Merge branch 'hotfix/issue#16'
Dieser Commit ist enthalten in:
Commit
5175025b58
|
@ -1,4 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Project:
|
* Project:
|
||||||
* Contenido Content Management System
|
* Contenido Content Management System
|
||||||
|
@ -28,7 +29,6 @@
|
||||||
* }}
|
* }}
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (!defined('CON_FRAMEWORK')) {
|
if (!defined('CON_FRAMEWORK')) {
|
||||||
die('Illegal call');
|
die('Illegal call');
|
||||||
}
|
}
|
||||||
|
@ -53,7 +53,6 @@ function modEditModule($idmod, $name, $description, $input, $output, $template,
|
||||||
/**
|
/**
|
||||||
* END TRACK VERSION
|
* END TRACK VERSION
|
||||||
* */
|
* */
|
||||||
|
|
||||||
if (!$idmod) {
|
if (!$idmod) {
|
||||||
$cApiModuleCollection = new cApiModuleCollection;
|
$cApiModuleCollection = new cApiModuleCollection;
|
||||||
$cApiModule = $cApiModuleCollection->create($name);
|
$cApiModule = $cApiModuleCollection->create($name);
|
||||||
|
@ -89,15 +88,13 @@ function modEditModule($idmod, $name, $description, $input, $output, $template,
|
||||||
return $idmod;
|
return $idmod;
|
||||||
}
|
}
|
||||||
|
|
||||||
function modDeleteModule($idmod)
|
function modDeleteModule($idmod) {
|
||||||
{
|
|
||||||
# Global vars
|
# Global vars
|
||||||
global $db, $sess, $client, $cfg, $area_tree, $perm;
|
global $db, $sess, $client, $cfg, $area_tree, $perm;
|
||||||
|
|
||||||
$sql = "DELETE FROM " . $cfg["tab"]["mod"] . " WHERE idmod = '" . Contenido_Security::toInteger($idmod) . "' AND idclient = '" . Contenido_Security::toInteger($client) . "'";
|
$sql = "DELETE FROM " . $cfg["tab"]["mod"] . " WHERE idmod = '" . Contenido_Security::toInteger($idmod) . "' AND idclient = '" . Contenido_Security::toInteger($client) . "'";
|
||||||
$db->query($sql);
|
$db->query($sql);
|
||||||
|
|
||||||
|
|
||||||
// delete rights for element
|
// delete rights for element
|
||||||
cInclude("includes", "functions.rights.php");
|
cInclude("includes", "functions.rights.php");
|
||||||
deleteRightsForElement("mod", $idmod);
|
deleteRightsForElement("mod", $idmod);
|
||||||
|
@ -108,21 +105,15 @@ function modDeleteModule($idmod)
|
||||||
// $mode: true if start in php mode, otherwise false
|
// $mode: true if start in php mode, otherwise false
|
||||||
// Returns true or false
|
// Returns true or false
|
||||||
|
|
||||||
function modTestModule ($code, $id, $output = false)
|
function modTestModule($code, $id, $output = false) {
|
||||||
{
|
|
||||||
global $cfg, $modErrorMessage;
|
global $cfg, $modErrorMessage;
|
||||||
|
|
||||||
$magicvalue = 0;
|
$db = new DB_ConLite();
|
||||||
|
|
||||||
$db = new DB_ConLite;
|
|
||||||
|
|
||||||
/* Put a $ in front of all CMS variables
|
|
||||||
to prevent PHP error messages */
|
|
||||||
$sql = "SELECT type FROM " . $cfg["tab"]["type"];
|
$sql = "SELECT type FROM " . $cfg["tab"]["type"];
|
||||||
$db->query($sql);
|
$db->query($sql);
|
||||||
|
|
||||||
while ($db->next_record())
|
while ($db->next_record()) {
|
||||||
{
|
|
||||||
$code = str_replace($db->f("type") . '[', '$' . $db->f("type") . '[', $code);
|
$code = str_replace($db->f("type") . '[', '$' . $db->f("type") . '[', $code);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -131,84 +122,70 @@ function modTestModule ($code, $id, $output = false)
|
||||||
$code = str_replace('CMS_VALUE', '$CMS_VALUE', $code);
|
$code = str_replace('CMS_VALUE', '$CMS_VALUE', $code);
|
||||||
$code = str_replace('CMS_VAR', '$CMS_VAR', $code);
|
$code = str_replace('CMS_VAR', '$CMS_VAR', $code);
|
||||||
|
|
||||||
/* If the module is an output module, escape PHP since
|
if ($output == true) {
|
||||||
all output modules enter php mode */
|
|
||||||
if ($output == true)
|
|
||||||
{
|
|
||||||
$code = "?>\n" . $code . "\n<?php";
|
$code = "?>\n" . $code . "\n<?php";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Looks ugly: Paste a function declarator
|
|
||||||
in front of the code */
|
|
||||||
$code = "function foo" . $id . " () {" . $code;
|
$code = "function foo" . $id . " () {" . $code;
|
||||||
$code .= "\n}\n";
|
$code .= "\n}\n";
|
||||||
|
if (defined('PHP_MAJOR_VERSION') && PHP_MAJOR_VERSION >= 5) {
|
||||||
|
try {
|
||||||
|
eval($code);
|
||||||
|
} catch (ParseError $err) {
|
||||||
|
$modErrorMessage = $err->getMessage() . " (line: " . ($err->getLine() - 1) . ")";
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
/* Set the magic value */
|
} else {
|
||||||
$code .= '$magicvalue = 941;';
|
// To parse the error message, we prepend and append a phperror tag in front of the output
|
||||||
|
|
||||||
/* To parse the error message, we prepend and
|
|
||||||
append a phperror tag in front of the output */
|
|
||||||
$sErs = ini_get("error_prepend_string"); // Save current setting (see below)
|
$sErs = ini_get("error_prepend_string"); // Save current setting (see below)
|
||||||
$sEas = ini_get("error_append_string"); // Save current setting (see below)
|
$sEas = ini_get("error_append_string"); // Save current setting (see below)
|
||||||
@ini_set("error_prepend_string", "<phperror>");
|
@ini_set("error_prepend_string", "<phperror>");
|
||||||
@ini_set("error_append_string", "</phperror>");
|
@ini_set("error_append_string", "</phperror>");
|
||||||
|
|
||||||
/* Turn off output buffering and error reporting, eval the code */
|
// Turn off output buffering and error reporting, eval the code
|
||||||
ob_start();
|
ob_start();
|
||||||
$display_errors = ini_get("display_errors");
|
$display_errors = ini_get("display_errors");
|
||||||
@ini_set("display_errors", true);
|
@ini_set("display_errors", true);
|
||||||
$output = eval($code);
|
$output = eval($code);
|
||||||
@ini_set("display_errors", $display_errors);
|
@ini_set("display_errors", $display_errors);
|
||||||
|
|
||||||
/* Get the buffer contents and turn it on again */
|
// Get the buffer contents and turn it on again
|
||||||
$output = ob_get_contents();
|
$output = ob_get_contents();
|
||||||
ob_end_clean();
|
ob_end_clean();
|
||||||
|
|
||||||
/* Remove the prepend and append settings */
|
|
||||||
/* 19.09.2006: Following lines have been disabled, as ini_restore has been disabled
|
|
||||||
by some hosters as there is a security leak in PHP (PHP <= 5.1.6 & <= 4.4.4) */
|
|
||||||
//ini_restore("error_prepend_string");
|
|
||||||
//ini_restore("error_append_string");
|
|
||||||
@ini_set("error_prepend_string", $sErs); // Restoring settings (see above)
|
@ini_set("error_prepend_string", $sErs); // Restoring settings (see above)
|
||||||
@ini_set("error_append_string", $sEas); // Restoring settings (see above)
|
@ini_set("error_append_string", $sEas); // Restoring settings (see above)
|
||||||
|
|
||||||
/* Strip out the error message */
|
// Strip out the error message
|
||||||
$start = strpos($output, "<phperror>");
|
$start = strpos($output, "<phperror>");
|
||||||
$end = strpos($output, "</phperror>");
|
$end = strpos($output, "</phperror>");
|
||||||
|
|
||||||
/* More stripping: Users shouldnt see where the file
|
// More stripping: Users shouldnt see where the file is located, but they should see the error line
|
||||||
is located, but they should see the error line */
|
if ($start !== false) {
|
||||||
if ($start !== false)
|
|
||||||
{
|
|
||||||
$start = strpos($output, "eval()");
|
$start = strpos($output, "eval()");
|
||||||
|
|
||||||
$modErrorMessage = substr($output, $start, $end - $start);
|
$modErrorMessage = substr($output, $start, $end - $start);
|
||||||
|
|
||||||
/* Kill that HTML formatting */
|
// Kill that HTML formatting
|
||||||
$modErrorMessage = str_replace("<b>", "", $modErrorMessage);
|
$modErrorMessage = str_replace("<b>", "", $modErrorMessage);
|
||||||
$modErrorMessage = str_replace("</b>", "", $modErrorMessage);
|
$modErrorMessage = str_replace("</b>", "", $modErrorMessage);
|
||||||
$modErrorMessage = str_replace("<br>", "", $modErrorMessage);
|
$modErrorMessage = str_replace("<br>", "", $modErrorMessage);
|
||||||
$modErrorMessage = str_replace("<br />", "", $modErrorMessage);
|
$modErrorMessage = str_replace("<br />", "", $modErrorMessage);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* check if there are any php short tags in code, and display error*/
|
// check if there are any php short tags in code, and display error
|
||||||
$bHasShortTags = false;
|
$bHasShortTags = false;
|
||||||
if (preg_match('/<\?\s+/', $code) && $magicvalue == 941) {
|
if (preg_match('/<\?\s+/', $code) && $magicvalue == 941) {
|
||||||
$bHasShortTags = true;
|
$bHasShortTags = true;
|
||||||
$modErrorMessage = i18n('Please do not use short open Tags. (Use <?php instead of <?).');
|
$modErrorMessage = i18n('Please do not use short open Tags. (Use <?php instead of <?).');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($bHasShortTags) {
|
||||||
/* Now, check if the magic value is 941. If not, the function
|
|
||||||
didn't compile */
|
|
||||||
if ($magicvalue != 941 || $bHasShortTags)
|
|
||||||
{
|
|
||||||
return false;
|
return false;
|
||||||
} else {
|
} else {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
?>
|
|
||||||
|
|
Laden…
In neuem Issue referenzieren