From ed930d1133b51edc7ec2379d91286d64afd9bc4f Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Thu, 17 Apr 2014 23:16:29 +0200 Subject: [PATCH] More stuff for mysql3->mysql switch. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Roland Häder --- DOCS/de/SECURITY.txt | 2 +- DOCS/en/SECURITY.txt | 2 +- inc/ajax-functions.php | 5 -- inc/ajax/ajax_ | 5 -- inc/ajax/ajax_admin.php | 5 -- inc/ajax/ajax_installer.php | 63 +++++++++++++----------- inc/classes/cachesystem.class.php | 8 --- inc/config-local.php.dist | 7 +-- inc/db/lib-mysql.php | 53 ++++---------------- inc/db/lib-mysqli.php | 47 +++--------------- inc/expression-functions.php | 7 +-- inc/filter-functions.php | 6 --- inc/filters.php | 29 ++--------- inc/functions.php | 82 +++++++++++++------------------ inc/load_config.php | 7 +-- inc/mysql-connect.php | 13 +---- 16 files changed, 92 insertions(+), 249 deletions(-) diff --git a/DOCS/de/SECURITY.txt b/DOCS/de/SECURITY.txt index ccf07b9ba1..2ec6f64528 100644 --- a/DOCS/de/SECURITY.txt +++ b/DOCS/de/SECURITY.txt @@ -125,7 +125,7 @@ Bis zur Version 0.2.0-pre10 mit Patch-Level 485 und aelter war es fuer einen entfernten Angreifer theoretisch moeglich, SQL-Befehle einzuschleusen und auch Attacken auf die Variable $PHP_SELF durchzufueheren. Seit Patch 486 und 487 (laden Sie sich am Besten immer die aktuellsten Patches herunter!) sind nun -entsprechende Zeilen aus der inc/db/lib-mysql3.php (Funktion sqlQueryEscaped) +entsprechende Zeilen aus der inc/db/lib-mysql.php (Funktion sqlQueryEscaped) entfernt und sollten nicht mehr angreifbar sein. Der generierten SQL-Befehl wurde vor der Ausfuehrung nochmals "uebersetzt", also alle sicherheitsgefaehrdenen Zeichen wieder eingebaut. Zudem existiert im Script diff --git a/DOCS/en/SECURITY.txt b/DOCS/en/SECURITY.txt index e0cea8967a..2aa1ea32b1 100644 --- a/DOCS/en/SECURITY.txt +++ b/DOCS/en/SECURITY.txt @@ -122,7 +122,7 @@ Bis zur Version 0.2.0-pre10 mit Patch-Level 485 und aelter war es fuer einen entfernten Angreifer theoretisch moeglich, SQL-Befehle einzuschleusen und auch Attacken auf die Variable $PHP_SELF durchzufueheren. Seit Patch 486 und 487 (laden Sie sich am Besten immer die aktuellsten Patches herunter!) sind nun -entsprechende Zeilen aus der inc/db/lib-mysql3.php (Funktion sqlQueryEscaped) +entsprechende Zeilen aus der inc/db/lib-mysql.php (Funktion sqlQueryEscaped) entfernt sollten nicht mehr angreifbar sein. Der generierten SQL-Befehl wurde vor der Ausfuehrung nochmals "uebersetzt", also alle sicherheitsgefaehrdenen Zeichen wieder eingebaut. Zudem existiert im Script diff --git a/inc/ajax-functions.php b/inc/ajax-functions.php index d3736e0f03..90e48a1a02 100644 --- a/inc/ajax-functions.php +++ b/inc/ajax-functions.php @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : AJAX-bezogene Funktionen * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * diff --git a/inc/ajax/ajax_ b/inc/ajax/ajax_ index de592ac950..a76ebc502e 100644 --- a/inc/ajax/ajax_ +++ b/inc/ajax/ajax_ @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : AJAX-Bibliothek fuer Adminmenu * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * diff --git a/inc/ajax/ajax_admin.php b/inc/ajax/ajax_admin.php index 98af1a4624..e09f2dffa9 100644 --- a/inc/ajax/ajax_admin.php +++ b/inc/ajax/ajax_admin.php @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : AJAX-Bibliothek fuer Adminmenu * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * diff --git a/inc/ajax/ajax_installer.php b/inc/ajax/ajax_installer.php index 5e6bf0d664..eea4629ee9 100644 --- a/inc/ajax/ajax_installer.php +++ b/inc/ajax/ajax_installer.php @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : AJAX-bezogene Funktionen fuer Installer * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * @@ -50,7 +45,7 @@ if (!defined('__SECURITY')) { // Establish a database link function establishAjaxInstallerDatabaseLink () { // This requires some session data - if (!isSessionDataSet(array('mysql_host', 'mysql_dbase', 'mysql_prefix', 'mysql_login', 'mysql_password1', 'mysql_password2', 'mysql_engine'))) { + if (!isSessionDataSet(array('mysql_host', 'mysql_dbase', 'mysql_prefix', 'mysql_login', 'mysql_password1', 'mysql_password2', 'mysql_engine', 'database_extension'))) { // Some required session data is not set reportBug(__FUNCTION__, __LINE__, 'Required session data for this step not found.'); } // END - if @@ -84,6 +79,7 @@ function establishAjaxInstallerDatabaseLink () { // Set type, prefix from POST data and database name for later queries setConfigEntry('_TABLE_TYPE' , getSession('mysql_engine')); + setConfigEntry('_DB_TYPE' , getSession('database_extension')); setConfigEntry('_MYSQL_PREFIX', getSession('mysql_prefix')); setConfigEntry('__DB_NAME' , getSession('mysql_dbase')); } @@ -324,7 +320,7 @@ function doAjaxInstallerSaveChanges () { (isInstallerDataValid($saveStatus, $key, $value)) && // And can it be stored in session? - (setSession($key, $value)) + (setSessionCompiled($key, $value)) ); // Save the overall status for below final check @@ -363,31 +359,31 @@ function doAjaxPrepareInstallerBaseData () { // Is 'base_path' not set? if (!isSessionVariableSet('base_path')) { // Then set it from PATH - setSession('base_path', getPath()); + setSessionCompiled('base_path', getPath()); } // END - if // Is 'base_url' not set? if (!isSessionVariableSet('base_url')) { // Then set it from URL - setSession('base_url', getUrl()); + setSessionCompiled('base_url', getUrl()); } // END - if // Is 'main_title' not set? if (!isSessionVariableSet('main_title')) { // Then set it from default main title - setSession('main_title', compileRawCode(getMessage('DEFAULT_MAIN_TITLE'))); + setSessionCompiled('main_title', compileRawCode(getMessage('DEFAULT_MAIN_TITLE'))); } // END - if // Is 'slogan' not set? if (!isSessionVariableSet('slogan')) { // Then set it from default slogan - setSession('slogan', compileRawCode(getMessage('DEFAULT_SLOGAN'))); + setSessionCompiled('slogan', compileRawCode(getMessage('DEFAULT_SLOGAN'))); } // END - if // Is 'webmaster' not set? if (!isSessionVariableSet('webmaster')) { // Then set it from default webmaster email address - setSession('webmaster', '{--DEFAULT_WEBMASTER--}'); + setSessionCompiled('webmaster', '{--DEFAULT_WEBMASTER--}'); } // END - if } @@ -396,43 +392,49 @@ function doAjaxPrepareInstallerDatabaseConfig () { // Is 'mysql_host' not set? if (!isSessionVariableSet('mysql_host')) { // Then set it directly - setSession('mysql_host', 'localhost'); + setSessionCompiled('mysql_host', 'localhost'); } // END - if // Is 'mysql_dbase' not set? if (!isSessionVariableSet('mysql_dbase')) { // Then set it directly - setSession('mysql_dbase', 'your_database'); + setSessionCompiled('mysql_dbase', 'your_database'); } // END - if // Is 'mysql_prefix' not set? if (!isSessionVariableSet('mysql_prefix')) { // Then set it directly - setSession('mysql_prefix', 'mailer'); + setSessionCompiled('mysql_prefix', 'mailer'); } // END - if // Is 'mysql_login' not set? if (!isSessionVariableSet('mysql_login')) { // Then set it directly - setSession('mysql_login', 'your_login'); + setSessionCompiled('mysql_login', 'your_login'); } // END - if // Is 'mysql_dbase' not set? if (!isSessionVariableSet('mysql_password1')) { // Then set it directly - setSession('mysql_password1', ''); + setSessionCompiled('mysql_password1', ''); } // END - if // Is 'mysql_password2' not set? if (!isSessionVariableSet('mysql_password2')) { // Then set it directly - setSession('mysql_password2', ''); + setSessionCompiled('mysql_password2', ''); } // END - if // Is 'mysql_engine' not set? if (!isSessionVariableSet('mysql_engine')) { // Then set it directly - setSession('mysql_engine', 'MyISAM'); + setSessionCompiled('mysql_engine', 'MyISAM'); + } // END - if + + // Is 'mysql_engine' not set? + if (!isSessionVariableSet('database_extension')) { + // Then set it directly + setSessionCompiled('database_extension', 'mysqli'); } // END - if } @@ -446,25 +448,25 @@ function doAjaxPrepareInstallerOtherConfig () { // Is 'output_mode' not set? if (!isSessionVariableSet('output_mode')) { // Then set it directly - setSession('output_mode', 'render'); + setSessionCompiled('output_mode', 'render'); } // END - if // Is 'warn_no_pass' not set? if (!isSessionVariableSet('warn_no_pass')) { // Then set it directly - setSession('warn_no_pass', 'Y'); + setSessionCompiled('warn_no_pass', 'Y'); } // END - if // Is 'write_footer' not set? if (!isSessionVariableSet('write_footer')) { // Then set it directly - setSession('write_footer', 'Y'); + setSessionCompiled('write_footer', 'Y'); } // END - if // Is 'enable_backlink' not set? if (!isSessionVariableSet('enable_backlink')) { // Then set it directly - setSession('enable_backlink', 'Y'); + setSessionCompiled('enable_backlink', 'Y'); } // END - if } @@ -476,10 +478,10 @@ function doAjaxPrepareInstallerExtensions () { * At least ext-admins, ext-sql_patches and ext-task should be installed * (ext-sql_patches is a must!) */ - setSession('extensions', 'admins:sql_patches:task'); + setSessionCompiled('extensions', 'admins:sql_patches:task'); } elseif (strpos(getSession('extensions'), 'sql_patches') === FALSE) { // Add missing ext-sql_patches - setSession('extensions', getSession('extensions') . ':sql_patches'); + setSessionCompiled('extensions', getSession('extensions') . ':sql_patches'); } } @@ -488,25 +490,25 @@ function doAjaxPrepareInstallerFirstAdmin () { // Is 'admin_login' set? if (!isSessionVariableSet('admin_login')) { // Set it - setSession('admin_login', 'admin'); + setSessionCompiled('admin_login', 'admin'); } // END - if // Is 'admin_email' set? if (!isSessionVariableSet('admin_email')) { // Set it - setSession('admin_email', getSession('webmaster')); + setSessionCompiled('admin_email', getSession('webmaster')); } // END - if // Is 'admin_password1' set? if (!isSessionVariableSet('admin_password1')) { // Set it - setSession('admin_password1', ''); + setSessionCompiled('admin_password1', ''); } // END - if // Is 'admin_password2' set? if (!isSessionVariableSet('admin_password2')) { // Set it - setSession('admin_password2', ''); + setSessionCompiled('admin_password2', ''); } // END - if } @@ -683,7 +685,7 @@ function doAjaxInstallerStepInstallExtensions () { // Call-back function to write local configuration file function doAjaxInstallerStepWriteLocalConfig () { // Is all set? - if (!isSessionDataSet(array('base_path', 'base_url', 'main_title', 'slogan', 'webmaster', 'mysql_host', 'mysql_dbase', 'mysql_prefix', 'mysql_login', 'mysql_password1', 'mysql_password2', 'mysql_engine', 'output_mode', 'warn_no_pass', 'write_footer', 'enable_backlink'))) { + if (!isSessionDataSet(array('base_path', 'base_url', 'main_title', 'slogan', 'webmaster', 'mysql_host', 'mysql_dbase', 'mysql_prefix', 'mysql_login', 'mysql_password1', 'mysql_password2', 'mysql_engine', 'database_extension', 'output_mode', 'warn_no_pass', 'write_footer', 'enable_backlink'))) { // Some required session data is not set reportBug(__FUNCTION__, __LINE__, 'Required session data for this step not found.'); } elseif (isInstalled()) { @@ -713,6 +715,7 @@ function doAjaxInstallerStepWriteLocalConfig () { getSession('mysql_password1'), getSession('mysql_prefix'), getSession('mysql_engine'), + getSession('database_extension'), getSession('smtp_host'), getSession('smtp_user'), getSession('smtp_password1') diff --git a/inc/classes/cachesystem.class.php b/inc/classes/cachesystem.class.php index a5ea7261d1..f66a1e3a80 100644 --- a/inc/classes/cachesystem.class.php +++ b/inc/classes/cachesystem.class.php @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : CacheSystem-Klasse * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * @@ -198,9 +193,6 @@ class CacheSystem { } elseif ($this->name == 'refsystem') { // Referral system $GLOBALS['cache_array']['refsystem'][$k][$data['id']] = $v; - } elseif ($this->name == 'revision') { - // Revision data - $GLOBALS['cache_array']['revision'][$k][0] = $v; } elseif ($this->name == 'themes') { // Themes if ($k == 'theme_path') { diff --git a/inc/config-local.php.dist b/inc/config-local.php.dist index bed4e0e404..67c790a718 100644 --- a/inc/config-local.php.dist +++ b/inc/config-local.php.dist @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Lokale Konfiguration * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2008 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * @@ -75,7 +70,7 @@ setConfigEntry('_MYSQL_PREFIX', 'mxchange'); setConfigEntry('_TABLE_TYPE', 'MyISAM'); // CFG: DATABASE-TYPE -setConfigEntry('_DB_TYPE', 'mysql3'); +setConfigEntry('_DB_TYPE', 'mysql'); // CFG: BACKLINK (Enable backlink to mxchange.org in footer? rel=external is set!) setConfigEntry('ENABLE_BACKLINK', 'Y'); diff --git a/inc/db/lib-mysql.php b/inc/db/lib-mysql.php index fd86300e36..082e4c87a1 100644 --- a/inc/db/lib-mysql.php +++ b/inc/db/lib-mysql.php @@ -4,16 +4,11 @@ * =================== Last change: 08/29/2004 * * * * -------------------------------------------------------------------- * - * File : lib-mysql3.php * + * File : lib-mysql.php * * -------------------------------------------------------------------- * - * Short description : Database layer for MySQL 3/4/5 server * + * Short description : Database layer for PHP 5.4 and older * * -------------------------------------------------------------------- * - * Kurzbeschreibung : Datenbankschicht fuer MySQL 3/4/5 Server * - * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * + * Kurzbeschreibung : Datenbankschicht fuer PHP 5.4 und aelter * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * @@ -93,7 +88,7 @@ function sqlQuery ($sqlString, $file, $line, $enableCodes = TRUE) { // Run SQL command //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'file=' . basename($file) . ',line=' . $line . ',sql=' . $GLOBALS['last_sql']); $result = mysql_query($GLOBALS['last_sql'], getSqlLink()) - or sqlError($file, $line, 'file='. basename($file) . ',line=' . $line . ':mysql_error()=' . mysql_error() . ',last_query=' . $GLOBALS['last_sql']); + or logSqlError($file, $line, 'file='. basename($file) . ',line=' . $line . ':mysql_error()=' . mysql_error() . ',last_query=' . $GLOBALS['last_sql']); //* DEBUG: */ logDebugMessage($file, $line, 'sql=' . $GLOBALS['last_sql'] . ',affected=' . sqlAffectedRows() . ',numRows='.(isValidSqlLink($result) ? sqlNumRows($result) : gettype($result))); // Calculate query time @@ -212,7 +207,7 @@ function sqlResult ($resource, $row, $field = '0') { // SQL connect function sqlConnectToDatabase ($host, $login, $password, $file, $line) { // Try to connect - $linkResource = mysql_connect($host, $login, $password) or sqlError($file, $line, mysql_error()); + $linkResource = mysql_connect($host, $login, $password) or logSqlError($file, $line, mysql_error()); // Set the link resource if (isValidSqlLink($linkResource)) { @@ -248,7 +243,7 @@ function sqlSelectDatabase ($dbName, $file, $line) { // Return the result //* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'Selecting database ' . $dbName); - return mysql_select_db($dbName, getSqlLink()) or sqlError($file, $line, mysql_error()); + return mysql_select_db($dbName, getSqlLink()) or logSqlError($file, $line, mysql_error()); } // SQL close link @@ -261,7 +256,7 @@ function sqlCloseLink ($file, $line) { } // END - if // Close database link and forget the link - $close = mysql_close(getSqlLink()) or sqlError($file . ':' . __FUNCTION__, $line . ':' . __LINE__, mysql_error()); + $close = mysql_close(getSqlLink()) or logSqlError($file . ':' . __FUNCTION__, $line . ':' . __LINE__, mysql_error()); // Close link in this layer unsetSqlLinkUp(__FUNCTION__, __LINE__); @@ -353,40 +348,10 @@ function sqlEscapeString ($str, $secureString = TRUE, $strip = TRUE) { return $GLOBALS['sql_escapes']['' . $str . '']; } -// Log SQL errors to debug.log in installation phase or call reportBug() -function sqlError ($file, $line, $message) { +// Set SQL error in global array +function setSqlError ($file, $line, $message) { // Remember plain error in last_sql_error $GLOBALS['last_sql_error'] = mysql_error(); - - // Is login set? - if (!empty($GLOBALS['mysql']['login'])) { - // Secure login name in message - $message = str_replace($GLOBALS['mysql']['login'], '***', $message); - } // END - if - - // Is database password set? - if (!empty($GLOBALS['mysql']['password'])) { - // Secure password in message - $message = str_replace($GLOBALS['mysql']['password'], '***', $message); - } // END - if - - // Is database name set? - if (!empty($GLOBALS['mysql']['dbase'])) { - // Secure database name in message - $message = str_replace($GLOBALS['mysql']['dbase'], '***', $message); - } // END - if - - // Is there installation phase? - if (isInstaller()) { - /* - * In installation phase, we don't want SQL errors abort e.g. connection - * tests, so just log it away. - */ - logDebugMessage($file, $line, $message); - } else { - // Regular mode, then call reportBug() - reportBug($file, $line, $message); - } } // Checks whether given link is a valid SQL link diff --git a/inc/db/lib-mysqli.php b/inc/db/lib-mysqli.php index 56f104cf36..4ff03a5a37 100644 --- a/inc/db/lib-mysqli.php +++ b/inc/db/lib-mysqli.php @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Datenbankschicht fuer MySQL 3/4/5 Server (MySQLi)* * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * @@ -95,7 +90,7 @@ function sqlQuery ($sqlString, $file, $line, $enableCodes = TRUE) { // Run SQL command //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'file=' . basename($file) . ',line=' . $line . ',sql=' . $GLOBALS['last_sql']); $result = mysqli_query(getSqlLink(), $GLOBALS['last_sql']) - or sqlError($file, $line, 'file='. basename($file) . ',line=' . $line . ':mysqli_error()=' . mysqli_error(getSqlLink()) . ',last_query=' . $GLOBALS['last_sql']); + or logSqlError($file, $line, 'file='. basename($file) . ',line=' . $line . ':mysqli_error()=' . mysqli_error(getSqlLink()) . ',last_query=' . $GLOBALS['last_sql']); //* DEBUG: */ logDebugMessage($file, $line, 'sql=' . $GLOBALS['last_sql'] . ',affected=' . sqlAffectedRows() . ',numRows='.(isValidSqlLink($result) ? sqlNumRows($result) : gettype($result))); // Calculate query time @@ -199,7 +194,7 @@ function sqlResult ($resource, $row, $field = '0') { // SQL connect function sqlConnectToDatabase ($host, $login, $password, $file, $line) { // Try to connect - $linkResource = mysqli_connect($host, $login, $password) or sqlError($file, $line, mysqli_error(getSqlLink())); + $linkResource = mysqli_connect($host, $login, $password) or logSqlError($file, $line, mysqli_error(getSqlLink())); // Set the link resource if ($linkResource instanceof mysqli) { @@ -241,7 +236,7 @@ function sqlSelectDatabase ($dbName, $file, $line) { // Return the result //* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'Selecting database ' . $dbName); - return mysqli_select_db(getSqlLink(), $dbName) or sqlError($file, $line, mysqli_error(getSqlLink())); + return mysqli_select_db(getSqlLink(), $dbName) or logSqlError($file, $line, mysqli_error(getSqlLink())); } // SQL close link @@ -254,7 +249,7 @@ function sqlCloseLink ($file, $line) { } // END - if // Close database link and forget the link - $close = mysqli_close(getSqlLink()) or sqlError($file . ':' . __FUNCTION__, $line . ':' . __LINE__, mysqli_error(getSqlLink())); + $close = mysqli_close(getSqlLink()) or logSqlError($file . ':' . __FUNCTION__, $line . ':' . __LINE__, mysqli_error(getSqlLink())); // Close link in this layer unsetSqlLinkUp(__FUNCTION__, __LINE__); @@ -343,40 +338,10 @@ function sqlEscapeString ($str, $secureString = TRUE, $strip = TRUE) { return $GLOBALS['sql_escapes']['' . $str . '']; } -// Log SQL errors to debug.log in installation phase or call reportBug() -function sqlError ($file, $line, $message) { +// Set SQL error in global array +function setSqlError ($file, $line, $message) { // Remember plain error in last_sql_error $GLOBALS['last_sql_error'] = mysqli_error(getSqlLink()); - - // Is login set? - if (!empty($GLOBALS['mysql']['login'])) { - // Secure login name in message - $message = str_replace($GLOBALS['mysql']['login'], '***', $message); - } // END - if - - // Is database password set? - if (!empty($GLOBALS['mysql']['password'])) { - // Secure password in message - $message = str_replace($GLOBALS['mysql']['password'], '***', $message); - } // END - if - - // Is database name set? - if (!empty($GLOBALS['mysql']['dbase'])) { - // Secure database name in message - $message = str_replace($GLOBALS['mysql']['dbase'], '***', $message); - } // END - if - - // Is there installation phase? - if (isInstaller()) { - /* - * In installation phase, we don't want SQL errors abort e.g. connection - * tests, so just log it away. - */ - logDebugMessage($file, $line, $message); - } else { - // Regular mode, then call reportBug() - reportBug($file, $line, $message); - } } // Checks whether given link is a valid SQL link diff --git a/inc/expression-functions.php b/inc/expression-functions.php index e25a28fd3f..3ccafa59c6 100644 --- a/inc/expression-functions.php +++ b/inc/expression-functions.php @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Expression-Callback-Funktionen * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * @@ -157,7 +152,7 @@ function doExpressionExt ($data) { } // END - if // Generate replacer - $replacer = sprintf('&ext=%s&ver=%s&rev={?CURRENT_REPOSITORY_REVISION?}', $data['matches'][4][$data['key']], $replacer); + $replacer = sprintf('&ext=%s&ver=%s', $data['matches'][4][$data['key']], $replacer); // Replace it and insert parameter for GET request $code = replaceExpressionCode($data, $replacer); diff --git a/inc/filter-functions.php b/inc/filter-functions.php index dc97d8ec41..c8e74588e5 100644 --- a/inc/filter-functions.php +++ b/inc/filter-functions.php @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Funktionen fuer Filter-System * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * @@ -110,7 +105,6 @@ ORDER BY registerFilter(__FUNCTION__, __LINE__, 'init', 'INIT_SESSION'); registerFilter(__FUNCTION__, __LINE__, 'init', 'SET_CURRENT_DATE'); registerFilter(__FUNCTION__, __LINE__, 'init', 'INIT_RANDOM_NUMBER'); - registerFilter(__FUNCTION__, __LINE__, 'init', 'CHECK_REPOSITORY_REVISION'); registerFilter(__FUNCTION__, __LINE__, 'init', 'RUN_HOURLY_RESET'); registerFilter(__FUNCTION__, __LINE__, 'init', 'RUN_DAILY_RESET'); registerFilter(__FUNCTION__, __LINE__, 'init', 'RUN_WEEKLY_RESET'); diff --git a/inc/filters.php b/inc/filters.php index 15f5c00d46..5b3c05c5f2 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Allgemeine Filter * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * @@ -807,22 +802,6 @@ function FILTER_TRIGGER_SENDING_POOL () { unset($GLOBALS['pool_cnt']); } -// Filter for checking and updating SVN revision -function FILTER_CHECK_REPOSITORY_REVISION () { - // Only execute this filter if installed and all config entries are there - if ((!isInstalled()) || (!isConfigEntrySet('patch_level'))) { - return; - } // END - if - - // Check for patch level differences between database and current hard-coded - if ((getCurrentRepositoryRevision() > getConfig('patch_level')) || (getConfig('patch_level') == 'CURRENT_REPOSITORY_REVISION') || (getConfig('patch_ctime') == 'UNIX_TIMES')) { - // Update database and CONFIG array - updateConfiguration(array('patch_level', 'patch_ctime'), array(getCurrentRepositoryRevision(), 'UNIX_TIMESTAMP()')); - setConfigEntry('patch_level', getCurrentRepositoryRevision()); - setConfigEntry('patch_ctime', time()); - } // END - if -} - // Filter for running hourly reset function FILTER_RUN_HOURLY_RESET () { // Only execute this filter if installed @@ -901,7 +880,7 @@ function FILTER_RUN_YEARLY_RESET () { // Filter for loading more runtime includes (not for installation) function FILTER_LOAD_RUNTIME_INCLUDES () { // Load more includes - foreach (array('databases', 'session', 'versions') as $inc) { + foreach (array('databases', 'session') as $inc) { // Load the include loadIncludeOnce('inc/' . $inc . '.php'); } // END - foreach @@ -1031,8 +1010,8 @@ function FILTER_HANDLE_FATAL_ERRORS () { 'corr' => $CORR ); - // Load footer - loadIncludeOnce('inc/header.php'); + // Load header + loadPageHeader(); // Load main template loadTemplate('fatal_errors', FALSE, $content); @@ -1041,7 +1020,7 @@ function FILTER_HANDLE_FATAL_ERRORS () { initFatalMessages(); // Load footer - loadIncludeOnce('inc/footer.php'); + loadPageFooter(); // Abort here doShutdown(); diff --git a/inc/functions.php b/inc/functions.php index 4f37ac1a92..f55c9a396a 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Viele Nicht-Datenbank-Funktionen * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * @@ -474,9 +469,9 @@ function redirectToUrl ($url, $allowSpider = TRUE) { sendRawRedirect(doFinalCompilation(str_replace('&', '&', $url), FALSE)); } else { // Output error message - loadInclude('inc/header.php'); + loadPageHeader(); loadTemplate('redirect_url', FALSE, str_replace('&', '&', $url)); - loadInclude('inc/footer.php'); + loadPageFooter(); } // Shut the mailer down here @@ -551,7 +546,7 @@ function generateRandomCode ($length, $code, $userid, $extraData = '') { if (isConfigEntrySet('file_hash')) { $keys .= getEncryptSeparator() . getFileHash(); } // END - if - $keys .= getEncryptSeparator() . getDateFromRepository(); + if (isConfigEntrySet('master_salt')) { $keys .= getEncryptSeparator() . getMasterSalt(); } // END - if @@ -780,7 +775,7 @@ function generateHash ($plainText, $salt = '', $hash = TRUE) { $server = $_SERVER['PHP_SELF'] . getEncryptSeparator() . detectUserAgent() . getEncryptSeparator() . getenv('SERVER_SOFTWARE') . getEncryptSeparator() . detectRealIpAddress() . getEncryptSeparator() . detectRemoteAddr(); // Build key string - $keys = getSiteKey() . getEncryptSeparator() . getDateKey() . getEncryptSeparator() . getFileHash() . getEncryptSeparator() . getDateFromRepository() . getEncryptSeparator() . getMasterSalt(); + $keys = getSiteKey() . getEncryptSeparator() . getDateKey() . getEncryptSeparator() . getFileHash() . getEncryptSeparator() . getMasterSalt(); // Is the secret_key config entry set? if (isConfigEntrySet('secret_key')) { @@ -1801,12 +1796,12 @@ function isExtraTitleSet () { * * @param $baseDir Relative base directory to PATH to scan from * @param $prefix Prefix for all positive matches (which files should be found) - * @param $fileIncludeDirs whether to include directories in the final output array - * @param $addBaseDir whether to add $baseDir to all array entries + * @param $fileIncludeDirs Whether to include directories in the final output array + * @param $addBaseDir Whether to add $baseDir to all array entries * @param $excludeArray Excluded files and directories, these must be full files names, e.g. 'what-' will exclude all files named 'what-' but won't exclude 'what-foo.php' * @param $extension File extension for all positive matches * @param $excludePattern Regular expression to exclude more files (preg_match()) - * @param $recursive whether to scan recursively + * @param $recursive Whether to scan recursively * @param $suffix Suffix for positive matches ($extension will be appended, too) * @param $withPrefixSuffix Whether to include prefix/suffix in found entries * @return $foundMatches All found positive matches for above criteria @@ -2114,43 +2109,6 @@ function isSpider () { return ((isInStringIgnoreCase('spider', $userAgent)) || (isInStringIgnoreCase('slurp', $userAgent)) || (isInStringIgnoreCase('bot', $userAgent)) || (isInStringIgnoreCase('archiver', $userAgent))); } -// Function to search for the last modified file -function searchDirsRecursive ($dir, &$last_changed, $lookFor = 'Date') { - // Get dir as array - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'dir=' . $dir); - // Does it match what we are looking for? (We skip a lot files already!) - // RegexPattern to exclude ., .., .revision, .svn, debug.log or .cache in the filenames - $excludePattern = '@(\.revision|\.svn|debug\.log|\.cache|config\.php)$@'; - - $ds = getArrayFromDirectory($dir, '', FALSE, TRUE, array(), '.php', $excludePattern); - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'count(ds)='.count($ds)); - - // Walk through all entries - foreach ($ds as $d) { - // Generate proper FQFN - $FQFN = str_replace('//', '/', getPath() . $dir . '/' . $d); - - // Is it a file and readable? - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'dir=' . $dir . ',d=' . $d); - if (isFileReadable($FQFN)) { - // $FQFN is a readable file so extract the requested data from it - $check = extractRevisionInfoFromFile($FQFN, $lookFor); - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'File: ' . $d . ' found. check=' . $check); - - // Is the file more recent? - if ((!isset($last_changed[$lookFor])) || ($last_changed[$lookFor] < $check)) { - // This file is newer as the file before - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'NEWER!'); - $last_changed['path_name'] = $FQFN; - $last_changed[$lookFor] = $check; - } // END - if - } else { - // Not readable - /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'File: ' . $d . ' not readable or directory.'); - } - } // END - foreach -} - // Handles the braces [] of a field (e.g. value of 'name' attribute) function handleFieldWithBraces ($field) { // Are there braces [] at the end? @@ -2937,5 +2895,31 @@ function isThemeReadable ($theme) { return $GLOBALS[__FUNCTION__][$theme]; } +// Checks whether a given PHP extension is loaded or can be loaded at runtime +// +// Supported OS: Windows, Linux, (Mac?) +function isPhpExtensionLoaded ($extension) { + // Is the extension loaded? + if (extension_loaded($extension)) { + // All fine + return TRUE; + } // END - if + + // Try to load the extension + return loadLibrary($extension); +} + +// Loads given library (aka. PHP extension) +// Credits: shaunspiller at spammenot-gmail dot com ( http://de.php.net/dl#88566 ) +function loadLibrary ($n, $f = NULL) { + return extension_loaded($n) or dl(((PHP_SHLIB_SUFFIX === 'dll') ? 'php_' : '') . ($f ? $f : $n) . '.' . PHP_SHLIB_SUFFIX); +} + +// "Translates" given PHP extension name into a readable version +function translatePhpExtension ($extension) { + // Return the language element + return '{--PHP_EXTENSION_' . strtoupper($extension) . '--}'; +} + // [EOF] ?> diff --git a/inc/load_config.php b/inc/load_config.php index ee94c6f582..2ba4333af5 100644 --- a/inc/load_config.php +++ b/inc/load_config.php @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Lader fuer Konfiguration * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * @@ -43,7 +38,7 @@ if (!defined('__SECURITY')) { // Set some config entries which is required for installation phase setConfigEntry('OUTPUT_MODE' , 'render'); setConfigEntry('WRITE_FOOTER', 'Y'); -setConfigEntry('_DB_TYPE' , 'mysql3'); +setConfigEntry('_DB_TYPE' , 'mysql'); // Mark configuration as NOT loaded which is the default $GLOBALS['config_local_loaded'] = FALSE; diff --git a/inc/mysql-connect.php b/inc/mysql-connect.php index 5cd6a3cf45..4a6361853e 100644 --- a/inc/mysql-connect.php +++ b/inc/mysql-connect.php @@ -10,11 +10,6 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Verbindet zu Ihrer Datenbank * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * @@ -58,7 +53,6 @@ foreach ( array( 'sql', 'expression', 'filter', - 'revision', 'extensions') as $lib) { // Add it @@ -97,9 +91,6 @@ if (!isset($GLOBALS['__header_sent'])) { // Init fatal messages initFatalMessages(); -// Init repository data sub-system -initRepositoryData(); - // Enable HTML templates by default enableTemplateHtml(); @@ -130,7 +121,7 @@ if ((!isInstaller()) && (isInstalled())) { } // END - if // CFG: DATABASE-TYPE - setConfigEntry('_DB_TYPE', 'mysql3'); + setConfigEntry('_DB_TYPE', 'mysql'); // Set link as down unsetSqlLinkUp(__FILE__, __LINE__); @@ -142,7 +133,7 @@ if ((!isInstaller()) && (isInstalled())) { initMessages(); // Include more - foreach (array('databases', 'session', 'versions', 'install-functions', 'load_config', 'load_cache') as $inc) { + foreach (array('databases', 'session', 'install-functions', 'load_config', 'load_cache') as $inc) { // Load include file loadIncludeOnce('inc/' . $inc . '.php'); } // END - foreach -- 2.30.2