Changeset 523 for trunk/lib/App.inc.php

Timestamp:

May 24, 2015 3:01:42 PM (9 years ago)

Author:

anonymous

Message:

First set of changes towards 2.2.0. Improved functinoality with integration in wordpress; bugs fixed.

File:

• trunk/lib/App.inc.php (modified) (13 diffs)

trunk/lib/App.inc.php

@@ -117 +117 @@
         'enable_db_session_handler' => false,
 
-        // DB passwords should be set as apache environment variables in httpd.conf, readable only by root.
+        // DB credentials should be set as apache environment variables in httpd.conf, readable only by root.
         'db_server' => 'localhost',
         'db_name' => null,
         'db_user' => null,
         'db_pass' => null,
+
+        // And for CLI scripts, which should include a JSON file at this specified location in the include path.
+        'db_auth_file' => 'db_auth.json',
 
         // Database debugging.
@@ -179 +182 @@
         // Don't change this unless you know existing hashes or signatures will not be affected!
         'signing_key' => 'aae6abd6209d82a691a9f96384a7634a',
+
+        // Force getFormData, getPost, and getGet to always run dispelMagicQuotes() with stripslashes().
+        // This should be set to 'true' when using the codebase with Wordpress because
+        // WP forcefully adds slashes to all input despite the setting of magic_quotes_gpc.
+        'always_dispel_magicquotes' => false,
     );
 
@@ -225 +233 @@
     {
         if (isset($param) && is_array($param)) {
-            // Merge new parameters with old overriding only those passed.
+            // Merge new parameters with old overriding old ones that are passed.
             $this->_params = array_merge($this->_params, $param);
 
             if ($this->running) {
-                // Params that require processing if changed during runtime.
+                // Params that require additional processing if set during runtime.
                 foreach ($param as $key => $val) {
                     switch ($key) {
@@ -325 +333 @@
         if (true === $this->getParam('enable_db')) {
 
-            // DB connection parameters taken from environment variables in the httpd.conf file, readable only by root.
+            // DB connection parameters taken from environment variables in the server httpd.conf file (readable only by root)

             if (!empty($_SERVER['DB_SERVER']) && !$this->getParam('db_server')) {
                 $this->setParam(array('db_server' => $_SERVER['DB_SERVER']));
@@ -337 +345 @@
             if (!empty($_SERVER['DB_PASS']) && !$this->getParam('db_pass')) {
                 $this->setParam(array('db_pass' => $_SERVER['DB_PASS']));
+            }
+
+            // DB credentials for CLI scripts stored in a JSON file with read rights given only to the user who will be executing the scripts: -rw-------
+            if (defined('_CLI')) {
+                if (false !== $db_auth_file = stream_resolve_include_path($this->getParam('db_auth_file'))) {
+                    if (is_readable($db_auth_file)) {
+                        $this->setParam(json_decode(file_get_contents($db_auth_file), true));
+                    } else {
+                        $this->logMsg(sprintf('Unable to read DB auth file: %s', $db_auth_file), LOG_ALERT, __FILE__, __LINE__);
+                    }
+                } else {
+                    $this->logMsg(sprintf('DB auth file not found: %s', $db_auth_file), LOG_ALERT, __FILE__, __LINE__);
+                }
             }
 
@@ -421 +442 @@
         // Character set. This should also be printed in the html header template.
         if (!defined('_CLI')) {
-            header('Content-type: text/html; charset=' . $this->getParam('character_set'));
+            if (!headers_sent($h_file, $h_line)) {
+                header('Content-type: text/html; charset=' . $this->getParam('character_set'));
+            } else {
+                $this->logMsg(sprintf('Unable to set Content-type; headers already sent (output started in %s : %s)', $h_file, $h_line), LOG_DEBUG, __FILE__, __LINE__);
+            }
         }
 
@@ -431 +456 @@
             $this->setParam(array('codebase_version' => $codebase_version));
             if (!defined('_CLI')) {
-                header('X-Codebase-Version: ' . $codebase_version);
+                if (!headers_sent($h_file, $h_line)) {
+                    header('X-Codebase-Version: ' . $codebase_version);
+                } else {
+                    $this->logMsg(sprintf('Unable to set X-Codebase-Version; headers already sent (output started in %s : %s)', $h_file, $h_line), LOG_DEBUG, __FILE__, __LINE__);
+                }
             }
         }
@@ -440 +469 @@
 
         // Set the application version if defined.
-        if (false !== stream_resolve_include_path($this->getParam('site_version_file'))) {
-            $site_version = trim(file_get_contents($this->getParam('site_version_file'), true));
+        if (false !== $site_version_file = stream_resolve_include_path($this->getParam('site_version_file'))) {
+            $site_version = trim(file_get_contents($site_version_file));
             $this->setParam(array('site_version' => $site_version));
             if (!defined('_CLI')) {
-                header('X-Site-Version: ' . $site_version);
+                if (!headers_sent($h_file, $h_line)) {
+                    header('X-Site-Version: ' . $site_version);
+                } else {
+                    $this->logMsg(sprintf('Unable to set X-Site-Version; headers already sent (output started in %s : %s)', $h_file, $h_line), LOG_DEBUG, __FILE__, __LINE__);
+                }
             }
         }
 
         $this->running = true;
+        return true;
     }
 
@@ -492 +526 @@
         if (!$this->running) {
             $this->logMsg(sprintf('Canceled method call %s, application not running.', __FUNCTION__), LOG_NOTICE, __FILE__, __LINE__);
+            return false;
+        }
+
+        if (!$this->getParam('enable_session')) {
+            $this->logMsg(sprintf('Canceled method call %s, session not enabled.', __FUNCTION__), LOG_NOTICE, __FILE__, __LINE__);
             return false;
         }
@@ -896 +935 @@
      * keys and values, including optional queries. This allows mindless retention
      * of query arguments across page requests. If cookies are not
-     * used, the session id will be propagated in the URL.
+     * used and session_use_trans_sid=true the session id will be propagated in the URL.
      *
      * @param  string $url              The initial url
@@ -1006 +1045 @@
      * @access  public
      * @param   (see param reference for url() method)
-     * @return  string          URL passed through $app->url() with ampersamds transformed to $amp;
+     * @return  string          URL passed through $app->url() with ampersands transformed to $amp;
      * @author  Quinn Comendant <quinn@strangecode.com>
      * @since   09 Dec 2005 17:58:45
@@ -1233 +1272 @@
 
         // Should we send a "303 See Other" header here instead of relying on the 302 sent automatically by PHP?
-        header(sprintf('Location: %s', $url));
-        $this->logMsg(sprintf('dieURL: %s', $url), LOG_DEBUG, __FILE__, __LINE__);
+        if (!headers_sent($h_file, $h_line)) {
+            header(sprintf('Location: %s', $url));
+            $this->logMsg(sprintf('dieURL: %s', $url), LOG_DEBUG, __FILE__, __LINE__);
+        } else {
+            // Fallback: die using meta refresh instead.
+            printf('<meta http-equiv="refresh" content="0;url=%s" />', $url);
+            $this->logMsg(sprintf('dieURL (refresh): %s; headers already sent (output started in %s : %s)', $url, $h_file, $h_line), LOG_NOTICE, __FILE__, __LINE__);
+        }
 
         // End application.
@@ -1278 +1323 @@
         } else if (isset($default_url)) {
             $url = $default_url;
-        } else if (!refererIsMe(true === $queryless_referrer_comparison)) {
+        } else if (!refererIsMe(true === $queryless_referrer_comparison) && '' != ($url = getenv('HTTP_REFERER'))) {
             // Ensure that the redirecting page is not also the referrer.
-            $url = getenv('HTTP_REFERER');
             $this->logMsg(sprintf('dieBoomerangURL(%s) using referrer: %s', $id, $url), LOG_DEBUG, __FILE__, __LINE__);
         } else {