Changeset 523
- Timestamp:
- May 24, 2015 3:01:42 PM (9 years ago)
- Location:
- trunk
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bin/module_maker/_config.inc.php
r500 r523 36 36 // Make sure necessary files exist. 37 37 $db_auth_file = false; 38 $db_json_file = false; 38 39 $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(COMMON_BASE)); 39 40 $rii->setMaxDepth(2); 40 41 foreach ($rii as $filename => $file) { 42 if (mb_strpos($filename, 'db_auth.json') !== false) { 43 $db_json_file = $filename; 44 break; 45 } 41 46 if (mb_strpos($filename, 'db_auth.inc.php') !== false) { 42 47 $db_auth_file = $filename; … … 45 50 } 46 51 47 if (!$db_auth_file ) {52 if (!$db_auth_file && !$db_json_file) { 48 53 die("Error: First argument directory must contain the global/db_auth.inc.php file with valid MySQL credentials.\n"); 49 54 } … … 72 77 'error_reporting' => E_ALL, 73 78 'log_screen_priority' => LOG_DEBUG, 79 'log_directory' => COMMON_BASE . '/log', 74 80 )); 75 require_once $db_auth_file; 81 82 if ($db_json_file) { 83 $app->setParam(array( 84 'db_auth_file' => $db_json_file, 85 )); 86 } else { 87 require_once $db_auth_file; 88 } 76 89 77 90 // Start application-based functionality: database, session, environment, ini setup, etc. 78 91 // Most configuration parameters must be set before starting the App. 92 define('_CLI', true); 79 93 $app->start(); 80 94 -
trunk/bin/module_maker/form_template.cli.php
r485 r523 100 100 <label for="$field"><\x3fphp echo _("$title"); \x3f></label> 101 101 <input type="file" name="$field" id="$field" /> 102 <\x3fphp if ('' != \$upload->getFilenameGlob(getFormData('$primary_key') . '_*') && getFormData('op') == 'edit' || getFormData('op') == 'update') { \x3f>103 <div class="sc-help"><\x3fphp printf(_("The current file <a href=\"%s/%2\\ $s\"><strong>%2\\$s</strong></a> will be deleted if a new file is selected for upload."), '/_db_files/__///__', \$upload->getFilenameGlob(getFormData('$primary_key') . '_*')) \x3f></div>102 <\x3fphp if ('' != \$upload->getFilenameGlob(getFormData('$primary_key') . '_*') && (getFormData('op') == 'edit' || getFormData('op') == 'update')) { \x3f> 103 <div class="sc-help"><\x3fphp printf(_("The current file <a href=\"%s/%2\\\$s\"><strong>%2\\\$s</strong></a> will be deleted if a new file is selected for upload."), '/_db_files/__///__', \$upload->getFilenameGlob(getFormData('$primary_key') . '_*')) \x3f></div> 104 104 <\x3fphp } \x3f> 105 105 <div class="sc-help"><\x3fphp printf(_("Allowed file types: %s."), join(', ', \$upload->getParam('valid_file_extensions'))) \x3f></div> -
trunk/lib/App.inc.php
r518 r523 117 117 'enable_db_session_handler' => false, 118 118 119 // DB passwords should be set as apache environment variables in httpd.conf, readable only by root.119 // DB credentials should be set as apache environment variables in httpd.conf, readable only by root. 120 120 'db_server' => 'localhost', 121 121 'db_name' => null, 122 122 'db_user' => null, 123 123 'db_pass' => null, 124 125 // And for CLI scripts, which should include a JSON file at this specified location in the include path. 126 'db_auth_file' => 'db_auth.json', 124 127 125 128 // Database debugging. … … 179 182 // Don't change this unless you know existing hashes or signatures will not be affected! 180 183 'signing_key' => 'aae6abd6209d82a691a9f96384a7634a', 184 185 // Force getFormData, getPost, and getGet to always run dispelMagicQuotes() with stripslashes(). 186 // This should be set to 'true' when using the codebase with Wordpress because 187 // WP forcefully adds slashes to all input despite the setting of magic_quotes_gpc. 188 'always_dispel_magicquotes' => false, 181 189 ); 182 190 … … 225 233 { 226 234 if (isset($param) && is_array($param)) { 227 // Merge new parameters with old overriding o nly those passed.235 // Merge new parameters with old overriding old ones that are passed. 228 236 $this->_params = array_merge($this->_params, $param); 229 237 230 238 if ($this->running) { 231 // Params that require processing if changedduring runtime.239 // Params that require additional processing if set during runtime. 232 240 foreach ($param as $key => $val) { 233 241 switch ($key) { … … 325 333 if (true === $this->getParam('enable_db')) { 326 334 327 // DB connection parameters taken from environment variables in the httpd.conf file, readable only by root.335 // DB connection parameters taken from environment variables in the server httpd.conf file (readable only by root)⊠328 336 if (!empty($_SERVER['DB_SERVER']) && !$this->getParam('db_server')) { 329 337 $this->setParam(array('db_server' => $_SERVER['DB_SERVER'])); … … 337 345 if (!empty($_SERVER['DB_PASS']) && !$this->getParam('db_pass')) { 338 346 $this->setParam(array('db_pass' => $_SERVER['DB_PASS'])); 347 } 348 349 // DB credentials for CLI scripts stored in a JSON file with read rights given only to the user who will be executing the scripts: -rw------- 350 if (defined('_CLI')) { 351 if (false !== $db_auth_file = stream_resolve_include_path($this->getParam('db_auth_file'))) { 352 if (is_readable($db_auth_file)) { 353 $this->setParam(json_decode(file_get_contents($db_auth_file), true)); 354 } else { 355 $this->logMsg(sprintf('Unable to read DB auth file: %s', $db_auth_file), LOG_ALERT, __FILE__, __LINE__); 356 } 357 } else { 358 $this->logMsg(sprintf('DB auth file not found: %s', $db_auth_file), LOG_ALERT, __FILE__, __LINE__); 359 } 339 360 } 340 361 … … 421 442 // Character set. This should also be printed in the html header template. 422 443 if (!defined('_CLI')) { 423 header('Content-type: text/html; charset=' . $this->getParam('character_set')); 444 if (!headers_sent($h_file, $h_line)) { 445 header('Content-type: text/html; charset=' . $this->getParam('character_set')); 446 } else { 447 $this->logMsg(sprintf('Unable to set Content-type; headers already sent (output started in %s : %s)', $h_file, $h_line), LOG_DEBUG, __FILE__, __LINE__); 448 } 424 449 } 425 450 … … 431 456 $this->setParam(array('codebase_version' => $codebase_version)); 432 457 if (!defined('_CLI')) { 433 header('X-Codebase-Version: ' . $codebase_version); 458 if (!headers_sent($h_file, $h_line)) { 459 header('X-Codebase-Version: ' . $codebase_version); 460 } else { 461 $this->logMsg(sprintf('Unable to set X-Codebase-Version; headers already sent (output started in %s : %s)', $h_file, $h_line), LOG_DEBUG, __FILE__, __LINE__); 462 } 434 463 } 435 464 } … … 440 469 441 470 // Set the application version if defined. 442 if (false !== stream_resolve_include_path($this->getParam('site_version_file'))) {443 $site_version = trim(file_get_contents($ this->getParam('site_version_file'), true));471 if (false !== $site_version_file = stream_resolve_include_path($this->getParam('site_version_file'))) { 472 $site_version = trim(file_get_contents($site_version_file)); 444 473 $this->setParam(array('site_version' => $site_version)); 445 474 if (!defined('_CLI')) { 446 header('X-Site-Version: ' . $site_version); 475 if (!headers_sent($h_file, $h_line)) { 476 header('X-Site-Version: ' . $site_version); 477 } else { 478 $this->logMsg(sprintf('Unable to set X-Site-Version; headers already sent (output started in %s : %s)', $h_file, $h_line), LOG_DEBUG, __FILE__, __LINE__); 479 } 447 480 } 448 481 } 449 482 450 483 $this->running = true; 484 return true; 451 485 } 452 486 … … 492 526 if (!$this->running) { 493 527 $this->logMsg(sprintf('Canceled method call %s, application not running.', __FUNCTION__), LOG_NOTICE, __FILE__, __LINE__); 528 return false; 529 } 530 531 if (!$this->getParam('enable_session')) { 532 $this->logMsg(sprintf('Canceled method call %s, session not enabled.', __FUNCTION__), LOG_NOTICE, __FILE__, __LINE__); 494 533 return false; 495 534 } … … 896 935 * keys and values, including optional queries. This allows mindless retention 897 936 * of query arguments across page requests. If cookies are not 898 * used ,the session id will be propagated in the URL.937 * used and session_use_trans_sid=true the session id will be propagated in the URL. 899 938 * 900 939 * @param string $url The initial url … … 1006 1045 * @access public 1007 1046 * @param (see param reference for url() method) 1008 * @return string URL passed through $app->url() with ampersa mds transformed to $amp;1047 * @return string URL passed through $app->url() with ampersands transformed to $amp; 1009 1048 * @author Quinn Comendant <quinn@strangecode.com> 1010 1049 * @since 09 Dec 2005 17:58:45 … … 1233 1272 1234 1273 // Should we send a "303 See Other" header here instead of relying on the 302 sent automatically by PHP? 1235 header(sprintf('Location: %s', $url)); 1236 $this->logMsg(sprintf('dieURL: %s', $url), LOG_DEBUG, __FILE__, __LINE__); 1274 if (!headers_sent($h_file, $h_line)) { 1275 header(sprintf('Location: %s', $url)); 1276 $this->logMsg(sprintf('dieURL: %s', $url), LOG_DEBUG, __FILE__, __LINE__); 1277 } else { 1278 // Fallback: die using meta refresh instead. 1279 printf('<meta http-equiv="refresh" content="0;url=%s" />', $url); 1280 $this->logMsg(sprintf('dieURL (refresh): %s; headers already sent (output started in %s : %s)', $url, $h_file, $h_line), LOG_NOTICE, __FILE__, __LINE__); 1281 } 1237 1282 1238 1283 // End application. … … 1278 1323 } else if (isset($default_url)) { 1279 1324 $url = $default_url; 1280 } else if (!refererIsMe(true === $queryless_referrer_comparison) ) {1325 } else if (!refererIsMe(true === $queryless_referrer_comparison) && '' != ($url = getenv('HTTP_REFERER'))) { 1281 1326 // Ensure that the redirecting page is not also the referrer. 1282 $url = getenv('HTTP_REFERER');1283 1327 $this->logMsg(sprintf('dieBoomerangURL(%s) using referrer: %s', $id, $url), LOG_DEBUG, __FILE__, __LINE__); 1284 1328 } else { -
trunk/lib/Cache.inc.php
r502 r523 79 79 80 80 if (true !== $app->getParam('enable_session')) { 81 // Force disable the cache because there is no session to save to. 81 82 $app->logMsg('Cache disabled, enable_session is false.', LOG_DEBUG, __FILE__, __LINE__); 82 83 $this->setParam(array('enabled' => false)); 83 } 84 85 if (!isset($_SESSION['_cache'][$this->_ns])) { 84 } else if (!isset($_SESSION['_cache'][$this->_ns])) { 85 // Otherwise, clear to initialize the session variable. 86 86 $this->clear(); 87 87 } … … 252 252 public function delete($key) 253 253 { 254 $app =& App::getInstance(); 255 256 if (true !== $this->getParam('enabled')) { 257 $app->logMsg(sprintf('Cache disabled, skipping delete of %s', $key), LOG_DEBUG, __FILE__, __LINE__); 258 return false; 259 } 260 254 261 if (isset($_SESSION['_cache'][$this->_ns]) && array_key_exists($key, $_SESSION['_cache'][$this->_ns])) { 255 262 unset($_SESSION['_cache'][$this->_ns][$key]); -
trunk/lib/Lock.inc.php
r502 r523 31 31 class Lock 32 32 { 33 34 33 // A place to keep an object instance for the singleton pattern. 35 34 protected static $instance = null; … … 51 50 52 51 // Auth_SQL object from which to access a current user_id. 53 protected $_auth ;52 protected $_auth = null; 54 53 55 54 /** … … 60 59 * @static 61 60 */ 62 public static function &getInstance($auth_object )61 public static function &getInstance($auth_object=null) 63 62 { 64 63 if (self::$instance === null) { … … 74 73 * @param mixed $auth_object An Auth_SQL or Auth_FILE object. 75 74 */ 76 public function __construct($auth_object) 77 { 78 $app =& App::getInstance(); 79 80 if (!method_exists($auth_object, 'get') || !method_exists($auth_object, 'getUsername')) { 81 trigger_error('Constructor not provided a valid Auth_* object.', E_USER_ERROR); 82 } 83 84 $this->_auth = $auth_object; 75 public function __construct($auth_object=null) 76 { 77 $app =& App::getInstance(); 78 79 if (!is_null($auth_object) || is_null($this->_auth)) { 80 if (!method_exists($auth_object, 'get') || !method_exists($auth_object, 'getUsername')) { 81 trigger_error('Constructor not provided a valid Auth_* object.', E_USER_ERROR); 82 } 83 84 $this->_auth = $auth_object; 85 } 85 86 86 87 // Get create tables config from global context. -
trunk/lib/Navigation.inc.php
r502 r523 351 351 public function getBreadcrumbsUL() 352 352 { 353 $out = ''; 353 354 $breadcrumbs = $this->getBreadcrumbsArray(); 354 355 if (!empty($breadcrumbs)) { 355 ?><ul class="breadcrumbs"><?php356 $out = '<ul class="breadcrumbs">'; 356 357 foreach ($breadcrumbs as $b) { 357 358 $printclass = '' != $b['class'] ? sprintf(' class="%s"', $b['class']) : ''; 358 printf('<li%s><a href="%s">%s</a></li>', $printclass, $b['url'], $b['title']);359 } 360 ?></ul><?php361 } 362 unset($key, $value);359 $out .= sprintf('<li%s><a href="%s">%s</a></li>', $printclass, $b['url'], $b['title']); 360 } 361 $out .= '</ul>'; 362 } 363 return $out; 363 364 } 364 365 -
trunk/lib/Upload.inc.php
r519 r523 80 80 81 81 if (isset($params) && is_array($params)) { 82 83 82 // Enforce valid upload_path parameter. 84 83 if (isset($params['upload_path'])) { 85 $upload_path = realpath($params['upload_path']);86 84 // Source must be directory. 87 if (!is_dir($ upload_path)) {88 $app->logMsg(sprintf('Attempting to auto-create upload directory: %s', $ upload_path), LOG_NOTICE, __FILE__, __LINE__);89 if (version_compare(PHP_VERSION, '5.0.0', '>=')) {90 // Recursive.91 mkdir($upload_path, isset($params['dest_dir_perms']) ? $params['dest_dir_perms'] : $this->getParam('dest_dir_perms'), true);85 if (!is_dir($params['upload_path'])) { 86 $app->logMsg(sprintf('Attempting to auto-create upload directory: %s', $params['upload_path']), LOG_NOTICE, __FILE__, __LINE__); 87 mkdir($params['upload_path'], isset($params['dest_dir_perms']) ? $params['dest_dir_perms'] : $this->getParam('dest_dir_perms'), true); 88 if (is_dir($params['upload_path'])) { 89 $app->logMsg(sprintf('Created upload directory: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__); 92 90 } else { 93 mkdir($upload_path, isset($params['dest_dir_perms']) ? $params['dest_dir_perms'] : $this->getParam('dest_dir_perms')); 94 } 95 if (!is_dir($upload_path)) { 96 $app->logMsg(sprintf('Upload directory invalid: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__); 97 trigger_error(sprintf('Upload directory invalid: %s', $params['upload_path']), E_USER_ERROR); 91 $app->logMsg(sprintf('Upload directory not found: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__); 92 trigger_error(sprintf('Upload directory not found: %s', $params['upload_path']), E_USER_ERROR); 98 93 } 99 94 } 100 95 // Source must be writable. 101 if (!is_writable($ upload_path)) {96 if (!is_writable($params['upload_path'])) { 102 97 $app->logMsg(sprintf('Upload directory not writable: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__); 103 98 trigger_error(sprintf('Upload directory not writable: %s', $params['upload_path']), E_USER_ERROR); … … 189 184 if ('' == trim($files['name'][$i])) { 190 185 // User may not have attached a file. 186 $app->logMsg(sprintf('Skipping file %s with empty name', $i), LOG_DEBUG, __FILE__, __LINE__); 191 187 continue; 192 188 } -
trunk/lib/Utilities.inc.php
r520 r523 609 609 /** 610 610 * Tests the existence of a file anywhere in the include path. 611 * Replaced by stream_resolve_include_path() in PHP 5 >= 5.3.2 611 612 * 612 613 * @param string $file File in include path. … … 897 898 { 898 899 // Translate the human string date into SQL-safe date format. 899 if (empty($date) || mb_strpos($date, '0000-00-00') !== false || strtotime($date) === -1 || strtotime($date) === false ) {900 if (empty($date) || mb_strpos($date, '0000-00-00') !== false || strtotime($date) === -1 || strtotime($date) === false || strtotime($date) === null) { 900 901 // Return a string of zero time, formatted the same as $format. 901 902 return strtr($format, array( … … 920 921 * @return mixed $var, minus any magic quotes. 921 922 */ 922 function dispelMagicQuotes($var )923 function dispelMagicQuotes($var, $always=false) 923 924 { 924 925 static $magic_quotes_gpc; … … 928 929 } 929 930 930 if ($ magic_quotes_gpc) {931 if ($always || $magic_quotes_gpc) { 931 932 if (!is_array($var)) { 932 933 $var = stripslashes($var); … … 934 935 foreach ($var as $key=>$val) { 935 936 if (is_array($val)) { 936 $var[$key] = dispelMagicQuotes($val );937 $var[$key] = dispelMagicQuotes($val, $always); 937 938 } else { 938 939 $var[$key] = stripslashes($val); … … 956 957 function getFormData($var=null, $default=null) 957 958 { 959 $app =& App::getInstance(); 960 958 961 if ('POST' == getenv('REQUEST_METHOD') && is_null($var)) { 959 return dispelMagicQuotes($_POST );962 return dispelMagicQuotes($_POST, $app->getParam('always_dispel_magicquotes')); 960 963 } else if ('GET' == getenv('REQUEST_METHOD') && is_null($var)) { 961 return dispelMagicQuotes($_GET );964 return dispelMagicQuotes($_GET, $app->getParam('always_dispel_magicquotes')); 962 965 } 963 966 if (isset($_POST[$var])) { 964 return dispelMagicQuotes($_POST[$var] );967 return dispelMagicQuotes($_POST[$var], $app->getParam('always_dispel_magicquotes')); 965 968 } else if (isset($_GET[$var])) { 966 return dispelMagicQuotes($_GET[$var] );969 return dispelMagicQuotes($_GET[$var], $app->getParam('always_dispel_magicquotes')); 967 970 } else { 968 971 return $default; 969 972 } 970 973 } 974 971 975 function getPost($var=null, $default=null) 972 976 { 977 $app =& App::getInstance(); 978 973 979 if (is_null($var)) { 974 return dispelMagicQuotes($_POST );980 return dispelMagicQuotes($_POST, $app->getParam('always_dispel_magicquotes')); 975 981 } 976 982 if (isset($_POST[$var])) { 977 return dispelMagicQuotes($_POST[$var] );983 return dispelMagicQuotes($_POST[$var], $app->getParam('always_dispel_magicquotes')); 978 984 } else { 979 985 return $default; 980 986 } 981 987 } 988 982 989 function getGet($var=null, $default=null) 983 990 { 991 $app =& App::getInstance(); 984 992 if (is_null($var)) { 985 return dispelMagicQuotes($_GET );993 return dispelMagicQuotes($_GET, $app->getParam('always_dispel_magicquotes')); 986 994 } 987 995 if (isset($_GET[$var])) { 988 return dispelMagicQuotes($_GET[$var] );996 return dispelMagicQuotes($_GET[$var], $app->getParam('always_dispel_magicquotes')); 989 997 } else { 990 998 return $default; -
trunk/lib/Validator.inc.php
r502 r523 267 267 return true; 268 268 } 269 } 270 271 /* 272 * Checks if value is a "zero" SQL DATE, DATETIME, or TIMESTAMP value (or simply empty). 273 * 274 * @access public 275 * @param string $val String to check. 276 * @return bool True if value is an empty date. 277 * @author Quinn Comendant <quinn@strangecode.com> 278 * @version 1.0 279 * @since 19 May 2015 09:57:27 280 */ 281 static public function isEmptyDate($val) 282 { 283 if (empty($val) || '0000-00-00 00:00:00' == $val || '0000-00-00' == $val || '00:00:00' == $val) { 284 return true; 285 } 286 return false; 269 287 } 270 288 -
trunk/lib/Version.inc.php
r502 r523 67 67 * @static 68 68 */ 69 public static function &getInstance($auth_object )69 public static function &getInstance($auth_object=null) 70 70 { 71 71 if (self::$instance === null) { … … 81 81 * @param mixed $auth_object An Auth_SQL object. 82 82 */ 83 public function __construct($auth_object) 84 { 85 $app =& App::getInstance(); 86 87 if (!method_exists($auth_object, 'get') || !method_exists($auth_object, 'getUsername')) { 88 trigger_error('Constructor not provided a valid Auth_* object.', E_USER_ERROR); 89 } 90 91 $this->_auth = $auth_object; 83 public function __construct($auth_object=null) 84 { 85 $app =& App::getInstance(); 86 87 if (!is_null($auth_object) || is_null($this->_auth)) { 88 if (!method_exists($auth_object, 'get') || !method_exists($auth_object, 'getUsername')) { 89 trigger_error('Constructor not provided a valid Auth_* object.', E_USER_ERROR); 90 } 91 92 $this->_auth = $auth_object; 93 } 92 94 93 95 // Get create tables config from global context.
Note: See TracChangeset
for help on using the changeset viewer.