diff options
Diffstat (limited to 'phpBB/includes/core')
| -rw-r--r-- | phpBB/includes/core/bootstrap.php | 100 | ||||
| -rw-r--r-- | phpBB/includes/core/core.php | 440 | ||||
| -rw-r--r-- | phpBB/includes/core/request.php | 562 | ||||
| -rw-r--r-- | phpBB/includes/core/security.php | 300 | ||||
| -rw-r--r-- | phpBB/includes/core/system.php | 213 | ||||
| -rw-r--r-- | phpBB/includes/core/system_info.php | 376 | ||||
| -rw-r--r-- | phpBB/includes/core/url.php | 740 |
7 files changed, 0 insertions, 2731 deletions
diff --git a/phpBB/includes/core/bootstrap.php b/phpBB/includes/core/bootstrap.php deleted file mode 100644 index f44b48c7db..0000000000 --- a/phpBB/includes/core/bootstrap.php +++ /dev/null @@ -1,100 +0,0 @@ -<?php -/** -* -* @package core -* @version $Id$ -* @copyright (c) 2008 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License -* -* Within this file only the framework with all components but no phpBB-specific things will be loaded -*/ - -/** -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - -$starttime = explode(' ', microtime()); -$starttime = $starttime[1] + $starttime[0]; - -// Report all errors, except notices -error_reporting(E_ALL | E_STRICT); // ^ E_NOTICE -date_default_timezone_set('UTC'); - -// Initialize some standard variables, constants and classes we need -require_once PHPBB_ROOT_PATH . 'includes/core/core.' . PHP_EXT; -require_once PHPBB_ROOT_PATH . 'plugins/bootstrap.' . PHP_EXT; - -// Define STRIP if it is not already defined -if (!defined('STRIP')) -{ - // If we are on PHP >= 6.0.0 we do not need some code - if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) - { - /** - * @ignore - */ - define('STRIP', false); - } - else - { - @set_magic_quotes_runtime(0); - - // We do not allow register globals set - if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) - { - die('phpBB will not work with register globals turned on. Please turn register globals off.'); - } - - define('STRIP', (@get_magic_quotes_gpc()) ? true : false); - } -} - -// we check for the cron script and change the root path -if (defined('IN_CRON')) -{ - @define('PHPBB_ROOT_PATH', dirname(__FILE__) . DIRECTORY_SEPARATOR); -} - -// Set some default configuration parameter if the config file does not exist -if (!file_exists(PHPBB_ROOT_PATH . 'config.' . PHP_EXT)) -{ - // phpbb::$base_config['config_set'] = false - // This allows common.php or an installation script to do specific actions if the configuration is missing -} -else -{ - require PHPBB_ROOT_PATH . 'config.' . PHP_EXT; -} - -// Register autoload function -spl_autoload_register('__phpbb_autoload'); - -// Set error handler before a real one is there -set_error_handler(array('phpbb', 'error_handler')); - -// Add constants -include_once PHPBB_ROOT_PATH . 'includes/constants.' . PHP_EXT; - -// Add global functions -// @todo remove functions_content, trim down functions.php -require_once PHPBB_ROOT_PATH . 'includes/functions.' . PHP_EXT; -require_once PHPBB_ROOT_PATH . 'includes/functions_content.' . PHP_EXT; - -// Add UTF8 tools -require_once PHPBB_ROOT_PATH . 'includes/utf/utf_tools.' . PHP_EXT; - -// Add pre-defined system core files -require_once PHPBB_ROOT_PATH . 'includes/core/request.' . PHP_EXT; - -phpbb::register('security', false, 'core/security'); -phpbb::register('url', false, 'core/url'); -phpbb::register('system', false, 'core/system'); -phpbb::register('server-vars', 'phpbb_system_info', 'core/system_info'); - -// Make plugins structure available -phpbb::register('plugins'); - -?>
\ No newline at end of file diff --git a/phpBB/includes/core/core.php b/phpBB/includes/core/core.php deleted file mode 100644 index 2b2c4bea13..0000000000 --- a/phpBB/includes/core/core.php +++ /dev/null @@ -1,440 +0,0 @@ -<?php -/** -* -* @package core -* @version $Id$ -* @copyright (c) 2008 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License -* -*/ - -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit(); -} - -/** -* phpBB abstract class -* -* @package core -* @author acydburn -*/ -abstract class phpbb -{ - /** - * The phpBB template object - */ - public static $template = NULL; - - /** - * The phpBB user object - */ - public static $user = NULL; - - /** - * The phpBB database object - */ - public static $db = NULL; - - /** - * The phpBB cache system object - */ - public static $acm = NULL; - - /** - * The phpBB permission object - */ - public static $acl = NULL; - - /** - * The phpBB plugins object - */ - public static $plugins = NULL; - - /** - * The phpBB core url object - * Responsible for handling URL-related tasks as well as redirects, etc. - */ - public static $url = NULL; - - /** - * The phpBB core security object. - * Responsible for handling security-related tasks, for example password handling, random number generation... - */ - public static $security = NULL; - - /** - * The phpBB core system object - * Responsible for handling file/server tasks. - */ - public static $system = NULL; - - /** - * The phpBB API object - */ - public static $api = NULL; - - /** - * @var array The phpBB configuration array - */ - public static $config = array(); - - /** - * @var array The base configuration array - */ - public static $base_config = array( - 'table_prefix' => 'phpbb_', - 'admin_folder' => 'adm', - 'acm_type' => 'file', - - 'config_set' => false, - 'extensions_set' => false, - - 'memory_usage' => 0, - - 'debug' => false, - 'debug_extra' => false, - 'installed' => false, - ); - - /** - * @var array Last notice occurred in message handler - */ - public static $last_notice = array( - 'file' => '', - 'line' => 0, - 'message' => '', - 'errno' => E_NOTICE, - ); - - /**#@+ - * Permission constant - */ - const ACL_NEVER = 0; - const ACL_YES = 1; - const ACL_NO = -1; - /**#@-*/ - - /**#@+ - * Global constant for {@link phpbb::$system->chmod()} - */ - const CHMOD_ALL = 7; - const CHMOD_READ = 4; - const CHMOD_WRITE = 2; - const CHMOD_EXECUTE = 1; - /**#@-*/ - - /**#@+ - * Constant defining plugin mode for objects - */ - const METHOD_ADD = 1; - const METHOD_OVERRIDE = 2; - const METHOD_INJECT = 4; - /**#@-*/ - - /**#@+ - * Constant defining plugin mode for functions - */ - const FUNCTION_OVERRIDE = 1; - const FUNCTION_INJECT = 2; - /**#@-*/ - - /**#@+ - * Constant to define user level. See {@link phpbb::$user phpbb::$user} - */ - const USER_NORMAL = 0; - const USER_INACTIVE = 1; - const USER_IGNORE = 2; - const USER_FOUNDER = 3; - /**#@-*/ - - /** - * @var array a static array holding custom objects - */ - public static $instances = NULL; - - /** - * We do not want this class instantiable - */ - private function ___construct() { } - - /** - * A failover error handler to handle errors before we assign our own error handler - * - * @access public - */ - public static function error_handler($errno, $errstr, $errfile, $errline) - { - throw new ErrorException($errstr, 0, $errno, $errfile, $errline); - } - - /** - * Set base configuration - called from config.php file - */ - public static function set_config($config) - { - phpbb::$base_config = array_merge(phpbb::$base_config, $config); - phpbb::$base_config['config_set'] = true; - - if (phpbb::$base_config['debug_extra'] && function_exists('memory_get_usage')) - { - phpbb::$base_config['memory_usage'] = memory_get_usage(); - } - - // Load Extensions - if (!empty(phpbb::$base_config['extensions']) && !phpbb::$base_config['extensions_set']) - { - $load_extensions = explode(',', phpbb::$base_config['extensions']); - - foreach ($load_extensions as $extension) - { - @dl(trim($extension)); - } - - phpbb::$base_config['extensions_set'] = true; - } - } - - /** - * Get instance of static property - * - * @param string $variable The name of the instance to retrieve. - * - * @return mixed The property (object/array/...) registered with this name - * @access public - */ - public static function get_instance($variable) - { - if (!self::registered($variable)) - { - return self::register($variable); - } - - // Please do not try to change it to (expr) ? (true) : (false) - it will not work. ;) - if (property_exists('phpbb', $variable)) - { - return self::$$variable; - } - else - { - return self::$instances[$variable]; - } - } - - /** - * Check if the variable is already assigned - * - * @param string $variable The name of the instance to check - * - * @return bool True if the instance is registered, false if not. - * @access public - */ - public static function registered($variable) - { - if (property_exists('phpbb', $variable)) - { - return (self::$$variable !== NULL) ? true : false; - } - - return (isset(self::$instances[$variable]) && self::$instances[$variable] !== NULL) ? true : false; - } - - /** - * Simpler method to access assigned instances. - * (Overloading is not possible here due to the object being static and our use of PHP 5.2.x+.) - * - * @param string $variable The instance name to retrieve - * - * @return mixed The instance - * @access public - */ - public static function get($variable) - { - // No error checking done here... returned right away - return self::$instances[$variable]; - } - - /** - * Register new class/object. - * Any additional parameter will be forwarded to the class instantiation. - * - * @param string $variable The resulting instance name. - * If a property with the given name exists, it will be assigned. - * Else it will be put in the {@link $instances intances} array - * @param string $class Define a custom class name. - * This is useful if the class used does not abide to the rules (phpbb_{$class}). - * @param string|array $includes Define additional files/includes required for this class to be correctly set up. Files are expected to be in /includes/. - * @param mixed $arguments,... Any number of additional arguments passed to the constructor of the object to create - * - * @return mixed The instance of the created object - * @access public - */ - public static function register($variable, $class = false, $includes = false) - { - if (self::registered($variable)) - { - return self::get_instance($variable); - } - - $arguments = (func_num_args() > 3) ? array_slice(func_get_args(), 3) : array(); - $class = ($class === false) ? 'phpbb_' . $variable : $class; - - if ($includes !== false) - { - if (!is_array($includes)) - { - $includes = array($includes); - } - - foreach ($includes as $file) - { - require_once PHPBB_ROOT_PATH . 'includes/' . $file . '.' . PHP_EXT; - } - } - - $reflection = new ReflectionClass($class); - - if (!$reflection->isInstantiable()) - { - throw new Exception('Assigned classes need to be instantiated.'); - } - - if (!property_exists('phpbb', $variable)) - { - self::$instances[$variable] = (sizeof($arguments)) ? call_user_func_array(array($reflection, 'newInstance'), $arguments) : $reflection->newInstance(); - } - else - { - self::$$variable = (sizeof($arguments)) ? call_user_func_array(array($reflection, 'newInstance'), $arguments) : $reflection->newInstance(); - } - - return self::get_instance($variable); - } - - /** - * Instead of registering we also can assign a variable. This is helpful if we have an application builder or use a factory. - * - * @param string $variable The resulting instance name. - * If a property with the given name exists, it will be assigned. - * Else it will be put in the {@link $instances intances} array - * @param mixed $object The variable to assign to the instance - * - * @return mixed The instance - * @access public - */ - public static function assign($variable, $object) - { - if (self::registered($variable)) - { - return self::get_instance($variable); - } - - if (!property_exists('phpbb', $variable)) - { - self::$instances[$variable] = $object; - } - else - { - self::$$variable = $object; - } - - return self::get_instance($variable); - } - - /** - * Unset/unregister a specific object. - * - * @param string $variable The name of the instance to unset - * @access public - */ - public static function unregister($variable) - { - if (!self::registered($variable)) - { - return; - } - - if (!property_exists('phpbb', $variable)) - { - unset(self::$instances[$variable]); - } - else - { - self::$$variable = NULL; - } - } - - /** - * Function to return to a clean state, unregistering everything. This is helpful for unit tests if you want to return to a "clean state" - * - * @access public - */ - public static function reset() - { - $class_vars = array_keys(get_class_vars('phpbb')); - $class_vars = array_merge(array_keys(self::$instances), $class_vars); - - foreach ($class_vars as $variable) - { - self::unregister($variable); - } - } -} - -/** -* phpBB SPL Autoload Function. A phpbb_ prefix will be stripped from the class name. -* -* The files this function tries to include are: -* includes/{$class_name}/bootstrap.php -* includes/{$class_name}/index.php -* Additionally, every _ within $class_name is replaced by / for the following directories: -* includes/{$class_name}.php -* includes/classes/{$class_name}.php -* -* @param string $class_name The class name. An existing phpbb_ prefix will be removed. -*/ -function __phpbb_autoload($class_name) -{ - if (strpos($class_name, 'phpbb_') === 0) - { - $class_name = substr($class_name, 6); - } - - $class_name = basename($class_name); - - $filenames = array( - 'includes/' . $class_name . '/bootstrap', - 'includes/' . $class_name . '/index', - 'includes/' . $class_name, - 'includes/classes/' . $class_name, - ); - - if (strpos($class_name, '_') !== false) - { - $class_name = str_replace('_', '/', $class_name); - - $filenames = array_merge($filenames, array( - 'includes/' . $class_name, - 'includes/classes/' . $class_name, - )); - } - - foreach ($filenames as $filename) - { - if (file_exists(PHPBB_ROOT_PATH . $filename . '.' . PHP_EXT)) - { - include PHPBB_ROOT_PATH . $filename . '.' . PHP_EXT; - return; - } - } -} - -/* -class phpbb_exception extends Exception -{ -} -*/ -?>
\ No newline at end of file diff --git a/phpBB/includes/core/request.php b/phpBB/includes/core/request.php deleted file mode 100644 index 7f3f158dc0..0000000000 --- a/phpBB/includes/core/request.php +++ /dev/null @@ -1,562 +0,0 @@ -<?php -/** -* -* @package core -* @version $Id$ -* @copyright (c) 2008 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License -* -*/ - -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - -/** -* Replacement for a superglobal (like $_GET or $_POST) which calls -* trigger_error on any operation, overloads the [] operator using SPL. -* -* @package core -* @author naderman -*/ -class deactivated_super_global implements ArrayAccess, Countable, IteratorAggregate -{ - /** - * @var string Holds the error message - */ - private $message; - - /** - * Constructor generates an error message fitting the super global to be used within the other functions. - * - * @param string $name Name of the super global this is a replacement for - e.g. '_GET' - */ - public function __construct($name) - { - $this->message = 'Illegal use of $' . $name . '. You must use the request class or request_var() to access input data. Found in %s on line %d. This error message was generated'; - } - - /** - * Calls trigger_error with the file and line number the super global was used in - * - * @access private - */ - private function error() - { - $file = ''; - $line = 0; - - $backtrace = debug_backtrace(); - if (isset($backtrace[1])) - { - $file = $backtrace[1]['file']; - $line = $backtrace[1]['line']; - } - trigger_error(sprintf($this->message, $file, $line), E_USER_ERROR); - } - - /**#@+ - * Part of the ArrayAccess implementation, will always result in a FATAL error - * - * @access public - */ - public function offsetExists($offset) - { - $this->error(); - } - - public function offsetGet($offset) - { - $this->error(); - } - - public function offsetSet($offset, $value) - { - $this->error(); - } - - public function offsetUnset($offset) - { - $this->error(); - } - /**#@-*/ - - /** - * Part of the Countable implementation, will always result in a FATAL error - * - * @access public - */ - public function count() - { - $this->error(); - } - - /** - * Part of the Traversable/IteratorAggregate implementation, will always result in a FATAL error - * - * @access public - */ - public function getIterator() - { - $this->error(); - } -} - -/** -* All application input is accessed through this class. -* -* It provides a method to disable access to input data through super globals. -* This should force MOD authors to read about data validation. -* -* @package core -* @author naderman -*/ -class phpbb_request -{ - /**#@+ - * Constant defining the super global - */ - const POST = 0; - const GET = 1; - const REQUEST = 2; - const COOKIE = 3; - /**#@-*/ - - /** - * @var - */ - protected static $initialised = false; - - /** - * @var - */ - protected static $super_globals_disabled = false; - - /** - * @var array The names of super global variables that this class should protect if super globals are disabled - */ - protected static $super_globals = array(phpbb_request::POST => '_POST', phpbb_request::GET => '_GET', phpbb_request::REQUEST => '_REQUEST', phpbb_request::COOKIE => '_COOKIE'); - - /** - * @var array An associative array that has the value of super global constants as keys and holds their data as values. - */ - protected static $input; - - /** - * Initialises the request class, that means it stores all input data in {@link $input self::$input} - * - * @access public - */ - public static function init() - { - if (!self::$initialised) - { - foreach (self::$super_globals as $const => $super_global) - { - if ($const == phpbb_request::REQUEST) - { - continue; - } - - self::$input[$const] = isset($GLOBALS[$super_global]) ? $GLOBALS[$super_global] : array(); - } - - // @todo far away from ideal... just a quick hack to let request_var() work again. The problem is that $GLOBALS['_REQUEST'] no longer exist. - self::$input[phpbb_request::REQUEST] = array_merge(self::$input[phpbb_request::POST], self::$input[phpbb_request::GET]); - - self::$initialised = true; - } - } - - /** - * Resets the request class. - * This will simply forget about all input data and read it again from the - * super globals, if super globals were disabled, all data will be gone. - * - * @access public - */ - public static function reset() - { - self::$input = array(); - self::$initialised = false; - self::$super_globals_disabled = false; - } - - /** - * Getter for $super_globals_disabled - * - * @return bool Whether super globals are disabled or not. - * @access public - */ - public static function super_globals_disabled() - { - return self::$super_globals_disabled; - } - - /** - * Disables access of super globals specified in $super_globals. - * This is achieved by overwriting the super globals with instances of {@link deactivated_super_global deactivated_super_global} - * - * @access public - */ - public static function disable_super_globals() - { - if (!self::$initialised) - { - self::init(); - } - - foreach (self::$super_globals as $const => $super_global) - { - unset($GLOBALS[$super_global]); - $GLOBALS[$super_global] = new deactivated_super_global($super_global); - } - - self::$super_globals_disabled = true; - } - - /** - * Enables access of super globals specified in $super_globals if they were disabled by {@link disable_super_globals disable_super_globals}. - * This is achieved by making the super globals point to the data stored within this class in {@link $input input}. - * - * @access public - */ - public static function enable_super_globals() - { - if (!self::$initialised) - { - self::init(); - } - - if (self::$super_globals_disabled) - { - foreach (self::$super_globals as $const => $super_global) - { - $GLOBALS[$super_global] = self::$input[$const]; - } - - self::$super_globals_disabled = false; - } - } - - /** - * Recursively applies addslashes to a variable. - * - * @param mixed &$var Variable passed by reference to which slashes will be added. - * @access protected - */ - protected static function addslashes_recursively(&$var) - { - if (is_string($var)) - { - $var = addslashes($var); - } - else if (is_array($var)) - { - $var_copy = $var; - foreach ($var_copy as $key => $value) - { - if (is_string($key)) - { - $key = addslashes($key); - } - self::addslashes_recursively($var[$key]); - } - } - } - - /** - * This function allows overwriting or setting a value in one of the super global arrays. - * - * Changes which are performed on the super globals directly will not have any effect on the results of - * other methods this class provides. Using this function should be avoided if possible! It will - * consume twice the the amount of memory of the value - * - * @param string $var_name The name of the variable that shall be overwritten - * @param mixed $value The value which the variable shall contain. - * If this is null the variable will be unset. - * @param phpbb_request::POST|phpbb_request::GET|phpbb_request::REQUEST|phpbb_request::COOKIE $super_global Specifies which super global shall be changed - * - * @access public - */ - public static function overwrite($var_name, $value, $super_global = phpbb_request::REQUEST) - { - if (!self::$initialised) - { - self::init(); - } - - if (!isset(self::$super_globals[$super_global])) - { - return; - } - - if (STRIP) - { - self::addslashes_recursively($value); - } - - // setting to null means unsetting - if ($value === null) - { - unset(self::$input[$super_global][$var_name]); - if (!self::super_globals_disabled()) - { - unset($GLOBALS[self::$super_globals[$super_global]][$var_name]); - } - } - else - { - self::$input[$super_global][$var_name] = $value; - if (!self::super_globals_disabled()) - { - $GLOBALS[self::$super_globals[$super_global]][$var_name] = $value; - } - } - - if (!self::super_globals_disabled()) - { - unset($GLOBALS[self::$super_globals[$super_global]][$var_name]); - $GLOBALS[self::$super_globals[$super_global]][$var_name] = $value; - } - } - - /** - * Set variable $result. Used by {@link request_var() the request_var function} - * - * @param mixed &$result The variable to fill - * @param mixed $var The contents to fill with - * @param mixed $type The variable type. Will be used with {@link settype()} - * @param bool $multibyte Indicates whether string values may contain UTF-8 characters. - * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks. - * - * @access public - */ - public static function set_var(&$result, $var, $type, $multibyte = false) - { - settype($var, $type); - $result = $var; - - if ($type == 'string') - { - $result = trim(utf8_htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result))); - - if (!empty($result)) - { - // Make sure multibyte characters are wellformed - if ($multibyte) - { - if (!preg_match('/^./u', $result)) - { - $result = ''; - } - } - else - { - // no multibyte, allow only ASCII (0-127) - $result = preg_replace('/[\x80-\xFF]/', '?', $result); - } - } - - $result = (STRIP) ? stripslashes($result) : $result; - } - } - - /** - * Recursively sets a variable to a given type using {@link set_var() set_var} - * This function is only used from within {@link phpbb_request::variable phpbb_request::variable}. - * - * @param string $var The value which shall be sanitised (passed by reference). - * @param mixed $default Specifies the type $var shall have. - * If it is an array and $var is not one, then an empty array is returned. - * Otherwise var is cast to the same type, and if $default is an array all keys and values are cast recursively using this function too. - * @param bool $multibyte Indicates whether string values may contain UTF-8 characters. - * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks. - * - * @access protected - */ - protected static function recursive_set_var(&$var, $default, $multibyte) - { - if (is_array($var) !== is_array($default)) - { - $var = (is_array($default)) ? array() : $default; - return; - } - - if (!is_array($default)) - { - $type = gettype($default); - self::set_var($var, $var, $type, $multibyte); - } - else - { - // make sure there is at least one key/value pair to use get the - // types from - if (!sizeof($default)) - { - $var = array(); - return; - } - - list($default_key, $default_value) = each($default); - $value_type = gettype($default_value); - $key_type = gettype($default_key); - - $_var = $var; - $var = array(); - - foreach ($_var as $k => $v) - { - self::set_var($k, $k, $key_type, $multibyte); - - self::recursive_set_var($v, $default_value, $multibyte); - self::set_var($var[$k], $v, $value_type, $multibyte); - } - } - } - - /** - * Central type safe input handling function. - * All variables in GET or POST requests should be retrieved through this function to maximise security. - * - * @param string|array $var_name The form variable's name from which data shall be retrieved. - * If the value is an array this may be an array of indizes which will give - * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") - * then specifying array("var", 1) as the name will return "a". - * @param mixed $default A default value that is returned if the variable was not set. - * This function will always return a value of the same type as the default. - * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters - * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks - * @param phpbb_request::POST|phpbb_request::GET|phpbb_request::REQUEST|phpbb_request::COOKIE $super_global Specifies which super global should be used - * - * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the - * the same as that of $default. If the variable is not set $default is returned. - * @access public - */ - public static function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request::REQUEST) - { - $path = false; - - if (!self::$initialised) - { - self::init(); - } - - // deep direct access to multi dimensional arrays - if (is_array($var_name)) - { - $path = $var_name; - // make sure at least the variable name is specified - if (!sizeof($path)) - { - return (is_array($default)) ? array() : $default; - } - // the variable name is the first element on the path - $var_name = array_shift($path); - } - - if (!isset(self::$input[$super_global][$var_name])) - { - return (is_array($default)) ? array() : $default; - } - $var = self::$input[$super_global][$var_name]; - - // make sure cookie does not overwrite get/post - if ($super_global != phpbb_request::COOKIE && isset(self::$input[phpbb_request::COOKIE][$var_name])) - { - if (!isset(self::$input[phpbb_request::GET][$var_name]) && !isset(self::$input[phpbb_request::POST][$var_name])) - { - return (is_array($default)) ? array() : $default; - } - $var = isset(self::$input[phpbb_request::POST][$var_name]) ? self::$input[phpbb_request::POST][$var_name] : self::$input[phpbb_request::GET][$var_name]; - } - - if ($path) - { - // walk through the array structure and find the element we are looking for - foreach ($path as $key) - { - if (is_array($var) && isset($var[$key])) - { - $var = $var[$key]; - } - else - { - return (is_array($default)) ? array() : $default; - } - } - } - - self::recursive_set_var($var, $default, $multibyte); - - return $var; - } - - /** - * Checks whether a certain variable was sent via POST. - * To make sure that a request was sent using POST you should call this function - * on at least one variable. - * - * @param string $name The name of the form variable which should have a - * _p suffix to indicate the check in the code that creates the form too. - * - * @return bool True if the variable was set in a POST request, false otherwise. - * @access public - */ - public static function is_set_post($name) - { - return self::is_set($name, phpbb_request::POST); - } - - /** - * Checks whether a certain variable is set in one of the super global - * arrays. - * - * @param string $var Name of the variable - * @param phpbb_request::POST|phpbb_request::GET|phpbb_request::REQUEST|phpbb_request::COOKIE $super_global - * Specifies the super global which shall be checked - * - * @return bool True if the variable was sent as input - * @access public - */ - public static function is_set($var, $super_global = phpbb_request::REQUEST) - { - if (!self::$initialised) - { - self::init(); - } - - return isset(self::$input[$super_global][$var]); - } - - /** - * Returns all variable names for a given super global - * - * @param phpbb_request::POST|phpbb_request::GET|phpbb_request::REQUEST|phpbb_request::COOKIE $super_global - * The super global from which names shall be taken - * - * @return array All variable names that are set for the super global. - * Pay attention when using these, they are unsanitised! - * @access public - */ - public static function variable_names($super_global = phpbb_request::REQUEST) - { - if (!self::$initialised) - { - self::init(); - } - - if (!isset(self::$input[$super_global])) - { - return array(); - } - - return array_keys(self::$input[$super_global]); - } -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/core/security.php b/phpBB/includes/core/security.php deleted file mode 100644 index f5aca65e8d..0000000000 --- a/phpBB/includes/core/security.php +++ /dev/null @@ -1,300 +0,0 @@ -<?php -/** -* -* @package core -* @version $Id$ -* @copyright (c) 2008 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License -* -*/ - -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit(); -} -/** -* Class for generating random numbers, unique ids, unique keys, seeds, hashes... -* @package core -*/ -class phpbb_security extends phpbb_plugin_support -{ - /** - * @var array required phpBB objects - */ - public $phpbb_required = array(); - - /** - * @var array Optional phpBB objects - */ - public $phpbb_optional = array('config'); - - /** - * @var string Used hash type. The default type is $P$, phpBB uses a different one. - */ - public $hash_type = '$H$'; - - /** - * @var bool Is true if random seed got updated. - */ - private $dss_seeded = false; - - /** - * Constructor - * @access public - */ - public function __construct() {} - - /** - * Generates an alphanumeric random string of given length - * - * @param int $num_chars Number of characters to return - * @return string Random string of $num_chars characters. - * @access public - */ - public function gen_rand_string($num_chars = 8) - { - $rand_str = $this->unique_id(); - $rand_str = str_replace('0', 'Z', strtoupper(base_convert($rand_str, 16, 35))); - - return substr($rand_str, 0, $num_chars); - } - - /** - * Return unique id - * - * @param string $extra Additional entropy - * @return string Unique id - * @access public - */ - public function unique_id($extra = 'c') - { - if (!isset(phpbb::$config['rand_seed'])) - { - $val = md5(md5($extra) . microtime()); - $val = md5(md5($extra) . $val . $extra); - return substr($val, 4, 16); - } - - - $val = phpbb::$config['rand_seed'] . microtime(); - $val = md5($val); - phpbb::$config['rand_seed'] = md5(phpbb::$config['rand_seed'] . $val . $extra); - - if (!$this->dss_seeded && phpbb::$config['rand_seed_last_update'] < time() - rand(1, 10)) - { - set_config('rand_seed', phpbb::$config['rand_seed'], true); - set_config('rand_seed_last_update', time(), true); - - $this->dss_seeded = true; - } - - return substr($val, 4, 16); - } - - /** - * Hash passwords - * - * @version Version 0.1 - * - * Portable PHP password hashing framework. - * - * Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in - * the public domain. - * - * There's absolutely no warranty. - * - * The homepage URL for this framework is: - * - * http://www.openwall.com/phpass/ - * - * Please be sure to update the Version line if you edit this file in any way. - * It is suggested that you leave the main version number intact, but indicate - * your project name (after the slash) and add your own revision information. - * - * Please do not change the "private" password hashing method implemented in - * here, thereby making your hashes incompatible. However, if you must, please - * change the hash type identifier (the "$P$") to something different. - * - * Obviously, since this code is in the public domain, the above are not - * requirements (there can be none), but merely suggestions. - * - * @param string $password Password to hash - * @return string Hashed password - * @access public - */ - public function hash_password($password) - { - $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; - - $random_state = $this->unique_id(); - $random = ''; - $count = 6; - - if (($fh = @fopen('/dev/urandom', 'rb'))) - { - $random = fread($fh, $count); - fclose($fh); - } - - if (strlen($random) < $count) - { - $random = ''; - - for ($i = 0; $i < $count; $i += 16) - { - $random_state = md5($this->unique_id() . $random_state); - $random .= pack('H*', md5($random_state)); - } - $random = substr($random, 0, $count); - } - - $hash = $this->_hash_crypt_private($password, $this->_hash_gensalt_private($random, $itoa64), $itoa64); - $result = (strlen($hash) == 34) ? $hash : md5($password); - - return $result; - } - - /** - * Check for correct password - * - * If the hash length is != 34, then a md5($password) === $hash comparison is done. The correct hash length is 34. - * - * @param string $password The password in plain text - * @param string $hash The stored password hash - * - * @return bool Returns true if the password is correct, false if not. - * @access public - */ - public function check_password($password, $hash) - { - $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; - if (strlen($hash) == 34) - { - $result = ($this->_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false; - } - else - { - $result = (md5($password) === $hash) ? true : false; - } - - return $result; - } - - /** - * Generate salt for hash generation - * @access private - */ - private function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6) - { - if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) - { - $iteration_count_log2 = 8; - } - - $output = $this->hash_type; - $output .= $itoa64[min($iteration_count_log2 + 5, 30)]; - $output .= $this->_hash_encode64($input, 6, $itoa64); - - return $output; - } - - /** - * Encode hash - * @access private - */ - private function _hash_encode64($input, $count, &$itoa64) - { - $output = ''; - $i = 0; - - do - { - $value = ord($input[$i++]); - $output .= $itoa64[$value & 0x3f]; - - if ($i < $count) - { - $value |= ord($input[$i]) << 8; - } - - $output .= $itoa64[($value >> 6) & 0x3f]; - - if ($i++ >= $count) - { - break; - } - - if ($i < $count) - { - $value |= ord($input[$i]) << 16; - } - - $output .= $itoa64[($value >> 12) & 0x3f]; - - if ($i++ >= $count) - { - break; - } - - $output .= $itoa64[($value >> 18) & 0x3f]; - } - while ($i < $count); - - return $output; - } - - /** - * The crypt function/replacement - * @access private - */ - private function _hash_crypt_private($password, $setting, &$itoa64) - { - $output = '*'; - - // Check for correct hash - if (substr($setting, 0, 3) != $this->hash_type) - { - return $output; - } - - $count_log2 = strpos($itoa64, $setting[3]); - - if ($count_log2 < 7 || $count_log2 > 30) - { - return $output; - } - - $count = 1 << $count_log2; - $salt = substr($setting, 4, 8); - - if (strlen($salt) != 8) - { - return $output; - } - - /** - * We're kind of forced to use MD5 here since it's the only - * cryptographic primitive available in all versions of PHP - * currently in use. To implement our own low-level crypto - * in PHP would result in much worse performance and - * consequently in lower iteration counts and hashes that are - * quicker to crack (by non-PHP code). - */ - $hash = md5($salt . $password, true); - do - { - $hash = md5($hash . $password, true); - } - while (--$count); - - $output = substr($setting, 0, 12); - $output .= $this->_hash_encode64($hash, 16, $itoa64); - - return $output; - } -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/core/system.php b/phpBB/includes/core/system.php deleted file mode 100644 index 5bb42e9ed4..0000000000 --- a/phpBB/includes/core/system.php +++ /dev/null @@ -1,213 +0,0 @@ -<?php -/** -* -* @package core -* @version $Id$ -* @copyright (c) 2008 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License -* -*/ - -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit(); -} - -/** -* System-specific methods. For example chmod(), unlink()... -* -* @package core -*/ -class phpbb_system extends phpbb_plugin_support -{ - /** - * @var array required phpBB objects - */ - public $phpbb_required = array(); - - /** - * @var array Optional phpBB objects - */ - public $phpbb_optional = array(); - - /** - * @var array Holding some information for chmod() - */ - private $chmod_info = array(); - - /** - * Method for chmodding directories and files for internal use. - * - * This function determines owner and group whom the file belongs to and user and group of PHP and then set safest possible file permissions. - * The function determines owner and group from common.php file and sets the same to the provided file. - * The function uses bit fields to build the permissions. - * The function sets the appropiate execute bit on directories. - * - * Supported constants representing bit fields are: - * - * phpbb::CHMOD_ALL - all permissions (7) - * phpbb::CHMOD_READ - read permission (4) - * phpbb::CHMOD_WRITE - write permission (2) - * phpbb::CHMOD_EXECUTE - execute permission (1) - * - * NOTE: The function uses POSIX extension and fileowner()/filegroup() functions. If any of them is disabled, this function tries to build proper permissions, by calling is_readable() and is_writable() functions. - * - * @param string $filename The file/directory to be chmodded - * @param int $perms Permissions to set - * - * @return bool true on success, otherwise false - * @author faw, phpBB Group - * @access public - */ - public function chmod($filename, $perms = phpbb::CHMOD_READ) - { - // Return if the file no longer exists. - if (!file_exists($filename)) - { - return false; - } - - // Determine some common vars - if (empty($this->chmod_info)) - { - if (!function_exists('fileowner') || !function_exists('filegroup')) - { - // No need to further determine owner/group - it is unknown - $this->chmod_info['process'] = false; - } - else - { - // Determine owner/group of common.php file and the filename we want to change here - $common_php_owner = fileowner(PHPBB_ROOT_PATH . 'common.' . PHP_EXT); - $common_php_group = filegroup(PHPBB_ROOT_PATH . 'common.' . PHP_EXT); - - // And the owner and the groups PHP is running under. - $php_uid = (function_exists('posix_getuid')) ? @posix_getuid() : false; - $php_gids = (function_exists('posix_getgroups')) ? @posix_getgroups() : false; - - if (!$php_uid || empty($php_gids) || !$common_php_owner || !$common_php_group) - { - $this->chmod_info['process'] = false; - } - else - { - $this->chmod_info = array( - 'process' => true, - 'common_owner' => $common_php_owner, - 'common_group' => $common_php_group, - 'php_uid' => $php_uid, - 'php_gids' => $php_gids, - ); - } - } - } - - if ($this->chmod_info['process']) - { - $file_uid = fileowner($filename); - $file_gid = filegroup($filename); - - // Change owner - if (@chown($filename, $this->chmod_info['common_owner'])) - { - clearstatcache(); - $file_uid = fileowner($filename); - } - - // Change group - if (@chgrp($filename, $this->chmod_info['common_group'])) - { - clearstatcache(); - $file_gid = filegroup($filename); - } - - // If the file_uid/gid now match the one from common.php we can process further, else we are not able to change something - if ($file_uid != $this->chmod_info['common_owner'] || $file_gid != $this->chmod_info['common_group']) - { - $this->chmod_info['process'] = false; - } - } - - // Still able to process? - if ($this->chmod_info['process']) - { - if ($file_uid == $this->chmod_info['php_uid']) - { - $php = 'owner'; - } - else if (in_array($file_gid, $this->chmod_info['php_gids'])) - { - $php = 'group'; - } - else - { - // Since we are setting the everyone bit anyway, no need to do expensive operations - $this->chmod_info['process'] = false; - } - } - - // We are not able to determine or change something - if (!$this->chmod_info['process']) - { - $php = 'other'; - } - - // Owner always has read/write permission - $owner = phpbb::CHMOD_READ | phpbb::CHMOD_WRITE; - if (is_dir($filename)) - { - $owner |= phpbb::CHMOD_EXECUTE; - - // Only add execute bit to the permission if the dir needs to be readable - if ($perms & phpbb::CHMOD_READ) - { - $perms |= phpbb::CHMOD_EXECUTE; - } - } - - switch ($php) - { - case 'owner': - $result = @chmod($filename, ($owner << 6) + (0 << 3) + (0 << 0)); - - clearstatcache(); - - if (!is_null($php) || (is_readable($filename) && is_writable($filename))) - { - break; - } - - case 'group': - $result = @chmod($filename, ($owner << 6) + ($perms << 3) + (0 << 0)); - - clearstatcache(); - - if (!is_null($php) || ((!($perms & phpbb::CHMOD_READ) || is_readable($filename)) && (!($perms & phpbb::CHMOD_WRITE) || is_writable($filename)))) - { - break; - } - - case 'other': - $result = @chmod($filename, ($owner << 6) + ($perms << 3) + ($perms << 0)); - - clearstatcache(); - - if (!is_null($php) || ((!($perms & phpbb::CHMOD_READ) || is_readable($filename)) && (!($perms & phpbb::CHMOD_WRITE) || is_writable($filename)))) - { - break; - } - - default: - return false; - break; - } - - return $result; - } - -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/core/system_info.php b/phpBB/includes/core/system_info.php deleted file mode 100644 index 56a5d3bcd0..0000000000 --- a/phpBB/includes/core/system_info.php +++ /dev/null @@ -1,376 +0,0 @@ -<?php -/** -* -* @package core -* @version $Id$ -* @copyright (c) 2008 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License -* -*/ - -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit(); -} - -/** -* Get system/server information variables. -* -* @package core -*/ -class phpbb_system_info extends phpbb_plugin_support implements ArrayAccess -{ - /** - * @var array required phpBB objects - */ - public $phpbb_required = array('config', 'url'); - - /** - * @var array Optional phpBB objects - */ - public $phpbb_optional = array(); - - /** - * @var array Array for storing/accessing information - */ - private $data = array(); - - /**#@+ - * Part of the ArrayAccess implementation. - * @access public - */ - public function offsetSet($offset, $value) - { - $this->data[$offset] = $value; - } - - public function offsetExists($offset) - { - return isset($this->data[$offset]); - } - - public function offsetUnset($offset) - { - unset($this->data[$offset]); - } - /**#@-*/ - - /** - * Get system information - Part of the ArrayAccess implementation. - * - * System information ought to be received from {@link $data phpbb::$user->system[key]}. - * The key used is mapped to a method with get_ as prefix. - * For example getting phpbb::$user->system['host'] results in calling the method get_host(). - * - * @param string $offset The key to get. - * @return mixed The result - * @access public - */ - public function offsetGet($offset) - { - if (isset($this->data[$offset])) - { - return $this->data[$offset]; - } - - $identifier = 'get_' . strtolower($offset); - - // Not static, because we are not able to use late static bindings - $this->data[$offset] = $this->$identifier(); - return $this->data[$offset]; - } - - /** - * Get valid hostname/port. HTTP_HOST is used, SERVER_NAME if HTTP_HOST not present. - * - * @return string Host (lowercase, not specialchared) - * @access protected - */ - protected function get_host() - { - // Get hostname - $host = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); - - // Should be a string and lowered - $host = (string) strtolower($host); - - // If host is equal the cookie domain or the server name (if config is set), then we assume it is valid - if ((isset(phpbb::$config['cookie_domain']) && $host === phpbb::$config['cookie_domain']) || (isset(phpbb::$config['server_name']) && $host === phpbb::$config['server_name'])) - { - return $host; - } - - // Is the host actually a IP? If so, we use the IP... (IPv4) - if (long2ip(ip2long($host)) === $host) - { - return $host; - } - - // Now return the hostname (this also removes any port definition). The http:// is prepended to construct a valid URL, hosts never have a scheme assigned - $host = @parse_url('http://' . $host, PHP_URL_HOST); - - // Remove any portions not removed by parse_url (#) - $host = str_replace('#', '', $host); - - // If, by any means, the host is now empty, we will use a "best approach" way to guess one - if (empty($host)) - { - if (!empty(phpbb::$config['server_name'])) - { - $host = phpbb::$config['server_name']; - } - else if (!empty(phpbb::$config['cookie_domain'])) - { - $host = (strpos(phpbb::$config['cookie_domain'], '.') === 0) ? substr(phpbb::$config['cookie_domain'], 1) : phpbb::$config['cookie_domain']; - } - else - { - // Set to OS hostname or localhost - $host = (function_exists('php_uname')) ? strtolower(php_uname('n')) : 'localhost'; - } - } - - // It may be still no valid host, but for sure only a hostname (we may further expand on the cookie domain... if set) - return $host; - } - - /** - * Extract current session page, relative from current root path (PHPBB_ROOT_PATH) - * - * The array returned consist of the following key/value pairs: - * page_name: The current basename'd page name, for example: index.php (urlencoded, htmlspecialchared) - * page_dir: The current directory within the phpBB root, for example: adm - * query_string: The current query string, for example: i=10&b=2 (the parameter 'sid' is never included) - * script_path: The script path from the webroot to the current directory, for example: /phpBB3/adm/ - * The script path is always prefixed with / and ends in /. Specialchared, whitespace replaced with %20. - * root_script_path: The script path from the webroot to the phpBB root, for example: /phpBB3/ - * The root script path is always prefixed with / and ends in /. Specialchared, whitespace replaced with %20. - * page: Current page from phpBB root, for example: adm/index.php?i=10&b=2 - * forum: Current forum id (determined by {@link request_var() request_var('f', 0)}) - * - * @return array Array containing page information. - * @plugin-support return - * @access protected - */ - protected function get_page() - { - $page_array = array(); - - // First of all, get the request uri... - $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); - $args = (!empty($_SERVER['QUERY_STRING'])) ? explode('&', $_SERVER['QUERY_STRING']) : explode('&', getenv('QUERY_STRING')); - - // If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support... - if (!$script_name) - { - $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); - $script_name = (($pos = strpos($script_name, '?')) !== false) ? substr($script_name, 0, $pos) : $script_name; - $page_array['failover'] = 1; - } - - // Replace backslashes and doubled slashes (could happen on some proxy setups) - $script_name = str_replace(array('\\', '//'), '/', $script_name); - - // Now, remove the sid and let us get a clean query string... - $use_args = array(); - - // Since some browser do not encode correctly we need to do this with some "special" characters... - // " -> %22, ' => %27, < -> %3C, > -> %3E - $find = array('"', "'", '<', '>'); - $replace = array('%22', '%27', '%3C', '%3E'); - - foreach ($args as $argument) - { - if (strpos($argument, 'sid=') === 0) - { - continue; - } - - $use_args[] = str_replace($find, $replace, $argument); - } - unset($args); - - // The following examples given are for an request uri of {path to the phpbb directory}/adm/index.php?i=10&b=2 - - // The current query string - $query_string = trim(implode('&', $use_args)); - - // basenamed page name (for example: index.php) - $page_name = basename($script_name); - $page_name = urlencode(htmlspecialchars($page_name)); - - // current directory within the phpBB root (for example: adm) - $root_dirs = explode('/', str_replace('\\', '/', phpbb::$url->realpath(PHPBB_ROOT_PATH))); - $page_dirs = explode('/', str_replace('\\', '/', phpbb::$url->realpath('./'))); - $intersection = array_intersect_assoc($root_dirs, $page_dirs); - - $root_dirs = array_diff_assoc($root_dirs, $intersection); - $page_dirs = array_diff_assoc($page_dirs, $intersection); - - $page_dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); - - if ($page_dir && substr($page_dir, -1, 1) == '/') - { - $page_dir = substr($page_dir, 0, -1); - } - - // Current page from phpBB root (for example: adm/index.php?i=10&b=2) - $page = (($page_dir) ? $page_dir . '/' : '') . $page_name . (($query_string) ? "?$query_string" : ''); - - // The script path from the webroot to the current directory (for example: /phpBB3/adm/) : always prefixed with / and ends in / - $script_path = trim(str_replace('\\', '/', dirname($script_name))); - - // The script path from the webroot to the phpBB root (for example: /phpBB3/) - $script_dirs = explode('/', $script_path); - array_splice($script_dirs, -sizeof($page_dirs)); - $root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ? '/' . implode('/', $root_dirs) : ''); - - // We are on the base level (phpBB root == webroot), lets adjust the variables a bit... - if (!$root_script_path) - { - $root_script_path = ($page_dir) ? str_replace($page_dir, '', $script_path) : $script_path; - } - - $script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/'; - $root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/'; - - $page_array += array( - 'page_name' => $page_name, - 'page_dir' => $page_dir, - - 'query_string' => $query_string, - 'script_path' => str_replace(' ', '%20', htmlspecialchars($script_path)), - 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), - - 'page' => $page, - 'forum' => request_var('f', 0), - ); - - return ($this->method_inject(__FUNCTION__, 'return')) ? $this->call_inject(__FUNCTION__, array('return', $page_array)) : $page_array; - } - - /** - * Get user agent string. - * - * @return string User agent, determined from $_SERVER['HTTP_USER_AGENT']. Specialchared. - * @access protected - */ - protected function get_browser() - { - return (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; - } - - /** - * Get current referer - * - * @return string Referer, determined from $_SERVER['HTTP_REFERER']. Specialchared. - * @access protected - */ - protected function get_referer() - { - return (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; - } - - /** - * Get server port - * - * @return int Sertver port, determined from $_SERVER/$_ENV['SERVER_PORT']. - * @access protected - */ - protected function get_port() - { - return (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); - } - - /** - * Get forwarded-for string. - * If the forwarded for check is enabled in phpBB the ip's are checked for valid data and invalid data being removed. - * - * @return string Forwarded-for string, determined from $_SERVER['HTTP_X_FORWARDED_FOR']. - * @access protected - */ - protected function get_forwarded_for() - { - $forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; - - // if the forwarded for header shall be checked we have to validate its contents - if (phpbb::$config['forwarded_for_check']) - { - $forwarded_for = preg_replace('#, +#', ', ', $forwarded_for); - - // split the list of IPs - $ips = explode(', ', $forwarded_for); - foreach ($ips as $ip) - { - // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly - if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) - { - // contains invalid data, don't use the forwarded for header - return ''; - } - } - } - else - { - return ''; - } - } - - /** - * Get remote ip - * - * @return string Remote IP, determined from $_SERVER['REMOTE_ADDR']. Specialchared. - * @access protected - */ - protected function get_ip() - { - return (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : ''; - } - - /** - * Get server load. - * - * Server load is retrieved if load limitation is enabled in phpBB and server supports {@link sys_getloadavg() sys_getloadavg} - * or file /proc/loadavg exists on the server. - * - * @return double Server load. - * @access protected - */ - protected function get_load() - { - $load = false; - - // Load limit check (if applicable) - if (phpbb::$config['limit_load'] || phpbb::$config['limit_search_load']) - { - if ((function_exists('sys_getloadavg') && $load = sys_getloadavg()) || ($load = explode(' ', @file_get_contents('/proc/loadavg')))) - { - $load = array_slice($load, 0, 1); - $load = floatval($load[0]); - } - else - { - set_config('limit_load', '0'); - set_config('limit_search_load', '0'); - } - } - - return $load; - } - - /** - * Get current request method. - * - * @return string Request method, determined from $_SERVER['REQUEST_METHOD']. Specialchared, lowercase. - * @access protected - */ - protected function get_request_method() - { - return (isset($_SERVER['REQUEST_METHOD'])) ? strtolower(htmlspecialchars((string) $_SERVER['REQUEST_METHOD'])) : ''; - } -} - -?>
\ No newline at end of file diff --git a/phpBB/includes/core/url.php b/phpBB/includes/core/url.php deleted file mode 100644 index c182998b87..0000000000 --- a/phpBB/includes/core/url.php +++ /dev/null @@ -1,740 +0,0 @@ -<?php -/** -* -* @package core -* @version $Id$ -* @copyright (c) 2008 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License -* -*/ - -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit(); -} - -/** -* Class responsible for URL handling, URL building, redirects, meta refreshs and session id handling. -* Basically everything url/sid-related. -* -* @package core -*/ -class phpbb_url extends phpbb_plugin_support -{ - /** - * @var array required phpBB objects - */ - public $phpbb_required = array('user', 'config'); - - /** - * @var array Optional phpBB objects - */ - public $phpbb_optional = array('template'); - - public function __construct() {} - - /** - * Checks if a path ($path) is absolute or relative - * - * @param string $path Path to check absoluteness of - * @return bool True if path is absolute - * @access public - */ - public function is_absolute($path) - { - return ($path[0] == '/' || (DIRECTORY_SEPARATOR == '\\' && preg_match('#^[a-z]:/#i', $path))) ? true : false; - } - - /** - * Mimic PHP realpath implementation - * - * @author Chris Smith <chris@project-minerva.org> - * @copyright 2006 Project Minerva Team - * @param string $path The path which we should attempt to resolve. - * @return mixed realpath - * @access private - */ - private function own_realpath($path) - { - // Switch to use UNIX slashes - $path = str_replace(DIRECTORY_SEPARATOR, '/', $path); - $path_prefix = ''; - - // Determine what sort of path we have - if ($this->is_absolute($path)) - { - $absolute = true; - - if ($path[0] == '/') - { - // Absolute path, *NIX style - $path_prefix = ''; - } - else - { - // Absolute path, Windows style - // Remove the drive letter and colon - $path_prefix = $path[0] . ':'; - $path = substr($path, 2); - } - } - else - { - // Relative Path - // Prepend the current working directory - if (function_exists('getcwd')) - { - // This is the best method, hopefully it is enabled! - $path = str_replace(DIRECTORY_SEPARATOR, '/', getcwd()) . '/' . $path; - $absolute = true; - if (preg_match('#^[a-z]:#i', $path)) - { - $path_prefix = $path[0] . ':'; - $path = substr($path, 2); - } - else - { - $path_prefix = ''; - } - } - else if (!empty($_SERVER['SCRIPT_FILENAME'])) - { - // Warning: If chdir() has been used this will lie! - // Warning: This has some problems sometime (CLI can create them easily) - $path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($_SERVER['SCRIPT_FILENAME'])) . '/' . $path; - $absolute = true; - $path_prefix = ''; - } - else - { - // We have no way of getting the absolute path, just run on using relative ones. - $absolute = false; - $path_prefix = '.'; - } - } - - // Remove any repeated slashes - $path = preg_replace('#/{2,}#', '/', $path); - - // Remove the slashes from the start and end of the path - $path = trim($path, '/'); - - // Break the string into little bits for us to nibble on - $bits = explode('/', $path); - - // Remove any . in the path, renumber array for the loop below - $bits = array_values(array_diff($bits, array('.'))); - - // Lets get looping, run over and resolve any .. (up directory) - for ($i = 0, $max = sizeof($bits); $i < $max; $i++) - { - // @todo Optimise - if ($bits[$i] == '..' ) - { - if (isset($bits[$i - 1])) - { - if ($bits[$i - 1] != '..') - { - // We found a .. and we are able to traverse upwards, lets do it! - unset($bits[$i]); - unset($bits[$i - 1]); - $i -= 2; - $max -= 2; - $bits = array_values($bits); - } - } - else if ($absolute) // ie. !isset($bits[$i - 1]) && $absolute - { - // We have an absolute path trying to descend above the root of the filesystem - // ... Error! - return false; - } - } - } - - // Prepend the path prefix - array_unshift($bits, $path_prefix); - - $resolved = ''; - - $max = sizeof($bits) - 1; - - // Check if we are able to resolve symlinks, Windows cannot. - $symlink_resolve = (function_exists('readlink')) ? true : false; - - foreach ($bits as $i => $bit) - { - if (@is_dir("$resolved/$bit") || ($i == $max && @is_file("$resolved/$bit"))) - { - // Path Exists - if ($symlink_resolve && is_link("$resolved/$bit") && ($link = readlink("$resolved/$bit"))) - { - // Resolved a symlink. - $resolved = $link . (($i == $max) ? '' : '/'); - continue; - } - } - else - { - // Something doesn't exist here! - // This is correct realpath() behaviour but sadly open_basedir and safe_mode make this problematic - // return false; - } - $resolved .= $bit . (($i == $max) ? '' : '/'); - } - - // @todo If the file exists fine and open_basedir only has one path we should be able to prepend it - // because we must be inside that basedir, the question is where... - // @internal The slash in is_dir() gets around an open_basedir restriction - if (!@file_exists($resolved) || (!is_dir($resolved . '/') && !is_file($resolved))) - { - return false; - } - - // Put the slashes back to the native operating systems slashes - $resolved = str_replace('/', DIRECTORY_SEPARATOR, $resolved); - - // Check for DIRECTORY_SEPARATOR at the end (and remove it!) - if (substr($resolved, -1) == DIRECTORY_SEPARATOR) - { - return substr($resolved, 0, -1); - } - - // We got here, in the end! - return $resolved; - } - - /** - * A wrapper for realpath - * - * @param string $path The path which we should attempt to resolve. - * @staticvar string $_phpbb_realpath_exist This is set to false if the PHP function realpath() is not accessible or returns incorrect results - * - * @return string Real path - * @access public - */ - public function realpath($path) - { - static $_phpbb_realpath_exist; - - if (!isset($_phpbb_realpath_exist)) - { - $_phpbb_realpath_exist = (!function_exists('realpath')) ? false : true; - } - - if (!$_phpbb_realpath_exist) - { - return $this->own_realpath($path); - } - - $realpath = realpath($path); - - // Strangely there are provider not disabling realpath but returning strange values. :o - // We at least try to cope with them. - if ($realpath === $path || $realpath === false) - { - $_phpbb_realpath_exist = false; - return $this->own_realpath($path); - } - - // Check for DIRECTORY_SEPARATOR at the end (and remove it!) - if (substr($realpath, -1) == DIRECTORY_SEPARATOR) - { - $realpath = substr($realpath, 0, -1); - } - - return $realpath; - } - - /** - * URL wrapper - * All urls are run through this... either after {@link append_sid() append_sid} or directly - * - * @param string $url URL to process - * @return string URL - * @access public - */ - public function get($url) - { - return $url; - } - - /** - * Append session id to url. - * - * Examples: - * <code> - * append_sid(PHPBB_ROOT_PATH . 'viewtopic.' . PHP_EXT . '?t=1&f=2'); // VALID - * append_sid(PHPBB_ROOT_PATH . 'viewtopic.' . PHP_EXT, 't=1&f=2'); // VALID - * append_sid('viewtopic', 't=1&f=2'); // short notation of the above example - VALID - * append_sid('viewtopic', 't=1&f=2', false); // Instead of & use & - * append_sid('viewtopic', array('t' => 1, 'f' => 2)); // Instead of parameter in string notation, use an array - * </code> - * - * @param string $url The url the session id needs to be appended to (without parameter) - * @param string|array $params String or array of additional url parameter. - * @param bool $is_amp Is url using & (true) or & (false) - * @param string $session_id Possibility to use a custom session id instead of the global one. This also forces the use of a session id. - * - * @plugin-support default, return - * @return string URL - * @access public - */ - public function append_sid($url, $params = false, $is_amp = true, $session_id = false) - { - static $parsed_urls = array(); - - // The following code is used to make sure such calls like append_sid('viewtopic') (ommitting phpbb_root_path and php_ext) work as intended - if (isset($parsed_urls[$url])) - { - // Set an url like 'viewtopic' to PHPBB_ROOT_PATH . 'viewtopic.' . PHP_EXT - $url = $parsed_urls[$url]; - } - else - { - // If we detect an url without root path and extension, and also not a relative or absolute path, we add it and put it to the parsed urls - if (strpos($url, '.' . PHP_EXT) === false && $url[0] != '.' && $url[0] != '/') - { - $parsed_urls[$url] = $url = PHPBB_ROOT_PATH . $url . '.' . PHP_EXT; - } - } - - if (empty($params)) - { - $params = false; - } - - $params_is_array = is_array($params); - - // Get anchor - $anchor = ''; - if (strpos($url, '#') !== false) - { - list($url, $anchor) = explode('#', $url, 2); - $anchor = '#' . $anchor; - } - else if (!$params_is_array && strpos($params, '#') !== false) - { - list($params, $anchor) = explode('#', $params, 2); - $anchor = '#' . $anchor; - } - - // Handle really simple cases quickly - if ($session_id === false && !phpbb::$user->need_sid && empty(phpbb::$user->extra_url) && !$params_is_array && !$anchor) - { - if ($params === false) - { - return $this->get($url); - } - - $url_delim = (strpos($url, '?') === false) ? '?' : (($is_amp) ? '&' : '&'); - return $this->get($url . ($params !== false ? $url_delim . $params : '')); - } - - // Assign sid if session id is not specified - if (phpbb::$user->need_sid && $session_id === false) - { - $session_id = phpbb::$user->session_id; - } - - $amp_delim = ($is_amp) ? '&' : '&'; - $url_delim = (strpos($url, '?') === false) ? '?' : $amp_delim; - - // Appending custom url parameter? - $append_url = (!empty(phpbb::$user->extra_url)) ? implode($amp_delim, phpbb::$user->extra_url) : ''; - - if ($this->method_inject(__FUNCTION__)) $this->call_inject(__FUNCTION__, array('default', &$url, &$params, &$session_id, &$append_url, &$anchor, &$amp_delim, &$url_delim)); - - if ($this->method_inject(__FUNCTION__, 'return')) - { - $url = $this->call_inject(__FUNCTION__, array('return', $url, $params, $session_id, $append_url, $anchor, $amp_delim, $url_delim)); - return $this->get($url); - } - - // Use the short variant if possible ;) - if ($params === false) - { - // Append session id - if (!$session_id) - { - return $this->get($url . (($append_url) ? $url_delim . $append_url : '') . $anchor); - } - else - { - return $this->get($url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . 'sid=' . $session_id . $anchor); - } - } - - // Build string if parameters are specified as array - if ($params_is_array) - { - $output = array(); - - foreach ($params as $key => $item) - { - if ($item === NULL) - { - continue; - } - - if ($key == '#') - { - $anchor = '#' . $item; - continue; - } - - $output[] = $key . '=' . $item; - } - - $params = implode($amp_delim, $output); - } - - // Append session id and parameter - return $this->get($url . (($append_url) ? $url_delim . $append_url : '') . (($params) ? (($append_url) ? $amp_delim : $url_delim) . $params : '') . ((!$session_id) ? '' : $amp_delim . 'sid=' . $session_id) . $anchor); - } - - /** - * Generate board url (example: http://www.example.com/phpBB) - * - * @param bool $without_script_path If set to true the script path gets not appended (example: http://www.example.com instead of http://www.example.com/phpBB) - * @return string Board URL - * @access public - */ - public function generate_board_url($without_script_path = false) - { - $server_name = phpbb::$user->system['host']; - $server_port = phpbb::$user->system['port']; - - // Forcing server vars is the only way to specify/override the protocol - if (phpbb::$config['force_server_vars'] || !$server_name) - { - $server_protocol = (phpbb::$config['server_protocol']) ? phpbb::$config['server_protocol'] : ((phpbb::$config['cookie_secure']) ? 'https://' : 'http://'); - $server_name = phpbb::$config['server_name']; - $server_port = (int) phpbb::$config['server_port']; - $script_path = phpbb::$config['script_path']; - - $url = $server_protocol . $server_name; - $cookie_secure = phpbb::$config['cookie_secure']; - } - else - { - // Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection - $cookie_secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0; - $url = (($cookie_secure) ? 'https://' : 'http://') . $server_name; - - $script_path = phpbb::$user->page['root_script_path']; - } - - if ($server_port && (($cookie_secure && $server_port <> 443) || (!$cookie_secure && $server_port <> 80))) - { - // HTTP HOST can carry a port number (we fetch $user->system['host'], but for old versions this may be true) - if (strpos($server_name, ':') === false) - { - $url .= ':' . $server_port; - } - } - - if (!$without_script_path) - { - $url .= $script_path; - } - - // Strip / from the end - if (substr($url, -1, 1) == '/') - { - $url = substr($url, 0, -1); - } - - return $url; - } - - /** - * Redirects the user to another page then exits the script nicely - * This function is intended for urls within the board. It's not meant to redirect to cross-domains. - * - * @param string $url The url to redirect to - * @param bool $return If true, do not redirect but return the sanitized URL. - * @param bool $disable_cd_check If true, redirect() will support redirects to an external domain. - * If false, the redirect points to the boards url if it does not match the current domain. - * - * @return mixed Sanitized URL if $return is true - * @access public - */ - public function redirect($url, $return = false, $disable_cd_check = false) - { - if (empty(phpbb::$user->lang)) - { - phpbb::$user->add_lang('common'); - } - - if (!$return) - { - garbage_collection(); - } - - // Make sure no &'s are in, this will break the redirect - $url = str_replace('&', '&', $url); - - // Determine which type of redirect we need to handle... - $url_parts = parse_url($url); - - if ($url_parts === false) - { - // Malformed url, redirect to current page... - $url = $this->generate_board_url() . '/' . phpbb::$user->page['page']; - } - else if (!empty($url_parts['scheme']) && !empty($url_parts['host'])) - { - // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) - if (!$disable_cd_check && $url_parts['host'] !== phpbb::$user->system['host']) - { - $url = $this->generate_board_url(); - } - } - else if ($url[0] == '/') - { - // Absolute uri, prepend direct url... - $url = $this->generate_board_url(true) . $url; - } - else - { - // Relative uri - $pathinfo = pathinfo($url); - - // Is the uri pointing to the current directory? - if ($pathinfo['dirname'] == '.') - { - $url = str_replace('./', '', $url); - - // Strip / from the beginning - if ($url && substr($url, 0, 1) == '/') - { - $url = substr($url, 1); - } - - if (phpbb::$user->page['page_dir']) - { - $url = $this->generate_board_url() . '/' . phpbb::$user->page['page_dir'] . '/' . $url; - } - else - { - $url = $this->generate_board_url() . '/' . $url; - } - } - else - { - // Used ./ before, but PHPBB_ROOT_PATH is working better with urls within another root path - $root_dirs = explode('/', str_replace('\\', '/', $this->realpath(PHPBB_ROOT_PATH))); - $page_dirs = explode('/', str_replace('\\', '/', $this->realpath($pathinfo['dirname']))); - $intersection = array_intersect_assoc($root_dirs, $page_dirs); - - $root_dirs = array_diff_assoc($root_dirs, $intersection); - $page_dirs = array_diff_assoc($page_dirs, $intersection); - - $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); - - // Strip / from the end - if ($dir && substr($dir, -1, 1) == '/') - { - $dir = substr($dir, 0, -1); - } - - // Strip / from the beginning - if ($dir && substr($dir, 0, 1) == '/') - { - $dir = substr($dir, 1); - } - - $url = str_replace($pathinfo['dirname'] . '/', '', $url); - - // Strip / from the beginning - if (substr($url, 0, 1) == '/') - { - $url = substr($url, 1); - } - - $url = (!empty($dir) ? $dir . '/' : '') . $url; - $url = $this->generate_board_url() . '/' . $url; - } - } - - // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2 - if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false) - { - trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); - } - - // Now, also check the protocol and for a valid url the last time... - $allowed_protocols = array('http', 'https', 'ftp', 'ftps'); - $url_parts = parse_url($url); - - if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols)) - { - trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); - } - - if ($return) - { - return $url; - } - - // Redirect via an HTML form for PITA webservers - if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) - { - header('Refresh: 0; URL=' . $url); - - echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'; - echo '<html xmlns="http://www.w3.org/1999/xhtml" dir="' . phpbb::$user->lang['DIRECTION'] . '" lang="' . phpbb::$user->lang['USER_LANG'] . '" xml:lang="' . phpbb::$user->lang['USER_LANG'] . '">'; - echo '<head>'; - echo '<meta http-equiv="content-type" content="text/html; charset=utf-8" />'; - echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&', $url) . '" />'; - echo '<title>' . phpbb::$user->lang['REDIRECT'] . '</title>'; - echo '</head>'; - echo '<body>'; - echo '<div style="text-align: center;">' . phpbb::$user->lang('URL_REDIRECT', '<a href="' . str_replace('&', '&', $url) . '">', '</a>') . '</div>'; - echo '</body>'; - echo '</html>'; - - exit; - } - - // Behave as per HTTP/1.1 spec for others - header('Location: ' . $url); - exit; - } - - /** - * Meta refresh assignment - * - * If the template object is present, the META template variable holds the meta refresh, else a normal redirect is done. - * - * @param int $time The time in seconds when to redirect - * @param string $url The URL to redirect to - * @param bool $disable_cd_check If true, redirect() will support redirects to an external domain. - * If false, the redirect points to the boards url if it does not match the current domain. - * - * @return string Sanitized URL - * @plugin-support return - * @access public - */ - public function meta_refresh($time, $url, $disable_cd_check = false) - { - if (phpbb::registered('template')) - { - $result_url = $this->redirect($url, true, $disable_cd_check); - $result_url = str_replace('&', '&', $result_url); - - // For XHTML compatibility we change back & to & - phpbb::$template->assign_var('META', '<meta http-equiv="refresh" content="' . $time . ';url=' . $result_url . '" />'); - } - else - { - $this->redirect($url, false, $disable_cd_check); - } - - return ($this->method_inject(__FUNCTION__, 'return')) ? $this->call_inject(__FUNCTION__, array('return', $result_url, $time, $url, $disable_cd_check)) : $result_url; - } - - /** - * Re-Apply session id after page reloads - * - * @param string $url URL to re-apply session id to - * @return string URL with re-applied session id - * @access public - */ - public function reapply_sid($url) - { - if ($url === 'index.' . PHP_EXT) - { - return $this->append_sid('index.' . PHP_EXT); - } - else if ($url === PHPBB_ROOT_PATH . 'index.' . PHP_EXT) - { - return $this->append_sid('index'); - } - - // Remove previously added sid - if (strpos($url, '?sid=') !== false) - { - $url = preg_replace('/(\?)sid=[a-z0-9]+(&|&)?/', '\1', $url); - } - else if (strpos($url, '&sid=') !== false) - { - $url = preg_replace('/&sid=[a-z0-9]+(&)?/', '\1', $url); - } - else if (strpos($url, '&sid=') !== false) - { - $url = preg_replace('/&sid=[a-z0-9]+(&)?/', '\1', $url); - } - - return $this->append_sid($url); - } - - /** - * Returns url from the session/current page with an re-appended SID with optionally stripping vars from the url - * - * @param array|string $strip_vars An array containing variables to be stripped from the URL. - * @return string Current page URL with re-applied SID and optionally stripped parameter - * @access public - */ - public function build_url($strip_vars = false) - { - // Append SID - $redirect = $this->append_sid(phpbb::$user->page['page'], false, false); - - // Add delimiter if not there... - if (strpos($redirect, '?') === false) - { - $redirect .= '?'; - } - - // Strip vars... - if ($strip_vars !== false && strpos($redirect, '?') !== false) - { - if (!is_array($strip_vars)) - { - $strip_vars = array($strip_vars); - } - - $query = $_query = array(); - - $args = substr($redirect, strpos($redirect, '?') + 1); - $args = ($args) ? explode('&', $args) : array(); - $redirect = substr($redirect, 0, strpos($redirect, '?')); - - foreach ($args as $argument) - { - $arguments = explode('=', $argument); - $key = $arguments[0]; - unset($arguments[0]); - - $query[$key] = implode('=', $arguments); - } - - // Strip the vars off - foreach ($strip_vars as $strip) - { - if (isset($query[$strip])) - { - unset($query[$strip]); - } - } - - // Glue the remaining parts together... already urlencoded - foreach ($query as $key => $value) - { - $_query[] = $key . '=' . $value; - } - $query = implode('&', $_query); - - $redirect .= ($query) ? '?' . $query : ''; - } - - return PHPBB_ROOT_PATH . str_replace('&', '&', $redirect); - } -} - -?>
\ No newline at end of file |