Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG (revision 1679)
+++ branches/2.8.x/CHANGELOG (revision 1680)
@@ -11,7 +11,14 @@
! = Update/Change
===============================================================================
-
+03 May-2012 Build 1680 Werner v.d.Decken(DarkViper)
+! renamed file class.database.php to Database.php
+! renamed class database into Database
++ classes SecurityException and SecDirectoryTraversalException added in globalExceptionHandler.php
++ CoreAutoloader() added in initialize.php
++ new Constants 'WB_REL' and 'DOCUMENT_ROOT' in initialize.php
+! class Database is able now to create multiple connections at same time
++ class ModLanguage added for easy handle of languages from modules
28 Apr-2012 Build 1679 Dietmar Woellbrink (Luisehahne)
+ add tool_icon.png to admintools
27 Apr-2012 Build 1678 Dietmar Woellbrink (Luisehahne)
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php (revision 1679)
+++ branches/2.8.x/wb/admin/interface/version.php (revision 1680)
@@ -51,5 +51,5 @@
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
if(!defined('VERSION')) define('VERSION', '2.8.3');
-if(!defined('REVISION')) define('REVISION', '1679');
+if(!defined('REVISION')) define('REVISION', '1680');
if(!defined('SP')) define('SP', '');
Index: branches/2.8.x/wb/framework/class.database.php
===================================================================
--- branches/2.8.x/wb/framework/class.database.php (revision 1679)
+++ branches/2.8.x/wb/framework/class.database.php (nonexistent)
@@ -1,456 +0,0 @@
-connect();
- // Check for database connection error
- if($this->is_error()) {
- die($this->get_error());
- }
- }
-
- // Connect to the database
- function connect() {
- $status = $this->db_handle = mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD);
- if(mysql_error()) {
- $this->connected = false;
- $this->error = mysql_error();
- } else {
- if(!mysql_select_db(DB_NAME)) {
- $this->connected = false;
- $this->error = mysql_error();
- } else {
- $this->db_name = DB_NAME;
- $this->connected = true;
- }
- }
- return $this->connected;
- }
-
- // Disconnect from the database
- function disconnect() {
- if($this->connected==true) {
- mysql_close();
- return true;
- } else {
- return false;
- }
- }
-
- // Run a query
- function query($statement) {
- $this->iQueryCount++;
- $mysql = new mysql();
- $mysql->query($statement);
- $this->set_error($mysql->error());
- if($mysql->error()) {
- return null;
- } else {
- return $mysql;
- }
- }
-
- // Gets the first column of the first row
- function get_one( $statement )
- {
- $this->iQueryCount++;
- $fetch_row = mysql_fetch_array(mysql_query($statement) );
- $result = $fetch_row[0];
- $this->set_error(mysql_error());
- if(mysql_error()) {
- return null;
- } else {
- return $result;
- }
- }
-
- // Set the DB error
- function set_error($message = null) {
- global $TABLE_DOES_NOT_EXIST, $TABLE_UNKNOWN;
- $this->error = $message;
- if(strpos($message, 'no such table')) {
- $this->error_type = $TABLE_DOES_NOT_EXIST;
- } else {
- $this->error_type = $TABLE_UNKNOWN;
- }
- }
-
- // Return true if there was an error
- function is_error() {
- return (!empty($this->error)) ? true : false;
- }
-
- // Return the error
- function get_error() {
- return $this->error;
- }
-
-/**
- * default Getter for some properties
- * @param string $sPropertyName
- * @return mixed NULL on error or missing property
- */
- public function __get($sPropertyName)
- {
- switch ($sPropertyName):
- case 'db_handle':
- case 'DbHandle':
- case 'getDbHandle':
- $retval = $this->db_handle;
- break;
- case 'db_name':
- case 'DbName':
- case 'getDbName':
- $retval = $this->db_name;
- break;
- case 'getQueryCount':
- $retval = $this->iQueryCount;
- break;
- default:
- $retval = null;
- break;
- endswitch;
- return $retval;
- } // __get()
-
-/*
- * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
- * @param string $field_name: name of the field to seek for
- * @return bool: true if field exists
- */
- public function field_exists($table_name, $field_name)
- {
- $sql = 'DESCRIBE `'.$table_name.'` `'.$field_name.'` ';
- $query = $this->query($sql);
- return ($query->numRows() != 0);
- }
-
-/*
- * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
- * @param string $index_name: name of the index to seek for
- * @return bool: true if field exists
- */
- public function index_exists($table_name, $index_name, $number_fields = 0)
- {
- $number_fields = intval($number_fields);
- $keys = 0;
- $sql = 'SHOW INDEX FROM `'.$table_name.'`';
- if( ($res_keys = $this->query($sql)) )
- {
- while(($rec_key = $res_keys->fetchRow()))
- {
- if( $rec_key['Key_name'] == $index_name )
- {
- $keys++;
- }
- }
-
- }
- if( $number_fields == 0 )
- {
- return ($keys != $number_fields);
- }else
- {
- return ($keys == $number_fields);
- }
- }
-/*
- * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
- * @param string $field_name: name of the field to add
- * @param string $description: describes the new field like ( INT NOT NULL DEFAULT '0')
- * @return bool: true if successful, otherwise false and error will be set
- */
- public function field_add($table_name, $field_name, $description)
- {
- if( !$this->field_exists($table_name, $field_name) )
- { // add new field into a table
- $sql = 'ALTER TABLE `'.$table_name.'` ADD '.$field_name.' '.$description.' ';
- $query = $this->query($sql);
- $this->set_error(mysql_error());
- if( !$this->is_error() )
- {
- return ( $this->field_exists($table_name, $field_name) ) ? true : false;
- }
- }else
- {
- $this->set_error('field \''.$field_name.'\' already exists');
- }
- return false;
- }
-
-/*
- * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
- * @param string $field_name: name of the field to add
- * @param string $description: describes the new field like ( INT NOT NULL DEFAULT '0')
- * @return bool: true if successful, otherwise false and error will be set
- */
- public function field_modify($table_name, $field_name, $description)
- {
- $retval = false;
- if( $this->field_exists($table_name, $field_name) )
- { // modify a existing field in a table
- $sql = 'ALTER TABLE `'.$table_name.'` MODIFY `'.$field_name.'` '.$description;
- $retval = ( $this->query($sql) ? true : false);
- $this->set_error(mysql_error());
- }
- return $retval;
- }
-
-/*
- * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
- * @param string $field_name: name of the field to remove
- * @return bool: true if successful, otherwise false and error will be set
- */
- public function field_remove($table_name, $field_name)
- {
- $retval = false;
- if( $this->field_exists($table_name, $field_name) )
- { // modify a existing field in a table
- $sql = 'ALTER TABLE `'.$table_name.'` DROP `'.$field_name.'`';
- $retval = ( $this->query($sql) ? true : false );
- }
- return $retval;
- }
-
-/*
- * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
- * @param string $index_name: name of the new index
- * @param string $field_list: comma seperated list of fields for this index
- * @param string $index_type: kind of index (UNIQUE, PRIMARY, '')
- * @return bool: true if successful, otherwise false and error will be set
- */
- public function index_add($table_name, $index_name, $field_list, $index_type = '')
- {
- $retval = false;
- $field_list = str_replace(' ', '', $field_list);
- $field_list = explode(',', $field_list);
- $number_fields = sizeof($field_list);
- $field_list = '`'.implode('`,`', $field_list).'`';
- if( $this->index_exists($table_name, $index_name, $number_fields) ||
- $this->index_exists($table_name, $index_name))
- {
- $sql = 'ALTER TABLE `'.$table_name.'` ';
- $sql .= 'DROP INDEX `'.$index_name.'`';
- if( $this->query($sql))
- {
- $sql = 'ALTER TABLE `'.$table_name.'` ';
- $sql .= 'ADD '.$index_type.' `'.$index_name.'` ( '.$field_list.' ); ';
- if( $this->query($sql)) { $retval = true; }
- }
- }
- return $retval;
- }
-
-/*
- * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
- * @param string $field_name: name of the field to remove
- * @return bool: true if successful, otherwise false and error will be set
- */
- public function index_remove($table_name, $index_name)
- {
- $retval = false;
- if( $this->index_exists($table_name, $index_name) )
- { // modify a existing field in a table
- $sql = 'ALTER TABLE `'.$table_name.'` DROP INDEX `'.$index_name.'`';
- $retval = ( $this->query($sql) ? true : false );
- }
- return $retval;
- }
-/**
- * Import a standard *.sql dump file
- * @param string $sSqlDump link to the sql-dumpfile
- * @param string $sTablePrefix
- * @param bool $bPreserve set to true will ignore all DROP TABLE statements
- * @param string $sTblEngine
- * @param string $sTblCollation
- * @return boolean true if import successful
- */
- public function SqlImport($sSqlDump,
- $sTablePrefix = '',
- $bPreserve = true,
- $sTblEngine = 'ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci',
- $sTblCollation = ' collate utf8_unicode_ci')
- {
- $retval = true;
- $this->error = '';
- $aSearch = array('{TABLE_PREFIX}','{TABLE_ENGINE}', '{TABLE_COLLATION}');
- $aReplace = array($sTablePrefix, $sTblEngine, $sTblCollation);
- $sql = '';
- $aSql = file($sSqlDump);
- while ( sizeof($aSql) > 0 ) {
- $sSqlLine = trim(array_shift($aSql));
- if (!preg_match('/^[-\/]+.*/', $sSqlLine)) {
- $sql = $sql.' '.$sSqlLine;
- if ((substr($sql,-1,1) == ';')) {
- $sql = trim(str_replace( $aSearch, $aReplace, $sql));
- if (!($bPreserve && preg_match('/^\s*DROP TABLE IF EXISTS/siU', $sql))) {
- if(!mysql_query($sql, $this->db_handle)) {
- $retval = false;
- $this->error = mysql_error($this->db_handle);
- unset($aSql);
- break;
- }
- }
- $sql = '';
- }
- }
- }
- return $retval;
- }
-
-/**
- * retuns the type of the engine used for requested table
- * @param string $table name of the table, including prefix
- * @return boolean/string false on error, or name of the engine (myIsam/InnoDb)
- */
- public function getTableEngine($table)
- {
- $retVal = false;
- $mysqlVersion = mysql_get_server_info($this->db_handle);
- $engineValue = (version_compare($mysqlVersion, '5.0') < 0) ? 'Type' : 'Engine';
- $sql = "SHOW TABLE STATUS FROM " . $this->db_name . " LIKE '" . $table . "'";
- if(($result = $this->query($sql))) {
- if(($row = $result->fetchRow(MYSQL_ASSOC))) {
- $retVal = $row[$engineValue];
- }
- }
- return $retVal;
- }
-
-
-} /// end of class database
-
-define('MYSQL_SEEK_FIRST', 0);
-define('MYSQL_SEEK_LAST', -1);
-
-class mysql {
-
- // Run a query
- function query($statement) {
- $this->result = mysql_query($statement);
- $this->error = mysql_error();
- return $this->result;
- }
-
- // Fetch num rows
- function numRows() {
- return mysql_num_rows($this->result);
- }
-
- // Fetch row $typ = MYSQL_ASSOC, MYSQL_NUM, MYSQL_BOTH
- function fetchRow($typ = MYSQL_BOTH) {
- return mysql_fetch_array($this->result, $typ);
- }
-
- function rewind()
- {
- return $this->seekRow();
- }
-
- function seekRow( $position = MYSQL_SEEK_FIRST )
- {
- $pmax = $this->numRows() - 1;
- $p = (($position < 0 || $position > $pmax) ? $pmax : $position);
- return mysql_data_seek($this->result, $p);
- }
-
- // Get error
- function error() {
- if(isset($this->error)) {
- return $this->error;
- } else {
- return null;
- }
- }
-
-}
-/* this function is placed inside this file temporarely until a better place is found */
-/* function to update a var/value-pair(s) in table ****************************
- * nonexisting keys are inserted
- * @param string $table: name of table to use (without prefix)
- * @param mixed $key: a array of key->value pairs to update
- * or a string with name of the key to update
- * @param string $value: a sting with needed value, if $key is a string too
- * @return bool: true if any keys are updated, otherwise false
- */
- function db_update_key_value($table, $key, $value = '')
- {
- global $database;
- if( !is_array($key))
- {
- if( trim($key) != '' )
- {
- $key = array( trim($key) => trim($value) );
- } else {
- $key = array();
- }
- }
- $retval = true;
- foreach( $key as $index=>$val)
- {
- $index = strtolower($index);
- $sql = 'SELECT COUNT(`setting_id`) FROM `'.TABLE_PREFIX.$table.'` WHERE `name` = \''.$index.'\' ';
- if($database->get_one($sql))
- {
- $sql = 'UPDATE ';
- $sql_where = 'WHERE `name` = \''.$index.'\'';
- }else {
- $sql = 'INSERT INTO ';
- $sql_where = '';
- }
- $sql .= '`'.TABLE_PREFIX.$table.'` ';
- $sql .= 'SET `name` = \''.$index.'\', ';
- $sql .= '`value` = \''.$val.'\' '.$sql_where;
- if( !$database->query($sql) )
- {
- $retval = false;
- }
- }
- return $retval;
- }
Property changes on: branches/2.8.x/wb/framework/class.database.php
___________________________________________________________________
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Deleted: svn:keywords
## -1,4 +0,0 ##
-Id
-Revision
-HeadURL
-Date
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property
Index: branches/2.8.x/wb/framework/initialize.php
===================================================================
--- branches/2.8.x/wb/framework/initialize.php (revision 1679)
+++ branches/2.8.x/wb/framework/initialize.php (revision 1680)
@@ -49,31 +49,54 @@
}
$_SERVER['HTTP_REFERER'] = $sTmpReferer;
}
-
-$starttime = array_sum(explode(" ",microtime()));
-if(!defined('DEBUG')){ define('DEBUG', false); }// Include config file
-if( !defined('ADMIN_DIRECTORY')) { define('ADMIN_DIRECTORY', 'admin'); }
-if(!preg_match('/xx[a-z0-9_][a-z0-9_\-\.]+/i', 'xx'.ADMIN_DIRECTORY)) {
- throw new RuntimeException('Invalid admin-directory: ' . ADMIN_DIRECTORY);
-}
-
-if( !defined('ADMIN_URL')) { define('ADMIN_URL', WB_URL.'/'.ADMIN_DIRECTORY); }
-if( !defined('WB_PATH')) { define('WB_PATH', dirname(dirname(__FILE__))); }
-if( !defined('ADMIN_PATH')) { define('ADMIN_PATH', WB_PATH.'/'.ADMIN_DIRECTORY); }
-
-if (file_exists(WB_PATH.'/framework/class.database.php')) {
- // sanitize $_SERVER['HTTP_REFERER']
- SanitizeHttpReferer(WB_URL);
+/* -------------------------------------------------------- */
+/**
+ * Autoloader to load classes according to the new WB-2.9 standard
+ * @param string $sClassName name of the requested class
+ */
+ function CoreAutoloader($sClassName) {
+ $iCount = 0;
+ $aSearch = array('/^m_/i', '/^a_/i');
+ $aReplace = array('modules_', ADMIN_DIRECTORY.'_' );
+ $sClassName = preg_replace($aSearch, $aReplace, $sClassName, 1, $iCount);
+ if(!$iCount) { $sClassName = 'framework_'.$sClassName; }
+ $sFileName = WB_PATH.'/'.str_replace('_', '/', $sClassName).'.php';
+ if(file_exists($sFileName)) {
+ include($sFileName);
+ }
+ }
+/* -------------------------------------------------------- */
+ function SetInstallPathConstants() {
+ if(!defined('DEBUG')){ define('DEBUG', false); }// Include config file
+ if(!defined('ADMIN_DIRECTORY')){ define('ADMIN_DIRECTORY', 'admin'); }
+ if(!preg_match('/xx[a-z0-9_][a-z0-9_\-\.]+/i', 'xx'.ADMIN_DIRECTORY)) {
+ throw new RuntimeException('Invalid admin-directory: ' . ADMIN_DIRECTORY);
+ }
+ if(!defined('WB_PATH')){ define('WB_PATH', dirname(dirname(__FILE__))); }
+ if(!defined('ADMIN_URL')){ define('ADMIN_URL', WB_URL.'/'.ADMIN_DIRECTORY); }
+ if(!defined('ADMIN_PATH')){ define('ADMIN_PATH', WB_PATH.'/'.ADMIN_DIRECTORY); }
+ if(!defined('WB_REL')){
+ $x1 = parse_url(WB_URL);
+ define('WB_REL', (isset($x1['path']) ? $x1['path'] : ''));
+ }
+ if(!defined('DOCUMENT_ROOT')) {
+ define('DOCUMENT_ROOT', preg_replace('/'.preg_quote(WB_REL, '/').'$/', '', WB_PATH));
+ }
+ }
+/* -------------------------------------------------------- */
+ $starttime = array_sum(explode(" ",microtime()));
+ SetInstallPathConstants();
+ SanitizeHttpReferer(WB_URL); // sanitize $_SERVER['HTTP_REFERER']
+ spl_autoload_register('CoreAutoloader'); // activate core autoloader
date_default_timezone_set('UTC');
- require_once(WB_PATH.'/framework/class.database.php');
-
// Create database class
- $database = new database();
-
- if(version_compare(PHP_VERSION, '5.3.0', '<'))
- {
- set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
- }
+ $database = new Database();
+ // disable all kind of magic_quotes
+ if(get_magic_quotes_gpc() || get_magic_quotes_runtime()) {
+ @ini_set('magic_quotes_sybase', 0);
+ @ini_set('magic_quotes_gpc', 0);
+ @ini_set('magic_quotes_runtime', 0);
+ }
// Get website settings (title, keywords, description, header, and footer)
$query_settings = "SELECT name,value FROM ".TABLE_PREFIX."settings";
$get_settings = $database->query($query_settings);
@@ -133,7 +156,7 @@
// Get users language
if(isset($_GET['lang']) AND $_GET['lang'] != '' AND !is_numeric($_GET['lang']) AND strlen($_GET['lang']) == 2) {
- define('LANGUAGE', strtoupper($_GET['lang']));
+ define('LANGUAGE', strtoupper($_GET['lang']));
$_SESSION['LANGUAGE']=LANGUAGE;
} else {
if(isset($_SESSION['LANGUAGE']) AND $_SESSION['LANGUAGE'] != '') {
@@ -142,7 +165,7 @@
define('LANGUAGE', DEFAULT_LANGUAGE);
}
}
-
+
// Load Language file
if(!defined('LANGUAGE_LOADED')) {
if(!file_exists(WB_PATH.'/languages/'.LANGUAGE.'.php')) {
@@ -151,7 +174,7 @@
require_once(WB_PATH.'/languages/'.LANGUAGE.'.php');
}
}
-
+
// Get users timezone
if(isset($_SESSION['TIMEZONE'])) {
define('TIMEZONE', $_SESSION['TIMEZONE']);
@@ -175,9 +198,7 @@
define('THEME_URL', WB_URL.'/templates/'.DEFAULT_THEME);
define('THEME_PATH', WB_PATH.'/templates/'.DEFAULT_THEME);
- // extended wb_settings
+ // extended wb_settings
define('EDIT_ONE_SECTION', false);
define('EDITOR_WIDTH', 0);
-
-}
\ No newline at end of file
Index: branches/2.8.x/wb/framework/Database.php
===================================================================
--- branches/2.8.x/wb/framework/Database.php (nonexistent)
+++ branches/2.8.x/wb/framework/Database.php (revision 1680)
@@ -0,0 +1,479 @@
+_scheme = isset($aIni['scheme']) ? $aIni['scheme'] : 'mysql';
+ $this->_hostname = isset($aIni['host']) ? $aIni['host'] : '';
+ $this->_username = isset($aIni['user']) ? $aIni['user'] : '';
+ $this->_password = isset($aIni['pass']) ? $aIni['pass'] : '';
+ $this->_hostport = isset($aIni['port']) ? $aIni['port'] : '3306';
+ $this->_hostport = $this->_hostport == '3306' ? '' : ':'.$this->_hostport;
+ $this->_db_name = ltrim(isset($aIni['path']) ? $aIni['path'] : '', '/\\');
+ }else {
+ $this->_hostname = DB_HOST;
+ $this->_username = DB_USERNAME;
+ $this->_password = DB_PASSWORD;
+ $this->_hostport = '';
+ $this->_db_name = DB_NAME;
+ }
+ // Connect to database
+ $this->connect();
+ }
+
+ // Connect to the database
+ function connect() {
+ $this->_db_handle = mysql_connect($this->_hostname.$this->_hostport,
+ $this->_username,
+ $this->_password);
+ if(!$this->_db_handle) {
+ throw new RuntimeException('unable to connect \''.$this->_scheme.'://'.
+ $this->_hostname.$this->_hostport.'\'');
+ } else {
+ if(!mysql_select_db($this->_db_name)) {
+ throw new RuntimeException('unable to select database \''.$this->_db_name.
+ '\' on \''.$this->_scheme.'://'.
+ $this->_hostname.$this->_hostport.'\'');
+ } else {
+ $this->connected = true;
+ }
+ }
+ return $this->connected;
+ }
+
+ // Disconnect from the database
+ function disconnect() {
+ if($this->connected==true) {
+ mysql_close($this->_db_handle);
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ // Run a query
+ function query($statement) {
+ $this->iQueryCount++;
+ $mysql = new mysql();
+ $mysql->query($statement, $this->_db_handle);
+ $this->set_error($mysql->error($this->_db_handle));
+ if($mysql->error($this->_db_handle)) {
+ return null;
+ } else {
+ return $mysql;
+ }
+ }
+
+ // Gets the first column of the first row
+ function get_one( $statement )
+ {
+ $this->iQueryCount++;
+ $fetch_row = mysql_fetch_array(mysql_query($statement, $this->_db_handle));
+ $result = $fetch_row[0];
+ $this->set_error(mysql_error($this->_db_handle));
+ if(mysql_error($this->_db_handle)) {
+ return null;
+ } else {
+ return $result;
+ }
+ }
+
+ // Set the DB error
+ function set_error($message = null) {
+ global $TABLE_DOES_NOT_EXIST, $TABLE_UNKNOWN;
+ $this->error = $message;
+ if(strpos($message, 'no such table')) {
+ $this->error_type = $TABLE_DOES_NOT_EXIST;
+ } else {
+ $this->error_type = $TABLE_UNKNOWN;
+ }
+ }
+
+ // Return true if there was an error
+ function is_error() {
+ return (!empty($this->error)) ? true : false;
+ }
+
+ // Return the error
+ function get_error() {
+ return $this->error;
+ }
+
+/**
+ * default Getter for some properties
+ * @param string $sPropertyName
+ * @return mixed NULL on error or missing property
+ */
+ public function __get($sPropertyName)
+ {
+ switch ($sPropertyName):
+ case 'db_handle':
+ case 'DbHandle':
+ case 'getDbHandle':
+ $retval = $this->_db_handle;
+ break;
+ case 'db_name':
+ case 'DbName':
+ case 'getDbName':
+ $retval = $this->_db_name;
+ break;
+ case 'getQueryCount':
+ $retval = $this->iQueryCount;
+ break;
+ default:
+ $retval = null;
+ break;
+ endswitch;
+ return $retval;
+ } // __get()
+
+/*
+ * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
+ * @param string $field_name: name of the field to seek for
+ * @return bool: true if field exists
+ */
+ public function field_exists($table_name, $field_name)
+ {
+ $sql = 'DESCRIBE `'.$table_name.'` `'.$field_name.'` ';
+ $query = $this->query($sql, $this->_db_handle);
+ return ($query->numRows() != 0);
+ }
+
+/*
+ * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
+ * @param string $index_name: name of the index to seek for
+ * @return bool: true if field exists
+ */
+ public function index_exists($table_name, $index_name, $number_fields = 0)
+ {
+ $number_fields = intval($number_fields);
+ $keys = 0;
+ $sql = 'SHOW INDEX FROM `'.$table_name.'`';
+ if( ($res_keys = $this->query($sql, $this->_db_handle)) )
+ {
+ while(($rec_key = $res_keys->fetchRow()))
+ {
+ if( $rec_key['Key_name'] == $index_name )
+ {
+ $keys++;
+ }
+ }
+
+ }
+ if( $number_fields == 0 )
+ {
+ return ($keys != $number_fields);
+ }else
+ {
+ return ($keys == $number_fields);
+ }
+ }
+/*
+ * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
+ * @param string $field_name: name of the field to add
+ * @param string $description: describes the new field like ( INT NOT NULL DEFAULT '0')
+ * @return bool: true if successful, otherwise false and error will be set
+ */
+ public function field_add($table_name, $field_name, $description)
+ {
+ if( !$this->field_exists($table_name, $field_name) )
+ { // add new field into a table
+ $sql = 'ALTER TABLE `'.$table_name.'` ADD '.$field_name.' '.$description.' ';
+ $query = $this->query($sql, $this->_db_handle);
+ $this->set_error(mysql_error($this->_db_handle));
+ if( !$this->is_error() )
+ {
+ return ( $this->field_exists($table_name, $field_name) ) ? true : false;
+ }
+ }else
+ {
+ $this->set_error('field \''.$field_name.'\' already exists');
+ }
+ return false;
+ }
+
+/*
+ * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
+ * @param string $field_name: name of the field to add
+ * @param string $description: describes the new field like ( INT NOT NULL DEFAULT '0')
+ * @return bool: true if successful, otherwise false and error will be set
+ */
+ public function field_modify($table_name, $field_name, $description)
+ {
+ $retval = false;
+ if( $this->field_exists($table_name, $field_name) )
+ { // modify a existing field in a table
+ $sql = 'ALTER TABLE `'.$table_name.'` MODIFY `'.$field_name.'` '.$description;
+ $retval = ( $this->query($sql, $this->_db_handle) ? true : false);
+ $this->set_error(mysql_error());
+ }
+ return $retval;
+ }
+
+/*
+ * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
+ * @param string $field_name: name of the field to remove
+ * @return bool: true if successful, otherwise false and error will be set
+ */
+ public function field_remove($table_name, $field_name)
+ {
+ $retval = false;
+ if( $this->field_exists($table_name, $field_name) )
+ { // modify a existing field in a table
+ $sql = 'ALTER TABLE `'.$table_name.'` DROP `'.$field_name.'`';
+ $retval = ( $this->query($sql, $this->_db_handle) ? true : false );
+ }
+ return $retval;
+ }
+
+/*
+ * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
+ * @param string $index_name: name of the new index
+ * @param string $field_list: comma seperated list of fields for this index
+ * @param string $index_type: kind of index (UNIQUE, PRIMARY, '')
+ * @return bool: true if successful, otherwise false and error will be set
+ */
+ public function index_add($table_name, $index_name, $field_list, $index_type = '')
+ {
+ $retval = false;
+ $field_list = str_replace(' ', '', $field_list);
+ $field_list = explode(',', $field_list);
+ $number_fields = sizeof($field_list);
+ $field_list = '`'.implode('`,`', $field_list).'`';
+ if( $this->index_exists($table_name, $index_name, $number_fields) ||
+ $this->index_exists($table_name, $index_name))
+ {
+ $sql = 'ALTER TABLE `'.$table_name.'` ';
+ $sql .= 'DROP INDEX `'.$index_name.'`';
+ if( $this->query($sql, $this->_db_handle))
+ {
+ $sql = 'ALTER TABLE `'.$table_name.'` ';
+ $sql .= 'ADD '.$index_type.' `'.$index_name.'` ( '.$field_list.' ); ';
+ if( $this->query($sql, $this->_db_handle)) { $retval = true; }
+ }
+ }
+ return $retval;
+ }
+
+/*
+ * @param string $table_name: full name of the table (incl. TABLE_PREFIX)
+ * @param string $field_name: name of the field to remove
+ * @return bool: true if successful, otherwise false and error will be set
+ */
+ public function index_remove($table_name, $index_name)
+ {
+ $retval = false;
+ if( $this->index_exists($table_name, $index_name) )
+ { // modify a existing field in a table
+ $sql = 'ALTER TABLE `'.$table_name.'` DROP INDEX `'.$index_name.'`';
+ $retval = ( $this->query($sql, $this->_db_handle) ? true : false );
+ }
+ return $retval;
+ }
+/**
+ * Import a standard *.sql dump file
+ * @param string $sSqlDump link to the sql-dumpfile
+ * @param string $sTablePrefix
+ * @param bool $bPreserve set to true will ignore all DROP TABLE statements
+ * @param string $sTblEngine
+ * @param string $sTblCollation
+ * @return boolean true if import successful
+ */
+ public function SqlImport($sSqlDump,
+ $sTablePrefix = '',
+ $bPreserve = true,
+ $sTblEngine = 'ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci',
+ $sTblCollation = ' collate utf8_unicode_ci')
+ {
+ $retval = true;
+ $this->error = '';
+ $aSearch = array('{TABLE_PREFIX}','{TABLE_ENGINE}', '{TABLE_COLLATION}');
+ $aReplace = array($sTablePrefix, $sTblEngine, $sTblCollation);
+ $sql = '';
+ $aSql = file($sSqlDump);
+ while ( sizeof($aSql) > 0 ) {
+ $sSqlLine = trim(array_shift($aSql));
+ if (!preg_match('/^[-\/]+.*/', $sSqlLine)) {
+ $sql = $sql.' '.$sSqlLine;
+ if ((substr($sql,-1,1) == ';')) {
+ $sql = trim(str_replace( $aSearch, $aReplace, $sql));
+ if (!($bPreserve && preg_match('/^\s*DROP TABLE IF EXISTS/siU', $sql))) {
+ if(!mysql_query($sql, $this->_db_handle)) {
+ $retval = false;
+ $this->error = mysql_error($this->_db_handle);
+ unset($aSql);
+ break;
+ }
+ }
+ $sql = '';
+ }
+ }
+ }
+ return $retval;
+ }
+
+/**
+ * retuns the type of the engine used for requested table
+ * @param string $table name of the table, including prefix
+ * @return boolean/string false on error, or name of the engine (myIsam/InnoDb)
+ */
+ public function getTableEngine($table)
+ {
+ $retVal = false;
+ $mysqlVersion = mysql_get_server_info($this->_db_handle);
+ $engineValue = (version_compare($mysqlVersion, '5.0') < 0) ? 'Type' : 'Engine';
+ $sql = "SHOW TABLE STATUS FROM " . $this->_db_name . " LIKE '" . $table . "'";
+ if(($result = $this->query($sql, $this->_db_handle))) {
+ if(($row = $result->fetchRow(MYSQL_ASSOC))) {
+ $retVal = $row[$engineValue];
+ }
+ }
+ return $retVal;
+ }
+
+
+} /// end of class database
+
+define('MYSQL_SEEK_FIRST', 0);
+define('MYSQL_SEEK_LAST', -1);
+
+class mysql {
+
+ private $result = null;
+ private $_db_handle = null;
+ // Run a query
+ function query($statement, $dbHandle) {
+ $this->_db_handle = $dbHandle;
+ $this->result = mysql_query($statement, $this->_db_handle);
+ $this->error = mysql_error($this->_db_handle);
+ return $this->result;
+ }
+
+ // Fetch num rows
+ function numRows() {
+ return mysql_num_rows($this->result);
+ }
+
+ // Fetch row $typ = MYSQL_ASSOC, MYSQL_NUM, MYSQL_BOTH
+ function fetchRow($typ = MYSQL_BOTH) {
+ return mysql_fetch_array($this->result, $typ);
+ }
+
+ function rewind()
+ {
+ return $this->seekRow();
+ }
+
+ function seekRow( $position = MYSQL_SEEK_FIRST )
+ {
+ $pmax = $this->numRows() - 1;
+ $p = (($position < 0 || $position > $pmax) ? $pmax : $position);
+ return mysql_data_seek($this->result, $p);
+ }
+
+ // Get error
+ function error() {
+ if(isset($this->error)) {
+ return $this->error;
+ } else {
+ return null;
+ }
+ }
+
+}
+/* this function is placed inside this file temporarely until a better place is found */
+/* function to update a var/value-pair(s) in table ****************************
+ * nonexisting keys are inserted
+ * @param string $table: name of table to use (without prefix)
+ * @param mixed $key: a array of key->value pairs to update
+ * or a string with name of the key to update
+ * @param string $value: a sting with needed value, if $key is a string too
+ * @return bool: true if any keys are updated, otherwise false
+ */
+ function db_update_key_value($table, $key, $value = '')
+ {
+ global $database;
+ if( !is_array($key))
+ {
+ if( trim($key) != '' )
+ {
+ $key = array( trim($key) => trim($value) );
+ } else {
+ $key = array();
+ }
+ }
+ $retval = true;
+ foreach( $key as $index=>$val)
+ {
+ $index = strtolower($index);
+ $sql = 'SELECT COUNT(`setting_id`) '
+ . 'FROM `'.TABLE_PREFIX.$table.'` '
+ . 'WHERE `name` = \''.$index.'\' ';
+ if($database->get_one($sql))
+ {
+ $sql = 'UPDATE ';
+ $sql_where = 'WHERE `name` = \''.$index.'\'';
+ }else {
+ $sql = 'INSERT INTO ';
+ $sql_where = '';
+ }
+ $sql .= '`'.TABLE_PREFIX.$table.'` ';
+ $sql .= 'SET `name` = \''.$index.'\', ';
+ $sql .= '`value` = \''.$val.'\' '.$sql_where;
+ if( !$database->query($sql) )
+ {
+ $retval = false;
+ }
+ }
+ return $retval;
+ }
Property changes on: branches/2.8.x/wb/framework/Database.php
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1,4 ##
+Id
+Revision
+HeadURL
+Date
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: branches/2.8.x/wb/framework/class.wb.php
===================================================================
--- branches/2.8.x/wb/framework/class.wb.php (revision 1679)
+++ branches/2.8.x/wb/framework/class.wb.php (revision 1680)
@@ -23,12 +23,8 @@
/* -------------------------------------------------------- */
// Include PHPLIB template class
require_once(WB_PATH."/include/phplib/template.inc");
-
-require_once(WB_PATH.'/framework/class.database.php');
-
// Include new wbmailer class (subclass of PHPmailer)
require_once(WB_PATH."/framework/class.wbmailer.php");
-
//require_once(WB_PATH."/framework/SecureForm.php");
class wb extends SecureForm
Index: branches/2.8.x/wb/framework/globalExceptionHandler.php
===================================================================
--- branches/2.8.x/wb/framework/globalExceptionHandler.php (revision 1679)
+++ branches/2.8.x/wb/framework/globalExceptionHandler.php (revision 1680)
@@ -51,6 +51,15 @@
}
} // end of class
+/* -- several security exceptions ----------------------------------------------------- */
+ class SecurityException extends RuntimeException { }
+
+ class SecDirectoryTraversalException extends SecurityException {
+ public function __toString() {
+ return 'possible directory traversal attack';
+ }
+ }
+/* ------------------------------------------------------------------------------------ */
/**
*
* @param Exception $e
@@ -59,12 +68,21 @@
// hide server internals from filename where the exception was thrown
$file = str_replace(dirname(dirname(__FILE__)), '', $e->getFile());
// select some exceptions for special handling
- if ($e instanceof IllegalFileException) {
+ if ($e instanceof SecurityException) {
+ $out = 'Exception: "'.(string)$e.'" @ ';
+ $trace = $e->getTrace();
+ if($trace[0]['class'] != '') {
+ $out .= $trace[0]['class'].'->';
+ }
+ $out .= $trace[0]['function'].'();
';
+ $out .= 'in "'.$file.'"'."\n";
+ echo $out;
+ }elseif ($e instanceof IllegalFileException) {
$sResponse = $_SERVER['SERVER_PROTOCOL'].' 403 Forbidden';
header($sResponse);
echo $e;
}elseif($e instanceof RuntimeException) {
- $out ='There was a serious runtime error:'."\n";
+ $out = 'There was a serious runtime error:'."\n";
$out .= $e->getMessage()."\n";
$out .= 'in line ('.$e->getLine().') of ('.$file.')'."\n";
echo $out;
Index: branches/2.8.x/wb/framework/ModLanguage.php
===================================================================
--- branches/2.8.x/wb/framework/ModLanguage.php (nonexistent)
+++ branches/2.8.x/wb/framework/ModLanguage.php (revision 1680)
@@ -0,0 +1,146 @@
+_sLanguageDirectory != $sLangDir ||
+ $this->_sCurrentLanguage != $sLanguage ||
+ $this->_sDefaultLanguage != $sDefault)
+ {
+ $this->_sLanguageDirectory = rtrim($sLangDir, '/').'/';
+ $this->_sCurrentLanguage = $sLanguage;
+ $this->_sDefaultLanguage = $sDefault;
+
+ if(!$this->_findLanguageFile()) {
+ $msg = 'unable to find valid language definition file in
';
+ $msg .= '"'.str_replace($sBasePath, '', $this->_sLanguageDirectory).'"';
+ throw new TranslationException($msg);
+ }
+ $this->_importArrays();
+ }
+ $this->_bLoaded = (sizeof($this->_LanguageTable) > 0);
+ }
+/**
+ * return requested translation for a key
+ * @param string $sLanguageKey 2-uppercase letters language code
+ * @return string found translation or empty string
+ */
+ public function __get($sLanguageKey)
+ {
+ $sRetval = (isset($this->_LanguageTable[$sLanguageKey])
+ ? $this->_LanguageTable[$sLanguageKey] : '{missing: '.$sLanguageKey.'}');
+ return $sRetval;
+ }
+/**
+ * returns the whoole language array for use in templateengine
+ * @return array
+ */
+ public function getLangArray()
+ {
+ return $this->_LanguageTable;
+ }
+/**
+ * search language file in order: LANGUAGE - DEFAULT_LANGUAGE - FIRST_FOUND
+ * @return boolean
+ */
+ private function _findLanguageFile()
+ {
+ $bMatch = false;
+ $dir = $this->_sLanguageDirectory;
+ if(is_readable($dir.$this->_sCurrentLanguage.'.php')) {
+ // check actual language
+ $this->_sLanguageFile = $dir.$this->_sCurrentLanguage.'.php';
+ $bMatch = true;
+ }else {
+ if(is_readable($dir.$this->_sDefaultLanguage.'.php')) {
+ // check default language
+ $this->_sLanguageFile = $dir.$this->_sDefaultLanguage.'.php';
+ $bMatch = true;
+ }else {
+ // search for first available and readable language file
+ if(is_readable($dir)) {
+ $iterator = new DirectoryIterator($dir);
+ foreach ($iterator as $fileinfo) {
+ if(!preg_match('/^[A-Z]{2}\.php$/', $fileinfo->getBasename())) { continue; }
+ $sLanguageFile = str_replace('\\', '/', $fileinfo->getPathname());
+ if(is_readable($sLanguageFile)) {
+ $this->_sLanguageFile = $sLanguageFile;
+ $bMatch = true;
+ break;
+ }
+ }
+ }
+ }
+ }
+ return $bMatch;
+ }
+/**
+ * import key-values from language file
+ */
+ private function _importArrays()
+ {
+ include($this->_sLanguageFile);
+ $aLangSections = array('HEADING', 'TEXT', 'MESSAGE', 'MENU', 'OVERVIEW', 'GENERIC');
+ foreach($aLangSections as $sSection) {
+ if(isset(${$sSection}) && is_array(${$sSection})) {
+ foreach(${$sSection} as $key => $value) {
+ $this->_LanguageTable[$sSection.'_'.$key] = $value;
+ }
+ }
+ }
+ }
+} // end class Translate
+/**
+ * Exception class for Translation
+ */
+class TranslationException extends AppException {}
+
Property changes on: branches/2.8.x/wb/framework/ModLanguage.php
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+Date Author Id Revision HeadURL
\ No newline at end of property
Index: branches/2.8.x/wb/framework
===================================================================
--- branches/2.8.x/wb/framework (revision 1679)
+++ branches/2.8.x/wb/framework (revision 1680)
Property changes on: branches/2.8.x/wb/framework
___________________________________________________________________
Modified: svn:ignore
## -1,2 +1,3 ##
JSIncluder.php
+Module
SecFormNt.php