When filelib.php tries to download (or display) a file of (eg) .txt extension (ie, mimetype text/plain), it encounters this bit of code
else if ($mimetype == 'text/plain') {
$options->newlines = false;
$options->noclean = true;
$text = htmlentities($pathisstring ? $path : implode('', file($path)));
$output = '<pre>'. format_text($text, FORMAT_MOODLE, $options, $courseid) .'</pre>';
if (!empty($CFG->usesid) && empty($_COOKIE['MoodleSession'.$CFG->sessioncookie])) {
//cookieless mode - rewrite links
$output = sid_ob_rewrite($output);
}
@header('Content-Length: '.strlen($output));
@header('Content-Type: text/html; charset='.current_charset()); //add encoding
while (@ob_end_flush()); //flush the buffers - save memory and disable sid rewrite
echo $output;
which changes in to mimetype text/html runs it through format_text(), basically changing it to a fully formatted HTML file.
I have an idea that this could be a bad move. Although it works, if somebody uploads a .txt file (or it is generated by something like the quiz export) it cannot be downloaded in the same form by right-clicking the link and downloading the file. My particular gripe is that it breaks some exported quiz files.
I suggest that this should send the file as unformatted text/plain as nature intended.
Any thoughts/abuse?