GEANT /
CAT
@@ -168,27 +168,27 @@ discard block |
||
| 168 | 168 | { |
| 169 | 169 | // it could match CN or sAN:DNS, we don't care which |
| 170 | 170 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['subject'])) { |
| 171 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . |
|
| 172 | - " against Subject: " . $this->TLS_CA_checks_result[$host]['certdata']['subject']); |
|
| 171 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName. |
|
| 172 | + " against Subject: ".$this->TLS_CA_checks_result[$host]['certdata']['subject']); |
|
| 173 | 173 | // we are checking against accidental misconfig, not attacks, so loosely checking against end of string is appropriate |
| 174 | - if (preg_match("/CN=" . $this->expectedName . "/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 174 | + if (preg_match("/CN=".$this->expectedName."/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 175 | 175 | return TRUE; |
| 176 | 176 | } |
| 177 | 177 | } |
| 178 | 178 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname'])) { |
| 179 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . " against sANs: "); |
|
| 179 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName." against sANs: "); |
|
| 180 | 180 | $this->loggerInstance->debug(4, $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']); |
| 181 | 181 | $testNames = $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']; |
| 182 | 182 | if (!is_array($testNames)) { |
| 183 | 183 | $testNames = [$testNames]; |
| 184 | 184 | } |
| 185 | 185 | foreach ($testNames as $oneName) { |
| 186 | - if (preg_match("/" . $this->expectedName . "/", $oneName) === 1) { |
|
| 186 | + if (preg_match("/".$this->expectedName."/", $oneName) === 1) { |
|
| 187 | 187 | return TRUE; |
| 188 | 188 | } |
| 189 | 189 | } |
| 190 | 190 | } |
| 191 | - $this->loggerInstance->debug(3, "Tried to check expected server name " . $this->expectedName . " but neither CN nor sANs matched."); |
|
| 191 | + $this->loggerInstance->debug(3, "Tried to check expected server name ".$this->expectedName." but neither CN nor sANs matched."); |
|
| 192 | 192 | |
| 193 | 193 | $this->TLS_CA_checks_result[$host]['cert_oddity'] = RADIUSTests::CERTPROB_DYN_SERVER_NAME_MISMATCH; |
| 194 | 194 | return FALSE; |
@@ -218,9 +218,9 @@ discard block |
||
| 218 | 218 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['status'] = $cert['status']; |
| 219 | 219 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['message'] = $this->TLS_certkeys[$cert['status']]; |
| 220 | 220 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['expected'] = $cert['expected']; |
| 221 | - $add = ' -cert ' . ROOT . '/config/cli-certs/' . $cert['public'] . ' -key ' . ROOT . '/config/cli-certs/' . $cert['private']; |
|
| 222 | - if (!file_exists(ROOT . '/config/cli-certs/' . $cert['public']) ||!file_exists(ROOT . |
|
| 223 | - '/config/cli-certs/' . $cert['private'])) { |
|
| 221 | + $add = ' -cert '.ROOT.'/config/cli-certs/'.$cert['public'].' -key '.ROOT.'/config/cli-certs/'.$cert['private']; |
|
| 222 | + if (!file_exists(ROOT.'/config/cli-certs/'.$cert['public']) || !file_exists(ROOT. |
|
| 223 | + '/config/cli-certs/'.$cert['private'])) { |
|
| 224 | 224 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['finalerror'] = 2; |
| 225 | 225 | continue; |
| 226 | 226 | } |
@@ -228,7 +228,7 @@ discard block |
||
| 228 | 228 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k] = []; |
| 229 | 229 | } |
| 230 | 230 | // tls1_3 connections have a problem in strdout/stderr buffering |
| 231 | - $add .= ' ' . "-no_ssl3 -no_tls1_3"; |
|
| 231 | + $add .= ' '."-no_ssl3 -no_tls1_3"; |
|
| 232 | 232 | $opensslbabble = $this->execOpensslClient($host, $add, $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]); |
| 233 | 233 | $res = $this->opensslClientsResult($host, $opensslbabble, $this->TLS_clients_checks_result, $type, $k); |
| 234 | 234 | if ($cert['expected'] == 'PASS') { |
@@ -270,11 +270,11 @@ discard block |
||
| 270 | 270 | // but code analysers want this more explicit, so here is this extra |
| 271 | 271 | // call to escapeshellarg() |
| 272 | 272 | $escapedHost = escapeshellarg($host); |
| 273 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 273 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 274 | 274 | $time_start = microtime(true); |
| 275 | 275 | $opensslbabble = []; |
| 276 | 276 | $result = 999; // likely to become zero by openssl; don't want to initialise to zero, could cover up exec failures |
| 277 | - exec(\config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 277 | + exec(\config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 278 | 278 | $time_stop = microtime(true); |
| 279 | 279 | $testresults['time_millisec'] = floor(($time_stop - $time_start) * 1000); |
| 280 | 280 | $testresults['returncode'] = $result; |
@@ -396,7 +396,7 @@ discard block |
||
| 396 | 396 | private function propertyCheckPolicy($cert) |
| 397 | 397 | { |
| 398 | 398 | $oids = []; |
| 399 | - if (isset($cert['extensions']['certificatePolicies']) && $cert['extensions']['certificatePolicies']) { |
|
| 399 | + if (isset($cert['extensions']['certificatePolicies']) && $cert['extensions']['certificatePolicies']) { |
|
| 400 | 400 | foreach (\config\Diagnostics::RADIUSTESTS['TLS-acceptableOIDs'] as $key => $oid) { |
| 401 | 401 | if (preg_match("/Policy: $oid/", $cert['extensions']['certificatePolicies'])) { |
| 402 | 402 | $oids[$key] = $oid; |
@@ -165,7 +165,7 @@ discard block |
||
| 165 | 165 | } |
| 166 | 166 | } |
| 167 | 167 | |
| 168 | - $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . /** @scrutinizer ignore-type */ print_r($supportedEapTypes, true)); |
|
| 168 | + $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, "./** @scrutinizer ignore-type */ print_r($supportedEapTypes, true)); |
|
| 169 | 169 | $this->loggerInstance->debug(4, /** @scrutinizer ignore-type */ print_r($expectedServerNames, true)); |
| 170 | 170 | $this->loggerInstance->debug(4, /** @scrutinizer ignore-type */ print_r($expectedCABundle, true)); |
| 171 | 171 | |
@@ -252,7 +252,7 @@ discard block |
||
| 252 | 252 | $returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME; |
| 253 | 253 | continue; // otherwise we'd ALSO complain that it's not a real hostname |
| 254 | 254 | } |
| 255 | - if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 255 | + if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 256 | 256 | $returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME; |
| 257 | 257 | } |
| 258 | 258 | } |
@@ -278,7 +278,7 @@ discard block |
||
| 278 | 278 | $probValue = RADIUSTests::CERTPROB_SHA1_SIGNATURE; |
| 279 | 279 | $returnarray[] = $probValue; |
| 280 | 280 | } |
| 281 | - $this->loggerInstance->debug(4, "CERT IS: " . /** @scrutinizer ignore-type */ print_r($intermediateCa, TRUE)); |
|
| 281 | + $this->loggerInstance->debug(4, "CERT IS: "./** @scrutinizer ignore-type */ print_r($intermediateCa, TRUE)); |
|
| 282 | 282 | if ($intermediateCa['basicconstraints_set'] == 0) { |
| 283 | 283 | $returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS; |
| 284 | 284 | } |
@@ -326,7 +326,7 @@ discard block |
||
| 326 | 326 | public function udpReachability($probeindex, $opnameCheck = TRUE, $frag = TRUE) { |
| 327 | 327 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 328 | 328 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 329 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 329 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 330 | 330 | if ($clientcert === FALSE) { |
| 331 | 331 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 332 | 332 | } |
@@ -335,7 +335,7 @@ discard block |
||
| 335 | 335 | if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) { |
| 336 | 336 | return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert); |
| 337 | 337 | } |
| 338 | - return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 338 | + return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 339 | 339 | } |
| 340 | 340 | |
| 341 | 341 | /** |
@@ -356,7 +356,7 @@ discard block |
||
| 356 | 356 | return RADIUSTests::CERTPROB_NO_CDP_HTTP; |
| 357 | 357 | } |
| 358 | 358 | // first and second sub-match is the full URL... check it |
| 359 | - $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2]), \config\Diagnostics::TIMEOUTS['crl_download']); |
|
| 359 | + $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2]), \config\Diagnostics::TIMEOUTS['crl_download']); |
|
| 360 | 360 | if ($crlcontent === FALSE) { |
| 361 | 361 | return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL; |
| 362 | 362 | } |
@@ -371,7 +371,7 @@ discard block |
||
| 371 | 371 | // $pem = chunk_split(base64_encode($crlcontent), 64, "\n"); |
| 372 | 372 | // inspired by https://stackoverflow.com/questions/2390604/how-to-pass-variables-as-stdin-into-command-line-from-php |
| 373 | 373 | |
| 374 | - $proc = \config\Master::PATHS['openssl'] . " crl -inform der"; |
|
| 374 | + $proc = \config\Master::PATHS['openssl']." crl -inform der"; |
|
| 375 | 375 | $descriptorspec = [ |
| 376 | 376 | 0 => ["pipe", "r"], |
| 377 | 377 | 1 => ["pipe", "w"], |
@@ -409,7 +409,7 @@ discard block |
||
| 409 | 409 | $origLength = strlen($hex); |
| 410 | 410 | for ($i = 1; $i < $origLength; $i++) { |
| 411 | 411 | if ($i % 2 == 1 && $i != strlen($hex)) { |
| 412 | - $spaced .= $hex[$i] . " "; |
|
| 412 | + $spaced .= $hex[$i]." "; |
|
| 413 | 413 | } else { |
| 414 | 414 | $spaced .= $hex[$i]; |
| 415 | 415 | } |
@@ -534,19 +534,19 @@ discard block |
||
| 534 | 534 | $eapText = \core\common\EAP::eapDisplayName($eaptype); |
| 535 | 535 | $config = ' |
| 536 | 536 | network={ |
| 537 | - ssid="' . \config\Master::APPEARANCE['productname'] . ' testing" |
|
| 537 | + ssid="' . \config\Master::APPEARANCE['productname'].' testing" |
|
| 538 | 538 | key_mgmt=WPA-EAP |
| 539 | 539 | proto=WPA2 |
| 540 | 540 | pairwise=CCMP |
| 541 | 541 | group=CCMP |
| 542 | 542 | '; |
| 543 | 543 | // phase 1 |
| 544 | - $config .= 'eap=' . $eapText['OUTER'] . "\n"; |
|
| 544 | + $config .= 'eap='.$eapText['OUTER']."\n"; |
|
| 545 | 545 | $logConfig = $config; |
| 546 | 546 | // phase 2 if applicable; all inner methods have passwords |
| 547 | 547 | if (isset($eapText['INNER']) && $eapText['INNER'] != "") { |
| 548 | - $config .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 549 | - $logConfig .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 548 | + $config .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 549 | + $logConfig .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 550 | 550 | } |
| 551 | 551 | // all methods set a password, except EAP-TLS |
| 552 | 552 | if ($eaptype != \core\common\EAP::EAPTYPE_TLS) { |
@@ -562,11 +562,11 @@ discard block |
||
| 562 | 562 | } |
| 563 | 563 | |
| 564 | 564 | // inner identity |
| 565 | - $config .= ' identity="' . $inner . "\"\n"; |
|
| 566 | - $logConfig .= ' identity="' . $inner . "\"\n"; |
|
| 565 | + $config .= ' identity="'.$inner."\"\n"; |
|
| 566 | + $logConfig .= ' identity="'.$inner."\"\n"; |
|
| 567 | 567 | // outer identity, may be equal |
| 568 | - $config .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 569 | - $logConfig .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 568 | + $config .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 569 | + $logConfig .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 570 | 570 | // done |
| 571 | 571 | $config .= "}"; |
| 572 | 572 | $logConfig .= "}"; |
@@ -627,13 +627,13 @@ discard block |
||
| 627 | 627 | * @return string the command-line for eapol_test |
| 628 | 628 | */ |
| 629 | 629 | private function eapolTestConfig($probeindex, $opName, $frag) { |
| 630 | - $cmdline = \config\Diagnostics::PATHS['eapol_test'] . |
|
| 631 | - " -a " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip'] . |
|
| 632 | - " -s " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret'] . |
|
| 633 | - " -o serverchain.pem" . |
|
| 634 | - " -c ./udp_login_test.conf" . |
|
| 635 | - " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " . |
|
| 636 | - " -t " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout'] . " "; |
|
| 630 | + $cmdline = \config\Diagnostics::PATHS['eapol_test']. |
|
| 631 | + " -a ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip']. |
|
| 632 | + " -s ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret']. |
|
| 633 | + " -o serverchain.pem". |
|
| 634 | + " -c ./udp_login_test.conf". |
|
| 635 | + " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ". |
|
| 636 | + " -t ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout']." "; |
|
| 637 | 637 | if ($opName) { |
| 638 | 638 | $cmdline .= '-N126:s:"1cat.eduroam.org" '; |
| 639 | 639 | } |
@@ -662,10 +662,10 @@ discard block |
||
| 662 | 662 | * @throws Exception |
| 663 | 663 | */ |
| 664 | 664 | private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs) { |
| 665 | - if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) { |
|
| 665 | + if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) { |
|
| 666 | 666 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n"); |
| 667 | 667 | } |
| 668 | - if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) { |
|
| 668 | + if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) { |
|
| 669 | 669 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n"); |
| 670 | 670 | } |
| 671 | 671 | // make a copy of the EAP-received chain and add the configured intermediates, if any |
@@ -679,15 +679,15 @@ discard block |
||
| 679 | 679 | } |
| 680 | 680 | if ($decoded['ca'] == 1) { |
| 681 | 681 | if ($decoded['root'] == 1) { // save CAT roots to the root directory |
| 682 | - file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 683 | - file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 682 | + file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 683 | + file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 684 | 684 | $catRoots[] = $decoded['pem']; |
| 685 | 685 | } else { // save the intermediates to allcerts directory |
| 686 | - file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']); |
|
| 686 | + file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']); |
|
| 687 | 687 | $intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded)); |
| 688 | 688 | if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) { |
| 689 | 689 | $this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 690 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]); |
|
| 690 | + file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]); |
|
| 691 | 691 | } |
| 692 | 692 | $catIntermediates[] = $decoded['pem']; |
| 693 | 693 | } |
@@ -696,26 +696,26 @@ discard block |
||
| 696 | 696 | // save all intermediate certificates and CRLs to separate files in |
| 697 | 697 | // both root-ca directories |
| 698 | 698 | foreach ($eapIntermediates as $index => $onePem) { |
| 699 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 700 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 699 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 700 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 701 | 701 | } |
| 702 | 702 | foreach ($eapIntermediateCRLs as $index => $onePem) { |
| 703 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 704 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 703 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 704 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 705 | 705 | } |
| 706 | 706 | |
| 707 | 707 | $checkstring = ""; |
| 708 | 708 | if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) { |
| 709 | 709 | $this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 710 | 710 | $checkstring = "-crl_check_all"; |
| 711 | - file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 712 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 711 | + file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 712 | + file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 713 | 713 | } |
| 714 | 714 | |
| 715 | 715 | |
| 716 | 716 | // now c_rehash the root CA directory ... |
| 717 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 718 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 717 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 718 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 719 | 719 | return $checkstring; |
| 720 | 720 | } |
| 721 | 721 | |
@@ -746,12 +746,12 @@ discard block |
||
| 746 | 746 | // so test if there's something PEMy in the file at all |
| 747 | 747 | // serverchain.pem is the output from eapol_test; incomingserver.pem is written by extractIncomingCertsfromEAP() if there was at least one server cert. |
| 748 | 748 | if (filesize("$tmpDir/serverchain.pem") > 10 && filesize("$tmpDir/incomingserver.pem") > 10) { |
| 749 | - exec(\config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 750 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 751 | - $this->loggerInstance->debug(4, "Chain verify pass 1: " . /** @scrutinizer ignore-type */ print_r($verifyResultEaponly, TRUE) . "\n"); |
|
| 752 | - exec(\config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 753 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 754 | - $this->loggerInstance->debug(4, "Chain verify pass 2: " . /** @scrutinizer ignore-type */ print_r($verifyResultAllcerts, TRUE) . "\n"); |
|
| 749 | + exec(\config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 750 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 751 | + $this->loggerInstance->debug(4, "Chain verify pass 1: "./** @scrutinizer ignore-type */ print_r($verifyResultEaponly, TRUE)."\n"); |
|
| 752 | + exec(\config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 753 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 754 | + $this->loggerInstance->debug(4, "Chain verify pass 2: "./** @scrutinizer ignore-type */ print_r($verifyResultAllcerts, TRUE)."\n"); |
|
| 755 | 755 | } |
| 756 | 756 | |
| 757 | 757 | // now we do certificate verification against the collected parents |
@@ -817,7 +817,7 @@ discard block |
||
| 817 | 817 | // we are UNHAPPY if no names match! |
| 818 | 818 | $happiness = "UNHAPPY"; |
| 819 | 819 | foreach ($this->expectedServerNames as $expectedName) { |
| 820 | - $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . /** @scrutinizer ignore-type */ print_r($servercert['CN'], TRUE) . /** @scrutinizer ignore-type */ print_r($servercert['sAN_DNS'], TRUE)); |
|
| 820 | + $this->loggerInstance->debug(4, "Managing expectations for $expectedName: "./** @scrutinizer ignore-type */ print_r($servercert['CN'], TRUE)./** @scrutinizer ignore-type */ print_r($servercert['sAN_DNS'], TRUE)); |
|
| 821 | 821 | if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) { |
| 822 | 822 | $this->loggerInstance->debug(4, "Totally happy!"); |
| 823 | 823 | $happiness = "TOTALLY"; |
@@ -861,11 +861,11 @@ discard block |
||
| 861 | 861 | $theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password); |
| 862 | 862 | // the config intentionally does not include CA checking. We do this |
| 863 | 863 | // ourselves after getting the chain with -o. |
| 864 | - file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]); |
|
| 864 | + file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]); |
|
| 865 | 865 | |
| 866 | 866 | $cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag); |
| 867 | 867 | $this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n"); |
| 868 | - $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n"); |
|
| 868 | + $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n"); |
|
| 869 | 869 | $time_start = microtime(true); |
| 870 | 870 | $pflow = []; |
| 871 | 871 | exec($cmdline, $pflow); |
@@ -874,7 +874,7 @@ discard block |
||
| 874 | 874 | } |
| 875 | 875 | $time_stop = microtime(true); |
| 876 | 876 | $output = print_r($this->redact($password, $pflow), TRUE); |
| 877 | - file_put_contents($tmpDir . "/eapol_test_output_redacted_$probeindex.txt", $output); |
|
| 877 | + file_put_contents($tmpDir."/eapol_test_output_redacted_$probeindex.txt", $output); |
|
| 878 | 878 | $this->loggerInstance->debug(5, "eapol_test output saved to eapol_test_output_redacted_$probeindex.txt\n"); |
| 879 | 879 | return [ |
| 880 | 880 | "time" => ($time_stop - $time_start) * 1000, |
@@ -909,7 +909,7 @@ discard block |
||
| 909 | 909 | if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) { |
| 910 | 910 | array_pop($packetflow); |
| 911 | 911 | } |
| 912 | - $this->loggerInstance->debug(5, "Packetflow: " . /** @scrutinizer ignore-type */ print_r($packetflow, TRUE)); |
|
| 912 | + $this->loggerInstance->debug(5, "Packetflow: "./** @scrutinizer ignore-type */ print_r($packetflow, TRUE)); |
|
| 913 | 913 | $packetcount = array_count_values($packetflow); |
| 914 | 914 | $testresults['packetcount'] = $packetcount; |
| 915 | 915 | $testresults['packetflow'] = $packetflow; |
@@ -949,7 +949,7 @@ discard block |
||
| 949 | 949 | */ |
| 950 | 950 | private function wasModernTlsNegotiated(&$testresults, $packetflow_orig) { |
| 951 | 951 | $negotiatedTlsVersion = $this->checkLineparse($packetflow_orig, self::LINEPARSE_TLSVERSION); |
| 952 | - $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion" . "\n"); |
|
| 952 | + $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion"."\n"); |
|
| 953 | 953 | if ($negotiatedTlsVersion === FALSE) { |
| 954 | 954 | $testresults['cert_oddities'][] = RADIUSTests::TLSPROB_UNKNOWN_TLS_VERSION; |
| 955 | 955 | } elseif ($negotiatedTlsVersion != self::TLS_VERSION_1_2 && $negotiatedTlsVersion != self::TLS_VERSION_1_3) { |
@@ -1007,7 +1007,7 @@ discard block |
||
| 1007 | 1007 | |
| 1008 | 1008 | $x509 = new \core\common\X509(); |
| 1009 | 1009 | // $eap_certarray holds all certs received in EAP conversation |
| 1010 | - $incomingData = file_get_contents($tmpDir . "/serverchain.pem"); |
|
| 1010 | + $incomingData = file_get_contents($tmpDir."/serverchain.pem"); |
|
| 1011 | 1011 | if ($incomingData !== FALSE && strlen($incomingData) > 0) { |
| 1012 | 1012 | $eapCertArray = $x509->splitCertificate($incomingData); |
| 1013 | 1013 | } else { |
@@ -1037,10 +1037,10 @@ discard block |
||
| 1037 | 1037 | case RADIUSTests::SERVER_CA_SELFSIGNED: |
| 1038 | 1038 | $servercert[] = $cert; |
| 1039 | 1039 | if (count($servercert) == 1) { |
| 1040 | - if (file_put_contents($tmpDir . "/incomingserver.pem", $cert['pem'] . "\n") === FALSE) { |
|
| 1040 | + if (file_put_contents($tmpDir."/incomingserver.pem", $cert['pem']."\n") === FALSE) { |
|
| 1041 | 1041 | $this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n"); |
| 1042 | 1042 | } |
| 1043 | - $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . /** @scrutinizer ignore-type */ print_r($servercert[0], true)); |
|
| 1043 | + $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: "./** @scrutinizer ignore-type */ print_r($servercert[0], true)); |
|
| 1044 | 1044 | } elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) { |
| 1045 | 1045 | $testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS; |
| 1046 | 1046 | } |
@@ -1110,7 +1110,7 @@ discard block |
||
| 1110 | 1110 | public function autodetectCAWithProbe($outerId) { |
| 1111 | 1111 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 1112 | 1112 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 1113 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 1113 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 1114 | 1114 | if ($clientcert === FALSE) { |
| 1115 | 1115 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 1116 | 1116 | } |
@@ -1125,7 +1125,7 @@ discard block |
||
| 1125 | 1125 | $tmpDir = $temporary['dir']; |
| 1126 | 1126 | chdir($tmpDir); |
| 1127 | 1127 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1128 | - file_put_contents($tmpDir . "/client.p12", $clientcert); |
|
| 1128 | + file_put_contents($tmpDir."/client.p12", $clientcert); |
|
| 1129 | 1129 | $testresults = ['cert_oddities' => []]; |
| 1130 | 1130 | $runtime_results = $this->executeEapolTest($tmpDir, $probeindex, \core\common\EAP::EAPTYPE_ANY, $outerId, $outerId, "eaplab", FALSE, FALSE); |
| 1131 | 1131 | $packetflow_orig = $runtime_results['output']; |
@@ -1141,8 +1141,7 @@ discard block |
||
| 1141 | 1141 | // that's not the case if we do EAP-pwd or could not negotiate an EAP method at |
| 1142 | 1142 | // all |
| 1143 | 1143 | // in that case: no server CA guess possible |
| 1144 | - if (! |
|
| 1145 | - ($radiusResult == RADIUSTests::RETVAL_CONVERSATION_REJECT && $negotiatedEapType) || $radiusResult == RADIUSTests::RETVAL_OK |
|
| 1144 | + if (!($radiusResult == RADIUSTests::RETVAL_CONVERSATION_REJECT && $negotiatedEapType) || $radiusResult == RADIUSTests::RETVAL_OK |
|
| 1146 | 1145 | ) { |
| 1147 | 1146 | return RADIUSTests::RETVAL_INVALID; |
| 1148 | 1147 | } |
@@ -1182,7 +1181,7 @@ discard block |
||
| 1182 | 1181 | // trust, and custom ones we may have configured |
| 1183 | 1182 | $ourRoots = file_get_contents(\config\ConfAssistant::PATHS['trust-store-custom']); |
| 1184 | 1183 | $mozillaRoots = file_get_contents(\config\ConfAssistant::PATHS['trust-store-mozilla']); |
| 1185 | - $allRoots = $x509->splitCertificate($ourRoots . "\n" . $mozillaRoots); |
|
| 1184 | + $allRoots = $x509->splitCertificate($ourRoots."\n".$mozillaRoots); |
|
| 1186 | 1185 | foreach ($allRoots as $oneRoot) { |
| 1187 | 1186 | $processedRoot = $x509->processCertificate($oneRoot); |
| 1188 | 1187 | if ($processedRoot['full_details']['subject'] == $currentHighestKnownIssuer) { |
@@ -1226,7 +1225,7 @@ discard block |
||
| 1226 | 1225 | chdir($tmpDir); |
| 1227 | 1226 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1228 | 1227 | if ($clientcertdata !== NULL) { |
| 1229 | - file_put_contents($tmpDir . "/client.p12", $clientcertdata); |
|
| 1228 | + file_put_contents($tmpDir."/client.p12", $clientcertdata); |
|
| 1230 | 1229 | } |
| 1231 | 1230 | $testresults = []; |
| 1232 | 1231 | // initialise the sub-array for cleaner parsing |
@@ -1331,7 +1330,7 @@ discard block |
||
| 1331 | 1330 | 'issuer' => $this->printDN($certdata['issuer']), |
| 1332 | 1331 | 'validFrom' => $this->printTm($certdata['validFrom_time_t']), |
| 1333 | 1332 | 'validTo' => $this->printTm($certdata['validTo_time_t']), |
| 1334 | - 'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1333 | + 'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1335 | 1334 | 'sha1' => $certdata['sha1'], |
| 1336 | 1335 | 'public_key_length' => $certdata['public_key_length'], |
| 1337 | 1336 | 'extensions' => $certdata['extensions'] |
@@ -130,16 +130,16 @@ discard block |
||
| 130 | 130 | } else { |
| 131 | 131 | $ou = $serverInfo["names"][$langInstance->getLang()]; |
| 132 | 132 | } |
| 133 | - $modou = 0; |
|
| 134 | - if (str_contains($ou, ',')) { |
|
| 135 | - $modou = 1; |
|
| 136 | - $ou = str_replace(",", "/,", $ou); |
|
| 137 | - } |
|
| 138 | - $ou = preg_replace('/\s+/', ' ', $ou); |
|
| 139 | - if (strlen($ou) >= 64) { |
|
| 140 | - $ou = substr($ou, 0, 64); |
|
| 141 | - $modou += 2; |
|
| 142 | - } |
|
| 133 | + $modou = 0; |
|
| 134 | + if (str_contains($ou, ',')) { |
|
| 135 | + $modou = 1; |
|
| 136 | + $ou = str_replace(",", "/,", $ou); |
|
| 137 | + } |
|
| 138 | + $ou = preg_replace('/\s+/', ' ', $ou); |
|
| 139 | + if (strlen($ou) >= 64) { |
|
| 140 | + $ou = substr($ou, 0, 64); |
|
| 141 | + $modou += 2; |
|
| 142 | + } |
|
| 143 | 143 | $DN[] = "O=".iconv('UTF-8', 'ASCII//TRANSLIT', $ou); |
| 144 | 144 | $serverList = explode(",", $serverInfo["servers"]); |
| 145 | 145 | $DN[] = "CN=" . $serverList[0]; |
@@ -164,20 +164,20 @@ discard block |
||
| 164 | 164 | echo "<p style='font-size: large'>" . _("Requesting a certificate with the following properties"); |
| 165 | 165 | echo "<ul>"; |
| 166 | 166 | echo "<li>" . _("Policy OIDs: ") . implode(", ", $policies) . "</li>"; |
| 167 | - echo "<li>" . _("Distinguished Name: ") . implode(", ", $DN); |
|
| 168 | - if ($modou > 0) { |
|
| 169 | - echo " ("; |
|
| 167 | + echo "<li>" . _("Distinguished Name: ") . implode(", ", $DN); |
|
| 168 | + if ($modou > 0) { |
|
| 169 | + echo " ("; |
|
| 170 | 170 | echo _("Organization field adjusted"). ': '; |
| 171 | - $desc = array(); |
|
| 172 | - if ($modou >= 2) { |
|
| 173 | - $desc[] = _("truncated to 64 chars"); |
|
| 174 | - } |
|
| 175 | - if ($modou == 1 || $modou == 3) { |
|
| 176 | - $desc[] = _("commas escaped"); |
|
| 171 | + $desc = array(); |
|
| 172 | + if ($modou >= 2) { |
|
| 173 | + $desc[] = _("truncated to 64 chars"); |
|
| 174 | + } |
|
| 175 | + if ($modou == 1 || $modou == 3) { |
|
| 176 | + $desc[] = _("commas escaped"); |
|
| 177 | 177 | } |
| 178 | - echo implode(', ', $desc); |
|
| 179 | - echo ")"; |
|
| 180 | - } |
|
| 178 | + echo implode(', ', $desc); |
|
| 179 | + echo ")"; |
|
| 180 | + } |
|
| 181 | 181 | echo "</li>"; |
| 182 | 182 | echo "<li>" . _("subjectAltName:DNS : ") . implode(", ", $serverList) . "</li>"; |
| 183 | 183 | echo "<li>" . _("Requester Contact Details: ") . $firstName . " <" . $firstMail . ">" . "</li>"; |
@@ -27,7 +27,7 @@ discard block |
||
| 27 | 27 | */ |
| 28 | 28 | ?> |
| 29 | 29 | <?php |
| 30 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 30 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 31 | 31 | $auth = new \web\lib\admin\Authentication(); |
| 32 | 32 | $deco = new \web\lib\admin\PageDecoration(); |
| 33 | 33 | $validator = new \web\lib\common\InputValidation(); |
@@ -105,10 +105,10 @@ discard block |
||
| 105 | 105 | $fed = $validator->existingFederation($_POST['NRO-list']); |
| 106 | 106 | $country = strtoupper($fed->tld); |
| 107 | 107 | $DN[] = "C=$country"; |
| 108 | - $DN[] = "O=NRO of " . iconv('UTF-8', 'ASCII//TRANSLIT', $cat->knownFederations[strtoupper($fed->tld)]); |
|
| 108 | + $DN[] = "O=NRO of ".iconv('UTF-8', 'ASCII//TRANSLIT', $cat->knownFederations[strtoupper($fed->tld)]); |
|
| 109 | 109 | $serverInfo = $externalDb->listExternalTlsServersFederation($fed->tld); |
| 110 | 110 | $serverList = explode(",", array_key_first($serverInfo)); |
| 111 | - $DN[] = "CN=" . $serverList[0]; |
|
| 111 | + $DN[] = "CN=".$serverList[0]; |
|
| 112 | 112 | $policies[] = "eduroam IdP"; |
| 113 | 113 | $policies[] = "eduroam SP"; |
| 114 | 114 | $firstName = $serverInfo[array_key_first($serverInfo)][0]["name"]; |
@@ -135,14 +135,14 @@ discard block |
||
| 135 | 135 | $modou = 1; |
| 136 | 136 | $ou = str_replace(",", "/,", $ou); |
| 137 | 137 | } |
| 138 | - $ou = preg_replace('/\s+/', ' ', $ou); |
|
| 138 | + $ou = preg_replace('/\s+/', ' ', $ou); |
|
| 139 | 139 | if (strlen($ou) >= 64) { |
| 140 | 140 | $ou = substr($ou, 0, 64); |
| 141 | 141 | $modou += 2; |
| 142 | 142 | } |
| 143 | 143 | $DN[] = "O=".iconv('UTF-8', 'ASCII//TRANSLIT', $ou); |
| 144 | 144 | $serverList = explode(",", $serverInfo["servers"]); |
| 145 | - $DN[] = "CN=" . $serverList[0]; |
|
| 145 | + $DN[] = "CN=".$serverList[0]; |
|
| 146 | 146 | switch ($serverInfo["type"]) { |
| 147 | 147 | case core\IdP::TYPE_IDPSP: |
| 148 | 148 | $policies[] = "eduroam IdP"; |
@@ -161,13 +161,13 @@ discard block |
||
| 161 | 161 | default: |
| 162 | 162 | throw new Exception("Sorry: Unknown level of issuance requested."); |
| 163 | 163 | } |
| 164 | - echo "<p style='font-size: large'>" . _("Requesting a certificate with the following properties"); |
|
| 164 | + echo "<p style='font-size: large'>"._("Requesting a certificate with the following properties"); |
|
| 165 | 165 | echo "<ul>"; |
| 166 | - echo "<li>" . _("Policy OIDs: ") . implode(", ", $policies) . "</li>"; |
|
| 167 | - echo "<li>" . _("Distinguished Name: ") . implode(", ", $DN); |
|
| 166 | + echo "<li>"._("Policy OIDs: ").implode(", ", $policies)."</li>"; |
|
| 167 | + echo "<li>"._("Distinguished Name: ").implode(", ", $DN); |
|
| 168 | 168 | if ($modou > 0) { |
| 169 | 169 | echo " ("; |
| 170 | - echo _("Organization field adjusted"). ': '; |
|
| 170 | + echo _("Organization field adjusted").': '; |
|
| 171 | 171 | $desc = array(); |
| 172 | 172 | if ($modou >= 2) { |
| 173 | 173 | $desc[] = _("truncated to 64 chars"); |
@@ -179,8 +179,8 @@ discard block |
||
| 179 | 179 | echo ")"; |
| 180 | 180 | } |
| 181 | 181 | echo "</li>"; |
| 182 | - echo "<li>" . _("subjectAltName:DNS : ") . implode(", ", $serverList) . "</li>"; |
|
| 183 | - echo "<li>" . _("Requester Contact Details: ") . $firstName . " <" . $firstMail . ">" . "</li>"; |
|
| 182 | + echo "<li>"._("subjectAltName:DNS : ").implode(", ", $serverList)."</li>"; |
|
| 183 | + echo "<li>"._("Requester Contact Details: ").$firstName." <".$firstMail.">"."</li>"; |
|
| 184 | 184 | echo "</ul></p>"; |
| 185 | 185 | |
| 186 | 186 | $vettedCsr = $validator->string($_POST['CSR'], true); |
@@ -196,7 +196,7 @@ discard block |
||
| 196 | 196 | $loggerInstance->debug(2, $DN, "CERT DN: ", "\n"); |
| 197 | 197 | // our certs can be good for max 5 years |
| 198 | 198 | $fed->requestCertificate($user->identifier, $newCsrWithMeta, $expiryDays); |
| 199 | - echo "<p>" . _("The certificate was requested.") . "</p>"; |
|
| 199 | + echo "<p>"._("The certificate was requested.")."</p>"; |
|
| 200 | 200 | ?> |
| 201 | 201 | <form action="overview_certificates.php" method="GET"> |
| 202 | 202 | <button type="submit"><?php echo _("Back to Certificate Overview"); ?></button> |
@@ -214,23 +214,23 @@ discard block |
||
| 214 | 214 | switch (count($feds)) { |
| 215 | 215 | case 0: |
| 216 | 216 | echo "<div>"; |
| 217 | - echo $uiElements->boxRemark("<strong>" . sprintf(_("None of your %s servers has complete information in the database."),$uiElements->nomenclatureFed)."</strong>" . _("At least the DNS names of TLS servers and a role-based contact mail address are required.")); |
|
| 217 | + echo $uiElements->boxRemark("<strong>".sprintf(_("None of your %s servers has complete information in the database."), $uiElements->nomenclatureFed)."</strong>"._("At least the DNS names of TLS servers and a role-based contact mail address are required.")); |
|
| 218 | 218 | echo "</div>"; |
| 219 | 219 | break; |
| 220 | 220 | case 1: |
| 221 | - echo '<input type="radio" name="LEVEL" id="NRO" value="NRO" checked>' . sprintf(_("Certificate for %s") ." ", $uiElements->nomenclatureFed) . '</input>'; |
|
| 222 | - echo " <strong>" . $cat->knownFederations[$feds[0]->tld] . "</strong>"; |
|
| 223 | - echo '<input type="hidden" name="NRO-list" id="NRO-list" value="' . $feds[0]->tld . '"/>'; |
|
| 221 | + echo '<input type="radio" name="LEVEL" id="NRO" value="NRO" checked>'.sprintf(_("Certificate for %s")." ", $uiElements->nomenclatureFed).'</input>'; |
|
| 222 | + echo " <strong>".$cat->knownFederations[$feds[0]->tld]."</strong>"; |
|
| 223 | + echo '<input type="hidden" name="NRO-list" id="NRO-list" value="'.$feds[0]->tld.'"/>'; |
|
| 224 | 224 | break; |
| 225 | 225 | default: |
| 226 | - echo '<input type="radio" name="LEVEL" id="NRO" value="NRO" checked>' . sprintf(_("Certificate for %s") ." ", $uiElements->nomenclatureFed) . '</input>'; |
|
| 226 | + echo '<input type="radio" name="LEVEL" id="NRO" value="NRO" checked>'.sprintf(_("Certificate for %s")." ", $uiElements->nomenclatureFed).'</input>'; |
|
| 227 | 227 | ?> |
| 228 | 228 | <select name="NRO-list" id="NRO-list"> |
| 229 | 229 | <option value="notset"><?php echo _("---PLEASE CHOOSE---"); ?></option> |
| 230 | 230 | <?php |
| 231 | 231 | foreach ($feds as $oneFed) { |
| 232 | 232 | #echo '<option value="' . strtoupper($oneFed->tld) . '">' . $cat->knownFederations[$oneFed->tld] . "</option>"; |
| 233 | - echo '<option value="AAA' . strtoupper($oneFed->tld) . '">' . $oneIdP["names"][$langObject->getLang()] . "</option>"; |
|
| 233 | + echo '<option value="AAA'.strtoupper($oneFed->tld).'">'.$oneIdP["names"][$langObject->getLang()]."</option>"; |
|
| 234 | 234 | |
| 235 | 235 | } |
| 236 | 236 | ?> |
@@ -241,13 +241,13 @@ discard block |
||
| 241 | 241 | ?> |
| 242 | 242 | <script> |
| 243 | 243 | var instservers = []; |
| 244 | - var nroservers = '<?php echo str_replace(",", ", ", array_key_first($serverInfo));?>'; |
|
| 244 | + var nroservers = '<?php echo str_replace(",", ", ", array_key_first($serverInfo)); ?>'; |
|
| 245 | 245 | <?php |
| 246 | 246 | $allIdPs = []; |
| 247 | 247 | foreach ($allAuthorizedFeds as $oneFed) { |
| 248 | 248 | foreach ($externalDb->listExternalTlsServersInstitution($oneFed['value']) as $id => $oneIdP) { |
| 249 | - $allIdPs[$id] = '[' . substr($id, 0, 2) . '] ' . $oneIdP["names"][$langObject->getLang()]; |
|
| 250 | - echo "instservers['" . $id . "']='" . str_replace(",", ", ", $oneIdP["servers"]) . "';\n"; |
|
| 249 | + $allIdPs[$id] = '['.substr($id, 0, 2).'] '.$oneIdP["names"][$langObject->getLang()]; |
|
| 250 | + echo "instservers['".$id."']='".str_replace(",", ", ", $oneIdP["servers"])."';\n"; |
|
| 251 | 251 | } |
| 252 | 252 | } |
| 253 | 253 | ?> |
@@ -275,7 +275,7 @@ discard block |
||
| 275 | 275 | <option value="notset"><?php echo _("---PLEASE CHOOSE---"); ?></option> |
| 276 | 276 | <?php |
| 277 | 277 | foreach ($allIdPs as $id => $name) { |
| 278 | - echo '<option value="' . $id . '">' . $name . "</option>"; |
|
| 278 | + echo '<option value="'.$id.'">'.$name."</option>"; |
|
| 279 | 279 | } |
| 280 | 280 | ?> |
| 281 | 281 | </select> |
@@ -284,7 +284,7 @@ discard block |
||
| 284 | 284 | <?php |
| 285 | 285 | echo _('According to the above settings you will receive') |
| 286 | 286 | ?> |
| 287 | - <span id='certlevel'><?php echo _('NRO level certificate');?></span> |
|
| 287 | + <span id='certlevel'><?php echo _('NRO level certificate'); ?></span> |
|
| 288 | 288 | |
| 289 | 289 | </span>for server names: |
| 290 | 290 | <span id='serversinfo'><?php echo str_replace(",", ", ", array_key_first($serverInfo)); ?></span> |
@@ -292,7 +292,7 @@ discard block |
||
| 292 | 292 | <?php |
| 293 | 293 | } else { |
| 294 | 294 | echo "<div>"; |
| 295 | - echo $uiElements->boxRemark(sprintf(_("<strong>No organisation inside your %s has complete information in the database</strong>."." "._("At least the DNS names of TLS servers and a role-based contact mail address are required.")),$uiElements->nomenclatureFed), "No TLS capable org!", true); |
|
| 295 | + echo $uiElements->boxRemark(sprintf(_("<strong>No organisation inside your %s has complete information in the database</strong>."." "._("At least the DNS names of TLS servers and a role-based contact mail address are required.")), $uiElements->nomenclatureFed), "No TLS capable org!", true); |
|
| 296 | 296 | echo "</div>"; |
| 297 | 297 | } |
| 298 | 298 | ?> |
@@ -302,7 +302,7 @@ discard block |
||
| 302 | 302 | <h2><?php echo _("2. CSR generation"); ?></h2> |
| 303 | 303 | <p><?php echo _("One way to generate an acceptable certificate request is via this openssl one-liner:"); ?></p> |
| 304 | 304 | <?php |
| 305 | - echo "openssl req -new -newkey rsa:4096 -out test.csr -keyout test.key -subj /". implode('/', array_reverse($DN)) ."/C=XY/O=WillBeReplaced/CN=will.be.replaced"; |
|
| 305 | + echo "openssl req -new -newkey rsa:4096 -out test.csr -keyout test.key -subj /".implode('/', array_reverse($DN))."/C=XY/O=WillBeReplaced/CN=will.be.replaced"; |
|
| 306 | 306 | ?> |
| 307 | 307 | <h2><?php echo _("3. Submission"); ?></h2> |
| 308 | 308 | <?php echo _("Please paste your CSR here:"); ?><br/><textarea name="CSR" id="CSR" rows="20" cols="85"/></textarea><br/> |
@@ -331,7 +331,7 @@ discard block |
||
| 331 | 331 | // for now (no OpenRoaming client certs available) only run server-side tests |
| 332 | 332 | foreach ($listOfIPs as $oneIP) { |
| 333 | 333 | $connectionResult = $connectionTests->cApathCheck($oneIP); |
| 334 | - if ($connectionResult != \core\diag\AbstractTest::RETVAL_OK || ( isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) { |
|
| 334 | + if ($connectionResult != \core\diag\AbstractTest::RETVAL_OK || (isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) { |
|
| 335 | 335 | $allHostsOkay = FALSE; |
| 336 | 336 | } else { |
| 337 | 337 | $oneHostOkay = TRUE; |
@@ -945,7 +945,7 @@ discard block |
||
| 945 | 945 | $profileStatus = self::CERT_STATUS_NONE; |
| 946 | 946 | foreach ($rows as $row) { |
| 947 | 947 | $encodedCert = $row[0]; |
| 948 | - $tm = $x509->processCertificate(base64_decode($encodedCert))['full_details']['validTo_time_t']- time(); |
|
| 948 | + $tm = $x509->processCertificate(base64_decode($encodedCert))['full_details']['validTo_time_t'] - time(); |
|
| 949 | 949 | if ($tm < \config\ConfAssistant::CERT_WARNINGS['expiry_critical']) { |
| 950 | 950 | $certStatus = self::CERT_STATUS_ERROR; |
| 951 | 951 | } elseif ($tm < \config\ConfAssistant::CERT_WARNINGS['expiry_warning']) { |
@@ -49,15 +49,15 @@ |
||
| 49 | 49 | } |
| 50 | 50 | |
| 51 | 51 | switch ($_GET['token']) { |
| 52 | - case "SELF-REGISTER": |
|
| 53 | - $token = "SELF-REGISTER"; |
|
| 54 | - $checkval = \core\UserManagement::TOKENSTATUS_OK_NEW; |
|
| 55 | - $federation = \config\ConfAssistant::CONSORTIUM['selfservice_registration']; |
|
| 56 | - break; |
|
| 57 | - default: |
|
| 58 | - $tokenUnfiltered = $validator->token(filter_input(INPUT_GET,'token')); |
|
| 59 | - $token = htmlspecialchars(strip_tags($tokenUnfiltered)); |
|
| 60 | - $checkval = $usermgmt->checkTokenValidity($token); |
|
| 52 | + case "SELF-REGISTER": |
|
| 53 | + $token = "SELF-REGISTER"; |
|
| 54 | + $checkval = \core\UserManagement::TOKENSTATUS_OK_NEW; |
|
| 55 | + $federation = \config\ConfAssistant::CONSORTIUM['selfservice_registration']; |
|
| 56 | + break; |
|
| 57 | + default: |
|
| 58 | + $tokenUnfiltered = $validator->token(filter_input(INPUT_GET,'token')); |
|
| 59 | + $token = htmlspecialchars(strip_tags($tokenUnfiltered)); |
|
| 60 | + $checkval = $usermgmt->checkTokenValidity($token); |
|
| 61 | 61 | } |
| 62 | 62 | |
| 63 | 63 | if ($checkval < 0) { |
@@ -30,7 +30,7 @@ discard block |
||
| 30 | 30 | ?> |
| 31 | 31 | <?php |
| 32 | 32 | |
| 33 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 33 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 34 | 34 | |
| 35 | 35 | $auth = new \web\lib\admin\Authentication(); |
| 36 | 36 | $deco = new \web\lib\admin\PageDecoration(); |
@@ -41,11 +41,11 @@ discard block |
||
| 41 | 41 | $auth->authenticate(); |
| 42 | 42 | |
| 43 | 43 | if (!isset($_GET['token'])) { |
| 44 | - $elements->errorPage(_("Error creating new IdP binding!"),_("This page needs to be called with a valid invitation token!")); |
|
| 44 | + $elements->errorPage(_("Error creating new IdP binding!"), _("This page needs to be called with a valid invitation token!")); |
|
| 45 | 45 | } |
| 46 | 46 | |
| 47 | 47 | if (\config\ConfAssistant::CONSORTIUM['selfservice_registration'] === NULL && $_GET['token'] == "SELF-REGISTER") { |
| 48 | - $elements->errorPage(_("Error creating new IdP binding!"),_("You tried to register in self-service, but this deployment does not allow self-service!")); |
|
| 48 | + $elements->errorPage(_("Error creating new IdP binding!"), _("You tried to register in self-service, but this deployment does not allow self-service!")); |
|
| 49 | 49 | } |
| 50 | 50 | |
| 51 | 51 | switch ($_GET['token']) { |
@@ -55,23 +55,23 @@ discard block |
||
| 55 | 55 | $federation = \config\ConfAssistant::CONSORTIUM['selfservice_registration']; |
| 56 | 56 | break; |
| 57 | 57 | default: |
| 58 | - $tokenUnfiltered = $validator->token(filter_input(INPUT_GET,'token')); |
|
| 58 | + $tokenUnfiltered = $validator->token(filter_input(INPUT_GET, 'token')); |
|
| 59 | 59 | $token = htmlspecialchars(strip_tags($tokenUnfiltered)); |
| 60 | 60 | $checkval = $usermgmt->checkTokenValidity($token); |
| 61 | 61 | } |
| 62 | 62 | |
| 63 | 63 | if ($checkval < 0) { |
| 64 | 64 | echo $deco->pageheader(_("Error creating new IdP binding!"), "ADMIN-IDP"); |
| 65 | - echo "<h1>" . _("Error creating new IdP binding!") . "</h1>"; |
|
| 65 | + echo "<h1>"._("Error creating new IdP binding!")."</h1>"; |
|
| 66 | 66 | switch ($checkval) { |
| 67 | 67 | case \core\UserManagement::TOKENSTATUS_FAIL_ALREADYCONSUMED: |
| 68 | - echo "<p>" . sprintf(_("Sorry... this token has already been used. The %s is already created. If you got the invitation from a mailing list, probably someone else used it before you."), $elements->nomenclatureParticipant) . "</p>"; |
|
| 68 | + echo "<p>".sprintf(_("Sorry... this token has already been used. The %s is already created. If you got the invitation from a mailing list, probably someone else used it before you."), $elements->nomenclatureParticipant)."</p>"; |
|
| 69 | 69 | break; |
| 70 | 70 | case \core\UserManagement::TOKENSTATUS_FAIL_EXPIRED: |
| 71 | - echo "<p>" . sprintf(_("Sorry... this token has expired. Invitation tokens are valid for 24 hours. The %s administrator can create a new one for you."), $elements->nomenclatureFed) . "</p>"; |
|
| 71 | + echo "<p>".sprintf(_("Sorry... this token has expired. Invitation tokens are valid for 24 hours. The %s administrator can create a new one for you."), $elements->nomenclatureFed)."</p>"; |
|
| 72 | 72 | break; |
| 73 | 73 | default: |
| 74 | - echo "<p>" . _("Sorry... you have come to the enrollment page without a valid token. Are you a nasty person? If not, you should go to <a href='overview_user.php'>your profile page</a> instead.") . "</p>"; |
|
| 74 | + echo "<p>"._("Sorry... you have come to the enrollment page without a valid token. Are you a nasty person? If not, you should go to <a href='overview_user.php'>your profile page</a> instead.")."</p>"; |
|
| 75 | 75 | } |
| 76 | 76 | echo $deco->footer(); |
| 77 | 77 | throw new Exception("Terminating because something is wrong with the token we received."); |
@@ -86,12 +86,12 @@ discard block |
||
| 86 | 86 | case "SELF-REGISTER": |
| 87 | 87 | $fed = new \core\Federation($federation); |
| 88 | 88 | $newidp = new \core\IdP($fed->newIdP(core\IdP::TYPE_IDPSP, $user, "FED", "SELFSERVICE")); |
| 89 | - $loggerInstance->writeAudit($user, "MOD", "IdP " . $newidp->identifier . " - selfservice registration"); |
|
| 89 | + $loggerInstance->writeAudit($user, "MOD", "IdP ".$newidp->identifier." - selfservice registration"); |
|
| 90 | 90 | break; |
| 91 | 91 | default: |
| 92 | 92 | $newidp = $usermgmt->createIdPFromToken($token, $user); |
| 93 | 93 | $usermgmt->invalidateToken($token); |
| 94 | - $loggerInstance->writeAudit($user, "MOD", "IdP " . $newidp->identifier . " - Token used and invalidated"); |
|
| 94 | + $loggerInstance->writeAudit($user, "MOD", "IdP ".$newidp->identifier." - Token used and invalidated"); |
|
| 95 | 95 | break; |
| 96 | 96 | } |
| 97 | 97 | |
@@ -115,12 +115,12 @@ discard block |
||
| 115 | 115 | $this->name = $this->languageInstance->getLocalisedValue($this->getAttributes('general:instname')); |
| 116 | 116 | $eligibility = $this->eligibility($instQuery->type); |
| 117 | 117 | if (in_array(IdP::ELIGIBILITY_IDP, $eligibility) && in_array(IdP::ELIGIBILITY_SP, $eligibility)) { |
| 118 | - $eligType = IdP::TYPE_IDPSP . ""; |
|
| 118 | + $eligType = IdP::TYPE_IDPSP.""; |
|
| 119 | 119 | $this->type = $eligType; |
| 120 | 120 | } elseif (in_array(IdP::ELIGIBILITY_IDP, $eligibility)) { |
| 121 | - $eligType = IdP::TYPE_IDP . ""; |
|
| 121 | + $eligType = IdP::TYPE_IDP.""; |
|
| 122 | 122 | } else { |
| 123 | - $eligType = IdP::TYPE_SP . ""; |
|
| 123 | + $eligType = IdP::TYPE_SP.""; |
|
| 124 | 124 | } |
| 125 | 125 | $this->type = $eligType; |
| 126 | 126 | $this->loggerInstance->debug(4, "--- END Constructing new IdP object $instId ... ---\n"); |
@@ -134,7 +134,7 @@ discard block |
||
| 134 | 134 | */ |
| 135 | 135 | public function listProfiles(bool $activeOnly = FALSE) |
| 136 | 136 | { |
| 137 | - $query = "SELECT profile_id FROM profile WHERE inst_id = $this->identifier" . ($activeOnly ? " AND showtime = 1" : ""); |
|
| 137 | + $query = "SELECT profile_id FROM profile WHERE inst_id = $this->identifier".($activeOnly ? " AND showtime = 1" : ""); |
|
| 138 | 138 | $allProfiles = $this->databaseHandle->exec($query); |
| 139 | 139 | $returnarray = []; |
| 140 | 140 | // SELECT -> resource, not boolean |
@@ -144,7 +144,7 @@ discard block |
||
| 144 | 144 | $returnarray[] = $oneProfile; |
| 145 | 145 | } |
| 146 | 146 | |
| 147 | - $this->loggerInstance->debug(4, "listProfiles: " . /** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 147 | + $this->loggerInstance->debug(4, "listProfiles: "./** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 148 | 148 | return $returnarray; |
| 149 | 149 | } |
| 150 | 150 | |
@@ -156,7 +156,7 @@ discard block |
||
| 156 | 156 | */ |
| 157 | 157 | public function listDeployments(bool $activeOnly = FALSE) |
| 158 | 158 | { |
| 159 | - $query = "SELECT deployment_id FROM deployment WHERE inst_id = $this->identifier" . ($activeOnly ? " AND status = " . AbstractDeployment::ACTIVE : ""); |
|
| 159 | + $query = "SELECT deployment_id FROM deployment WHERE inst_id = $this->identifier".($activeOnly ? " AND status = ".AbstractDeployment::ACTIVE : ""); |
|
| 160 | 160 | $allDeployments = $this->databaseHandle->exec($query); |
| 161 | 161 | $returnarray = []; |
| 162 | 162 | // SELECT -> resource, not boolean |
@@ -164,7 +164,7 @@ discard block |
||
| 164 | 164 | $returnarray[] = new DeploymentManaged($this, $deploymentQuery->deployment_id); |
| 165 | 165 | } |
| 166 | 166 | |
| 167 | - $this->loggerInstance->debug(4, "listDeployments: " . /** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 167 | + $this->loggerInstance->debug(4, "listDeployments: "./** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 168 | 168 | return $returnarray; |
| 169 | 169 | } |
| 170 | 170 | |
@@ -190,7 +190,7 @@ discard block |
||
| 190 | 190 | $redirectProfileIds = []; |
| 191 | 191 | $allProfileLevels = $this->databaseHandle->exec("SELECT profile_id, sufficient_config + showtime AS maxlevel FROM profile WHERE inst_id = $this->identifier ORDER BY maxlevel DESC"); |
| 192 | 192 | // SELECT yields a resource, not a boolean |
| 193 | - if ($allProfileLevels->num_rows == 0 ) { |
|
| 193 | + if ($allProfileLevels->num_rows == 0) { |
|
| 194 | 194 | return self::PROFILES_INCOMPLETE; |
| 195 | 195 | } |
| 196 | 196 | $allProfilesArray = $allProfileLevels->fetch_all(MYSQLI_ASSOC); |
@@ -218,7 +218,7 @@ discard block |
||
| 218 | 218 | $allProfiles = $this->databaseHandle->exec("SELECT MIN(openroaming) AS maxlevel FROM profile WHERE inst_id = $this->identifier"); |
| 219 | 219 | // SELECT yields a resource, not a boolean |
| 220 | 220 | while ($res = mysqli_fetch_object(/** @scrutinizer ignore-type */ $allProfiles)) { |
| 221 | - return (is_numeric($res->maxlevel) ? (int)$res->maxlevel : AbstractProfile::OVERALL_OPENROAMING_LEVEL_NO ); // insts without profiles should get a "NO" |
|
| 221 | + return (is_numeric($res->maxlevel) ? (int) $res->maxlevel : AbstractProfile::OVERALL_OPENROAMING_LEVEL_NO); // insts without profiles should get a "NO" |
|
| 222 | 222 | } |
| 223 | 223 | return AbstractProfile::OVERALL_OPENROAMING_LEVEL_NO; |
| 224 | 224 | } |
@@ -349,7 +349,7 @@ discard block |
||
| 349 | 349 | case AbstractProfile::PROFILETYPE_SILVERBULLET: |
| 350 | 350 | $theProfile = new ProfileSilverbullet($identifier, $this); |
| 351 | 351 | $theProfile->addSupportedEapMethod(new \core\common\EAP(\core\common\EAP::EAPTYPE_SILVERBULLET), 1); |
| 352 | - $theProfile->setRealm($this->identifier . "-" . $theProfile->identifier . "." . strtolower($this->federation) . strtolower(\config\ConfAssistant::SILVERBULLET['realm_suffix'])); |
|
| 352 | + $theProfile->setRealm($this->identifier."-".$theProfile->identifier.".".strtolower($this->federation).strtolower(\config\ConfAssistant::SILVERBULLET['realm_suffix'])); |
|
| 353 | 353 | return $theProfile; |
| 354 | 354 | default: |
| 355 | 355 | throw new Exception("This type of profile is unknown and can not be added."); |
@@ -492,7 +492,7 @@ discard block |
||
| 492 | 492 | public function getExternalDBId() |
| 493 | 493 | { |
| 494 | 494 | if (\config\ConfAssistant::CONSORTIUM['name'] == "eduroam" && isset(\config\ConfAssistant::CONSORTIUM['deployment-voodoo']) && \config\ConfAssistant::CONSORTIUM['deployment-voodoo'] == "Operations Team") { // SW: APPROVED |
| 495 | - $idQuery = $this->databaseHandle->exec("SELECT external_db_id FROM institution WHERE inst_id = $this->identifier AND external_db_syncstate = " . self::EXTERNAL_DB_SYNCSTATE_SYNCED); |
|
| 495 | + $idQuery = $this->databaseHandle->exec("SELECT external_db_id FROM institution WHERE inst_id = $this->identifier AND external_db_syncstate = ".self::EXTERNAL_DB_SYNCSTATE_SYNCED); |
|
| 496 | 496 | // SELECT -> it's a resource, not a boolean |
| 497 | 497 | if (mysqli_num_rows(/** @scrutinizer ignore-type */ $idQuery) == 0) { |
| 498 | 498 | return FALSE; |
@@ -558,16 +558,16 @@ discard block |
||
| 558 | 558 | } |
| 559 | 559 | foreach ($baseline as $lang => $value) { |
| 560 | 560 | if (!key_exists($lang, $newvalues)) { |
| 561 | - $retval[IdP::INSTNAME_CHANGED] .= "#[Language " . strtoupper($lang) . "] DELETED"; |
|
| 561 | + $retval[IdP::INSTNAME_CHANGED] .= "#[Language ".strtoupper($lang)."] DELETED"; |
|
| 562 | 562 | } else { |
| 563 | 563 | if ($value != $newvalues[$lang]) { |
| 564 | - $retval[IdP::INSTNAME_CHANGED] .= "#[Language " . strtoupper($lang) . "] CHANGED from '" . $baseline[$lang] . "' to '" . $newvalues[$lang] . "'"; |
|
| 564 | + $retval[IdP::INSTNAME_CHANGED] .= "#[Language ".strtoupper($lang)."] CHANGED from '".$baseline[$lang]."' to '".$newvalues[$lang]."'"; |
|
| 565 | 565 | } |
| 566 | 566 | } |
| 567 | 567 | } |
| 568 | 568 | foreach ($newvalues as $lang => $value) { |
| 569 | 569 | if (!key_exists($lang, $baseline)) { |
| 570 | - $retval[IdP::INSTNAME_CHANGED] .= "#[Language " . strtoupper($lang) . "] ADDED as '" . $value . "'"; |
|
| 570 | + $retval[IdP::INSTNAME_CHANGED] .= "#[Language ".strtoupper($lang)."] ADDED as '".$value."'"; |
|
| 571 | 571 | } |
| 572 | 572 | } |
| 573 | 573 | return $retval; |
