Revision 2015
Added by darkviper almost 11 years ago
initialize.php | ||
---|---|---|
37 | 37 |
* sanitize $_SERVER['HTTP_REFERER'] |
38 | 38 |
* @param string $sWbUrl qualified startup URL of current application |
39 | 39 |
*/ |
40 |
function SanitizeHttpReferer($sWbUrl = WB_URL) {
|
|
40 |
function initSanitizeHttpReferer($sWbUrl) {
|
|
41 | 41 |
$sTmpReferer = ''; |
42 | 42 |
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') { |
43 |
$sTmpReferer = $_SERVER['HTTP_REFERER']; |
|
43 | 44 |
$aRefUrl = parse_url($_SERVER['HTTP_REFERER']); |
44 | 45 |
if ($aRefUrl !== false) { |
45 | 46 |
$aRefUrl['host'] = isset($aRefUrl['host']) ? $aRefUrl['host'] : ''; |
46 | 47 |
$aRefUrl['path'] = isset($aRefUrl['path']) ? $aRefUrl['path'] : ''; |
47 | 48 |
$aRefUrl['fragment'] = isset($aRefUrl['fragment']) ? '#'.$aRefUrl['fragment'] : ''; |
48 |
$aWbUrl = parse_url(WB_URL);
|
|
49 |
$aWbUrl = parse_url($sWbUrl);
|
|
49 | 50 |
if ($aWbUrl !== false) { |
50 | 51 |
$aWbUrl['host'] = isset($aWbUrl['host']) ? $aWbUrl['host'] : ''; |
51 | 52 |
$aWbUrl['path'] = isset($aWbUrl['path']) ? $aWbUrl['path'] : ''; |
52 | 53 |
if (strpos($aRefUrl['host'].$aRefUrl['path'], |
53 | 54 |
$aWbUrl['host'].$aWbUrl['path']) !== false) { |
54 | 55 |
$aRefUrl['path'] = preg_replace('#^'.$aWbUrl['path'].'#i', '', $aRefUrl['path']); |
55 |
$sTmpReferer = WB_URL.$aRefUrl['path'].$aRefUrl['fragment'];
|
|
56 |
$sTmpReferer = $sWbUrl.$aRefUrl['path'].$aRefUrl['fragment'];
|
|
56 | 57 |
} |
57 | 58 |
unset($aWbUrl); |
58 | 59 |
} |
... | ... | |
65 | 66 |
* Set constants for system/install values |
66 | 67 |
* @throws RuntimeException |
67 | 68 |
*/ |
68 |
function SetInstallPathConstants() { |
|
69 |
function initSetInstallPathConstants() {
|
|
69 | 70 |
if(!defined('DEBUG')){ define('DEBUG', false); } // normaly set in config file |
70 | 71 |
if(!defined('ADMIN_DIRECTORY')){ define('ADMIN_DIRECTORY', 'admin'); } |
71 | 72 |
if(!preg_match('/xx[a-z0-9_][a-z0-9_\-\.]+/i', 'xx'.ADMIN_DIRECTORY)) { |
72 | 73 |
throw new RuntimeException('Invalid admin-directory: ' . ADMIN_DIRECTORY); |
73 | 74 |
} |
74 | 75 |
if(!defined('WB_PATH')){ define('WB_PATH', dirname(dirname(__FILE__))); } |
75 |
if(!defined('ADMIN_URL')){ define('ADMIN_URL', WB_URL.'/'.ADMIN_DIRECTORY); }
|
|
76 |
if(!defined('ADMIN_URL')){ define('ADMIN_URL', rtrim(WB_URL, '/\\').'/'.ADMIN_DIRECTORY); }
|
|
76 | 77 |
if(!defined('ADMIN_PATH')){ define('ADMIN_PATH', WB_PATH.'/'.ADMIN_DIRECTORY); } |
77 | 78 |
if(!defined('WB_REL')){ |
78 | 79 |
$x1 = parse_url(WB_URL); |
... | ... | |
80 | 81 |
} |
81 | 82 |
if(!defined('ADMIN_REL')){ define('ADMIN_REL', WB_REL.'/'.ADMIN_DIRECTORY); } |
82 | 83 |
if(!defined('DOCUMENT_ROOT')) { |
83 |
define('DOCUMENT_ROOT', preg_replace('/'.preg_quote(str_replace('\\', '/', WB_REL), '/').'$/', '', str_replace('\\', '/', WB_PATH))); |
|
84 |
// creating $_SERVER['DOCUMENT_ROOT'] for Windows IIS Server |
|
85 |
$_SERVER['DOCUMENT_ROOT'] = DOCUMENT_ROOT; |
|
84 |
define('DOCUMENT_ROOT', preg_replace('/'.preg_quote(str_replace('\\', '/', WB_REL), '/').'$/', '', str_replace('\\', '/', WB_PATH))); |
|
85 |
$_SERVER['DOCUMENT_ROOT'] = DOCUMENT_ROOT; |
|
86 | 86 |
} |
87 | 87 |
if(!defined('TMP_PATH')){ define('TMP_PATH', WB_PATH.'/temp'); } |
88 | 88 |
} |
89 | 89 |
/** |
90 |
* Read DB settings from configuration file |
|
91 |
* @return string |
|
90 |
* checkValidCaller |
|
91 |
* @param array $aCaller list of allowed scripts |
|
92 |
* @return true || Exception |
|
92 | 93 |
* @throws RuntimeException |
93 |
* |
|
94 |
* @description test if acctual file is called from one of the given list
|
|
94 | 95 |
*/ |
95 |
function readConfiguration($sRetvalType = 'url') {
|
|
96 |
// check for valid file request. Becomes more stronger in next version
|
|
96 |
function initCheckValidCaller(array $aCaller)
|
|
97 |
{
|
|
97 | 98 |
$x = debug_backtrace(); |
98 |
$bValidRequest = false;
|
|
99 |
if(sizeof($x) != 0) {
|
|
100 |
foreach($x as $aStep) {
|
|
101 |
// define the scripts which can read the configuration
|
|
102 |
if(preg_match('/(save.php|index.php|config.php|upgrade-script.php)$/si', $aStep['file'])) {
|
|
103 |
$bValidRequest = true;
|
|
104 |
break;
|
|
105 |
}
|
|
99 |
if(sizeof($x) == 0) {
|
|
100 |
return true;
|
|
101 |
}
|
|
102 |
$sPattern = '/('.str_replace('#', '|', preg_quote(implode('#', $aCaller), '/')).')$/si';
|
|
103 |
foreach($x as $aStep) {
|
|
104 |
// define the scripts which can read the configuration
|
|
105 |
if(preg_match($sPattern, $aStep['file'])) {
|
|
106 |
return true;
|
|
106 | 107 |
} |
107 |
} else { |
|
108 |
$bValidRequest = true; |
|
109 | 108 |
} |
110 |
if(!$bValidRequest) { |
|
111 |
throw new RuntimeException('illegal function request!'); |
|
112 |
} |
|
113 |
$aRetval = array(); |
|
109 |
throw new RuntimeException('illegal file request!'); |
|
110 |
} |
|
111 |
/** |
|
112 |
* Read DB settings from configuration file |
|
113 |
* @return array |
|
114 |
* @throws RuntimeException |
|
115 |
* |
|
116 |
*/ |
|
117 |
function initReadSetupFile() |
|
118 |
{ |
|
119 |
// check for valid file request. Becomes more stronger in next version |
|
120 |
initCheckValidCaller(array('save.php','index.php','config.php','upgrade-script.php')); |
|
121 |
$aCfg = array(); |
|
122 |
|
|
114 | 123 |
$sSetupFile = dirname(dirname(__FILE__)).'/setup.ini.php'; |
115 | 124 |
if(is_readable($sSetupFile)) { |
116 | 125 |
$aCfg = parse_ini_file($sSetupFile, true); |
... | ... | |
120 | 129 |
$value = filter_var($value, FILTER_VALIDATE_BOOLEAN); |
121 | 130 |
if(!defined('DEBUG')) { define('DEBUG', $value); } |
122 | 131 |
break; |
123 |
case 'WB_URL': |
|
132 |
case 'WB_URL': // << case is set deprecated
|
|
124 | 133 |
case 'AppUrl': |
125 | 134 |
$value = trim(str_replace('\\', '/', $value), '/'); |
126 | 135 |
if(!defined('WB_URL')) { define('WB_URL', $value); } |
127 | 136 |
break; |
128 |
case 'ADMIN_DIRECTORY': |
|
137 |
case 'ADMIN_DIRECTORY': // << case is set deprecated
|
|
129 | 138 |
case 'AcpDir': |
130 | 139 |
$value = trim(str_replace('\\', '/', $value), '/'); |
131 | 140 |
if(!defined('ADMIN_DIRECTORY')) { define('ADMIN_DIRECTORY', $value); } |
... | ... | |
135 | 144 |
break; |
136 | 145 |
endswitch; |
137 | 146 |
} |
138 |
$db = $aCfg['DataBase']; |
|
139 |
$db['type'] = isset($db['type']) ? $db['type'] : 'mysql'; |
|
140 |
$db['user'] = isset($db['user']) ? $db['user'] : 'foo'; |
|
141 |
$db['pass'] = isset($db['pass']) ? $db['pass'] : 'bar'; |
|
142 |
$db['host'] = isset($db['host']) ? $db['host'] : 'localhost'; |
|
143 |
$db['port'] = isset($db['port']) ? $db['port'] : '3306'; |
|
144 |
$db['port'] = ($db['port'] != '3306') ? $db['port'] : ''; |
|
145 |
$db['name'] = isset($db['name']) ? $db['name'] : 'dummy'; |
|
146 |
$db['charset'] = isset($db['charset']) ? trim($db['charset']) : ''; |
|
147 |
$db['table_prefix'] = (isset($db['table_prefix']) ? $db['table_prefix'] : ''); |
|
148 |
if(!defined('TABLE_PREFIX')) { define('TABLE_PREFIX', $db['table_prefix']); } |
|
149 |
if($sRetvalType == 'dsn') { |
|
150 |
$aRetval[0] = $db['type'].':dbname='.$db['name'].';host='.$db['host'].';' |
|
151 |
. ($db['port'] != '' ? 'port='.(int)$db['port'].';' : ''); |
|
152 |
$aRetval[1] = array('CHARSET' => $db['charset'], 'TABLE_PREFIX' => $db['table_prefix']); |
|
153 |
$aRetval[2] = array( 'user' => $db['user'], 'pass' => $db['pass']); |
|
154 |
}else { // $sRetvalType == 'url' |
|
155 |
$aRetval[0] = $db['type'].'://'.$db['user'].':'.$db['pass'].'@' |
|
156 |
. $db['host'].($db['port'] != '' ? ':'.$db['port'] : '').'/'.$db['name'] |
|
157 |
. '?Charset='.$db['charset'].'&TablePrefix='.$db['table_prefix']; |
|
158 |
} |
|
159 |
unset($db, $aCfg); |
|
160 |
return $aRetval; |
|
161 | 147 |
} |
162 |
throw new RuntimeException('unable to read setup.ini.php'); |
|
148 |
return $aCfg; |
|
149 |
// throw new RuntimeException('unable to read setup.ini.php'); |
|
163 | 150 |
} |
151 |
/** |
|
152 |
* GetDbConnectData |
|
153 |
* @param array $aCfg |
|
154 |
* @param string $sDbConnectType can be 'url' or 'dsn' |
|
155 |
* @return array |
|
156 |
* |
|
157 |
*/ |
|
158 |
function initGetDbConnectData(array $aCfg, $sDbConnectType = 'url') |
|
159 |
{ |
|
160 |
if(defined('DB_TYPE')) |
|
161 |
{ |
|
162 |
// import constants for compatibility reasons |
|
163 |
$db = array(); |
|
164 |
if(defined('DB_TYPE')) { $db['type'] = DB_TYPE; } |
|
165 |
if(defined('DB_USERNAME')) { $db['user'] = DB_USERNAME; } |
|
166 |
if(defined('DB_PASSWORD')) { $db['pass'] = DB_PASSWORD; } |
|
167 |
if(defined('DB_HOST')) { $db['host'] = DB_HOST; } |
|
168 |
if(defined('DB_PORT')) { $db['port'] = DB_PORT; } |
|
169 |
if(defined('DB_NAME')) { $db['name'] = DB_NAME; } |
|
170 |
if(defined('DB_CHARSET')) { $db['charset'] = DB_CHARSET; } |
|
171 |
if(defined('TABLE_PREFIX')) { $db['table_prefix'] = TABLE_PREFIX; } |
|
172 |
$aCfg['DataBase'] = $db; |
|
173 |
} |
|
174 |
// sanitize values |
|
175 |
$db = $aCfg['DataBase']; |
|
176 |
$db['type'] = isset($db['type']) ? $db['type'] : 'mysql'; |
|
177 |
$db['user'] = isset($db['user']) ? $db['user'] : 'foo'; |
|
178 |
$db['pass'] = isset($db['pass']) ? $db['pass'] : 'bar'; |
|
179 |
$db['host'] = isset($db['host']) ? $db['host'] : 'localhost'; |
|
180 |
$db['port'] = isset($db['port']) ? $db['port'] : '3306'; |
|
181 |
$db['port'] = ($db['port'] != '3306') ? $db['port'] : ''; |
|
182 |
$db['name'] = isset($db['name']) ? $db['name'] : 'dummy'; |
|
183 |
$db['charset'] = isset($db['charset']) ? trim($db['charset']) : 'utf8'; |
|
184 |
$db['table_prefix'] = (isset($db['table_prefix']) ? $db['table_prefix'] : ''); |
|
185 |
if(!defined('TABLE_PREFIX')) { define('TABLE_PREFIX', $db['table_prefix']); } |
|
186 |
if($sDbConnectType == 'dsn') { |
|
187 |
// build dsn to connect |
|
188 |
$aRetval[0] = $db['type'].':dbname='.$db['name'].';host='.$db['host'].';' |
|
189 |
. ($db['port'] != '' ? 'port='.(int)$db['port'].';' : ''); |
|
190 |
$aRetval[1] = array('CHARSET' => $db['charset'], 'TABLE_PREFIX' => $db['table_prefix']); |
|
191 |
$aRetval[2] = array( 'user' => $db['user'], 'pass' => $db['pass']); |
|
192 |
}else { |
|
193 |
// build url to connect |
|
194 |
$aRetval[0] = $db['type'].'://'.$db['user'].':'.$db['pass'].'@' |
|
195 |
. $db['host'].($db['port'] != '' ? ':'.$db['port'] : '').'/'.$db['name'] |
|
196 |
. '?Charset='.$db['charset'].'&TablePrefix='.$db['table_prefix']; |
|
197 |
} |
|
198 |
return $aRetval; |
|
199 |
} |
|
200 |
|
|
164 | 201 |
/* *************************************************************************************** |
165 | 202 |
* Start initialization * |
166 | 203 |
****************************************************************************************/ |
167 | 204 |
// initialize debug evaluation values --- |
168 |
$sDbConnectType = 'url'; // depending from class WbDatabase it can be 'url' or 'dsn' |
|
169 | 205 |
$starttime = array_sum(explode(" ",microtime())); |
170 | 206 |
$iPhpDeclaredClasses = sizeof(get_declared_classes()); |
207 |
$sDbConnectType = 'url'; // depending from class WbDatabase it can be 'url' or 'dsn' |
|
171 | 208 |
// disable all kind of magic_quotes in PHP versions before 5.4 --- |
172 | 209 |
if(version_compare(PHP_VERSION, '5.4.0', '<')) { |
173 |
if(get_magic_quotes_gpc() || get_magic_quotes_runtime()) { |
|
174 |
@ini_set('magic_quotes_sybase', 0); |
|
175 |
@ini_set('magic_quotes_gpc', 0); |
|
176 |
@ini_set('magic_quotes_runtime', 0); |
|
177 |
} |
|
210 |
@set_magic_quotes_runtime(0); |
|
178 | 211 |
} |
179 |
// load db configuration --- |
|
180 |
if(defined('DB_TYPE')) { |
|
181 |
$sTmp = ($sTmp=((defined('DB_PORT') && DB_PORT !='') ? DB_PORT : '')) ? ':'.$sTmp : ''; |
|
182 |
$sTmp = DB_TYPE.'://'.DB_USERNAME.':'.DB_PASSWORD.'@'.DB_HOST.$sTmp.'/'.DB_NAME.'?Charset='; |
|
183 |
$sTmp .= (defined('DB_CHARSET') ? DB_CHARSET : '').'&TablePrefix='.TABLE_PREFIX; |
|
184 |
$aSqlData = array( 0 => $sTmp); |
|
185 |
}else { |
|
186 |
$aSqlData = readConfiguration($sDbConnectType); |
|
187 |
} |
|
188 |
SetInstallPathConstants(); |
|
212 |
// load configuration --- |
|
213 |
$aCfg = initReadSetupFile(); |
|
189 | 214 |
// sanitize $_SERVER['HTTP_REFERER'] --- |
190 |
SanitizeHttpReferer(WB_URL); |
|
215 |
initSetInstallPathConstants(); |
|
216 |
initSanitizeHttpReferer(WB_URL); |
|
191 | 217 |
// register WB basic autoloader --- |
192 | 218 |
$sTmp = dirname(__FILE__).'/WbAutoloader.php'; |
193 | 219 |
if(!class_exists('WbAutoloader')){ |
194 | 220 |
include($sTmp); |
195 | 221 |
} |
196 | 222 |
WbAutoloader::doRegister(array(ADMIN_DIRECTORY=>'a', 'modules'=>'m')); |
223 |
// instantiate and initialize adaptor for temporary registry replacement --- |
|
224 |
WbAdaptor::getInstance()->getWbConstants(); |
|
197 | 225 |
// register TWIG autoloader --- |
198 | 226 |
$sTmp = dirname(dirname(__FILE__)).'/include/Sensio/Twig/lib/Twig/Autoloader.php'; |
199 | 227 |
if(!class_exists('Twig_Autoloader')) { |
... | ... | |
205 | 233 |
include(dirname(__FILE__).'/globalExceptionHandler.php'); |
206 | 234 |
} |
207 | 235 |
// --------------------------- |
236 |
// get Database connection data from configuration |
|
237 |
$aSqlData = initGetDbConnectData($aCfg, $sDbConnectType); |
|
208 | 238 |
// Create global database instance --- |
209 |
$database = WbDatabase::getInstance(); |
|
239 |
$oDb = $database = WbDatabase::getInstance();
|
|
210 | 240 |
if($sDbConnectType == 'dsn') { |
211 |
$bTmp = $database->doConnect($aSqlData[0], $aSqlData[1]['user'], $aSqlData[1]['pass'], $aSqlData[2]);
|
|
241 |
$bTmp = $oDb->doConnect($aSqlData[0], $aSqlData[1]['user'], $aSqlData[1]['pass'], $aSqlData[2]);
|
|
212 | 242 |
}else { |
213 |
$bTmp = $database->doConnect($aSqlData[0]);
|
|
243 |
$bTmp = $oDb->doConnect($aSqlData[0]);
|
|
214 | 244 |
} |
215 |
unset($aSqlData); |
|
245 |
// remove critical data from memory |
|
246 |
unset($aSqlData, $aCfg); |
|
247 |
|
|
248 |
if(!defined('TABLE_PREFIX')) { define('TABLE_PREFIX', $oDb->TablePrefix); } |
|
249 |
|
|
216 | 250 |
// load global settings from database and define global consts from --- |
217 | 251 |
$sql = 'SELECT `name`, `value` FROM `'.TABLE_PREFIX.'settings`'; |
218 | 252 |
if(($oSettings = $database->query($sql))) { |
... | ... | |
333 | 367 |
} |
334 | 368 |
/** end of deprecated part **/ |
335 | 369 |
// instantiate and initialize adaptor for temporary registry replacement --- |
336 |
if(class_exists('WbAdaptor')) { |
|
337 |
WbAdaptor::getInstance()->getWbConstants(); |
|
338 |
} |
|
370 |
WbAdaptor::getInstance()->getWbConstants(); |
|
339 | 371 |
// load and activate new global translation table |
340 | 372 |
Translate::getInstance()->initialize('en', |
341 | 373 |
(defined('DEFAULT_LANGUAGE') ? DEFAULT_LANGUAGE : ''), |
342 | 374 |
(defined('LANGUAGE') ? LANGUAGE : ''), |
343 | 375 |
'WbOldStyle', |
344 |
(DEBUG ? Translate::CACHE_DISABLED|Translate::KEEP_MISSING : 0) |
|
376 |
(Translate::CACHE_DISABLED|Translate::KEEP_MISSING) |
|
377 |
// (DEBUG ? Translate::CACHE_DISABLED|Translate::KEEP_MISSING : 0) |
|
345 | 378 |
); |
346 | 379 |
if(!class_exists('PasswordHash', false)) { include(WB_PATH.'/include/phpass/PasswordHash.php'); } |
347 | 380 |
$oPass = Password::getInstance(new PasswordHash(Password::CRYPT_LOOPS_DEFAULT, Password::HASH_TYPE_AUTO)); |
348 | 381 |
if(defined('PASSWORD_CRYPT_LOOPS')) { $oPass->setIteration(PASSWORD_CRYPT_LOOPS); } |
349 | 382 |
if(defined('PASSWORD_HASH_TYPES')) { $oPass->setHashType(PASSWORD_HASH_TYPES); } |
350 | 383 |
// *** END OF FILE *********************************************************************** |
351 |
|
|
384 |
|
Also available in: Unified diff
! update initialize.php for secure use of setup.ini.php