openrat-cms

OpenRat Content Management System
git clone http://git.code.weiherhei.de/openrat-cms.git
Log | Files | Refs

commit 9ffa81c3328dd4331295d7a106dea7249e1b73fc
parent 97c1ee30d57f391fa98138fdc2416b3caa64ab56
Author: Jan Dankert <develop@jandankert.de>
Date:   Sat, 26 Sep 2020 03:03:47 +0200

Refactoring: less global functions.

Diffstat:
modules/cms/Dispatcher.class.php | 8++++----
modules/cms/action/LoginAction.class.php | 3++-
modules/cms/action/ProjectAction.class.php | 3++-
modules/cms/api/API.class.php | 3++-
modules/cms/auth/OpenIdAuth.class.php | 5+++--
modules/cms/base/Common.class.php | 151------------------------------------------------------------------------------
modules/cms/base/Language.class.php | 32--------------------------------
modules/cms/base/Startup.class.php | 36++++++++++++++++++++++++++++++++++--
modules/cms/macros/macro/LastChanges.class.php | 14+++++++++-----
modules/cms/macros/macro/TeaserList.class.php | 6+++---
modules/cms/model/BaseObject.class.php | 13+++++++------
modules/cms/model/Project.class.php | 3++-
modules/cms/model/Value.class.php | 3++-
modules/cms/ui/action/TitleAction.class.php | 3++-
modules/util/Html.class.php | 2+-
modules/util/Session.class.php | 7+++++--
16 files changed, 78 insertions(+), 214 deletions(-)

diff --git a/modules/cms/Dispatcher.class.php b/modules/cms/Dispatcher.class.php @@ -114,10 +114,10 @@ class Dispatcher Logger::trace('Output' . "\n" . print_r($result, true)); // Weitere Variablen anreichern. - $result['session'] = array('name' => session_name(), 'id' => session_id(), 'token' => token()); + $result['session'] = array('name' => session_name(), 'id' => session_id(), 'token' => Session::token()); $result['version'] = OR_VERSION; $result['api'] = '2'; - $result['output']['_token'] = token(); + $result['output']['_token'] = Session::token(); $result['output']['_id' ] = $this->request->id; @@ -159,8 +159,8 @@ class Dispatcher private function checkPostToken() { global $REQ; - if (config('security', 'use_post_token') && $_SERVER['REQUEST_METHOD'] == 'POST' && @$REQ[REQ_PARAM_TOKEN] != token()) { - Logger::error('Token mismatch: Needed ' . token() . ' but got ' . Logger::sanitizeInput(@$REQ[REQ_PARAM_TOKEN]) . '. Maybe an attacker?'); + if (config('security', 'use_post_token') && $_SERVER['REQUEST_METHOD'] == 'POST' && @$REQ[REQ_PARAM_TOKEN] != Session::token()) { + Logger::error('Token mismatch: Needed ' . Session::token() . ' but got ' . Logger::sanitizeInput(@$REQ[REQ_PARAM_TOKEN]) . '. Maybe an attacker?'); throw new SecurityException("Token mismatch"); } } diff --git a/modules/cms/action/LoginAction.class.php b/modules/cms/action/LoginAction.class.php @@ -9,6 +9,7 @@ use cms\model\User; use cms\model\Group; +use util\FileUtils; use util\Http; use cms\auth\InternalAuth; use logger\Logger; @@ -530,7 +531,7 @@ class LoginAction extends BaseAction $server = Http::getServer(); Logger::debug("Redirecting to $server"); - header('Location: '.slashify($server) ); + header('Location: '.FileUtils::slashify($server) ); exit(); } diff --git a/modules/cms/action/ProjectAction.class.php b/modules/cms/action/ProjectAction.class.php @@ -6,6 +6,7 @@ use cms\model\Project; use cms\model\Folder; use language\Messages; use logger\Logger; +use util\FileUtils; // OpenRat Content Management System // Copyright (C) 2002-2012 Jan Dankert, cms@jandankert.de @@ -257,7 +258,7 @@ class ProjectAction extends BaseAction if ( ! $syncConf['enabled'] ) return; - $syncDir = slashify($syncConf['directory']).$this->project->name; + $syncDir = FileUtils::slashify($syncConf['directory']).$this->project->name; } diff --git a/modules/cms/api/API.class.php b/modules/cms/api/API.class.php @@ -12,6 +12,7 @@ use ObjectNotFoundException; use util\exception\UIException; use util\exception\SecurityException; use util\json\JSON; +use util\Session; use util\XML; define('CMS_API_REQ_PARAM_SUBACTION', 'subaction'); @@ -71,7 +72,7 @@ class API Logger::trace('Output' . "\n" . print_r($data, true)); // Weitere Variablen anreichern. - $data['session'] = array('name' => session_name(), 'id' => session_id(), 'token' => token()); + $data['session'] = array('name' => session_name(), 'id' => session_id(), 'token' => Session::token()); $data['version'] = OR_VERSION; $data['api'] = '2'; diff --git a/modules/cms/auth/OpenIdAuth.class.php b/modules/cms/auth/OpenIdAuth.class.php @@ -7,6 +7,7 @@ use logger\Logger; use OpenId; use Parameter; use unknown; +use util\FileUtils; use util\Http; @@ -218,8 +219,8 @@ class OpenIdAuth implements Auth if (empty($trustRoot)) $trustRoot = $server; - $redirHttp->requestParameter['openid.trust_root'] = slashify($trustRoot); - $redirHttp->requestParameter['openid.return_to'] = slashify($server) . 'openid.' . PHP_EXT; + $redirHttp->requestParameter['openid.trust_root'] = FileUtils::slashify($trustRoot); + $redirHttp->requestParameter['openid.return_to'] = FileUtils::slashify($server) . 'openid.' . PHP_EXT; //$redirHttp->requestParameter['openid.realm' ] = slashify($server).'openid.'.PHP_EXT; $redirHttp->requestParameter['openid.assoc_handle'] = $this->handle; diff --git a/modules/cms/base/Common.class.php b/modules/cms/base/Common.class.php @@ -1,150 +0,0 @@ -<?php - - -use cms\base\DB; -use util\Session; - -class Common -{ - - public static function registerFunctions() - { - - /** - * F�gt einen Slash ("/") an das Ende an, sofern nicht bereits vorhanden. - * - * @param String $pfad - * @return Pfad mit angeh�ngtem Slash. - */ - function slashify($pfad) - { - if (substr($pfad, -1, 1) == '/') - return $pfad; - else - return $pfad . '/'; - } - - function convertToXmlAttribute($value) - { - return utf8_encode(htmlspecialchars($value)); - } - - - /** - * Ermittelt die aktuelle Systemzeit als Unix-Timestamp.<br> - * Unix-Timestamp ist immer bezogen auf GMT. - * - - * @return Unix-Timestamp der aktuellen Zeit - */ - function now() - { - return time(); - } - - - /** - * Erzeugt f�r eine Zahl eine Schreibweise mit Vorzeichen.<br> - * '-2' bleibt '-2'<br> - * '2' wird zu '+2'<br> - */ - function vorzeichen($nr) - { - return intval($nr) < 0 ? $nr : '+' . $nr; - } - - - /** - * Stellt fest, ob das System in einem schreibgeschuetzten Zustand ist. - * - * @return boolean true, falls schreibgeschuetzt, sonst false - */ - function readonly() - { - // Gesamtes CMS ist readonly. - if (config('security', 'readonly')) - return true; - - // Aktuelle Datenbankverbindung ist readonly. - $db = DB::get(); - if (isset($db->conf['readonly']) && $db->conf['readonly']) - return true; - - return false; - } - - - /** - * Generiert aus der Session-Id einen Token. - * @return Token - */ - function token() - { - return substr(session_id(), -10); - } - - - /** - * Ermittelt, ob der Wert 'true' oder 'false' entspricht. - * - * Anders als beim PHP-Cast auf boolean wird hier auch die - * Zeichenkette 'true' als wahr betrachtet. - * - * @param val mixed - * @return boolean - */ - function istrue($val) - { - if (is_bool($val)) - return $val; - elseif (is_numeric($val)) - return $val != 0; - elseif (is_string($val)) - return $val == 'true' || $val == 'yes' || $val == '1'; - else - return false; - } - - - /** - * Erzeugt einen Link auf die OpenRat-lokale CSS-Datei - * @param $name Name der Style-Konfiguration. Default: 'default'. - */ - function css_link($name = 'default') - { - global $conf; - - // Falls Style-Konfiguration unbekannt, dann Fallback auf default. - if (!isset($conf['style'][$name])) - $name = $conf['interface']['style']['default']; - - - return encode_array($conf['style'][$name]); - } - - - /** - * Encodiert ein Array für eine URL. - * - * @param $args URL-Parameter - */ - function encode_array($args) - { - if (!is_array($args)) - return ''; - - $out = array(); - - foreach ($args as $name => $value) - $out[] = $name . '=' . urlencode($value); - - return implode('&', $out); - } - - - function not($var) - { - return !$var; - } - } - -}- \ No newline at end of file diff --git a/modules/cms/base/Language.class.php b/modules/cms/base/Language.class.php @@ -65,22 +65,6 @@ class Language } - /** - * Diese Funktion stellt ein Wort in der eingestellten - * Sprache zur Verfuegung. Sonderzeichen werden als HTML maskiert. - * - * @param $key - * @return unknown_type - * @package openrat.functions - * @var String Name der Sprachvariablen - * @var Array Liste (Assoziatives Array) von Variablen - * - */ - function langHtml($key, $vars = array()) - { - - return encodeHtml(lang($key, $vars)); - } /** * Ersetzt alle Zeichen mit dem Ordinalwert > 127 mit einer HTML-Maskierung. @@ -157,21 +141,5 @@ class Language } - /** - * Diese Funktion prueft, ob ein Sprachelement vorhanden ist - * - * @var String Name der Sprachvariablen - * - * @package openrat.functions - */ - function hasLang($text) - { - $text = strtoupper($text); - - global $conf; - $lang = $conf['language']; - - return isset($lang[$text]); - } } } \ No newline at end of file diff --git a/modules/cms/base/Startup.class.php b/modules/cms/base/Startup.class.php @@ -37,10 +37,8 @@ class Startup { self::createRequest(); require __DIR__.'/Language.class.php'; - require __DIR__.'/Common.class.php'; require __DIR__.'/Configuration.class.php'; \Language::registerFunctions(); - \Common::registerFunctions(); \Configuration::registerFunctions(); } @@ -150,4 +148,38 @@ class Startup { global $REQ; $REQ = array_merge($_GET, $_POST); } + + + /** + * Stellt fest, ob das System in einem schreibgeschuetzten Zustand ist. + * + * @return boolean true, falls schreibgeschuetzt, sonst false + */ + public static function readonly() { + + // Gesamtes CMS ist readonly. + if (config('security', 'readonly')) + return true; + + // Aktuelle Datenbankverbindung ist readonly. + $db = DB::get(); + if (isset($db->conf['readonly']) && $db->conf['readonly']) + return true; + + return false; + } + + + /** + * Ermittelt die aktuelle Systemzeit als Unix-Timestamp.<br> + * Unix-Timestamp ist immer bezogen auf GMT. + * - + * @return Unix-Timestamp der aktuellen Zeit + */ + function now() + { + return time(); + } + + } diff --git a/modules/cms/macros/macro/LastChanges.class.php b/modules/cms/macros/macro/LastChanges.class.php @@ -86,8 +86,8 @@ class LastChanges extends Macro if ($o['objectid'] == $this->getObjectId() ) continue; - if ( ($o['typeid']==BaseObject::TYPEID_PAGE && istrue($this->showPages)) || - ($o['typeid']==BaseObject::TYPEID_LINK && istrue($this->showLinks)) ) // Nur wenn gewünschter Typ + if ( ($o['typeid']==BaseObject::TYPEID_PAGE && self::isTrue($this->showPages)) || + ($o['typeid']==BaseObject::TYPEID_LINK && self::isTrue($this->showLinks)) ) // Nur wenn gewünschter Typ { if ( $o['typeid']==BaseObject::TYPEID_LINK ) { $l = new Link( $o['objectid'] ); @@ -134,7 +134,7 @@ class LastChanges extends Macro $desc = $value->getCache()->get(); - if ( istrue($this->plaintext) ) + if ( self::isTrue($this->plaintext) ) { $desc = strip_tags($desc); // Und nur wenn die Tags raus sind duerfen wir nun den Text kuerzen. @@ -157,7 +157,7 @@ class LastChanges extends Macro $this->output('<div class="'.$this->css_class.'">'); - if ( istrue($this->linktitle) ) + if ( self::isTrue($this->linktitle) ) { $url = $this->pathToObject($o['objectid']); $this->output( '<a href="'.$url.'"><div>' ); @@ -174,7 +174,7 @@ class LastChanges extends Macro $this->output( $desc ); $this->output( '</p>' ); - if ( istrue($this->linktitle) ) + if ( self::isTrue($this->linktitle) ) { $this->output( '</div></a>' ); } @@ -183,4 +183,8 @@ class LastChanges extends Macro } } } + + public static function isTrue( $value ) { + return filter_var( $value,FILTER_VALIDATE_BOOLEAN); + } } \ No newline at end of file diff --git a/modules/cms/macros/macro/TeaserList.class.php b/modules/cms/macros/macro/TeaserList.class.php @@ -84,7 +84,7 @@ class TeaserList extends Macro $desc = $value->getCache()->get(); - if ( istrue($this->plaintext) ) + if ( filter_var($this->plaintext,FILTER_VALIDATE_BOOLEAN) ) { $desc = strip_tags($desc); // Und nur wenn die Tags raus sind duerfen wir nun den Text kuerzen. @@ -110,14 +110,14 @@ class TeaserList extends Macro $url = $this->pathToObject($o->objectid); $this->output( '<'.$this->title_html_tag.' class="'.$this->title_css_class.'">'); - if ( istrue($this->linktitle) ) + if ( filter_var($this->linktitle,FILTER_VALIDATE_BOOLEAN)) $this->output( '<a href="'.$url.'">'.$p->name.'</a>' ); else $this->output( $p->name ); $this->output( '</'.$this->title_html_tag.'>' ); $this->output( '<p class="'.$this->description_css_class.'">' ); - if ( istrue($this->linktext) ) + if ( filter_var($this->linktext,FILTER_VALIDATE_BOOLEAN) ) $this->output( '<a href="'.$this->pathToObject($o->objectid).'">'.$desc.'</a>' ); else $this->output( $desc ); diff --git a/modules/cms/model/BaseObject.class.php b/modules/cms/model/BaseObject.class.php @@ -4,6 +4,7 @@ namespace cms\model; use cms\base\DB as Db; +use cms\base\Startup; use util\ArrayUtils; use cms\generator\Publish; use phpseclib\Math\BigInteger; @@ -358,7 +359,7 @@ SQL } } - if ( readonly() ) + if ( Startup::readonly() ) // System ist im Nur-Lese-Zustand $this->aclMask = Acl::ACL_READ && $this->aclMask; @@ -884,7 +885,7 @@ SQL $user = \util\Session::getUser(); $this->lastchangeUser = $user; - $this->lastchangeDate = now(); + $this->lastchangeDate = Startup::now(); $stmt->setInt ('time' , $this->lastchangeDate ); $stmt->setInt ('userid' , $this->lastchangeUser->userid ); $stmt->setString('filename' , $this->filename ); @@ -915,7 +916,7 @@ SQL $user = \util\Session::getUser(); $this->lastchangeUser = $user; - $this->lastchangeDate = now(); + $this->lastchangeDate = Startup::now(); $sql->setInt ('userid' ,$this->lastchangeUser->userid ); $sql->setInt ('objectid',$this->objectid ); @@ -952,7 +953,7 @@ SQL $user = \util\Session::getUser(); $this->publishedUser = $user; - $this->publishedDate = now(); + $this->publishedDate = Startup::now(); $sql->setInt ('userid' ,$this->publishedUser->userid ); $sql->setInt ('objectid',$this->objectid ); @@ -1103,10 +1104,10 @@ SQL $sql->setString('filename' , $this->filename ); $sql->setString('projectid', $this->projectid); $sql->setInt ('orderid' , 99999 ); - $sql->setInt ('time' , now() ); + $sql->setInt ('time' , Startup::now() ); $user = \util\Session::getUser(); $sql->setInt ('createuserid' , $user->userid ); - $sql->setInt ('createtime' , now() ); + $sql->setInt ('createtime' , Startup::now() ); $user = \util\Session::getUser(); $sql->setInt ('userid' , $user->userid ); diff --git a/modules/cms/model/Project.class.php b/modules/cms/model/Project.class.php @@ -4,6 +4,7 @@ namespace cms\model; use cms\base\DB; use database\Database; +use util\FileUtils; use util\Session; @@ -558,7 +559,7 @@ EOF if ( ! $syncConf['enabled'] ) return; - $syncDir = slashify($syncConf['directory']).$this->name; + $syncDir = FileUtils::slashify($syncConf['directory']).$this->name; } diff --git a/modules/cms/model/Value.class.php b/modules/cms/model/Value.class.php @@ -1,6 +1,7 @@ <?php namespace cms\model; use cms\base\DB; +use cms\base\Startup; use util\ArrayUtils; use cms\generator\Publish; use cms\macros\MacroRunner; @@ -461,7 +462,7 @@ SQL else $sql->setInt ( 'date',$this->date ); $sql->setBoolean( 'publish' ,$this->publish ); - $sql->setInt ( 'lastchange_date' ,now() ); + $sql->setInt ( 'lastchange_date' ,Startup::now() ); $user = \util\Session::getUser(); $sql->setInt ( 'lastchange_userid',$user->userid ); diff --git a/modules/cms/ui/action/TitleAction.class.php b/modules/cms/ui/action/TitleAction.class.php @@ -3,6 +3,7 @@ namespace cms\action; use cms\base\DB; +use cms\base\Startup; use cms\model\Project; use cms\model\BaseObject; use cms\model\Language; @@ -57,7 +58,7 @@ class TitleAction extends Action $this->setTemplateVar('isLoggedIn',true ); $db = DB::get(); - $this->setTemplateVar('dbname',$db->conf['name'].(readonly()?' ('.lang('readonly').')':'')); + $this->setTemplateVar('dbname',$db->conf['name'].(Startup::readonly()?' ('.lang('readonly').')':'')); $this->setTemplateVar('dbid' ,$db->id); $this->setTemplateVar('username' ,$user->name ); diff --git a/modules/util/Html.class.php b/modules/util/Html.class.php @@ -72,7 +72,7 @@ class Html $params[session_name()] = session_id(); if (config('security', 'use_post_token')) - $params['token'] = token(); + $params['token'] = Session::token(); $fake_urls = $conf['interface']['url']['fake_url']; $url_format = $conf['interface']['url']['url_format']; diff --git a/modules/util/Session.class.php b/modules/util/Session.class.php @@ -113,6 +113,10 @@ class Session { session_write_close(); } + + + public static function token() { + return substr(session_id(), -10); + } } -?>- \ No newline at end of file