X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Ffunctions.php;h=dc31759fc8479eee9c9f1b4719ba81aec2a0f2a1;hb=17b79f707a3470590e0444e86efad5d951e66696;hp=e50b598ef3d220c6d14fcbba8174b886635ce4cc;hpb=086762b9606889fbda59d946b7b557d764ec2c0e;p=mailer.git diff --git a/inc/functions.php b/inc/functions.php index e50b598ef3..dc31759fc8 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -43,6 +43,9 @@ if (!defined('__SECURITY')) { // Output HTML code directly or 'render' it. You addionally switch the new-line character off function outputHtml ($htmlCode, $newLine = true) { + // Init output + if (!isset($GLOBALS['output'])) $GLOBALS['output'] = ''; + // Transfer username $username = getMessage('USERNAME_UNKNOWN'); if (isset($GLOBALS['username'])) $username = getUsername(); @@ -100,49 +103,16 @@ function outputHtml ($htmlCode, $newLine = true) { clearOutputBuffer(); } // END - if - // Send HTTP header - sendHeader('HTTP/1.1 200'); - - // Used later - $now = gmdate('D, d M Y H:i:s') . ' GMT'; - - // General headers for no caching - sendHeader('Expired: ' . $now); // RFC2616 - Section 14.21 - sendHeader('Last-Modified: ' . $now); - sendHeader('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0'); // HTTP/1.1 - sendHeader('Pragma: no-cache'); // HTTP/1.0 - sendHeader('Connection: Close'); - sendHeader('Content-Type: ' . getContentType() . '; charset=UTF-8'); - sendHeader('Content-language: ' . getLanguage()); - // Extension 'rewrite' installed? if ((isExtensionActive('rewrite')) && (getOutputMode() != 1)) { $GLOBALS['output'] = rewriteLinksInCode($GLOBALS['output']); } // END - if - // Init counter - $cnt = 0; - // Compile and run finished rendered HTML code - while (((strpos($GLOBALS['output'], '{--') > 0) || (strpos($GLOBALS['output'], '{!') > 0) || (strpos($GLOBALS['output'], '{?') > 0)) && ($cnt < 3)) { - // Prepare the content and eval() it... - $content = array(); - $newContent = ''; - - // Compile it - $eval = "\$newContent = \"".compileCode(smartAddSlashes($GLOBALS['output']))."\";"; - eval($eval); - - // Was that eval okay? - if (empty($newContent)) { - // Something went wrong! - debug_report_bug('Evaluation error:
' . linenumberCode($eval) . ''); - } // END - if - $GLOBALS['output'] = $newContent; + compileFinalOutput(); - // Count round - $cnt++; - } // END - while + // Send all HTTP headers + sendHttpHeaders(); // Output code here, DO NOT REMOVE! ;-) outputRawCode($GLOBALS['output']); @@ -153,19 +123,68 @@ function outputHtml ($htmlCode, $newLine = true) { } // END - if // Compile and run finished rendered HTML code - while (strpos($GLOBALS['output'], '{!') > 0) { - eval("\$GLOBALS['output'] = \"".compileCode(smartAddSlashes($GLOBALS['output']))."\";"); - } // END - while + compileFinalOutput(); + + // Send all HTTP headers + sendHttpHeaders(); // Output code here, DO NOT REMOVE! ;-) outputRawCode($GLOBALS['output']); } } +// Sends out all headers required for HTTP/1.1 reply +function sendHttpHeaders () { + // Used later + $now = gmdate('D, d M Y H:i:s') . ' GMT'; + + // Send HTTP header + sendHeader('HTTP/1.1 200'); + + // General headers for no caching + sendHeader('Expired: ' . $now); // RFC2616 - Section 14.21 + sendHeader('Last-Modified: ' . $now); + sendHeader('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0'); // HTTP/1.1 + sendHeader('Pragma: no-cache'); // HTTP/1.0 + sendHeader('Connection: Close'); + sendHeader('Content-Type: ' . getContentType() . '; charset=UTF-8'); + sendHeader('Content-Language: ' . getLanguage()); +} + +// Compiles the final output +function compileFinalOutput () { + // Init counter + $cnt = '0'; + + // Compile all out + while (((strpos($GLOBALS['output'], '{--') > 0) || (strpos($GLOBALS['output'], '{!') > 0) || (strpos($GLOBALS['output'], '{?') > 0)) && ($cnt < 3)) { + // Init common variables + $content = array(); + $newContent = ''; + + // Compile it + $eval = "\$newContent = \"".compileCode(escapeQuotes($GLOBALS['output']))."\";"; + eval($eval); + + // Was that eval okay? + if (empty($newContent)) { + // Something went wrong! + debug_report_bug('Evaluation error:
' . linenumberCode($eval) . ''); + } // END - if + $GLOBALS['output'] = $newContent; + + // Count round + $cnt++; + } // END - while + + // Add final length + sendHeader('Content-Length: ' . strlen($GLOBALS['output'])); +} + // Output the raw HTML code function outputRawCode ($htmlCode) { // Output stripped HTML code to avoid broken JavaScript code, etc. - print(stripslashes(stripslashes($htmlCode))); + print(str_replace('{BACK}', "\\", $htmlCode)); // Flush the output if only getPhpCaching() is not 'on' if (getPhpCaching() != 'on') { @@ -185,7 +204,7 @@ function getFatalArray () { } // Add a fatal error message to the queue array -function addFatalMessage ($F, $L, $message, $extra='') { +function addFatalMessage ($F, $L, $message, $extra = '') { if (is_array($extra)) { // Multiple extras for a message with masks $message = call_user_func_array('sprintf', $extra); @@ -199,13 +218,13 @@ function addFatalMessage ($F, $L, $message, $extra='') { // Log fatal messages away debug_report_bug($message); - logDebugMessage($F, $L, " message={$message}"); + logDebugMessage($F, $L, 'Fatal error message: ' . $message); } // Getter for total fatal message count function getTotalFatalErrors () { // Init coun - $count = 0; + $count = '0'; // Do we have at least the first entry? if (!empty($GLOBALS['fatal_messages'][0])) { @@ -218,7 +237,7 @@ function getTotalFatalErrors () { } // Load a template file and return it's content (only it's name; do not use ' or ") -function loadTemplate ($template, $return=false, $content=array()) { +function loadTemplate ($template, $return = false, $content = array()) { // @TODO Remove this sanity-check if all is fine if (!is_bool($return)) debug_report_bug('return is not bool (' . gettype($return) . ')'); @@ -226,114 +245,28 @@ function loadTemplate ($template, $return=false, $content=array()) { global $DATA; // Do we have cache? - if (!isset($GLOBALS['template_eval'][$template])) { + if (isTemplateCached($template)) { + // Evaluate the cache + eval(readTemplateCache($template)); + } elseif (!isset($GLOBALS['template_eval'][$template])) { // Add more variables which you want to use in your template files $username = getUsername(); // Make all template names lowercase $template = strtolower($template); - // Count the template load - incrementConfigEntry('num_templates'); - // Init some data $ret = ''; - if (empty($GLOBALS['refid'])) $GLOBALS['refid'] = 0; - - // Generate date/time string - $date_time = generateDateTime(time(), 1); - - // Is content an array - if (is_array($content)) $content['date_time'] = $date_time; - - // @DEPRECATED Try to rewrite the if() condition - if ($template == 'member_support_form') { - // Support request of a member - $result = SQL_QUERY_ESC("SELECT `userid`, `gender`, `surname`, `family`, `email` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1", - array(getUserId()), __FUNCTION__, __LINE__); - - // Is content an array? - if (is_array($content)) { - // Merge data - $content = merge_array($content, SQL_FETCHARRAY($result)); - - // Translate gender - $content['gender'] = translateGender($content['gender']); - } else { - // @DEPRECATED - // @TODO Find all templates which are using these direct variables and rewrite them. - // @TODO After this step is done, this else-block is history - list($gender, $surname, $family, $email) = SQL_FETCHROW($result); - - // Translate gender - $gender = translateGender($gender); - logDebugMessage(__FUNCTION__, __LINE__, sprintf("DEPRECATION-WARNING: content is not array [%s], template=%s.", gettype($content), $template)); - } - - // Free result - SQL_FREERESULT($result); - } // END - if + if (empty($GLOBALS['refid'])) $GLOBALS['refid'] = '0'; // Base directory $basePath = sprintf("%stemplates/%s/html/", getConfig('PATH'), getLanguage()); - $mode = ''; - - // Check for admin/guest/member templates - if (substr($template, 0, 6) == 'admin_') { - // Admin template found - $mode = 'admin/'; - } elseif (substr($template, 0, 6) == 'guest_') { - // Guest template found - $mode = 'guest/'; - } elseif (substr($template, 0, 7) == 'member_') { - // Member template found - $mode = 'member/'; - } elseif (substr($template, 0, 8) == 'install_') { - // Installation template found - $mode = 'install/'; - } elseif (substr($template, 0, 4) == 'ext_') { - // Extension template found - $mode = 'ext/'; - } elseif (substr($template, 0, 3) == 'la_') { - // 'Logical-area' template found - $mode = 'la/'; - } elseif (substr($template, 0, 3) == 'js_') { - // JavaScript template found - $mode = 'js/'; - } elseif (substr($template, 0, 5) == 'menu_') { - // Menu template found - $mode = 'menu/'; - } else { - // Test for extension - $test = substr($template, 0, strpos($template, '_')); - - // Probe for valid extension name - if (isExtensionNameValid($test)) { - // Set extra path to extension's name - $mode = $test . '/'; - } // END - if - } + $extraPath = detectExtraTemplatePath($template);; //////////////////////// // Generate file name // //////////////////////// - $FQFN = $basePath . $mode . $template . '.tpl'; - - if ((isWhatSet()) && ((strpos($template, '_header') > 0) || (strpos($template, '_footer') > 0)) && (($mode == 'guest/') || ($mode == 'member/') || ($mode == 'admin/'))) { - // Select what depended header/footer template file for admin/guest/member area - $file2 = sprintf("%s%s%s_%s.tpl", - $basePath, - $mode, - $template, - getWhat() - ); - - // Probe for it... - if (isFileReadable($file2)) $FQFN = $file2; - - // Remove variable from memory - unset($file2); - } // END - if + $FQFN = $basePath . $extraPath . $template . '.tpl'; // Does the special template exists? if (!isFileReadable($FQFN)) { @@ -343,30 +276,33 @@ function loadTemplate ($template, $return=false, $content=array()) { // Now does the final template exists? if (isFileReadable($FQFN)) { + // Count the template load + incrementConfigEntry('num_templates'); + // The local file does exists so we load it. :) $GLOBALS['tpl_content'] = readFromFile($FQFN); - // Replace ' to our own chars to preventing them being quoted - while (strpos($GLOBALS['tpl_content'], "'") !== false) { $GLOBALS['tpl_content'] = str_replace("'", '{QUOT}', $GLOBALS['tpl_content']); } - // Do we have to compile the code? $ret = ''; if ((strpos($GLOBALS['tpl_content'], '$') !== false) || (strpos($GLOBALS['tpl_content'], '{--') !== false) || (strpos($GLOBALS['tpl_content'], '{!') !== false) || (strpos($GLOBALS['tpl_content'], '{?') !== false)) { // Normal HTML output? - if ($GLOBALS['output_mode'] == 0) { + if (getOutputMode() == '0') { // Add surrounding HTML comments to help finding bugs faster - $ret = "\n" . $GLOBALS['tpl_content'] . "\n"; + $ret = '\n" . $GLOBALS['tpl_content'] . '\n"; // Prepare eval() command - $eval = '$ret = "' . compileCode(smartAddSlashes($GLOBALS['tpl_content'])) . '";'; + $eval = '$ret = "' . compileCode(escapeQuotes($ret)) . '";'; + } elseif (substr($template, 0, 3) == 'js_') { + // JavaScripts don't like entities and timings + $eval = '$ret = decodeEntities("' . compileRawCode(escapeJavaScriptQuotes($GLOBALS['tpl_content'])) . '");'; } else { - // Prepare eval() command - $eval = '$ret = "' . compileCode(smartAddSlashes($GLOBALS['tpl_content'])) . '";'; + // Prepare eval() command, other output doesn't like entities, maybe + $eval = '$ret = decodeEntities("' . compileRawCode(escapeQuotes($GLOBALS['tpl_content'])) . '");'; } } else { // Add surrounding HTML comments to help finding bugs faster - $ret = "\n" . $GLOBALS['tpl_content'] . "\n"; - $eval = '$ret = "' . smartAddSlashes($ret) . '";'; + $ret = '\n" . $GLOBALS['tpl_content'] . '\n"; + $eval = '$ret = "' . escapeQuotes($ret) . '";'; } // END - if // Cache the eval() command here @@ -374,20 +310,20 @@ function loadTemplate ($template, $return=false, $content=array()) { // Eval the code eval($GLOBALS['template_eval'][$template]); - } else { - // No file! - $GLOBALS['template_eval'][$template] = '404'; - } - } elseif (((isAdmin()) || ((isInstalling()) && (!isInstalled()))) && ($GLOBALS['template_eval'][$template] == '404')) { - // Only admins shall see this warning or when installation mode is active - $ret = '
' . print_r($content, true) . '{--TEMPLATE_DATA--}
' . print_r($DATA, true) . '-
".print_r($content, true)."+
' . print_r($content, true) . '{--TEMPLATE_DATA--} -
".print_r($DATA, true)."-
' . print_r($DATA, true) . '+
-".htmlentities(trim($mailHeader))." -To : " . $toEmail." -Subject : " . $subject." -Message : " . $message." -\n"); + outputHtml('
+Headers : ' . str_replace('<', '<', str_replace('>', '>', secureString(trim($mailHeader)))) . ' +To : ' . $toEmail . ' +Subject : ' . $subject . ' +Message : ' . $message . ' +'); } elseif (($isHtml == 'Y') && (isExtensionActive('html_mail'))) { // Send mail as HTML away sendHtmlEmail($toEmail, $subject, $message, $mailHeader); @@ -671,6 +619,11 @@ function sendRawEmail ($toEmail, $subject, $message, $from) { // get new instance $mail = new PHPMailer(); + + // Set charset to UTF-8 + $mail->CharSet('UTF-8'); + + // Path for PHPMailer $mail->PluginDir = sprintf("%sinc/phpmailer/", getConfig('PATH')); $mail->IsSMTP(); @@ -706,16 +659,16 @@ function sendRawEmail ($toEmail, $subject, $message, $from) { } // Generate a password in a specified length or use default password length -function generatePassword ($length = 0) { +function generatePassword ($length = '0') { // Auto-fix invalid length of zero - if ($length == 0) $length = getConfig('pass_len'); + if ($length == '0') $length = getConfig('pass_len'); // Initialize array with all allowed chars $ABC = explode(',', 'a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9,-,+,_,/,.'); // Start creating password $PASS = ''; - for ($i = 0; $i < $length; $i++) { + for ($i = '0'; $i < $length; $i++) { $PASS .= $ABC[mt_rand(0, count($ABC) -1)]; } // END - for @@ -731,12 +684,12 @@ function generatePassword ($length = 0) { } // Generates a human-readable timestamp from the Uni* stamp -function generateDateTime ($time, $mode = 0) { +function generateDateTime ($time, $mode = '0') { // Filter out numbers $time = bigintval($time); // If the stamp is zero it mostly didn't "happen" - if ($time == 0) { + if ($time == '0') { // Never happend return getMessage('NEVER_HAPPENED'); } // END - if @@ -744,10 +697,10 @@ function generateDateTime ($time, $mode = 0) { switch (getLanguage()) { case 'de': // German date / time format switch ($mode) { - case 0: $ret = date("d.m.Y \u\m H:i \U\h\\r", $time); break; - case 1: $ret = strtolower(date('d.m.Y - H:i', $time)); break; - case 2: $ret = date('d.m.Y|H:i', $time); break; - case 3: $ret = date('d.m.Y', $time); break; + case '0': $ret = date("d.m.Y \u\m H:i \U\h\\r", $time); break; + case '1': $ret = strtolower(date('d.m.Y - H:i', $time)); break; + case '2': $ret = date('d.m.Y|H:i', $time); break; + case '3': $ret = date('d.m.Y', $time); break; default: logDebugMessage(__FUNCTION__, __LINE__, sprintf("Invalid date mode %s detected.", $mode)); break; @@ -756,10 +709,10 @@ function generateDateTime ($time, $mode = 0) { default: // Default is the US date / time format! switch ($mode) { - case 0: $ret = date('r', $time); break; - case 1: $ret = date('Y-m-d - g:i A', $time); break; - case 2: $ret = date('y-m-d|H:i', $time); break; - case 3: $ret = date('y-m-d', $time); break; + case '0': $ret = date('r', $time); break; + case '1': $ret = date('Y-m-d - g:i A', $time); break; + case '2': $ret = date('y-m-d|H:i', $time); break; + case '3': $ret = date('y-m-d', $time); break; default: logDebugMessage(__FUNCTION__, __LINE__, sprintf("Invalid date mode %s detected.", $mode)); break; @@ -806,7 +759,7 @@ function translatePoolType ($type) { } // Translates the american decimal dot into a german comma -function translateComma ($dotted, $cut = true, $max = 0) { +function translateComma ($dotted, $cut = true, $max = '0') { // Default is 3 you can change this in admin area "Misc -> Misc Options" if (!isConfigEntrySet('max_comma')) setConfigEntry('max_comma', 3); @@ -817,12 +770,12 @@ function translateComma ($dotted, $cut = true, $max = 0) { if ($max > 0) $maxComma = $max; // Cut zeros off? - if (($cut === true) && ($max == 0)) { + if (($cut === true) && ($max == '0')) { // Test for commata if in cut-mode $com = explode('.', $dotted); if (count($com) < 2) { // Don't display commatas even if there are none... ;-) - $maxComma = 0; + $maxComma = '0'; } } // END - if @@ -921,7 +874,7 @@ function countSelection ($array) { } // END - if // Init count - $ret = 0; + $ret = '0'; // Count all entries foreach ($array as $key => $selected) { @@ -958,8 +911,8 @@ function makeTime ($hours, $minutes, $seconds, $stamp) { // Redirects to an URL and if neccessarry extends it with own base URL function redirectToUrl ($URL) { - // Compile out URI codes - $URL = compileUriCode($URL); + // Compile out codes + eval('$URL = "' . compileRawCode($URL) . '";'); // Check if http(s):// is there if ((substr($URL, 0, 7) != 'http://') && (substr($URL, 0, 8) != 'https://')) { @@ -969,7 +922,7 @@ function redirectToUrl ($URL) { // Three different debug ways... //* DEBUG: */ debug_report_bug(sprintf("%s[%s:] URL=%s", __FUNCTION__, __LINE__, $URL)); - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $URL); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'URL=' . $URL); //* DEBUG: */ die($URL); // Default 'rel' value is external, nofollow is evil from Google and hurts the Internet @@ -997,8 +950,11 @@ function redirectToUrl ($URL) { // Output new location link as anchor outputHtml('' . $URL . ''); } elseif (!headers_sent()) { - // Load URL when headers are not sent //* DEBUG: */ debug_report_bug("URL={$URL}"); + // Clear own output buffer + $GLOBALS['output'] = ''; + + // Load URL when headers are not sent sendHeader('Location: '.str_replace('&', '&', $URL)); } else { // Output error message @@ -1034,11 +990,36 @@ function compileCode ($code, $simple = false, $constants = true, $full = true) { return $code; } // END - if - // Init replacement-array with full security characters - $secChars = $GLOBALS['security_chars']; + // Start couting + $startCompile = explode(' ', microtime()); - // Select smaller set of chars to replace when we e.g. want to compile URLs - if ($full === false) $secChars = $GLOBALS['url_chars']; + // Comile the code + $code = compileRawCode($code, $simple, $constants, $full); + + // Get timing + $compiled = explode(' ', microtime()); + + // Add timing + $code .= ''; + + // Return compiled code + return $code; +} + +// Compiles the code (use compileCode() only for HTML because of the comments) +// @TODO $simple is deprecated +function compileRawCode ($code, $simple = false, $constants = true, $full = true) { + // Is the code a string? + if (!is_string($code)) { + // Silently return it + return $code; + } // END - if + + // Init replacement-array with smaller set of security characters + $secChars = $GLOBALS['url_chars']; + + // Select full set of chars to replace when we e.g. want to compile URLs + if ($full === true) $secChars = $GLOBALS['security_chars']; // Compile more through a filter $code = runFilterChain('compile_code', $code); @@ -1060,10 +1041,8 @@ function compileCode ($code, $simple = false, $constants = true, $full = true) { $code = str_replace($to, $secChars['from'][$k], $code); } // END - foreach - // But shall I keep simple quotes for later use? - if ($simple) $code = str_replace("'", '{QUOT}', $code); - // Find $content[bla][blub] entries + // @TODO Do only use $content and deprecate $GLOBALS and $DATA in templates preg_match_all('/\$(content|GLOBALS|DATA)((\[([a-zA-Z0-9-_]+)\])*)/', $code, $matches); // Are some matches found? @@ -1097,19 +1076,19 @@ function compileCode ($code, $simple = false, $constants = true, $full = true) { // Replace it in the code //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):key={$key},match={$match}