openrat-cms

OpenRat Content Management System
git clone http://git.code.weiherhei.de/openrat-cms.git
Log | Files | Refs | README

commit 92f4c62e35ce9192bb778b3a22d0728749ac3c01
parent b142cc9e40f3d10b99c17f1150a12689c6cc2064
Author: Jan Dankert <develop@jandankert.de>
Date:   Fri, 23 Oct 2020 23:09:52 +0200

Refactoring: Using the new config classes.

Diffstat:
Mdoc/config-all-example.yml | 1872++++++++++++++++++++++++++++++++++++-------------------------------------------
Mmodules/cms/Dispatcher.class.php | 41+++++++++++++++++------------------------
Mmodules/cms/action/Action.class.php | 32+++++++++++++++++---------------
Mmodules/cms/action/FileAction.class.php | 9+--------
Mmodules/cms/action/LoginAction.class.php | 192+++++++++++++++++++++++++++++--------------------------------------------------
Mmodules/cms/base/Configuration.class.php | 2+-
Mmodules/cms/base/DefaultConfig.class.php | 310+------------------------------------------------------------------------------
Mmodules/cms/model/File.class.php | 306+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------
Mmodules/cms/model/TemplateModel.class.php | 11++---------
Mmodules/configuration/Config.class.php | 30+++++++++++++++++++++++++++---
Mmodules/database/Database.class.php | 41+++++++++++++++++++++++++++++++++++++----
Mmodules/util/FileUtils.class.php | 4++--
Mmodules/util/Html.class.php | 86+++++++++++++++++--------------------------------------------------------------
13 files changed, 1339 insertions(+), 1597 deletions(-)

diff --git a/doc/config-all-example.yml b/doc/config-all-example.yml @@ -12,8 +12,6 @@ # 2. if environment-variable 'OR_CONFIG_DIR' is set, then a file 'config-<hostname>.yml' is read. If it does not exist, 'config.yml' is read instead. # 3. file 'config/config-<hostname>.yml' is read. If it does not exist, 'config/config.yml' is read instead. # -# Lines which begins with ';' are ignored. - # Configuration @@ -45,631 +43,546 @@ -# Conditional-GET enables the "304 not modified" HTTP-Header -# This is much faster, but sometimes caching is unwanted -# if you have caching problems, set this to 'false'. -# Default: 'true' -# cache.conditional_get: true +cache: + # Conditional-GET enables the "304 not modified" HTTP-Header + # This is much faster, but sometimes caching is unwanted + # if you have caching problems, set this to 'false'. + # Default: 'true' + conditional_get: true -# Pages and files are cached in a temporary directory. -# 'false' means generate each page again and again -# 'true' will cache a page's content. This will improve -# the performance, but has some side effects, -# f.e. no dynamic content will be updated. -# Default: 'false' -# cache.enable_cache: false + # Pages and files are cached in a temporary directory. + # 'false' means generate each page again and again + # 'true' will cache a page's content. This will improve + # the performance, but has some side effects, + # f.e. no dynamic content will be updated. + # Default: 'false' + enable_cache: false -# Directory for temporary files. -# Default: blank (means: OpenRat is using the system temporary dir) -# cache.tmp_dir: + # Directory for temporary files. + # Default: blank (means: OpenRat is using the system temporary dir) + tmp_dir: '' -# Auto-Reload session. -# If the configuration file is changed, its content is reloaded automatically -# Default: true -# config.auto_reload: true; +config: + # Auto-Reload session. + # If the configuration file is changed, its content is reloaded automatically + # Default: true + auto_reload: true -# -# If the configuration file is changed, a new session will be created. -# Default: true -# config.session_destroy_on_config_reload: true; + # + # If the configuration file is changed, a new session will be created. + # Default: true + session_destroy_on_config_reload: true -# Maximum file size for uploads in KB -# Special values: 0,-1 : not restricted -# Default: 0 -# content.file.max_file_size: 1500 +content: + file: + # Maximum file size for uploads in KB + # Special values: 0,-1 : not restricted + # Default: 0 + max_file_size: 1500 -# Delete-strategy of old content. + # Delete-strategy of old content. -# Values are deleted, if -# a) max-age and min-revisions are reached OR -# b) max-revisions and min-age are reached -# content.revision-limit.enabled : false + # Values are deleted, if + # a) max-age and min-revisions are reached OR + # b) max-revisions and min-age are reached + revision-limit.enabled : false -# max age of values (days) -# content.revision-limit.max-age : 120 -# min age of values (days) -# content.revision-limit.min-age : 1 + # max age of values (days) + revision-limit.max-age : 120 + # min age of values (days) + revision-limit.min-age : 1 -# number of revisions -# content.revision-limit.max-revisions : 100 -# content.revision-limit.min-revisions : 3 + # number of revisions + revision-limit.max-revisions : 100 + revision-limit.min-revisions : 3 -# If a textvalue is empty, try using the default language -# Default: true -# content.language.use_default_language : true + # If a textvalue is empty, try using the default language + # Default: true + language.use_default_language : true -# Database configuration. -# You have to have at least one database connection which has 'enabled: true'. -# -# Supported RDBMS-types: -# - 'mysql' the old PHP-mysql-driver -# - 'mysqli' PHP-mysql-driver with support for prepared statements (EXPERIMENTAL) (since PHP 5.0) -# - 'postgresql' Postgresql -# - 'sqlite' SQ-Lite 2.x-databases (since PHP 5.1) -# - 'sqlite3' SQ-Lite 3.x-databases (EXPERIMENTAL) (since PHP 5.3) -# - 'pdo' A common PHP database abstraction layer for a lot of DBs. (since PHP 5.1) +database: + # Database configuration. + # You have to have at least one database connection which has 'enabled: true'. + # Supported connection-types: + # - 'pdo' A common PHP database abstraction layer for a lot of DBs. + + # Supported PDO drivers: + # - 'mysql' Mysql/MariaDB + # - 'postgresql' Postgresql + # - 'sqlite' SQlite databases -# Default Database -# This database will be selected by default. -# There has to exist a section with this name. -# database.default: sample_db_mysql + # Default Database + # This database will be selected by default. + # There has to exist a section with this name. + default: sample_db_mysql -# This is a sample database connection. -# If you want to use it, just fill out the login data and set 'enabled' to 'true' -# database.sample_db_mysql.enabled : false ; set this to 'true' for using this connection -# database.sample_db_mysql.comment : "DB MySQL" ; comment of this database + # This is a sample database connection. + # If you want to use it, just fill out the login data and set 'enabled' to 'true' + sample_db_mysql: + enabled : false # set this to 'true' for using this connection + comment : "DB MySQL" # comment of this database -# database.sample_db_mysql.type : mysql ; -# database.sample_db_mysql.user : dbuser ; database user -# database.sample_db_mysql.password : dbpass ; database password -# database.sample_db_mysql.host : localhost ; database hostname -# database.sample_db_mysql.port ; database TCP/IP-Port (optional) -# database.sample_db_mysql.database : cms ; database name + type: pdo + driver: mysql + user : dbuser # database user + password : dbpass # database password + host : localhost # database hostname + port : 0 # database TCP/IP-Port (optional) + database : cms # database name -# database.sample_db_mysql.base64 : false ; store binary as BASE64 -# database.sample_db_mysql.prefix : or_ ; table praefix -# database.sample_db_mysql.persistent : yes ; use persistent connections (try this, it's faster) -# database.sample_db_mysql.charset : UTF-8 + base64 : false # store binary as BASE64 + prefix : or_ # table praefix + persistent : yes # use persistent connections (try this, it's faster) + charset : UTF-8 -# SQL-Statement which is executed after opening the connection -# connection_sql : "SET NAMES 'UTF8';" ; using UTF-8 as database charset -# database.sample_db_mysql.connection_sql : "" + # SQL-Statement which is executed after opening the connection + # connection_sql : "SET NAMES 'UTF8';" ; using UTF-8 as database charset + connection_sql : "" -# System command for executing before connecting to the database. -# Maybe for installing an SSH-Tunnel. -# For background programs, you have to redirect stdin and stdout! (maybe to /dev/null) -# Example: "sudo -u u123 /usr/local/bin/sshtunnel-example.sh" -# Default: blank. -# database.sample_db_mysql.cmd : "" + # System command for executing before connecting to the database. + # Maybe for installing an SSH-Tunnel. + # For background programs, you have to redirect stdin and stdout! (maybe to /dev/null) + # Example: "sudo -u u123 /usr/local/bin/sshtunnel-example.sh" + # Default: blank. + cmd : "" -# Using prepared statements. -# The 'old' mysql-interface in PHP does not support prepared statements -# database.sample_db_mysql.prepare : false + # Using prepared statements. + # The 'old' mysql-interface in PHP does not support prepared statements + prepare : false -# Using transactions. Set to 'true' when you are using 'InnoDB'-tables. -# If so, maybe you need to set 'SET AUTOCOMMIT: 0' as connection_sql above. -# Default: false -# database.sample_db_mysql.transaction : false + # Using transactions. Set to 'true' when you are using 'InnoDB'-tables. + # If so, maybe you need to set 'SET AUTOCOMMIT: 0' as connection_sql above. + # Default: false + transaction : false -# Readonly tables. Set to 'true' during maintainance activitys. -# If 'true', OpenRat will disable all writing operations. -# database.sample_db_mysql.readonly : false + # Readonly tables. Set to 'true' during maintainance activitys. + # If 'true', OpenRat will disable all writing operations. + readonly : false -# This is a sample database connection. -# If you want to use it, just fill out the login data and set 'enabled' to 'true' + # This is a sample database connection. + # If you want to use it, just fill out the login data and set 'enabled' to 'true' + sample_db_postgresql: -# database.sample_db_postgresql.enabled : false ; set this to 'true' for using this connection -# database.sample_db_postgresql.comment : "DB-PostgreSQL" ; comment of this database + enabled : false # set this to 'true' for using this connection + comment : "DB-PostgreSQL" # comment of this database -# database.sample_db_postgresql.type : postgresql ; -# database.sample_db_postgresql.user : dbuser ; database user -# database.sample_db_postgresql.password : dbpass ; database password -# database.sample_db_postgresql.host : localhost ; database hostname -# database.sample_db_postgresql.port ; database TCP/IP-Port (optional) -# database.sample_db_postgresql.database : cms ; database name + type : postgresql # + user : dbuser # database user + password : dbpass # database password + host : localhost # database hostname + port : 0 # database TCP/IP-Port (optional, 0=Standard port) + database : cms # database name -# database.sample_db_postgresql.base64 : false ; store binary as BASE64 (in postgresql 7.x set this to 'true') -# database.sample_db_postgresql.prefix : or_ ; table praefix -# database.sample_db_postgresql.persistent : yes ; use persistent connections (try this, it's faster) -# database.sample_db_postgresql.charset : UTF-8 + base64 : false # store binary as BASE64 (in postgresql 7.x set this to 'true') + prefix : or_ # table praefix + persistent : yes # use persistent connections (try this, it's faster) + charset : UTF-8 -# SQL-Statement which is executed after opening the connection -# database.sample_db_postgresql.connection_sql : "" + # SQL-Statement which is executed after opening the connection + connection_sql : "" -# System command for executing before connecting to the database. -# Maybe for installing an SSH-Tunnel. -# For background programs, you have to redirect stdin and stdout! (maybe to /dev/null) -# Example: "sudo -u u123 /usr/local/bin/sshtunnel-example.sh" -# Default: blank. -# database.sample_db_postgresql.cmd : "" + # System command for executing before connecting to the database. + # Maybe for installing an SSH-Tunnel. + # For background programs, you have to redirect stdin and stdout! (maybe to /dev/null) + # Example: "sudo -u u123 /usr/local/bin/sshtunnel-example.sh" + # Default: blank. + cmd : "" -# Using prepared statements. -# This is EXPERIMENTAL, do not use in production environments -# database.sample_db_postgresql.prepare : false + # Using prepared statements. + # This is EXPERIMENTAL, do not use in production environments + prepare : false -# Using transactions. Set this to true, if the MySQL table engine supports transactions -# database.sample_db_postgresql.transaction : false + # Using transactions. Set this to true, if the MySQL table engine supports transactions + transaction : false # SQ-Lite is an embedded, 'mostly-ANSI-SQL-supporting' database system. # for using SQLite, please check for the PHP module # f.e. on ubuntu 'sudo apt-get install php5-sqlite' + sample_db_sqlite: -# database.sample_db_sqlite.enabled : false ; set this to 'true' for using this connection -# database.sample_db_sqlite.comment : "DB-SQLite" ; comment of this database + enabled : false # set this to 'true' for using this connection + comment : "DB-SQLite" # comment of this database -# database.sample_db_sqlite.type : sqlite ; + type : sqlite # -# Filename of your SQlite database -# database.sample_db_sqlite.filename : "/local/path/to/your/sqlite/openrat.db" + # Filename of your SQlite database + filename : "/local/path/to/your/sqlite/openrat.db" -# database.sample_db_sqlite.base64 : false ; store binary as BASE64 (in postgresql: true) -# database.sample_db_sqlite.prefix : or_ ; table praefix -# database.sample_db_sqlite.persistent : yes ; use persistent connections (try this, it's faster) -# database.sample_db_sqlite.charset : UTF-8 + base64 : false # store binary as BASE64 (in postgresql: true) + prefix : or_ # table praefix + persistent : yes # use persistent connections (try this, it's faster) + charset : UTF-8 -# per default SQlite uses table-prefixed column names when using JOINs which MUST BE off. -# database.sample_db_sqlite.connection_sql : "pragma short_column_names: true;" + # per default SQlite uses table-prefixed column names when using JOINs which MUST BE off. + connection_sql : "pragma short_column_names: true;" -# System command for executing before connecting to the database. -# database.sample_db_sqlite.cmd : "" + # System command for executing before connecting to the database. + cmd : "" -# database.sample_db_sqlite.prepare : false + prepare : false -# Set this to true, if you want to use transactions. -# database.sample_db_sqlite.transaction : false + # Set this to true, if you want to use transactions. + transaction : false + sample_pdo_sqlite: # PDO (means PHP Data Objects) is an abstract database interface -# database.sample_pdo_sqlite.enabled : false ; set this to 'true' for using this connection -# database.sample_pdo_sqlite.comment : "DB-PDO" ; comment of this database - -# database.sample_pdo_sqlite.type : pdo ; - -# The DSN-Url for your database -# database.sample_pdo_sqlite.dsn : "" -# Examples: -# MySql -# database.sample_pdo_sqlite.dsn : "mysql:dbname: testdb;host: 127.0.0.1" -# PostgreSQL -# database.sample_pdo_sqlite.dsn : "pgsql:host: localhost port: 5432 dbname: mydb user: dbuser password: dbpass" -# SQLite -# database.sample_pdo_sqlite.dsn : "sqlite:/path/to/mydb.db" -# JDBC-Url when using OpenRat in Quercus -# database.sample_pdo_sqlite.dsn : "java:comp/env/jdbc/mydb" - -# If not part of the DSN this is the right place for username/password -# database.sample_pdo_sqlite.user : "dbuser" -# database.sample_pdo_sqlite.password : "dbpass" + enabled : false # set this to 'true' for using this connection + comment : "DB-PDO" # comment of this database -# database.sample_pdo_sqlite.base64 : false ; store binary as BASE64 (in postgresql: true) -# database.sample_pdo_sqlite.prefix : or_ ; table praefix -# database.sample_pdo_sqlite.persistent : yes ; use persistent connections (try this, it's faster) -# database.sample_pdo_sqlite.charset : UTF-8 + type : pdo # -# SQL-Statement which is executed after opening the connection -# database.sample_pdo_sqlite.connection_sql : "" -# Examples: -# per default SQlite uses table-prefixed column names when using JOINs which MUST BE off. -# database.sample_pdo_sqlite.connection_sql : "pragma short_column_names: true;" -# set default schema for Oracle -# database.sample_pdo_sqlite.connection_sql : "alter session set current_schema: myschema;" + # The DSN-Url for your database + #dsn : "" + # Examples: + # MySql + dsn : "mysql:dbname: testdb;host: 127.0.0.1" + # PostgreSQL + #dsn : "pgsql:host: localhost port: 5432 dbname: mydb user: dbuser password: dbpass" + # SQLite + #dsn : "sqlite:/path/to/mydb.db" + # JDBC-Url when using OpenRat in Quercus + #dsn : "java:comp/env/jdbc/mydb" -# System command for executing before connecting to the database. -# database.sample_pdo_sqlite.cmd : "" + # If not part of the DSN this is the right place for username/password + user : "dbuser" + password : "dbpass" -# database.sample_pdo_sqlite.prepare : false + base64 : false # store binary as BASE64 (in postgresql: true) + prefix : or_ # table praefix + persistent : yes # use persistent connections (try this, it's faster) + charset : UTF-8 -# Set this to true, if you want to use transactions. -# database.sample_pdo_sqlite.transaction : false + # SQL-Statement which is executed after opening the connection + connection_sql : "" + # Examples: + # per default SQlite uses table-prefixed column names when using JOINs which MUST BE off. + #connection_sql : "pragma short_column_names: true;" + # set default schema for Oracle + #connection_sql : "alter session set current_schema: myschema;" -# database.sample_pdo_sqlite.readonly : false + # System command for executing before connecting to the database. + cmd : "" + prepare : false -# The database results MUST contain lowercase column names. -# if using Oracle, set this to 'true', default is 'false'. -# database.sample_pdo_sqlite.convert_to_lowercase : false + # Set this to true, if you want to use transactions. + transaction : false -# PDO driver-specific options -# key 'option_a' means option 'a'. -# database.sample_pdo_sqlite.option_myoption_a -# database.sample_pdo_sqlite.option_myoption_b + readonly : false -# Add here more sections with other database connections. -# next unused section: ;[another_db] -# type: ... -# comment: "My production DB ..." -# ... - + # The database results MUST contain lowercase column names. + # if using Oracle, set this to 'true', default is 'false'. + convert_to_lowercase : false + # PDO driver-specific options + # key 'option_a' means option 'a'. + option_myoption_a: + option_myoption_b: # # Date formats # see http://www.php.net/manual/en/function.date.php for details - -# date.format.SHORT : "" -# date.format.ISO8601SHORT : "Ymd" -# date.format.ISO8601 : "Y-m-d" -# date.format.ISO8601BAS : "YmdTHis" -# date.format.ISO8601EXT : "Y-m-dTH:i:s" -# date.format.ISO8601FULL : "Y-m-dTH:i:sO" -# date.format.ISO8601WEEK : "YWW" -# date.format.GER1 : "d.m.Y" -# date.format.GER2 : "d.m.Y, H:i" -# date.format.GER3 : "d.m.Y, H:i:s" -# date.format.GER4 : "d. F Y, H:i:s" -# date.format.ENGLONG : "l dS of F Y h:i:s A" -# date.format.GMDATE : "D, d M Y H:i:s GMT" -# date.format.RFC822 : "r" -# date.format.UNIX : "U" -# date.format.LONG : "F j, Y, g:i a" - - -# date.timezone.-6: "New York" -# date.timezone.0: "UTC (GMT)" -# date.timezone.60: "MET (Middle European Time)" -# date.timezone.120: "MEST (Middle European Summertime)" +date: + format: + + SHORT : "" + ISO8601SHORT : "Ymd" + ISO8601 : "Y-m-d" + ISO8601BAS : "YmdTHis" + ISO8601EXT : "Y-m-dTH:i:s" + ISO8601FULL : "Y-m-dTH:i:sO" + ISO8601WEEK : "YWW" + GER1 : "d.m.Y" + GER2 : "d.m.Y, H:i" + GER3 : "d.m.Y, H:i:s" + GER4 : "d. F Y, H:i:s" + ENGLONG : "l dS of F Y h:i:s A" + GMDATE : "D, d M Y H:i:s GMT" + RFC822 : "r" + UNIX : "U" + LONG : "F j, Y, g:i a" + + + timezone: + "-6": "New York" + "0": "UTC (GMT)" + "60": "MET (Middle European Time)" + "120": "MEST (Middle European Summertime)" # Editor configuration +editor: + text-markup: + # Strong/important text (mostly "bold") + strong-begin : "*" + strong-end : "*" -# Strong/important text (mostly "bold") -# editor.text-markup.strong-begin : "*" -# editor.text-markup.strong-end : "*" - -# Emphatic text (mostly "italic") -# editor.text-markup.emphatic-begin : "_" -# editor.text-markup.emphatic-end : "_" + # Emphatic text (mostly "italic") + emphatic-begin : "_" + emphatic-end : "_" -# Image -# editor.text-markup.image-begin : "{" -# editor.text-markup.image-end : "}" + # Image + image-begin : "{" + image-end : "}" -# Speech -# editor.text-markup.speech-begin : QUOTE -# editor.text-markup.speech-end : QUOTE + # Speech + speech-begin : QUOTE + speech-end : QUOTE -# text with same width -# editor.text-markup.code-begin : ": " -# editor.text-markup.code-end : ": " + # text with same width + code-begin : ": " + code-end : ": " -# footnotes -# editor.text-markup.footnote-begin : "[" -# editor.text-markup.footnote-end : "]" + # footnotes + footnote-begin : "[" + footnote-end : "]" -# pre-formatted Text -# editor.text-markup.pre-begin : ": " -# editor.text-markup.pre-end : ": " + # pre-formatted Text + pre-begin : ": " + pre-end : ": " -# Inserted Text -# editor.text-markup.insert-begin : "++" -# editor.text-markup.insert-end : "++" + # Inserted Text + insert-begin : "++" + insert-end : "++" -# Removed text -# editor.text-markup.remove-begin : "--" -# editor.text-markup.remove-end : "--" + # Removed text + remove-begin : "--" + remove-end : "--" -# Separator for a definition item -# editor.text-markup.definition-sep : "::" + # Separator for a definition item + definition-sep : "::" -# Indenting headline -# editor.text-markup.headline : "+" + # Indenting headline + headline : "+" -# Underlining of headline level 1 -# editor.text-markup.headline_level1_underline : ": " + # Underlining of headline level 1 + headline_level1_underline : ": " -# Underlining of headline level 2 -# editor.text-markup.headline_level2_underline : "-" + # Underlining of headline level 2 + headline_level2_underline : "-" -# Underlining of headline level 3 -# editor.text-markup.headline_level3_underline : "." + # Underlining of headline level 3 + headline_level3_underline : "." -# Unnumbered Listentry -# editor.text-markup.list-unnumbered : "-" + # Unnumbered Listentry + list-unnumbered : "-" -# Numbered Listentry -# editor.text-markup.list-numbered : "#" + # Numbered Listentry + list-numbered : "#" -# Table of content -# editor.text-markup.table-of-content: "##TOC##" + # Table of content + table-of-content: "##TOC##" -# Link to -# editor.text-markup.linkto : "->" + # Link to + linkto : "->" -# Table cell separator -# editor.text-markup.table-cell-sep : "|" + # Table cell separator + table-cell-sep : "|" -# editor.text-markup.style-begin : "'" -# editor.text-markup.style-end : "'" + style-begin : "'" + style-end : "'" -# Quote Text -# editor.text-markup.quote : ">" -# editor.text-markup.quote-line-begin : ">" -# editor.text-markup.quote-line-end : ">" + # Quote Text + quote : ">" + quote-line-begin : ">" + quote-line-end : ">" -# Makro -# editor.text-markup.macro-begin : "<<" -# editor.text-markup.macro-end : ">>" -# editor.text-markup.macro-attribute-quote : "'" -# editor.text-markup.macro-attribute-value-seperator : ": " + # Makro + macro-begin : "<<" + macro-end : ">>" + macro-attribute-quote : "'" + macro-attribute-value-seperator : ": " + html: + # Which HTML-Tag to use for cites + tag_strong : "strong" -# Which HTML-Tag to use for cites -# editor.html.tag_strong : "strong" + # Which HTML-Tag to use for emphatic text + tag_emphatic : "em" -# Which HTML-Tag to use for emphatic text -# editor.html.tag_emphatic : "em" + # Which HTML-Tag to use for teletyped text + tag_teletype : "tt" -# Which HTML-Tag to use for teletyped text -# editor.html.tag_teletype : "tt" + # Which HTML-Tag to use for cites + tag_speech : "cite" -# Which HTML-Tag to use for cites -# editor.html.tag_speech : "cite" + # OpenRat tries to use a good speech tag. You may override this. + override_speech : false + override_speech_open : "&laquo;" + override_speech_close : "&raquo;" -# OpenRat tries to use a good speech tag. You may override this. -# editor.html.override_speech : false -# editor.html.override_speech_open : "&laquo;" -# editor.html.override_speech_close : "&raquo;" + # HTML-Rendermode + # explains how to handle emtpy elements. + # 'xml' : > <br />, <image src: "..." /> + # 'sgml' : > <br>, <image src: "..."> + rendermode: sgml + #rendermode: xml -# HTML-Rendermode -# explains how to handle emtpy elements. -# 'xml' : > <br />, <image src: "..." /> -# 'sgml' : > <br>, <image src: "..."> -# editor.html.rendermode: sgml -# editor.html.rendermode: xml + replace : "EUR:&euro; (c):&copy; (r):&reg; ^1:&sup1; ^2:&sup2; ^3:&sup3; 1/4:&frac14; 1/2:&frac12; 3/4:&frac34;" -# editor.html.replace : "EUR:&euro; (c):&copy; (r):&reg; ^1:&sup1; ^2:&sup2; ^3:&sup3; 1/4:&frac14; 1/2:&frac12; 3/4:&frac34;" + wiki: + convert_html: true + convert_bbcode: true -# editor.wiki.convert_html: true -# editor.wiki.convert_bbcode: true +filename: + # Should filenames be editable? + # 'true' : Author may edit the filenames of pages, files and folders. + # 'false': filenames are generated by the CMS + # Default: true + edit : true + # filename of folder start file + # Default: 'index'. + default : index + # 'ss' : nerdy and poor imitation of story server urls. Looks important, but is cheap ;) + # 'id' : simply use the object id for the url + # 'longid ': use a more longer id in the url + # 'short' : use a url which is as short as possible (uses all possible characters) + # Default: 'short' + style : short # use a url which is as short as possible -# Calendar settings + # hint: If edit: true, then the stored filename will be used. + # If no filename stored, or if edit: false, then the defined style is used. -# Weekday-Offset: Ho many days a week begins after Sunday. -# 0 : Week begins with Sunday (America, Australia, Islam) -# 1 : Week begins with Monday (ISO-8601, Europe) -# editor.calendar.weekday_offset: 1 + # how the links to other pages are generated. + # 'relative': Links are generated like '../../path/page.html' + # 'absolute': Links are generated like '/path/page.html' + # Default: relative + url: relative -# editor.text.linelength: 70 -# editor.macro.show_errors: false +help: + # Enable online help + # Default: true + enabled: true -# Should filenames be editable? -# 'true' : Author may edit the filenames of pages, files and folders. -# 'false': filenames are generated by the CMS -# Default: true -# filename.edit : true - -# filename of folder start file -# Default: 'index'. -# filename.default : index - - -# 'ss' : nerdy and poor imitation of story server urls. Looks important, but is cheap ;) -# 'id' : simply use the object id for the url -# 'longid ': use a more longer id in the url -# 'short' : use a url which is as short as possible (uses all possible characters) -# Default: 'short' -# filename.style : short ; use a url which is as short as possible - -# hint: If edit: true, then the stored filename will be used. -# If no filename stored, or if edit: false, then the defined style is used. - -# how the links to other pages are generated. -# 'relative': Links are generated like '../../path/page.html' -# 'absolute': Links are generated like '/path/page.html' -# Default: relative -# filename.url: relative - - - -# FTP configuration - - -# for which file extensions the ASCII-Mode should be used -# ftp.ascii : html,htm,php + # URL praefix to the help documents + # help.url: help/html/ + url: http://help.openrat.de/ + # file extension of the help documents + suffix: .html -# Enable online help -# Default: true -# help.enabled: true +i18n: + # Search for language in HTTP header + # This is a useful setting. The Browser says, which language will be taken. + use_http: true -# URL praefix to the help documents -# help.url: help/html/ -# help.url: http://help.openrat.de/ -# file extension of the help documents -# help.suffix: .html + # Default language + # If no language is found, which should be used? + default: de + # Available Languages. + # A comma seperated list with language codes. + # for each language there must be a file named 'language/<code>.ini'. + available: de,en,es,fr,it,ru,cn -# Search for language in HTTP header -# This is a useful setting. The Browser says, which language will be taken. -# i18n.use_http: true -# Default language -# If no language is found, which should be used? -# i18n.default: de + # Mappings from the language to installed locales + locale.de: "de_DE.utf8" + locale.en: "en_US.utf8" -# Available Languages. -# A comma seperated list with language codes. -# for each language there must be a file named 'language/<code>.ini'. -# i18n.available: de,en,es,fr,it,ru,cn +image: + # Say 'true' if GD2 is available, otherwise 'false' + truecolor: true -# Mappings from the language to installed locales -# i18n.locale.de: "de_DE.utf8" -# i18n.locale.en: "en_US.utf8" - - -# Say 'true' if GD2 is available, otherwise 'false' -# image.truecolor: true - - - -# The seperator char between directory names -# interface.file_separator : " &raquo; " - - -# be aware: if 'true' you need special rewrite rules in a .htaccess file! -# Default: false -# interface.nice_urls : false - - -# In most environments this setting is "false" -# interface.url_sessionid : false - - -# Theme -# At the moment, der is only "default" available. -# *deprecated* -# interface.theme : "default" - - -# Show request duration on every page. Only useful for developers. -# interface.show_duration : false - - -# Request timeout in seconds -# This sets the PHP time limit for an Request. -# Default: '' (blank: system default) -# interface.timeout : - - -# Replace the default title (Program name+version) with this text -# If blank, the default is "OpenRat {Version}". -# Maybe you want to use your company name here. -# interface.override_title : - - - -# Use of human date format -# looks like "3 years ago", or "7 months ago" -# Default: false -# interface.human_date_format : false +interface: + # Use of human date format + # looks like "3 years ago", or "7 months ago" + # Default: false + human_date_format : false # The default style which is used, when no user is logged in. # 'default' is the classic Openrat style. -# interface.style.default: default - -# 'system' uses system colors from the client (nice choice) -# interface.style.default: system + style: + "default": "default" + # 'system' uses system colors from the client (nice choice) + #"default": "system" -# Settings for preferences (under "Administration") -# If you have an online editor for editing the .ini-files you can put the URL here. -# Security belongs to the 3rd-party editor! Openrat only creates a link to this url! -# Set to '' (blank) for disabling this. -# interface.config.file_manager_url: "" + config: + # show system settings (operating system, system time, ...) + show_system: true -# Enable "preferences"-menu -# interface.config.enable: true + # show PHP settings + show_interpreter: true -# show system settings (operating system, system time, ...) -# interface.config.show_system: true - -# show PHP settings -# interface.config.show_interpreter: true - -# show a list of PHP extensions (without any details) -# interface.config.show_extensions: true + # show a list of PHP extensions (without any details) + show_extensions: true # Frameset settings -# Logical name of top-frame. Change this, if you want Openrat running in another parent frameset -# interface.frames.top: _top - - # Manipulating the URL of Openrat. + url: -# faking urls -# for faking urls you HAVE TO create a url rewriting rule! -# If unsure, set to "false" -# Default: false -# interface.url.fake_url : false - -# If the entry filename is the index file of the directory, set this to true. -# This enables urls like "path/to/openrat/?a: 1&b: 2" and hides PHP. -# only useful, if fake_url: false -# if unsure, set to 'false' (default) -# interface.url.index : false - -# You can create funny urls which look like asp,jsp,jsf and other crap :) -# Hint: Hiding the PHP interpreter *can* increase security. -# But remember, Security by obscurity is lame :) - -# abc,xyz.1 -# interface.url.url_format: "%s,%s.%i" - -# looks like Jakarta Struts: abc,xyz,1.do -# interface.url.url_format: "%s,%s,%d.do" - - -# add the session ID as an URL-Parameter. -# useful, if you do not want cookies and trans_sid is not installed. -# if unsure, set to "false" -# interface.url.add_sessionid : false - + # If the entry filename is the index file of the directory, set this to true. + # This enables urls like "path/to/openrat/?a: 1&b: 2" and hides PHP. + # only useful, if fake_url: false + # if unsure, set to 'false' (default) + index : false - -# Use gravatar for user images -# see http://www.gravator.com for details - -# interface.gravatar.enable: true -# interface.gravatar.size: 80 -# interface.gravatar.default: 404 -# interface.gravatar.rating: g + # Use gravatar for user images + gravatar: + # see http://www.gravator.com for details + enable: true + size: 80 + default: 404 + rating: g @@ -678,774 +591,709 @@ # auto-extend the session while the browser is still open. # if 'true', the title frame will be refreshed automatically # 1 minute before the session times out. -# Because this is maybe unsecure, the default setting is 'false'. -# interface.session.auto_extend: false -# - + session: + auto_extend: false # Openrat is able to check passwords against a LDAP-based directory. +ldap: -# Hostname of your LDAP server. -# ldap.host: "localhost" + # Hostname of your LDAP server. + host: "localhost" -# TCP-Port of your LDAP server. -# ldap.port: "389" + # TCP-Port of your LDAP server. + port: "389" -# Protocol-Version -# Set this to '2' or '3'. -# ldap.protocol: "2" + # Protocol-Version + # Set this to '2' or '3'. + protocol: "2" # The format of the DN # If blank, the DN is automatically searched in the LDAP tree (see section "search"). # for using LDAP authentication, /security/auth/type has to be set to "ldap"! -# ldap.dn : "uid: {user},ou: users,dc: example,dc: com" -# ldap.dn : ""; + dn : "uid: {user},ou: users,dc: example,dc: com" + #dn : ""; -# Settings for authentication against a LDAP directory -# This is only activated, if the setting 'security.auth.type' is 'ldap'. + # Settings for authentication against a LDAP directory + # This is only activated, if the setting 'security.auth.type' is 'ldap'. + + # use of anonymous bind ('true' or 'false') + # if 'true', the following user and password settings are ignored. + search.anonymous : true -# use of anonymous bind ('true' or 'false') -# if 'true', the following user and password settings are ignored. -# ldap.search.anonymous : true + # if 'anonymous' is 'false': DN of technical user for searching the real user DN + search.user : "uid: openrat,ou: users,dc: example,dc: com" -# if 'anonymous' is 'false': DN of technical user for searching the real user DN -# ldap.search.user : "uid: openrat,ou: users,dc: example,dc: com" + # if 'anonymous' is 'false': password of technical user + search.password : "verysecret" -# if 'anonymous' is 'false': password of technical user -# ldap.search.password : "verysecret" + # Base-DN of the subtree where the search begins + search.basedn : "dc: example,dc: com" -# Base-DN of the subtree where the search begins -# ldap.search.basedn : "dc: example,dc: com" + # Filter setting for searching the user objects. + # The string {user} will be replaced by the user name. + search.filter : "(uid: {user})" -# Filter setting for searching the user objects. -# The string {user} will be replaced by the user name. -# ldap.search.filter : "(uid: {user})" + # Aliases are dereferenced ('true' or 'false') + search.aliases : true -# Aliases are dereferenced ('true' or 'false') -# ldap.search.aliases : true + # Timeout in seconds + search.timeout : 30 -# Timeout in seconds -# ldap.search.timeout : 30 + # If the user is found in the LDAP tree, but is not yet stored in the internal database. + # 'true' the user will be logged in and automatically inserted in the internal database. + # 'false' login will be rejected, all users must exist in the internal database. + search.add : true -# If the user is found in the LDAP tree, but is not yet stored in the internal database. -# 'true' the user will be logged in and automatically inserted in the internal database. -# 'false' login will be rejected, all users must exist in the internal database. -# ldap.search.add : true + # The user-group-relation can be read out of the LDAP tree. + # For using this, 'security.authorize.type' must be set to 'ldap'. + + # Search filter for reading the groups a user belongs to. + authorize.group_filter: "(memberUid: {dn})" -# The user-group-relation can be read out of the LDAP tree. -# For using this, 'security.authorize.type' must be set to 'ldap'. + # LDAP attribute name of the name of the group + authorize.group_name: "cn" -# Search filter for reading the groups a user belongs to. -# ldap.authorize.group_filter: "(memberUid: {dn})" + # Add groups found in LDAP (but not known in the internal database) automatically into database? + # If 'false', the LDAP groups cannot be used! + authorize.auto_add : true + +login: + motd: "" # Message of the day, shown in login mask + nologin: false # Disable Login (for maintanance jobs) + register: false + send_password: false -# LDAP attribute name of the name of the group -# ldap.authorize.group_name: "cn" + gpl.url: "http://www.gnu.org/licenses/old-licenses/gpl-2.0.html" -# Add groups found in LDAP (but not known in the internal database) automatically into database? -# If 'false', the LDAP groups cannot be used! -# ldap.authorize.auto_add : true -# -# converted from login.yml -# <?php exit('direct access denied') ?> + logo.file: "./themes/default/images/logo.jpg" # logo (url to image) in login mask + logo.url: "http://www.openrat.de" # linked url in login mask -# login.motd: "" ; Message of the day, shown in login mask -# login.nologin: false ; Disable Login (for maintanance jobs) -# login.register: false -# login.send_password: false -# login.gpl.url: "http://www.gnu.org/licenses/old-licenses/gpl-2.0.html" + # After Login, start with the last changed object. + # If 'true', the project menu is not displayed. + start: + start_lastchanged_object: true -# login.logo.file: "./themes/default/images/logo.jpg" ; logo (url to image) in login mask -# login.logo.url: "http://www.openrat.de" ; linked url in login mask +log: + # filename of logfile. Every log entry will be appended to this file. + # This file must be writable by the webserver. + # If blank (default), no logging will be done. + file : "" -# After Login, start with the last changed object. -# If 'true', the project menu is not displayed. -# login.start.start_lastchanged_object: true -# -# converted from log.yml -# <?php exit('direct access denied') ?> + # loglevel are one of 'trace','debug','info','warn','error' + level : "warn" + # date format (for variable %time, see 'format'. This format is used by PHPs date()-function. + # See http://www.php.net/date + date_format : "M j H:i:s" -# Logfile settings + # lookup hostname of client-IP + # this may increase performance, if 'true'. Be careful! + dns_lookup : false + # output format + # the following variables are replaced: + # %time by the current time of the log entry. + # %level the logging level + # %host client ip ore hostname (see 'dns_lookup' entry above) + # %user username, who is logged in, ore '-' if not logged in. + # %action what is happening now + # %text reason of the log entry + format : "%time %level %host %user %action %text" -# filename of logfile. Every log entry will be appended to this file. -# This file must be writable by the webserver. -# If blank (default), no logging will be done. -# log.file : "" -# loglevel are one of 'trace','debug','info','warn','error' -# log.level : "warn" +mail: + # E-Mail Settings -# date format (for variable %time, see 'format'. This format is used by PHPs date()-function. -# See http://www.php.net/date -# log.date_format : "M j H:i:s" + # Does your server send e-mails? + # 'true' or 'false' + enabled: true -# lookup hostname of client-IP -# this may increase performance, if 'true'. Be careful! -# log.dns_lookup : false + # The "from"-Adress. Creates a "From: "-Header. + # This is not neccecary. Hint: Most MTAs require a valid email adress. + from: "OpenRat <user@example.com>" -# output format -# the following variables are replaced: -# %time by the current time of the log entry. -# %level the logging level -# %host client ip ore hostname (see 'dns_lookup' entry above) -# %user username, who is logged in, ore '-' if not logged in. -# %action what is happening now -# %text reason of the log entry -# log.format : "%time %level %host %user %action %text" -# -# converted from mail.yml -# <?php exit('direct access denied') ?> + # This signature is appended at the end of a mail. Use ';' for line-breaks. + # A useful information is maybe the URL of your OpenRat installation. + signature: "http://www.openrat.de" -# E-Mail Settings + # Copy Recipient + cc: -# Does your server send e-mails? -# 'true' or 'false' -# mail.enabled: true + # Blind Copy recipient + bcc: -# The "from"-Adress. Creates a "From: "-Header. -# This is not neccecary. Hint: Most MTAs require a valid email adress. -# mail.from: "OpenRat <user@example.com>" + # Priority of the mail (creates an "X-Priority"-Header) + # 1: Highest, 2: High, 3: Normal, 4: Low, 5: Lowest + # Hint: Most MUAs ignore this header. + priority: 3 -# This signature is appended at the end of a mail. Use ';' for line-breaks. -# A useful information is maybe the URL of your OpenRat installation. -# mail.signature: "http://www.openrat.de" -# Copy Recipient -# mail.cc: + # Non-7-bit-chars are not allowed in Mailheaders (see RFC 822, 2045, 2047) + # and must be encoded. Openrat supports 3 types of encoding: + # 'Quoted-printable' (default), + # 'Base64' + # '' (blank) no encoding. + header_encoding: "Quoted-printable" -# Blind Copy recipient -# mail.bcc: -# Priority of the mail (creates an "X-Priority"-Header) -# 1: Highest, 2: High, 3: Normal, 4: Low, 5: Lowest -# Hint: Most MUAs ignore this header. -# mail.priority: 3 + # Which SMTP client you want to use. + # 'php' : Internal PHP function mail(). + # 'smtp': OpenRat internal SMTP-client + # If unsure, use the builtin PHP function. + client: smtp + #client: php -# Non-7-bit-chars are not allowed in Mailheaders (see RFC 822, 2045, 2047) -# and must be encoded. Openrat supports 3 types of encoding: -# 'Quoted-printable' (default), -# 'Base64' -# '' (blank) no encoding. -# mail.header_encoding: "Quoted-printable" + # Whitelist + # A comma-seperated list of domains names + whitelist : "" + # Blacklist + # A comma-seperated list of domain names + blacklist : "" -# Which SMTP client you want to use. -# 'php' : Internal PHP function mail(). -# 'smtp': OpenRat internal SMTP-client -# If unsure, use the builtin PHP function. -# mail.client: smtp -# mail.client: php -# Whitelist -# A comma-seperated list of domains names -# mail.whitelist : "" + # Settings for the internal SMTP client. + # If client: 'php', you have no need to change anything in this section. -# Blacklist -# A comma-seperated list of domain names -# mail.blacklist : "" + # Relay host + # It is useful, to have your own relay host, as servers doing greylisting + # *will* deny our smtp try. + # If this is blank, the mail is delivered directly to the destination MX host. + # I repeat, it is better to always use a relay host! + #smtp.host: "mail.yourdomain.example" + smtp: + host: "locahost" + # SMTP-Port is '25' in most environments + port: "25" + # SMTP Authentication + # (only needed if using a relay host) + # (FYI: The client makes use of the SMTP "AUTH LOGIN" method. + auth_username: "your.user@something.example" + auth_password: "notsecret" -# Settings for the internal SMTP client. -# If client: 'php', you have no need to change anything in this section. + # Timeout in seconds + timeout: "45" -# Relay host -# It is useful, to have your own relay host, as servers doing greylisting -# *will* deny our smtp try. -# If this is blank, the mail is delivered directly to the destination MX host. -# I repeat, it is better to always use a relay host! -# mail.smtp.host: "mail.yourdomain.example" -# mail.smtp.host: "locahost" + # Your fully-qualified hostname (FQDN) + # if empty, Openrat will use your simple hostname + #localhost: + localhost: "your.fully.qualified.hostname.example" -# SMTP-Port is '25' in most environments -# mail.smtp.port: "25" + # Use TLS + # The client will send a "STARTTLS" command after HELO. + # TLS is not tested, use at your own risk! + tls: false -# SMTP Authentication -# (only needed if using a relay host) -# (FYI: The client makes use of the SMTP "AUTH LOGIN" method. -# mail.smtp.auth_username: "your.user@something.example" -# mail.smtp.auth_password: "notsecret" + # Use SSL + # The client will connection using the SSL-protocol. + # This is not tested, use at your own risk! + ssl: false -# Timeout in seconds -# mail.smtp.timeout: "45" -# Your fully-qualified hostname (FQDN) -# if empty, Openrat will use your simple hostname -# mail.smtp.localhost: -# mail.smtp.localhost: "your.fully.qualified.hostname.example" +publish: + # Allow editing of file names. + # 'true' : Author is allowed to edit the file names of his files and pages. + # 'false': File names are generated by OpenRat only. + edit: true -# Use TLS -# The client will send a "STARTTLS" command after HELO. -# TLS is not tested, use at your own risk! -# mail.smtp.tls: false -# Use SSL -# The client will connection using the SSL-protocol. -# This is not tested, use at your own risk! -# mail.smtp.ssl: false + # filename for the first object in a folder. + # Default is 'index'. + default: index -# -# converted from publish.yml -# <?php exit('direct access denied') ?> + # File naming conventions + # See http://httpd.apache.org/docs/2.0/content-negotiation.html#naming + # '{filename}{language_sep}{language}{type_sep}{type}' means 'foo.en.html' + format : "{filename}{language_sep}{language}{type_sep}{type}" -# Allow editing of file names. -# 'true' : Author is allowed to edit the file names of his files and pages. -# 'false': File names are generated by OpenRat only. -# publish.edit: true + # Seperators, mostly you will use '.' + language_sep : "." + type_sep : "." -# filename for the first object in a folder. -# Default is 'index'. -# publish.default: index + # 'always': language name is always appended to the filename + # 'auto' : language is appended if there are at least 2 languages + filename_language : auto -# File naming conventions -# See http://httpd.apache.org/docs/2.0/content-negotiation.html#naming -# '{filename}{language_sep}{language}{type_sep}{type}' means 'foo.en.html' -# publish.format : "{filename}{language_sep}{language}{type_sep}{type}" + # 'always': type is always appended to the filename + # 'auto' : type is appended if there are at least 2 project models + filename_type : always -# Seperators, mostly you will use '.' -# publish.language_sep : "." -# publish.type_sep : "." + # Filename Mode. Only used, if edit: false or no filename is set for an object. + # 'ss' : nice hack for lamers which like storyserver urls like '0,1513,453556,00.html' + # 'id' : simply use the object id. + # 'longid': use a unique and long number. + # 'short' : use a unique name which is as short as possible. + style: "id" -# 'always': language name is always appended to the filename -# 'auto' : language is appended if there are at least 2 languages -# publish.filename_language : auto + # Mode of generated URLs. + # 'relative': (Default) Generates URLs like '../../path/to/example.html'. + # 'absolute': Generates URLs like '/path/to/example.html'. + url: relative + #url: absolute -# 'always': type is always appended to the filename -# 'auto' : type is appended if there are at least 2 project models -# publish.filename_type : always + # Should PHP code in page source be interpreted + # 'false': page source is never interpreted as PHP + # 'auto' : interpreted, if page extension : '.php' + # 'true' : always interpret PHP in page source + enable_php_in_page_content: false + # Should PHP code in file content be interpreted + # 'false': file content is never interpreted as PHP + # 'auto' : interpreted, if file extension : '.php' + # 'true' : always interpret PHP in file content + enable_php_in_file_content: false -# Filename Mode. Only used, if edit: false or no filename is set for an object. -# 'ss' : nice hack for lamers which like storyserver urls like '0,1513,453556,00.html' -# 'id' : simply use the object id. -# 'longid': use a unique and long number. -# 'short' : use a unique name which is as short as possible. -# publish.style: "id" + # Escape all non-ascii characters to HTML entities. + # Normally this is not necessary, if there is a correct charset in the meta-section of your HTML-head. + # 'true' : Escape all non-ascii-characters + # 'false': Do nothing (default) + escape_8bit_characters: false -# Mode of generated URLs. -# 'relative': (Default) Generates URLs like '../../path/to/example.html'. -# 'absolute': Generates URLs like '/path/to/example.html'. -# publish.url: relative -# publish.url: absolute -# Should PHP code in page source be interpreted -# 'false': page source is never interpreted as PHP -# 'auto' : interpreted, if page extension : '.php' -# 'true' : always interpret PHP in page source -# publish.enable_php_in_page_content: false + # Content-Negotiation as defined in RFC 2295. + # These settings are only considered, if the project setting "use content negotiation" is switched on. -# Should PHP code in file content be interpreted -# 'false': file content is never interpreted as PHP -# 'auto' : interpreted, if file extension : '.php' -# 'true' : always interpret PHP in file content -# publish.enable_php_in_file_content: false + # if 'true', then the mime-type is omitted in the URL for page links. + negotiation.page_negotiate_type : true -# Escape all non-ascii characters to HTML entities. -# Normally this is not necessary, if there is a correct charset in the meta-section of your HTML-head. -# 'true' : Escape all non-ascii-characters -# 'false': Do nothing (default) -# publish.escape_8bit_characters: false + # if 'true', then the language is omitted in the URL for page links. + negotiation.page_negotiate_language : true + # if 'true', then the mime type is omitted in the URL for file links + negotiation.file_negotiate_type : true -# Content-Negotiation as defined in RFC 2295. -# These settings are only considered, if the project setting "use content negotiation" is switched on. + project: + # Default publish directory. The edited target directory is appended. + publish_dir: "/var/www/" -# if 'true', then the mime-type is omitted in the URL for page links. -# publish.negotiation.page_negotiate_type : true + # Allow paths in target directory + # 'false': only the base name is taken + # 'true' : user input is taken with full path + override_publish_dir: true -# if 'true', then the language is omitted in the URL for page links. -# publish.negotiation.page_negotiate_language : true + # Default system command. + # Vars: {name} : project name, + # {dir} : Target directory, + # {dirbase} : Target directory basename + system_command: "sudo -u xyz /usr/local/bin/mirror.sh {dirbase}" + #system_command: -# if 'true', then the mime type is omitted in the URL for file links -# publish.negotiation.file_negotiate_type : true + # Input overrides the default system command. + # 'true' or 'false' + override_system_command: true -# Default publish directory. The edited target directory is appended. -# publish.project.publish_dir: "/var/www/" +# FTP configuration +ftp: -# Allow paths in target directory -# 'false': only the base name is taken -# 'true' : user input is taken with full path -# publish.project.override_publish_dir: true + # for which file extensions the ASCII-Mode should be used + ascii: html,htm,php -# Default system command. -# Vars: {name} : project name, -# {dir} : Target directory, -# {dirbase} : Target directory basename -# publish.project.system_command: "sudo -u xyz /usr/local/bin/mirror.sh {dirbase}" -# publish.project.system_command: + # 'true' : (Default) FTP is enabled + # 'false': FTP is disabled, f.e. if FTP is not compiled with PHP. + enable: true -# Input overrides the default system command. -# 'true' or 'false' -# publish.project.override_system_command: true + # Default FTP-Port + # Default: '21' + port: 21 + # Default hostname + host: "ftp.example.com" + # Default path + path: "/path/to/site" -# 'true' : (Default) FTP is enabled -# 'false': FTP is disabled, f.e. if FTP is not compiled with PHP. -# publish.ftp.enable: true + # Login data + # If not specified (default), anonymous login will be used. + user: agent_smith + pass: smith -# Default FTP-Port -# Default: '21' -# publish.ftp.port: 21 -# Default hostname -# publish.ftp.host: "ftp.example.com" +replace: + euro : "EUR,&euro;" + copy : "(c),&copy;" -# Default path -# publish.ftp.path: "/path/to/site" -# Login data -# If not specified (default), anonymous login will be used. -# publish.ftp.user: agent_smith -# publish.ftp.pass: smith -# -# converted from replace.yml -# <!-- $Id$ --> -# <?php exit('direct access denied') ?> - -# *** This part is deprecated and will be moved/removed in one of the next versions. - -# THIS FILE IS OUTDATED AND NOT USED ANY MORE!!! -# replace. -# See file editor.yml section "html", setting "replace". -# replace. -# replace.euro : "EUR,&euro;" -# replace.copy : "(c),&copy;" -# -# converted from search.yml +search: + # Settings for the quicksearch field -# Settings for the quicksearch field -# search. + quicksearch: + # Show submit button for quicksearch. Not needed for modern browsers + show_button: false -# Show submit button for quicksearch. Not needed for modern browsers -# search.quicksearch.show_button: false + # Search in the name of objects + search_name: true -# Search in the name of objects -# search.quicksearch.search_name: true + # search in the filename of objects + search_filename: true -# search in the filename of objects -# search.quicksearch.search_filename: true + # search in the description of objects + search_description: true -# search in the description of objects -# search.quicksearch.search_description: true - -# Search in all text content (slow on big databases!) -# search.quicksearch.search_content: false -# -# converted from security.yml -# <?php exit('direct access denied') ?> + # Search in all text content (slow on big databases!) + search_content: false # Security settings for Openrat - be careful :) +security: + # All is readonly (for maintanance jobs) + # true|false, default:false + readonly: false -# All is readonly (for maintanance jobs) -# true|false, default:false -# security.readonly: false - -# Disable publishing -# security.nopublish: false + # Disable publishing + nopublish: false -# Unix-UMask for all created files -# Default: none (uses system default) -# Example: '0022' (means '-rw-r--r--') -# Example: '0002' (means '-rw-rw-r--') -# security.umask: + # Unix-UMask for all created files + # Default: none (uses system default) + # Example: '0022' (means '-rw-r--r--') + # Example: '0002' (means '-rw-rw-r--') + umask: -# CHMOD for created files -# Default: none -# Example: '0644' (means '-rw-r--r--') -# Example: '0755' (means '-rwxr-xr-x') -# security.chmod: + # CHMOD for created files + # Default: none + # Example: '0644' (means '-rw-r--r--') + # Example: '0755' (means '-rwxr-xr-x') + chmod: -# CHMOD for created directories -# Default: none -# Example: '0755' (means 'drwxr-xr-x') -# Example: '0770' (means 'drwxrwx---') -# security.chmod_dir: + # CHMOD for created directories + # Default: none + # Example: '0755' (means 'drwxr-xr-x') + # Example: '0770' (means 'drwxrwx---') + chmod_dir: -# You may disable dynamic code. -# dynamic code ("CODE"-Elements in templates) are dangerous, because they may -# interact with the file system (and much more!). -# security. -# Hint: only admin users are allowed to save dynamic code. -# Enable, if admin users are trustful. -# Disable, if admin users are anonym (f.e. demo-installations). -# Default: true (for secure default installation). -# security.disable_dynamic_code : true + # You may disable dynamic code. + # dynamic code ("CODE"-Elements in templates) are dangerous, because they may + # interact with the file system (and much more!). + # Hint: only admin users are allowed to save dynamic code. + # Enable, if admin users are trustful. + # Disable, if admin users are anonym (f.e. demo-installations). + # Default: true (for secure default installation). + disable_dynamic_code : true -# Enable or disable the displaying of system information -# security.show_system_info : true + # Enable or disable the displaying of system information + show_system_info : true -# Useful against CSRF-attacks, this adds a token to all POST request. -# security.use_post_token: true -# Creates a new Session on login. -# Useful against session fixation attacks. -# security.renew_session_login: false + # Useful against CSRF-attacks, this adds a token to all POST request. + use_post_token: true -# Creates a new Session on logout. -# Useful against session fixation attacks. -# security.renew_session_logout: false + # Creates a new Session on login. + # Useful against session fixation attacks. + renew_session_login: false + # Creates a new Session on logout. + # Useful against session fixation attacks. + renew_session_logout: false -# Default Login -# These values are used for the login form. -# default: '' -# security.default.username: + # Default Login + # These values are used for the login form. -# default: '' -# security.default.password: + # default: '' + default: + username: + # default: '' + password: -# Guest Login -# if enabled, a named guest user is automatically logged in. -# enable auto-login for a guest user. -# security.guest.enable: false + # Guest Login + # if enabled, a named guest user is automatically logged in. -# Name of the guest user, who is automatically logged in. -# This username must exist in your user database. -# security.guest.user: guest + # enable auto-login for a guest user. + guest: + guest.enable: false + # Name of the guest user, who is automatically logged in. + # This username must exist in your user database. + guest.user: guest -# Type of authorization. -# 'http' uses the HTTP Basic Authrization. -# Only available if PHP is used in the module version. -# Not available, if PHP is used via the CGI way. -# Only the default database is available (because there is no way to select another one) -# 'form' shows a login form via a HTML page. -# Default: 'form' -# security.login.type: form -# security.login.type: http + # Type of authorization. + # 'http' uses the HTTP Basic Authrization. + # Only available if PHP is used in the module version. + # Not available, if PHP is used via the CGI way. + # Only the default database is available (because there is no way to select another one) + # 'form' shows a login form via a HTML page. + # Default: 'form' + login: + login.type: form + #login.type: http -# this is the backend where the passwords are checked against. -# 'database' uses the internal database table as password store. -# 'authdb' uses an external database table as password store, see section 'security.auth'. -# 'ldap' uses an external LDAP directory for password checking, see section 'ldap'. -# 'http' uses an HTTP-Auth Server for password checking -# Default: 'database' -# security.auth.type: database + # this is the backend where the passwords are checked against. + # 'database' uses the internal database table as password store. + # 'authdb' uses an external database table as password store, see section 'security.auth'. + # 'ldap' uses an external LDAP directory for password checking, see section 'ldap'. + # 'http' uses an HTTP-Auth Server for password checking + # Default: 'database' + auth: + type: database -# per-user setting of the LDAP DN. -# 'true' users which have there LDAP-DN explicitly stored are authenticated against LDAP. -# 'false' no LDAP-DN storage per user. -# security.auth.userdn: false + # per-user setting of the LDAP DN. + # 'true' users which have there LDAP-DN explicitly stored are authenticated against LDAP. + # 'false' no LDAP-DN storage per user. + userdn: false -# A user belongs to certain groups. This information can be stored in 2 ways. -# 'database' uses the internal database for the user-group-relation. (default) -# 'ldap' reads the user-group-relations in a LDAP-Directory -# (in this case, /security/auth/type has to be set to "ldap", too!) -# (see /ldap/authorize!) -# security.authorize.type: database -# security.authorize.type: ldap + # A user belongs to certain groups. This information can be stored in 2 ways. + # 'database' uses the internal database for the user-group-relation. (default) + # 'ldap' reads the user-group-relations in a LDAP-Directory + # (in this case, /security/auth/type has to be set to "ldap", too!) + # (see /ldap/authorize!) + authorize: + type: database + #type: ldap -# password settings + # password settings -# length of automatic generated password -# security.password.random_length: 8 + # length of automatic generated password + random_length: 8 -# minimum passwort length -# security.password.min_length: 5 + # minimum passwort length + min_length: 5 -# Password "salt" -# '' : no salt (default) -# 'id' : salt the password with userid -# 'username': salt the password with username -# 'custom' : use the 'salt_text'-setting -# Default: '' -# security.password.salt : "" + # Password "salt" + # '' : no salt (default) + # 'id' : salt the password with userid + # 'username': salt the password with username + # 'custom' : use the 'salt_text'-setting + # Default: '' + salt : "" -# security.password.salt_text : "somerandomtext" + salt_text : "somerandomtext" -# this section is needed if the setting "auth/type" is 'http'. -# passwords are checked against another HTTP-Server with Basic Authorization. + # this section is needed if the setting "auth/type" is 'http'. + # passwords are checked against another HTTP-Server with Basic Authorization. -# The URL where an HTTP basic authorization ist required. -# security.http.url : "http://example.net/restricted-area" + # The URL where an HTTP basic authorization ist required. + http: + url : "http://example.net/restricted-area" -# this section is needed if the setting "auth/type" is 'authdb'. -# passwords are stored against an external database table. -# This is quite useful, if you have another software running (f.e. a forum system) -# and so the user must only remember 1 password. + # this section is needed if the setting "auth/type" is 'authdb'. + # passwords are stored against an external database table. + # This is quite useful, if you have another software running (f.e. a forum system) + # and so the user must only remember 1 password. -# 'mysql', 'postgresql' or 'sqlite' -# security.authdb.type : postgresql + # 'mysql', 'postgresql' or 'sqlite' + authdb: + type : postgresql -# security.authdb.user : dbuser -# security.authdb.password : dbpassword -# security.authdb.host : 127.0.0.1 -# security.authdb.database : dbname -# security.authdb.persistent : false + user : dbuser + password : dbpassword + host : 127.0.0.1 + database : dbname + persistent : false -# the sql which is executed while checking the password. -# the variables {username} and {password} are replaced. -# security.authdb.sql : "select 1 from table where user: {username} and password: md5({password})" + # the sql which is executed while checking the password. + # the variables {username} and {password} are replaced. + sql : "select 1 from table where user: {username} and password: md5({password})" -# if the user exists in the external database, should it -# automatically be inserted into the openrat internal table? -# security.authdb.add : true + # if the user exists in the external database, should it + # automatically be inserted into the openrat internal table? + add : true -# SSL Client certificate Authentication + # SSL Client certificate Authentication -# The environment variable name which has the username out of the certificate. -# See modssl-configuration for more infos: -# http://httpd.apache.org/docs/2.0/mod/mod_ssl.html.en#envvars -# if blank, ssl client auth is unused (default) -# security.ssl.user_var: -# security.ssl.user_var: "REMOTE_USER" -# security.ssl.user_var: "SSL_CLIENT_S_DN" -# security.ssl.user_var: "SSL_CLIENT_S_DN_CN" + # The environment variable name which has the username out of the certificate. + # See modssl-configuration for more infos: + # http://httpd.apache.org/docs/2.0/mod/mod_ssl.html.en#envvars + # if blank, ssl client auth is unused (default) + ssl: + #user_var: + user_var: "REMOTE_USER" + #user_var: "SSL_CLIENT_S_DN" + #user_var: "SSL_CLIENT_S_DN_CN" -# if 'true', you trust the client certificate fully, this is a passwordless login! -# take care tto have an useful webserver configuration where you only trust CA-signed certificates. -# if 'true', the 'user_var' is needed. -# security.ssl.trust: false + # if 'true', you trust the client certificate fully, this is a passwordless login! + # take care tto have an useful webserver configuration where you only trust CA-signed certificates. + # if 'true', the 'user_var' is needed. + trust: false -# Open-ID -# see http://openid.net/ for specifications and more informations. + openid: + # Open-ID + # see http://openid.net/ for specifications and more informations. -# Enable Open-ID -# default: false -# security.openid.enable: false + # Enable Open-ID + # default: false + enable: false -# Should authenticated users, which are not in your user database, automatically be added? -# default: false -# security.openid.add: false + # Should authenticated users, which are not in your user database, automatically be added? + # default: false + add: false -# Open-Id Logo -# The specification recommends the original Open-Id logo. -# security.openid.logo_url: -# security.openid.logo_url: "http://openid.net/login-bg.gif" + # Open-Id Logo + # The specification recommends the original Open-Id logo. + #logo_url: + logo_url: "http://openid.net/login-bg.gif" -# Trust-Root -# URL-Prefix in which your OpenRat installations are running. -# default: <empty> (OpenRat tries to use its own server name) -# security.openid.trust_root: http://your.server.example/openrat/ -# security.openid.trust_root: + # Trust-Root + # URL-Prefix in which your OpenRat installations are running. + # default: <empty> (OpenRat tries to use its own server name) + trust_root: http://your.server.example/openrat/ + #trust_root: -# Trustful servers -# Default: '' (all) -# security.openid.trusted_server: openid1.example.com,openid2.example.com -# security.openid.trusted_server: + # Trustful servers + # Default: '' (all) + trusted_server: openid1.example.com,openid2.example.com + #trusted_server: -# Should Users fullname and e-mail updated from the OpenId-Server? -# security.openid.update_user: true + # Should Users fullname and e-mail updated from the OpenId-Server? + update_user: true -# Using User-Identitys? -# security.openid.user_identity: true + # Using User-Identitys? + user_identity: true -# List of OpenId-Provider to use -# Special name "identity" for user defined identitys -# security.openid.provider: example -# security.openid.provider.name: google + # List of OpenId-Provider to use + provider: + # Special name "identity" for user defined identitys + name: google -# location of the providers Yadis-document (XRDS-file) -# security.openid.provider.example.xrds_uri: http://google.com/accounts -# which attribute is used for mappin to the internal database -# security.openid.provider.example.map_attribute: email -# which attribut of internal user database is used -# valid values are 'mail', 'username' -# security.openid.provider.example.map_internal: mail + # location of the providers Yadis-document (XRDS-file) + example.xrds_uri: http://google.com/accounts + # which attribute is used for mappin to the internal database + example.map_attribute: email + # which attribut of internal user database is used + # valid values are 'mail', 'username' + example.map_internal: mail -# Google supports Open-Id 2.0 -# security.openid.provider.google.xrds_uri: http://google.com/accounts/o8/id -# security.openid.provider.google.map_attribute: email -# security.openid.provider.google.name: Google -# security.openid.provider.google.map_internal: mail + # Google supports Open-Id 2.0 + google.xrds_uri: http://google.com/accounts/o8/id + google.map_attribute: email + google.name: Google + google.map_internal: mail -# Yahoo -# security.openid.provider.yahoo.xrds_uri: http://?????? -# security.openid.provider.yahoo.map_attribute: usename -# security.openid.provider.yahoo.map_internal: mail + # Yahoo + yahoo.xrds_uri: http://?????? + yahoo.map_attribute: usename + yahoo.map_internal: mail -# Single Sign-on -# These settings are an example for checking login against "PhpMyAdmin". -# PhpMyAdmin must include a link to Openrat with the authid which includes the serialized cookies. -# Example: Include this in the file .../phpmyadmin/main.php: -# <a href: "https://example.com/openrat/?authid: <?php echo urlencode(serialize($_COOKIE)) ?>">OpenRat</a> + # Single Sign-on + # These settings are an example for checking login against "PhpMyAdmin". + # PhpMyAdmin must include a link to Openrat with the authid which includes the serialized cookies. + # Example: Include this in the file .../phpmyadmin/main.php: + # <a href: "https://example.com/openrat/?authid: <?php echo urlencode(serialize($_COOKIE)) ?>">OpenRat</a> -# use single sign-on? Set to 'true' or 'false'. -# security.sso.enable: false + # use single sign-on? Set to 'true' or 'false'. + sso: + enable: false -# the url against the auth-id will be checked. -# security.sso.url: "http://localhost/check.php?phpsessid: {id}&check: true" -# security.sso.url: "https://www.example.com/phpmyadmin/main.php?server: 1" + # the url against the auth-id will be checked. + url: "http://localhost/check.php?phpsessid: {id}&check: true" + #url: "https://www.example.com/phpmyadmin/main.php?server: 1" -# the name of the parameter, where OpenRat will receive the Id, which will then be checked. -# security.sso.auth_param_name: authid + # the name of the parameter, where OpenRat will receive the Id, which will then be checked. + auth_param_name: authid -# is the auth-id serialized? -# security.sso.auth_param_serialized: true + # is the auth-id serialized? + auth_param_serialized: true -# the auth-id will be used as a cookie -# security.sso.cookie: true + # the auth-id will be used as a cookie + cookie: true -# if the auth-id is no array, use this cookie-name. -# security.sso.cookie_name: + # if the auth-id is no array, use this cookie-name. + cookie_name: -# security.sso.force: true + force: true -# leave this blank. -# security.sso.expect: + # leave this blank. + expect: -# this is a regular expression which checks, if the login at the third-party-system is ok. -# security.sso.expect_regexp: "/running on/" + # this is a regular expression which checks, if the login at the third-party-system is ok. + expect_regexp: "/running on/" -# regular expression for find out the username -# this example is used for "PhpMyAdmin" -# security.sso.username_regexp: "/running on localhost as ([a-z]+)@localhost/" + # regular expression for find out the username + # this example is used for "PhpMyAdmin" + username_regexp: "/running on localhost as ([a-z]+)@localhost/" -# Settings for a new user + # Settings for a new user -# These groups are automatically added while a new user is inserted. -# Default: '' -# security.newuser.groups: YourGroup,AnotherGroup + # These groups are automatically added while a new user is inserted. + # Default: '' + newuser: + groups: YourGroup,AnotherGroup -# Logout settings + # Logout settings -# Redirect to this URL after logout -# <blank>: Show Login. -# Default: '' -# security.logout.redirect_url: "http://your.intranet.example/" -# security.logout.redirect_url: + # Redirect to this URL after logout + # <blank>: Show Login. + # Default: '' + logout: + redirect_url: "http://your.intranet.example/" + #redirect_url: -# Show E-Mail-Adress in Administration-Interface. -# Default: true. If admin users should not know the mail adresses, set this to false. -# Useful for Demo-Installations where a lot of users may have administration rights. -# security.user.show_admin_mail: true - -# Show users e-mail-address to other users. -# Default: true. -# security.user.show_mail: true - -# Users are able to send mesages to another users via e-mail -# (not yet implemented) -# security.user.send_message: true -# + # Show E-Mail-Adress in Administration-Interface. + # Default: true. If admin users should not know the mail adresses, set this to false. + # Useful for Demo-Installations where a lot of users may have administration rights. + user: + show_admin_mail: true + # Show users e-mail-address to other users. + # Default: true. + show_mail: true + # Users are able to send mesages to another users via e-mail + # (not yet implemented) + send_message: true -# Theme compiler. -# Enable the Template Compiler -# Templates files are written to a temporary directory. -# default: true -# theme.compiler.enable: true - -# Only compile, if the file under themes/default/templates is changed. -# default: true -# theme.compiler.cache: true - -# Do a CHMOD on the output file. -# default: empty -# theme.compiler.chmod: - -# Compile ALL templates at logout -# (only useful while developing) -# default: false -# theme.compiler.compile_at_logout: false - -# Compile ALL templates to temporary directory -# only useful while developing! Not for production use. -# default:false -# theme.compiler.compile_to_tmp_dir: false -# -# converted from webdav.yml -# <!-- $Id$ --> -# <?php exit('direct access denied') ?> - -# WEBDAV-settings - -# webdav.enable: false - -# Creation of new folders, files. -# webdav.create: true - -# Maximum filesize for uploaded files (in kB) -# webdav.max_file_size: 1000 - -# Readonly-Access. -# webdav.readonly: true - -# Set "X-powered-by"-Header? -# webdav.expose_openrat : true - -# Redirecting from "http://server/path/webdav.php" -# to "http://server/<prefix><session-id>/webdav.php" -# This is a must-have for clients who do not use cookies. -# If 'true', a rewriting rule (.htaccess) is needed. -# webdav.session_in_uri : false - -# the prefix before the session id. -# webdav.session_in_uri_prefix : ors - -# Make some Microsoft-specific stuff (they cannot read RFCs): -# - Set "MS-Author-Via:"-Header -# Set to 'true', if you want to use lame clients like MS-Office, MS-IE, ... -# Set to 'false' for strict WEBDAV, but no MS-clients are doing the job... -# Default: true -# webdav.compliant_to_redmond : true -# # *** The following settings are deprecated and will be removed in one of the next versions. +wiki: -# convert simple HTML-tags to wiki-markup (if HTML is disabled) -# wiki.convert_html : true + # convert simple HTML-tags to wiki-markup (if HTML is disabled) + convert_html : true -# convert a few BB-code tags to wiki-markup -# wiki.convert_bbcode : true + # convert a few BB-code tags to wiki-markup + convert_bbcode : true -# how strong text is marked -# wiki.tag_strong : "*" + # how strong text is marked + tag_strong : "*" -# how emphatic text is marked -# wiki.tag_emphatic : "_" + # how emphatic text is marked + tag_emphatic : "_" diff --git a/modules/cms/Dispatcher.class.php b/modules/cms/Dispatcher.class.php @@ -8,6 +8,7 @@ namespace cms; use BadMethodCallException; use cms\action\Action; use cms\action\RequestParams; +use cms\base\Configuration; use cms\base\DB; use cms\base\DefaultConfig; use cms\base\Startup; @@ -54,9 +55,9 @@ class Dispatcher $this->checkConfiguration(); // Vorhandene Konfiguration aus der Sitzung lesen. - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); - define('PRODUCTION', \cms\base\Configuration::Conf()->is('production',true)); + define('PRODUCTION', Configuration::Conf()->is('production',true)); define('DEVELOPMENT', !PRODUCTION); if( DEVELOPMENT) @@ -160,7 +161,7 @@ class Dispatcher private function checkPostToken() { - if (\cms\base\Configuration::config('security', 'use_post_token') && $this->request->isAction && $this->request->getToken() != Session::token()) { + if (Configuration::config('security', 'use_post_token') && $this->request->isAction && $this->request->getToken() != Session::token()) { Logger::error('Token mismatch: Needed ' . Session::token() . ' but got ' . Logger::sanitizeInput($this->request->getToken()) . '. Maybe an attacker?'); throw new SecurityException("Token mismatch"); } @@ -172,7 +173,7 @@ class Dispatcher private function initializeLogger() { - $logConfig = \cms\base\Configuration::config('log'); + $logConfig = Configuration::config('log'); $logFile = $logConfig['file']; @@ -347,25 +348,17 @@ class Dispatcher elseif ( isset($_COOKIE['or_dbid']) ) $dbid = $_COOKIE['or_dbid']; else { - $dbids = array(); + $databases = Configuration::subset('database')->subsets(); - $databases = \cms\base\Configuration::Conf()->get('database'); + // Filter all enabled databases + $databases = array_filter($databases, function ($dbConfig) { + $dbConfig->is('enabled',true); + }); - if ( !is_array($databases)) - throw new \RuntimeException('Corrupt configuration: Database configuration must be a list'); + $dbids = array_keys( $databases ); - foreach( $databases as $key => $dbconf ) - { - if ( !is_array($dbconf)) - throw new \LogicException("Corrupt configuration: Database configuration '".$key."' must be an array.'"); - - $dbconf += \cms\base\Configuration::config('database-default','defaults'); // Add Default-Values - - if ( is_array($dbconf) && $dbconf['enabled'] ) // Database-Connection is enabled - $dbids[] = $key; - } + $defaultDbId = Configuration::config('database-default','default-id'); - $defaultDbId = \cms\base\Configuration::config('database-default','default-id'); if ( $defaultDbId && in_array($defaultDbId,$dbids) ) // Default-Datenbankverbindung ist konfiguriert und vorhanden. $dbid = $defaultDbId; @@ -378,7 +371,7 @@ class Dispatcher } - $dbConfig = \cms\base\Configuration::config()->subset('database'); + $dbConfig = Configuration::config()->subset('database'); if ( ! $dbConfig->has( $dbid ) ) throw new \LogicException( 'unknown DB-Id: '.$dbid ); @@ -404,7 +397,7 @@ class Dispatcher if ( $firstDbContact ) - // Test, if we should update the database schema. + // Test, if we should update the database scheme. $this->updateDatabase( $dbid ); } @@ -418,7 +411,7 @@ class Dispatcher */ private function updateDatabase($dbid) { - $dbConfig = \cms\base\Configuration::Conf()->subset('database')->subset($dbid); + $dbConfig = Configuration::Conf()->subset('database')->subset($dbid); if ( ! $dbConfig->is('check_version',true)) return; // Check for DB version is disabled. @@ -507,7 +500,7 @@ class Dispatcher */ private function setContentLanguageHeader() { - header('Content-Language: ' . \cms\base\Configuration::Conf()->subset('language')->get('language_code') ); + header('Content-Language: ' . Configuration::Conf()->subset('language')->get('language_code') ); } @@ -518,7 +511,7 @@ class Dispatcher if ( ! $this->request->isAction ) return; - $auditConfig = \cms\base\Configuration::config()->subset('audit-log'); + $auditConfig = Configuration::config()->subset('audit-log'); if ( $auditConfig->is('enabled',false)) { diff --git a/modules/cms/action/Action.class.php b/modules/cms/action/Action.class.php @@ -2,6 +2,7 @@ namespace cms\action; +use cms\base\Configuration; use cms\base\Language as L; use cms\model\BaseObject; use cms\model\ModelBase; @@ -321,22 +322,23 @@ class Action /** - * Benutzen eines sog. "Conditional GET". + * Using the HTTP-Caching, the "Conditional GET". + * + * The HTTP-header "Last-Modified" is set. * - * Diese Funktion setzt einen "Last-Modified"-HTTP-Header. * Ist der Inhalt der Seite nicht neuer, so wird der Inhalt * der Seite nicht ausgegeben, sondern nur HTTP-Status 304 * ("304 not modified") gesetzt. * Der Rest der Seite muss dann nicht mehr erzeugt werden, * wodurch die Performance stark erhoeht werden kann. * - * Credits: Danke an Charles Miller + * Credits: Thanks to Charles Miller * @see http://fishbowl.pastiche.org/2002/10/21/http_conditional_get_for_rss_hackers * - * Gefunden auf: + * Found here: * @see http://simon.incutio.com/archive/2003/04/23/conditionalGet * - * @param $time int Letztes Aenderungsdatum des Objektes + * @param $time int Last modification timestamp of this resource * @param $expirationDuration int Gültigkeitsdauer */ protected function lastModified($time, $expirationDuration = 0) @@ -344,18 +346,18 @@ class Action if ( DEVELOPMENT ) return; - // Conditional-Get eingeschaltet? - if (!\cms\base\Configuration::config('cache', 'conditional_get')) + // Is HTTP-Cache enabled by config? + if ( ! Configuration::subset('cache')->is('conditional_get',true) ) return; - $expires = substr(date('r', time() + $expirationDuration - date('Z')), 0, -5) . 'GMT'; + $expires = substr(date('r', time() + $expirationDuration - date('Z')), 0, -5) . 'GMT'; $lastModified = substr(date('r', $time - date('Z')), 0, -5) . 'GMT'; - $etag = '"' . base_convert($time, 10, 36) . '"'; + $etag = '"' . base_convert($time, 10, 36) . '"'; // a short representation of the unix timestamp. // Header senden - header('Expires: ' . $expires); + header('Expires: ' . $expires); header('Last-Modified: ' . $lastModified); - header('ETag: ' . $etag); + header('ETag: ' . $etag); // Die vom Interpreter sonst automatisch gesetzten // Header uebersteuern @@ -406,11 +408,11 @@ class Action if (empty($value)) $expire = time(); // Cookie wird gelöscht. else - $expire = time() + 60 * 60 * 24 * \cms\base\Configuration::config('security', 'cookie', 'expire'); + $expire = time() + 60 * 60 * 24 * Configuration::config('security', 'cookie', 'expire'); - $secure = \cms\base\Configuration::config('security', 'cookie', 'secure'); - $httponly = \cms\base\Configuration::config('security', 'cookie', 'httponly'); - $samesite = \cms\base\Configuration::config('security', 'cookie', 'samesite'); + $secure = Configuration::config('security', 'cookie', 'secure'); + $httponly = Configuration::config('security', 'cookie', 'httponly'); + $samesite = Configuration::config('security', 'cookie', 'samesite'); $cookieAttributes = [ rawurlencode($name).'='.rawurlencode($value), diff --git a/modules/cms/action/FileAction.class.php b/modules/cms/action/FileAction.class.php @@ -173,9 +173,6 @@ class FileAction extends ObjectAction if ( $this->file->extension == 'gz' ) { - $conf = \cms\base\Configuration::rawConfig(); - $mime_types = $conf['mime-types']; - $pos = strrpos($this->file->filename,'.'); if ( $pos === false ) $ext = ''; @@ -184,11 +181,7 @@ class FileAction extends ObjectAction $ext = strtolower($ext); - if ( !empty($mime_types[$ext]) ) - $mime_type = $mime_types[$ext]; - else - // Wenn kein Mime-Type gefunden, dann Standardwert setzen - $mime_type = File::DEFAULT_MIMETYPE; + $mime_type = File:: $mime_types[$ext]; header('Content-Type: '.$mime_type ); header('Content-Encoding: gzip' ); diff --git a/modules/cms/action/LoginAction.class.php b/modules/cms/action/LoginAction.class.php @@ -4,12 +4,14 @@ namespace cms\action; use cms\auth\Auth; +use cms\base\Configuration; use cms\base\DB; use cms\base\Startup; use cms\model\User; use cms\model\Group; +use configuration\Config; use util\FileUtils; use util\Http; use cms\auth\InternalAuth; @@ -71,7 +73,7 @@ class LoginAction extends BaseAction { Logger::debug( "Login user: '$name'.'" ); - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); Session::setUser(null); @@ -166,7 +168,7 @@ class LoginAction extends BaseAction { // Hier nie "304 not modified" setzen, da sonst keine // Login-Fehlermeldung erscheinen kann. - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); $sso = $conf['security']['sso']; $ssl = $conf['security']['ssl']; @@ -268,23 +270,23 @@ class LoginAction extends BaseAction $this->callSubAction('show'); } - $dbids = array(); - - $databases = \cms\base\Configuration::Conf()->get('database'); - - if ( !is_array($databases)) - throw new \LogicException("Corrupt configuration: Databases configuration must be an array."); + $databases = Configuration::subset('database')->subsets(); + // Filter all enabled databases + $databases = array_filter( $databases, function($dbConfig) { + $dbConfig->is('enabled',true); + }); + $dbids = []; foreach( $databases as $dbid => $dbconf ) { - if ( !is_array($dbconf)) - throw new \LogicException("Corrup configuration: Database configuration '".$dbid."' must be an array.'"); - - $dbconf += $conf['database-default']['defaults']; // Add Default-Values - - if ( is_array($dbconf) && $dbconf['enabled'] ) // Database-Connection is enabled - $dbids[$dbid] = !$dbconf['name'] ? $dbid : $dbconf['name'].' - '.$dbconf['description']; + // Getting the first not-null information about the connection. + $dbids[ $dbid ] = array_filter( array( + $dbconf->get('description'), + $dbconf->get('name'), + $dbconf->get('host'), + $dbconf->get('driver'), + $dbid))[0]; } @@ -353,6 +355,39 @@ class LoginAction extends BaseAction } + /** + * get all enabled databases. + * @return Config[] + */ + protected function getAllEnabledDatabases() { + + return array_filter( Configuration::subset('database')->subsets(), function($dbConfig) { + $dbConfig->is('enabled',true); + }); + + } + + + /** + * Gets a list of all databases. + * @return string[] list of databases. + */ + protected function getSelectableDatabases() { + + return array_map( function($dbconf) { + // Getting the first not-null information about the connection. + return array_filter( array( + $dbconf->get('description'), + $dbconf->get('name' ), + $dbconf->get('host' ), + $dbconf->get('driver'), + $dbconf->get('type' ), + 'unknown'))[0]; + + }, $this->getAllEnabledDatabases() ); + + } + /** * Anzeigen der Loginmaske. @@ -363,7 +398,7 @@ class LoginAction extends BaseAction */ function openidView() { - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); foreach( $conf['database'] as $dbname=>$dbconf ) { @@ -375,9 +410,9 @@ class LoginAction extends BaseAction $openid_provider = array(); foreach( explode(',',$conf['security']['openid']['provider']['name']) as $provider ) - $openid_provider[$provider] = \cms\base\Configuration::config('security','openid','provider.'.$provider.'.name'); + $openid_provider[$provider] = Configuration::config('security','openid','provider.'.$provider.'.name'); $this->setTemplateVar('openid_providers',$openid_provider); - $this->setTemplateVar('openid_user_identity',\cms\base\Configuration::config('security','openid','user_identity')); + $this->setTemplateVar('openid_user_identity', Configuration::config('security','openid','user_identity')); //$this->setTemplateVar('openid_provider','identity'); @@ -412,7 +447,7 @@ class LoginAction extends BaseAction */ function applications() { - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); // Diese Seite gilt pro Sitzung. $user = Session::getUser(); @@ -463,7 +498,7 @@ class LoginAction extends BaseAction */ public function openidloginView() { - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); $openId = Session::get('openid'); if ( !$openId->checkAuthentication() ) @@ -532,7 +567,7 @@ class LoginAction extends BaseAction */ function openidPost() { - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); Session::setUser(''); @@ -599,7 +634,7 @@ class LoginAction extends BaseAction catch (ObjectNotFoundException $e) { // Gruppe fehlt. Anlegen? - if ( \cms\base\Configuration::config('ldap','authorize','auto_add' ) ) + if ( Configuration::config('ldap','authorize','auto_add' ) ) { // Die Gruppe in der OpenRat-Datenbank hinzufuegen. $g = new Group(); @@ -620,7 +655,7 @@ class LoginAction extends BaseAction */ function loginPost() { - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); Session::setUser(''); // Altes Login entfernen. @@ -811,7 +846,7 @@ class LoginAction extends BaseAction } // Anmeldung erfolgreich. - if ( \cms\base\Configuration::config()->subset('security')->is('renew_session_login',false) ) + if ( Configuration::config()->subset('security')->is('renew_session_login',false) ) $this->recreateSession(); $this->addNotice('user', 0, $user->name, 'LOGIN_OK', Action::NOTICE_OK, array('name' => $user->fullname)); @@ -831,13 +866,13 @@ class LoginAction extends BaseAction */ public function logoutPost() { - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); $user = Session::getUser(); if ( is_object($user) ) $this->setTemplateVar('login_username',$user->name); - if ( \cms\base\Configuration::config()->subset('security')->is('renew_session_logout',false) ) + if ( Configuration::config()->subset('security')->is('renew_session_logout',false) ) $this->recreateSession(); if ( @$conf['theme']['compiler']['compile_at_logout'] ) @@ -936,86 +971,6 @@ class LoginAction extends BaseAction } - function project() - { - $user = Session::getUser(); - if ( ! is_object($user) ) - { - $this->callSubAction('show'); - return; - } - - $this->evaluateRequestVars( array('projectid'=>$this->getRequestId()) ); - - Session::setUser( $user ); - } - - - function object() - { - $user = Session::getUser(); - if ( ! is_object($user) ) - { - $this->callSubAction('show'); - return; - } - - $this->evaluateRequestVars( array('objectid'=>$this->getRequestId()) ); - - Session::setUser( $user ); - } - - - function language() - { - $user = Session::getUser(); - if ( ! is_object($user) ) - { - $this->callSubAction('show'); - return; - } - - $this->evaluateRequestVars( array(RequestParams::PARAM_LANGUAGE_ID=>$this->getRequestId()) ); - } - - - function model() - { - $user = Session::getUser(); - if ( ! is_object($user) ) - { - $this->callSubAction('show'); - return; - } - - $this->evaluateRequestVars( array(RequestParams::PARAM_MODEL_ID=>$this->getRequestId()) ); - - $user = Session::getUser(); - } - - - /** - * Auswerten der Request-Variablen. - * - * @param Array $add - */ - function evaluateRequestVars( $add = array() ) - { - } - - - function showtree() - { - Session::set('showtree',true ); - } - - - function hidetree() - { - Session::set('showtree',false ); - } - - function switchuser() { $user = Session::getUser(); @@ -1034,7 +989,7 @@ class LoginAction extends BaseAction function show() { - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); $user = Session::getUser(); // Gast-Login @@ -1118,7 +1073,7 @@ class LoginAction extends BaseAction */ public function registercodeView() { - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); foreach( $conf['database'] as $dbname=>$dbconf ) { if ( is_array($dbconf) && $dbconf['enabled'] ) @@ -1141,7 +1096,7 @@ class LoginAction extends BaseAction public function registerPost() { - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); Session::set('registerMail',$this->getRequestVar('mail') ); @@ -1181,7 +1136,7 @@ class LoginAction extends BaseAction */ function registercodePost() { - $conf = \cms\base\Configuration::rawConfig(); + $conf = Configuration::rawConfig(); $origRegisterCode = Session::get('registerCode'); $inputRegisterCode = $this->getRequestVar('code'); @@ -1235,22 +1190,15 @@ class LoginAction extends BaseAction function passwordView() { // TODO: Attribut "Password" abfragen - foreach( \cms\base\Configuration::config('database') as $dbname=>$dbconf ) - { - $dbconf = $dbconf + \cms\base\Configuration::config('database-default','defaults'); - if ( $dbconf['enabled'] ) - $dbids[$dbname] = $dbconf['description']; - } - $this->setTemplateVar( 'dbids',$dbids ); - + $this->setTemplateVar( 'dbids',$this->getSelectableDatabases() ); $db = DB::get(); if ( is_object($db) ) $this->setTemplateVar('actdbid',$db->id); else - $this->setTemplateVar('actdbid',\cms\base\Configuration::config('database-default','default-id')); + $this->setTemplateVar('actdbid', Configuration::config('database-default','default-id')); } @@ -1395,9 +1343,9 @@ class LoginAction extends BaseAction $this->setTemplateVar('machine' ,php_uname('m') ); $this->setTemplateVar('version' , phpversion() ); - $this->setTemplateVar('cms_name' , \cms\base\Configuration::Conf()->subset('application')->get('name' ) ); - $this->setTemplateVar('cms_version' , \cms\base\Configuration::Conf()->subset('application')->get('version' ) ); - $this->setTemplateVar('cms_operator', \cms\base\Configuration::Conf()->subset('application')->get('operator') ); + $this->setTemplateVar('cms_name' , Configuration::Conf()->subset('application')->get('name' ) ); + $this->setTemplateVar('cms_version' , Configuration::Conf()->subset('application')->get('version' ) ); + $this->setTemplateVar('cms_operator', Configuration::Conf()->subset('application')->get('operator') ); $user = Session::getUser(); if ( !empty($user) ) diff --git a/modules/cms/base/Configuration.class.php b/modules/cms/base/Configuration.class.php @@ -57,7 +57,7 @@ class Configuration { /** * Gives the subset with this key. - * @param $key subset key + * @param $key string subset key * @return Config */ public static function subset( $key ) { diff --git a/modules/cms/base/DefaultConfig.class.php b/modules/cms/base/DefaultConfig.class.php @@ -31,8 +31,8 @@ class DefaultConfig { 'cache' => [ 'conditional_get' => true, - 'enable_cache' => false, - 'tmp_dir' => '', + 'enable_cache' => false, + 'tmp_dir' => '', ], 'config' => [ @@ -142,7 +142,7 @@ class DefaultConfig { 'NA' => 'Nauru', 'NE' => 'Nepali', 'NL' => 'Dutch', - '_NO' => 'Norwegian', + 'NO' => 'Norwegian', 'OC' => 'Occitan', 'OM' => 'Oromo', 'OR' => 'Oriya', @@ -201,33 +201,6 @@ class DefaultConfig { ], 'database-default' => [ - 'defaults' => - [ - 'prefix' => 'cms_', - 'suffix' => '', - 'enabled' => true, - 'name' => '', - 'description' => '', - 'type' => 'pdo', - 'driver' => 'mysql', - 'dsn' => '', - 'user' => '', - 'password' => '', - 'host' => 'localhost', - 'port' => 0, - 'database' => '', - 'base64' => false, - 'persistent' => true, - 'charset' => 'UTF-8', - 'connection_sql' => '', - 'cmd' => '', - 'prepare' => true, - 'transaction' => true, - 'update' => - [ - ], - 'auto_update' => true, - ], 'default-id' => '', ], 'date' => @@ -374,10 +347,6 @@ class DefaultConfig { ], 'interface' => [ - 'tree_width' => '25%', - 'file_separator' => ' &raquo', - 'nice_urls' => false, - 'url_sessionid' => false, 'theme' => 'default', 'timeout' => '0', 'override_title' => '', @@ -393,17 +362,6 @@ class DefaultConfig { 'show_interpreter' => true, 'show_extensions' => true, ], - 'frames' => - [ - 'top' => '_top', - ], - 'url' => - [ - 'fake_url' => false, - 'index' => false, - 'url_format' => '%s,%s,%d.do', - 'add_sessionid' => false, - ], 'gravatar' => [ 'enable' => true, @@ -503,261 +461,6 @@ class DefaultConfig { 'ssl' => false, ], ], - 'mime-types' => - [ - 'ez' => 'application/andrew-inset', - 'csm' => 'application/cu-seeme', - 'cu' => 'application/cu-seeme', - 'tsp' => 'application/dsptype', - 'spl' => 'application/x-futuresplash ', - 'cpt' => 'image/x-corelphotopaint', - 'hqx' => 'application/mac-binhex40', - 'nb' => 'application/mathematica', - 'mdb' => 'application/msaccess', - 'doc' => 'application/msword', - 'dot' => 'application/msword', - 'bin' => 'application/octet-stream', - 'oda' => 'application/oda', - 'pdf' => 'application/pdf', - 'pgp' => 'application/pgp-signature', - 'ps' => 'application/postscript', - 'ai' => 'application/postscript', - 'eps' => 'application/postscript', - 'rtf' => 'text/rtf', - 'smi' => 'application/smil', - 'smil' => 'application/smil', - 'xls' => 'application/vnd.ms-excel', - 'xlb' => 'application/vnd.ms-excel', - 'ppt' => 'application/vnd.ms-powerpoint', - 'pps' => 'application/vnd.ms-powerpoint', - 'pot' => 'application/vnd.ms-powerpoint', - 'sdw' => 'application/vnd.stardivision.writer', - 'sgl' => 'application/vnd.stardivision.writer-global', - 'vor' => 'application/vnd.stardivision.writer', - 'sdc' => 'application/vnd.stardivision.calc', - 'sda' => 'application/vnd.stardivision.draw', - 'sdd' => 'application/vnd.stardivision.impress', - 'sdp' => 'application/vnd.stardivision.impress-packed', - 'smf' => 'application/vnd.stardivision.math', - 'sds' => 'application/vnd.stardivision.chart', - 'smd' => 'application/vnd.stardivision.mail', - 'wbxml' => 'application/vnd.wap.wbxml ', - 'wmlc' => 'application/vnd.wap.wmlc', - 'wmlsc' => 'application/vnd.wap.wmlscriptc', - 'wp5' => 'application/wordperfect5.1', - 'zip' => 'application/zip', - 'wk' => 'application/x-123', - 'bcpio' => 'application/x-bcpio', - 'vcd' => 'application/x-cdlink ', - 'pgn' => 'application/x-chess-pgn', - 'cpio' => 'application/x-cpio', - 'csh' => 'text/x-csh', - 'deb' => 'application/x-debian-package', - 'dcr' => 'application/x-director', - 'dir' => 'application/x-director', - 'dxr' => 'application/x-director', - 'wad' => 'application/x-doom', - 'dms' => 'application/x-dms', - 'dvi' => 'application/x-dvi', - 'pfa' => 'application/x-font', - 'pfb' => 'application/x-font', - 'gsf' => 'application/x-font', - 'pcf' => 'application/x-font', - 'gnumeric' => 'application/x-gnumeric', - 'gtar' => 'application/x-gtar', - 'tgz' => 'application/x-gtar', - 'taz' => 'application/x-gtar', - 'hdf' => 'application/x-hdf', - 'phtml' => 'text/html', - 'pht' => 'text/html', - 'php' => 'text/html', - 'phps' => 'text/html', - 'php3' => 'text/html', - 'php3p' => 'text/html ', - 'php4' => 'text/html', - 'docbook' => 'application/docbook+xml', - 'ica' => 'application/x-ica', - 'jar' => 'application/x-java-archive', - 'jnlp' => 'application/x-java-jnlp-file', - 'ser' => 'application/x-java-serialized-object', - 'class' => 'application/x-java-vm', - 'js' => 'application/x-javascript', - 'chrt' => 'application/x-kchart', - 'kil' => 'application/x-killustrator', - 'kpr' => 'application/x-kpresenter', - 'kpt' => 'application/x-kpresenter', - 'skp' => 'application/x-koan ', - 'skd' => 'application/x-koan ', - 'skt' => 'application/x-koan ', - 'skm' => 'application/x-koan ', - 'ksp' => 'application/x-kspread', - 'kwd' => 'application/x-kword', - ' kwt' => 'application/x-kword', - 'latex' => 'application/x-latex', - 'lha' => 'application/x-lha', - 'lzh' => 'application/x-lzh', - 'lzx' => 'application/x-lzx', - 'frm' => 'fbdocapplication/x-maker', - 'maker' => 'fbdocapplication/x-maker', - 'frame' => 'fbdocapplication/x-maker', - 'fm' => 'fbdocapplication/x-maker', - 'fb' => 'fbdocapplication/x-maker', - 'book' => 'fbdocapplication/x-maker', - 'mif' => 'application/x-mif', - 'com' => 'application/x-msdos-program', - 'exe' => 'application/x-msdos-program', - 'bat' => 'application/x-msdos-program', - 'dll' => 'application/x-msdos-program', - 'msi' => 'application/x-msi', - 'nc' => 'application/x-netcdf', - 'cdf' => 'application/x-netcdf', - 'pac' => 'application/x-ns-proxy-autoconfig', - 'o' => 'application/x-object', - 'ogg' => 'application/x-ogg', - 'oza' => 'application/x-oz-application', - 'pl' => 'application/x-perl', - 'pm' => 'application/x-perl', - 'crl' => 'application/x-pkcs7-crl', - 'rpm' => 'audio/x-pn-realaudio-plugin ', - 'shar' => 'application/x-shar', - 'swf' => 'application/x-shockwave-flash', - 'swfl' => 'application/x-shockwave-flash', - 'sh' => 'text/x-sh', - 'sit' => 'application/x-stuffit', - 'sv4cpio' => 'application/x-sv4cpio', - 'sv4crc' => 'application/x-sv4crc', - 'tar' => 'application/x-tar', - 'tcl' => 'text/x-tcl', - 'tex' => 'text/x-tex', - 'gf' => 'application/x-tex-gf', - 'pk' => 'application/x-tex-pk', - 'texinfo' => 'application/x-texinfo', - 'texi' => 'application/x-texinfo', - '; "~"' => 'application/x-trash', - ';"%"' => 'application/x-trash', - 'bak' => 'application/x-trash', - 'old' => 'application/x-trash', - 'sik' => 'application/x-trash', - 't' => 'application/x-troff', - 'tr' => 'application/x-troff', - 'roff' => 'application/x-troff', - 'man' => 'application/x-troff-man', - 'me' => 'application/x-troff-me', - 'ms' => 'application/x-troff-ms', - 'ustar' => 'application/x-ustar', - 'src' => 'application/x-wais-source', - 'wz' => 'application/x-wingz', - 'crt' => 'application/x-x509-ca-cert', - 'fig' => 'application/x-xfig', - 'au' => 'audio/basic', - 'snd' => 'audio/basic', - 'mid' => 'audio/midi', - 'midi' => 'audio/midi', - 'kar' => 'audio/midi', - 'mpga' => 'audio/mpeg', - 'mpega' => 'audio/mpeg', - 'mp2' => 'audio/mpeg', - 'mp3' => 'audio/mpeg', - 'm3u' => 'audio/x-mpegurl', - 'sid' => 'audio/prs.sid', - 'aif' => 'audio/x-aiff', - 'aiff' => 'audio/x-aiff', - 'aifc' => 'audio/x-aiff', - 'gsm' => 'audio/x-gsm', - 'ra' => 'audio/x-realaudio ', - 'rm' => 'audio/x-pn-realaudio', - 'ram' => 'audio/x-pn-realaudio', - 'pls' => 'audio/x-scpls', - 'wav' => 'audio/x-wav', - 'pdb' => 'chemical/x-pdb', - 'xyz' => 'chemical/x-xyz ', - 'bmp' => 'image/x-ms-bmp', - 'gif' => 'image/gif', - 'ief' => 'image/ief', - 'jpeg' => 'image/jpeg', - 'jpg' => 'image/jpeg', - 'jpe' => 'image/jpeg', - 'pcx' => 'image/pcx', - 'png' => 'image/png', - 'svg' => 'image/svg+xml', - 'svgz' => 'image/svg+xml', - 'tiff' => 'image/tiff', - 'tif' => 'image/tiff', - 'wbmp' => 'image/vnd.wap.wbmp', - 'ras' => 'image/x-cmu-raster', - 'cdr' => 'image/x-coreldraw', - 'pat' => 'image/x-coreldrawpattern', - 'cdt' => 'image/x-coreldrawtemplate', - 'djvu' => 'image/x-djvu', - 'djv' => 'image/x-djvu', - 'jng' => 'image/x-jng', - 'pnm' => 'image/x-portable-anymap', - 'pbm' => 'image/x-portable-bitmap', - 'pgm' => 'image/x-portable-graymap', - 'ppm' => 'image/x-portable-pixmap', - 'rgb' => 'image/x-rgb', - 'xbm' => 'image/x-xbitmap', - 'xpm' => 'image/x-xpixmap', - 'xwd' => 'image/x-xwindowdump', - 'igs' => 'model/iges', - 'iges' => 'model/iges', - 'msh' => 'model/mesh', - 'mesh' => 'model/mesh', - 'silo' => 'model/mesh', - 'wrl' => 'x-world/x-vrml', - 'vrml' => 'x-world/x-vrml', - 'csv' => 'text/comma-separated-values', - 'css' => 'text/css', - 'htm' => 'text/html', - 'html' => 'text/html', - 'xhtml' => 'text/html', - 'mml' => 'text/mathml', - 'asc' => 'text/plain', - 'txt' => 'text/plain', - 'text' => 'text/plain', - 'diff' => 'text/plain', - 'rtx' => 'text/richtext', - 'tsv' => 'text/tab-separated-values', - 'wml' => 'text/vnd.wap.wml', - 'wmls' => 'text/vnd.wap.wmlscript', - 'xml' => 'text/xml', - 'xsl' => 'text/xml', - 'hpp' => 'text/x-c++hdr', - 'hxx' => 'text/x-c++hdr', - 'hh' => 'text/x-c++hdr', - 'cpp' => 'text/x-c++src', - 'cxx' => 'text/x-c++src', - 'cc' => 'text/x-c++src', - 'h' => 'text/x-chdr', - 'c' => 'text/x-csrc', - 'java' => 'text/x-java', - 'moc' => 'text/x-moc', - 'p' => 'text/x-pascal', - 'pas' => 'text/x-pascal', - 'etx' => 'text/x-setext', - 'tk' => 'text/x-tcl', - 'ltx' => 'text/x-tex', - 'sty' => 'text/x-tex', - 'cls' => 'text/x-tex', - 'vcs' => 'text/x-vcalendar', - 'vcf' => 'text/x-vcard', - 'dl' => 'video/dl', - 'fli' => 'video/fli', - 'gl' => 'video/gl', - 'mpeg' => 'video/mpeg', - 'mpg' => 'video/mpeg', - 'mpe' => 'video/mpeg', - 'qt' => 'video/quicktime', - 'mov' => 'video/quicktime', - 'mxu' => 'video/vnd.mpegurl', - 'mng' => 'video/x-mng', - 'asf' => 'video/x-ms-asf', - 'asx' => 'video/x-ms-asf', - 'avi' => 'video/x-msvideo', - 'movie' => 'video/x-sgi-movie', - 'ice' => 'x-conference/x-cooltalk', - 'vrm' => 'x-world/x-vrml', - ], 'publish' => [ 'edit' => true, @@ -1034,13 +737,6 @@ class DefaultConfig { ], 'theme' => [ - 'compiler' => - [ - 'enable' => true, - 'cache' => true, - 'chmod' => '', - 'compile_at_logout' => false, - ], 'favicon' => 'modules/cms/ui/themes/default/images/openrat-logo.ico', ], 'wiki' => diff --git a/modules/cms/model/File.class.php b/modules/cms/model/File.class.php @@ -19,6 +19,7 @@ namespace cms\model; // Standard Mime-Type +use cms\base\Configuration; use cms\base\DB as Db; use cms\generator\filter\AbstractFilter; use cms\generator\PublishPublic; @@ -35,18 +36,273 @@ class File extends BaseObject { const DEFAULT_MIMETYPE = 'application/octet-stream'; - var $fileid; - - var $size = 0; - var $value = ''; - var $extension = ''; - var $log_filenames = array(); - var $fullFilename = ''; - - var $mime_type = ''; - - var $tmpfile; - + public $fileid; + + public $size = 0; + public $value = ''; + public $extension = ''; + public $log_filenames = array(); + public $fullFilename = ''; + + public $mime_type = ''; + + public $tmpfile; + + + protected static $MIME_TYPES = [ + 'ez' => 'application/andrew-inset', + 'csm' => 'application/cu-seeme', + 'cu' => 'application/cu-seeme', + 'tsp' => 'application/dsptype', + 'spl' => 'application/x-futuresplash ', + 'cpt' => 'image/x-corelphotopaint', + 'hqx' => 'application/mac-binhex40', + 'nb' => 'application/mathematica', + 'mdb' => 'application/msaccess', + 'doc' => 'application/msword', + 'dot' => 'application/msword', + 'bin' => 'application/octet-stream', + 'oda' => 'application/oda', + 'pdf' => 'application/pdf', + 'pgp' => 'application/pgp-signature', + 'ps' => 'application/postscript', + 'ai' => 'application/postscript', + 'eps' => 'application/postscript', + 'rtf' => 'text/rtf', + 'smi' => 'application/smil', + 'smil' => 'application/smil', + 'xls' => 'application/vnd.ms-excel', + 'xlb' => 'application/vnd.ms-excel', + 'ppt' => 'application/vnd.ms-powerpoint', + 'pps' => 'application/vnd.ms-powerpoint', + 'pot' => 'application/vnd.ms-powerpoint', + 'sdw' => 'application/vnd.stardivision.writer', + 'sgl' => 'application/vnd.stardivision.writer-global', + 'vor' => 'application/vnd.stardivision.writer', + 'sdc' => 'application/vnd.stardivision.calc', + 'sda' => 'application/vnd.stardivision.draw', + 'sdd' => 'application/vnd.stardivision.impress', + 'sdp' => 'application/vnd.stardivision.impress-packed', + 'smf' => 'application/vnd.stardivision.math', + 'sds' => 'application/vnd.stardivision.chart', + 'smd' => 'application/vnd.stardivision.mail', + 'wbxml' => 'application/vnd.wap.wbxml ', + 'wmlc' => 'application/vnd.wap.wmlc', + 'wmlsc' => 'application/vnd.wap.wmlscriptc', + 'wp5' => 'application/wordperfect5.1', + 'zip' => 'application/zip', + 'wk' => 'application/x-123', + 'bcpio' => 'application/x-bcpio', + 'vcd' => 'application/x-cdlink ', + 'pgn' => 'application/x-chess-pgn', + 'cpio' => 'application/x-cpio', + 'csh' => 'text/x-csh', + 'deb' => 'application/x-debian-package', + 'dcr' => 'application/x-director', + 'dir' => 'application/x-director', + 'dxr' => 'application/x-director', + 'wad' => 'application/x-doom', + 'dms' => 'application/x-dms', + 'dvi' => 'application/x-dvi', + 'pfa' => 'application/x-font', + 'pfb' => 'application/x-font', + 'gsf' => 'application/x-font', + 'pcf' => 'application/x-font', + 'gnumeric' => 'application/x-gnumeric', + 'gtar' => 'application/x-gtar', + 'tgz' => 'application/x-gtar', + 'taz' => 'application/x-gtar', + 'hdf' => 'application/x-hdf', + 'phtml' => 'text/html', + 'pht' => 'text/html', + 'php' => 'text/html', + 'phps' => 'text/html', + 'php3' => 'text/html', + 'php3p' => 'text/html ', + 'php4' => 'text/html', + 'docbook' => 'application/docbook+xml', + 'ica' => 'application/x-ica', + 'jar' => 'application/x-java-archive', + 'jnlp' => 'application/x-java-jnlp-file', + 'ser' => 'application/x-java-serialized-object', + 'class' => 'application/x-java-vm', + 'js' => 'application/x-javascript', + 'chrt' => 'application/x-kchart', + 'kil' => 'application/x-killustrator', + 'kpr' => 'application/x-kpresenter', + 'kpt' => 'application/x-kpresenter', + 'skp' => 'application/x-koan ', + 'skd' => 'application/x-koan ', + 'skt' => 'application/x-koan ', + 'skm' => 'application/x-koan ', + 'ksp' => 'application/x-kspread', + 'kwd' => 'application/x-kword', + ' kwt' => 'application/x-kword', + 'latex' => 'application/x-latex', + 'lha' => 'application/x-lha', + 'lzh' => 'application/x-lzh', + 'lzx' => 'application/x-lzx', + 'frm' => 'fbdocapplication/x-maker', + 'maker' => 'fbdocapplication/x-maker', + 'frame' => 'fbdocapplication/x-maker', + 'fm' => 'fbdocapplication/x-maker', + 'fb' => 'fbdocapplication/x-maker', + 'book' => 'fbdocapplication/x-maker', + 'mif' => 'application/x-mif', + 'com' => 'application/x-msdos-program', + 'exe' => 'application/x-msdos-program', + 'bat' => 'application/x-msdos-program', + 'dll' => 'application/x-msdos-program', + 'msi' => 'application/x-msi', + 'nc' => 'application/x-netcdf', + 'cdf' => 'application/x-netcdf', + 'pac' => 'application/x-ns-proxy-autoconfig', + 'o' => 'application/x-object', + 'ogg' => 'application/x-ogg', + 'oza' => 'application/x-oz-application', + 'pl' => 'application/x-perl', + 'pm' => 'application/x-perl', + 'crl' => 'application/x-pkcs7-crl', + 'rpm' => 'audio/x-pn-realaudio-plugin ', + 'shar' => 'application/x-shar', + 'swf' => 'application/x-shockwave-flash', + 'swfl' => 'application/x-shockwave-flash', + 'sh' => 'text/x-sh', + 'sit' => 'application/x-stuffit', + 'sv4cpio' => 'application/x-sv4cpio', + 'sv4crc' => 'application/x-sv4crc', + 'tar' => 'application/x-tar', + 'tcl' => 'text/x-tcl', + 'tex' => 'text/x-tex', + 'gf' => 'application/x-tex-gf', + 'pk' => 'application/x-tex-pk', + 'texinfo' => 'application/x-texinfo', + 'texi' => 'application/x-texinfo', + '; "~"' => 'application/x-trash', + ';"%"' => 'application/x-trash', + 'bak' => 'application/x-trash', + 'old' => 'application/x-trash', + 'sik' => 'application/x-trash', + 't' => 'application/x-troff', + 'tr' => 'application/x-troff', + 'roff' => 'application/x-troff', + 'man' => 'application/x-troff-man', + 'me' => 'application/x-troff-me', + 'ms' => 'application/x-troff-ms', + 'ustar' => 'application/x-ustar', + 'src' => 'application/x-wais-source', + 'wz' => 'application/x-wingz', + 'crt' => 'application/x-x509-ca-cert', + 'fig' => 'application/x-xfig', + 'au' => 'audio/basic', + 'snd' => 'audio/basic', + 'mid' => 'audio/midi', + 'midi' => 'audio/midi', + 'kar' => 'audio/midi', + 'mpga' => 'audio/mpeg', + 'mpega' => 'audio/mpeg', + 'mp2' => 'audio/mpeg', + 'mp3' => 'audio/mpeg', + 'm3u' => 'audio/x-mpegurl', + 'sid' => 'audio/prs.sid', + 'aif' => 'audio/x-aiff', + 'aiff' => 'audio/x-aiff', + 'aifc' => 'audio/x-aiff', + 'gsm' => 'audio/x-gsm', + 'ra' => 'audio/x-realaudio ', + 'rm' => 'audio/x-pn-realaudio', + 'ram' => 'audio/x-pn-realaudio', + 'pls' => 'audio/x-scpls', + 'wav' => 'audio/x-wav', + 'pdb' => 'chemical/x-pdb', + 'xyz' => 'chemical/x-xyz ', + 'bmp' => 'image/x-ms-bmp', + 'gif' => 'image/gif', + 'ief' => 'image/ief', + 'jpeg' => 'image/jpeg', + 'jpg' => 'image/jpeg', + 'jpe' => 'image/jpeg', + 'pcx' => 'image/pcx', + 'png' => 'image/png', + 'svg' => 'image/svg+xml', + 'svgz' => 'image/svg+xml', + 'tiff' => 'image/tiff', + 'tif' => 'image/tiff', + 'wbmp' => 'image/vnd.wap.wbmp', + 'ras' => 'image/x-cmu-raster', + 'cdr' => 'image/x-coreldraw', + 'pat' => 'image/x-coreldrawpattern', + 'cdt' => 'image/x-coreldrawtemplate', + 'djvu' => 'image/x-djvu', + 'djv' => 'image/x-djvu', + 'jng' => 'image/x-jng', + 'pnm' => 'image/x-portable-anymap', + 'pbm' => 'image/x-portable-bitmap', + 'pgm' => 'image/x-portable-graymap', + 'ppm' => 'image/x-portable-pixmap', + 'rgb' => 'image/x-rgb', + 'xbm' => 'image/x-xbitmap', + 'xpm' => 'image/x-xpixmap', + 'xwd' => 'image/x-xwindowdump', + 'igs' => 'model/iges', + 'iges' => 'model/iges', + 'msh' => 'model/mesh', + 'mesh' => 'model/mesh', + 'silo' => 'model/mesh', + 'wrl' => 'x-world/x-vrml', + 'vrml' => 'x-world/x-vrml', + 'csv' => 'text/comma-separated-values', + 'css' => 'text/css', + 'htm' => 'text/html', + 'html' => 'text/html', + 'xhtml' => 'text/html', + 'mml' => 'text/mathml', + 'asc' => 'text/plain', + 'txt' => 'text/plain', + 'text' => 'text/plain', + 'diff' => 'text/plain', + 'rtx' => 'text/richtext', + 'tsv' => 'text/tab-separated-values', + 'wml' => 'text/vnd.wap.wml', + 'wmls' => 'text/vnd.wap.wmlscript', + 'xml' => 'text/xml', + 'xsl' => 'text/xml', + 'hpp' => 'text/x-c++hdr', + 'hxx' => 'text/x-c++hdr', + 'hh' => 'text/x-c++hdr', + 'cpp' => 'text/x-c++src', + 'cxx' => 'text/x-c++src', + 'cc' => 'text/x-c++src', + 'h' => 'text/x-chdr', + 'c' => 'text/x-csrc', + 'java' => 'text/x-java', + 'moc' => 'text/x-moc', + 'p' => 'text/x-pascal', + 'pas' => 'text/x-pascal', + 'etx' => 'text/x-setext', + 'tk' => 'text/x-tcl', + 'ltx' => 'text/x-tex', + 'sty' => 'text/x-tex', + 'cls' => 'text/x-tex', + 'vcs' => 'text/x-vcalendar', + 'vcf' => 'text/x-vcard', + 'dl' => 'video/dl', + 'fli' => 'video/fli', + 'gl' => 'video/gl', + 'mpeg' => 'video/mpeg', + 'mpg' => 'video/mpeg', + 'mpe' => 'video/mpeg', + 'qt' => 'video/quicktime', + 'mov' => 'video/quicktime', + 'mxu' => 'video/vnd.mpegurl', + 'mng' => 'video/x-mng', + 'asf' => 'video/x-ms-asf', + 'asx' => 'video/x-ms-asf', + 'avi' => 'video/x-msvideo', + 'movie' => 'video/x-sgi-movie', + 'ice' => 'x-conference/x-cooltalk', + 'vrm' => 'x-world/x-vrml', + ]; /** * Um Probleme mit BLOB-Feldern und Datenbank-Besonderheiten zu vermeiden, @@ -130,23 +386,29 @@ class File extends BaseObject */ public function mimeType() { - if ( !empty( $this->mime_type ) ) + if ( $this->mime_type ) return $this->mime_type; - $conf = \cms\base\Configuration::rawConfig(); - $mime_types = $conf['mime-types']; + $ext = strtolower( $this->getRealExtension() ); + + $this->mime_type = self::getMimeType( $ext ); + + return( $this->mime_type ); + } - $ext = strtolower( $this->getRealExtension() ); + public static function getMimeType( $extension ) { - if ( !empty($mime_types[$ext]) ) - $this->mime_type = $mime_types[$ext]; - else - // Wenn kein Mime-Type gefunden, dann Standartwert setzen - $this->mime_type = self::DEFAULT_MIMETYPE; + $mime_types = Configuration::subset('mime_types')->getConfig() + self::$MIME_TYPES; - return( $this->mime_type ); + $mimeType = @$mime_types[$extension]; + + if ( $mimeType ) + return $mimeType; + else + // Fallback to default mime type + return self::DEFAULT_MIMETYPE; } diff --git a/modules/cms/model/TemplateModel.class.php b/modules/cms/model/TemplateModel.class.php @@ -156,20 +156,13 @@ class TemplateModel extends ModelBase */ public function mimeType() { - $conf = \cms\base\Configuration::rawConfig(); - $mime_types = $conf['mime-types']; - // Nur den letzten Teil der Extension auswerten: // Aus 'mobile.html' wird nur 'html' verwendet. $parts = explode('.',$this->extension); $extension = strtolower(array_pop($parts)); - if ( !empty($mime_types[$extension]) ) - $this->mime_type = $mime_types[$extension]; - else - // Wenn kein Mime-Type gefunden, dann Standardwert setzen - $this->mime_type = 'application/octet-stream'; - + $this->mime_type = File::getMimeType($extension); + return( $this->mime_type ); } diff --git a/modules/configuration/Config.class.php b/modules/configuration/Config.class.php @@ -7,12 +7,16 @@ namespace configuration; */ class Config { + /** + * The actual configuraton values. + * @var array + */ private $config; /** * Config constructor. - * @param $config + * @param array $config */ public function __construct($config) { @@ -20,10 +24,30 @@ class Config } - /** + /** + * Returns a list of all subsets. + * + * @return Config[] subsets + */ + public function subsets() { + + return array_map( function( $value ) { + if (is_array($value)) + return new Config($value); + else + return new Config(array()); + }, array_filter($this->config, function($value) { + // All non-arrays are removed. + return is_array($value); + }) ); + + } + + + /** * Giving the child configuration with a fluent interface. * - * @param $name + * @param $name string * @return Config */ public function subset($name) diff --git a/modules/database/Database.class.php b/modules/database/Database.class.php @@ -17,6 +17,7 @@ // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. namespace database; +use cms\base\Configuration as C; use database\driver\PDODriver; use logger\Logger; use util\exception\DatabaseException; @@ -74,7 +75,39 @@ class Database * @var boolean */ var $transactionInProgress = false; - + + + /** + * Default configuration. + * @var array + */ + private static $DEFAULT_CONFIG = [ + 'prefix' => 'cms_', + 'suffix' => '', + 'enabled' => true, + 'name' => '', + 'description' => '', + 'type' => 'pdo', + 'driver' => 'mysql', + 'dsn' => '', + 'user' => '', + 'password' => '', + 'host' => 'localhost', + 'port' => 0, + 'database' => '', + 'base64' => false, + 'persistent' => true, + 'charset' => 'UTF-8', + 'connection_sql' => '', + 'cmd' => '', + 'prepare' => true, + 'transaction' => true, + 'update' => + [ + ], + 'auto_update' => true, + ]; + /** * Kontruktor. @@ -84,9 +117,9 @@ class Database */ public function __construct( $dbconf ) { - $conf = \cms\base\Configuration::rawConfig(); - - $this->conf = $dbconf + $conf['database-default']['defaults']; // linksstehender Operator hat Priorität! + $this->conf = $dbconf + + C::subset('database-default')->subset('defaults')->getConfig() + + Database::$DEFAULT_CONFIG; $this->connect(); } diff --git a/modules/util/FileUtils.class.php b/modules/util/FileUtils.class.php @@ -1,6 +1,7 @@ <?php namespace util; +use cms\base\Configuration; use Pfad; use RuntimeException; @@ -30,8 +31,7 @@ class FileUtils */ public static function createTempFile() { - $conf = \cms\base\Configuration::rawConfig(); - $tmpdir = @$conf['cache']['tmp_dir']; + $tmpdir = Configuration::subset('cache')->get('tmp_dir',''); $tmpfile = @tempnam($tmpdir, 'openrat_tmp'); // 2. Versuch: Temp-Dir aus "upload_tmp_dir". diff --git a/modules/util/Html.class.php b/modules/util/Html.class.php @@ -19,6 +19,7 @@ namespace util; use cms\action\RequestParams; +use cms\base\Configuration; /** * Bereitstellen von Methoden fuer die Darstellung von HTML-Elementen @@ -32,95 +33,45 @@ class Html /** - * Erzeugt eine relative Url innerhalb von Openrat + * creates a relative url to an action. * * @param string Aktion, die aufgerufen werden soll * @param string Unteraktion, die innerhalb der Aktion aufgerufen werden soll * @param int Id fuer diesen Aufruf * @param array Weitere beliebige Parameter - * @deprecated Das ist Dialog-Logik. Besser im Frontend erzeugen. + * @deprecated UI logic, should not be used on the server. */ public static function url($action, $subaction = '', $id = '', $params = array()) { if (intval($id) == 0) - $id = '-'; + $id = ''; - $conf = \cms\base\Configuration::rawConfig(); - - if (is_array($action)) { - $params = $action; - - if (isset($params['callAction'])) { - $params['subaction'] = $params['callAction']; - unset($params['callAction']); - unset($params['callSubaction']); - } - - - if (!isset($params['action'])) $params['action'] = ''; - if (!isset($params['subaction'])) $params['subaction'] = ''; - if (!isset($params['id'])) $params['id'] = ''; - $action = $params['action']; - $subaction = $params['subaction']; - $id = $params['id']; - unset($params['action']); - unset($params['subaction']); - unset($params['id']); - $params['old'] = 'true'; - } + $conf = Configuration::Conf(); // Session-Id ergaenzen - if ($conf['interface']['url']['add_sessionid']) + if ($conf->subset('interface')->subset('url')->is('add_sessionid',false)) $params[session_name()] = session_id(); - if (\cms\base\Configuration::config('security', 'use_post_token')) + if ($conf->subset('security')->is('use_post_token'.true)) $params['token'] = Session::token(); - $fake_urls = $conf['interface']['url']['fake_url']; - $url_format = $conf['interface']['url']['url_format']; - if (isset($params['objectid']) && !isset($params['id'])) $params['id'] = $params['objectid']; - if ($fake_urls) { -// if ( $id != '' ) -// $id = '.'.$id; - } else { - $params[RequestParams::PARAM_ACTION] = $action; - $params[RequestParams::PARAM_SUBACTION] = $subaction; - $params[RequestParams::PARAM_ID] = $id; - } + $params[RequestParams::PARAM_ACTION ] = $action; - if (count($params) > 0) { - $urlParameterList = array(); - foreach ($params as $var => $value) { - $urlParameterList[] = urlencode($var) . '=' . urlencode($value); - } - - $urlParameterList['_'] = @$urlParameterList[RequestParams::PARAM_ACTION] . '-' . @$urlParameterList[RequestParams::PARAM_ID]; - unset($urlParameterList[RequestParams::PARAM_ACTION], $urlParameterList[RequestParams::PARAM_ID]); - - // We do not escape '&' as '&amp;' here, as it would brake things like Ajax-Urls. - // Maybe the escaping should be controled by a parameter. - $urlParameter = '?' . implode('&', $urlParameterList); - } else { - $urlParameter = ''; - } - - if (@$conf['interface']['url']['index']) - $controller_file_name = ''; - else - $controller_file_name = ''; + if ( $subaction ) + $params[RequestParams::PARAM_SUBACTION] = $subaction; - $prefix = './'; + if ( $id ) + $params[RequestParams::PARAM_ID] = $id; - if ($fake_urls) - $src = sprintf($url_format, $action, $subaction, $id, session_id()) . $urlParameter; - else - $src = $prefix . $controller_file_name . $urlParameter; + $urlParameterList = array_map( function($name,$value) { + return urlencode($name) . '=' . urlencode($value); + },array_keys($params),$params); - return $src; + // We do not escape '&' as '&amp;' here, as it would brake things like Ajax-Urls. + // Maybe the escaping should be controlled by a parameter. + return './?'.implode('&', $urlParameterList); } } - -?>- \ No newline at end of file