commit 9ffa81c3328dd4331295d7a106dea7249e1b73fc
parent 97c1ee30d57f391fa98138fdc2416b3caa64ab56
Author: Jan Dankert <develop@jandankert.de>
Date: Sat, 26 Sep 2020 03:03:47 +0200
Refactoring: less global functions.
Diffstat:
16 files changed, 78 insertions(+), 214 deletions(-)
diff --git a/modules/cms/Dispatcher.class.php b/modules/cms/Dispatcher.class.php
@@ -114,10 +114,10 @@ class Dispatcher
Logger::trace('Output' . "\n" . print_r($result, true));
// Weitere Variablen anreichern.
- $result['session'] = array('name' => session_name(), 'id' => session_id(), 'token' => token());
+ $result['session'] = array('name' => session_name(), 'id' => session_id(), 'token' => Session::token());
$result['version'] = OR_VERSION;
$result['api'] = '2';
- $result['output']['_token'] = token();
+ $result['output']['_token'] = Session::token();
$result['output']['_id' ] = $this->request->id;
@@ -159,8 +159,8 @@ class Dispatcher
private function checkPostToken()
{
global $REQ;
- if (config('security', 'use_post_token') && $_SERVER['REQUEST_METHOD'] == 'POST' && @$REQ[REQ_PARAM_TOKEN] != token()) {
- Logger::error('Token mismatch: Needed ' . token() . ' but got ' . Logger::sanitizeInput(@$REQ[REQ_PARAM_TOKEN]) . '. Maybe an attacker?');
+ if (config('security', 'use_post_token') && $_SERVER['REQUEST_METHOD'] == 'POST' && @$REQ[REQ_PARAM_TOKEN] != Session::token()) {
+ Logger::error('Token mismatch: Needed ' . Session::token() . ' but got ' . Logger::sanitizeInput(@$REQ[REQ_PARAM_TOKEN]) . '. Maybe an attacker?');
throw new SecurityException("Token mismatch");
}
}
diff --git a/modules/cms/action/LoginAction.class.php b/modules/cms/action/LoginAction.class.php
@@ -9,6 +9,7 @@ use cms\model\User;
use cms\model\Group;
+use util\FileUtils;
use util\Http;
use cms\auth\InternalAuth;
use logger\Logger;
@@ -530,7 +531,7 @@ class LoginAction extends BaseAction
$server = Http::getServer();
Logger::debug("Redirecting to $server");
- header('Location: '.slashify($server) );
+ header('Location: '.FileUtils::slashify($server) );
exit();
}
diff --git a/modules/cms/action/ProjectAction.class.php b/modules/cms/action/ProjectAction.class.php
@@ -6,6 +6,7 @@ use cms\model\Project;
use cms\model\Folder;
use language\Messages;
use logger\Logger;
+use util\FileUtils;
// OpenRat Content Management System
// Copyright (C) 2002-2012 Jan Dankert, cms@jandankert.de
@@ -257,7 +258,7 @@ class ProjectAction extends BaseAction
if ( ! $syncConf['enabled'] )
return;
- $syncDir = slashify($syncConf['directory']).$this->project->name;
+ $syncDir = FileUtils::slashify($syncConf['directory']).$this->project->name;
}
diff --git a/modules/cms/api/API.class.php b/modules/cms/api/API.class.php
@@ -12,6 +12,7 @@ use ObjectNotFoundException;
use util\exception\UIException;
use util\exception\SecurityException;
use util\json\JSON;
+use util\Session;
use util\XML;
define('CMS_API_REQ_PARAM_SUBACTION', 'subaction');
@@ -71,7 +72,7 @@ class API
Logger::trace('Output' . "\n" . print_r($data, true));
// Weitere Variablen anreichern.
- $data['session'] = array('name' => session_name(), 'id' => session_id(), 'token' => token());
+ $data['session'] = array('name' => session_name(), 'id' => session_id(), 'token' => Session::token());
$data['version'] = OR_VERSION;
$data['api'] = '2';
diff --git a/modules/cms/auth/OpenIdAuth.class.php b/modules/cms/auth/OpenIdAuth.class.php
@@ -7,6 +7,7 @@ use logger\Logger;
use OpenId;
use Parameter;
use unknown;
+use util\FileUtils;
use util\Http;
@@ -218,8 +219,8 @@ class OpenIdAuth implements Auth
if (empty($trustRoot))
$trustRoot = $server;
- $redirHttp->requestParameter['openid.trust_root'] = slashify($trustRoot);
- $redirHttp->requestParameter['openid.return_to'] = slashify($server) . 'openid.' . PHP_EXT;
+ $redirHttp->requestParameter['openid.trust_root'] = FileUtils::slashify($trustRoot);
+ $redirHttp->requestParameter['openid.return_to'] = FileUtils::slashify($server) . 'openid.' . PHP_EXT;
//$redirHttp->requestParameter['openid.realm' ] = slashify($server).'openid.'.PHP_EXT;
$redirHttp->requestParameter['openid.assoc_handle'] = $this->handle;
diff --git a/modules/cms/base/Common.class.php b/modules/cms/base/Common.class.php
@@ -1,150 +0,0 @@
-<?php
-
-
-use cms\base\DB;
-use util\Session;
-
-class Common
-{
-
- public static function registerFunctions()
- {
-
- /**
- * F�gt einen Slash ("/") an das Ende an, sofern nicht bereits vorhanden.
- *
- * @param String $pfad
- * @return Pfad mit angeh�ngtem Slash.
- */
- function slashify($pfad)
- {
- if (substr($pfad, -1, 1) == '/')
- return $pfad;
- else
- return $pfad . '/';
- }
-
- function convertToXmlAttribute($value)
- {
- return utf8_encode(htmlspecialchars($value));
- }
-
-
- /**
- * Ermittelt die aktuelle Systemzeit als Unix-Timestamp.<br>
- * Unix-Timestamp ist immer bezogen auf GMT.
- * -
- * @return Unix-Timestamp der aktuellen Zeit
- */
- function now()
- {
- return time();
- }
-
-
- /**
- * Erzeugt f�r eine Zahl eine Schreibweise mit Vorzeichen.<br>
- * '-2' bleibt '-2'<br>
- * '2' wird zu '+2'<br>
- */
- function vorzeichen($nr)
- {
- return intval($nr) < 0 ? $nr : '+' . $nr;
- }
-
-
- /**
- * Stellt fest, ob das System in einem schreibgeschuetzten Zustand ist.
- *
- * @return boolean true, falls schreibgeschuetzt, sonst false
- */
- function readonly()
- {
- // Gesamtes CMS ist readonly.
- if (config('security', 'readonly'))
- return true;
-
- // Aktuelle Datenbankverbindung ist readonly.
- $db = DB::get();
- if (isset($db->conf['readonly']) && $db->conf['readonly'])
- return true;
-
- return false;
- }
-
-
- /**
- * Generiert aus der Session-Id einen Token.
- * @return Token
- */
- function token()
- {
- return substr(session_id(), -10);
- }
-
-
- /**
- * Ermittelt, ob der Wert 'true' oder 'false' entspricht.
- *
- * Anders als beim PHP-Cast auf boolean wird hier auch die
- * Zeichenkette 'true' als wahr betrachtet.
- *
- * @param val mixed
- * @return boolean
- */
- function istrue($val)
- {
- if (is_bool($val))
- return $val;
- elseif (is_numeric($val))
- return $val != 0;
- elseif (is_string($val))
- return $val == 'true' || $val == 'yes' || $val == '1';
- else
- return false;
- }
-
-
- /**
- * Erzeugt einen Link auf die OpenRat-lokale CSS-Datei
- * @param $name Name der Style-Konfiguration. Default: 'default'.
- */
- function css_link($name = 'default')
- {
- global $conf;
-
- // Falls Style-Konfiguration unbekannt, dann Fallback auf default.
- if (!isset($conf['style'][$name]))
- $name = $conf['interface']['style']['default'];
-
-
- return encode_array($conf['style'][$name]);
- }
-
-
- /**
- * Encodiert ein Array für eine URL.
- *
- * @param $args URL-Parameter
- */
- function encode_array($args)
- {
- if (!is_array($args))
- return '';
-
- $out = array();
-
- foreach ($args as $name => $value)
- $out[] = $name . '=' . urlencode($value);
-
- return implode('&', $out);
- }
-
-
- function not($var)
- {
- return !$var;
- }
- }
-
-}-
\ No newline at end of file
diff --git a/modules/cms/base/Language.class.php b/modules/cms/base/Language.class.php
@@ -65,22 +65,6 @@ class Language
}
- /**
- * Diese Funktion stellt ein Wort in der eingestellten
- * Sprache zur Verfuegung. Sonderzeichen werden als HTML maskiert.
- *
- * @param $key
- * @return unknown_type
- * @package openrat.functions
- * @var String Name der Sprachvariablen
- * @var Array Liste (Assoziatives Array) von Variablen
- *
- */
- function langHtml($key, $vars = array())
- {
-
- return encodeHtml(lang($key, $vars));
- }
/**
* Ersetzt alle Zeichen mit dem Ordinalwert > 127 mit einer HTML-Maskierung.
@@ -157,21 +141,5 @@ class Language
}
- /**
- * Diese Funktion prueft, ob ein Sprachelement vorhanden ist
- *
- * @var String Name der Sprachvariablen
- *
- * @package openrat.functions
- */
- function hasLang($text)
- {
- $text = strtoupper($text);
-
- global $conf;
- $lang = $conf['language'];
-
- return isset($lang[$text]);
- }
}
}
\ No newline at end of file
diff --git a/modules/cms/base/Startup.class.php b/modules/cms/base/Startup.class.php
@@ -37,10 +37,8 @@ class Startup {
self::createRequest();
require __DIR__.'/Language.class.php';
- require __DIR__.'/Common.class.php';
require __DIR__.'/Configuration.class.php';
\Language::registerFunctions();
- \Common::registerFunctions();
\Configuration::registerFunctions();
}
@@ -150,4 +148,38 @@ class Startup {
global $REQ;
$REQ = array_merge($_GET, $_POST);
}
+
+
+ /**
+ * Stellt fest, ob das System in einem schreibgeschuetzten Zustand ist.
+ *
+ * @return boolean true, falls schreibgeschuetzt, sonst false
+ */
+ public static function readonly() {
+
+ // Gesamtes CMS ist readonly.
+ if (config('security', 'readonly'))
+ return true;
+
+ // Aktuelle Datenbankverbindung ist readonly.
+ $db = DB::get();
+ if (isset($db->conf['readonly']) && $db->conf['readonly'])
+ return true;
+
+ return false;
+ }
+
+
+ /**
+ * Ermittelt die aktuelle Systemzeit als Unix-Timestamp.<br>
+ * Unix-Timestamp ist immer bezogen auf GMT.
+ * -
+ * @return Unix-Timestamp der aktuellen Zeit
+ */
+ function now()
+ {
+ return time();
+ }
+
+
}
diff --git a/modules/cms/macros/macro/LastChanges.class.php b/modules/cms/macros/macro/LastChanges.class.php
@@ -86,8 +86,8 @@ class LastChanges extends Macro
if ($o['objectid'] == $this->getObjectId() )
continue;
- if ( ($o['typeid']==BaseObject::TYPEID_PAGE && istrue($this->showPages)) ||
- ($o['typeid']==BaseObject::TYPEID_LINK && istrue($this->showLinks)) ) // Nur wenn gewünschter Typ
+ if ( ($o['typeid']==BaseObject::TYPEID_PAGE && self::isTrue($this->showPages)) ||
+ ($o['typeid']==BaseObject::TYPEID_LINK && self::isTrue($this->showLinks)) ) // Nur wenn gewünschter Typ
{
if ( $o['typeid']==BaseObject::TYPEID_LINK ) {
$l = new Link( $o['objectid'] );
@@ -134,7 +134,7 @@ class LastChanges extends Macro
$desc = $value->getCache()->get();
- if ( istrue($this->plaintext) )
+ if ( self::isTrue($this->plaintext) )
{
$desc = strip_tags($desc);
// Und nur wenn die Tags raus sind duerfen wir nun den Text kuerzen.
@@ -157,7 +157,7 @@ class LastChanges extends Macro
$this->output('<div class="'.$this->css_class.'">');
- if ( istrue($this->linktitle) )
+ if ( self::isTrue($this->linktitle) )
{
$url = $this->pathToObject($o['objectid']);
$this->output( '<a href="'.$url.'"><div>' );
@@ -174,7 +174,7 @@ class LastChanges extends Macro
$this->output( $desc );
$this->output( '</p>' );
- if ( istrue($this->linktitle) )
+ if ( self::isTrue($this->linktitle) )
{
$this->output( '</div></a>' );
}
@@ -183,4 +183,8 @@ class LastChanges extends Macro
}
}
}
+
+ public static function isTrue( $value ) {
+ return filter_var( $value,FILTER_VALIDATE_BOOLEAN);
+ }
}
\ No newline at end of file
diff --git a/modules/cms/macros/macro/TeaserList.class.php b/modules/cms/macros/macro/TeaserList.class.php
@@ -84,7 +84,7 @@ class TeaserList extends Macro
$desc = $value->getCache()->get();
- if ( istrue($this->plaintext) )
+ if ( filter_var($this->plaintext,FILTER_VALIDATE_BOOLEAN) )
{
$desc = strip_tags($desc);
// Und nur wenn die Tags raus sind duerfen wir nun den Text kuerzen.
@@ -110,14 +110,14 @@ class TeaserList extends Macro
$url = $this->pathToObject($o->objectid);
$this->output( '<'.$this->title_html_tag.' class="'.$this->title_css_class.'">');
- if ( istrue($this->linktitle) )
+ if ( filter_var($this->linktitle,FILTER_VALIDATE_BOOLEAN))
$this->output( '<a href="'.$url.'">'.$p->name.'</a>' );
else
$this->output( $p->name );
$this->output( '</'.$this->title_html_tag.'>' );
$this->output( '<p class="'.$this->description_css_class.'">' );
- if ( istrue($this->linktext) )
+ if ( filter_var($this->linktext,FILTER_VALIDATE_BOOLEAN) )
$this->output( '<a href="'.$this->pathToObject($o->objectid).'">'.$desc.'</a>' );
else
$this->output( $desc );
diff --git a/modules/cms/model/BaseObject.class.php b/modules/cms/model/BaseObject.class.php
@@ -4,6 +4,7 @@
namespace cms\model;
use cms\base\DB as Db;
+use cms\base\Startup;
use util\ArrayUtils;
use cms\generator\Publish;
use phpseclib\Math\BigInteger;
@@ -358,7 +359,7 @@ SQL
}
}
- if ( readonly() )
+ if ( Startup::readonly() )
// System ist im Nur-Lese-Zustand
$this->aclMask = Acl::ACL_READ && $this->aclMask;
@@ -884,7 +885,7 @@ SQL
$user = \util\Session::getUser();
$this->lastchangeUser = $user;
- $this->lastchangeDate = now();
+ $this->lastchangeDate = Startup::now();
$stmt->setInt ('time' , $this->lastchangeDate );
$stmt->setInt ('userid' , $this->lastchangeUser->userid );
$stmt->setString('filename' , $this->filename );
@@ -915,7 +916,7 @@ SQL
$user = \util\Session::getUser();
$this->lastchangeUser = $user;
- $this->lastchangeDate = now();
+ $this->lastchangeDate = Startup::now();
$sql->setInt ('userid' ,$this->lastchangeUser->userid );
$sql->setInt ('objectid',$this->objectid );
@@ -952,7 +953,7 @@ SQL
$user = \util\Session::getUser();
$this->publishedUser = $user;
- $this->publishedDate = now();
+ $this->publishedDate = Startup::now();
$sql->setInt ('userid' ,$this->publishedUser->userid );
$sql->setInt ('objectid',$this->objectid );
@@ -1103,10 +1104,10 @@ SQL
$sql->setString('filename' , $this->filename );
$sql->setString('projectid', $this->projectid);
$sql->setInt ('orderid' , 99999 );
- $sql->setInt ('time' , now() );
+ $sql->setInt ('time' , Startup::now() );
$user = \util\Session::getUser();
$sql->setInt ('createuserid' , $user->userid );
- $sql->setInt ('createtime' , now() );
+ $sql->setInt ('createtime' , Startup::now() );
$user = \util\Session::getUser();
$sql->setInt ('userid' , $user->userid );
diff --git a/modules/cms/model/Project.class.php b/modules/cms/model/Project.class.php
@@ -4,6 +4,7 @@ namespace cms\model;
use cms\base\DB;
use database\Database;
+use util\FileUtils;
use util\Session;
@@ -558,7 +559,7 @@ EOF
if ( ! $syncConf['enabled'] )
return;
- $syncDir = slashify($syncConf['directory']).$this->name;
+ $syncDir = FileUtils::slashify($syncConf['directory']).$this->name;
}
diff --git a/modules/cms/model/Value.class.php b/modules/cms/model/Value.class.php
@@ -1,6 +1,7 @@
<?php
namespace cms\model;
use cms\base\DB;
+use cms\base\Startup;
use util\ArrayUtils;
use cms\generator\Publish;
use cms\macros\MacroRunner;
@@ -461,7 +462,7 @@ SQL
else $sql->setInt ( 'date',$this->date );
$sql->setBoolean( 'publish' ,$this->publish );
- $sql->setInt ( 'lastchange_date' ,now() );
+ $sql->setInt ( 'lastchange_date' ,Startup::now() );
$user = \util\Session::getUser();
$sql->setInt ( 'lastchange_userid',$user->userid );
diff --git a/modules/cms/ui/action/TitleAction.class.php b/modules/cms/ui/action/TitleAction.class.php
@@ -3,6 +3,7 @@
namespace cms\action;
use cms\base\DB;
+use cms\base\Startup;
use cms\model\Project;
use cms\model\BaseObject;
use cms\model\Language;
@@ -57,7 +58,7 @@ class TitleAction extends Action
$this->setTemplateVar('isLoggedIn',true );
$db = DB::get();
- $this->setTemplateVar('dbname',$db->conf['name'].(readonly()?' ('.lang('readonly').')':''));
+ $this->setTemplateVar('dbname',$db->conf['name'].(Startup::readonly()?' ('.lang('readonly').')':''));
$this->setTemplateVar('dbid' ,$db->id);
$this->setTemplateVar('username' ,$user->name );
diff --git a/modules/util/Html.class.php b/modules/util/Html.class.php
@@ -72,7 +72,7 @@ class Html
$params[session_name()] = session_id();
if (config('security', 'use_post_token'))
- $params['token'] = token();
+ $params['token'] = Session::token();
$fake_urls = $conf['interface']['url']['fake_url'];
$url_format = $conf['interface']['url']['url_format'];
diff --git a/modules/util/Session.class.php b/modules/util/Session.class.php
@@ -113,6 +113,10 @@ class Session
{
session_write_close();
}
+
+
+ public static function token() {
+ return substr(session_id(), -10);
+ }
}
-?>-
\ No newline at end of file