|
1
|
|
|
<?php |
|
|
|
|
|
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* Class upgrade_2014 |
|
5
|
|
|
*/ |
|
6
|
|
|
class Upgrade_2014 extends XoopsUpgrade |
|
7
|
|
|
{ |
|
8
|
|
|
/** |
|
9
|
|
|
* @return bool |
|
10
|
|
|
*/ |
|
11
|
|
|
public function check_0523patch() |
|
12
|
|
|
{ |
|
13
|
|
|
$lines = file('../mainfile.php'); |
|
14
|
|
|
foreach ($lines as $line) { |
|
15
|
|
|
if (strpos($line, "\$_REQUEST[\$bad_global]") !== false) { |
|
16
|
|
|
// Patch found: do not apply again |
|
17
|
|
|
return true; |
|
18
|
|
|
} |
|
19
|
|
|
} |
|
20
|
|
|
|
|
21
|
|
|
return false; |
|
22
|
|
|
} |
|
23
|
|
|
|
|
24
|
|
|
/** |
|
25
|
|
|
* @return bool |
|
26
|
|
|
*/ |
|
27
|
|
|
public function apply_0523patch() |
|
28
|
|
|
{ |
|
29
|
|
|
$patchCode = " |
|
30
|
|
|
foreach ( array('GLOBALS', '_SESSION', 'HTTP_SESSION_VARS', '_GET', 'HTTP_GET_VARS', '_POST', 'HTTP_POST_VARS', '_COOKIE', 'HTTP_COOKIE_VARS', '_REQUEST', '_SERVER', 'HTTP_SERVER_VARS', '_ENV', 'HTTP_ENV_VARS', '_FILES', 'HTTP_POST_FILES', 'xoopsDB', 'xoopsUser', 'xoopsUserId', 'xoopsUserGroups', 'xoopsUserIsAdmin', 'xoopsConfig', 'xoopsOption', 'xoopsModule', 'xoopsModuleConfig', 'xoopsRequestUri') as \$bad_global ) { |
|
31
|
|
|
if ( isset( \$_REQUEST[\$bad_global] ) ) { |
|
32
|
|
|
header( 'Location: '.XOOPS_URL.'/' ); |
|
33
|
|
|
exit(); |
|
34
|
|
|
} |
|
35
|
|
|
} |
|
36
|
|
|
"; |
|
37
|
|
|
$manual = '<h2>' . _MANUAL_INSTRUCTIONS . "</h2>\n<p>" . sprintf(_COPY_RED_LINES, 'mainfile.php') . "</p> |
|
38
|
|
|
<pre style='border:1px solid black;width:650px;overflow:auto;'><span style='color:#ff0000;font-weight:bold;'>$patchCode</span> |
|
39
|
|
|
if (!isset(\$xoopsOption['nocommon']) && XOOPS_ROOT_PATH != '') { |
|
40
|
|
|
include XOOPS_ROOT_PATH.\"/include/common.php\"; |
|
41
|
|
|
} |
|
42
|
|
|
</pre>"; |
|
43
|
|
|
$lines = file('../mainfile.php'); |
|
44
|
|
|
|
|
45
|
|
|
$insert = -1; |
|
46
|
|
|
$matchProtector = '/modules/protector/include/precheck.inc.php'; |
|
47
|
|
|
$matchDefault = "\$xoopsOption['nocommon']"; |
|
48
|
|
|
|
|
49
|
|
|
foreach ($lines as $k => $line) { |
|
50
|
|
|
if (strpos($line, "\$_REQUEST[\$bad_global]") !== false) { |
|
51
|
|
|
// Patch found: do not apply again |
|
52
|
|
|
$insert = -2; |
|
53
|
|
|
break; |
|
54
|
|
|
} |
|
55
|
|
|
if (strpos($line, $matchProtector) || strpos($line, $matchDefault)) { |
|
56
|
|
|
$insert = $k; |
|
57
|
|
|
break; |
|
58
|
|
|
} |
|
59
|
|
|
} |
|
60
|
|
|
if ($insert == -1) { |
|
61
|
|
|
printf(_FAILED_PATCH . '<br>', 'mainfile.php'); |
|
62
|
|
|
echo $manual; |
|
63
|
|
|
|
|
64
|
|
|
return false; |
|
65
|
|
|
} elseif ($insert != -2) { |
|
66
|
|
|
if (!is_writable('../mainfile.php')) { |
|
67
|
|
|
echo 'mainfile.php is read-only. Please allow the server to write to this file, or apply the patch manually'; |
|
68
|
|
|
echo $manual; |
|
69
|
|
|
|
|
70
|
|
|
return false; |
|
71
|
|
|
} else { |
|
72
|
|
|
$fp = fopen('../mainfile.php', 'wt'); |
|
73
|
|
|
if (!$fp) { |
|
74
|
|
|
echo 'Error opening mainfile.php, please apply the patch manually.'; |
|
75
|
|
|
echo $manual; |
|
76
|
|
|
|
|
77
|
|
|
return false; |
|
78
|
|
|
} else { |
|
79
|
|
|
$newline = defined(PHP_EOL) ? PHP_EOL : (strpos(php_uname(), 'Windows') ? "\r\n" : "\n"); |
|
80
|
|
|
$prepend = implode('', array_slice($lines, 0, $insert)); |
|
81
|
|
|
$append = implode('', array_slice($lines, $insert)); |
|
82
|
|
|
|
|
83
|
|
|
$content = $prepend . $patchCode . $append; |
|
84
|
|
|
$content = str_replace(array("\r\n", "\n"), $newline, $content); |
|
85
|
|
|
|
|
86
|
|
|
fwrite($fp, $content); |
|
87
|
|
|
fclose($fp); |
|
88
|
|
|
echo 'Patch successfully applied'; |
|
89
|
|
|
} |
|
90
|
|
|
} |
|
91
|
|
|
} |
|
92
|
|
|
|
|
93
|
|
|
return true; |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
/** |
|
97
|
|
|
* @return bool |
|
98
|
|
|
*/ |
|
99
|
|
|
public function check_auth_db() |
|
100
|
|
|
{ |
|
101
|
|
|
$db = $GLOBALS['xoopsDB']; |
|
102
|
|
|
$value = $this->getDbValue($db, 'config', 'conf_id', "`conf_name` = 'ldap_provisionning' AND `conf_catid` = " . XOOPS_CONF_AUTH); |
|
103
|
|
|
|
|
104
|
|
|
return (bool)$value; |
|
105
|
|
|
} |
|
106
|
|
|
|
|
107
|
|
|
/** |
|
108
|
|
|
* @param $sql |
|
109
|
|
|
*/ |
|
110
|
|
|
protected function query($sql) |
|
111
|
|
|
{ |
|
112
|
|
|
$db = $GLOBALS['xoopsDB']; |
|
113
|
|
|
if (!($ret = $db->queryF($sql))) { |
|
114
|
|
|
echo $db->error(); |
|
115
|
|
|
} |
|
116
|
|
|
} |
|
117
|
|
|
|
|
118
|
|
|
/** |
|
119
|
|
|
* @return bool |
|
120
|
|
|
*/ |
|
121
|
|
|
public function apply_auth_db() |
|
122
|
|
|
{ |
|
123
|
|
|
$db = $GLOBALS['xoopsDB']; |
|
124
|
|
|
|
|
125
|
|
|
$cat = $this->getDbValue($db, 'configcategory', 'confcat_id', "`confcat_name` ='_MD_AM_AUTHENTICATION'"); |
|
126
|
|
|
if ($cat !== false && $cat != XOOPS_CONF_AUTH) { |
|
127
|
|
|
// 2.2 downgrade bug: LDAP cat is here but has a catid of 0 |
|
128
|
|
|
$db->queryF('DELETE FROM ' . $db->prefix('configcategory') . " WHERE `confcat_name` ='_MD_AM_AUTHENTICATION' "); |
|
129
|
|
|
$db->queryF('DELETE FROM ' . $db->prefix('config') . " WHERE `conf_modid`=0 AND `conf_catid` = $cat"); |
|
130
|
|
|
$cat = false; |
|
131
|
|
|
} |
|
132
|
|
|
if (empty($cat)) { |
|
133
|
|
|
// Insert config category ( always XOOPS_CONF_AUTH = 7 ) |
|
134
|
|
|
$db->queryF(' INSERT INTO ' . $db->prefix('configcategory') . " (confcat_id,confcat_name) VALUES (7,'_MD_AM_AUTHENTICATION')"); |
|
135
|
|
|
} |
|
136
|
|
|
// Insert config values |
|
137
|
|
|
$table = $db->prefix('config'); |
|
138
|
|
|
$data = array( |
|
139
|
|
|
'auth_method' => "'_MD_AM_AUTHMETHOD', 'xoops', '_MD_AM_AUTHMETHODDESC', 'select', 'text', 1", |
|
140
|
|
|
'ldap_port' => "'_MD_AM_LDAP_PORT', '389', '_MD_AM_LDAP_PORT', 'textbox', 'int', 2 ", |
|
141
|
|
|
'ldap_server' => "'_MD_AM_LDAP_SERVER', 'your directory server', '_MD_AM_LDAP_SERVER_DESC', 'textbox', 'text', 3 ", |
|
142
|
|
|
'ldap_manager_dn' => "'_MD_AM_LDAP_MANAGER_DN', 'manager_dn', '_MD_AM_LDAP_MANAGER_DN_DESC', 'textbox', 'text', 5", |
|
143
|
|
|
'ldap_manager_pass' => "'_MD_AM_LDAP_MANAGER_PASS', 'manager_pass', '_MD_AM_LDAP_MANAGER_PASS_DESC', 'textbox', 'text', 6", |
|
144
|
|
|
'ldap_version' => "'_MD_AM_LDAP_VERSION', '3', '_MD_AM_LDAP_VERSION_DESC', 'textbox', 'text', 7", |
|
145
|
|
|
'ldap_users_bypass' => "'_MD_AM_LDAP_USERS_BYPASS', '" . serialize(array('admin')) . "', '_MD_AM_LDAP_USERS_BYPASS_DESC', 'textarea', 'array', 8", |
|
146
|
|
|
'ldap_loginname_asdn' => "'_MD_AM_LDAP_LOGINNAME_ASDN', 'uid_asdn', '_MD_AM_LDAP_LOGINNAME_ASDN_D', 'yesno', 'int', 9", |
|
147
|
|
|
'ldap_loginldap_attr' => "'_MD_AM_LDAP_LOGINLDAP_ATTR', 'uid', '_MD_AM_LDAP_LOGINLDAP_ATTR_D', 'textbox', 'text', 10", |
|
148
|
|
|
'ldap_filter_person' => "'_MD_AM_LDAP_FILTER_PERSON', '', '_MD_AM_LDAP_FILTER_PERSON_DESC', 'textbox', 'text', 11", |
|
149
|
|
|
'ldap_domain_name' => "'_MD_AM_LDAP_DOMAIN_NAME', 'mydomain', '_MD_AM_LDAP_DOMAIN_NAME_DESC', 'textbox', 'text', 12", |
|
150
|
|
|
'ldap_provisionning' => "'_MD_AM_LDAP_PROVIS', '0', '_MD_AM_LDAP_PROVIS_DESC', 'yesno', 'int', 13", |
|
151
|
|
|
'ldap_provisionning_group' => "'_MD_AM_LDAP_PROVIS_GROUP', 'a:1:{i:0;s:1:\"2\";}', '_MD_AM_LDAP_PROVIS_GROUP_DSC', 'group_multi', 'array', 14", |
|
152
|
|
|
'ldap_mail_attr' => "'_MD_AM_LDAP_MAIL_ATTR', 'mail', '_MD_AM_LDAP_MAIL_ATTR_DESC', 'textbox', 'text', 15", |
|
153
|
|
|
'ldap_givenname_attr' => "'_MD_AM_LDAP_GIVENNAME_ATTR', 'givenname', '_MD_AM_LDAP_GIVENNAME_ATTR_DSC', 'textbox', 'text', 16", |
|
154
|
|
|
'ldap_surname_attr' => "'_MD_AM_LDAP_SURNAME_ATTR', 'sn', '_MD_AM_LDAP_SURNAME_ATTR_DESC', 'textbox', 'text', 17"); |
|
155
|
|
|
foreach ($data as $name => $values) { |
|
156
|
|
|
if (!$this->getDbValue($db, 'config', 'conf_id', "`conf_modid`=0 AND `conf_catid`=7 AND `conf_name`='$name'")) { |
|
157
|
|
|
$this->query("INSERT INTO `$table` (conf_modid,conf_catid,conf_name,conf_title,conf_value,conf_desc,conf_formtype,conf_valuetype,conf_order) " . "VALUES ( 0,7,'$name',$values)"); |
|
158
|
|
|
} |
|
159
|
|
|
} |
|
160
|
|
|
// Insert auth_method config options |
|
161
|
|
|
$id = $this->getDbValue($db, 'config', 'conf_id', "`conf_modid`=0 AND `conf_catid`=7 AND `conf_name`='auth_method'"); |
|
162
|
|
|
$table = $db->prefix('configoption'); |
|
163
|
|
|
$data = array( |
|
164
|
|
|
'_MD_AM_AUTH_CONFOPTION_XOOPS' => 'xoops', |
|
165
|
|
|
'_MD_AM_AUTH_CONFOPTION_LDAP' => 'ldap', |
|
166
|
|
|
'_MD_AM_AUTH_CONFOPTION_AD' => 'ad'); |
|
167
|
|
|
$this->query("DELETE FROM `$table` WHERE `conf_id`=$id"); |
|
168
|
|
|
foreach ($data as $name => $value) { |
|
169
|
|
|
$this->query("INSERT INTO `$table` (confop_name, confop_value, conf_id) VALUES ('$name', '$value', $id)"); |
|
170
|
|
|
} |
|
171
|
|
|
|
|
172
|
|
|
return true; |
|
173
|
|
|
} |
|
174
|
|
|
|
|
175
|
|
|
public function __construct() |
|
176
|
|
|
{ |
|
177
|
|
|
parent::__construct(basename(__DIR__)); |
|
178
|
|
|
$this->tasks = array('auth_db'); |
|
179
|
|
|
// $this->usedFiles = array('mainfile.php'); /* '0523patch' not run */ |
|
180
|
|
|
} |
|
181
|
|
|
} |
|
182
|
|
|
|
|
183
|
|
|
$upg = new Upgrade_2014(); |
|
184
|
|
|
return $upg; |
|
185
|
|
|
|
XOOPS /
XoopsCore25
The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file.
The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place.
To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1.