Changeset 523

Timestamp:

May 24, 2015 3:01:42 PM (9 years ago)

Author:

anonymous

Message:

First set of changes towards 2.2.0. Improved functinoality with integration in wordpress; bugs fixed.

Location:

trunk

Files:

• bin/module_maker/_config.inc.php (modified) (3 diffs)
• bin/module_maker/form_template.cli.php (modified) (1 diff)
• lib/App.inc.php (modified) (13 diffs)
• lib/Cache.inc.php (modified) (2 diffs)
• lib/Lock.inc.php (modified) (4 diffs)
• lib/Navigation.inc.php (modified) (1 diff)
• lib/Upload.inc.php (modified) (2 diffs)
• lib/Utilities.inc.php (modified) (6 diffs)
• lib/Validator.inc.php (modified) (1 diff)
• lib/Version.inc.php (modified) (2 diffs)

trunk/bin/module_maker/_config.inc.php

@@ -36 +36 @@
 // Make sure necessary files exist.
 $db_auth_file = false;
+$db_json_file = false;
 $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(COMMON_BASE));
 $rii->setMaxDepth(2);
 foreach ($rii as $filename => $file) {
+    if (mb_strpos($filename, 'db_auth.json') !== false) {
+        $db_json_file = $filename;
+        break;
+    }
     if (mb_strpos($filename, 'db_auth.inc.php') !== false) {
         $db_auth_file = $filename;
@@ -45 +50 @@
 }
 
-if (!$db_auth_file) {
+if (!$db_auth_file && !$db_json_file) {
     die("Error: First argument directory must contain the global/db_auth.inc.php file with valid MySQL credentials.\n");
 }
@@ -72 +77 @@
     'error_reporting' => E_ALL,
     'log_screen_priority' => LOG_DEBUG,
+    'log_directory' => COMMON_BASE . '/log',
 ));
-require_once $db_auth_file;
+
+if ($db_json_file) {
+    $app->setParam(array(
+        'db_auth_file' => $db_json_file,
+    ));
+} else {
+    require_once $db_auth_file;
+}
 
 // Start application-based functionality: database, session, environment, ini setup, etc.
 // Most configuration parameters must be set before starting the App.
+define('_CLI', true);
 $app->start();
 

trunk/bin/module_maker/form_template.cli.php

@@ -100 +100 @@
     <label for="$field"><\x3fphp echo _("$title"); \x3f></label>
     <input type="file" name="$field" id="$field" />
-    <\x3fphp if ('' != \$upload->getFilenameGlob(getFormData('$primary_key') . '_*') && getFormData('op') == 'edit' || getFormData('op') == 'update') { \x3f>
-        <div class="sc-help"><\x3fphp printf(_("The current file <a href=\"%s/%2\\$s\"><strong>%2\\$s</strong></a> will be deleted if a new file is selected for upload."), '/_db_files/__///__', \$upload->getFilenameGlob(getFormData('$primary_key') . '_*')) \x3f></div>
+    <\x3fphp if ('' != \$upload->getFilenameGlob(getFormData('$primary_key') . '_*') && (getFormData('op') == 'edit' || getFormData('op') == 'update')) { \x3f>
+        <div class="sc-help"><\x3fphp printf(_("The current file <a href=\"%s/%2\\\$s\"><strong>%2\\\$s</strong></a> will be deleted if a new file is selected for upload."), '/_db_files/__///__', \$upload->getFilenameGlob(getFormData('$primary_key') . '_*')) \x3f></div>
     <\x3fphp } \x3f>
     <div class="sc-help"><\x3fphp printf(_("Allowed file types: %s."), join(', ', \$upload->getParam('valid_file_extensions'))) \x3f></div>

trunk/lib/App.inc.php

@@ -117 +117 @@
         'enable_db_session_handler' => false,
 
-        // DB passwords should be set as apache environment variables in httpd.conf, readable only by root.
+        // DB credentials should be set as apache environment variables in httpd.conf, readable only by root.
         'db_server' => 'localhost',
         'db_name' => null,
         'db_user' => null,
         'db_pass' => null,
+
+        // And for CLI scripts, which should include a JSON file at this specified location in the include path.
+        'db_auth_file' => 'db_auth.json',
 
         // Database debugging.
@@ -179 +182 @@
         // Don't change this unless you know existing hashes or signatures will not be affected!
         'signing_key' => 'aae6abd6209d82a691a9f96384a7634a',
+
+        // Force getFormData, getPost, and getGet to always run dispelMagicQuotes() with stripslashes().
+        // This should be set to 'true' when using the codebase with Wordpress because
+        // WP forcefully adds slashes to all input despite the setting of magic_quotes_gpc.
+        'always_dispel_magicquotes' => false,
     );
 
@@ -225 +233 @@
     {
         if (isset($param) && is_array($param)) {
-            // Merge new parameters with old overriding only those passed.
+            // Merge new parameters with old overriding old ones that are passed.
             $this->_params = array_merge($this->_params, $param);
 
             if ($this->running) {
-                // Params that require processing if changed during runtime.
+                // Params that require additional processing if set during runtime.
                 foreach ($param as $key => $val) {
                     switch ($key) {
@@ -325 +333 @@
         if (true === $this->getParam('enable_db')) {
 
-            // DB connection parameters taken from environment variables in the httpd.conf file, readable only by root.
+            // DB connection parameters taken from environment variables in the server httpd.conf file (readable only by root)

             if (!empty($_SERVER['DB_SERVER']) && !$this->getParam('db_server')) {
                 $this->setParam(array('db_server' => $_SERVER['DB_SERVER']));
@@ -337 +345 @@
             if (!empty($_SERVER['DB_PASS']) && !$this->getParam('db_pass')) {
                 $this->setParam(array('db_pass' => $_SERVER['DB_PASS']));
+            }
+
+            // DB credentials for CLI scripts stored in a JSON file with read rights given only to the user who will be executing the scripts: -rw-------
+            if (defined('_CLI')) {
+                if (false !== $db_auth_file = stream_resolve_include_path($this->getParam('db_auth_file'))) {
+                    if (is_readable($db_auth_file)) {
+                        $this->setParam(json_decode(file_get_contents($db_auth_file), true));
+                    } else {
+                        $this->logMsg(sprintf('Unable to read DB auth file: %s', $db_auth_file), LOG_ALERT, __FILE__, __LINE__);
+                    }
+                } else {
+                    $this->logMsg(sprintf('DB auth file not found: %s', $db_auth_file), LOG_ALERT, __FILE__, __LINE__);
+                }
             }
 
@@ -421 +442 @@
         // Character set. This should also be printed in the html header template.
         if (!defined('_CLI')) {
-            header('Content-type: text/html; charset=' . $this->getParam('character_set'));
+            if (!headers_sent($h_file, $h_line)) {
+                header('Content-type: text/html; charset=' . $this->getParam('character_set'));
+            } else {
+                $this->logMsg(sprintf('Unable to set Content-type; headers already sent (output started in %s : %s)', $h_file, $h_line), LOG_DEBUG, __FILE__, __LINE__);
+            }
         }
 
@@ -431 +456 @@
             $this->setParam(array('codebase_version' => $codebase_version));
             if (!defined('_CLI')) {
-                header('X-Codebase-Version: ' . $codebase_version);
+                if (!headers_sent($h_file, $h_line)) {
+                    header('X-Codebase-Version: ' . $codebase_version);
+                } else {
+                    $this->logMsg(sprintf('Unable to set X-Codebase-Version; headers already sent (output started in %s : %s)', $h_file, $h_line), LOG_DEBUG, __FILE__, __LINE__);
+                }
             }
         }
@@ -440 +469 @@
 
         // Set the application version if defined.
-        if (false !== stream_resolve_include_path($this->getParam('site_version_file'))) {
-            $site_version = trim(file_get_contents($this->getParam('site_version_file'), true));
+        if (false !== $site_version_file = stream_resolve_include_path($this->getParam('site_version_file'))) {
+            $site_version = trim(file_get_contents($site_version_file));
             $this->setParam(array('site_version' => $site_version));
             if (!defined('_CLI')) {
-                header('X-Site-Version: ' . $site_version);
+                if (!headers_sent($h_file, $h_line)) {
+                    header('X-Site-Version: ' . $site_version);
+                } else {
+                    $this->logMsg(sprintf('Unable to set X-Site-Version; headers already sent (output started in %s : %s)', $h_file, $h_line), LOG_DEBUG, __FILE__, __LINE__);
+                }
             }
         }
 
         $this->running = true;
+        return true;
     }
 
@@ -492 +526 @@
         if (!$this->running) {
             $this->logMsg(sprintf('Canceled method call %s, application not running.', __FUNCTION__), LOG_NOTICE, __FILE__, __LINE__);
+            return false;
+        }
+
+        if (!$this->getParam('enable_session')) {
+            $this->logMsg(sprintf('Canceled method call %s, session not enabled.', __FUNCTION__), LOG_NOTICE, __FILE__, __LINE__);
             return false;
         }
@@ -896 +935 @@
      * keys and values, including optional queries. This allows mindless retention
      * of query arguments across page requests. If cookies are not
-     * used, the session id will be propagated in the URL.
+     * used and session_use_trans_sid=true the session id will be propagated in the URL.
      *
      * @param  string $url              The initial url
@@ -1006 +1045 @@
      * @access  public
      * @param   (see param reference for url() method)
-     * @return  string          URL passed through $app->url() with ampersamds transformed to $amp;
+     * @return  string          URL passed through $app->url() with ampersands transformed to $amp;
      * @author  Quinn Comendant <quinn@strangecode.com>
      * @since   09 Dec 2005 17:58:45
@@ -1233 +1272 @@
 
         // Should we send a "303 See Other" header here instead of relying on the 302 sent automatically by PHP?
-        header(sprintf('Location: %s', $url));
-        $this->logMsg(sprintf('dieURL: %s', $url), LOG_DEBUG, __FILE__, __LINE__);
+        if (!headers_sent($h_file, $h_line)) {
+            header(sprintf('Location: %s', $url));
+            $this->logMsg(sprintf('dieURL: %s', $url), LOG_DEBUG, __FILE__, __LINE__);
+        } else {
+            // Fallback: die using meta refresh instead.
+            printf('<meta http-equiv="refresh" content="0;url=%s" />', $url);
+            $this->logMsg(sprintf('dieURL (refresh): %s; headers already sent (output started in %s : %s)', $url, $h_file, $h_line), LOG_NOTICE, __FILE__, __LINE__);
+        }
 
         // End application.
@@ -1278 +1323 @@
         } else if (isset($default_url)) {
             $url = $default_url;
-        } else if (!refererIsMe(true === $queryless_referrer_comparison)) {
+        } else if (!refererIsMe(true === $queryless_referrer_comparison) && '' != ($url = getenv('HTTP_REFERER'))) {
             // Ensure that the redirecting page is not also the referrer.
-            $url = getenv('HTTP_REFERER');
             $this->logMsg(sprintf('dieBoomerangURL(%s) using referrer: %s', $id, $url), LOG_DEBUG, __FILE__, __LINE__);
         } else {

trunk/lib/Cache.inc.php

@@ -79 +79 @@
 
         if (true !== $app->getParam('enable_session')) {
+            // Force disable the cache because there is no session to save to.
             $app->logMsg('Cache disabled, enable_session is false.', LOG_DEBUG, __FILE__, __LINE__);
             $this->setParam(array('enabled' => false));
-        }
-
-        if (!isset($_SESSION['_cache'][$this->_ns])) {
+        } else if (!isset($_SESSION['_cache'][$this->_ns])) {
+            // Otherwise, clear to initialize the session variable.
             $this->clear();
         }
@@ -252 +252 @@
     public function delete($key)
     {
+        $app =& App::getInstance();
+
+        if (true !== $this->getParam('enabled')) {
+            $app->logMsg(sprintf('Cache disabled, skipping delete of %s', $key), LOG_DEBUG, __FILE__, __LINE__);
+            return false;
+        }
+
         if (isset($_SESSION['_cache'][$this->_ns]) && array_key_exists($key, $_SESSION['_cache'][$this->_ns])) {
             unset($_SESSION['_cache'][$this->_ns][$key]);

trunk/lib/Lock.inc.php

@@ -31 +31 @@
 class Lock
 {
-
     // A place to keep an object instance for the singleton pattern.
     protected static $instance = null;
@@ -51 +50 @@
 
     // Auth_SQL object from which to access a current user_id.
-    protected $_auth;
+    protected $_auth = null;
 
     /**
@@ -60 +59 @@
      * @static
      */
-    public static function &getInstance($auth_object)
+    public static function &getInstance($auth_object=null)
     {
         if (self::$instance === null) {
@@ -74 +73 @@
      * @param mixed  $auth_object  An Auth_SQL or Auth_FILE object.
      */
-    public function __construct($auth_object)
-    {
-        $app =& App::getInstance();
-
-        if (!method_exists($auth_object, 'get') || !method_exists($auth_object, 'getUsername')) {
-            trigger_error('Constructor not provided a valid Auth_* object.', E_USER_ERROR);
-        }
-
-        $this->_auth = $auth_object;
+    public function __construct($auth_object=null)
+    {
+        $app =& App::getInstance();
+
+        if (!is_null($auth_object) || is_null($this->_auth)) {
+            if (!method_exists($auth_object, 'get') || !method_exists($auth_object, 'getUsername')) {
+                trigger_error('Constructor not provided a valid Auth_* object.', E_USER_ERROR);
+            }
+
+            $this->_auth = $auth_object;
+        }
 
         // Get create tables config from global context.

trunk/lib/Navigation.inc.php

@@ -351 +351 @@
     public function getBreadcrumbsUL()
     {
+        $out = '';
         $breadcrumbs = $this->getBreadcrumbsArray();
         if (!empty($breadcrumbs)) {
-            ?><ul class="breadcrumbs"><?php
+            $out = '<ul class="breadcrumbs">';
             foreach ($breadcrumbs as $b) {
                 $printclass = '' != $b['class'] ? sprintf(' class="%s"', $b['class']) : '';
-                printf('<li%s><a href="%s">%s</a></li>', $printclass, $b['url'], $b['title']);
-            }
-            ?></ul><?php
-        }
-        unset($key, $value);
+                $out .= sprintf('<li%s><a href="%s">%s</a></li>', $printclass, $b['url'], $b['title']);
+            }
+            $out .= '</ul>';
+        }
+        return $out;
     }
 

trunk/lib/Upload.inc.php

@@ -80 +80 @@
 
         if (isset($params) && is_array($params)) {
-
             // Enforce valid upload_path parameter.
             if (isset($params['upload_path'])) {
-                $upload_path = realpath($params['upload_path']);
                 // Source must be directory.
-                if (!is_dir($upload_path)) {
-                    $app->logMsg(sprintf('Attempting to auto-create upload directory: %s', $upload_path), LOG_NOTICE, __FILE__, __LINE__);
-                    if (version_compare(PHP_VERSION, '5.0.0', '>=')) {
-                        // Recursive.
-                        mkdir($upload_path, isset($params['dest_dir_perms']) ? $params['dest_dir_perms'] : $this->getParam('dest_dir_perms'), true);
+                if (!is_dir($params['upload_path'])) {
+                    $app->logMsg(sprintf('Attempting to auto-create upload directory: %s', $params['upload_path']), LOG_NOTICE, __FILE__, __LINE__);
+                    mkdir($params['upload_path'], isset($params['dest_dir_perms']) ? $params['dest_dir_perms'] : $this->getParam('dest_dir_perms'), true);
+                    if (is_dir($params['upload_path'])) {
+                        $app->logMsg(sprintf('Created upload directory: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__);
                     } else {
-                        mkdir($upload_path, isset($params['dest_dir_perms']) ? $params['dest_dir_perms'] : $this->getParam('dest_dir_perms'));
-                    }
-                    if (!is_dir($upload_path)) {
-                        $app->logMsg(sprintf('Upload directory invalid: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__);
-                        trigger_error(sprintf('Upload directory invalid: %s', $params['upload_path']), E_USER_ERROR);
+                        $app->logMsg(sprintf('Upload directory not found: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__);
+                        trigger_error(sprintf('Upload directory not found: %s', $params['upload_path']), E_USER_ERROR);
                     }
                 }
                 // Source must be writable.
-                if (!is_writable($upload_path)) {
+                if (!is_writable($params['upload_path'])) {
                     $app->logMsg(sprintf('Upload directory not writable: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__);
                     trigger_error(sprintf('Upload directory not writable: %s', $params['upload_path']), E_USER_ERROR);
@@ -189 +184 @@
             if ('' == trim($files['name'][$i])) {
                 // User may not have attached a file.
+                $app->logMsg(sprintf('Skipping file %s with empty name', $i), LOG_DEBUG, __FILE__, __LINE__);
                 continue;
             }

trunk/lib/Utilities.inc.php

@@ -609 +609 @@
 /**
  * Tests the existence of a file anywhere in the include path.
+ * Replaced by stream_resolve_include_path() in PHP 5 >= 5.3.2
  *
  * @param   string  $file   File in include path.
@@ -897 +898 @@
 {
     // Translate the human string date into SQL-safe date format.
-    if (empty($date) || mb_strpos($date, '0000-00-00') !== false || strtotime($date) === -1 || strtotime($date) === false) {
+    if (empty($date) || mb_strpos($date, '0000-00-00') !== false || strtotime($date) === -1 || strtotime($date) === false || strtotime($date) === null) {
         // Return a string of zero time, formatted the same as $format.
         return strtr($format, array(
@@ -920 +921 @@
  * @return mixed        $var, minus any magic quotes.
  */
-function dispelMagicQuotes($var)
+function dispelMagicQuotes($var, $always=false)
 {
     static $magic_quotes_gpc;
@@ -928 +929 @@
     }
 
-    if ($magic_quotes_gpc) {
+    if ($always || $magic_quotes_gpc) {
         if (!is_array($var)) {
             $var = stripslashes($var);
@@ -934 +935 @@
             foreach ($var as $key=>$val) {
                 if (is_array($val)) {
-                    $var[$key] = dispelMagicQuotes($val);
+                    $var[$key] = dispelMagicQuotes($val, $always);
                 } else {
                     $var[$key] = stripslashes($val);
@@ -956 +957 @@
 function getFormData($var=null, $default=null)
 {
+    $app =& App::getInstance();
+
     if ('POST' == getenv('REQUEST_METHOD') && is_null($var)) {
-        return dispelMagicQuotes($_POST);
+        return dispelMagicQuotes($_POST, $app->getParam('always_dispel_magicquotes'));
     } else if ('GET' == getenv('REQUEST_METHOD') && is_null($var)) {
-        return dispelMagicQuotes($_GET);
+        return dispelMagicQuotes($_GET, $app->getParam('always_dispel_magicquotes'));
     }
     if (isset($_POST[$var])) {
-        return dispelMagicQuotes($_POST[$var]);
+        return dispelMagicQuotes($_POST[$var], $app->getParam('always_dispel_magicquotes'));
     } else if (isset($_GET[$var])) {
-        return dispelMagicQuotes($_GET[$var]);
+        return dispelMagicQuotes($_GET[$var], $app->getParam('always_dispel_magicquotes'));
     } else {
         return $default;
     }
 }
+
 function getPost($var=null, $default=null)
 {
+    $app =& App::getInstance();
+
     if (is_null($var)) {
-        return dispelMagicQuotes($_POST);
+        return dispelMagicQuotes($_POST, $app->getParam('always_dispel_magicquotes'));
     }
     if (isset($_POST[$var])) {
-        return dispelMagicQuotes($_POST[$var]);
+        return dispelMagicQuotes($_POST[$var], $app->getParam('always_dispel_magicquotes'));
     } else {
         return $default;
     }
 }
+
 function getGet($var=null, $default=null)
 {
+    $app =& App::getInstance();
     if (is_null($var)) {
-        return dispelMagicQuotes($_GET);
+        return dispelMagicQuotes($_GET, $app->getParam('always_dispel_magicquotes'));
     }
     if (isset($_GET[$var])) {
-        return dispelMagicQuotes($_GET[$var]);
+        return dispelMagicQuotes($_GET[$var], $app->getParam('always_dispel_magicquotes'));
     } else {
         return $default;

trunk/lib/Validator.inc.php

@@ -267 +267 @@
             return true;
         }
+    }
+
+    /*
+    * Checks if value is a "zero" SQL DATE, DATETIME, or TIMESTAMP value (or simply empty).
+    *
+    * @access   public
+    * @param    string  $val    String to check.
+    * @return   bool            True if value is an empty date.
+    * @author   Quinn Comendant <quinn@strangecode.com>
+    * @version  1.0
+    * @since    19 May 2015 09:57:27
+    */
+    static public function isEmptyDate($val)
+    {
+        if (empty($val) || '0000-00-00 00:00:00' == $val || '0000-00-00' == $val || '00:00:00' == $val) {
+            return true;
+        }
+        return false;
     }
 

trunk/lib/Version.inc.php

@@ -67 +67 @@
      * @static
      */
-    public static function &getInstance($auth_object)
+    public static function &getInstance($auth_object=null)
     {
         if (self::$instance === null) {
@@ -81 +81 @@
      * @param mixed  $auth_object  An Auth_SQL object.
      */
-    public function __construct($auth_object)
-    {
-        $app =& App::getInstance();
-
-        if (!method_exists($auth_object, 'get') || !method_exists($auth_object, 'getUsername')) {
-            trigger_error('Constructor not provided a valid Auth_* object.', E_USER_ERROR);
-        }
-
-        $this->_auth = $auth_object;
+    public function __construct($auth_object=null)
+    {
+        $app =& App::getInstance();
+
+        if (!is_null($auth_object) || is_null($this->_auth)) {
+            if (!method_exists($auth_object, 'get') || !method_exists($auth_object, 'getUsername')) {
+                trigger_error('Constructor not provided a valid Auth_* object.', E_USER_ERROR);
+            }
+
+            $this->_auth = $auth_object;
+        }
 
         // Get create tables config from global context.