X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Ffunctions.php;h=0d11b7f068a7c2b06f0409adfcabe0e0710e16aa;hp=c68f9cb293ddd99be3a2435097d0a82d347cd4a4;hb=aaf81b8f35512782d34f78c1a0dac8b42d745393;hpb=655f1bea8cda9a62fda703428f8693d8c025ff50
diff --git a/inc/functions.php b/inc/functions.php
index c68f9cb293..0d11b7f068 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -163,7 +163,7 @@ function compileFinalOutput () {
$newContent = '';
// Compile it
- $eval = "\$newContent = \"".compileCode(addslashes($GLOBALS['output']))."\";";
+ $eval = "\$newContent = \"".compileCode(escapeQuotes($GLOBALS['output']))."\";";
eval($eval);
// Was that eval okay?
@@ -204,7 +204,7 @@ function getFatalArray () {
}
// Add a fatal error message to the queue array
-function addFatalMessage ($F, $L, $message, $extra='') {
+function addFatalMessage ($F, $L, $message, $extra = '') {
if (is_array($extra)) {
// Multiple extras for a message with masks
$message = call_user_func_array('sprintf', $extra);
@@ -218,7 +218,7 @@ function addFatalMessage ($F, $L, $message, $extra='') {
// Log fatal messages away
debug_report_bug($message);
- logDebugMessage($F, $L, " message={$message}");
+ logDebugMessage($F, $L, 'Fatal error message: ' . $message);
}
// Getter for total fatal message count
@@ -237,7 +237,7 @@ function getTotalFatalErrors () {
}
// Load a template file and return it's content (only it's name; do not use ' or ")
-function loadTemplate ($template, $return=false, $content=array()) {
+function loadTemplate ($template, $return = false, $content = array()) {
// @TODO Remove this sanity-check if all is fine
if (!is_bool($return)) debug_report_bug('return is not bool (' . gettype($return) . ')');
@@ -255,73 +255,18 @@ function loadTemplate ($template, $return=false, $content=array()) {
// Make all template names lowercase
$template = strtolower($template);
- // Count the template load
- incrementConfigEntry('num_templates');
-
// Init some data
$ret = '';
if (empty($GLOBALS['refid'])) $GLOBALS['refid'] = '0';
// Base directory
$basePath = sprintf("%stemplates/%s/html/", getConfig('PATH'), getLanguage());
- $mode = '';
-
- // Check for admin/guest/member templates
- if (substr($template, 0, 6) == 'admin_') {
- // Admin template found
- $mode = 'admin/';
- } elseif (substr($template, 0, 6) == 'guest_') {
- // Guest template found
- $mode = 'guest/';
- } elseif (substr($template, 0, 7) == 'member_') {
- // Member template found
- $mode = 'member/';
- } elseif (substr($template, 0, 8) == 'install_') {
- // Installation template found
- $mode = 'install/';
- } elseif (substr($template, 0, 4) == 'ext_') {
- // Extension template found
- $mode = 'ext/';
- } elseif (substr($template, 0, 3) == 'la_') {
- // 'Logical-area' template found
- $mode = 'la/';
- } elseif (substr($template, 0, 3) == 'js_') {
- // JavaScript template found
- $mode = 'js/';
- } elseif (substr($template, 0, 5) == 'menu_') {
- // Menu template found
- $mode = 'menu/';
- } else {
- // Test for extension
- $test = substr($template, 0, strpos($template, '_'));
-
- // Probe for valid extension name
- if (isExtensionNameValid($test)) {
- // Set extra path to extension's name
- $mode = $test . '/';
- } // END - if
- }
+ $extraPath = detectExtraTemplatePath($template);;
////////////////////////
// Generate file name //
////////////////////////
- $FQFN = $basePath . $mode . $template . '.tpl';
-
- if ((isWhatSet()) && ((strpos($template, '_header') > 0) || (strpos($template, '_footer') > 0)) && (($mode == 'guest/') || ($mode == 'member/') || ($mode == 'admin/'))) {
- // Select what depended header/footer template file for admin/guest/member area
- $file2 = sprintf("%s%s%s_%s.tpl",
- $basePath,
- $mode,
- $template,
- getWhat()
- );
-
- // Probe for it...
- if (isFileReadable($file2)) $FQFN = $file2;
-
- // Remove variable from memory
- unset($file2);
- } // END - if
+ $FQFN = $basePath . $extraPath . $template . '.tpl';
// Does the special template exists?
if (!isFileReadable($FQFN)) {
@@ -331,6 +276,9 @@ function loadTemplate ($template, $return=false, $content=array()) {
// Now does the final template exists?
if (isFileReadable($FQFN)) {
+ // Count the template load
+ incrementConfigEntry('num_templates');
+
// The local file does exists so we load it. :)
$GLOBALS['tpl_content'] = readFromFile($FQFN);
@@ -343,18 +291,18 @@ function loadTemplate ($template, $return=false, $content=array()) {
$ret = "\n" . $GLOBALS['tpl_content'] . "\n";
// Prepare eval() command
- $eval = '$ret = "' . compileCode(addslashes($ret)) . '";';
+ $eval = '$ret = "' . compileCode(escapeQuotes($ret)) . '";';
} elseif (substr($template, 0, 3) == 'js_') {
// JavaScripts don't like entities and timings
- $eval = '$ret = decodeEntities("' . compileRawCode(addslashes($GLOBALS['tpl_content'])) . '");';
+ $eval = '$ret = decodeEntities("' . compileRawCode(escapeQuotes($GLOBALS['tpl_content'])) . '");';
} else {
// Prepare eval() command
- $eval = '$ret = "' . compileCode(addslashes($GLOBALS['tpl_content'])) . '";';
+ $eval = '$ret = "' . compileCode(escapeQuotes($GLOBALS['tpl_content'])) . '";';
}
} else {
// Add surrounding HTML comments to help finding bugs faster
$ret = "\n" . $GLOBALS['tpl_content'] . "\n";
- $eval = '$ret = "' . addslashes($ret) . '";';
+ $eval = '$ret = "' . escapeQuotes($ret) . '";';
} // END - if
// Cache the eval() command here
@@ -397,6 +345,51 @@ function loadTemplate ($template, $return=false, $content=array()) {
}
}
+// Detects the extra template path from given template name
+function detectExtraTemplatePath ($template) {
+ // Default is empty
+ $extraPath = '';
+
+ // Check for admin/guest/member templates
+ if (substr($template, 0, 6) == 'admin_') {
+ // Admin template found
+ $extraPath = 'admin/';
+ } elseif (substr($template, 0, 6) == 'guest_') {
+ // Guest template found
+ $extraPath = 'guest/';
+ } elseif (substr($template, 0, 7) == 'member_') {
+ // Member template found
+ $extraPath = 'member/';
+ } elseif (substr($template, 0, 8) == 'install_') {
+ // Installation template found
+ $extraPath = 'install/';
+ } elseif (substr($template, 0, 4) == 'ext_') {
+ // Extension template found
+ $extraPath = 'ext/';
+ } elseif (substr($template, 0, 3) == 'la_') {
+ // 'Logical-area' template found
+ $extraPath = 'la/';
+ } elseif (substr($template, 0, 3) == 'js_') {
+ // JavaScript template found
+ $extraPath = 'js/';
+ } elseif (substr($template, 0, 5) == 'menu_') {
+ // Menu template found
+ $extraPath = 'menu/';
+ } else {
+ // Test for extension
+ $test = substr($template, 0, strpos($template, '_'));
+
+ // Probe for valid extension name
+ if (isExtensionNameValid($test)) {
+ // Set extra path to extension's name
+ $extraPath = $test . '/';
+ } // END - if
+ }
+
+ // Return result
+ return $extraPath;
+}
+
// Loads an email template and compiles it
function loadEmailTemplate ($template, $content = array(), $UID = '0') {
global $DATA;
@@ -471,37 +464,22 @@ function loadEmailTemplate ($template, $content = array(), $UID = '0') {
if (isset($content['email'])) $email = $content['email'];
// Store email for some functions in global data array
+ // @TODO Do only use $contentn, not $DATA or raw variables
$DATA['email'] = $email;
// Base directory
$basePath = sprintf("%stemplates/%s/emails/", getConfig('PATH'), getLanguage());
- // Check for admin/guest/member templates
- if (substr($template, 0, 6) == 'admin_') {
- // Admin template found
- $FQFN = $basePath.'admin/' . $template.'.tpl';
- } elseif (substr($template, 0, 6) == 'guest_') {
- // Guest template found
- $FQFN = $basePath.'guest/' . $template.'.tpl';
- } elseif (substr($template, 0, 7) == 'member_') {
- // Member template found
- $FQFN = $basePath.'member/' . $template.'.tpl';
- } else {
- // Test for extension
- $test = substr($template, 0, strpos($template, '_'));
- if (isExtensionNameValid($test)) {
- // Set extra path to extension's name
- $FQFN = $basePath . $test.'/' . $template.'.tpl';
- } else {
- // No special filename
- $FQFN = $basePath . $template.'.tpl';
- }
- }
+ // Detect extra path
+ $extraPath = detectExtraTemplatePath($template);
+
+ // Generate full FQFN
+ $FQFN = $basePath . $extraPath . $template . '.tpl';
// Does the special template exists?
if (!isFileReadable($FQFN)) {
// Reset to default template
- $FQFN = $basePath . $template.'.tpl';
+ $FQFN = $basePath . $template . '.tpl';
} // END - if
// Now does the final template exists?
@@ -511,16 +489,16 @@ function loadEmailTemplate ($template, $content = array(), $UID = '0') {
$GLOBALS['tpl_content'] = readFromFile($FQFN);
// Run code
- $GLOBALS['tpl_content'] = "\$newContent = decodeEntities(\"".compileRawCode(addslashes($GLOBALS['tpl_content']))."\");";
+ $GLOBALS['tpl_content'] = "\$newContent = decodeEntities(\"".compileRawCode(escapeQuotes($GLOBALS['tpl_content']))."\");";
eval($GLOBALS['tpl_content']);
} elseif (!empty($template)) {
// Template file not found!
- $newContent = "{--TEMPLATE_404--}: " . $template."
+ $newContent = '{--TEMPLATE_404--}: ' . $template . '
{--TEMPLATE_CONTENT--}
-
".print_r($content, true)."+
' . print_r($content, true) . '{--TEMPLATE_DATA--} -
".print_r($DATA, true)."-
' . print_r($DATA, true) . '+
-Headers : ' . str_replace('<', '<', str_replace('>', '>', htmlentities(trim($mailHeader)))) . ' +Headers : ' . str_replace('<', '<', str_replace('>', '>', secureString(trim($mailHeader)))) . ' To : ' . $toEmail . ' Subject : ' . $subject . ' Message : ' . $message . ' @@ -1040,11 +1015,11 @@ function compileRawCode ($code, $simple = false, $constants = true, $full = true return $code; } // END - if - // Init replacement-array with full security characters - $secChars = $GLOBALS['security_chars']; + // Init replacement-array with smaller set of security characters + $secChars = $GLOBALS['url_chars']; - // Select smaller set of chars to replace when we e.g. want to compile URLs - if ($full === false) $secChars = $GLOBALS['url_chars']; + // Select full set of chars to replace when we e.g. want to compile URLs + if ($full === true) $secChars = $GLOBALS['security_chars']; // Compile more through a filter $code = runFilterChain('compile_code', $code); @@ -1067,6 +1042,7 @@ function compileRawCode ($code, $simple = false, $constants = true, $full = true } // END - foreach // Find $content[bla][blub] entries + // @TODO Do only use $content and deprecate $GLOBALS and $DATA in templates preg_match_all('/\$(content|GLOBALS|DATA)((\[([a-zA-Z0-9-_]+)\])*)/', $code, $matches); // Are some matches found? @@ -2344,9 +2320,9 @@ function getCurrentTheme () { if ((isGetRequestElementSet('theme')) && (isFileReadable($theme))) { // Set cookie from URL data setTheme(getRequestElement('theme')); - } elseif (isFileReadable(sprintf("%stheme/%s/theme.php", getConfig('PATH'), SQL_ESCAPE(postRequestElement('theme'))))) { + } elseif (isFileReadable(sprintf("%stheme/%s/theme.php", getConfig('PATH'), secureString(postRequestElement('theme'))))) { // Set cookie from posted data - setTheme(SQL_ESCAPE(postRequestElement('theme'))); + setTheme(secureString(postRequestElement('theme'))); } // Set return value @@ -3589,7 +3565,7 @@ function linenumberCode ($code) { $r .= '|'; // Add code - $r .= '' . htmlentities($c) . ''; + $r .= '' . secureString($c) . ''; } return '' . $r . ''; @@ -3701,6 +3677,21 @@ function readTemplateCache ($template) { return $GLOBALS['template_eval'][$template]; } +// Escapes quotes (default is only double-quotes) +function escapeQuotes ($str, $single = false) { + // Should we escape all? + if ($single === true) { + // Escape all (including null) + $str = addslashes($str); + } else { + // Escape only double-quotes + $str = str_replace('"', "\\\"", $str); + } + + // Return the escaped string + return $str; +} + ////////////////////////////////////////////////// // AUTOMATICALLY RE-GENERATED MISSING FUNCTIONS // //////////////////////////////////////////////////