This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2004-2011 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * Cookies |
||
25 | * |
||
26 | * This module provides several useful functions to work with cookies. |
||
27 | * |
||
28 | * @package Engine |
||
29 | * @subpackage Cookies |
||
30 | */ |
||
31 | |||
32 | /**#@+ |
||
33 | * Dependency. |
||
34 | */ |
||
35 | require_once('../engine/debug.php'); |
||
36 | require_once('../engine/utility.php'); |
||
37 | /**#@-*/ |
||
38 | |||
39 | //------------------------------------------------------------------------------ |
||
40 | // Definitions. |
||
41 | //------------------------------------------------------------------------------ |
||
42 | |||
43 | /** |
||
44 | * Storage method. |
||
45 | * |
||
46 | * When TRUE, client cookies are used to store passed values. |
||
47 | * Otherwise session variables are in use. |
||
48 | */ |
||
49 | define('USE_CLIENT_COOKIES', TRUE); |
||
50 | |||
51 | /**#@+ |
||
52 | * Authorization cookie. |
||
53 | */ |
||
54 | define('COOKIE_AUTH_USERID', 'AuthUserID'); |
||
55 | define('COOKIE_AUTH_TOKEN', 'AuthToken'); |
||
56 | /**#@-*/ |
||
57 | |||
58 | /** |
||
59 | * Last requested URI. |
||
60 | */ |
||
61 | define('COOKIE_URI', 'URI'); |
||
62 | |||
63 | /**#@+ |
||
64 | * Sort mode cookie. |
||
65 | */ |
||
66 | define('COOKIE_ACCOUNTS_SORT', 'AccountsSort'); |
||
67 | define('COOKIE_PROJECTS_SORT', 'ProjectsSort'); |
||
68 | define('COOKIE_GROUPS_SORT', 'GroupsSort'); |
||
69 | define('COOKIE_TEMPLATES_SORT', 'TemplatesSort'); |
||
70 | define('COOKIE_STATES_SORT', 'StatesSort'); |
||
71 | define('COOKIE_FIELDS_SORT', 'FieldsSort'); |
||
72 | define('COOKIE_RECORDS_SORT', 'RecordsSort'); |
||
73 | define('COOKIE_EVENTS_SORT', 'EventsSort'); |
||
74 | define('COOKIE_CHANGES_SORT', 'ChangesSort'); |
||
75 | define('COOKIE_ATTACHMENTS_SORT', 'AttachmentsSort'); |
||
76 | define('COOKIE_FILTERS_SORT', 'FiltersSort'); |
||
77 | define('COOKIE_VIEWS_SORT', 'ViewsSort'); |
||
78 | define('COOKIE_SUBSCRIPTIONS_SORT', 'SubscriptionsSort'); |
||
79 | define('COOKIE_REMINDERS_SORT', 'RemindersSort'); |
||
80 | /**#@-*/ |
||
81 | |||
82 | /**#@+ |
||
83 | * Current page cookie. |
||
84 | */ |
||
85 | define('COOKIE_ACCOUNTS_PAGE', 'AccountsPage'); |
||
86 | define('COOKIE_PROJECTS_PAGE', 'ProjectsPage'); |
||
87 | define('COOKIE_GROUPS_PAGE', 'GroupsPage'); |
||
88 | define('COOKIE_TEMPLATES_PAGE', 'TemplatesPage'); |
||
89 | define('COOKIE_STATES_PAGE', 'StatesPage'); |
||
90 | define('COOKIE_FIELDS_PAGE', 'FieldsPage'); |
||
91 | define('COOKIE_RECORDS_PAGE', 'RecordsPage'); |
||
92 | define('COOKIE_EVENTS_PAGE', 'EventsPage'); |
||
93 | define('COOKIE_CHANGES_PAGE', 'ChangesPage'); |
||
94 | define('COOKIE_ATTACHMENTS_PAGE', 'AttachmentsPage'); |
||
95 | define('COOKIE_FILTERS_PAGE', 'FiltersPage'); |
||
96 | define('COOKIE_VIEWS_PAGE', 'ViewsPage'); |
||
97 | define('COOKIE_SUBSCRIPTIONS_PAGE', 'SubscriptionsPage'); |
||
98 | define('COOKIE_REMINDERS_PAGE', 'RemindersPage'); |
||
99 | /**#@-*/ |
||
100 | |||
101 | //------------------------------------------------------------------------------ |
||
102 | // Functions. |
||
103 | //------------------------------------------------------------------------------ |
||
104 | |||
105 | /** |
||
106 | * Saves specified value in specified cookie. |
||
107 | * |
||
108 | * @param string $cookie Cookie name. |
||
109 | * @param mixed $value Cookie value. |
||
110 | * @return bool TRUE on success, FALSE otherwise. |
||
111 | */ |
||
112 | function save_cookie ($cookie, $value) |
||
113 | { |
||
114 | debug_write_log(DEBUG_TRACE, '[save_cookie]'); |
||
115 | debug_write_log(DEBUG_DUMP, '[save_cookie] $cookie = ' . $cookie); |
||
116 | debug_write_log(DEBUG_DUMP, '[save_cookie] $value = ' . $value); |
||
117 | |||
118 | $cookie = md5(WEBROOT . $cookie); |
||
119 | $expire = time() + SESSION_EXPIRE * 60; |
||
120 | |||
121 | if (USE_CLIENT_COOKIES) |
||
122 | { |
||
123 | debug_write_log(DEBUG_NOTICE, '[save_cookie] Client site cookie is created.'); |
||
124 | $res = setcookie($cookie, $value, $expire, '/'); |
||
125 | } |
||
126 | else |
||
127 | { |
||
128 | debug_write_log(DEBUG_NOTICE, '[save_cookie] Server site cookie is created.'); |
||
129 | $_SESSION[$cookie] = $value; |
||
130 | $res = TRUE; |
||
131 | } |
||
132 | |||
133 | return $res; |
||
134 | } |
||
135 | |||
136 | /** |
||
137 | * Destroys specified cookie. |
||
138 | * |
||
139 | * @param string $cookie Cookie name. |
||
140 | */ |
||
141 | function clear_cookie ($cookie) |
||
142 | { |
||
143 | debug_write_log(DEBUG_TRACE, '[clear_cookie]'); |
||
144 | debug_write_log(DEBUG_DUMP, '[clear_cookie] $cookie = ' . $cookie); |
||
145 | |||
146 | $cookie = md5(WEBROOT . $cookie); |
||
147 | $expire = time() - SECS_IN_HOUR; |
||
148 | |||
149 | if (USE_CLIENT_COOKIES) |
||
150 | { |
||
151 | debug_write_log(DEBUG_NOTICE, '[clear_cookie] Client site cookie is destroyed.'); |
||
152 | setcookie($cookie, NULL, $expire, '/'); |
||
153 | } |
||
154 | else |
||
155 | { |
||
156 | debug_write_log(DEBUG_NOTICE, '[clear_cookie] Server site cookie is destroyed.'); |
||
157 | unset($_SESSION[$cookie]); |
||
158 | } |
||
159 | } |
||
160 | |||
161 | /** |
||
162 | * Finds whether the specified cookie exists. |
||
163 | * |
||
164 | * @param string $cookie |
||
165 | * @return bool TRUE if cookie exists, FALSE otherwise. |
||
166 | */ |
||
167 | function is_cookie_saved ($cookie) |
||
168 | { |
||
169 | debug_write_log(DEBUG_TRACE, '[is_cookie_saved]'); |
||
170 | debug_write_log(DEBUG_DUMP, '[is_cookie_saved] $cookie = ' . $cookie); |
||
171 | |||
172 | $cookie = md5(WEBROOT . $cookie); |
||
173 | |||
174 | if (USE_CLIENT_COOKIES ? isset($_COOKIE[$cookie]) : isset($_SESSION[$cookie])) |
||
175 | { |
||
176 | debug_write_log(DEBUG_NOTICE, '[is_cookie_saved] Cookie is saved.'); |
||
177 | return TRUE; |
||
178 | } |
||
179 | else |
||
180 | { |
||
181 | debug_write_log(DEBUG_NOTICE, '[is_cookie_saved] Cookie is not saved.'); |
||
182 | return FALSE; |
||
183 | } |
||
184 | } |
||
185 | |||
186 | /** |
||
187 | * Returns value of specified cookie. |
||
188 | * |
||
189 | * If cookie cannot be found, then specified default value is returned. |
||
190 | * |
||
191 | * @param string $cookie Cookie name. |
||
192 | * @param mixed $value Default value. |
||
193 | * @return mixed Cookie value when cookie exists, or default value otherwise. |
||
194 | */ |
||
195 | function try_cookie ($cookie, $value = NULL) |
||
196 | { |
||
197 | debug_write_log(DEBUG_TRACE, '[try_cookie]'); |
||
198 | debug_write_log(DEBUG_DUMP, '[try_cookie] $cookie = ' . $cookie); |
||
199 | |||
200 | $cookie = md5(WEBROOT . $cookie); |
||
201 | |||
202 | if (USE_CLIENT_COOKIES ? isset($_COOKIE[$cookie]) : isset($_SESSION[$cookie])) |
||
203 | { |
||
204 | debug_write_log(DEBUG_NOTICE, '[try_cookie] Cookie is found.'); |
||
205 | $value = (USE_CLIENT_COOKIES ? $_COOKIE[$cookie] : $_SESSION[$cookie]); |
||
206 | } |
||
207 | |||
208 | debug_write_log(DEBUG_DUMP, '[try_cookie] $value = ' . $value); |
||
209 | |||
210 | return $value; |
||
211 | } |
||
212 | |||
213 | ?> |
||
0 ignored issues
–
show
|
|||
214 |
Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore.
A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever.