
    print_r($mixed);
    echo '</pre>';
}

589
/**
590
591
592
593
594
595
 * This function returns the current 
 * language to use, either for a given user
 * or sitewide, or the default
 * 
 * @return string
 */
596
597
598
599
600
601
602
603
604
605
606
function current_language() {
    global $USER, $CFG;
    if (!empty($USER->lang)) {
        return $USER->lang;
    }
    if (!empty($CFG->lang)) {
        return $CFG->lang;
    }
    return 'en.utf8';
}

607
/**
608
609
610
611
612
613
 * Helper function to sprintf language strings
 * with a variable number of arguments
 * 
 * @param string $string raw string to use
 * @param array $args arguments to sprintf
 */
614
615
616
617
function format_langstring($string,$args) {
    return call_user_func_array('sprintf',array_merge(array($string),$args));
}

618
619
620
621
622
623
624
625
626
627
628
629
630
/**
 * Helper function to figure out whether an array is an array or a hash
 * @param array $array array to check
 * @return bool true if the array is a hash
 */
function is_hash($array) {
    if (!is_array($array)) {
        return false;
    }
    $diff = array_diff_assoc($array,array_values($array));
    return !empty($diff);
}

631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650


/**
 * Function to check if a directory exists and optionally create it.
 *
 * @param string absolute directory path
 * @param boolean create directory if does not exist
 * @param boolean create directory recursively
 *
 * @return boolean true if directory exists or created
 */
function check_dir_exists($dir, $create=true, $recursive=true) {

    $status = true;

    if(!is_dir($dir)) {
        if (!$create) {
            $status = false;
        } else {
            umask(0000); 
651
            $status = @mkdir($dir, 0777, true);
Nigel McNie's avatar
Nigel McNie committed
652
            // @todo has the umask been clobbered at this point, and is this a bad thing?
653
654
655
656
657
        }
    }
    return $status;
}

658
659
660
661
662
663
664
665
666
/**
 * Checks that a username is in valid form
 *
 * @todo need such a function for password too.
 */
function validate_username($username) {
    return preg_match('/^[a-zA-Z0-9_\.@]+$/', $username);
}

Penny Leach's avatar
Penny Leach committed
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
/**
 * Function to require a plugin file. This is to avoid doing 
 * require and include directly with variables.
 * This function is the one safe point to require plugin files.
 * so USE it :)
 * @param string $plugintype the type of plugin (eg artefact)
 * @param string $pluginname the name of the plugin (eg blog)
 * @param string $filename the name of the file to include within the plugin structure
 * @param string $function (optional, defaults to require) the require/include function to use
 * @param string $nonfatal (optional, defaults to false) just returns false if the file doesn't exist
 */
function safe_require($plugintype, $pluginname, $filename, $function='require', $nonfatal=false) {

    $plugintype = clean_filename($plugintype);
    $pluginname = clean_filename($pluginname);

    if (!in_array($function,array('require','include','require_once','include_once'))) {
        if (!empty($nonfatal)) {
            return false;
        }
        throw new Exception ('invalid require type');
    }

    $fullpath = get_config('docroot') . $plugintype . '/' . $pluginname . '/' . $filename;
    if (!$realpath = realpath($fullpath)) {
        if (!empty($nonfatal)) {
            return false;
        }
        throw new Exception ("File $fullpath did not exist");
    }

    if (strpos($realpath, get_config('docroot') !== 0)) {
        if (!empty($nonfatal)) {
            return false;
        }
        throw new Exception ("File $fullpath was outside document root!");
    }

    if ($function == 'require') { return require($realpath); }
    if ($function == 'include') { return include($realpath); }
    if ($function == 'require_once') { return require_once($realpath); }
    if ($function == 'include_once') { return include_once($realpath); }
    
}

712
713
714
715
716
717
718
719
720
721
722
/**
 * Used by XMLDB
 */
function debugging ($message, $level) {
    log_dbg($message);
}
function xmldb_dbg($message) {
    log_warn($message);
}
define('DEBUG_DEVELOPER', 'whocares');

723
?>