This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | |||
3 | namespace XoopsModules\Modulebuilder; |
||
4 | |||
5 | /* |
||
6 | Utility Class Definition |
||
7 | |||
8 | You may not change or alter any portion of this comment or credits of |
||
9 | supporting developers from this source code or any supporting source code |
||
10 | which is considered copyrighted (c) material of the original comment or credit |
||
11 | authors. |
||
12 | |||
13 | This program is distributed in the hope that it will be useful, but |
||
14 | WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
16 | */ |
||
17 | |||
18 | /** |
||
19 | * Module: modulebuilder |
||
20 | * |
||
21 | * @package \module\modulebuilder\class |
||
22 | * @license http://www.fsf.org/copyleft/gpl.html GNU public license |
||
23 | * @copyright https://xoops.org 2001-2017 © XOOPS Project |
||
24 | * @author Goffy https://myxoops.org |
||
25 | * @author Mamba <[email protected]> |
||
26 | * @since |
||
27 | */ |
||
28 | |||
29 | use XoopsModules\Modulebuilder; |
||
30 | |||
31 | /** |
||
32 | * Class Devtools |
||
33 | */ |
||
34 | class Devtools |
||
35 | { |
||
36 | /* function to add function qualifier to module */ |
||
37 | /** |
||
38 | * @param $src_path |
||
39 | * @param $dst_path |
||
40 | * @param $moduleName |
||
41 | */ |
||
42 | public static function function_qualifier($src_path, $dst_path, $moduleName) { |
||
43 | |||
44 | $functions = []; |
||
45 | $constants = []; |
||
46 | |||
47 | //php functions |
||
48 | $functions[] = [ |
||
49 | 'array_diff', |
||
50 | 'array_filter', |
||
51 | 'array_key_exists', |
||
52 | 'array_keys', |
||
53 | 'array_search', |
||
54 | 'array_slice', |
||
55 | 'array_unshift', |
||
56 | 'array_values', |
||
57 | 'array_flip', |
||
58 | 'assert', |
||
59 | 'basename', |
||
60 | 'boolval', |
||
61 | 'call_user_func', |
||
62 | 'call_user_func_array', |
||
63 | 'chr', |
||
64 | 'class_exists', |
||
65 | 'closedir', |
||
66 | 'constant', |
||
67 | 'copy', |
||
68 | 'count', |
||
69 | 'curl_close', |
||
70 | 'curl_error', |
||
71 | 'curl_exec', |
||
72 | 'curl_file_create', |
||
73 | 'curl_getinfo', |
||
74 | 'curl_init', |
||
75 | 'curl_setopt', |
||
76 | 'define', |
||
77 | 'defined', |
||
78 | 'dirname', |
||
79 | 'doubleval', |
||
80 | 'explode', |
||
81 | 'extension_loaded', |
||
82 | 'file_exists', |
||
83 | 'finfo_open', |
||
84 | 'floatval', |
||
85 | 'floor', |
||
86 | 'formatTimestamp', |
||
87 | 'func_get_args', |
||
88 | 'func_num_args', |
||
89 | 'function_exists', |
||
90 | 'get_called_class', |
||
91 | 'get_class', |
||
92 | 'getimagesize', |
||
93 | 'gettype', |
||
94 | 'imagecopyresampled', |
||
95 | 'imagecreatefromgif', |
||
96 | 'imagecreatefromjpeg', |
||
97 | 'imagecreatefrompng', |
||
98 | 'imagecreatefromstring', |
||
99 | 'imagecreatetruecolor', |
||
100 | 'imagedestroy', |
||
101 | 'imagegif', |
||
102 | 'imagejpeg', |
||
103 | 'imagepng', |
||
104 | 'imagerotate', |
||
105 | 'imagesx', |
||
106 | 'imagesy', |
||
107 | 'implode', |
||
108 | 'in_array', |
||
109 | 'ini_get', |
||
110 | 'intval', |
||
111 | 'include', |
||
112 | 'is_array', |
||
113 | 'is_bool', |
||
114 | 'is_callable', |
||
115 | 'is_dir', |
||
116 | 'is_double', |
||
117 | 'is_float', |
||
118 | 'is_int', |
||
119 | 'is_integer', |
||
120 | 'is_link', |
||
121 | 'is_long', |
||
122 | 'is_null', |
||
123 | 'is_object', |
||
124 | 'is_real', |
||
125 | 'is_resource', |
||
126 | 'is_string', |
||
127 | 'json_decode', |
||
128 | 'json_encode', |
||
129 | 'mime_content_type', |
||
130 | 'mkdir', |
||
131 | 'mktime', |
||
132 | 'opendir', |
||
133 | 'ord', |
||
134 | 'pathinfo', |
||
135 | 'preg_match', |
||
136 | 'preg_match_all', |
||
137 | 'preg_replace', |
||
138 | 'readdir', |
||
139 | 'readlink', |
||
140 | 'redirect_header', |
||
141 | 'rename', |
||
142 | 'require', |
||
143 | 'rmdir', |
||
144 | 'round', |
||
145 | 'scandir', |
||
146 | 'sprintf', |
||
147 | 'str_replace', |
||
148 | 'strip_tags', |
||
149 | 'strlen', |
||
150 | 'strpos', |
||
151 | 'strtotime', |
||
152 | 'strval', |
||
153 | 'substr', |
||
154 | 'symlink', |
||
155 | 'time', |
||
156 | 'trigger_error', |
||
157 | 'trim', |
||
158 | 'ucfirst', |
||
159 | 'unlink', |
||
160 | 'version_compare', |
||
161 | 'mb_strtoupper', |
||
162 | 'mb_strtolower', |
||
163 | 'mb_strpos', |
||
164 | 'mb_strlen', |
||
165 | 'mb_strrpos', |
||
166 | ]; |
||
167 | |||
168 | // xoops functions |
||
169 | $functions[] = [ |
||
170 | 'xoops_getHandler', |
||
171 | 'xoops_load', |
||
172 | 'xoops_loadLanguage', |
||
173 | ]; |
||
174 | // xoops const |
||
175 | $constants[] = [ |
||
176 | 'XOBJ_DTYPE_', |
||
177 | 'XOOPS_URL', |
||
178 | 'XOOPS_ROOT_PATH', |
||
179 | 'XOOPS_GROUP_', |
||
180 | ]; |
||
181 | |||
182 | $moduleNameUpper = \mb_strtoupper($moduleName); |
||
183 | // module language defines |
||
184 | $constants[] = [ |
||
185 | '_AM_' . $moduleNameUpper .'_', |
||
186 | '_MI_' . $moduleNameUpper .'_', |
||
187 | '_MB_' . $moduleNameUpper .'_', |
||
188 | '_MA_' . $moduleNameUpper .'_', |
||
189 | ]; |
||
190 | |||
191 | // repair known errors |
||
192 | $errors = [ |
||
193 | 'substr_\count(' => 'substr_count(', |
||
194 | 'micro\time(' => 'microtime(', |
||
195 | 'mk\time(' => 'mktime(', |
||
196 | 'strto\time(' => 'strtotime(', |
||
197 | 'mb_\strlen(' => 'mb_strlen(', |
||
198 | 'mb_\substr(' => 'mb_substr(', |
||
199 | 'x\copy' => 'xcopy', |
||
200 | 'r\rmdir' => 'rrmdir', |
||
201 | 'r\copy' => 'rcopy', |
||
202 | 'r\trim' => 'rtrim', |
||
203 | 'l\trim' => 'ltrim', |
||
204 | '\dirname()' => 'dirname()', |
||
205 | 'assw\ord' => 'assword', |
||
206 | 'mb_\strpos' => 'mb_strpos', |
||
207 | 'image\copy(' => 'imagecopy(', |
||
208 | '<{if \count(' => '<{if count(', |
||
209 | 'define(\_' => 'define(_', |
||
210 | '\strr\chr(' => '\strrchr(', |
||
211 | 'strf\time(' => 'strftime(', |
||
212 | "'\_AM_" . $moduleNameUpper .'_' => "'_AM_" . $moduleNameUpper .'_', |
||
213 | "'\_MI_" . $moduleNameUpper .'_' => "'_MI_" . $moduleNameUpper .'_', |
||
214 | "'\_MB_" . $moduleNameUpper .'_' => "'_MB_" . $moduleNameUpper .'_', |
||
215 | "'\_MA_" . $moduleNameUpper .'_' => "'_MA_" . $moduleNameUpper .'_', |
||
216 | ]; |
||
217 | |||
218 | $patterns = []; |
||
219 | foreach ($functions as $function) { |
||
220 | //reset existing in order to avoid double \\ |
||
221 | foreach ($function as $item) { |
||
222 | $patterns['\\' . $item . '('] = $item . '('; |
||
223 | } |
||
224 | //apply now for all |
||
225 | foreach ($function as $item) { |
||
226 | $patterns[$item . '('] = '\\' . $item . '('; |
||
227 | } |
||
228 | } |
||
229 | foreach ($constants as $constant) { |
||
230 | //reset existing in order to avoid double \\ |
||
231 | foreach ($constant as $item) { |
||
232 | $patterns['\\' . $item ] = $item; |
||
233 | } |
||
234 | //apply now for all |
||
235 | foreach ($constant as $item) { |
||
236 | $patterns[$item] = '\\' . $item; |
||
237 | } |
||
238 | } |
||
239 | |||
240 | //add errors |
||
241 | foreach ($errors as $key => $value) { |
||
242 | $patterns[$key] = $value; |
||
243 | } |
||
244 | |||
245 | $patKeys = \array_keys($patterns); |
||
246 | $patValues = \array_values($patterns); |
||
247 | Devtools::cloneFileFolder($src_path, $dst_path, $patKeys, $patValues); |
||
248 | |||
249 | } |
||
250 | |||
251 | /* function to add function qualifier to module */ |
||
252 | /** |
||
253 | * @param $src_path |
||
254 | * @param $dst_path |
||
255 | * @param $moduleName |
||
256 | */ |
||
257 | public static function function_tabreplacer($src_path, $dst_path) { |
||
258 | $patKeys = []; |
||
259 | $patValues = []; |
||
260 | Devtools::cloneFileFolder($src_path, $dst_path, $patKeys, $patValues, true); |
||
261 | } |
||
262 | |||
263 | // recursive cloning script |
||
264 | /** |
||
265 | * @param $src_path |
||
266 | * @param $dst_path |
||
267 | * @param array $patKeys |
||
268 | * @param array $patValues |
||
269 | * @param bool $replaceTabs |
||
270 | */ |
||
271 | public static function cloneFileFolder($src_path, $dst_path, $patKeys = [], $patValues =[], $replaceTabs = false) |
||
272 | { |
||
273 | // open the source directory |
||
274 | $dir = \opendir($src_path); |
||
275 | // Make the destination directory if not exist |
||
276 | @\mkdir($dst_path); |
||
0 ignored issues
–
show
|
|||
277 | // Loop through the files in source directory |
||
278 | while( $file = \readdir($dir) ) { |
||
279 | if (( $file != '.' ) && ( $file != '..' )) { |
||
280 | if ( \is_dir($src_path . '/' . $file) ) { |
||
281 | // Recursively calling custom copy function for sub directory |
||
282 | Devtools::cloneFileFolder($src_path . '/' . $file, $dst_path . '/' . $file, $patKeys, $patValues, $replaceTabs); |
||
283 | } else { |
||
284 | Devtools::cloneFile($src_path . '/' . $file, $dst_path . '/' . $file, $patKeys, $patValues, $replaceTabs); |
||
285 | } |
||
286 | } |
||
287 | } |
||
288 | \closedir($dir); |
||
289 | } |
||
290 | |||
291 | /** |
||
292 | * @param $src_file |
||
293 | * @param $dst_file |
||
294 | * @param array $patKeys |
||
295 | * @param array $patValues |
||
296 | * @param array $patValues |
||
297 | * @param bool $replaceTabs |
||
298 | */ |
||
299 | private static function cloneFile($src_file, $dst_file, $patKeys = [], $patValues =[], $replaceTabs = false) |
||
300 | { |
||
301 | $replace_code = false; |
||
302 | $changeExtensions = ['php']; |
||
303 | if (\in_array(\mb_strtolower(\pathinfo($src_file, PATHINFO_EXTENSION)), $changeExtensions)) { |
||
304 | $replace_code = true; |
||
305 | } |
||
306 | if (\strpos( $dst_file, basename(__FILE__)) > 0) { |
||
307 | //skip myself |
||
308 | $replace_code = false; |
||
309 | } |
||
310 | if ($replace_code) { |
||
311 | // file, read it and replace text |
||
312 | $content = \file_get_contents($src_file); |
||
313 | if ($replaceTabs) { |
||
314 | $content = \preg_replace("/[\t]+/", " ", $content); |
||
315 | } else { |
||
316 | $content = \str_replace($patKeys, $patValues, $content); |
||
317 | } |
||
318 | //check file name whether it contains replace code |
||
319 | $path_parts = \pathinfo($dst_file); |
||
320 | $path = $path_parts['dirname']; |
||
321 | $file = $path_parts['basename']; |
||
322 | $dst_file = $path . '/' . \str_replace($patKeys, $patValues, $file); |
||
323 | \file_put_contents($dst_file, $content); |
||
324 | } else { |
||
325 | \copy($src_file, $dst_file); |
||
326 | } |
||
327 | } |
||
328 | |||
329 | /** |
||
330 | * get form with all existing modules |
||
331 | * @param bool $action |
||
332 | * @return \XoopsSimpleForm |
||
333 | */ |
||
334 | public static function getFormModulesFq($action = false) |
||
335 | { |
||
336 | if (!$action) { |
||
337 | $action = $_SERVER['REQUEST_URI']; |
||
338 | } |
||
339 | // Get Theme Form |
||
340 | \xoops_load('XoopsFormLoader'); |
||
341 | $form = new \XoopsSimpleForm('', 'form', $action, 'post', true); |
||
342 | $form->setExtra('enctype="multipart/form-data"'); |
||
343 | // Form Select Module |
||
344 | $modulesSelect = new \XoopsFormSelect(\_AM_MODULEBUILDER_DEVTOOLS_FQ_MODULE, 'fq_module', ''); |
||
345 | $modulesArr = \XoopsLists::getModulesList(); |
||
346 | $modulesSelect->addOption('', ' '); |
||
347 | foreach ($modulesArr as $mod) { |
||
348 | $modulesSelect->addOption($mod, $mod); |
||
349 | } |
||
350 | $form->addElement($modulesSelect, true); |
||
351 | // To Save |
||
352 | $form->addElement(new \XoopsFormHidden('op', 'fq')); |
||
353 | $form->addElement(new \XoopsFormButtonTray('', \_SUBMIT, 'submit', '', false)); |
||
354 | |||
355 | return $form; |
||
356 | } |
||
357 | |||
358 | /** |
||
359 | * get form with all existing modules |
||
360 | * @param bool $action |
||
361 | * @return \XoopsSimpleForm |
||
362 | */ |
||
363 | public static function getFormModulesCl($action = false) |
||
364 | { |
||
365 | if (!$action) { |
||
366 | $action = $_SERVER['REQUEST_URI']; |
||
367 | } |
||
368 | // Get Theme Form |
||
369 | \xoops_load('XoopsFormLoader'); |
||
370 | $form = new \XoopsSimpleForm('', 'form', $action, 'post', true); |
||
371 | $form->setExtra('enctype="multipart/form-data"'); |
||
372 | // Form Select Module |
||
373 | $modulesSelect = new \XoopsFormSelect(\_AM_MODULEBUILDER_DEVTOOLS_CL_MODULE, 'cl_module', ''); |
||
374 | $modulesArr = \XoopsLists::getModulesList(); |
||
375 | $modulesSelect->addOption('', ' '); |
||
376 | foreach ($modulesArr as $mod) { |
||
377 | $modulesSelect->addOption($mod, $mod); |
||
378 | } |
||
379 | $form->addElement($modulesSelect, true); |
||
380 | // To Save |
||
381 | $form->addElement(new \XoopsFormHidden('op', 'check_lang')); |
||
382 | $form->addElement(new \XoopsFormButtonTray('', \_SUBMIT, 'submit', '', false)); |
||
383 | |||
384 | return $form; |
||
385 | } |
||
386 | |||
387 | /** |
||
388 | * get form with all existing modules |
||
389 | * @param bool $action |
||
390 | * @return \XoopsSimpleForm |
||
391 | */ |
||
392 | public static function getFormModulesTab($action = false) |
||
393 | { |
||
394 | if (!$action) { |
||
395 | $action = $_SERVER['REQUEST_URI']; |
||
396 | } |
||
397 | // Get Theme Form |
||
398 | \xoops_load('XoopsFormLoader'); |
||
399 | $form = new \XoopsSimpleForm('', 'form', $action, 'post', true); |
||
400 | $form->setExtra('enctype="multipart/form-data"'); |
||
401 | // Form Select Module |
||
402 | $modulesSelect = new \XoopsFormSelect(\_AM_MODULEBUILDER_DEVTOOLS_TAB_MODULE, 'tab_module', ''); |
||
403 | $modulesArr = \XoopsLists::getModulesList(); |
||
404 | $modulesSelect->addOption('', ' '); |
||
405 | foreach ($modulesArr as $mod) { |
||
406 | $modulesSelect->addOption($mod, $mod); |
||
407 | } |
||
408 | $form->addElement($modulesSelect, true); |
||
409 | // To Save |
||
410 | $form->addElement(new \XoopsFormHidden('op', 'tab_replacer')); |
||
411 | $form->addElement(new \XoopsFormButtonTray('', \_SUBMIT, 'submit', '', false)); |
||
412 | |||
413 | return $form; |
||
414 | } |
||
415 | } |
||
416 |
If you suppress an error, we recommend checking for the error condition explicitly: