GEANT /
CAT
@@ -135,7 +135,7 @@ discard block |
||
| 135 | 135 | sprintf(_("%s: Do not terminate EAP"), \core\ProfileSilverbullet::PRODUCTNAME) => "fed:silverbullet-noterm", |
| 136 | 136 | sprintf(_("%s: max users per profile"), \core\ProfileSilverbullet::PRODUCTNAME) => "fed:silverbullet-maxusers", |
| 137 | 137 | sprintf(_("Mint %s with CA on creation"), $this->nomenclatureIdP) => "fed:minted_ca_file", |
| 138 | - sprintf(_("OpenRoaming: Allow %s Opt-In"),$this->nomenclatureParticipant) => "fed:openroaming", |
|
| 138 | + sprintf(_("OpenRoaming: Allow %s Opt-In"), $this->nomenclatureParticipant) => "fed:openroaming", |
|
| 139 | 139 | _("OpenRoaming: Custom NAPTR Target") => "fed:openroaming_customtarget", |
| 140 | 140 | $ssidText => "media:SSID", |
| 141 | 141 | $passpointOiText => "media:consortium_OI", |
@@ -147,7 +147,7 @@ discard block |
||
| 147 | 147 | $find = array_keys($displayNames, $input, TRUE); |
| 148 | 148 | |
| 149 | 149 | if (count($find) == 0) { // this is an error! throw an Exception |
| 150 | - throw new \Exception("The translation of an option name was requested, but the option is not known to the system: " . htmlentities($input)); |
|
| 150 | + throw new \Exception("The translation of an option name was requested, but the option is not known to the system: ".htmlentities($input)); |
|
| 151 | 151 | } |
| 152 | 152 | \core\common\Entity::outOfThePotatoes(); |
| 153 | 153 | // none of the strings have HTML in them, only translators can provide own text for it -> no threat, but complained about by the security review |
@@ -169,7 +169,7 @@ discard block |
||
| 169 | 169 | |
| 170 | 170 | foreach ($optionlist as $option) { |
| 171 | 171 | $type = $optioninfo->optionType($option['name']); |
| 172 | - if (preg_match('/^' . $class . '/', $option['name']) && $option['level'] == "$level") { |
|
| 172 | + if (preg_match('/^'.$class.'/', $option['name']) && $option['level'] == "$level") { |
|
| 173 | 173 | // all non-multilang attribs get this assignment ... |
| 174 | 174 | $language = ""; |
| 175 | 175 | $content = $option['value']; |
@@ -187,19 +187,19 @@ discard block |
||
| 187 | 187 | $locationMarkers[] = $coords; |
| 188 | 188 | break; |
| 189 | 189 | case "file": |
| 190 | - $retval .= "<tr><td>" . $this->displayName($option['name']) . "</td><td>$language</td><td>"; |
|
| 190 | + $retval .= "<tr><td>".$this->displayName($option['name'])."</td><td>$language</td><td>"; |
|
| 191 | 191 | switch ($option['name']) { |
| 192 | 192 | case "general:logo_file": |
| 193 | 193 | case "fed:logo_file": |
| 194 | - $retval .= $this->previewImageinHTML('ROWID-' . $option['level'] . '-' . $option['row_id']); |
|
| 194 | + $retval .= $this->previewImageinHTML('ROWID-'.$option['level'].'-'.$option['row_id']); |
|
| 195 | 195 | break; |
| 196 | 196 | case "eap:ca_file": |
| 197 | 197 | // fall-through intended: display both the same way |
| 198 | 198 | case "fed:minted_ca_file": |
| 199 | - $retval .= $this->previewCAinHTML('ROWID-' . $option['level'] . '-' . $option['row_id']); |
|
| 199 | + $retval .= $this->previewCAinHTML('ROWID-'.$option['level'].'-'.$option['row_id']); |
|
| 200 | 200 | break; |
| 201 | 201 | case "support:info_file": |
| 202 | - $retval .= $this->previewInfoFileinHTML('ROWID-' . $option['level'] . '-' . $option['row_id']); |
|
| 202 | + $retval .= $this->previewInfoFileinHTML('ROWID-'.$option['level'].'-'.$option['row_id']); |
|
| 203 | 203 | break; |
| 204 | 204 | default: |
| 205 | 205 | } |
@@ -209,10 +209,10 @@ discard block |
||
| 209 | 209 | // do not display the option at all; it gets auto-set by the ProfileSilverbullet constructor and doesn't have to be seen |
| 210 | 210 | break; |
| 211 | 211 | } |
| 212 | - $retval .= "<tr><td>" . $this->displayName($option['name']) . "</td><td>$language</td><td><strong>" . ($content == "on" ? _("on") : _("off") ) . "</strong></td></tr>"; |
|
| 212 | + $retval .= "<tr><td>".$this->displayName($option['name'])."</td><td>$language</td><td><strong>".($content == "on" ? _("on") : _("off"))."</strong></td></tr>"; |
|
| 213 | 213 | break; |
| 214 | 214 | default: |
| 215 | - $retval .= "<tr><td>" . $this->displayName($option['name']) . "</td><td>$language</td><td><strong>$content</strong></td></tr>"; |
|
| 215 | + $retval .= "<tr><td>".$this->displayName($option['name'])."</td><td>$language</td><td><strong>$content</strong></td></tr>"; |
|
| 216 | 216 | } |
| 217 | 217 | } |
| 218 | 218 | } |
@@ -221,11 +221,11 @@ discard block |
||
| 221 | 221 | $locationCount = 0; |
| 222 | 222 | foreach ($locationMarkers as $g) { |
| 223 | 223 | $locationCount++; |
| 224 | - $marker .= '<marker name="' . $locationCount . '" lat="' . $g['lat'] . '" lng="' . $g['lon'] . '" />'; |
|
| 224 | + $marker .= '<marker name="'.$locationCount.'" lat="'.$g['lat'].'" lng="'.$g['lon'].'" />'; |
|
| 225 | 225 | } |
| 226 | 226 | $marker .= '<\/markers>'; // some validator says this should be escaped |
| 227 | 227 | $jMarker = json_encode($locationMarkers); |
| 228 | - $retval .= '<tr><td><script>markers=\'' . $marker . '\'; jmarkers = \'' . $jMarker . '\';</script></td><td></td><td></td></tr>'; |
|
| 228 | + $retval .= '<tr><td><script>markers=\''.$marker.'\'; jmarkers = \''.$jMarker.'\';</script></td><td></td><td></td></tr>'; |
|
| 229 | 229 | } |
| 230 | 230 | \core\common\Entity::outOfThePotatoes(); |
| 231 | 231 | return $retval; |
@@ -241,11 +241,11 @@ discard block |
||
| 241 | 241 | \core\common\Entity::intoThePotatoes(); |
| 242 | 242 | $idpoptions = $myInst->getAttributes(); |
| 243 | 243 | $retval = "<div class='infobox'> |
| 244 | - <h2>" . sprintf(_("General %s details"), $this->nomenclatureParticipant) . "</h2> |
|
| 244 | + <h2>" . sprintf(_("General %s details"), $this->nomenclatureParticipant)."</h2> |
|
| 245 | 245 | <table> |
| 246 | 246 | <tr> |
| 247 | 247 | <td> |
| 248 | - " . _("Country:") . " |
|
| 248 | + " . _("Country:")." |
|
| 249 | 249 | </td> |
| 250 | 250 | <td> |
| 251 | 251 | </td> |
@@ -255,16 +255,16 @@ discard block |
||
| 255 | 255 | $retval .= $myFed->name; |
| 256 | 256 | $retval .= "</strong> |
| 257 | 257 | </td> |
| 258 | - </tr>" . $this->infoblock($idpoptions, "general", "IdP") . " |
|
| 258 | + </tr>" . $this->infoblock($idpoptions, "general", "IdP")." |
|
| 259 | 259 | </table> |
| 260 | 260 | </div>"; |
| 261 | 261 | |
| 262 | 262 | $blocks = [["support", _("Global Helpdesk Details")], ["media", _("Media Properties")]]; |
| 263 | 263 | foreach ($blocks as $block) { |
| 264 | 264 | $retval .= "<div class='infobox'> |
| 265 | - <h2>" . $block[1] . "</h2> |
|
| 265 | + <h2>" . $block[1]."</h2> |
|
| 266 | 266 | <table>" . |
| 267 | - $this->infoblock($idpoptions, $block[0], "IdP") . |
|
| 267 | + $this->infoblock($idpoptions, $block[0], "IdP"). |
|
| 268 | 268 | "</table> |
| 269 | 269 | </div>"; |
| 270 | 270 | } |
@@ -279,12 +279,12 @@ discard block |
||
| 279 | 279 | */ |
| 280 | 280 | private function displaySize(int $number) { |
| 281 | 281 | if ($number > 1024 * 1024) { |
| 282 | - return round($number / 1024 / 1024, 2) . " MiB"; |
|
| 282 | + return round($number / 1024 / 1024, 2)." MiB"; |
|
| 283 | 283 | } |
| 284 | 284 | if ($number > 1024) { |
| 285 | - return round($number / 1024, 2) . " KiB"; |
|
| 285 | + return round($number / 1024, 2)." KiB"; |
|
| 286 | 286 | } |
| 287 | - return $number . " B"; |
|
| 287 | + return $number." B"; |
|
| 288 | 288 | } |
| 289 | 289 | |
| 290 | 290 | /** |
@@ -339,7 +339,7 @@ discard block |
||
| 339 | 339 | $caExpiryTrashhold = \config\ConfAssistant::CERT_WARNINGS['expiry_warning']; |
| 340 | 340 | $rawResult = UIElements::getBlobFromDB($ref['table'], $ref['rowindex'], FALSE); |
| 341 | 341 | if (is_bool($rawResult)) { // we didn't actually get a CA! |
| 342 | - $retval = "<div class='ca-summary'>" . _("There was an error while retrieving the certificate from the database!") . "</div>"; |
|
| 342 | + $retval = "<div class='ca-summary'>"._("There was an error while retrieving the certificate from the database!")."</div>"; |
|
| 343 | 343 | \core\common\Entity::outOfThePotatoes(); |
| 344 | 344 | return $retval; |
| 345 | 345 | } |
@@ -355,8 +355,8 @@ discard block |
||
| 355 | 355 | |
| 356 | 356 | $details['name'] = preg_replace('/(.)\/(.)/', "$1<br/>$2", $details['name']); |
| 357 | 357 | $details['name'] = preg_replace('/\//', "", $details['name']); |
| 358 | - $certstatus = ( $details['root'] == 1 ? "R" : "I"); |
|
| 359 | - $certTooltip = ( $details['root'] == 1 ? _("Root CA") : _("Intermediate CA")); |
|
| 358 | + $certstatus = ($details['root'] == 1 ? "R" : "I"); |
|
| 359 | + $certTooltip = ($details['root'] == 1 ? _("Root CA") : _("Intermediate CA")); |
|
| 360 | 360 | $innerbgColor = "#0000ff"; |
| 361 | 361 | $leftBorderColor = "#00ff00"; |
| 362 | 362 | $message = ""; |
@@ -364,35 +364,35 @@ discard block |
||
| 364 | 364 | $leftBorderColor = "red"; |
| 365 | 365 | $message = _("This is a <strong>SERVER</strong> certificate!"); |
| 366 | 366 | if (\config\ConfAssistant::CERT_GUIDELINES !== '') { |
| 367 | - $message .= "<br/><a target='_blank' href='".\config\ConfAssistant::CERT_GUIDELINES."'>". _("more info")."</a>"; |
|
| 367 | + $message .= "<br/><a target='_blank' href='".\config\ConfAssistant::CERT_GUIDELINES."'>"._("more info")."</a>"; |
|
| 368 | 368 | } |
| 369 | 369 | $message .= "<br/>"; |
| 370 | - $retval = "<div class='ca-summary' style='border-left-color: $leftBorderColor'><div style='position:absolute; right: -15px; width:20px; height:20px; background-color:$innerbgColor; border-radius:10px; text-align: center;'><div style='padding-top:3px; font-weight:bold; color:#ffffff;'>S</div></div>" . $message . $details['name'] . "</div>"; |
|
| 370 | + $retval = "<div class='ca-summary' style='border-left-color: $leftBorderColor'><div style='position:absolute; right: -15px; width:20px; height:20px; background-color:$innerbgColor; border-radius:10px; text-align: center;'><div style='padding-top:3px; font-weight:bold; color:#ffffff;'>S</div></div>".$message.$details['name']."</div>"; |
|
| 371 | 371 | \core\common\Entity::outOfThePotatoes(); |
| 372 | 372 | return $retval; |
| 373 | 373 | } |
| 374 | 374 | $now = time(); |
| 375 | 375 | if ($now + \config\ConfAssistant::CERT_WARNINGS['expiry_critical'] > $details['full_details']['validTo_time_t']) { |
| 376 | 376 | $leftBorderColor = "red"; |
| 377 | - $message = _("Certificate expired!") . "<br>"; |
|
| 378 | - } elseif($now + \config\ConfAssistant::CERT_WARNINGS['expiry_warning'] > $details['full_details']['validTo_time_t'] - $caExpiryTrashhold) { |
|
| 377 | + $message = _("Certificate expired!")."<br>"; |
|
| 378 | + } elseif ($now + \config\ConfAssistant::CERT_WARNINGS['expiry_warning'] > $details['full_details']['validTo_time_t'] - $caExpiryTrashhold) { |
|
| 379 | 379 | if ($leftBorderColor == "#00ff00") { |
| 380 | 380 | $leftBorderColor = "yellow"; |
| 381 | 381 | } |
| 382 | - $message = _("Certificate close to expiry!") . "<br/>"; |
|
| 382 | + $message = _("Certificate close to expiry!")."<br/>"; |
|
| 383 | 383 | } |
| 384 | 384 | |
| 385 | 385 | if ($details['root'] == 1 && $details['basicconstraints_set'] == 0) { |
| 386 | 386 | if ($leftBorderColor == "#00ff00") { |
| 387 | 387 | $leftBorderColor = "yellow"; |
| 388 | 388 | } |
| 389 | - $message .= "<div style='max-width: 25em'><strong>" . _("Improper root certificate, required critical CA extension missing, will not reliably install!") . "</strong>"; |
|
| 389 | + $message .= "<div style='max-width: 25em'><strong>"._("Improper root certificate, required critical CA extension missing, will not reliably install!")."</strong>"; |
|
| 390 | 390 | if (\config\ConfAssistant::CERT_GUIDELINES !== '') { |
| 391 | - $message .= "<br/><a target='_blank' href='".\config\ConfAssistant::CERT_GUIDELINES."'>". _("more info")."</a>"; |
|
| 391 | + $message .= "<br/><a target='_blank' href='".\config\ConfAssistant::CERT_GUIDELINES."'>"._("more info")."</a>"; |
|
| 392 | 392 | } |
| 393 | 393 | $message .= "</div><br/>"; |
| 394 | 394 | } |
| 395 | - $retval = "<div class='ca-summary' style='border-left-color: $leftBorderColor'><div style='position:absolute; right: -15px; width:20px; height:20px; background-color:$innerbgColor; border-radius:10px; text-align: center;'><div title='$certTooltip' style='padding-top:3px; font-weight:bold; color:#ffffff;'>$certstatus</div></div>" . $message . $details['name'] . "<br>" . $this->displayName('eap:ca_vailduntil') . " " . gmdate('Y-m-d H:i:s', $details['full_details']['validTo_time_t']) . " UTC</div>"; |
|
| 395 | + $retval = "<div class='ca-summary' style='border-left-color: $leftBorderColor'><div style='position:absolute; right: -15px; width:20px; height:20px; background-color:$innerbgColor; border-radius:10px; text-align: center;'><div title='$certTooltip' style='padding-top:3px; font-weight:bold; color:#ffffff;'>$certstatus</div></div>".$message.$details['name']."<br>".$this->displayName('eap:ca_vailduntil')." ".gmdate('Y-m-d H:i:s', $details['full_details']['validTo_time_t'])." UTC</div>"; |
|
| 396 | 396 | \core\common\Entity::outOfThePotatoes(); |
| 397 | 397 | return $retval; |
| 398 | 398 | } |
@@ -405,7 +405,7 @@ discard block |
||
| 405 | 405 | */ |
| 406 | 406 | public function previewImageinHTML($imageReference) { |
| 407 | 407 | \core\common\Entity::intoThePotatoes(); |
| 408 | - $retval = "<img style='max-width:150px' src='inc/filepreview.php?id=" . $imageReference . "' alt='" . _("Preview of logo file") . "'/>"; |
|
| 408 | + $retval = "<img style='max-width:150px' src='inc/filepreview.php?id=".$imageReference."' alt='"._("Preview of logo file")."'/>"; |
|
| 409 | 409 | \core\common\Entity::outOfThePotatoes(); |
| 410 | 410 | return $retval; |
| 411 | 411 | } |
@@ -422,13 +422,13 @@ discard block |
||
| 422 | 422 | $ref = $validator->databaseReference($fileReference); |
| 423 | 423 | $fileBlob = UIElements::getBlobFromDB($ref['table'], $ref['rowindex'], FALSE); |
| 424 | 424 | if (is_bool($fileBlob)) { // we didn't actually get a file! |
| 425 | - $retval = "<div class='ca-summary'>" . _("There was an error while retrieving the file from the database!") . "</div>"; |
|
| 425 | + $retval = "<div class='ca-summary'>"._("There was an error while retrieving the file from the database!")."</div>"; |
|
| 426 | 426 | \core\common\Entity::outOfThePotatoes(); |
| 427 | 427 | return $retval; |
| 428 | 428 | } |
| 429 | 429 | $decodedFileBlob = base64_decode($fileBlob); |
| 430 | 430 | $fileinfo = new \finfo(); |
| 431 | - $retval = "<div class='ca-summary'>" . _("File exists") . " (" . $fileinfo->buffer($decodedFileBlob, FILEINFO_MIME_TYPE) . ", " . $this->displaySize(strlen($decodedFileBlob)) . ")<br/><a href='inc/filepreview.php?id=$fileReference'>" . _("Preview") . "</a></div>"; |
|
| 431 | + $retval = "<div class='ca-summary'>"._("File exists")." (".$fileinfo->buffer($decodedFileBlob, FILEINFO_MIME_TYPE).", ".$this->displaySize(strlen($decodedFileBlob)).")<br/><a href='inc/filepreview.php?id=$fileReference'>"._("Preview")."</a></div>"; |
|
| 432 | 432 | \core\common\Entity::outOfThePotatoes(); |
| 433 | 433 | return $retval; |
| 434 | 434 | } |
@@ -585,8 +585,8 @@ discard block |
||
| 585 | 585 | return ""; |
| 586 | 586 | } |
| 587 | 587 | |
| 588 | - $loggerInstance->debug(4, "Consortium logo is at: " . ROOT . "/web/resources/images/consortium_logo_large.png"); |
|
| 589 | - $logogd = imagecreatefrompng(ROOT . "/web/resources/images/consortium_logo_large.png"); |
|
| 588 | + $loggerInstance->debug(4, "Consortium logo is at: ".ROOT."/web/resources/images/consortium_logo_large.png"); |
|
| 589 | + $logogd = imagecreatefrompng(ROOT."/web/resources/images/consortium_logo_large.png"); |
|
| 590 | 590 | if ($logogd === FALSE) { // consortium logo is bogus; don't do anything |
| 591 | 591 | return ""; |
| 592 | 592 | } |
@@ -612,7 +612,7 @@ discard block |
||
| 612 | 612 | imagecolorallocate($whiteimage, 255, 255, 255); |
| 613 | 613 | // also make sure the initial placement is a multitude of 12; otherwise "two half" symbols might be affected |
| 614 | 614 | $targetplacementx = (int) ($symbolsize * round(($sizeinput[0] / 2 - ($targetwidth - $symbolsize + 1) / 2) / $symbolsize)); |
| 615 | - $targetplacementy = (int) ($symbolsize * round(($sizeinput[1] / 2 - ($targetheight - $symbolsize + 1 ) / 2) / $symbolsize)); |
|
| 615 | + $targetplacementy = (int) ($symbolsize * round(($sizeinput[1] / 2 - ($targetheight - $symbolsize + 1) / 2) / $symbolsize)); |
|
| 616 | 616 | imagecopyresized($inputgd, $whiteimage, $targetplacementx - $symbolsize, $targetplacementy - $symbolsize, 0, 0, $targetwidth + 2 * $symbolsize, $targetheight + 2 * $symbolsize, $targetwidth + 2 * $symbolsize, $targetheight + 2 * $symbolsize); |
| 617 | 617 | imagecopyresized($inputgd, $logogd, $targetplacementx, $targetplacementy, 0, 0, $targetwidth, $targetheight, $sizelogo[0], $sizelogo[1]); |
| 618 | 618 | ob_start(); |
@@ -662,9 +662,9 @@ discard block |
||
| 662 | 662 | $message = "Your configuration appears to be fine."; |
| 663 | 663 | break; |
| 664 | 664 | default: |
| 665 | - throw new Exception("The result code level " . $test->test_result['global'] . " is not defined!"); |
|
| 665 | + throw new Exception("The result code level ".$test->test_result['global']." is not defined!"); |
|
| 666 | 666 | } |
| 667 | - $out .= $this->boxFlexible($test->test_result['global'], "<br><strong>Test Summary</strong><br>" . $message . "<br>See below for details<br><hr>"); |
|
| 667 | + $out .= $this->boxFlexible($test->test_result['global'], "<br><strong>Test Summary</strong><br>".$message."<br>See below for details<br><hr>"); |
|
| 668 | 668 | foreach ($test->out as $testValue) { |
| 669 | 669 | foreach ($testValue as $o) { |
| 670 | 670 | $out .= $this->boxFlexible($o['level'], $o['message']); |
@@ -20,7 +20,7 @@ discard block |
||
| 20 | 20 | /* |
| 21 | 21 | * Class autoloader invocation, should be included prior to any other code at the entry points to the application |
| 22 | 22 | */ |
| 23 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 23 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 24 | 24 | |
| 25 | 25 | $auth = new \web\lib\admin\Authentication(); |
| 26 | 26 | $auth->authenticate(); |
@@ -52,7 +52,7 @@ discard block |
||
| 52 | 52 | $fed = new \core\Federation($inst->federation); |
| 53 | 53 | $allowSb = $fed->getAttributes("fed:silverbullet"); |
| 54 | 54 | if (count($allowSb) == 0) { |
| 55 | - throw new Exception("We were told to create a new SB profile, but this " . \config\ConfAssistant::CONSORTIUM['nomenclature_federation'] . " does not allow SB at all!"); |
|
| 55 | + throw new Exception("We were told to create a new SB profile, but this ".\config\ConfAssistant::CONSORTIUM['nomenclature_federation']." does not allow SB at all!"); |
|
| 56 | 56 | } |
| 57 | 57 | // okay, new SB profiles are allowed. |
| 58 | 58 | // but is there a support:email attribute on inst level? |
@@ -63,7 +63,7 @@ discard block |
||
| 63 | 63 | // Create one. |
| 64 | 64 | $newProfile = $inst->newProfile(core\AbstractProfile::PROFILETYPE_SILVERBULLET); |
| 65 | 65 | // and modify the REQUEST_URI to add the new profile ID |
| 66 | - $_SERVER['REQUEST_URI'] = $_SERVER['REQUEST_URI'] . "&profile_id=" . $newProfile->identifier; |
|
| 66 | + $_SERVER['REQUEST_URI'] = $_SERVER['REQUEST_URI']."&profile_id=".$newProfile->identifier; |
|
| 67 | 67 | $_GET['profile_id'] = $newProfile->identifier; |
| 68 | 68 | $profile = $newProfile; |
| 69 | 69 | } else { |
@@ -88,7 +88,7 @@ discard block |
||
| 88 | 88 | if (isset($_POST['command'])) { |
| 89 | 89 | switch ($_POST['command']) { |
| 90 | 90 | case \web\lib\common\FormElements::BUTTON_CLOSE: |
| 91 | - header("Location: overview_org.php?inst_id=" . $inst->identifier); |
|
| 91 | + header("Location: overview_org.php?inst_id=".$inst->identifier); |
|
| 92 | 92 | break; |
| 93 | 93 | case \web\lib\common\FormElements::BUTTON_TERMSOFUSE_ACCEPTED: |
| 94 | 94 | if (isset($_POST['agreement']) && $_POST['agreement'] == 'true') { |
@@ -131,7 +131,7 @@ discard block |
||
| 131 | 131 | break; |
| 132 | 132 | } |
| 133 | 133 | $properName = $validator->syntaxConformUser($elements[0]); |
| 134 | - $properDate = new DateTime($elements[1] . " 00:00:00"); |
|
| 134 | + $properDate = new DateTime($elements[1]." 00:00:00"); |
|
| 135 | 135 | $numberOfActivations = $elements[2] ?? 5; |
| 136 | 136 | $number = $validator->integer($numberOfActivations); |
| 137 | 137 | if ($number === FALSE) { // invalid input received, default to sane |
@@ -234,18 +234,18 @@ discard block |
||
| 234 | 234 | // warn and ask for confirmation unless already confirmed |
| 235 | 235 | if (!isset($_POST['insecureconfirm']) || $_POST['insecureconfirm'] != "CONFIRM") { |
| 236 | 236 | echo $deco->pageheader(_("Insecure mail domain!"), "ADMIN-IDP-USERS"); |
| 237 | - echo "<p>" . sprintf(_("The mail domain of the mail address <strong>%s</strong> is not secure: some or all of the mail servers are not accepting encrypted connections (no consistent support for STARTTLS)."), $properEmail) . "</p>"; |
|
| 238 | - echo "<p>" . _("The invitation would need to be sent in cleartext across the internet, and can possibly be read and abused by anyone in transit.") . "</p>"; |
|
| 239 | - echo "<p>" . _("Do you want the system to send this mail anyway?") . "</p>"; |
|
| 237 | + echo "<p>".sprintf(_("The mail domain of the mail address <strong>%s</strong> is not secure: some or all of the mail servers are not accepting encrypted connections (no consistent support for STARTTLS)."), $properEmail)."</p>"; |
|
| 238 | + echo "<p>"._("The invitation would need to be sent in cleartext across the internet, and can possibly be read and abused by anyone in transit.")."</p>"; |
|
| 239 | + echo "<p>"._("Do you want the system to send this mail anyway?")."</p>"; |
|
| 240 | 240 | echo $formtext; |
| 241 | - echo "<button type='submit' class='delete'>" . _("DO NOT SEND") . "</button>"; |
|
| 241 | + echo "<button type='submit' class='delete'>"._("DO NOT SEND")."</button>"; |
|
| 242 | 242 | echo "</form>"; |
| 243 | 243 | echo $formtext; |
| 244 | - echo "<input type='hidden' name='command' value='" . \web\lib\common\FormElements::BUTTON_SENDINVITATIONMAILBYCAT . "'</>"; |
|
| 244 | + echo "<input type='hidden' name='command' value='".\web\lib\common\FormElements::BUTTON_SENDINVITATIONMAILBYCAT."'</>"; |
|
| 245 | 245 | echo "<input type='hidden' name='address' value='$properEmail'</>"; |
| 246 | - echo "<input type='hidden' name='token' value='" . $invitationObject->invitationTokenString . "'</>"; |
|
| 246 | + echo "<input type='hidden' name='token' value='".$invitationObject->invitationTokenString."'</>"; |
|
| 247 | 247 | echo "<input type='hidden' name='insecureconfirm' value='CONFIRM'/>"; |
| 248 | - echo "<button type='submit'>" . _("Send anyway.") . "</button>"; |
|
| 248 | + echo "<button type='submit'>"._("Send anyway.")."</button>"; |
|
| 249 | 249 | echo "</form>"; |
| 250 | 250 | echo $deco->footer(); |
| 251 | 251 | exit; |
@@ -296,7 +296,7 @@ discard block |
||
| 296 | 296 | $activeUsers = $profile->listActiveUsers(); |
| 297 | 297 | |
| 298 | 298 | |
| 299 | -echo $deco->defaultPagePrelude(sprintf(_('Managing %s users'), \core\ProfileSilverbullet::PRODUCTNAME )); |
|
| 299 | +echo $deco->defaultPagePrelude(sprintf(_('Managing %s users'), \core\ProfileSilverbullet::PRODUCTNAME)); |
|
| 300 | 300 | |
| 301 | 301 | ?> |
| 302 | 302 | <script src='js/option_expand.js' type='text/javascript'></script> |
@@ -339,12 +339,12 @@ discard block |
||
| 339 | 339 | <img src='../resources/images/icons/loading51.gif' id='spin' alt='loading...' style='position:absolute;left: 50%; top: 50%; transform: translate(-100px, -50px); display:none; z-index: 100;'> |
| 340 | 340 | <?php echo $uiElements->instLevelInfoBoxes($inst); ?> |
| 341 | 341 | <div class='infobox'> |
| 342 | - <h2><?php $tablecaption = sprintf(_('Current %s users'), \core\ProfileSilverbullet::PRODUCTNAME); echo $tablecaption;?></h2> |
|
| 342 | + <h2><?php $tablecaption = sprintf(_('Current %s users'), \core\ProfileSilverbullet::PRODUCTNAME); echo $tablecaption; ?></h2> |
|
| 343 | 343 | <table> |
| 344 | - <caption><?php echo $tablecaption;?></caption> |
|
| 344 | + <caption><?php echo $tablecaption; ?></caption> |
|
| 345 | 345 | <tr> |
| 346 | - <th class="wai-invisible" scope="col"><?php echo _("Property Type");?></th> |
|
| 347 | - <th class="wai-invisible" scope="col"><?php echo _("Property Value");?></th> |
|
| 346 | + <th class="wai-invisible" scope="col"><?php echo _("Property Type"); ?></th> |
|
| 347 | + <th class="wai-invisible" scope="col"><?php echo _("Property Value"); ?></th> |
|
| 348 | 348 | </tr> |
| 349 | 349 | |
| 350 | 350 | <tr> |
@@ -368,19 +368,19 @@ discard block |
||
| 368 | 368 | case "NOSTIPULATION": |
| 369 | 369 | break; |
| 370 | 370 | case "EMAIL-SENT": |
| 371 | - echo $boundaryPre . $uiElements->boxOkay(_("The e-mail was sent successfully."), _("E-mail OK."), FALSE) . $boundaryPost; |
|
| 371 | + echo $boundaryPre.$uiElements->boxOkay(_("The e-mail was sent successfully."), _("E-mail OK."), FALSE).$boundaryPost; |
|
| 372 | 372 | break; |
| 373 | 373 | case "EMAIL-NOTSENT": |
| 374 | - echo $boundaryPre . $uiElements->boxError(_("The e-mail was NOT sent."), _("E-mail not OK."), FALSE) . $boundaryPost; |
|
| 374 | + echo $boundaryPre.$uiElements->boxError(_("The e-mail was NOT sent."), _("E-mail not OK."), FALSE).$boundaryPost; |
|
| 375 | 375 | break; |
| 376 | 376 | case "SMS-SENT": |
| 377 | - echo $boundaryPre . $uiElements->boxOkay(_("The SMS was sent successfully."), _("SMS OK."), FALSE) . $boundaryPost; |
|
| 377 | + echo $boundaryPre.$uiElements->boxOkay(_("The SMS was sent successfully."), _("SMS OK."), FALSE).$boundaryPost; |
|
| 378 | 378 | break; |
| 379 | 379 | case "SMS-NOTSENT": |
| 380 | - echo $boundaryPre . $uiElements->boxOkay(_("The SMS was NOT sent."), _("SMS not OK."), FALSE) . $boundaryPost; |
|
| 380 | + echo $boundaryPre.$uiElements->boxOkay(_("The SMS was NOT sent."), _("SMS not OK."), FALSE).$boundaryPost; |
|
| 381 | 381 | break; |
| 382 | 382 | case "SMS-FRAGMENT": |
| 383 | - echo $boundaryPre . $uiElements->boxWarning(_("Only a fragment of the SMS was sent. You should re-send it."), _("SMS Fragment."), FALSE) . $boundaryPost; |
|
| 383 | + echo $boundaryPre.$uiElements->boxWarning(_("Only a fragment of the SMS was sent. You should re-send it."), _("SMS Fragment."), FALSE).$boundaryPost; |
|
| 384 | 384 | break; |
| 385 | 385 | } |
| 386 | 386 | ?> |
@@ -393,17 +393,17 @@ discard block |
||
| 393 | 393 | <?php |
| 394 | 394 | $bufferCurrentUsers = "<table class='sb-user-table' style='max-width:1920px;'> |
| 395 | 395 | <tr class='sb-title-row_id'> |
| 396 | - <td>" . _("User") . "</td> |
|
| 397 | - <td>" . _("Token/Certificate details") . "</td> |
|
| 398 | - <td>" . _("User/Token Expiry") . "</td> |
|
| 399 | - <td>" . _("Actions") . "</td> |
|
| 396 | + <td>" . _("User")."</td> |
|
| 397 | + <td>" . _("Token/Certificate details")."</td> |
|
| 398 | + <td>" . _("User/Token Expiry")."</td> |
|
| 399 | + <td>" . _("Actions")."</td> |
|
| 400 | 400 | </tr>"; |
| 401 | 401 | $bufferPreviousUsers = "<table class='sb-user-table' style='max-width:1920px;'> |
| 402 | 402 | <tr class='sb-title-row_id'> |
| 403 | - <td>" . _("User") . "</td> |
|
| 404 | - <td>" . _("Certificate details") . "</td> |
|
| 405 | - <td>" . _("User Expiry") . "</td> |
|
| 406 | - <td>" . _("Actions") . "</td> |
|
| 403 | + <td>" . _("User")."</td> |
|
| 404 | + <td>" . _("Certificate details")."</td> |
|
| 405 | + <td>" . _("User Expiry")."</td> |
|
| 406 | + <td>" . _("Actions")."</td> |
|
| 407 | 407 | </tr>"; |
| 408 | 408 | |
| 409 | 409 | natsort($allUsers); |
@@ -460,23 +460,23 @@ discard block |
||
| 460 | 460 | $display = empty(devices\Devices::listDevices()[$oneCert->device]['display']) ? $oneCert->device : devices\Devices::listDevices()[$oneCert->device]['display']; |
| 461 | 461 | |
| 462 | 462 | $bufferText = "<div class='sb-certificate-summary ca-summary' $style> |
| 463 | - <div class='sb-certificate-details'>" . _("Device:") . " " . $display . |
|
| 464 | - "<br>" . _("Serial Number:") . " " . dechex($oneCert->serial) . |
|
| 465 | - "<br>" . _("CN:") . " " . explode('@', $oneCert->username)[0] . "@…" . |
|
| 466 | - "<br>" . _("Expiry:") . " " . $oneCert->expiry . |
|
| 467 | - "<br>" . _("Issued:") . " " . $oneCert->issued . |
|
| 468 | - "</div>" . |
|
| 463 | + <div class='sb-certificate-details'>"._("Device:")." ".$display. |
|
| 464 | + "<br>"._("Serial Number:")." ".dechex($oneCert->serial). |
|
| 465 | + "<br>"._("CN:")." ".explode('@', $oneCert->username)[0]."@…". |
|
| 466 | + "<br>"._("Expiry:")." ".$oneCert->expiry. |
|
| 467 | + "<br>"._("Issued:")." ".$oneCert->issued. |
|
| 468 | + "</div>". |
|
| 469 | 469 | "<div style='text-align:right;padding-top: 5px; $buttonStyle'>"; |
| 470 | 470 | |
| 471 | 471 | if ($buttonText == "") { |
| 472 | 472 | $bufferText .= $formtext |
| 473 | - . "<input type='hidden' name='certSerial' value='" . $oneCert->serial . "'/>" |
|
| 474 | - . "<input type='hidden' name='certAlgo' value='" . $oneCert->ca_type . "'/>" |
|
| 473 | + . "<input type='hidden' name='certSerial' value='".$oneCert->serial."'/>" |
|
| 474 | + . "<input type='hidden' name='certAlgo' value='".$oneCert->ca_type."'/>" |
|
| 475 | 475 | . "<button type='submit' " |
| 476 | 476 | . "name='command' " |
| 477 | - . "value='" . \web\lib\common\FormElements::BUTTON_REVOKECREDENTIAL . "' " |
|
| 477 | + . "value='".\web\lib\common\FormElements::BUTTON_REVOKECREDENTIAL."' " |
|
| 478 | 478 | . "class='delete admin_only' " |
| 479 | - . "onclick='return confirm(\"" . sprintf(_("The device in question will stop functioning with %s. The revocation cannot be undone. Are you sure you want to do this?"), \config\ConfAssistant::CONSORTIUM['display_name']) . "\")'>" |
|
| 479 | + . "onclick='return confirm(\"".sprintf(_("The device in question will stop functioning with %s. The revocation cannot be undone. Are you sure you want to do this?"), \config\ConfAssistant::CONSORTIUM['display_name'])."\")'>" |
|
| 480 | 480 | . _("Revoke") |
| 481 | 481 | . "</button>" |
| 482 | 482 | . "</form>"; |
@@ -501,13 +501,13 @@ discard block |
||
| 501 | 501 | } |
| 502 | 502 | // wrap the revoked and expired certs in a div that is hidden by default |
| 503 | 503 | if ($textRevokedCerts !== "") { |
| 504 | - $textRevokedCerts = "<span style='text-decoration: underline;' id='$oneUserId-revoked-heading' onclick='document.getElementById(\"$oneUserId-revoked-certs\").style.display = \"block\"; document.getElementById(\"$oneUserId-revoked-heading\").style.display = \"none\";'>" . sprintf(ngettext("(show %d revoked certificate)", "(show %d revoked certificates)", $countRevoked), $countRevoked) . "</span><div id='$oneUserId-revoked-certs' style='display:none;'>" . $textRevokedCerts . "</div>"; |
|
| 504 | + $textRevokedCerts = "<span style='text-decoration: underline;' id='$oneUserId-revoked-heading' onclick='document.getElementById(\"$oneUserId-revoked-certs\").style.display = \"block\"; document.getElementById(\"$oneUserId-revoked-heading\").style.display = \"none\";'>".sprintf(ngettext("(show %d revoked certificate)", "(show %d revoked certificates)", $countRevoked), $countRevoked)."</span><div id='$oneUserId-revoked-certs' style='display:none;'>".$textRevokedCerts."</div>"; |
|
| 505 | 505 | } |
| 506 | 506 | if ($textExpiredCerts !== "") { |
| 507 | - $textExpiredCerts = "<span style='text-decoration: underline;' id='$oneUserId-expired-heading' onclick='document.getElementById(\"$oneUserId-expired-certs\").style.display = \"block\"; document.getElementById(\"$oneUserId-expired-heading\").style.display = \"none\";'>" . sprintf(ngettext("(show %d expired certificate)", "(show %d expired certificates)", $countExpired), $countExpired) . "</span><div id='$oneUserId-expired-certs' style='display:none;'>" . $textExpiredCerts . "</div>"; |
|
| 507 | + $textExpiredCerts = "<span style='text-decoration: underline;' id='$oneUserId-expired-heading' onclick='document.getElementById(\"$oneUserId-expired-certs\").style.display = \"block\"; document.getElementById(\"$oneUserId-expired-heading\").style.display = \"none\";'>".sprintf(ngettext("(show %d expired certificate)", "(show %d expired certificates)", $countExpired), $countExpired)."</span><div id='$oneUserId-expired-certs' style='display:none;'>".$textExpiredCerts."</div>"; |
|
| 508 | 508 | } |
| 509 | 509 | // and push out the HTML |
| 510 | - ${$outputBuffer} .= $textActiveCerts . "<br/>" . $textExpiredCerts . " " . $textRevokedCerts . "</td>"; |
|
| 510 | + ${$outputBuffer} .= $textActiveCerts."<br/>".$textExpiredCerts." ".$textRevokedCerts."</td>"; |
|
| 511 | 511 | $tokenHtmlBuffer = ""; |
| 512 | 512 | $hasOnePendingInvite = FALSE; |
| 513 | 513 | foreach ($tokensWithoutCerts as $invitationObject) { |
@@ -518,38 +518,38 @@ discard block |
||
| 518 | 518 | $tokenHtmlBuffer .= "<tr class='sb-certificate-row_id admin_only'><td></td>"; |
| 519 | 519 | $jsEncodedBody = str_replace('\n', '%0D%0A', str_replace('"', '', json_encode($invitationObject->invitationMailBody()))); |
| 520 | 520 | $tokenHtmlBuffer .= "<td>"; |
| 521 | - $tokenHtmlBuffer .= sprintf(_("The invitation token %s is ready for sending! Choose how to send it:"), "<input type='text' readonly='readonly' style='background-color:lightgrey;' size='60' value='" . $invitationObject->link() . "' name='token' class='identifiedtokenarea-" . $invitationObject->identifier . "'>(…)<br/>"); |
|
| 521 | + $tokenHtmlBuffer .= sprintf(_("The invitation token %s is ready for sending! Choose how to send it:"), "<input type='text' readonly='readonly' style='background-color:lightgrey;' size='60' value='".$invitationObject->link()."' name='token' class='identifiedtokenarea-".$invitationObject->identifier."'>(…)<br/>"); |
|
| 522 | 522 | $tokenHtmlBuffer .= "<table> |
| 523 | - <tr><td style='vertical-align:bottom;'>" . _("E-Mail:") . "</td><td> |
|
| 523 | + <tr><td style='vertical-align:bottom;'>" . _("E-Mail:")."</td><td> |
|
| 524 | 524 | $formtext |
| 525 | - <input type='hidden' value='" . $invitationObject->invitationTokenString . "' name='token'><br/> |
|
| 525 | + <input type='hidden' value='".$invitationObject->invitationTokenString."' name='token'><br/> |
|
| 526 | 526 | <input type='text' name='address' id='address-$invitationObject->identifier'/> |
| 527 | - <button type='button' onclick='window.location=\"mailto:\"+document.getElementById(\"address-$invitationObject->identifier\").value+\"?subject=" . $invitationObject->invitationMailSubject() . "&body=$jsEncodedBody\"; return false;'>" . _("Local mail client") . "</button> |
|
| 528 | - <button type='submit' name='command' onclick='document.getElementById(\"spin\").style.display =\"block\"' value='" . \web\lib\common\FormElements::BUTTON_SENDINVITATIONMAILBYCAT . "'>" . _("Send with CAT") . "</button> |
|
| 527 | + <button type='button' onclick='window.location=\"mailto:\"+document.getElementById(\"address-$invitationObject->identifier\").value+\"?subject=".$invitationObject->invitationMailSubject()."&body=$jsEncodedBody\"; return false;'>"._("Local mail client")."</button> |
|
| 528 | + <button type='submit' name='command' onclick='document.getElementById(\"spin\").style.display =\"block\"' value='" . \web\lib\common\FormElements::BUTTON_SENDINVITATIONMAILBYCAT."'>"._("Send with CAT")."</button> |
|
| 529 | 529 | </form> |
| 530 | 530 | </td></tr> |
| 531 | - <tr><td style='vertical-align:bottom;'>" . _("SMS:") . "</td><td> |
|
| 531 | + <tr><td style='vertical-align:bottom;'>" . _("SMS:")."</td><td> |
|
| 532 | 532 | $formtext |
| 533 | - <input type='hidden' value='" . $invitationObject->invitationTokenString . "' name='token'><br/> |
|
| 533 | + <input type='hidden' value='".$invitationObject->invitationTokenString."' name='token'><br/> |
|
| 534 | 534 | <input type='text' name='smsnumber' /> |
| 535 | - <button type='submit' name='command' value='" . \web\lib\common\FormElements::BUTTON_SENDINVITATIONSMS . "'>" . _("Send in SMS...") . "</button> |
|
| 535 | + <button type='submit' name='command' value='" . \web\lib\common\FormElements::BUTTON_SENDINVITATIONSMS."'>"._("Send in SMS...")."</button> |
|
| 536 | 536 | </form> |
| 537 | 537 | </td></tr> |
| 538 | - <tr><td style='vertical-align:bottom;'>" . _("Manual:") . "</td><td> |
|
| 539 | - <button type='button' class='clipboardButton admin_only' onclick='clipboardCopy(" . $invitationObject->identifier . ");'>" . _("Copy to Clipboard") . "</button> |
|
| 538 | + <tr><td style='vertical-align:bottom;'>" . _("Manual:")."</td><td> |
|
| 539 | + <button type='button' class='clipboardButton admin_only' onclick='clipboardCopy(" . $invitationObject->identifier.");'>"._("Copy to Clipboard")."</button> |
|
| 540 | 540 | <form style='display:inline-block;' method='post' action='inc/displayQRcode.inc.php' onsubmit='popupQRWindow(this); return false;' accept-charset='UTF-8'> |
| 541 | - <input type='hidden' value='" . $invitationObject->invitationTokenString . "' name='token'><br/> |
|
| 542 | - <button type='submit'>" . _("Display QR code") . "</button> |
|
| 541 | + <input type='hidden' value='" . $invitationObject->invitationTokenString."' name='token'><br/> |
|
| 542 | + <button type='submit'>" . _("Display QR code")."</button> |
|
| 543 | 543 | </form> |
| 544 | 544 | </td></tr> |
| 545 | 545 | |
| 546 | 546 | </table> |
| 547 | 547 | </td>"; |
| 548 | - $tokenHtmlBuffer .= "<td>" . _("Expiry Date:") . " " . $invitationObject->expiry . " UTC<br>" . _("Activations remaining:") . " " . sprintf(_("%d of %d"), $invitationObject->activationsRemaining, $invitationObject->activationsTotal) . "</td>"; |
|
| 548 | + $tokenHtmlBuffer .= "<td>"._("Expiry Date:")." ".$invitationObject->expiry." UTC<br>"._("Activations remaining:")." ".sprintf(_("%d of %d"), $invitationObject->activationsRemaining, $invitationObject->activationsTotal)."</td>"; |
|
| 549 | 549 | $tokenHtmlBuffer .= "<td>" |
| 550 | 550 | . $formtext |
| 551 | - . "<input type='hidden' name='invitationtoken' value='" . $invitationObject->invitationTokenString . "'/>" |
|
| 552 | - . "<button type='submit' name='command' value='" . \web\lib\common\FormElements::BUTTON_REVOKEINVITATION . "' class='delete'>" . _("Revoke") . "</button></form>" |
|
| 551 | + . "<input type='hidden' name='invitationtoken' value='".$invitationObject->invitationTokenString."'/>" |
|
| 552 | + . "<button type='submit' name='command' value='".\web\lib\common\FormElements::BUTTON_REVOKEINVITATION."' class='delete'>"._("Revoke")."</button></form>" |
|
| 553 | 553 | . "</td></tr>"; |
| 554 | 554 | break; |
| 555 | 555 | case core\SilverbulletInvitation::SB_TOKENSTATUS_EXPIRED: |
@@ -565,10 +565,10 @@ discard block |
||
| 565 | 565 | } |
| 566 | 566 | ${$outputBuffer} .= "<td>$formtext |
| 567 | 567 | <div class='sb-date-container' style='min-width: 200px;'> |
| 568 | - <span><input type='text' maxlength='19' class='sb-date-picker' name='userexpiry' value='" . $profile->getUserExpiryDate($oneUserId) . "'> (UTC)</span> |
|
| 568 | + <span><input type='text' maxlength='19' class='sb-date-picker' name='userexpiry' value='".$profile->getUserExpiryDate($oneUserId)."'> (UTC)</span> |
|
| 569 | 569 | </div> |
| 570 | 570 | <input type='hidden' name='userid' value='$oneUserId'/> |
| 571 | - <button type='submit' class='admin_only' name='command' value='" . \web\lib\common\FormElements::BUTTON_CHANGEUSEREXPIRY . "'>" . _("Update") . "</button> |
|
| 571 | + <button type='submit' class='admin_only' name='command' value='".\web\lib\common\FormElements::BUTTON_CHANGEUSEREXPIRY."'>"._("Update")."</button> |
|
| 572 | 572 | </form> |
| 573 | 573 | </td> |
| 574 | 574 | <td> |
@@ -576,33 +576,33 @@ discard block |
||
| 576 | 576 | |
| 577 | 577 | if ($hasOnePendingInvite || count($validCerts) > 0) { |
| 578 | 578 | $deletionText = sprintf(_("All of the currently active devices will stop functioning with %s. This cannot be undone. While the user can be re-activated later, they will then need to be re-provisioned with new invitation tokens. Are you sure you want to do this?"), \config\ConfAssistant::CONSORTIUM['display_name']); |
| 579 | - ${$outputBuffer} .= $formtext . " |
|
| 579 | + ${$outputBuffer} .= $formtext." |
|
| 580 | 580 | <input type='hidden' name='userid' value='$oneUserId'/> |
| 581 | 581 | <button type='submit' " |
| 582 | 582 | . "name='command' " |
| 583 | - . "value='" . \web\lib\common\FormElements::BUTTON_DEACTIVATEUSER . "' " |
|
| 583 | + . "value='".\web\lib\common\FormElements::BUTTON_DEACTIVATEUSER."' " |
|
| 584 | 584 | . "class='delete admin_only' " |
| 585 | - . ( count($validCerts) > 0 ? "onclick='return confirm(\"" . $deletionText . "\")' " : "" ) |
|
| 585 | + . (count($validCerts) > 0 ? "onclick='return confirm(\"".$deletionText."\")' " : "") |
|
| 586 | 586 | . ">" |
| 587 | 587 | . _("Deactivate User") |
| 588 | 588 | . "</button> |
| 589 | 589 | </form>"; |
| 590 | 590 | } |
| 591 | - ${$outputBuffer} .= "<form method='post' action='inc/userStats.inc.php?inst_id=" . $profile->institution . "&profile_id=" . $profile->identifier . "&user_id=$oneUserId' onsubmit='popupStatsWindow(this); return false;' accept-charset='UTF-8'> |
|
| 592 | - <button type='submit'>" . _("Show Authentication Records") . "</button> |
|
| 591 | + ${$outputBuffer} .= "<form method='post' action='inc/userStats.inc.php?inst_id=".$profile->institution."&profile_id=".$profile->identifier."&user_id=$oneUserId' onsubmit='popupStatsWindow(this); return false;' accept-charset='UTF-8'> |
|
| 592 | + <button type='submit'>"._("Show Authentication Records")."</button> |
|
| 593 | 593 | </form>"; |
| 594 | 594 | if (new DateTime() < new DateTime($expiryDate)) { // current user, allow sending new token |
| 595 | - ${$outputBuffer} .= $formtext . " |
|
| 595 | + ${$outputBuffer} .= $formtext." |
|
| 596 | 596 | <input type='hidden' name='userid' value='$oneUserId'/> |
| 597 | - <button type='submit' name='command' class='admin_only' value='" . \web\lib\common\FormElements::BUTTON_NEWINVITATION . "'>" . _("New Invitation") . "</button> |
|
| 598 | - <label>" . _("Activations:") . " |
|
| 597 | + <button type='submit' name='command' class='admin_only' value='".\web\lib\common\FormElements::BUTTON_NEWINVITATION."'>"._("New Invitation")."</button> |
|
| 598 | + <label>" . _("Activations:")." |
|
| 599 | 599 | <input type='text' name='invitationsquantity' value='5' maxlength='3' style='width: 30px;'/> |
| 600 | 600 | </label> |
| 601 | 601 | </form>"; |
| 602 | 602 | } elseif (count($profile->getUserAuthRecords($oneUserId, true)) == 0) { // previous user; if there are NO authentication records, allow full deletion - otherwise, need to keep user trace for abuse handling |
| 603 | - ${$outputBuffer} .= $formtext . " |
|
| 603 | + ${$outputBuffer} .= $formtext." |
|
| 604 | 604 | <input type='hidden' name='userid' value='$oneUserId'/> |
| 605 | - <button type='submit' class='delete admin_only' name='command' value='" . \web\lib\common\FormElements::BUTTON_DELETE . "'>" . _("Delete User") . "</button> |
|
| 605 | + <button type='submit' class='delete admin_only' name='command' value='".\web\lib\common\FormElements::BUTTON_DELETE."'>"._("Delete User")."</button> |
|
| 606 | 606 | </form>"; |
| 607 | 607 | } |
| 608 | 608 | ${$outputBuffer} .= "</div> |
@@ -634,13 +634,13 @@ discard block |
||
| 634 | 634 | . ' If all accounts shown as active above are indeed still valid, please check the box below and push "Save".' |
| 635 | 635 | . ' If any of the accounts are stale, please deactivate them by pushing the corresponding button before doing this.'), \config\ConfAssistant::SILVERBULLET['gracetime'] ?? core\ProfileSilverbullet::SB_ACKNOWLEDGEMENT_REQUIRED_DAYS); |
| 636 | 636 | |
| 637 | - echo $formtext . "<div style='padding-bottom: 20px;'>" |
|
| 637 | + echo $formtext."<div style='padding-bottom: 20px;'>" |
|
| 638 | 638 | . " |
| 639 | 639 | <p>$acknowledgeText</p> |
| 640 | 640 | <input type='checkbox' name='acknowledge' value='true'> |
| 641 | - <label>" . sprintf(_("I have verified that all configured users are still eligible for %s."),\config\ConfAssistant::CONSORTIUM['display_name']) . "</label> |
|
| 641 | + <label>".sprintf(_("I have verified that all configured users are still eligible for %s."), \config\ConfAssistant::CONSORTIUM['display_name'])."</label> |
|
| 642 | 642 | </div> |
| 643 | - <button type='submit' name='command' value='" . \web\lib\common\FormElements::BUTTON_ACKUSERELIGIBILITY . "'>" . _("Save") . "</button></form>"; |
|
| 643 | + <button type='submit' name='command' value='" . \web\lib\common\FormElements::BUTTON_ACKUSERELIGIBILITY."'>"._("Save")."</button></form>"; |
|
| 644 | 644 | } |
| 645 | 645 | ?> |
| 646 | 646 | </div> |
@@ -150,7 +150,7 @@ discard block |
||
| 150 | 150 | <div id="tabs-2"> |
| 151 | 151 | <!--<button id="run_s_tests" onclick="run_udp()"><?php echo _("Repeat static connectivity tests") ?></button>--> |
| 152 | 152 | <p> |
| 153 | - <?php print $realmTests->printStatic();?> |
|
| 153 | + <?php print $realmTests->printStatic(); ?> |
|
| 154 | 154 | |
| 155 | 155 | <!-- tabs-2 end --> |
| 156 | 156 | </div> |
@@ -160,7 +160,7 @@ discard block |
||
| 160 | 160 | ?> |
| 161 | 161 | <div id="tabs-3"> |
| 162 | 162 | <!--<button id="run_d_tests" onclick="run_dynamic()"><?php echo _("Repeat dynamic connectivity tests") ?></button>--> |
| 163 | - <?php print $realmTests->printDynamic();?> |
|
| 163 | + <?php print $realmTests->printDynamic(); ?> |
|
| 164 | 164 | <!-- tabs-3 end --> |
| 165 | 165 | </div> |
| 166 | 166 | <?php |
@@ -39,7 +39,7 @@ discard block |
||
| 39 | 39 | * @param int $timeout the timeout to download |
| 40 | 40 | * @return string|boolean the data we got back, or FALSE on failure |
| 41 | 41 | */ |
| 42 | - public static function downloadFile($url, $timeout=0) |
|
| 42 | + public static function downloadFile($url, $timeout = 0) |
|
| 43 | 43 | { |
| 44 | 44 | $loggerInstance = new \core\common\Logging(); |
| 45 | 45 | if (!preg_match("/:\/\//", $url)) { |
@@ -129,7 +129,7 @@ discard block |
||
| 129 | 129 | $loggerInstance->debug(4, "OutsideComm::mailAddressValidSecure: no MX."); |
| 130 | 130 | return OutsideComm::MAILDOMAIN_NO_MX; |
| 131 | 131 | } |
| 132 | - $loggerInstance->debug(5, "Domain: $domain MX: " . /** @scrutinizer ignore-type */ print_r($mx, TRUE)); |
|
| 132 | + $loggerInstance->debug(5, "Domain: $domain MX: "./** @scrutinizer ignore-type */ print_r($mx, TRUE)); |
|
| 133 | 133 | // create a pool of A and AAAA records for all the MXes |
| 134 | 134 | $ipAddrs = []; |
| 135 | 135 | foreach ($mx as $onemx) { |
@@ -139,14 +139,14 @@ discard block |
||
| 139 | 139 | $ipAddrs[] = $oneipv4['ip']; |
| 140 | 140 | } |
| 141 | 141 | foreach ($v6list as $oneipv6) { |
| 142 | - $ipAddrs[] = "[" . $oneipv6['ipv6'] . "]"; |
|
| 142 | + $ipAddrs[] = "[".$oneipv6['ipv6']."]"; |
|
| 143 | 143 | } |
| 144 | 144 | } |
| 145 | 145 | if (count($ipAddrs) == 0) { |
| 146 | 146 | $loggerInstance->debug(4, "OutsideComm::mailAddressValidSecure: no mailserver hosts."); |
| 147 | 147 | return OutsideComm::MAILDOMAIN_NO_HOST; |
| 148 | 148 | } |
| 149 | - $loggerInstance->debug(5, "Domain: $domain Addrs: " . /** @scrutinizer ignore-type */ print_r($ipAddrs, TRUE)); |
|
| 149 | + $loggerInstance->debug(5, "Domain: $domain Addrs: "./** @scrutinizer ignore-type */ print_r($ipAddrs, TRUE)); |
|
| 150 | 150 | // connect to all hosts. If all can't connect, return MAILDOMAIN_NO_CONNECT. |
| 151 | 151 | // If at least one does not support STARTTLS or one of the hosts doesn't connect |
| 152 | 152 | // , return MAILDOMAIN_NO_STARTTLS (one which we can't connect to we also |
@@ -199,7 +199,7 @@ discard block |
||
| 199 | 199 | switch (\config\ConfAssistant::SMSSETTINGS['provider']) { |
| 200 | 200 | case 'Nexmo': |
| 201 | 201 | // taken from https://docs.nexmo.com/messaging/sms-api |
| 202 | - $url = 'https://rest.nexmo.com/sms/json?' . http_build_query( |
|
| 202 | + $url = 'https://rest.nexmo.com/sms/json?'.http_build_query( |
|
| 203 | 203 | [ |
| 204 | 204 | 'api_key' => \config\ConfAssistant::SMSSETTINGS['username'], |
| 205 | 205 | 'api_secret' => \config\ConfAssistant::SMSSETTINGS['password'], |
@@ -230,14 +230,14 @@ discard block |
||
| 230 | 230 | $loggerInstance->debug(2, 'Problem with SMS invitation: no message was sent!'); |
| 231 | 231 | return OutsideComm::SMS_NOTSENT; |
| 232 | 232 | } |
| 233 | - $loggerInstance->debug(2, 'Total of ' . $messageCount . ' messages were attempted to send.'); |
|
| 233 | + $loggerInstance->debug(2, 'Total of '.$messageCount.' messages were attempted to send.'); |
|
| 234 | 234 | |
| 235 | 235 | $totalFailures = 0; |
| 236 | 236 | foreach ($decoded_response['messages'] as $message) { |
| 237 | 237 | if ($message['status'] == 0) { |
| 238 | - $loggerInstance->debug(2, $message['message-id'] . ": Success"); |
|
| 238 | + $loggerInstance->debug(2, $message['message-id'].": Success"); |
|
| 239 | 239 | } else { |
| 240 | - $loggerInstance->debug(2, $message['message-id'] . ": Failed (failure code = " . $message['status'] . ")"); |
|
| 240 | + $loggerInstance->debug(2, $message['message-id'].": Failed (failure code = ".$message['status'].")"); |
|
| 241 | 241 | $totalFailures++; |
| 242 | 242 | } |
| 243 | 243 | } |
@@ -306,7 +306,7 @@ discard block |
||
| 306 | 306 | $proto = "https://"; |
| 307 | 307 | } |
| 308 | 308 | // then, send out the mail |
| 309 | - $message = _("Hello,") . "\n\n" . wordwrap($introTexts[$introtext] . " " . $validity, 72) . "\n\n"; |
|
| 309 | + $message = _("Hello,")."\n\n".wordwrap($introTexts[$introtext]." ".$validity, 72)."\n\n"; |
|
| 310 | 310 | // default means we don't have a Reply-To. |
| 311 | 311 | $replyToMessage = wordwrap(_("manually. Please do not reply to this mail; this is a send-only address.")); |
| 312 | 312 | |
@@ -314,8 +314,8 @@ discard block |
||
| 314 | 314 | // see if we are supposed to add a custom message |
| 315 | 315 | $customtext = $federation->getAttributes('fed:custominvite'); |
| 316 | 316 | if (count($customtext) > 0) { |
| 317 | - $message .= wordwrap(sprintf(_("Additional message from your %s administrator:"), Entity::$nomenclature_fed), 72) . "\n---------------------------------" . |
|
| 318 | - wordwrap($customtext[0]['value'], 72) . "\n---------------------------------\n\n"; |
|
| 317 | + $message .= wordwrap(sprintf(_("Additional message from your %s administrator:"), Entity::$nomenclature_fed), 72)."\n---------------------------------". |
|
| 318 | + wordwrap($customtext[0]['value'], 72)."\n---------------------------------\n\n"; |
|
| 319 | 319 | } |
| 320 | 320 | // and add Reply-To already now |
| 321 | 321 | foreach ($federation->listFederationAdmins() as $fedadmin_id) { |
@@ -331,19 +331,19 @@ discard block |
||
| 331 | 331 | } |
| 332 | 332 | $productname = \config\Master::APPEARANCE['productname']; |
| 333 | 333 | $consortium = \config\ConfAssistant::CONSORTIUM['display_name']; |
| 334 | - $message .= wordwrap(sprintf(_("To enlist as an administrator for that %s, please click on the following link:"), Entity::$nomenclature_participant), 72) . "\n\n" . |
|
| 335 | - $proto . $_SERVER['SERVER_NAME'] . \config\Master::PATHS['cat_base_url'] . "admin/action_enrollment.php?token=$newtoken\n\n" . |
|
| 336 | - wordwrap(sprintf(_("If clicking the link doesn't work, you can also go to the %s Administrator Interface at"), $productname), 72) . "\n\n" . |
|
| 337 | - $proto . $_SERVER['SERVER_NAME'] . \config\Master::PATHS['cat_base_url'] . "admin/\n\n" . |
|
| 338 | - _("and enter the invitation token") . "\n\n" . |
|
| 339 | - $newtoken . "\n\n$replyToMessage\n\n" . |
|
| 340 | - wordwrap(_("Do NOT forward the mail before the token has expired - or the recipients may be able to consume the token on your behalf!"), 72) . "\n\n" . |
|
| 341 | - wordwrap(sprintf(_("We wish you a lot of fun with the %s."), $productname), 72) . "\n\n" . |
|
| 334 | + $message .= wordwrap(sprintf(_("To enlist as an administrator for that %s, please click on the following link:"), Entity::$nomenclature_participant), 72)."\n\n". |
|
| 335 | + $proto.$_SERVER['SERVER_NAME'].\config\Master::PATHS['cat_base_url']."admin/action_enrollment.php?token=$newtoken\n\n". |
|
| 336 | + wordwrap(sprintf(_("If clicking the link doesn't work, you can also go to the %s Administrator Interface at"), $productname), 72)."\n\n". |
|
| 337 | + $proto.$_SERVER['SERVER_NAME'].\config\Master::PATHS['cat_base_url']."admin/\n\n". |
|
| 338 | + _("and enter the invitation token")."\n\n". |
|
| 339 | + $newtoken."\n\n$replyToMessage\n\n". |
|
| 340 | + wordwrap(_("Do NOT forward the mail before the token has expired - or the recipients may be able to consume the token on your behalf!"), 72)."\n\n". |
|
| 341 | + wordwrap(sprintf(_("We wish you a lot of fun with the %s."), $productname), 72)."\n\n". |
|
| 342 | 342 | sprintf(_("Sincerely,\n\nYour friendly folks from %s Operations"), $consortium); |
| 343 | 343 | |
| 344 | 344 | |
| 345 | 345 | // who to whom? |
| 346 | - $mail->FromName = \config\Master::APPEARANCE['productname'] . " Invitation System"; |
|
| 346 | + $mail->FromName = \config\Master::APPEARANCE['productname']." Invitation System"; |
|
| 347 | 347 | |
| 348 | 348 | if (isset(\config\Master::APPEARANCE['invitation-bcc-mail']) && \config\Master::APPEARANCE['invitation-bcc-mail'] !== NULL) { |
| 349 | 349 | $mail->addBCC(\config\Master::APPEARANCE['invitation-bcc-mail']); |
@@ -296,7 +296,7 @@ discard block |
||
| 296 | 296 | <table><tr> |
| 297 | 297 | <td class='icon_td'>"; |
| 298 | 298 | $out[] = "<img src='".$this->stateIcons[$this->globalLevelStatic]."' id='main_static_ico' class='icon'></td><td id='main_static_result'>". |
| 299 | - $this->globalInfo[$this->globalLevelStatic].' '. _("See the appropriate tab for details.").'</td> |
|
| 299 | + $this->globalInfo[$this->globalLevelStatic].' '._("See the appropriate tab for details.").'</td> |
|
| 300 | 300 | </tr></table>'; |
| 301 | 301 | if ($this->naptr > 0) { |
| 302 | 302 | $out[] = "<hr><strong>"._("Dynamic connectivity tests")."</strong> |
@@ -328,7 +328,7 @@ discard block |
||
| 328 | 328 | <td class='icon_td'><img src='".$this->stateIcons[$result->level]."' id='src".$hostindex."_img'></td> |
| 329 | 329 | <td id='src$hostindex' colspan=2> |
| 330 | 330 | "; |
| 331 | - $out[] = '<strong>'.($result->server ? $result->server : _("Connected to undetermined server")).'</strong><br/>'.sprintf (_("elapsed time: %sms."), $result->time_millisec).'<div>'.$result->message.'</div>'; |
|
| 331 | + $out[] = '<strong>'.($result->server ? $result->server : _("Connected to undetermined server")).'</strong><br/>'.sprintf(_("elapsed time: %sms."), $result->time_millisec).'<div>'.$result->message.'</div>'; |
|
| 332 | 332 | |
| 333 | 333 | if ($result->level > \core\common\Entity::L_OK && property_exists($result, 'cert_oddities')) { |
| 334 | 334 | foreach ($result->cert_oddities as $oddities) { |
@@ -345,9 +345,9 @@ discard block |
||
| 345 | 345 | } |
| 346 | 346 | } |
| 347 | 347 | if ($result->server_cert->extensions) { |
| 348 | - $certdesc .= '<li>' . _('Extensions') . '<ul>'; |
|
| 348 | + $certdesc .= '<li>'._('Extensions').'<ul>'; |
|
| 349 | 349 | foreach ($result->server_cert->extensions as $ekey => $eval) { |
| 350 | - $certdesc .= '<li>' . $ekey . ': ' . $eval; |
|
| 350 | + $certdesc .= '<li>'.$ekey.': '.$eval; |
|
| 351 | 351 | } |
| 352 | 352 | $certdesc .= '</ul>'; |
| 353 | 353 | } |
@@ -355,7 +355,7 @@ discard block |
||
| 355 | 355 | $more .= '<span class="morecontent"><span>'.$certdesc. |
| 356 | 356 | '</span><a href="" class="morelink">'._("show server certificate details").'»</a></span></div>'; |
| 357 | 357 | } |
| 358 | - if ($more != '' ) { |
|
| 358 | + if ($more != '') { |
|
| 359 | 359 | $out[] = '<tr><td> </td><td colspan="2">'.$more.'</td></tr>'; |
| 360 | 360 | } |
| 361 | 361 | $out[] = "</table></ul>"; |
@@ -379,10 +379,10 @@ discard block |
||
| 379 | 379 | if (isset($this->protocolsMap[$capath->IP]) && $this->protocolsMap[$capath->IP] != '') { |
| 380 | 380 | $prots = explode(';', $this->protocolsMap[$capath->IP]); |
| 381 | 381 | if (!empty($prots)) { |
| 382 | - $capathtest[] = ' ' . _("supported TLS protocols: "); |
|
| 382 | + $capathtest[] = ' '._("supported TLS protocols: "); |
|
| 383 | 383 | $capathtest[] = implode(', ', $prots); |
| 384 | 384 | if (!in_array("TLS1.3", $prots)) { |
| 385 | - $capathtest[] = ' ' . '<font color="red">' . _("not supported: ") . 'TLS1.3</font>'; |
|
| 385 | + $capathtest[] = ' '.'<font color="red">'._("not supported: ").'TLS1.3</font>'; |
|
| 386 | 386 | } |
| 387 | 387 | } |
| 388 | 388 | } |
@@ -405,7 +405,7 @@ discard block |
||
| 405 | 405 | if ($capath->certdata->validTo) { |
| 406 | 406 | $certdesc .= '<li>'.$this->certFields['validTo'].' '. |
| 407 | 407 | date_create_from_format('ymdGis', |
| 408 | - substr($capath->certdata->validTo, 0, -1))->format('Y-m-d H:i:s'). ' UTC'; |
|
| 408 | + substr($capath->certdata->validTo, 0, -1))->format('Y-m-d H:i:s').' UTC'; |
|
| 409 | 409 | } |
| 410 | 410 | if ($capath->certdata->extensions) { |
| 411 | 411 | if ($capath->certdata->extensions->subjectaltname) { |
@@ -428,7 +428,7 @@ discard block |
||
| 428 | 428 | } else { |
| 429 | 429 | $certdesc = '<br>'; |
| 430 | 430 | } |
| 431 | - $capathtest[] = '<div>'.($capath->message!='' ? $capath->message : _('Test failed')).'</div>'.$more; |
|
| 431 | + $capathtest[] = '<div>'.($capath->message != '' ? $capath->message : _('Test failed')).'</div>'.$more; |
|
| 432 | 432 | $capathtest[] = '</td> |
| 433 | 433 | </tr> |
| 434 | 434 | </table>'; |
@@ -455,7 +455,7 @@ discard block |
||
| 455 | 455 | $srefused = 0; |
| 456 | 456 | $cliinfo = ''; |
| 457 | 457 | $cliinfo .= '<li>'._('Client certificate').' <b>'.$ca->clientcertinfo->from. |
| 458 | - '</b>'.', '.$ca->clientcertinfo->message . |
|
| 458 | + '</b>'.', '.$ca->clientcertinfo->message. |
|
| 459 | 459 | '<br> (CA: '.$ca->clientcertinfo->issuer.')<ul>'; |
| 460 | 460 | foreach ($ca->certificate as $certificate) { |
| 461 | 461 | if ($certificate->returncode == \core\diag\RADIUSTests::RETVAL_CONNECTION_REFUSED) { |
@@ -521,7 +521,7 @@ discard block |
||
| 521 | 521 | } else { |
| 522 | 522 | $cliinfo = _('Test failed'); |
| 523 | 523 | $clientstest[] = "<table><tr><td class='icon_td' id='srcclient".$hostindex."_img'><img src='". |
| 524 | - $this->stateIcons[\core\common\Entity::L_WARN]."'></td>" . |
|
| 524 | + $this->stateIcons[\core\common\Entity::L_WARN]."'></td>". |
|
| 525 | 525 | "<td id='srcclient$hostindex'>$cliinfo</td></tr></table>"; |
| 526 | 526 | } |
| 527 | 527 | } else { |
@@ -168,27 +168,27 @@ discard block |
||
| 168 | 168 | { |
| 169 | 169 | // it could match CN or sAN:DNS, we don't care which |
| 170 | 170 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['subject'])) { |
| 171 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . |
|
| 172 | - " against Subject: " . $this->TLS_CA_checks_result[$host]['certdata']['subject']); |
|
| 171 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName. |
|
| 172 | + " against Subject: ".$this->TLS_CA_checks_result[$host]['certdata']['subject']); |
|
| 173 | 173 | // we are checking against accidental misconfig, not attacks, so loosely checking against end of string is appropriate |
| 174 | - if (preg_match("/CN=" . $this->expectedName . "/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 174 | + if (preg_match("/CN=".$this->expectedName."/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 175 | 175 | return TRUE; |
| 176 | 176 | } |
| 177 | 177 | } |
| 178 | 178 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname'])) { |
| 179 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . " against sANs: "); |
|
| 179 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName." against sANs: "); |
|
| 180 | 180 | $this->loggerInstance->debug(4, $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']); |
| 181 | 181 | $testNames = $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']; |
| 182 | 182 | if (!is_array($testNames)) { |
| 183 | 183 | $testNames = [$testNames]; |
| 184 | 184 | } |
| 185 | 185 | foreach ($testNames as $oneName) { |
| 186 | - if (preg_match("/" . $this->expectedName . "/", $oneName) === 1) { |
|
| 186 | + if (preg_match("/".$this->expectedName."/", $oneName) === 1) { |
|
| 187 | 187 | return TRUE; |
| 188 | 188 | } |
| 189 | 189 | } |
| 190 | 190 | } |
| 191 | - $this->loggerInstance->debug(3, "Tried to check expected server name " . $this->expectedName . " but neither CN nor sANs matched."); |
|
| 191 | + $this->loggerInstance->debug(3, "Tried to check expected server name ".$this->expectedName." but neither CN nor sANs matched."); |
|
| 192 | 192 | |
| 193 | 193 | $this->TLS_CA_checks_result[$host]['cert_oddity'] = RADIUSTests::CERTPROB_DYN_SERVER_NAME_MISMATCH; |
| 194 | 194 | return FALSE; |
@@ -218,9 +218,9 @@ discard block |
||
| 218 | 218 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['status'] = $cert['status']; |
| 219 | 219 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['message'] = $this->TLS_certkeys[$cert['status']]; |
| 220 | 220 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['expected'] = $cert['expected']; |
| 221 | - $add = ' -cert ' . ROOT . '/config/cli-certs/' . $cert['public'] . ' -key ' . ROOT . '/config/cli-certs/' . $cert['private']; |
|
| 222 | - if (!file_exists(ROOT . '/config/cli-certs/' . $cert['public']) ||!file_exists(ROOT . |
|
| 223 | - '/config/cli-certs/' . $cert['private'])) { |
|
| 221 | + $add = ' -cert '.ROOT.'/config/cli-certs/'.$cert['public'].' -key '.ROOT.'/config/cli-certs/'.$cert['private']; |
|
| 222 | + if (!file_exists(ROOT.'/config/cli-certs/'.$cert['public']) || !file_exists(ROOT. |
|
| 223 | + '/config/cli-certs/'.$cert['private'])) { |
|
| 224 | 224 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['finalerror'] = 2; |
| 225 | 225 | continue; |
| 226 | 226 | } |
@@ -228,7 +228,7 @@ discard block |
||
| 228 | 228 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k] = []; |
| 229 | 229 | } |
| 230 | 230 | // tls1_3 connections have a problem in strdout/stderr buffering |
| 231 | - $add .= ' ' . "-no_ssl3 -no_tls1_3"; |
|
| 231 | + $add .= ' '."-no_ssl3 -no_tls1_3"; |
|
| 232 | 232 | $opensslbabble = $this->execOpensslClient($host, $add, $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]); |
| 233 | 233 | $res = $this->opensslClientsResult($host, $opensslbabble, $this->TLS_clients_checks_result, $type, $k); |
| 234 | 234 | if ($cert['expected'] == 'PASS') { |
@@ -270,11 +270,11 @@ discard block |
||
| 270 | 270 | // but code analysers want this more explicit, so here is this extra |
| 271 | 271 | // call to escapeshellarg() |
| 272 | 272 | $escapedHost = escapeshellarg($host); |
| 273 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 273 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 274 | 274 | $time_start = microtime(true); |
| 275 | 275 | $opensslbabble = []; |
| 276 | 276 | $result = 999; // likely to become zero by openssl; don't want to initialise to zero, could cover up exec failures |
| 277 | - exec(\config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 277 | + exec(\config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 278 | 278 | $time_stop = microtime(true); |
| 279 | 279 | $testresults['time_millisec'] = floor(($time_stop - $time_start) * 1000); |
| 280 | 280 | $testresults['returncode'] = $result; |
@@ -396,7 +396,7 @@ discard block |
||
| 396 | 396 | private function propertyCheckPolicy($cert) |
| 397 | 397 | { |
| 398 | 398 | $oids = []; |
| 399 | - if (isset($cert['extensions']['certificatePolicies']) && $cert['extensions']['certificatePolicies']) { |
|
| 399 | + if (isset($cert['extensions']['certificatePolicies']) && $cert['extensions']['certificatePolicies']) { |
|
| 400 | 400 | foreach (\config\Diagnostics::RADIUSTESTS['TLS-acceptableOIDs'] as $key => $oid) { |
| 401 | 401 | if (preg_match("/Policy: $oid/", $cert['extensions']['certificatePolicies'])) { |
| 402 | 402 | $oids[$key] = $oid; |
@@ -49,15 +49,15 @@ |
||
| 49 | 49 | } |
| 50 | 50 | |
| 51 | 51 | switch ($_GET['token']) { |
| 52 | - case "SELF-REGISTER": |
|
| 53 | - $token = "SELF-REGISTER"; |
|
| 54 | - $checkval = \core\UserManagement::TOKENSTATUS_OK_NEW; |
|
| 55 | - $federation = \config\ConfAssistant::CONSORTIUM['selfservice_registration']; |
|
| 56 | - break; |
|
| 57 | - default: |
|
| 58 | - $tokenUnfiltered = $validator->token(filter_input(INPUT_GET,'token')); |
|
| 59 | - $token = htmlspecialchars(strip_tags($tokenUnfiltered)); |
|
| 60 | - $checkval = $usermgmt->checkTokenValidity($token); |
|
| 52 | + case "SELF-REGISTER": |
|
| 53 | + $token = "SELF-REGISTER"; |
|
| 54 | + $checkval = \core\UserManagement::TOKENSTATUS_OK_NEW; |
|
| 55 | + $federation = \config\ConfAssistant::CONSORTIUM['selfservice_registration']; |
|
| 56 | + break; |
|
| 57 | + default: |
|
| 58 | + $tokenUnfiltered = $validator->token(filter_input(INPUT_GET,'token')); |
|
| 59 | + $token = htmlspecialchars(strip_tags($tokenUnfiltered)); |
|
| 60 | + $checkval = $usermgmt->checkTokenValidity($token); |
|
| 61 | 61 | } |
| 62 | 62 | |
| 63 | 63 | if ($checkval < 0) { |
@@ -30,7 +30,7 @@ discard block |
||
| 30 | 30 | ?> |
| 31 | 31 | <?php |
| 32 | 32 | |
| 33 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 33 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 34 | 34 | |
| 35 | 35 | $auth = new \web\lib\admin\Authentication(); |
| 36 | 36 | $deco = new \web\lib\admin\PageDecoration(); |
@@ -41,11 +41,11 @@ discard block |
||
| 41 | 41 | $auth->authenticate(); |
| 42 | 42 | |
| 43 | 43 | if (!isset($_GET['token'])) { |
| 44 | - $elements->errorPage(_("Error creating new IdP binding!"),_("This page needs to be called with a valid invitation token!")); |
|
| 44 | + $elements->errorPage(_("Error creating new IdP binding!"), _("This page needs to be called with a valid invitation token!")); |
|
| 45 | 45 | } |
| 46 | 46 | |
| 47 | 47 | if (\config\ConfAssistant::CONSORTIUM['selfservice_registration'] === NULL && $_GET['token'] == "SELF-REGISTER") { |
| 48 | - $elements->errorPage(_("Error creating new IdP binding!"),_("You tried to register in self-service, but this deployment does not allow self-service!")); |
|
| 48 | + $elements->errorPage(_("Error creating new IdP binding!"), _("You tried to register in self-service, but this deployment does not allow self-service!")); |
|
| 49 | 49 | } |
| 50 | 50 | |
| 51 | 51 | switch ($_GET['token']) { |
@@ -55,23 +55,23 @@ discard block |
||
| 55 | 55 | $federation = \config\ConfAssistant::CONSORTIUM['selfservice_registration']; |
| 56 | 56 | break; |
| 57 | 57 | default: |
| 58 | - $tokenUnfiltered = $validator->token(filter_input(INPUT_GET,'token')); |
|
| 58 | + $tokenUnfiltered = $validator->token(filter_input(INPUT_GET, 'token')); |
|
| 59 | 59 | $token = htmlspecialchars(strip_tags($tokenUnfiltered)); |
| 60 | 60 | $checkval = $usermgmt->checkTokenValidity($token); |
| 61 | 61 | } |
| 62 | 62 | |
| 63 | 63 | if ($checkval < 0) { |
| 64 | 64 | echo $deco->pageheader(_("Error creating new IdP binding!"), "ADMIN-IDP"); |
| 65 | - echo "<h1>" . _("Error creating new IdP binding!") . "</h1>"; |
|
| 65 | + echo "<h1>"._("Error creating new IdP binding!")."</h1>"; |
|
| 66 | 66 | switch ($checkval) { |
| 67 | 67 | case \core\UserManagement::TOKENSTATUS_FAIL_ALREADYCONSUMED: |
| 68 | - echo "<p>" . sprintf(_("Sorry... this token has already been used. The %s is already created. If you got the invitation from a mailing list, probably someone else used it before you."), $elements->nomenclatureParticipant) . "</p>"; |
|
| 68 | + echo "<p>".sprintf(_("Sorry... this token has already been used. The %s is already created. If you got the invitation from a mailing list, probably someone else used it before you."), $elements->nomenclatureParticipant)."</p>"; |
|
| 69 | 69 | break; |
| 70 | 70 | case \core\UserManagement::TOKENSTATUS_FAIL_EXPIRED: |
| 71 | - echo "<p>" . sprintf(_("Sorry... this token has expired. Invitation tokens are valid for 24 hours. The %s administrator can create a new one for you."), $elements->nomenclatureFed) . "</p>"; |
|
| 71 | + echo "<p>".sprintf(_("Sorry... this token has expired. Invitation tokens are valid for 24 hours. The %s administrator can create a new one for you."), $elements->nomenclatureFed)."</p>"; |
|
| 72 | 72 | break; |
| 73 | 73 | default: |
| 74 | - echo "<p>" . _("Sorry... you have come to the enrollment page without a valid token. Are you a nasty person? If not, you should go to <a href='overview_user.php'>your profile page</a> instead.") . "</p>"; |
|
| 74 | + echo "<p>"._("Sorry... you have come to the enrollment page without a valid token. Are you a nasty person? If not, you should go to <a href='overview_user.php'>your profile page</a> instead.")."</p>"; |
|
| 75 | 75 | } |
| 76 | 76 | echo $deco->footer(); |
| 77 | 77 | throw new Exception("Terminating because something is wrong with the token we received."); |
@@ -86,12 +86,12 @@ discard block |
||
| 86 | 86 | case "SELF-REGISTER": |
| 87 | 87 | $fed = new \core\Federation($federation); |
| 88 | 88 | $newidp = new \core\IdP($fed->newIdP(core\IdP::TYPE_IDPSP, $user, "FED", "SELFSERVICE")); |
| 89 | - $loggerInstance->writeAudit($user, "MOD", "IdP " . $newidp->identifier . " - selfservice registration"); |
|
| 89 | + $loggerInstance->writeAudit($user, "MOD", "IdP ".$newidp->identifier." - selfservice registration"); |
|
| 90 | 90 | break; |
| 91 | 91 | default: |
| 92 | 92 | $newidp = $usermgmt->createIdPFromToken($token, $user); |
| 93 | 93 | $usermgmt->invalidateToken($token); |
| 94 | - $loggerInstance->writeAudit($user, "MOD", "IdP " . $newidp->identifier . " - Token used and invalidated"); |
|
| 94 | + $loggerInstance->writeAudit($user, "MOD", "IdP ".$newidp->identifier." - Token used and invalidated"); |
|
| 95 | 95 | break; |
| 96 | 96 | } |
| 97 | 97 | |
@@ -35,10 +35,10 @@ discard block |
||
| 35 | 35 | public function __construct() |
| 36 | 36 | { |
| 37 | 37 | |
| 38 | - if ( \config\ConfAssistant::eduPKI['testing'] === true ) { |
|
| 39 | - $this->locationRaCert = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 40 | - $this->locationRaKey = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 41 | - $this->locationWebRoot = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 38 | + if (\config\ConfAssistant::eduPKI['testing'] === true) { |
|
| 39 | + $this->locationRaCert = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 40 | + $this->locationRaKey = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 41 | + $this->locationWebRoot = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 42 | 42 | $this->eduPkiRaId = 700; |
| 43 | 43 | $this->eduPkiCertProfileBoth = "Radius Server SOAP"; |
| 44 | 44 | $this->eduPkiCertProfileIdp = "Radius Server SOAP"; |
@@ -47,9 +47,9 @@ discard block |
||
| 47 | 47 | $this->eduPkiEndpointPublic = "https://pki.edupki.org/edupki-test-ca/cgi-bin/pub/soap?wsdl=1"; |
| 48 | 48 | $this->eduPkiEndpointRa = "https://ra.edupki.org/edupki-test-ca/cgi-bin/ra/soap?wsdl=1"; |
| 49 | 49 | } else { |
| 50 | - $this->locationRaCert = ROOT . "/config/SilverbulletClientCerts/edupki-prod-ra.pem"; |
|
| 51 | - $this->locationRaKey = ROOT . "/config/SilverbulletClientCerts/edupki-prod-ra.clearkey"; |
|
| 52 | - $this->locationWebRoot = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 50 | + $this->locationRaCert = ROOT."/config/SilverbulletClientCerts/edupki-prod-ra.pem"; |
|
| 51 | + $this->locationRaKey = ROOT."/config/SilverbulletClientCerts/edupki-prod-ra.clearkey"; |
|
| 52 | + $this->locationWebRoot = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 53 | 53 | $this->eduPkiRaId = 100; |
| 54 | 54 | $this->eduPkiCertProfileBoth = "eduroam IdP and SP"; |
| 55 | 55 | $this->eduPkiCertProfileIdp = "eduroam IdP"; |
@@ -63,13 +63,13 @@ discard block |
||
| 63 | 63 | parent::__construct(); |
| 64 | 64 | |
| 65 | 65 | if (stat($this->locationRaCert) === FALSE) { |
| 66 | - throw new Exception("RA operator PEM file not found: " . $this->locationRaCert); |
|
| 66 | + throw new Exception("RA operator PEM file not found: ".$this->locationRaCert); |
|
| 67 | 67 | } |
| 68 | 68 | if (stat($this->locationRaKey) === FALSE) { |
| 69 | - throw new Exception("RA operator private key file not found: " . $this->locationRaKey); |
|
| 69 | + throw new Exception("RA operator private key file not found: ".$this->locationRaKey); |
|
| 70 | 70 | } |
| 71 | 71 | if (stat($this->locationWebRoot) === FALSE) { |
| 72 | - throw new Exception("CA website root CA file not found: " . $this->locationWebRoot); |
|
| 72 | + throw new Exception("CA website root CA file not found: ".$this->locationWebRoot); |
|
| 73 | 73 | } |
| 74 | 74 | } |
| 75 | 75 | |
@@ -136,22 +136,22 @@ discard block |
||
| 136 | 136 | throw new Exception("Unexpected policies requested."); |
| 137 | 137 | } |
| 138 | 138 | $altArray = [# Array mit den Subject Alternative Names |
| 139 | - "email:" . $csr["USERMAIL"] |
|
| 139 | + "email:".$csr["USERMAIL"] |
|
| 140 | 140 | ]; |
| 141 | 141 | foreach ($csr["ALTNAMES"] as $oneAltName) { |
| 142 | - $altArray[] = "DNS:" . $oneAltName; |
|
| 142 | + $altArray[] = "DNS:".$oneAltName; |
|
| 143 | 143 | } |
| 144 | 144 | $soapPub = $this->initEduPKISoapSession("PUBLIC"); |
| 145 | 145 | $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n"); |
| 146 | - $this->loggerInstance->debug(5, "PARAM_1: " . $this->eduPkiRaId . "\n"); |
|
| 147 | - $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n"); |
|
| 146 | + $this->loggerInstance->debug(5, "PARAM_1: ".$this->eduPkiRaId."\n"); |
|
| 147 | + $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n"); |
|
| 148 | 148 | $this->loggerInstance->debug(5, "PARAM_3: "); |
| 149 | 149 | $this->loggerInstance->debug(5, $altArray); |
| 150 | - $this->loggerInstance->debug(5, "PARAM_4: " . $profile . "\n"); |
|
| 151 | - $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n"); |
|
| 152 | - $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n"); |
|
| 153 | - $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n"); |
|
| 154 | - $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n"); |
|
| 150 | + $this->loggerInstance->debug(5, "PARAM_4: ".$profile."\n"); |
|
| 151 | + $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n"); |
|
| 152 | + $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n"); |
|
| 153 | + $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n"); |
|
| 154 | + $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n"); |
|
| 155 | 155 | $this->loggerInstance->debug(5, "PARAM_9: false\n"); |
| 156 | 156 | $soapNewRequest = $soapPub->newRequest( |
| 157 | 157 | $this->eduPkiRaId, # RA-ID |
@@ -173,11 +173,11 @@ discard block |
||
| 173 | 173 | } catch (Exception $e) { |
| 174 | 174 | // PHP 7.1 can do this much better |
| 175 | 175 | if (is_soap_fault($e)) { |
| 176 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: { |
|
| 176 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: { |
|
| 177 | 177 | $e->faultstring |
| 178 | 178 | }\n"); |
| 179 | 179 | } |
| 180 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 180 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 181 | 181 | } |
| 182 | 182 | try { |
| 183 | 183 | $soap = $this->initEduPKISoapSession("RA"); |
@@ -209,7 +209,7 @@ discard block |
||
| 209 | 209 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 210 | 210 | // rather than just using the string. Grr. |
| 211 | 211 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 212 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext); |
|
| 212 | + file_put_contents($tempdir['dir']."/content.txt", $soapCleartext); |
|
| 213 | 213 | // retrieve our RA cert from filesystem |
| 214 | 214 | // the RA certificates are not needed right now because we |
| 215 | 215 | // have resorted to S/MIME signatures with openssl command-line |
@@ -221,7 +221,7 @@ discard block |
||
| 221 | 221 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 222 | 222 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 223 | 223 | $this->loggerInstance->debug(2, "Actual content to be signed is this:\n $soapCleartext\n"); |
| 224 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . $this->locationRaKey . " -signer " . $this->locationRaCert; |
|
| 224 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".$this->locationRaKey." -signer ".$this->locationRaCert; |
|
| 225 | 225 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 226 | 226 | $output = []; |
| 227 | 227 | $return = 999; |
@@ -230,21 +230,21 @@ discard block |
||
| 230 | 230 | throw new Exception("Non-zero return value from openssl smime!"); |
| 231 | 231 | } |
| 232 | 232 | // and get the signature blob back from the filesystem |
| 233 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 233 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 234 | 234 | $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n"); |
| 235 | - $this->loggerInstance->debug(5, $soapReqnum . "\n"); |
|
| 236 | - $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending! |
|
| 237 | - $this->loggerInstance->debug(5, $detachedSig . "\n"); |
|
| 235 | + $this->loggerInstance->debug(5, $soapReqnum."\n"); |
|
| 236 | + $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending! |
|
| 237 | + $this->loggerInstance->debug(5, $detachedSig."\n"); |
|
| 238 | 238 | $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig); |
| 239 | - $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest()); |
|
| 240 | - $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse()); |
|
| 239 | + $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest()); |
|
| 240 | + $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse()); |
|
| 241 | 241 | if ($soapIssueCert === FALSE) { |
| 242 | 242 | throw new Exception("The locally approved request was NOT processed by the CA."); |
| 243 | 243 | } |
| 244 | 244 | } catch (SoapFault $e) { |
| 245 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 245 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 246 | 246 | } catch (Exception $e) { |
| 247 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 247 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 248 | 248 | } |
| 249 | 249 | return $soapReqnum; |
| 250 | 250 | } |
@@ -296,9 +296,9 @@ discard block |
||
| 296 | 296 | throw new Exception("CAInfo has no root certificate for us!"); |
| 297 | 297 | } |
| 298 | 298 | } catch (SoapFault $e) { |
| 299 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 299 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 300 | 300 | } catch (Exception $e) { |
| 301 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 301 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 302 | 302 | } |
| 303 | 303 | return [ |
| 304 | 304 | "CERT" => openssl_x509_read($parsedCert['pem']), |
@@ -331,12 +331,12 @@ discard block |
||
| 331 | 331 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 332 | 332 | // rather than just using the string. Grr. |
| 333 | 333 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 334 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest); |
|
| 334 | + file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest); |
|
| 335 | 335 | // retrieve our RA cert from filesystem |
| 336 | 336 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 337 | 337 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 338 | 338 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n"); |
| 339 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . $this->locationRaKey . " -signer " . $this->locationRaCert; |
|
| 339 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".$this->locationRaKey." -signer ".$this->locationRaCert; |
|
| 340 | 340 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 341 | 341 | $output = []; |
| 342 | 342 | $return = 999; |
@@ -345,7 +345,7 @@ discard block |
||
| 345 | 345 | throw new Exception("Non-zero return value from openssl smime!"); |
| 346 | 346 | } |
| 347 | 347 | // and get the signature blob back from the filesystem |
| 348 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 348 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 349 | 349 | $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig); |
| 350 | 350 | if ($soapIssueRev === FALSE) { |
| 351 | 351 | throw new Exception("The locally approved revocation request was NOT processed by the CA."); |
@@ -353,9 +353,9 @@ discard block |
||
| 353 | 353 | } catch (Exception $e) { |
| 354 | 354 | // PHP 7.1 can do this much better |
| 355 | 355 | if (is_soap_fault($e)) { |
| 356 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n"); |
|
| 356 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n"); |
|
| 357 | 357 | } |
| 358 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 358 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 359 | 359 | } |
| 360 | 360 | } |
| 361 | 361 | |
@@ -455,9 +455,9 @@ discard block |
||
| 455 | 455 | */ |
| 456 | 456 | public function soapToXmlInteger($x) |
| 457 | 457 | { |
| 458 | - return '<' . $x[0] . '>' |
|
| 458 | + return '<'.$x[0].'>' |
|
| 459 | 459 | . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1) |
| 460 | - . '</' . $x[0] . '>'; |
|
| 460 | + . '</'.$x[0].'>'; |
|
| 461 | 461 | } |
| 462 | 462 | |
| 463 | 463 | /** |
@@ -476,9 +476,9 @@ discard block |
||
| 476 | 476 | // dump private key into directory |
| 477 | 477 | $outstring = ""; |
| 478 | 478 | openssl_pkey_export($privateKey, $outstring); |
| 479 | - file_put_contents($tempdir . "/pkey.pem", $outstring); |
|
| 479 | + file_put_contents($tempdir."/pkey.pem", $outstring); |
|
| 480 | 480 | // PHP can only do one DC in the Subject. But we need three. |
| 481 | - $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 481 | + $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 482 | 482 | $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n"); |
| 483 | 483 | $output = []; |
| 484 | 484 | $return = 999; |
@@ -165,7 +165,7 @@ discard block |
||
| 165 | 165 | } |
| 166 | 166 | } |
| 167 | 167 | |
| 168 | - $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . /** @scrutinizer ignore-type */ print_r($supportedEapTypes, true)); |
|
| 168 | + $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, "./** @scrutinizer ignore-type */ print_r($supportedEapTypes, true)); |
|
| 169 | 169 | $this->loggerInstance->debug(4, /** @scrutinizer ignore-type */ print_r($expectedServerNames, true)); |
| 170 | 170 | $this->loggerInstance->debug(4, /** @scrutinizer ignore-type */ print_r($expectedCABundle, true)); |
| 171 | 171 | |
@@ -252,7 +252,7 @@ discard block |
||
| 252 | 252 | $returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME; |
| 253 | 253 | continue; // otherwise we'd ALSO complain that it's not a real hostname |
| 254 | 254 | } |
| 255 | - if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 255 | + if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 256 | 256 | $returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME; |
| 257 | 257 | } |
| 258 | 258 | } |
@@ -278,7 +278,7 @@ discard block |
||
| 278 | 278 | $probValue = RADIUSTests::CERTPROB_SHA1_SIGNATURE; |
| 279 | 279 | $returnarray[] = $probValue; |
| 280 | 280 | } |
| 281 | - $this->loggerInstance->debug(4, "CERT IS: " . /** @scrutinizer ignore-type */ print_r($intermediateCa, TRUE)); |
|
| 281 | + $this->loggerInstance->debug(4, "CERT IS: "./** @scrutinizer ignore-type */ print_r($intermediateCa, TRUE)); |
|
| 282 | 282 | if ($intermediateCa['basicconstraints_set'] == 0) { |
| 283 | 283 | $returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS; |
| 284 | 284 | } |
@@ -326,7 +326,7 @@ discard block |
||
| 326 | 326 | public function udpReachability($probeindex, $opnameCheck = TRUE, $frag = TRUE) { |
| 327 | 327 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 328 | 328 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 329 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 329 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 330 | 330 | if ($clientcert === FALSE) { |
| 331 | 331 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 332 | 332 | } |
@@ -335,7 +335,7 @@ discard block |
||
| 335 | 335 | if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) { |
| 336 | 336 | return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert); |
| 337 | 337 | } |
| 338 | - return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 338 | + return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 339 | 339 | } |
| 340 | 340 | |
| 341 | 341 | /** |
@@ -356,7 +356,7 @@ discard block |
||
| 356 | 356 | return RADIUSTests::CERTPROB_NO_CDP_HTTP; |
| 357 | 357 | } |
| 358 | 358 | // first and second sub-match is the full URL... check it |
| 359 | - $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2]), \config\Diagnostics::TIMEOUTS['crl_download']); |
|
| 359 | + $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2]), \config\Diagnostics::TIMEOUTS['crl_download']); |
|
| 360 | 360 | if ($crlcontent === FALSE) { |
| 361 | 361 | return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL; |
| 362 | 362 | } |
@@ -371,7 +371,7 @@ discard block |
||
| 371 | 371 | // $pem = chunk_split(base64_encode($crlcontent), 64, "\n"); |
| 372 | 372 | // inspired by https://stackoverflow.com/questions/2390604/how-to-pass-variables-as-stdin-into-command-line-from-php |
| 373 | 373 | |
| 374 | - $proc = \config\Master::PATHS['openssl'] . " crl -inform der"; |
|
| 374 | + $proc = \config\Master::PATHS['openssl']." crl -inform der"; |
|
| 375 | 375 | $descriptorspec = [ |
| 376 | 376 | 0 => ["pipe", "r"], |
| 377 | 377 | 1 => ["pipe", "w"], |
@@ -409,7 +409,7 @@ discard block |
||
| 409 | 409 | $origLength = strlen($hex); |
| 410 | 410 | for ($i = 1; $i < $origLength; $i++) { |
| 411 | 411 | if ($i % 2 == 1 && $i != strlen($hex)) { |
| 412 | - $spaced .= $hex[$i] . " "; |
|
| 412 | + $spaced .= $hex[$i]." "; |
|
| 413 | 413 | } else { |
| 414 | 414 | $spaced .= $hex[$i]; |
| 415 | 415 | } |
@@ -534,19 +534,19 @@ discard block |
||
| 534 | 534 | $eapText = \core\common\EAP::eapDisplayName($eaptype); |
| 535 | 535 | $config = ' |
| 536 | 536 | network={ |
| 537 | - ssid="' . \config\Master::APPEARANCE['productname'] . ' testing" |
|
| 537 | + ssid="' . \config\Master::APPEARANCE['productname'].' testing" |
|
| 538 | 538 | key_mgmt=WPA-EAP |
| 539 | 539 | proto=WPA2 |
| 540 | 540 | pairwise=CCMP |
| 541 | 541 | group=CCMP |
| 542 | 542 | '; |
| 543 | 543 | // phase 1 |
| 544 | - $config .= 'eap=' . $eapText['OUTER'] . "\n"; |
|
| 544 | + $config .= 'eap='.$eapText['OUTER']."\n"; |
|
| 545 | 545 | $logConfig = $config; |
| 546 | 546 | // phase 2 if applicable; all inner methods have passwords |
| 547 | 547 | if (isset($eapText['INNER']) && $eapText['INNER'] != "") { |
| 548 | - $config .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 549 | - $logConfig .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 548 | + $config .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 549 | + $logConfig .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 550 | 550 | } |
| 551 | 551 | // all methods set a password, except EAP-TLS |
| 552 | 552 | if ($eaptype != \core\common\EAP::EAPTYPE_TLS) { |
@@ -562,11 +562,11 @@ discard block |
||
| 562 | 562 | } |
| 563 | 563 | |
| 564 | 564 | // inner identity |
| 565 | - $config .= ' identity="' . $inner . "\"\n"; |
|
| 566 | - $logConfig .= ' identity="' . $inner . "\"\n"; |
|
| 565 | + $config .= ' identity="'.$inner."\"\n"; |
|
| 566 | + $logConfig .= ' identity="'.$inner."\"\n"; |
|
| 567 | 567 | // outer identity, may be equal |
| 568 | - $config .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 569 | - $logConfig .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 568 | + $config .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 569 | + $logConfig .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 570 | 570 | // done |
| 571 | 571 | $config .= "}"; |
| 572 | 572 | $logConfig .= "}"; |
@@ -627,13 +627,13 @@ discard block |
||
| 627 | 627 | * @return string the command-line for eapol_test |
| 628 | 628 | */ |
| 629 | 629 | private function eapolTestConfig($probeindex, $opName, $frag) { |
| 630 | - $cmdline = \config\Diagnostics::PATHS['eapol_test'] . |
|
| 631 | - " -a " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip'] . |
|
| 632 | - " -s " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret'] . |
|
| 633 | - " -o serverchain.pem" . |
|
| 634 | - " -c ./udp_login_test.conf" . |
|
| 635 | - " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " . |
|
| 636 | - " -t " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout'] . " "; |
|
| 630 | + $cmdline = \config\Diagnostics::PATHS['eapol_test']. |
|
| 631 | + " -a ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip']. |
|
| 632 | + " -s ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret']. |
|
| 633 | + " -o serverchain.pem". |
|
| 634 | + " -c ./udp_login_test.conf". |
|
| 635 | + " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ". |
|
| 636 | + " -t ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout']." "; |
|
| 637 | 637 | if ($opName) { |
| 638 | 638 | $cmdline .= '-N126:s:"1cat.eduroam.org" '; |
| 639 | 639 | } |
@@ -662,10 +662,10 @@ discard block |
||
| 662 | 662 | * @throws Exception |
| 663 | 663 | */ |
| 664 | 664 | private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs) { |
| 665 | - if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) { |
|
| 665 | + if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) { |
|
| 666 | 666 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n"); |
| 667 | 667 | } |
| 668 | - if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) { |
|
| 668 | + if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) { |
|
| 669 | 669 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n"); |
| 670 | 670 | } |
| 671 | 671 | // make a copy of the EAP-received chain and add the configured intermediates, if any |
@@ -679,15 +679,15 @@ discard block |
||
| 679 | 679 | } |
| 680 | 680 | if ($decoded['ca'] == 1) { |
| 681 | 681 | if ($decoded['root'] == 1) { // save CAT roots to the root directory |
| 682 | - file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 683 | - file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 682 | + file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 683 | + file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 684 | 684 | $catRoots[] = $decoded['pem']; |
| 685 | 685 | } else { // save the intermediates to allcerts directory |
| 686 | - file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']); |
|
| 686 | + file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']); |
|
| 687 | 687 | $intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded)); |
| 688 | 688 | if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) { |
| 689 | 689 | $this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 690 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]); |
|
| 690 | + file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]); |
|
| 691 | 691 | } |
| 692 | 692 | $catIntermediates[] = $decoded['pem']; |
| 693 | 693 | } |
@@ -696,26 +696,26 @@ discard block |
||
| 696 | 696 | // save all intermediate certificates and CRLs to separate files in |
| 697 | 697 | // both root-ca directories |
| 698 | 698 | foreach ($eapIntermediates as $index => $onePem) { |
| 699 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 700 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 699 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 700 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 701 | 701 | } |
| 702 | 702 | foreach ($eapIntermediateCRLs as $index => $onePem) { |
| 703 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 704 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 703 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 704 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 705 | 705 | } |
| 706 | 706 | |
| 707 | 707 | $checkstring = ""; |
| 708 | 708 | if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) { |
| 709 | 709 | $this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 710 | 710 | $checkstring = "-crl_check_all"; |
| 711 | - file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 712 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 711 | + file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 712 | + file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 713 | 713 | } |
| 714 | 714 | |
| 715 | 715 | |
| 716 | 716 | // now c_rehash the root CA directory ... |
| 717 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 718 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 717 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 718 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 719 | 719 | return $checkstring; |
| 720 | 720 | } |
| 721 | 721 | |
@@ -746,14 +746,14 @@ discard block |
||
| 746 | 746 | // so test if there's something PEMy in the file at all |
| 747 | 747 | // serverchain.pem is the output from eapol_test; incomingserver.pem is written by extractIncomingCertsfromEAP() if there was at least one server cert. |
| 748 | 748 | if (filesize("$tmpDir/serverchain.pem") > 10 && filesize("$tmpDir/incomingserver.pem") > 10) { |
| 749 | - $cmdString = \config\Master::PATHS['openssl'] . " verify $crlCheckString -no-CAstore -no-CApath -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem 2>&1"; |
|
| 749 | + $cmdString = \config\Master::PATHS['openssl']." verify $crlCheckString -no-CAstore -no-CApath -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem 2>&1"; |
|
| 750 | 750 | exec($cmdString, $verifyResultEaponly); |
| 751 | 751 | $this->loggerInstance->debug(4, $cmdString."\n"); |
| 752 | - $this->loggerInstance->debug(4, "Chain verify pass 1: " . /** @scrutinizer ignore-type */ print_r($verifyResultEaponly, TRUE) . "\n"); |
|
| 753 | - $cmdString = \config\Master::PATHS['openssl'] . " verify $crlCheckString -no-CAstore -no-CApath -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem 2>&1"; |
|
| 752 | + $this->loggerInstance->debug(4, "Chain verify pass 1: "./** @scrutinizer ignore-type */ print_r($verifyResultEaponly, TRUE)."\n"); |
|
| 753 | + $cmdString = \config\Master::PATHS['openssl']." verify $crlCheckString -no-CAstore -no-CApath -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem 2>&1"; |
|
| 754 | 754 | exec($cmdString, $verifyResultAllcerts); |
| 755 | 755 | $this->loggerInstance->debug(4, $cmdString."\n"); |
| 756 | - $this->loggerInstance->debug(4, "Chain verify pass 2: " . /** @scrutinizer ignore-type */ print_r($verifyResultAllcerts, TRUE) . "\n"); |
|
| 756 | + $this->loggerInstance->debug(4, "Chain verify pass 2: "./** @scrutinizer ignore-type */ print_r($verifyResultAllcerts, TRUE)."\n"); |
|
| 757 | 757 | } |
| 758 | 758 | |
| 759 | 759 | // now we do certificate verification against the collected parents |
@@ -821,7 +821,7 @@ discard block |
||
| 821 | 821 | // we are UNHAPPY if no names match! |
| 822 | 822 | $happiness = "UNHAPPY"; |
| 823 | 823 | foreach ($this->expectedServerNames as $expectedName) { |
| 824 | - $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . /** @scrutinizer ignore-type */ print_r($servercert['CN'], TRUE) . /** @scrutinizer ignore-type */ print_r($servercert['sAN_DNS'], TRUE)); |
|
| 824 | + $this->loggerInstance->debug(4, "Managing expectations for $expectedName: "./** @scrutinizer ignore-type */ print_r($servercert['CN'], TRUE)./** @scrutinizer ignore-type */ print_r($servercert['sAN_DNS'], TRUE)); |
|
| 825 | 825 | if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) { |
| 826 | 826 | $this->loggerInstance->debug(4, "Totally happy!"); |
| 827 | 827 | $happiness = "TOTALLY"; |
@@ -865,11 +865,11 @@ discard block |
||
| 865 | 865 | $theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password); |
| 866 | 866 | // the config intentionally does not include CA checking. We do this |
| 867 | 867 | // ourselves after getting the chain with -o. |
| 868 | - file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]); |
|
| 868 | + file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]); |
|
| 869 | 869 | |
| 870 | 870 | $cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag); |
| 871 | 871 | $this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n"); |
| 872 | - $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n"); |
|
| 872 | + $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n"); |
|
| 873 | 873 | $time_start = microtime(true); |
| 874 | 874 | $pflow = []; |
| 875 | 875 | exec($cmdline, $pflow); |
@@ -878,7 +878,7 @@ discard block |
||
| 878 | 878 | } |
| 879 | 879 | $time_stop = microtime(true); |
| 880 | 880 | $output = print_r($this->redact($password, $pflow), TRUE); |
| 881 | - file_put_contents($tmpDir . "/eapol_test_output_redacted_$probeindex.txt", $output); |
|
| 881 | + file_put_contents($tmpDir."/eapol_test_output_redacted_$probeindex.txt", $output); |
|
| 882 | 882 | $this->loggerInstance->debug(5, "eapol_test output saved to eapol_test_output_redacted_$probeindex.txt\n"); |
| 883 | 883 | return [ |
| 884 | 884 | "time" => ($time_stop - $time_start) * 1000, |
@@ -913,7 +913,7 @@ discard block |
||
| 913 | 913 | if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) { |
| 914 | 914 | array_pop($packetflow); |
| 915 | 915 | } |
| 916 | - $this->loggerInstance->debug(5, "Packetflow: " . /** @scrutinizer ignore-type */ print_r($packetflow, TRUE)); |
|
| 916 | + $this->loggerInstance->debug(5, "Packetflow: "./** @scrutinizer ignore-type */ print_r($packetflow, TRUE)); |
|
| 917 | 917 | $packetcount = array_count_values($packetflow); |
| 918 | 918 | $testresults['packetcount'] = $packetcount; |
| 919 | 919 | $testresults['packetflow'] = $packetflow; |
@@ -953,7 +953,7 @@ discard block |
||
| 953 | 953 | */ |
| 954 | 954 | private function wasModernTlsNegotiated(&$testresults, $packetflow_orig) { |
| 955 | 955 | $negotiatedTlsVersion = $this->checkLineparse($packetflow_orig, self::LINEPARSE_TLSVERSION); |
| 956 | - $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion" . "\n"); |
|
| 956 | + $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion"."\n"); |
|
| 957 | 957 | if ($negotiatedTlsVersion === FALSE) { |
| 958 | 958 | $testresults['cert_oddities'][] = RADIUSTests::TLSPROB_UNKNOWN_TLS_VERSION; |
| 959 | 959 | } elseif ($negotiatedTlsVersion != self::TLS_VERSION_1_2 && $negotiatedTlsVersion != self::TLS_VERSION_1_3) { |
@@ -1010,7 +1010,7 @@ discard block |
||
| 1010 | 1010 | |
| 1011 | 1011 | $x509 = new \core\common\X509(); |
| 1012 | 1012 | // $eap_certarray holds all certs received in EAP conversation |
| 1013 | - $incomingData = file_get_contents($tmpDir . "/serverchain.pem"); |
|
| 1013 | + $incomingData = file_get_contents($tmpDir."/serverchain.pem"); |
|
| 1014 | 1014 | if ($incomingData !== FALSE && strlen($incomingData) > 0) { |
| 1015 | 1015 | $eapCertArray = $x509->splitCertificate($incomingData); |
| 1016 | 1016 | } else { |
@@ -1040,10 +1040,10 @@ discard block |
||
| 1040 | 1040 | case RADIUSTests::SERVER_CA_SELFSIGNED: |
| 1041 | 1041 | $servercert[] = $cert; |
| 1042 | 1042 | if (count($servercert) == 1) { |
| 1043 | - if (file_put_contents($tmpDir . "/incomingserver.pem", $cert['pem'] . "\n") === FALSE) { |
|
| 1043 | + if (file_put_contents($tmpDir."/incomingserver.pem", $cert['pem']."\n") === FALSE) { |
|
| 1044 | 1044 | $this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n"); |
| 1045 | 1045 | } |
| 1046 | - $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . /** @scrutinizer ignore-type */ print_r($servercert[0], true)); |
|
| 1046 | + $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: "./** @scrutinizer ignore-type */ print_r($servercert[0], true)); |
|
| 1047 | 1047 | } elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) { |
| 1048 | 1048 | $testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS; |
| 1049 | 1049 | } |
@@ -1113,7 +1113,7 @@ discard block |
||
| 1113 | 1113 | public function autodetectCAWithProbe($outerId) { |
| 1114 | 1114 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 1115 | 1115 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 1116 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 1116 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 1117 | 1117 | if ($clientcert === FALSE) { |
| 1118 | 1118 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 1119 | 1119 | } |
@@ -1128,7 +1128,7 @@ discard block |
||
| 1128 | 1128 | $tmpDir = $temporary['dir']; |
| 1129 | 1129 | chdir($tmpDir); |
| 1130 | 1130 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1131 | - file_put_contents($tmpDir . "/client.p12", $clientcert); |
|
| 1131 | + file_put_contents($tmpDir."/client.p12", $clientcert); |
|
| 1132 | 1132 | $testresults = ['cert_oddities' => []]; |
| 1133 | 1133 | $runtime_results = $this->executeEapolTest($tmpDir, $probeindex, \core\common\EAP::EAPTYPE_ANY, $outerId, $outerId, "eaplab", FALSE, FALSE); |
| 1134 | 1134 | $packetflow_orig = $runtime_results['output']; |
@@ -1144,8 +1144,7 @@ discard block |
||
| 1144 | 1144 | // that's not the case if we do EAP-pwd or could not negotiate an EAP method at |
| 1145 | 1145 | // all |
| 1146 | 1146 | // in that case: no server CA guess possible |
| 1147 | - if (! |
|
| 1148 | - ($radiusResult == RADIUSTests::RETVAL_CONVERSATION_REJECT && $negotiatedEapType) || $radiusResult == RADIUSTests::RETVAL_OK |
|
| 1147 | + if (!($radiusResult == RADIUSTests::RETVAL_CONVERSATION_REJECT && $negotiatedEapType) || $radiusResult == RADIUSTests::RETVAL_OK |
|
| 1149 | 1148 | ) { |
| 1150 | 1149 | return RADIUSTests::RETVAL_INVALID; |
| 1151 | 1150 | } |
@@ -1185,7 +1184,7 @@ discard block |
||
| 1185 | 1184 | // trust, and custom ones we may have configured |
| 1186 | 1185 | $ourRoots = file_get_contents(\config\ConfAssistant::PATHS['trust-store-custom']); |
| 1187 | 1186 | $mozillaRoots = file_get_contents(\config\ConfAssistant::PATHS['trust-store-mozilla']); |
| 1188 | - $allRoots = $x509->splitCertificate($ourRoots . "\n" . $mozillaRoots); |
|
| 1187 | + $allRoots = $x509->splitCertificate($ourRoots."\n".$mozillaRoots); |
|
| 1189 | 1188 | foreach ($allRoots as $oneRoot) { |
| 1190 | 1189 | $processedRoot = $x509->processCertificate($oneRoot); |
| 1191 | 1190 | if ($processedRoot['full_details']['subject'] == $currentHighestKnownIssuer) { |
@@ -1229,7 +1228,7 @@ discard block |
||
| 1229 | 1228 | chdir($tmpDir); |
| 1230 | 1229 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1231 | 1230 | if ($clientcertdata !== NULL) { |
| 1232 | - file_put_contents($tmpDir . "/client.p12", $clientcertdata); |
|
| 1231 | + file_put_contents($tmpDir."/client.p12", $clientcertdata); |
|
| 1233 | 1232 | } |
| 1234 | 1233 | $testresults = []; |
| 1235 | 1234 | // initialise the sub-array for cleaner parsing |
@@ -1334,7 +1333,7 @@ discard block |
||
| 1334 | 1333 | 'issuer' => $this->printDN($certdata['issuer']), |
| 1335 | 1334 | 'validFrom' => $this->printTm($certdata['validFrom_time_t']), |
| 1336 | 1335 | 'validTo' => $this->printTm($certdata['validTo_time_t']), |
| 1337 | - 'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1336 | + 'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1338 | 1337 | 'sha1' => $certdata['sha1'], |
| 1339 | 1338 | 'public_key_length' => $certdata['public_key_length'], |
| 1340 | 1339 | 'extensions' => $certdata['extensions'] |
