Changeset 523 for trunk/lib/App.inc.php
- Timestamp:
- May 24, 2015 3:01:42 PM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/App.inc.php
r518 r523 117 117 'enable_db_session_handler' => false, 118 118 119 // DB passwords should be set as apache environment variables in httpd.conf, readable only by root.119 // DB credentials should be set as apache environment variables in httpd.conf, readable only by root. 120 120 'db_server' => 'localhost', 121 121 'db_name' => null, 122 122 'db_user' => null, 123 123 'db_pass' => null, 124 125 // And for CLI scripts, which should include a JSON file at this specified location in the include path. 126 'db_auth_file' => 'db_auth.json', 124 127 125 128 // Database debugging. … … 179 182 // Don't change this unless you know existing hashes or signatures will not be affected! 180 183 'signing_key' => 'aae6abd6209d82a691a9f96384a7634a', 184 185 // Force getFormData, getPost, and getGet to always run dispelMagicQuotes() with stripslashes(). 186 // This should be set to 'true' when using the codebase with Wordpress because 187 // WP forcefully adds slashes to all input despite the setting of magic_quotes_gpc. 188 'always_dispel_magicquotes' => false, 181 189 ); 182 190 … … 225 233 { 226 234 if (isset($param) && is_array($param)) { 227 // Merge new parameters with old overriding o nly those passed.235 // Merge new parameters with old overriding old ones that are passed. 228 236 $this->_params = array_merge($this->_params, $param); 229 237 230 238 if ($this->running) { 231 // Params that require processing if changedduring runtime.239 // Params that require additional processing if set during runtime. 232 240 foreach ($param as $key => $val) { 233 241 switch ($key) { … … 325 333 if (true === $this->getParam('enable_db')) { 326 334 327 // DB connection parameters taken from environment variables in the httpd.conf file, readable only by root.335 // DB connection parameters taken from environment variables in the server httpd.conf file (readable only by root)⊠328 336 if (!empty($_SERVER['DB_SERVER']) && !$this->getParam('db_server')) { 329 337 $this->setParam(array('db_server' => $_SERVER['DB_SERVER'])); … … 337 345 if (!empty($_SERVER['DB_PASS']) && !$this->getParam('db_pass')) { 338 346 $this->setParam(array('db_pass' => $_SERVER['DB_PASS'])); 347 } 348 349 // DB credentials for CLI scripts stored in a JSON file with read rights given only to the user who will be executing the scripts: -rw------- 350 if (defined('_CLI')) { 351 if (false !== $db_auth_file = stream_resolve_include_path($this->getParam('db_auth_file'))) { 352 if (is_readable($db_auth_file)) { 353 $this->setParam(json_decode(file_get_contents($db_auth_file), true)); 354 } else { 355 $this->logMsg(sprintf('Unable to read DB auth file: %s', $db_auth_file), LOG_ALERT, __FILE__, __LINE__); 356 } 357 } else { 358 $this->logMsg(sprintf('DB auth file not found: %s', $db_auth_file), LOG_ALERT, __FILE__, __LINE__); 359 } 339 360 } 340 361 … … 421 442 // Character set. This should also be printed in the html header template. 422 443 if (!defined('_CLI')) { 423 header('Content-type: text/html; charset=' . $this->getParam('character_set')); 444 if (!headers_sent($h_file, $h_line)) { 445 header('Content-type: text/html; charset=' . $this->getParam('character_set')); 446 } else { 447 $this->logMsg(sprintf('Unable to set Content-type; headers already sent (output started in %s : %s)', $h_file, $h_line), LOG_DEBUG, __FILE__, __LINE__); 448 } 424 449 } 425 450 … … 431 456 $this->setParam(array('codebase_version' => $codebase_version)); 432 457 if (!defined('_CLI')) { 433 header('X-Codebase-Version: ' . $codebase_version); 458 if (!headers_sent($h_file, $h_line)) { 459 header('X-Codebase-Version: ' . $codebase_version); 460 } else { 461 $this->logMsg(sprintf('Unable to set X-Codebase-Version; headers already sent (output started in %s : %s)', $h_file, $h_line), LOG_DEBUG, __FILE__, __LINE__); 462 } 434 463 } 435 464 } … … 440 469 441 470 // Set the application version if defined. 442 if (false !== stream_resolve_include_path($this->getParam('site_version_file'))) {443 $site_version = trim(file_get_contents($ this->getParam('site_version_file'), true));471 if (false !== $site_version_file = stream_resolve_include_path($this->getParam('site_version_file'))) { 472 $site_version = trim(file_get_contents($site_version_file)); 444 473 $this->setParam(array('site_version' => $site_version)); 445 474 if (!defined('_CLI')) { 446 header('X-Site-Version: ' . $site_version); 475 if (!headers_sent($h_file, $h_line)) { 476 header('X-Site-Version: ' . $site_version); 477 } else { 478 $this->logMsg(sprintf('Unable to set X-Site-Version; headers already sent (output started in %s : %s)', $h_file, $h_line), LOG_DEBUG, __FILE__, __LINE__); 479 } 447 480 } 448 481 } 449 482 450 483 $this->running = true; 484 return true; 451 485 } 452 486 … … 492 526 if (!$this->running) { 493 527 $this->logMsg(sprintf('Canceled method call %s, application not running.', __FUNCTION__), LOG_NOTICE, __FILE__, __LINE__); 528 return false; 529 } 530 531 if (!$this->getParam('enable_session')) { 532 $this->logMsg(sprintf('Canceled method call %s, session not enabled.', __FUNCTION__), LOG_NOTICE, __FILE__, __LINE__); 494 533 return false; 495 534 } … … 896 935 * keys and values, including optional queries. This allows mindless retention 897 936 * of query arguments across page requests. If cookies are not 898 * used ,the session id will be propagated in the URL.937 * used and session_use_trans_sid=true the session id will be propagated in the URL. 899 938 * 900 939 * @param string $url The initial url … … 1006 1045 * @access public 1007 1046 * @param (see param reference for url() method) 1008 * @return string URL passed through $app->url() with ampersa mds transformed to $amp;1047 * @return string URL passed through $app->url() with ampersands transformed to $amp; 1009 1048 * @author Quinn Comendant <quinn@strangecode.com> 1010 1049 * @since 09 Dec 2005 17:58:45 … … 1233 1272 1234 1273 // Should we send a "303 See Other" header here instead of relying on the 302 sent automatically by PHP? 1235 header(sprintf('Location: %s', $url)); 1236 $this->logMsg(sprintf('dieURL: %s', $url), LOG_DEBUG, __FILE__, __LINE__); 1274 if (!headers_sent($h_file, $h_line)) { 1275 header(sprintf('Location: %s', $url)); 1276 $this->logMsg(sprintf('dieURL: %s', $url), LOG_DEBUG, __FILE__, __LINE__); 1277 } else { 1278 // Fallback: die using meta refresh instead. 1279 printf('<meta http-equiv="refresh" content="0;url=%s" />', $url); 1280 $this->logMsg(sprintf('dieURL (refresh): %s; headers already sent (output started in %s : %s)', $url, $h_file, $h_line), LOG_NOTICE, __FILE__, __LINE__); 1281 } 1237 1282 1238 1283 // End application. … … 1278 1323 } else if (isset($default_url)) { 1279 1324 $url = $default_url; 1280 } else if (!refererIsMe(true === $queryless_referrer_comparison) ) {1325 } else if (!refererIsMe(true === $queryless_referrer_comparison) && '' != ($url = getenv('HTTP_REFERER'))) { 1281 1326 // Ensure that the redirecting page is not also the referrer. 1282 $url = getenv('HTTP_REFERER');1283 1327 $this->logMsg(sprintf('dieBoomerangURL(%s) using referrer: %s', $id, $url), LOG_DEBUG, __FILE__, __LINE__); 1284 1328 } else {
Note: See TracChangeset
for help on using the changeset viewer.