From b5e9523eea6a646a351d52f186c9b76156f1665c Mon Sep 17 00:00:00 2001
From: Oldperl <44996956+oldperl@users.noreply.github.com>
Date: Thu, 6 Jul 2017 09:57:53 +0000
Subject: [PATCH] fixed FS#171; added cSecurity class
---
conlite/classes/class.security.php | 114 +-
conlite/classes/class.ui.php | 2257 ++++++++---------
.../classes/widgets/class.widgets.page.php | 11 -
conlite/includes/functions.general.php | 3 +-
conlite/includes/include.clientsettings.php | 191 +-
conlite/includes/include.systemsettings.php | 178 +-
data/config/production/config.autoloader.php | 2 +-
7 files changed, 1262 insertions(+), 1494 deletions(-)
diff --git a/conlite/classes/class.security.php b/conlite/classes/class.security.php
index db01960..2586f3c 100644
--- a/conlite/classes/class.security.php
+++ b/conlite/classes/class.security.php
@@ -1,4 +1,5 @@
0 && self::isInteger($sValue) == false ) {
+ if (strlen($sValue) > 0 && self::isInteger($sValue) == false) {
throw new Contenido_Security_Exception('Invalid call', $sParamName);
}
}
@@ -368,8 +352,7 @@ class Contenido_Security
* @return bool|void True on success otherwhise nothing.
* @throws Contenido_Security_Exception if contenido parameter in request don't matches the required format
*/
- public static function checkRequestSession()
- {
+ public static function checkRequestSession() {
if (isset($_REQUEST['contenido']) && !preg_match('/^[0-9a-f]{32}$/', $_REQUEST['contenido'])) {
if ($_REQUEST['contenido'] != '') {
throw new Contenido_Security_Exception('Invalid call', 'contenido');
@@ -387,8 +370,7 @@ class Contenido_Security
* @deprecated Use checkRequestSession() instead due to better naming conventions
* @TODO: Should be removed, but later in few years...
*/
- public static function checkSession()
- {
+ public static function checkSession() {
return self::checkRequestSession();
}
@@ -405,15 +387,14 @@ class Contenido_Security
*
* @return void
*/
- public static function checkFrontendGlobals()
- {
+ public static function checkFrontendGlobals() {
global $tmpchangelang, $savedlang, $lang, $changelang, $load_lang, $changeclient, $client, $load_client;
if (isset($tmpchangelang) && is_numeric($tmpchangelang) && $tmpchangelang > 0) {
// savelang is needed to set language before closing the page, see
// {frontend_clientdir}/front_content.php before page_close()
$savedlang = $lang;
- $lang = $tmpchangelang;
+ $lang = $tmpchangelang;
}
// Check basic incomming data
@@ -431,7 +412,7 @@ class Contenido_Security
}
// Change client
- if (isset($changeclient)){
+ if (isset($changeclient)) {
$client = $changeclient;
unset($lang);
unset($load_lang);
@@ -458,8 +439,7 @@ class Contenido_Security
* @param boolean $bUndoAddSlashes Flag for undo addslashes (optional, default: true)
* @return string Converted string
*/
- public static function escapeDB($sString, $oDB = null, $bUndoAddSlashes = true)
- {
+ public static function escapeDB($sString, $oDB = null, $bUndoAddSlashes = true) {
if (!is_object($oDB)) {
return self::escapeString($sString);
} else {
@@ -477,8 +457,7 @@ class Contenido_Security
* @param string $sString Input string
* @return string Converted string
*/
- public static function escapeString($sString)
- {
+ public static function escapeString($sString) {
$sString = (string) $sString;
if (defined('CONTENIDO_STRIPSLASHES')) {
$sString = stripslashes($sString);
@@ -493,8 +472,7 @@ class Contenido_Security
* @param string $sString Input string
* @return string Converted string
*/
- public static function unescapeDB($sString)
- {
+ public static function unescapeDB($sString) {
return stripslashes($sString);
}
diff --git a/conlite/classes/class.ui.php b/conlite/classes/class.ui.php
index d34cbd2..08363be 100644
--- a/conlite/classes/class.ui.php
+++ b/conlite/classes/class.ui.php
@@ -1,4 +1,5 @@
link = $link;
- }
+ function setLink($link) {
+ $this->link = $link;
+ }
- function setJS ($type, $script)
- {
- $this->javascripts[$type] = $script;
- }
+ function setJS($type, $script) {
+ $this->javascripts[$type] = $script;
+ }
- function render()
- {
- global $sess, $cfg;
+ function render() {
+ global $sess, $cfg;
- $tpl = new Template;
+ $tpl = new Template;
- $tpl->reset();
- $tpl->set('s', 'SESSID', $sess->id);
+ $tpl->reset();
+ $tpl->set('s', 'SESSID', $sess->id);
- $scripts = "";
+ $scripts = "";
- if (is_array($this->javascripts))
- {
- foreach ($this->javascripts as $script)
- {
- $scripts .= '';
- }
- }
+ if (is_array($this->javascripts)) {
+ foreach ($this->javascripts as $script) {
+ $scripts .= '';
+ }
+ }
- if (is_object($this->link))
- {
- $tpl->set('s', 'LINK', $this->link->render() . $this->additional);
- } else {
- $tpl->set('s', 'LINK', '');
- }
+ if (is_object($this->link)) {
+ $tpl->set('s', 'LINK', $this->link->render() . $this->additional);
+ } else {
+ $tpl->set('s', 'LINK', '');
+ }
- $tpl->set('s', 'JAVASCRIPTS', $scripts);
- $tpl->set('s', 'CAPTION', $this->caption);
- $tpl->generate($cfg['path']['contenido'] . $cfg['path']['templates'] . $cfg['templates']['generic_left_top']);
+ $tpl->set('s', 'JAVASCRIPTS', $scripts);
+ $tpl->set('s', 'CAPTION', $this->caption);
+ $tpl->generate($cfg['path']['contenido'] . $cfg['path']['templates'] . $cfg['templates']['generic_left_top']);
+ }
-
- }
-
- function setAdditionalContent ($content)
- {
- $this->additional = $content;
- }
+ function setAdditionalContent($content) {
+ $this->additional = $content;
+ }
}
-class UI_Menu
-{
- var $link;
- var $title;
- var $caption;
- var $javascripts;
- var $type;
- var $image;
- var $alt;
- var $actions;
- var $padding;
- var $imagewidth;
- var $extra;
- var $border;
- var $show;
- var $bgColor;
+class UI_Menu {
- function UI_Menu ()
- {
- $this->padding = 2;
- $this->border = 0;
- $this->rowmark = true;
- }
+ var $link;
+ var $title;
+ var $caption;
+ var $javascripts;
+ var $type;
+ var $image;
+ var $alt;
+ var $actions;
+ var $padding;
+ var $imagewidth;
+ var $extra;
+ var $border;
+ var $show;
+ var $bgColor;
- function setTitle ($item, $title)
- {
- $this->title[$item] = $title;
- }
+ function UI_Menu() {
+ $this->padding = 2;
+ $this->border = 0;
+ $this->rowmark = true;
+ }
- function setRowmark ($rowmark = true)
- {
- $this->rowmark = $rowmark;
- }
+ function setTitle($item, $title) {
+ $this->title[$item] = $title;
+ }
- function setImage ($item, $image, $maxwidth = 0)
- {
- $this->image[$item] = $image;
- $this->imagewidth[$item] = $maxwidth;
- $this->show[$item] = $show;
- }
+ function setRowmark($rowmark = true) {
+ $this->rowmark = $rowmark;
+ }
- function setExtra ($item, $extra)
- {
- $this->extra[$item] = $extra;
- }
+ function setImage($item, $image, $maxwidth = 0) {
+ $this->image[$item] = $image;
+ $this->imagewidth[$item] = $maxwidth;
+ $this->show[$item] = $show;
+ }
- function setLink ($item, $link)
- {
- $this->link[$item] = $link;
- }
+ function setExtra($item, $extra) {
+ $this->extra[$item] = $extra;
+ }
- function setActions ($item, $key, $action)
- {
- $this->actions[$item][$key] = $action;
- }
+ function setLink($item, $link) {
+ $this->link[$item] = $link;
+ }
- function setPadding ($padding)
- {
- $this->padding = $padding;
- }
+ function setActions($item, $key, $action) {
+ $this->actions[$item][$key] = $action;
+ }
- function setBorder ($border)
- {
- $this->border = $border;
- }
+ function setPadding($padding) {
+ $this->padding = $padding;
+ }
- function setBgColor($item, $bgColor)
- {
- $this->bgColor[$item] = $bgColor;
+ function setBorder($border) {
+ $this->border = $border;
+ }
- }
+ function setBgColor($item, $bgColor) {
+ $this->bgColor[$item] = $bgColor;
+ }
- function render($print = true)
- {
- global $sess, $cfg;
+ function render($print = true) {
+ global $sess, $cfg;
- $tpl = new Template;
+ $tpl = new Template;
- $tpl->reset();
- $tpl->set('s', 'SID', $sess->id);
+ $tpl->reset();
+ $tpl->set('s', 'SID', $sess->id);
- $scripts = "";
+ $scripts = "";
- if (is_array($this->javascripts))
- {
+ if (is_array($this->javascripts)) {
- foreach ($this->javascripts as $script)
- {
- $scripts .= '';
- }
- }
+ foreach ($this->javascripts as $script) {
+ $scripts .= '';
+ }
+ }
- #echo '
Debug (B.A.): ' . $scripts;
- $tpl->set('s', 'JSACTIONS', $scripts);
- $tpl->set('s', 'CELLPADDING', $this->padding);
- $tpl->set('s', 'BORDER', $this->border);
- $tpl->set('s', 'BORDERCOLOR', $cfg['color']['table_border']);
+ #echo '
Debug (B.A.): ' . $scripts;
+ $tpl->set('s', 'JSACTIONS', $scripts);
+ $tpl->set('s', 'CELLPADDING', $this->padding);
+ $tpl->set('s', 'BORDER', $this->border);
+ $tpl->set('s', 'BORDERCOLOR', $cfg['color']['table_border']);
- if (is_array($this->link)) {
-
- $dark = false;
-
- foreach ($this->link as $key => $value) {
- if ($value != NULL)
- {
- if ($this->imagewidth[$key] != 0)
- {
- $value->setContent('');
- $img = $value->render();
- }
- else
- {
- $value->setContent('');
- $img = $value->render();
- }
- $value->setContent($this->title[$key]);
- $link = $value->render();
- } else {
- $link = $this->title[$key];
+ if (is_array($this->link)) {
- if ($this->image[$key] != "")
- {
- if ($this->imagewidth[$key] != 0)
- {
- $img = '';
- } else {
- $img = '';
- }
- } else {
- $img = " ";
- }
- }
+ $dark = false;
- if(isset($this->bgColor[$key])) {
- $bgColor = $this->bgColor[$key];
- } else {
- $dark = !$dark;
- if ($dark) {
- $bgColor = $cfg["color"]["table_dark"];
- } else {
- $bgColor = $cfg["color"]["table_light"];
- }
+ foreach ($this->link as $key => $value) {
+ if ($value != NULL) {
+ if ($this->imagewidth[$key] != 0) {
+ $value->setContent('');
+ $img = $value->render();
+ } else {
+ $value->setContent('');
+ $img = $value->render();
+ }
+ $value->setContent($this->title[$key]);
+ $link = $value->render();
+ } else {
+ $link = $this->title[$key];
- if (isset($_GET['idworkflow']) && $_GET['idworkflow'] == $value) {
- //$mlist->setExtra($iMenu, 'id="marked" ');
- $bgColor = $cfg["color"]["table_light_active"];
- }
+ if ($this->image[$key] != "") {
+ if ($this->imagewidth[$key] != 0) {
+ $img = '';
+ } else {
+ $img = '';
+ }
+ } else {
+ $img = " ";
+ }
+ }
- if ($this->extra[$key] == 'id="marked" ') {
- $bgColor = $cfg["color"]["table_light_active"];
- }
- }
+ if (isset($this->bgColor[$key])) {
+ $bgColor = $this->bgColor[$key];
+ } else {
+ $dark = !$dark;
+ if ($dark) {
+ $bgColor = $cfg["color"]["table_dark"];
+ } else {
+ $bgColor = $cfg["color"]["table_light"];
+ }
- $tpl->set('d', 'NAME', $link);
+ if (isset($_GET['idworkflow']) && $_GET['idworkflow'] == $value) {
+ //$mlist->setExtra($iMenu, 'id="marked" ');
+ $bgColor = $cfg["color"]["table_light_active"];
+ }
- if ($this->image[$key] == "")
- {
- $tpl->set('d', 'ICON', '');
- }
- else
- {
- $tpl->set('d', 'ICON', $img);
+ if ($this->extra[$key] == 'id="marked" ') {
+ $bgColor = $cfg["color"]["table_light_active"];
+ }
+ }
+
+ $tpl->set('d', 'NAME', $link);
+
+ if ($this->image[$key] == "") {
+ $tpl->set('d', 'ICON', '');
+ } else {
+ $tpl->set('d', 'ICON', $img);
+ }
+
+ if ($this->extra[$key] != "" || $this->rowmark == true) {
+ $extraadd = "";
+
+ if ($this->rowmark == true) {
+ $extraadd = 'onmouseover="row.over(this)" onmouseout="row.out(this)" onclick="row.click(this)"';
+ #echo '
Debug(B.A): ' . $extraadd;
+ }
+ $tpl->set('d', 'EXTRA', $this->extra[$key] . $extraadd);
+ } else {
+ $tpl->set('d', 'EXTRA', '');
+ }
+
+ $fullactions = "";
+ if (is_array($this->actions[$key])) {
+
+ $fullactions = '
';
+
+ foreach ($this->actions[$key] as $key => $singleaction) {
+ $fullactions .= '' . $singleaction . ' | ';
+ }
+
+ $fullactions .= '
';
+ }
+
+ $tpl->set('d', 'ACTIONS', $fullactions);
+ $tpl->set('d', 'BGCOLOR', $bgColor);
+ $tpl->next();
+ }
+ }
+ $rendered = $tpl->generate($cfg['path']['contenido'] . $cfg['path']['templates'] . $cfg['templates']['generic_menu'], true);
+
+ if ($print == true) {
+ echo $rendered;
+ } else {
+ return $rendered;
+ }
+ }
+
+}
+
+class UI_Table_Form {
+
+ var $items;
+ var $captions;
+ var $id;
+ var $rownames;
+ var $itemType;
+ var $formname;
+ var $formmethod;
+ var $formaction;
+ var $formvars;
+ var $tableid;
+ var $tablebordercolor;
+ var $header;
+ var $cancelLink;
+ var $submitjs;
+ var $accesskey;
+ var $width;
+
+ function UI_Table_Form($name, $action = "", $method = "post") {
+ global $sess, $cfg;
+
+ $this->formname = $name;
+
+ if ($action == "") {
+ $this->formaction = "main.php";
+ } else {
+ $this->formaction = $action;
+ }
+
+ $this->formmethod = $method;
+
+ $this->tableid = "";
+ $this->tablebordercolor = $cfg['color']['table_border'];
+ $this->setAccessKey('s');
+ $this->custom = array();
+
+ $this->setActionButton("submit", $cfg['path']['contenido_fullhtml'] . "images/but_ok.gif", i18n("Save changes"), "s");
+ }
+
+ function setWidth($width) {
+ $this->width = $width;
+ }
+
+ function setVar($name, $value) {
+ $this->formvars[$name] = $value;
+ }
+
+ function add($caption, $field, $rowname = "", $style = "") {
+ $n = "";
+
+ if (is_array($field)) {
+
+ foreach ($field as $value) {
+ if (is_object($value) && method_exists($value, "render")) {
+ $n .= $value->render();
+ } else {
+ $n .= $value;
+ }
}
- if ($this->extra[$key] != "" || $this->rowmark == true)
- {
- $extraadd = "";
+ $field = $n;
+ }
+ if (is_object($field) && method_exists($field, "render")) {
+ $n = $field->render();
+ $field = $n;
+ }
+ if ($field == "") {
+ $field = " ";
+ }
- if ($this->rowmark == true)
- {
- $extraadd = 'onmouseover="row.over(this)" onmouseout="row.out(this)" onclick="row.click(this)"';
- #echo '
Debug(B.A): ' . $extraadd;
- }
- $tpl->set('d', 'EXTRA', $this->extra[$key] . $extraadd);
- } else {
- $tpl->set('d', 'EXTRA', '');
- }
+ if ($caption == "") {
+ $caption = " ";
+ }
- $fullactions = "";
- if (is_array($this->actions[$key]))
- {
+ $this->id++;
+ $this->items[$this->id] = $field;
+ $this->captions[$this->id] = $caption;
- $fullactions = '';
+ if ($rowname == "") {
+ $rowname = $this->id;
+ }
- foreach ($this->actions[$key] as $key => $singleaction)
- {
- $fullactions .= ''.$singleaction.' | ';
- }
+ $this->rownames[$this->id] = $rowname;
- $fullactions .= '
';
- }
+ $this->styles[$this->id] = $style;
+ }
- $tpl->set('d', 'ACTIONS', $fullactions);
- $tpl->set('d', 'BGCOLOR', $bgColor);
- $tpl->next();
- }
+ function addCancel($link) {
+ $this->cancelLink = $link;
+ }
- }
- $rendered = $tpl->generate($cfg['path']['contenido'] . $cfg['path']['templates'] . $cfg['templates']['generic_menu'],true);
+ function addHeader($header) {
+ $this->header = $header;
+ }
- if ($print == true)
- {
- echo $rendered;
- } else {
- return $rendered;
- }
- }
+ function addSubHeader($header) {
+ $this->id++;
+ $this->items[$this->id] = '';
+ $this->captions[$this->id] = $header;
+ $this->itemType[$this->id] = 'subheader';
+ }
-}
+ function setSubmitJS($js) {
+ $this->submitjs = $js;
+ }
-class UI_Table_Form
-{
- var $items;
- var $captions;
- var $id;
- var $rownames;
- var $itemType;
+ function setAccessKey($key) {
+ $this->accessKey = $key;
+ }
- var $formname;
- var $formmethod;
- var $formaction;
- var $formvars;
+ function setActionEvent($id, $event) {
+ $this->custom[$id]["event"] = $event;
+ }
- var $tableid;
- var $tablebordercolor;
+ function setActionButton($id, $image, $description = "", $accesskey = false, $action = false) {
+ $this->custom[$id]["image"] = $image;
+ $this->custom[$id]["type"] = "actionsetter";
+ $this->custom[$id]["action"] = $action;
+ $this->custom[$id]["description"] = $description;
+ $this->custom[$id]["accesskey"] = $accesskey;
+ $this->custom[$id]["event"] = "";
+ }
- var $header;
- var $cancelLink;
- var $submitjs;
+ function setConfirm($id, $title, $description) {
+ $this->custom[$id]["confirmtitle"] = $title;
+ $this->custom[$id]["confirmdescription"] = $description;
+ }
- var $accesskey;
- var $width;
+ function unsetActionButton($id) {
+ unset($this->custom[$id]);
+ }
+ function render($return = true) {
+ global $sess, $cfg;
- function UI_Table_Form ($name, $action = "", $method = "post")
- {
- global $sess, $cfg;
+ $tpl = new Template;
- $this->formname = $name;
+ $extra = "";
- if ($action == "")
- {
- $this->formaction = "main.php";
- } else {
- $this->formaction = $action;
- }
+ if ($this->submitjs != "") {
+ $fextra = 'onsubmit="' . $this->submitjs . '"';
+ } else {
+ $fextra = "";
+ }
- $this->formmethod = $method;
+ $form = '