Browse code
Codingstyle PSR12 + array syntax
Hanno Böck authored on 30/10/2021 21:18:17
Showing 1 changed files
| ... | ... |
@@ -33,7 +33,7 @@ function config($key, $localonly = false) |
| 33 | 33 |
} |
| 34 | 34 |
|
| 35 | 35 |
if ($key == 'modules' && isset($_SESSION['restrict_modules'])) {
|
| 36 |
- $modules = array(); |
|
| 36 |
+ $modules = []; |
|
| 37 | 37 |
foreach ($config['modules'] as $mod) {
|
| 38 | 38 |
if (in_array($mod, $_SESSION['restrict_modules'])) {
|
| 39 | 39 |
$modules[] = $mod; |
| ... | ... |
@@ -84,7 +84,7 @@ function have_role($role) |
| 84 | 84 |
function get_server_by_id($id) |
| 85 | 85 |
{
|
| 86 | 86 |
$id = (int) $id; |
| 87 |
- $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));
|
|
| 87 |
+ $result = db_query("SELECT hostname FROM system.servers WHERE id=?", [$id]);
|
|
| 88 | 88 |
$ret = $result->fetch(); |
| 89 | 89 |
return $ret['hostname']; |
| 90 | 90 |
} |
| ... | ... |
@@ -102,7 +102,7 @@ function redirect($target) |
| 102 | 102 |
if (strpos($target, '?') === false) {
|
| 103 | 103 |
print 'REDIRECT: '.internal_link($target, $target); |
| 104 | 104 |
} else {
|
| 105 |
- list($file, $qs) = explode('?', $target, 2);
|
|
| 105 |
+ [$file, $qs] = explode('?', $target, 2);
|
|
| 106 | 106 |
print 'REDIRECT: '.internal_link($file, $target, $qs); |
| 107 | 107 |
} |
| 108 | 108 |
} |
| ... | ... |
@@ -113,7 +113,7 @@ function redirect($target) |
| 113 | 113 |
function my_server_id() |
| 114 | 114 |
{
|
| 115 | 115 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 116 |
- $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid));
|
|
| 116 |
+ $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", [$uid]);
|
|
| 117 | 117 |
$r = $result->fetch(); |
| 118 | 118 |
DEBUG($r); |
| 119 | 119 |
return $r['server']; |
| ... | ... |
@@ -123,8 +123,8 @@ function my_server_id() |
| 123 | 123 |
function additional_servers() |
| 124 | 124 |
{
|
| 125 | 125 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 126 |
- $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid));
|
|
| 127 |
- $servers = array(); |
|
| 126 |
+ $result = db_query("SELECT server FROM system.user_server WHERE uid=?", [$uid]);
|
|
| 127 |
+ $servers = []; |
|
| 128 | 128 |
while ($s = $result->fetch()) {
|
| 129 | 129 |
$servers[] = $s['server']; |
| 130 | 130 |
} |
| ... | ... |
@@ -136,7 +136,7 @@ function additional_servers() |
| 136 | 136 |
function server_names() |
| 137 | 137 |
{
|
| 138 | 138 |
$result = db_query("SELECT id, hostname FROM system.servers");
|
| 139 |
- $servers = array(); |
|
| 139 |
+ $servers = []; |
|
| 140 | 140 |
while ($s = $result->fetch()) {
|
| 141 | 141 |
$servers[$s['id']] = $s['hostname']; |
| 142 | 142 |
} |
| ... | ... |
@@ -180,11 +180,11 @@ function logger($severity, $scriptname, $scope, $message) |
| 180 | 180 |
} |
| 181 | 181 |
} |
| 182 | 182 |
|
| 183 |
- $args = array(":user" => $user,
|
|
| 183 |
+ $args = [":user" => $user, |
|
| 184 | 184 |
":remote" => $_SERVER['REMOTE_ADDR'], |
| 185 | 185 |
":scriptname" => $scriptname, |
| 186 | 186 |
":scope" => $scope, |
| 187 |
- ":message" => $message); |
|
| 187 |
+ ":message" => $message, ]; |
|
| 188 | 188 |
|
| 189 | 189 |
db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
|
| 190 | 190 |
} |
| ... | ... |
@@ -195,7 +195,7 @@ function count_failed_logins() |
| 195 | 195 |
DEBUG("logging is disabled, no brute force check possible");
|
| 196 | 196 |
return; |
| 197 | 197 |
} |
| 198 |
- $result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", array(":remote" => $_SERVER['REMOTE_ADDR']));
|
|
| 198 |
+ $result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", [":remote" => $_SERVER['REMOTE_ADDR']]);
|
|
| 199 | 199 |
$data = $result->fetch(); |
| 200 | 200 |
DEBUG('seen '.$data['num'].' failed logins from this address within 10 minutes');
|
| 201 | 201 |
return $data['num']; |
| ... | ... |
@@ -229,7 +229,7 @@ function footnote($explaination) |
| 229 | 229 |
{
|
| 230 | 230 |
global $footnotes; |
| 231 | 231 |
if (!isset($footnotes) || !is_array($footnotes)) {
|
| 232 |
- $footnotes = array(); |
|
| 232 |
+ $footnotes = []; |
|
| 233 | 233 |
} |
| 234 | 234 |
$fnid = array_search($explaination, $footnotes); |
| 235 | 235 |
DEBUG($footnotes); |
| ... | ... |
@@ -334,7 +334,7 @@ function use_module($modname) |
| 334 | 334 |
{
|
| 335 | 335 |
global $prefix, $needed_modules; |
| 336 | 336 |
if (! isset($needed_modules)) {
|
| 337 |
- $needed_modules = array(); |
|
| 337 |
+ $needed_modules = []; |
|
| 338 | 338 |
} |
| 339 | 339 |
if (in_array($modname, $needed_modules)) {
|
| 340 | 340 |
return; |
| ... | ... |
@@ -359,7 +359,7 @@ function encode_querystring($querystring) |
| 359 | 359 |
$querystring = 'debug&'.$querystring; |
| 360 | 360 |
} |
| 361 | 361 |
$query = explode('&', $querystring);
|
| 362 |
- $new_query = array(); |
|
| 362 |
+ $new_query = []; |
|
| 363 | 363 |
foreach ($query as $item) {
|
| 364 | 364 |
if ($item != '') {
|
| 365 | 365 |
$split = explode('=', $item, 2);
|
| ... | ... |
@@ -433,22 +433,22 @@ function html_select($name, $options, $default='', $free='') |
| 433 | 433 |
|
| 434 | 434 |
function html_datepicker($nameprefix, $timestamp) |
| 435 | 435 |
{
|
| 436 |
- $valid_days = array( 1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, |
|
| 436 |
+ $valid_days = [ 1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, |
|
| 437 | 437 |
6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, |
| 438 | 438 |
11 => 11, 12 => 12, 13 => 13, 14 => 14, 15 => 15, |
| 439 | 439 |
16 => 16, 17 => 17, 18 => 18, 19 => 19, 20 => 20, |
| 440 | 440 |
21 => 21, 22 => 22, 23 => 23, 24 => 24, 25 => 25, |
| 441 | 441 |
26 => 26, 27 => 27, 28 => 28, 29 => 29, 30 => 30, |
| 442 |
- 31 => 31); |
|
| 443 |
- $valid_months = array( 1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, |
|
| 442 |
+ 31 => 31, ]; |
|
| 443 |
+ $valid_months = [ 1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, |
|
| 444 | 444 |
6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, |
| 445 |
- 11 => 11, 12 => 12); |
|
| 445 |
+ 11 => 11, 12 => 12, ]; |
|
| 446 | 446 |
$current_year = (int) date('Y');
|
| 447 |
- $valid_years = array($current_year => $current_year, |
|
| 447 |
+ $valid_years = [$current_year => $current_year, |
|
| 448 | 448 |
$current_year+1 => $current_year+1, |
| 449 | 449 |
$current_year+2 => $current_year+2, |
| 450 | 450 |
$current_year+3 => $current_year+3, |
| 451 |
- $current_year+4 => $current_year+4); |
|
| 451 |
+ $current_year+4 => $current_year+4, ]; |
|
| 452 | 452 |
|
| 453 | 453 |
$selected_day = date('d', $timestamp);
|
| 454 | 454 |
$selected_month = date('m', $timestamp);
|
| ... | ... |
@@ -463,7 +463,7 @@ function html_datepicker($nameprefix, $timestamp) |
| 463 | 463 |
function get_modules_info() |
| 464 | 464 |
{
|
| 465 | 465 |
$modules = config('modules');
|
| 466 |
- $modconfig = array(); |
|
| 466 |
+ $modconfig = []; |
|
| 467 | 467 |
foreach ($modules as $name) {
|
| 468 | 468 |
$modconfig[$name] = null; |
| 469 | 469 |
if (file_exists('modules/'.$name.'/module.info')) {
|
Browse code
set admin address as sender for messages / use company name if defined
Bernd Wurst authored on 17/06/2021 15:58:21
Showing 1 changed files
| ... | ... |
@@ -479,7 +479,7 @@ function send_mail($address, $subject, $body) |
| 479 | 479 |
if (strstr($subject, "\n") !== false) {
|
| 480 | 480 |
die("Zeilenumbruch im subject!");
|
| 481 | 481 |
} |
| 482 |
- $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable\r\nX-schokokeks-org-message: webinterface";
|
|
| 482 |
+ $header = "From: ".config('company_name')." Web Administration <".config('adminmail').">\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable\r\nX-schokokeks-org-message: webinterface";
|
|
| 483 | 483 |
$subject = mb_encode_mimeheader($subject, "utf-8", "Q"); |
| 484 | 484 |
$body = quoted_printable_encode($body); |
| 485 | 485 |
mail($address, $subject, $body, $header); |
Browse code
Use mb_encode_mimeheader instead of quoted_printable_encode to ensure properly encoded subjects, add custom mail header
Hanno Böck authored on 24/05/2020 09:46:55
Showing 1 changed files
| ... | ... |
@@ -479,8 +479,8 @@ function send_mail($address, $subject, $body) |
| 479 | 479 |
if (strstr($subject, "\n") !== false) {
|
| 480 | 480 |
die("Zeilenumbruch im subject!");
|
| 481 | 481 |
} |
| 482 |
- $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable";
|
|
| 483 |
- $subject = "=?UTF-8?Q?".quoted_printable_encode($subject)."?="; |
|
| 482 |
+ $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable\r\nX-schokokeks-org-message: webinterface";
|
|
| 483 |
+ $subject = mb_encode_mimeheader($subject, "utf-8", "Q"); |
|
| 484 | 484 |
$body = quoted_printable_encode($body); |
| 485 | 485 |
mail($address, $subject, $body, $header); |
| 486 | 486 |
} |
Browse code
fix encoding mail headers and body as quoted printable
Bernd Wurst authored on 20/10/2019 12:02:54
Showing 1 changed files
| ... | ... |
@@ -479,7 +479,9 @@ function send_mail($address, $subject, $body) |
| 479 | 479 |
if (strstr($subject, "\n") !== false) {
|
| 480 | 480 |
die("Zeilenumbruch im subject!");
|
| 481 | 481 |
} |
| 482 |
- $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: 8bit";
|
|
| 482 |
+ $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable";
|
|
| 483 |
+ $subject = "=?UTF-8?Q?".quoted_printable_encode($subject)."?="; |
|
| 484 |
+ $body = quoted_printable_encode($body); |
|
| 483 | 485 |
mail($address, $subject, $body, $header); |
| 484 | 486 |
} |
| 485 | 487 |
|
Browse code
Funktion send_mail() global verfügbar gemacht.
Bernd Wurst authored on 15/10/2019 09:51:58
Showing 1 changed files
| ... | ... |
@@ -473,6 +473,16 @@ function get_modules_info() |
| 473 | 473 |
return $modconfig; |
| 474 | 474 |
} |
| 475 | 475 |
|
| 476 |
+ |
|
| 477 |
+function send_mail($address, $subject, $body) |
|
| 478 |
+{
|
|
| 479 |
+ if (strstr($subject, "\n") !== false) {
|
|
| 480 |
+ die("Zeilenumbruch im subject!");
|
|
| 481 |
+ } |
|
| 482 |
+ $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: 8bit";
|
|
| 483 |
+ mail($address, $subject, $body, $header); |
|
| 484 |
+} |
|
| 485 |
+ |
|
| 476 | 486 |
function handle_exception($e) |
| 477 | 487 |
{
|
| 478 | 488 |
if (config('enable_debug')) {
|
Browse code
accept integer parameters in filter_*() and use filter_output_html() in html_* functions
Bernd Wurst authored on 14/10/2019 11:50:19
Showing 1 changed files
| ... | ... |
@@ -422,8 +422,8 @@ function html_select($name, $options, $default='', $free='') |
| 422 | 422 |
if ($default == $key) {
|
| 423 | 423 |
$selected = ' selected="selected" '; |
| 424 | 424 |
} |
| 425 |
- $key = filter_input_general($key); |
|
| 426 |
- $value = filter_input_general($value); |
|
| 425 |
+ $key = filter_output_html($key); |
|
| 426 |
+ $value = filter_output_html($value); |
|
| 427 | 427 |
$ret .= " <option value=\"{$key}\"{$selected}>{$value}</option>\n";
|
| 428 | 428 |
} |
| 429 | 429 |
$ret .= '</select>'; |
Browse code
disable brute force check when logging is disabled
Bernd Wurst authored on 11/04/2019 17:16:39
Showing 1 changed files
| ... | ... |
@@ -191,6 +191,10 @@ function logger($severity, $scriptname, $scope, $message) |
| 191 | 191 |
|
| 192 | 192 |
function count_failed_logins() |
| 193 | 193 |
{
|
| 194 |
+ if (config('logging') < LOG_WARNING) {
|
|
| 195 |
+ DEBUG("logging is disabled, no brute force check possible");
|
|
| 196 |
+ return; |
|
| 197 |
+ } |
|
| 194 | 198 |
$result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", array(":remote" => $_SERVER['REMOTE_ADDR']));
|
| 195 | 199 |
$data = $result->fetch(); |
| 196 | 200 |
DEBUG('seen '.$data['num'].' failed logins from this address within 10 minutes');
|
Browse code
print stack trace with exception
Bernd Wurst authored on 10/04/2019 20:58:00
Showing 1 changed files
| ... | ... |
@@ -472,8 +472,10 @@ function get_modules_info() |
| 472 | 472 |
function handle_exception($e) |
| 473 | 473 |
{
|
| 474 | 474 |
if (config('enable_debug')) {
|
| 475 |
- print_r($e->getMessage()); |
|
| 476 |
- print_r(serialize($_POST)); |
|
| 475 |
+ print_r($e->getMessage()."<br>"); |
|
| 476 |
+ debug_print_backtrace(); |
|
| 477 |
+ echo("<br>");
|
|
| 478 |
+ print_r(serialize($_POST)."<br>"); |
|
| 477 | 479 |
print_r(serialize($_SERVER)); |
| 478 | 480 |
} else {
|
| 479 | 481 |
$msg = "Exception caught:\n".$e->getMessage()."\n".serialize($_POST)."\n".serialize($_SERVER); |
Browse code
fix codingstyle
Hanno authored on 10/04/2019 08:52:30
Showing 1 changed files
| ... | ... |
@@ -189,7 +189,8 @@ function logger($severity, $scriptname, $scope, $message) |
| 189 | 189 |
db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
|
| 190 | 190 |
} |
| 191 | 191 |
|
| 192 |
-function count_failed_logins() {
|
|
| 192 |
+function count_failed_logins() |
|
| 193 |
+{
|
|
| 193 | 194 |
$result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", array(":remote" => $_SERVER['REMOTE_ADDR']));
|
| 194 | 195 |
$data = $result->fetch(); |
| 195 | 196 |
DEBUG('seen '.$data['num'].' failed logins from this address within 10 minutes');
|
Browse code
send exception via mail only in non-debug-environments
Bernd Wurst authored on 10/04/2019 08:13:58
Showing 1 changed files
| ... | ... |
@@ -470,6 +470,12 @@ function get_modules_info() |
| 470 | 470 |
|
| 471 | 471 |
function handle_exception($e) |
| 472 | 472 |
{
|
| 473 |
- $msg = "Exception caught:\n".$e->getMessage()."\n".serialize($_POST)."\n".serialize($_SERVER); |
|
| 474 |
- mail(config("adminmail"), "Exception on configinterface", $msg);
|
|
| 473 |
+ if (config('enable_debug')) {
|
|
| 474 |
+ print_r($e->getMessage()); |
|
| 475 |
+ print_r(serialize($_POST)); |
|
| 476 |
+ print_r(serialize($_SERVER)); |
|
| 477 |
+ } else {
|
|
| 478 |
+ $msg = "Exception caught:\n".$e->getMessage()."\n".serialize($_POST)."\n".serialize($_SERVER); |
|
| 479 |
+ mail(config("adminmail"), "Exception on configinterface", $msg);
|
|
| 480 |
+ } |
|
| 475 | 481 |
} |
Browse code
add brute force protection to login
Bernd Wurst authored on 10/04/2019 07:56:36
Showing 1 changed files
| ... | ... |
@@ -189,6 +189,13 @@ function logger($severity, $scriptname, $scope, $message) |
| 189 | 189 |
db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
|
| 190 | 190 |
} |
| 191 | 191 |
|
| 192 |
+function count_failed_logins() {
|
|
| 193 |
+ $result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", array(":remote" => $_SERVER['REMOTE_ADDR']));
|
|
| 194 |
+ $data = $result->fetch(); |
|
| 195 |
+ DEBUG('seen '.$data['num'].' failed logins from this address within 10 minutes');
|
|
| 196 |
+ return $data['num']; |
|
| 197 |
+} |
|
| 198 |
+ |
|
| 192 | 199 |
function html_header($arg) |
| 193 | 200 |
{
|
| 194 | 201 |
global $html_header; |
Browse code
Default exception handler with warning mail to admin
Hanno authored on 05/01/2019 17:16:27
Showing 1 changed files
| ... | ... |
@@ -460,3 +460,9 @@ function get_modules_info() |
| 460 | 460 |
} |
| 461 | 461 |
return $modconfig; |
| 462 | 462 |
} |
| 463 |
+ |
|
| 464 |
+function handle_exception($e) |
|
| 465 |
+{
|
|
| 466 |
+ $msg = "Exception caught:\n".$e->getMessage()."\n".serialize($_POST)."\n".serialize($_SERVER); |
|
| 467 |
+ mail(config("adminmail"), "Exception on configinterface", $msg);
|
|
| 468 |
+} |
Browse code
Warnung wg. undefined index vermeiden wenn kein form_token gesetzt ist
Hanno Böck authored on 07/08/2018 20:28:46
Showing 1 changed files
| ... | ... |
@@ -292,7 +292,7 @@ function generate_form_token($form_id) |
| 292 | 292 |
|
| 293 | 293 |
function check_form_token($form_id, $formtoken = null) |
| 294 | 294 |
{
|
| 295 |
- if ($formtoken == null) {
|
|
| 295 |
+ if ($formtoken == null && isset($_REQUEST['formtoken'])) {
|
|
| 296 | 296 |
$formtoken = $_REQUEST['formtoken']; |
| 297 | 297 |
} |
| 298 | 298 |
$sessid = session_id(); |
Browse code
avoid undefined index
Hanno authored on 29/07/2018 09:09:05
Showing 1 changed files
| ... | ... |
@@ -260,7 +260,8 @@ function are_you_sure($query_string, $question) |
| 260 | 260 |
function user_is_sure() |
| 261 | 261 |
{
|
| 262 | 262 |
if (isset($_POST['really'])) {
|
| 263 |
- if ($_POST['random_token'] == $_SESSION['are_you_sure_token']) {
|
|
| 263 |
+ if (array_key_exists('random_token', $_POST) &&
|
|
| 264 |
+ ($_POST['random_token'] == $_SESSION['are_you_sure_token'])) {
|
|
| 264 | 265 |
return true; |
| 265 | 266 |
} else {
|
| 266 | 267 |
system_failure("Possible Cross-site-request-forgery detected!");
|
Browse code
Erzeuge Session-Token, falls es noch nicht existiert.
Bernd Wurst authored on 20/07/2018 11:37:15
Showing 1 changed files
| ... | ... |
@@ -300,6 +300,9 @@ function check_form_token($form_id, $formtoken = null) |
| 300 | 300 |
system_failure("Internal error! (Session not running)");
|
| 301 | 301 |
} |
| 302 | 302 |
|
| 303 |
+ if (! isset($_SESSION['session_token'])) {
|
|
| 304 |
+ $_SESSION['session_token'] = random_string(10); |
|
| 305 |
+ } |
|
| 303 | 306 |
$correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
|
| 304 | 307 |
|
| 305 | 308 |
if (! ($formtoken == $correct_formtoken)) {
|
Browse code
remove whitespace in empty lines
Hanno authored on 26/06/2018 23:36:40
Showing 1 changed files
| ... | ... |
@@ -45,14 +45,14 @@ function config($key, $localonly = false) |
| 45 | 45 |
if (array_key_exists($key, $config)) {
|
| 46 | 46 |
return $config[$key]; |
| 47 | 47 |
} |
| 48 |
- |
|
| 48 |
+ |
|
| 49 | 49 |
if ($localonly) {
|
| 50 | 50 |
return null; |
| 51 | 51 |
} |
| 52 | 52 |
|
| 53 | 53 |
/* read configuration from database */ |
| 54 | 54 |
$result = db_query("SELECT `key`, value FROM misc.config");
|
| 55 |
- |
|
| 55 |
+ |
|
| 56 | 56 |
while ($object = $result->fetch()) {
|
| 57 | 57 |
if (!array_key_exists($object['key'], $config)) {
|
| 58 | 58 |
$config[$object['key']]=$object['value']; |
| ... | ... |
@@ -433,7 +433,7 @@ function html_datepicker($nameprefix, $timestamp) |
| 433 | 433 |
$current_year+2 => $current_year+2, |
| 434 | 434 |
$current_year+3 => $current_year+3, |
| 435 | 435 |
$current_year+4 => $current_year+4); |
| 436 |
- |
|
| 436 |
+ |
|
| 437 | 437 |
$selected_day = date('d', $timestamp);
|
| 438 | 438 |
$selected_month = date('m', $timestamp);
|
| 439 | 439 |
$selected_year = date('Y', $timestamp);
|
Browse code
Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/
Hanno authored on 26/06/2018 13:58:19
Showing 1 changed files
| ... | ... |
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely |
| 8 | 8 |
|
| 9 | 9 |
To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
| 10 | 10 |
|
| 11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
| 11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
| 12 | 12 |
http://creativecommons.org/publicdomain/zero/1.0/ |
| 13 | 13 |
|
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| ... | ... |
@@ -19,57 +19,59 @@ require_once('inc/debug.php');
|
| 19 | 19 |
|
| 20 | 20 |
function config($key, $localonly = false) |
| 21 | 21 |
{
|
| 22 |
- global $config; |
|
| 23 |
- |
|
| 24 |
- if ($key == "modules") {
|
|
| 25 |
- // Stelle sicher, dass das "index"-Modul immer aktiv ist! |
|
| 26 |
- if (! in_array("index", $config['modules'])) {
|
|
| 27 |
- $config['modules'][] = "index"; |
|
| 28 |
- } |
|
| 29 |
- // Stelle sicher, dass das "about"-Modul immer aktiv ist! |
|
| 30 |
- if (! in_array("about", $config['modules'])) {
|
|
| 31 |
- $config['modules'][] = "about"; |
|
| 22 |
+ global $config; |
|
| 23 |
+ |
|
| 24 |
+ if ($key == "modules") {
|
|
| 25 |
+ // Stelle sicher, dass das "index"-Modul immer aktiv ist! |
|
| 26 |
+ if (! in_array("index", $config['modules'])) {
|
|
| 27 |
+ $config['modules'][] = "index"; |
|
| 28 |
+ } |
|
| 29 |
+ // Stelle sicher, dass das "about"-Modul immer aktiv ist! |
|
| 30 |
+ if (! in_array("about", $config['modules'])) {
|
|
| 31 |
+ $config['modules'][] = "about"; |
|
| 32 |
+ } |
|
| 32 | 33 |
} |
| 33 |
- } |
|
| 34 | 34 |
|
| 35 |
- if ($key == 'modules' && isset($_SESSION['restrict_modules'])) |
|
| 36 |
- {
|
|
| 37 |
- $modules = array(); |
|
| 38 |
- foreach ($config['modules'] as $mod) |
|
| 39 |
- {
|
|
| 40 |
- if (in_array($mod, $_SESSION['restrict_modules'])) |
|
| 41 |
- $modules[] = $mod; |
|
| 35 |
+ if ($key == 'modules' && isset($_SESSION['restrict_modules'])) {
|
|
| 36 |
+ $modules = array(); |
|
| 37 |
+ foreach ($config['modules'] as $mod) {
|
|
| 38 |
+ if (in_array($mod, $_SESSION['restrict_modules'])) {
|
|
| 39 |
+ $modules[] = $mod; |
|
| 40 |
+ } |
|
| 41 |
+ } |
|
| 42 |
+ return $modules; |
|
| 42 | 43 |
} |
| 43 |
- return $modules; |
|
| 44 |
- } |
|
| 45 | 44 |
|
| 46 |
- if (array_key_exists($key, $config)) |
|
| 47 |
- return $config[$key]; |
|
| 45 |
+ if (array_key_exists($key, $config)) {
|
|
| 46 |
+ return $config[$key]; |
|
| 47 |
+ } |
|
| 48 | 48 |
|
| 49 |
- if ($localonly) {
|
|
| 50 |
- return NULL; |
|
| 51 |
- } |
|
| 49 |
+ if ($localonly) {
|
|
| 50 |
+ return null; |
|
| 51 |
+ } |
|
| 52 | 52 |
|
| 53 |
- /* read configuration from database */ |
|
| 54 |
- $result = db_query( "SELECT `key`, value FROM misc.config" ); |
|
| 53 |
+ /* read configuration from database */ |
|
| 54 |
+ $result = db_query("SELECT `key`, value FROM misc.config");
|
|
| 55 | 55 |
|
| 56 |
- while( $object = $result->fetch() ) {
|
|
| 57 |
- if (!array_key_exists($object['key'], $config)) {
|
|
| 58 |
- $config[$object['key']]=$object['value']; |
|
| 59 |
- } |
|
| 60 |
- } |
|
| 61 |
- // Sonst wird das Passwort des webadmin-Users mit ausgegeben |
|
| 62 |
- $debug_config = $config; |
|
| 63 |
- unset($debug_config['db_pass']); |
|
| 64 |
- DEBUG($debug_config); |
|
| 65 |
- if (array_key_exists($key, $config)) |
|
| 66 |
- return $config[$key]; |
|
| 67 |
- else |
|
| 68 |
- logger(LOG_ERR, "inc/base", "config", "Request to read nonexistant config option »{$key}«.");
|
|
| 69 |
- return NULL; |
|
| 56 |
+ while ($object = $result->fetch()) {
|
|
| 57 |
+ if (!array_key_exists($object['key'], $config)) {
|
|
| 58 |
+ $config[$object['key']]=$object['value']; |
|
| 59 |
+ } |
|
| 60 |
+ } |
|
| 61 |
+ // Sonst wird das Passwort des webadmin-Users mit ausgegeben |
|
| 62 |
+ $debug_config = $config; |
|
| 63 |
+ unset($debug_config['db_pass']); |
|
| 64 |
+ DEBUG($debug_config); |
|
| 65 |
+ if (array_key_exists($key, $config)) {
|
|
| 66 |
+ return $config[$key]; |
|
| 67 |
+ } else {
|
|
| 68 |
+ logger(LOG_ERR, "inc/base", "config", "Request to read nonexistant config option »{$key}«.");
|
|
| 69 |
+ } |
|
| 70 |
+ return null; |
|
| 70 | 71 |
} |
| 71 | 72 |
|
| 72 |
-function have_role($role) {
|
|
| 73 |
+function have_role($role) |
|
| 74 |
+{
|
|
| 73 | 75 |
$have = $_SESSION['role'] & $role; |
| 74 | 76 |
if ($have) {
|
| 75 | 77 |
DEBUG("Current user has role ".$role);
|
| ... | ... |
@@ -79,76 +81,81 @@ function have_role($role) {
|
| 79 | 81 |
return $have; |
| 80 | 82 |
} |
| 81 | 83 |
|
| 82 |
-function get_server_by_id($id) {
|
|
| 83 |
- $id = (int) $id; |
|
| 84 |
- $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));
|
|
| 85 |
- $ret = $result->fetch(); |
|
| 86 |
- return $ret['hostname']; |
|
| 84 |
+function get_server_by_id($id) |
|
| 85 |
+{
|
|
| 86 |
+ $id = (int) $id; |
|
| 87 |
+ $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));
|
|
| 88 |
+ $ret = $result->fetch(); |
|
| 89 |
+ return $ret['hostname']; |
|
| 87 | 90 |
} |
| 88 | 91 |
|
| 89 | 92 |
|
| 90 | 93 |
function redirect($target) |
| 91 | 94 |
{
|
| 92 |
- global $debugmode; |
|
| 93 |
- if ($target == '') {
|
|
| 94 |
- $target = $_SERVER['REQUEST_URI']; |
|
| 95 |
- } |
|
| 96 |
- if (! $debugmode) {
|
|
| 97 |
- header("Location: {$target}");
|
|
| 98 |
- } else {
|
|
| 99 |
- if (strpos($target, '?') === false) {
|
|
| 100 |
- print 'REDIRECT: '.internal_link($target, $target); |
|
| 101 |
- } else {
|
|
| 102 |
- list($file, $qs) = explode('?', $target, 2);
|
|
| 103 |
- print 'REDIRECT: '.internal_link($file, $target, $qs); |
|
| 104 |
- } |
|
| 105 |
- } |
|
| 106 |
- die(); |
|
| 95 |
+ global $debugmode; |
|
| 96 |
+ if ($target == '') {
|
|
| 97 |
+ $target = $_SERVER['REQUEST_URI']; |
|
| 98 |
+ } |
|
| 99 |
+ if (! $debugmode) {
|
|
| 100 |
+ header("Location: {$target}");
|
|
| 101 |
+ } else {
|
|
| 102 |
+ if (strpos($target, '?') === false) {
|
|
| 103 |
+ print 'REDIRECT: '.internal_link($target, $target); |
|
| 104 |
+ } else {
|
|
| 105 |
+ list($file, $qs) = explode('?', $target, 2);
|
|
| 106 |
+ print 'REDIRECT: '.internal_link($file, $target, $qs); |
|
| 107 |
+ } |
|
| 108 |
+ } |
|
| 109 |
+ die(); |
|
| 107 | 110 |
} |
| 108 | 111 |
|
| 109 | 112 |
|
| 110 | 113 |
function my_server_id() |
| 111 | 114 |
{
|
| 112 |
- $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 113 |
- $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid));
|
|
| 114 |
- $r = $result->fetch(); |
|
| 115 |
- DEBUG($r); |
|
| 116 |
- return $r['server']; |
|
| 115 |
+ $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 116 |
+ $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid));
|
|
| 117 |
+ $r = $result->fetch(); |
|
| 118 |
+ DEBUG($r); |
|
| 119 |
+ return $r['server']; |
|
| 117 | 120 |
} |
| 118 | 121 |
|
| 119 | 122 |
|
| 120 | 123 |
function additional_servers() |
| 121 | 124 |
{
|
| 122 |
- $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 123 |
- $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid));
|
|
| 124 |
- $servers = array(); |
|
| 125 |
- while ($s = $result->fetch()) |
|
| 126 |
- $servers[] = $s['server']; |
|
| 127 |
- DEBUG($servers); |
|
| 128 |
- return $servers; |
|
| 125 |
+ $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 126 |
+ $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid));
|
|
| 127 |
+ $servers = array(); |
|
| 128 |
+ while ($s = $result->fetch()) {
|
|
| 129 |
+ $servers[] = $s['server']; |
|
| 130 |
+ } |
|
| 131 |
+ DEBUG($servers); |
|
| 132 |
+ return $servers; |
|
| 129 | 133 |
} |
| 130 | 134 |
|
| 131 | 135 |
|
| 132 | 136 |
function server_names() |
| 133 | 137 |
{
|
| 134 |
- $result = db_query("SELECT id, hostname FROM system.servers");
|
|
| 135 |
- $servers = array(); |
|
| 136 |
- while ($s = $result->fetch()) |
|
| 137 |
- $servers[$s['id']] = $s['hostname']; |
|
| 138 |
- DEBUG($servers); |
|
| 139 |
- return $servers; |
|
| 138 |
+ $result = db_query("SELECT id, hostname FROM system.servers");
|
|
| 139 |
+ $servers = array(); |
|
| 140 |
+ while ($s = $result->fetch()) {
|
|
| 141 |
+ $servers[$s['id']] = $s['hostname']; |
|
| 142 |
+ } |
|
| 143 |
+ DEBUG($servers); |
|
| 144 |
+ return $servers; |
|
| 140 | 145 |
} |
| 141 | 146 |
|
| 142 | 147 |
|
| 143 | 148 |
function maybe_null($value) |
| 144 | 149 |
{
|
| 145 |
- if (! $value) |
|
| 146 |
- return NULL; |
|
| 150 |
+ if (! $value) {
|
|
| 151 |
+ return null; |
|
| 152 |
+ } |
|
| 147 | 153 |
|
| 148 |
- if (strlen( (string) $value ) > 0) |
|
| 149 |
- return (string) $value; |
|
| 150 |
- else |
|
| 151 |
- return NULL; |
|
| 154 |
+ if (strlen((string) $value) > 0) {
|
|
| 155 |
+ return (string) $value; |
|
| 156 |
+ } else {
|
|
| 157 |
+ return null; |
|
| 158 |
+ } |
|
| 152 | 159 |
} |
| 153 | 160 |
|
| 154 | 161 |
|
| ... | ... |
@@ -158,51 +165,52 @@ function maybe_null($value) |
| 158 | 165 |
|
| 159 | 166 |
function logger($severity, $scriptname, $scope, $message) |
| 160 | 167 |
{
|
| 161 |
- if (config('logging') < $severity) {
|
|
| 162 |
- DEBUG("NOT LOGGING $scriptname:$scope:$message");
|
|
| 163 |
- return; |
|
| 164 |
- } |
|
| 165 |
- |
|
| 166 |
- DEBUG("LOGGING $scriptname:$scope:$message");
|
|
| 167 |
- $user = NULL; |
|
| 168 |
- if (array_key_exists("role", $_SESSION)) {
|
|
| 169 |
- if ($_SESSION['role'] & ROLE_SYSTEMUSER) |
|
| 170 |
- $user = $_SESSION['userinfo']['username']; |
|
| 171 |
- elseif ($_SESSION['role'] & ROLE_CUSTOMER) |
|
| 172 |
- $user = $_SESSION['customerinfo']['customerno']; |
|
| 173 |
- } |
|
| 174 |
- |
|
| 175 |
- $args = array(":user" => $user,
|
|
| 168 |
+ if (config('logging') < $severity) {
|
|
| 169 |
+ DEBUG("NOT LOGGING $scriptname:$scope:$message");
|
|
| 170 |
+ return; |
|
| 171 |
+ } |
|
| 172 |
+ |
|
| 173 |
+ DEBUG("LOGGING $scriptname:$scope:$message");
|
|
| 174 |
+ $user = null; |
|
| 175 |
+ if (array_key_exists("role", $_SESSION)) {
|
|
| 176 |
+ if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
|
|
| 177 |
+ $user = $_SESSION['userinfo']['username']; |
|
| 178 |
+ } elseif ($_SESSION['role'] & ROLE_CUSTOMER) {
|
|
| 179 |
+ $user = $_SESSION['customerinfo']['customerno']; |
|
| 180 |
+ } |
|
| 181 |
+ } |
|
| 182 |
+ |
|
| 183 |
+ $args = array(":user" => $user,
|
|
| 176 | 184 |
":remote" => $_SERVER['REMOTE_ADDR'], |
| 177 | 185 |
":scriptname" => $scriptname, |
| 178 | 186 |
":scope" => $scope, |
| 179 | 187 |
":message" => $message); |
| 180 | 188 |
|
| 181 |
- db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
|
|
| 189 |
+ db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
|
|
| 182 | 190 |
} |
| 183 | 191 |
|
| 184 | 192 |
function html_header($arg) |
| 185 | 193 |
{
|
| 186 |
- global $html_header; |
|
| 187 |
- $html_header .= $arg; |
|
| 194 |
+ global $html_header; |
|
| 195 |
+ $html_header .= $arg; |
|
| 188 | 196 |
} |
| 189 | 197 |
|
| 190 | 198 |
function title($arg) |
| 191 | 199 |
{
|
| 192 |
- global $title; |
|
| 193 |
- $title = $arg; |
|
| 200 |
+ global $title; |
|
| 201 |
+ $title = $arg; |
|
| 194 | 202 |
} |
| 195 | 203 |
|
| 196 | 204 |
function headline($arg) |
| 197 | 205 |
{
|
| 198 |
- global $headline; |
|
| 199 |
- $headline = $arg; |
|
| 206 |
+ global $headline; |
|
| 207 |
+ $headline = $arg; |
|
| 200 | 208 |
} |
| 201 | 209 |
|
| 202 | 210 |
function output($arg) |
| 203 | 211 |
{
|
| 204 |
- global $output; |
|
| 205 |
- $output .= $arg; |
|
| 212 |
+ global $output; |
|
| 213 |
+ $output .= $arg; |
|
| 206 | 214 |
} |
| 207 | 215 |
|
| 208 | 216 |
function footnote($explaination) |
| ... | ... |
@@ -213,7 +221,7 @@ function footnote($explaination) |
| 213 | 221 |
} |
| 214 | 222 |
$fnid = array_search($explaination, $footnotes); |
| 215 | 223 |
DEBUG($footnotes); |
| 216 |
- if ($fnid === FALSE) {
|
|
| 224 |
+ if ($fnid === false) {
|
|
| 217 | 225 |
DEBUG("Footnote »{$explaination}« is not in footnotes!");
|
| 218 | 226 |
$footnotes[] = $explaination; |
| 219 | 227 |
} |
| ... | ... |
@@ -221,20 +229,20 @@ function footnote($explaination) |
| 221 | 229 |
return str_repeat('*', ($fnid+1));
|
| 222 | 230 |
} |
| 223 | 231 |
|
| 224 |
-function random_string($len) |
|
| 232 |
+function random_string($len) |
|
| 225 | 233 |
{
|
| 226 |
- $s = str_replace('+', '.', base64_encode(random_bytes(ceil($len*3/4))));
|
|
| 227 |
- return substr($s, 0, $len); |
|
| 234 |
+ $s = str_replace('+', '.', base64_encode(random_bytes(ceil($len*3/4))));
|
|
| 235 |
+ return substr($s, 0, $len); |
|
| 228 | 236 |
} |
| 229 | 237 |
|
| 230 | 238 |
|
| 231 | 239 |
function are_you_sure($query_string, $question) |
| 232 | 240 |
{
|
| 233 |
- $query_string = encode_querystring($query_string); |
|
| 234 |
- $token = random_string(20); |
|
| 235 |
- $_SESSION['are_you_sure_token'] = $token; |
|
| 236 |
- title('Sicherheitsabfrage');
|
|
| 237 |
- output("
|
|
| 241 |
+ $query_string = encode_querystring($query_string); |
|
| 242 |
+ $token = random_string(20); |
|
| 243 |
+ $_SESSION['are_you_sure_token'] = $token; |
|
| 244 |
+ title('Sicherheitsabfrage');
|
|
| 245 |
+ output("
|
|
| 238 | 246 |
<form action=\"{$query_string}\" method=\"post\">
|
| 239 | 247 |
<div class=\"confirmation\"> |
| 240 | 248 |
<div class=\"question\">{$question}</div>
|
| ... | ... |
@@ -245,68 +253,68 @@ function are_you_sure($query_string, $question) |
| 245 | 253 |
<input type=\"submit\" name=\"not_really\" value=\"Nein\" /> |
| 246 | 254 |
</p> |
| 247 | 255 |
</div>"); |
| 248 |
- output("</form>\n");
|
|
| 256 |
+ output("</form>\n");
|
|
| 249 | 257 |
} |
| 250 | 258 |
|
| 251 | 259 |
|
| 252 | 260 |
function user_is_sure() |
| 253 | 261 |
{
|
| 254 |
- if (isset($_POST['really'])) |
|
| 255 |
- {
|
|
| 256 |
- if ($_POST['random_token'] == $_SESSION['are_you_sure_token']) |
|
| 257 |
- return true; |
|
| 258 |
- else |
|
| 259 |
- system_failure("Possible Cross-site-request-forgery detected!");
|
|
| 260 |
- } |
|
| 261 |
- elseif (isset($_POST['not_really'])) |
|
| 262 |
- return false; |
|
| 263 |
- else |
|
| 264 |
- return NULL; |
|
| 262 |
+ if (isset($_POST['really'])) {
|
|
| 263 |
+ if ($_POST['random_token'] == $_SESSION['are_you_sure_token']) {
|
|
| 264 |
+ return true; |
|
| 265 |
+ } else {
|
|
| 266 |
+ system_failure("Possible Cross-site-request-forgery detected!");
|
|
| 267 |
+ } |
|
| 268 |
+ } elseif (isset($_POST['not_really'])) {
|
|
| 269 |
+ return false; |
|
| 270 |
+ } else {
|
|
| 271 |
+ return null; |
|
| 272 |
+ } |
|
| 265 | 273 |
} |
| 266 | 274 |
|
| 267 | 275 |
|
| 268 | 276 |
|
| 269 | 277 |
function generate_form_token($form_id) |
| 270 | 278 |
{
|
| 271 |
- require_once("inc/debug.php");
|
|
| 272 |
- $sessid = session_id(); |
|
| 273 |
- if ($sessid == "") |
|
| 274 |
- {
|
|
| 275 |
- DEBUG("Uh? Session not running? Wtf?");
|
|
| 276 |
- system_failure("Internal error!");
|
|
| 277 |
- } |
|
| 278 |
- if (! isset($_SESSION['session_token'])) {
|
|
| 279 |
- $_SESSION['session_token'] = random_string(10); |
|
| 280 |
- } |
|
| 281 |
- return hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
|
|
| 279 |
+ require_once("inc/debug.php");
|
|
| 280 |
+ $sessid = session_id(); |
|
| 281 |
+ if ($sessid == "") {
|
|
| 282 |
+ DEBUG("Uh? Session not running? Wtf?");
|
|
| 283 |
+ system_failure("Internal error!");
|
|
| 284 |
+ } |
|
| 285 |
+ if (! isset($_SESSION['session_token'])) {
|
|
| 286 |
+ $_SESSION['session_token'] = random_string(10); |
|
| 287 |
+ } |
|
| 288 |
+ return hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
|
|
| 282 | 289 |
} |
| 283 | 290 |
|
| 284 | 291 |
|
| 285 |
-function check_form_token($form_id, $formtoken = NULL) |
|
| 292 |
+function check_form_token($form_id, $formtoken = null) |
|
| 286 | 293 |
{
|
| 287 |
- if ($formtoken == NULL) |
|
| 288 |
- $formtoken = $_REQUEST['formtoken']; |
|
| 289 |
- $sessid = session_id(); |
|
| 290 |
- if ($sessid == "") |
|
| 291 |
- {
|
|
| 292 |
- DEBUG("Uh? Session not running? Wtf?");
|
|
| 293 |
- system_failure("Internal error! (Session not running)");
|
|
| 294 |
- } |
|
| 295 |
- |
|
| 296 |
- $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
|
|
| 297 |
- |
|
| 298 |
- if (! ($formtoken == $correct_formtoken)) |
|
| 299 |
- system_failure("Possible cross-site-request-forgery!");
|
|
| 294 |
+ if ($formtoken == null) {
|
|
| 295 |
+ $formtoken = $_REQUEST['formtoken']; |
|
| 296 |
+ } |
|
| 297 |
+ $sessid = session_id(); |
|
| 298 |
+ if ($sessid == "") {
|
|
| 299 |
+ DEBUG("Uh? Session not running? Wtf?");
|
|
| 300 |
+ system_failure("Internal error! (Session not running)");
|
|
| 301 |
+ } |
|
| 302 |
+ |
|
| 303 |
+ $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
|
|
| 304 |
+ |
|
| 305 |
+ if (! ($formtoken == $correct_formtoken)) {
|
|
| 306 |
+ system_failure("Possible cross-site-request-forgery!");
|
|
| 307 |
+ } |
|
| 300 | 308 |
} |
| 301 | 309 |
|
| 302 | 310 |
|
| 303 | 311 |
function have_module($modname) |
| 304 | 312 |
{
|
| 305 |
- return in_array($modname, config('modules'));
|
|
| 313 |
+ return in_array($modname, config('modules'));
|
|
| 306 | 314 |
} |
| 307 | 315 |
|
| 308 | 316 |
|
| 309 |
-function use_module($modname) |
|
| 317 |
+function use_module($modname) |
|
| 310 | 318 |
{
|
| 311 | 319 |
global $prefix, $needed_modules; |
| 312 | 320 |
if (! isset($needed_modules)) {
|
| ... | ... |
@@ -320,35 +328,37 @@ function use_module($modname) |
| 320 | 328 |
system_failure("Soll nicht verfügbares Modul laden!");
|
| 321 | 329 |
} |
| 322 | 330 |
/* setup module include path */ |
| 323 |
- ini_set('include_path',ini_get('include_path').':./modules/'.$modname.'/include:');
|
|
| 331 |
+ ini_set('include_path', ini_get('include_path').':./modules/'.$modname.'/include:');
|
|
| 324 | 332 |
$style = 'modules/'.$modname.'/style.css'; |
| 325 | 333 |
if (file_exists($style)) {
|
| 326 | 334 |
html_header('<link rel="stylesheet" href="'.$prefix.$style.'" type="text/css" />'."\n");
|
| 327 | 335 |
} |
| 328 |
- |
|
| 329 | 336 |
} |
| 330 | 337 |
|
| 331 | 338 |
|
| 332 | 339 |
function encode_querystring($querystring) |
| 333 | 340 |
{
|
| 334 |
- global $debugmode; |
|
| 335 |
- if ($debugmode) |
|
| 336 |
- $querystring = 'debug&'.$querystring; |
|
| 337 |
- $query = explode('&', $querystring);
|
|
| 338 |
- $new_query = array(); |
|
| 339 |
- foreach ($query AS $item) |
|
| 340 |
- if ($item != '') |
|
| 341 |
- {
|
|
| 342 |
- $split = explode('=', $item, 2);
|
|
| 343 |
- if (count($split) == 1) |
|
| 344 |
- $new_query[] = $split[0]; |
|
| 345 |
- else |
|
| 346 |
- $new_query[] = $split[0].'='.urlencode($split[1]); |
|
| 347 |
- } |
|
| 348 |
- $querystring = implode('&', $new_query);
|
|
| 349 |
- if ($querystring) |
|
| 350 |
- $querystring = '?'.$querystring; |
|
| 351 |
- return $querystring; |
|
| 341 |
+ global $debugmode; |
|
| 342 |
+ if ($debugmode) {
|
|
| 343 |
+ $querystring = 'debug&'.$querystring; |
|
| 344 |
+ } |
|
| 345 |
+ $query = explode('&', $querystring);
|
|
| 346 |
+ $new_query = array(); |
|
| 347 |
+ foreach ($query as $item) {
|
|
| 348 |
+ if ($item != '') {
|
|
| 349 |
+ $split = explode('=', $item, 2);
|
|
| 350 |
+ if (count($split) == 1) {
|
|
| 351 |
+ $new_query[] = $split[0]; |
|
| 352 |
+ } else {
|
|
| 353 |
+ $new_query[] = $split[0].'='.urlencode($split[1]); |
|
| 354 |
+ } |
|
| 355 |
+ } |
|
| 356 |
+ } |
|
| 357 |
+ $querystring = implode('&', $new_query);
|
|
| 358 |
+ if ($querystring) {
|
|
| 359 |
+ $querystring = '?'.$querystring; |
|
| 360 |
+ } |
|
| 361 |
+ return $querystring; |
|
| 352 | 362 |
} |
| 353 | 363 |
|
| 354 | 364 |
|
| ... | ... |
@@ -360,94 +370,89 @@ function beta_notice() |
| 360 | 370 |
|
| 361 | 371 |
function addnew($file, $label, $querystring = '', $attribs = '') |
| 362 | 372 |
{
|
| 363 |
- output('<p class="addnew">'.internal_link($file, $label, $querystring, $attribs).'</p>');
|
|
| 373 |
+ output('<p class="addnew">'.internal_link($file, $label, $querystring, $attribs).'</p>');
|
|
| 364 | 374 |
} |
| 365 | 375 |
|
| 366 | 376 |
|
| 367 | 377 |
function internal_link($file, $label, $querystring = '', $attribs = '') |
| 368 | 378 |
{
|
| 369 |
- global $prefix; |
|
| 370 |
- if (strpos($file, '/') === 0) |
|
| 371 |
- {
|
|
| 372 |
- $file = $prefix.substr($file, 1); |
|
| 373 |
- } |
|
| 374 |
- $querystring = encode_querystring($querystring); |
|
| 375 |
- return "<a href=\"{$file}{$querystring}\" {$attribs} >{$label}</a>";
|
|
| 379 |
+ global $prefix; |
|
| 380 |
+ if (strpos($file, '/') === 0) {
|
|
| 381 |
+ $file = $prefix.substr($file, 1); |
|
| 382 |
+ } |
|
| 383 |
+ $querystring = encode_querystring($querystring); |
|
| 384 |
+ return "<a href=\"{$file}{$querystring}\" {$attribs} >{$label}</a>";
|
|
| 376 | 385 |
} |
| 377 | 386 |
|
| 378 | 387 |
|
| 379 | 388 |
function html_form($form_id, $scriptname, $querystring, $content) |
| 380 | 389 |
{
|
| 381 |
- $querystring = encode_querystring($querystring); |
|
| 382 |
- $ret = ''; |
|
| 383 |
- $ret .= '<form id="'.$form_id.'" action="'.$scriptname.$querystring.'" method="post">'."\n"; |
|
| 384 |
- $ret .= '<p style="display: none;"><input type="hidden" name="formtoken" value="'.generate_form_token($form_id).'" /></p>'."\n"; |
|
| 385 |
- $ret .= $content; |
|
| 386 |
- $ret .= '</form>'; |
|
| 387 |
- return $ret; |
|
| 390 |
+ $querystring = encode_querystring($querystring); |
|
| 391 |
+ $ret = ''; |
|
| 392 |
+ $ret .= '<form id="'.$form_id.'" action="'.$scriptname.$querystring.'" method="post">'."\n"; |
|
| 393 |
+ $ret .= '<p style="display: none;"><input type="hidden" name="formtoken" value="'.generate_form_token($form_id).'" /></p>'."\n"; |
|
| 394 |
+ $ret .= $content; |
|