GEANT / CAT

web/admin/edit_profile_result.php

Spacing +27 added lines, -27 removed lines

@@ -19,7 +19,7 @@ 
  *          <base_url>/copyright.php after deploying the software
  */
 
-require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php";
 
 $auth = new \web\lib\admin\Authentication();
 $deco = new \web\lib\admin\PageDecoration();
@@ -43,7 +43,7 @@ 
         }
         $profileToBeDel = $validator->existingProfile($_GET['profile_id'], $my_inst->identifier);
         $profileToBeDel->destroy();
-        $loggerInstance->writeAudit($_SESSION['user'], "DEL", "Profile " . $profileToBeDel->identifier);
+        $loggerInstance->writeAudit($_SESSION['user'], "DEL", "Profile ".$profileToBeDel->identifier);
         header("Location: overview_org.php?inst_id=$my_inst->identifier");
         exit;
     case web\lib\common\FormElements::BUTTON_SAVE:
@@ -52,7 +52,7 @@ 
             echo $deco->pageheader(sprintf(_("%s: Edit Profile - Result"), \config\Master::APPEARANCE['productname']), "ADMIN-IDP");
         } else {
             $profile = $my_inst->newProfile(core\AbstractProfile::PROFILETYPE_RADIUS);
-            $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $my_inst->identifier . " - Profile created");
+            $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP ".$my_inst->identifier." - Profile created");
             echo $deco->pageheader(sprintf(_("%s: Profile wizard (step 3 completed)"), \config\Master::APPEARANCE['productname']), "ADMIN-IDP");
         }
         if (!$profile instanceof \core\ProfileRADIUS) {
@@ -121,7 +121,7 @@ 
             $uiElements = new web\lib\admin\UIElements();
             // set realm info, if submitted
             if ($realm !== FALSE) {
-                $profile->setRealm($anonLocal . "@" . $realm);
+                $profile->setRealm($anonLocal."@".$realm);
                 echo $uiElements->boxOkay(sprintf(_("Realm: <strong>%s</strong>"), $realm));
             } else {
                 $profile->setRealm("");
@@ -147,7 +147,7 @@ 
                     echo $uiElements->boxError(_("Realm check username cannot be configured: realm is missing!"));
                 } else {
                     $profile->setRealmcheckUser(true, $checkuser_name);
-                    echo $uiElements->boxOkay(sprintf(_("Special username for realm check is <strong>%s</strong>, the value is <strong>%s</strong>"), _("ON"), $checkuser_name . "@" . $realm));
+                    echo $uiElements->boxOkay(sprintf(_("Special username for realm check is <strong>%s</strong>, the value is <strong>%s</strong>"), _("ON"), $checkuser_name."@".$realm));
                 }
             } else {
                 $profile->setRealmCheckUser(false);
@@ -159,12 +159,12 @@ 
                 $extratext = "";
                 if (!empty($realm)) {
                     if ($hint !== FALSE) {
-                        $extratext = " " . sprintf(_("The realm portion MUST be exactly '...@%s'."), $realm);
+                        $extratext = " ".sprintf(_("The realm portion MUST be exactly '...@%s'."), $realm);
                     } else {
-                        $extratext = " " . sprintf(_("The realm portion MUST end with '%s' but sub-realms of it are allowed (i.e. 'user@%s' and 'user@<...>.%s' are both acceptable)."), $realm, $realm, $realm);
+                        $extratext = " ".sprintf(_("The realm portion MUST end with '%s' but sub-realms of it are allowed (i.e. 'user@%s' and 'user@<...>.%s' are both acceptable)."), $realm, $realm, $realm);
                     }
                 }
-                echo $uiElements->boxOkay(_("Where possible, supplicants will verify that username inputs contain a syntactically correct realm.") . $extratext);
+                echo $uiElements->boxOkay(_("Where possible, supplicants will verify that username inputs contain a syntactically correct realm.").$extratext);
             } else {
                 $profile->setInputVerificationPreference(false, false);
             }
@@ -196,30 +196,30 @@ 
                 echo $uiElements->boxOkay(_("Redirection is <strong>OFF</strong>"));
             }
 
-            $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $profile->identifier . " - attributes changed");
+            $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile ".$profile->identifier." - attributes changed");
             // reload the profile to ingest new CA and server names if any; before checking EAP completeness
             $reloadedProfileNr1 = \core\ProfileFactory::instantiate($profile->identifier);
             foreach (\core\common\EAP::listKnownEAPTypes() as $a) {
                 if ($a->getIntegerRep() == \core\common\EAP::INTEGER_SILVERBULLET) { // do not allow adding silverbullet via the backdoor
                     continue;
                 }
-                if (isset($_POST[$a->getPrintableRep()]) && isset($_POST[$a->getPrintableRep() . "-priority"]) && is_numeric($_POST[$a->getPrintableRep() . "-priority"])) {
-                    $priority = (int) $_POST[$a->getPrintableRep() . "-priority"];
+                if (isset($_POST[$a->getPrintableRep()]) && isset($_POST[$a->getPrintableRep()."-priority"]) && is_numeric($_POST[$a->getPrintableRep()."-priority"])) {
+                    $priority = (int) $_POST[$a->getPrintableRep()."-priority"];
                     // add EAP type to profile as requested, but ...
                     $reloadedProfileNr1->addSupportedEapMethod($a, $priority);
-                    $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $reloadedProfileNr1->identifier . " - supported EAP types changed");
+                    $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile ".$reloadedProfileNr1->identifier." - supported EAP types changed");
                     // see if we can enable the EAP type, or if info is missing
                     $eapcompleteness = $reloadedProfileNr1->isEapTypeDefinitionComplete($a);
                     if ($eapcompleteness === true) {
-                        echo $uiElements->boxOkay(_("Supported EAP Type: ") . "<strong>" . $a->getPrintableRep() . "</strong>");
+                        echo $uiElements->boxOkay(_("Supported EAP Type: ")."<strong>".$a->getPrintableRep()."</strong>");
                     } else {
                         $warntext = "";
                         if (is_array($eapcompleteness)) {
                             foreach ($eapcompleteness as $item) {
-                                $warntext .= "<strong>" . $uiElements->displayName($item) . "</strong> ";
+                                $warntext .= "<strong>".$uiElements->displayName($item)."</strong> ";
                             }
                         }
-                        echo $uiElements->boxWarning(sprintf(_("Supported EAP Type: <strong>%s</strong> is missing required information %s !"), $a->getPrintableRep(), $warntext) . "<br/>" . _("The EAP type was added to the profile, but you need to complete the missing information before we can produce installers for you."));
+                        echo $uiElements->boxWarning(sprintf(_("Supported EAP Type: <strong>%s</strong> is missing required information %s !"), $a->getPrintableRep(), $warntext)."<br/>"._("The EAP type was added to the profile, but you need to complete the missing information before we can produce installers for you."));
                     }
                 }
             }
@@ -230,23 +230,23 @@ 
             if (count($significantChanges) > 0) {
                 $myInstOriginal = new \core\IdP($profile->institution);
                 // send a notification/alert mail to someone we know is in charge
-                $text = _("To whom it may concern,") . "\n\n";
+                $text = _("To whom it may concern,")."\n\n";
                 /// were made to the *Identity Provider* *LU* / integer number of IdP / (previously known as) Name
-                $text .= sprintf(_("significant changes were made to a RADIUS deployment profile of the %s %s / %s / '%s'."), $ui->nomenclatureInst, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name) . "\n\n";
+                $text .= sprintf(_("significant changes were made to a RADIUS deployment profile of the %s %s / %s / '%s'."), $ui->nomenclatureInst, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name)."\n\n";
                 if (isset($significantChanges[\core\AbstractProfile::CA_CLASH_ADDED])) {
-                    $text .= _("WARNING! A new trusted root CA was added, and it has the exact same name as a previously existing root CA. This may (but does not necessarily) mean that this is an attempt to insert an unauthorised trust root by disguising as the genuine one. The details are below:") . "\n\n";
-                    $text .= $significantChanges[\core\AbstractProfile::CA_CLASH_ADDED] . "\n\n";
+                    $text .= _("WARNING! A new trusted root CA was added, and it has the exact same name as a previously existing root CA. This may (but does not necessarily) mean that this is an attempt to insert an unauthorised trust root by disguising as the genuine one. The details are below:")."\n\n";
+                    $text .= $significantChanges[\core\AbstractProfile::CA_CLASH_ADDED]."\n\n";
                 }
                 if (isset($significantChanges[\core\AbstractProfile::CA_ADDED])) {
-                    $text .= _("A new trusted root CA was added. The details are below:") . "\n\n";
-                    $text .= $significantChanges[\core\AbstractProfile::CA_ADDED] . "\n\n";
+                    $text .= _("A new trusted root CA was added. The details are below:")."\n\n";
+                    $text .= $significantChanges[\core\AbstractProfile::CA_ADDED]."\n\n";
                 }
                 if (isset($significantChanges[\core\AbstractProfile::SERVERNAME_ADDED])) {
-                    $text .= _("A new acceptable server name for the authentication server was added. The details are below:") . "\n\n";
-                    $text .= $significantChanges[\core\AbstractProfile::SERVERNAME_ADDED] . "\n\n";
+                    $text .= _("A new acceptable server name for the authentication server was added. The details are below:")."\n\n";
+                    $text .= $significantChanges[\core\AbstractProfile::SERVERNAME_ADDED]."\n\n";
                 }
-                $text .= _("This mail is merely a cross-check because these changes can be security-relevant. If the change was expected, you do not need to take any action.") . "\n\n";
-                $text .= _("Greetings, ") . "\n\n" . \config\Master::APPEARANCE['productname_long'];
+                $text .= _("This mail is merely a cross-check because these changes can be security-relevant. If the change was expected, you do not need to take any action.")."\n\n";
+                $text .= _("Greetings, ")."\n\n".\config\Master::APPEARANCE['productname_long'];
                 // (currently, send hard-wired to NRO - future: for linked insts, check eduroam DBv2 and send to registered admins directly)
                 $fed = new core\Federation($myInstOriginal->federation);
                 foreach ($fed->listFederationAdmins() as $id) {
@@ -309,7 +309,7 @@ 
                             $connectionTests = new core\diag\RFC6614Tests(array_values($listOfIPs), $oneHost, "openroaming");
                             // for now (no OpenRoaming client certs available) only run single test on hostname for server-side checks
                             $connectionResult = $connectionTests->cApathCheck($oneHost);
-                            if ($connectionResult != core\diag\AbstractTest::RETVAL_OK || ( isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) {
+                            if ($connectionResult != core\diag\AbstractTest::RETVAL_OK || (isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) {
                                 $allHostsOkay = FALSE;
                             } else {
                                 $oneHostOkay = TRUE;
@@ -343,7 +343,7 @@ 
         <?php
         if (count($reloadedProfileNr2->getEapMethodsinOrderOfPreference(1)) > 0) {
             echo "<form method='post' action='overview_installers.php?inst_id=$my_inst->identifier&profile_id=$reloadedProfileNr2->identifier' accept-charset='UTF-8'>
-        <button type='submit'>" . _("Continue to Installer Fine-Tuning and Download") . "</button>
+        <button type='submit'>"._("Continue to Installer Fine-Tuning and Download")."</button>
     </form>";
         }
         echo $deco->footer();

core/diag/RFC6614Tests.php

Spacing +8 added lines, -8 removed lines

@@ -166,27 +166,27 @@ 
     {
         // it could match CN or sAN:DNS, we don't care which
         if (isset($this->TLS_CA_checks_result[$host]['certdata']['subject'])) {
-            $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . " against Subject: ");
+            $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName." against Subject: ");
             $this->loggerInstance->debug(4, $this->TLS_CA_checks_result[$host]['certdata']['subject']);
             // we are checking against accidental misconfig, not attacks, so loosely checking against end of string is appropriate
-            if (preg_match("/CN=" . $this->expectedName . "/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) {
+            if (preg_match("/CN=".$this->expectedName."/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) {
                 return TRUE;
             }
         }
         if (isset($this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname'])) {
-            $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . " against sANs: ");
+            $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName." against sANs: ");
             $this->loggerInstance->debug(4, $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']);
             $testNames = $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname'];
             if (!is_array($testNames)) {
                 $testNames = [$testNames];
             }
             foreach ($testNames as $oneName) {
-                if (preg_match("/" . $this->expectedName . "/", $oneName) === 1) {
+                if (preg_match("/".$this->expectedName."/", $oneName) === 1) {
                     return TRUE;
                 }
             }
         }
-        $this->loggerInstance->debug(3, "Tried to check expected server name " . $this->expectedName . " but neither CN nor sANs matched.");
+        $this->loggerInstance->debug(3, "Tried to check expected server name ".$this->expectedName." but neither CN nor sANs matched.");
 
         $this->TLS_CA_checks_result[$host]['cert_oddity'] = RADIUSTests::CERTPROB_DYN_SERVER_NAME_MISMATCH;
         return FALSE;
@@ -216,7 +216,7 @@ 
                 $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['status'] = $cert['status'];
                 $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['message'] = $this->TLS_certkeys[$cert['status']];
                 $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['expected'] = $cert['expected'];
-                $add = ' -cert ' . ROOT . '/config/cli-certs/' . $cert['public'] . ' -key ' . ROOT . '/config/cli-certs/' . $cert['private'];
+                $add = ' -cert '.ROOT.'/config/cli-certs/'.$cert['public'].' -key '.ROOT.'/config/cli-certs/'.$cert['private'];
                 if (!isset($this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k])) {
                     $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k] = [];
                 }
@@ -261,11 +261,11 @@ 
 // but code analysers want this more explicit, so here is this extra
 // call to escapeshellarg()
         $escapedHost = escapeshellarg($host);
-        $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -tls1 -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1\n");
+        $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -tls1 -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1\n");
         $time_start = microtime(true);
         $opensslbabble = [];
         $result = 999; // likely to become zero by openssl; don't want to initialise to zero, could cover up exec failures
-        exec(\config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -no_ssl3 -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result);
+        exec(\config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -no_ssl3 -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result);
         $time_stop = microtime(true);
         $testresults['time_millisec'] = floor(($time_stop - $time_start) * 1000);
         $testresults['returncode'] = $result;