This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | class Intraface_Install |
||
3 | { |
||
4 | /** |
||
5 | * @var object database connection |
||
6 | */ |
||
7 | private $db; |
||
8 | |||
9 | /** |
||
10 | * constructor. Checks if the script can be run. Connects to database. |
||
11 | */ |
||
12 | function __construct() |
||
13 | { |
||
14 | if (!defined('SERVER_STATUS') OR SERVER_STATUS == 'PRODUCTION') { |
||
15 | die('Can not be performed on PRODUCTION SERVER'); |
||
16 | } elseif (!empty($_SERVER['HTTP_HOST']) AND $_SERVER['HTTP_HOST'] == 'www.intraface.dk') { |
||
17 | die('Can not be performed on www.intraface.dk'); |
||
18 | } |
||
19 | |||
20 | $this->db = MDB2::singleton(DB_DSN); |
||
21 | |||
22 | if (PEAR::isError($this->db)) { |
||
23 | throw new Exception($this->db->getUserInfo()); |
||
24 | } |
||
25 | } |
||
26 | |||
27 | View Code Duplication | function dropDatabase() |
|
28 | { |
||
29 | $result = $this->db->query("SHOW TABLES FROM " . DB_NAME); |
||
30 | if (PEAR::isError($result)) { |
||
31 | throw new Exception($result->getUserInfo()); |
||
32 | } |
||
33 | |||
34 | while ($line = $result->fetchRow(MDB2_FETCHMODE_ASSOC)) { |
||
35 | $drop = $this->db->exec('DROP TABLE ' . $line['tables_in_' . DB_NAME]); |
||
36 | if (PEAR::IsError($drop)) { |
||
37 | throw new Exception($drop->getUserInfo()); |
||
38 | } |
||
39 | } |
||
40 | return true; |
||
41 | } |
||
42 | |||
43 | function createDatabaseSchema() |
||
44 | { |
||
45 | $sql_structure = file_get_contents(dirname(__FILE__) . '/database-structure.sql'); |
||
46 | $sql_arr = Intraface_Install::splitSql($sql_structure); |
||
47 | |||
48 | View Code Duplication | foreach ($sql_arr as $sql) { |
|
49 | if (empty($sql)) { continue; } |
||
50 | $result = $this->db->exec($sql); |
||
51 | if (PEAR::isError($result)) { |
||
52 | throw new Exception($result->getUserInfo()); |
||
53 | } |
||
54 | } |
||
55 | |||
56 | $sql_structure = file_get_contents(dirname(__FILE__) . '/database-update.sql'); |
||
57 | $sql_arr = Intraface_Install::splitSql($sql_structure); |
||
58 | |||
59 | View Code Duplication | foreach ($sql_arr as $sql) { |
|
60 | if (empty($sql)) { continue; } |
||
61 | $result = $this->db->exec($sql); |
||
62 | if (PEAR::isError($result)) { |
||
63 | throw new Exception($result->getUserInfo()); |
||
64 | } |
||
65 | } |
||
66 | return true; |
||
67 | } |
||
68 | |||
69 | View Code Duplication | function emptyDatabase() |
|
70 | { |
||
71 | $result = $this->db->query("SHOW TABLES FROM " . DB_NAME); |
||
72 | if (PEAR::isError($result)) { |
||
73 | throw new Exception($result->getUserInfo()); |
||
74 | } |
||
75 | while ($line = $result->fetchRow(MDB2_FETCHMODE_ASSOC)) { |
||
76 | $truncate = $this->db->exec('TRUNCATE TABLE ' . $line['Tables_in_'.DB_NAME]); |
||
77 | if (PEAR::IsError($truncate)) { |
||
78 | throw new Exception($truncate->getUserInfo()); |
||
79 | } |
||
80 | } |
||
81 | return true; |
||
82 | |||
83 | } |
||
84 | |||
85 | function createStartingValues() |
||
86 | { |
||
87 | $sql_values = file_get_contents(dirname(__FILE__) . '/database-values.sql'); |
||
88 | $sql_arr = Intraface_Install::splitSql($sql_values); |
||
89 | |||
90 | View Code Duplication | foreach ($sql_arr as $sql) { |
|
91 | if (empty($sql)) { continue; } |
||
92 | $result = $this->db->exec($sql); |
||
93 | if (PEAR::isError($result)) { |
||
94 | throw new Exception($result->getUserInfo()); |
||
95 | } |
||
96 | } |
||
97 | return true; |
||
98 | } |
||
99 | |||
100 | function resetServer() |
||
101 | { |
||
102 | /* |
||
103 | if (!$this->dropDatabase()) { |
||
104 | throw new Exception('could not drop database'); |
||
105 | } |
||
106 | if (!$this->createDatabaseSchema()) { |
||
107 | throw new Exception('could not create schema'); |
||
108 | } |
||
109 | */ |
||
110 | |||
111 | if (!$this->emptyDatabase()) { |
||
112 | throw new Exception('could not empty database'); |
||
113 | } |
||
114 | |||
115 | if (!$this->createStartingValues()) { |
||
116 | throw new Exception('could not create values'); |
||
117 | } |
||
118 | |||
119 | $this->deleteUploadDirectory(PATH_UPLOAD); |
||
120 | |||
121 | if (!file_exists(PATH_UPLOAD)) { |
||
122 | mkdir(PATH_UPLOAD); |
||
123 | } |
||
124 | |||
125 | return true; |
||
126 | |||
127 | } |
||
128 | |||
129 | View Code Duplication | function deleteUploadDirectory($f) |
|
130 | { |
||
131 | if ( is_dir( $f ) ){ |
||
132 | foreach ( scandir( $f ) as $item ){ |
||
133 | if ( !strcmp( $item, '.' ) || !strcmp( $item, '..' ) ) |
||
134 | continue; |
||
135 | $this->deleteUploadDirectory( $f . "/" . $item ); |
||
136 | } |
||
137 | rmdir( $f ); |
||
138 | } else{ |
||
139 | @unlink( $f ); |
||
0 ignored issues
–
show
|
|||
140 | } |
||
141 | } |
||
142 | |||
143 | /** |
||
144 | * grants access to given modules |
||
145 | */ |
||
146 | public function grantModuleAccess($modules) |
||
147 | { |
||
148 | $this->registerModules(); |
||
149 | $modules = explode(',', $modules); |
||
150 | |||
151 | require_once 'Intraface/modules/intranetmaintenance/IntranetMaintenance.php'; |
||
152 | // The moduleaccess only goes for intranet_id 1 |
||
153 | $intranet = new IntranetMaintenance(1); |
||
154 | require_once 'Intraface/modules/intranetmaintenance/UserMaintenance.php'; |
||
155 | $user = new UserMaintenance(1); |
||
156 | $user->setIntranetAccess(1); |
||
157 | |||
158 | require_once 'Intraface/modules/intranetmaintenance/ModuleMaintenance.php'; |
||
159 | foreach ($modules as $module_name) { |
||
160 | $module = ModuleMaintenance::factory($module_name); |
||
161 | |||
162 | if ($module->get('id') == 0) { |
||
163 | throw new Exception('Invalid module '.$module_name); |
||
164 | } |
||
165 | $intranet->setModuleAccess($module->get('id')); |
||
166 | $user->setModuleAccess($module->get('id'), 1); |
||
167 | $sub_accesss = $module->get('sub_access'); |
||
168 | foreach ($sub_accesss as $sub_access) { |
||
169 | $user->setSubAccess($module->get('id'), $sub_access['id'], 1); |
||
170 | } |
||
171 | } |
||
172 | |||
173 | return true; |
||
174 | |||
175 | } |
||
176 | |||
177 | /** |
||
178 | * login the user |
||
179 | */ |
||
180 | function loginUser() |
||
181 | { |
||
182 | /* session_start(); */ // session_start is in reset_staging_server. Should only be one place. |
||
183 | |||
184 | $adapter = new Intraface_Auth_User($this->db, session_id(), '[email protected]', 'startup'); |
||
185 | $auth = new Intraface_Auth(session_id()); |
||
186 | $user = $auth->authenticate($adapter); |
||
187 | |||
188 | return $user; |
||
189 | |||
190 | } |
||
191 | |||
192 | /** |
||
193 | * run helper functions |
||
194 | */ |
||
195 | public function runHelperFunction($functions) |
||
196 | { |
||
197 | $functions = explode(',', $functions); |
||
198 | |||
199 | // We create kernel so it can be used in the helper functions |
||
200 | if (session_id() != '') { |
||
201 | $kernel = new Intraface_Kernel(session_id()); |
||
202 | } else { |
||
203 | $kernel = new Intraface_Kernel; |
||
204 | } |
||
205 | $kernel->user = new Intraface_User(1); |
||
206 | $kernel->user->setIntranetId(1); |
||
207 | $kernel->intranet = new Intraface_Intranet(1); |
||
208 | $kernel->setting = new Intraface_Setting(1, 1); |
||
209 | |||
210 | // adds the intranet_id to Doctrine! |
||
211 | Intraface_Doctrine_Intranet::singleton(1); |
||
212 | |||
213 | foreach ($functions AS $function) { |
||
214 | $object_method = explode(':', trim($function)); |
||
215 | $object_method[0] = str_replace('/', '', $object_method[0]); |
||
216 | $object_method[0] = str_replace('\\', '', $object_method[0]); |
||
217 | |||
218 | require_once dirname(__FILE__) . '/Helper/'.$object_method[0].'.php'; |
||
219 | $object_name = 'Install_Helper_'.$object_method[0]; |
||
220 | $object = new $object_name($kernel, $this->db); |
||
221 | $object->$object_method[1](); |
||
222 | } |
||
223 | } |
||
224 | |||
225 | /** |
||
226 | * register modules |
||
227 | */ |
||
228 | private function registerModules() |
||
229 | { |
||
230 | require_once 'Intraface/modules/intranetmaintenance/ModuleMaintenance.php'; |
||
231 | $modulemaintenance = new ModuleMaintenance; |
||
232 | $modulemaintenance->register(); |
||
233 | } |
||
234 | |||
235 | /** |
||
236 | * splits a mysql export into separate |
||
237 | */ |
||
238 | static function splitSql($sql) |
||
239 | { |
||
240 | if (strpos($sql, "\r\n")) { |
||
241 | $str_sep = "\r\n"; |
||
242 | } else { |
||
243 | $str_sep = "\n"; |
||
244 | } |
||
245 | if (substr($sql, 0, 2) == '--') { |
||
246 | $sql = substr($sql, strpos($sql, $str_sep)); |
||
247 | } |
||
248 | $sql = preg_replace($str_sep."/--[a-zA-Z0-9\/\:\`,. _-]*/", '', $sql); |
||
249 | $parts = preg_split("/;( )*".$str_sep.'/', $sql); |
||
250 | $parts = array_map('trim', $parts); |
||
251 | return $parts; |
||
252 | |||
253 | } |
||
254 | } |
||
255 |
If you suppress an error, we recommend checking for the error condition explicitly: