Issues in install.php - New Issues - Inspection of "run tests without gzip, too" - splitbrain/dokuwiki - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — nozlib ( e6a6ca )

by Andreas

created 2015-11-27 08:39 UTC

install.php (1 issue)

Labels

Best Practice 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Dokuwiki installation assistance
 *
 * @author      Chris Smith <[email protected]>
 */

if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/');
if(!defined('DOKU_CONF')) define('DOKU_CONF',DOKU_INC.'conf/');
if(!defined('DOKU_LOCAL')) define('DOKU_LOCAL',DOKU_INC.'conf/');

require_once(DOKU_INC.'inc/PassHash.class.php');

// check for error reporting override or set error reporting to sane values
if (!defined('DOKU_E_LEVEL')) { error_reporting(E_ALL ^ E_NOTICE); }
else { error_reporting(DOKU_E_LEVEL); }

// kill magic quotes
if (get_magic_quotes_gpc() && !defined('MAGIC_QUOTES_STRIPPED')) {
    if (!empty($_GET))    remove_magic_quotes($_GET);
    if (!empty($_POST))   remove_magic_quotes($_POST);
    if (!empty($_COOKIE)) remove_magic_quotes($_COOKIE);
    if (!empty($_REQUEST)) remove_magic_quotes($_REQUEST);
    @ini_set('magic_quotes_gpc', 0);
    define('MAGIC_QUOTES_STRIPPED',1);
}
if (function_exists('set_magic_quotes_runtime')) @set_magic_quotes_runtime(0);
@ini_set('magic_quotes_sybase',0);

// language strings
require_once(DOKU_INC.'inc/lang/en/lang.php');
if(isset($_REQUEST['l']) && !is_array($_REQUEST['l'])) {
    $LC = preg_replace('/[^a-z\-]+/','',$_REQUEST['l']);
}
if(empty($LC)) $LC = 'en';
if($LC && $LC != 'en' ) {
    require_once(DOKU_INC.'inc/lang/'.$LC.'/lang.php');
}

// initialise variables ...
$error = array();

$dokuwiki_hash = array(
    '2005-09-22'   => 'e33223e957b0b0a130d0520db08f8fb7',
    '2006-03-05'   => '51295727f79ab9af309a2fd9e0b61acc',
    '2006-03-09'   => '51295727f79ab9af309a2fd9e0b61acc',
    '2006-11-06'   => 'b3a8af76845977c2000d85d6990dd72b',
    '2007-05-24'   => 'd80f2740c84c4a6a791fd3c7a353536f',
    '2007-06-26'   => 'b3ca19c7a654823144119980be73cd77',
    '2008-05-04'   => '1e5c42eac3219d9e21927c39e3240aad',
    '2009-02-14'   => 'ec8c04210732a14fdfce0f7f6eead865',
    '2009-12-25'   => '993c4b2b385643efe5abf8e7010e11f4',
    '2010-11-07'   => '7921d48195f4db21b8ead6d9bea801b8',
    '2011-05-25'   => '4241865472edb6fa14a1227721008072',
    '2011-11-10'   => 'b46ff19a7587966ac4df61cbab1b8b31',
    '2012-01-25'   => '72c083c73608fc43c586901fd5dabb74',
    '2012-09-10'   => 'eb0b3fc90056fbc12bac6f49f7764df3',
    '2013-05-10'   => '7b62b75245f57f122d3e0f8ed7989623',
    '2013-12-08'   => '263c76af309fbf083867c18a34ff5214',
    '2014-05-05'   => '263c76af309fbf083867c18a34ff5214',
    '2015-08-10'   => '263c76af309fbf083867c18a34ff5214'
);


// begin output
header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html>
<html lang="<?php echo $LC?>" dir="<?php echo $lang['direction']?>">
<head>
    <meta charset="utf-8" />
    <title><?php echo $lang['i_installer']?></title>
    <style type="text/css">
        body { width: 90%; margin: 0 auto; font: 84% Verdana, Helvetica, Arial, sans-serif; }
        img { border: none }
        br.cl { clear:both; }
        code { font-size: 110%; color: #800000; }
        fieldset { border: none }
        label { display: block; margin-top: 0.5em; }
        select.text, input.text { width: 30em; margin: 0 0.5em; }
        a {text-decoration: none}
    </style>
    <script type="text/javascript">
        function acltoggle(){
            var cb = document.getElementById('acl');
            var fs = document.getElementById('acldep');
            if(!cb || !fs) return;
            if(cb.checked){
                fs.style.display = '';
            }else{
                fs.style.display = 'none';
            }
        }
        window.onload = function(){
            acltoggle();
            var cb = document.getElementById('acl');
            if(cb) cb.onchange = acltoggle;
        };
    </script>
</head>
<body style="">
    <h1 style="float:left">
        <img src="lib/exe/fetch.php?media=wiki:dokuwiki-128.png"
             style="vertical-align: middle;" alt="" height="64" width="64" />
        <?php echo $lang['i_installer']?>
    </h1>
    <div style="float:right; margin: 1em;">
        <?php langsel()?>
    </div>
    <br class="cl" />

    <div style="float: right; width: 34%;">
        <?php
            if(file_exists(DOKU_INC.'inc/lang/'.$LC.'/install.html')){
                include(DOKU_INC.'inc/lang/'.$LC.'/install.html');
            }else{
                print "<div lang=\"en\" dir=\"ltr\">\n";
                include(DOKU_INC.'inc/lang/en/install.html');
                print "</div>\n";
            }
        ?>
        <a style="background: transparent url(data/security.png) left top no-repeat;
                  display: block; width:380px; height:73px; border:none; clear:both;"
           target="_blank"
           href="http://www.dokuwiki.org/security#web_access_security"></a>
    </div>

    <div style="float: left; width: 58%;">
        <?php
            if(! (check_functions() && check_permissions()) ){
                echo '<p>'.$lang['i_problems'].'</p>';
                print_errors();
                print_retry();
            }elseif(!check_configs()){
                echo '<p>'.$lang['i_modified'].'</p>';
                print_errors();
            }elseif(check_data($_REQUEST['d'])){
                // check_data has sanitized all input parameters
                if(!store_data($_REQUEST['d'])){
                    echo '<p>'.$lang['i_failure'].'</p>';
                    print_errors();
                }else{
                    echo '<p>'.$lang['i_success'].'</p>';
                }
            }else{
                print_errors();
                print_form($_REQUEST['d']);
            }
        ?>
    </div>


<div style="clear: both">
  <a href="http://dokuwiki.org/"><img src="lib/tpl/dokuwiki/images/button-dw.png" alt="driven by DokuWiki" /></a>
  <a href="http://www.php.net"><img src="lib/tpl/dokuwiki/images/button-php.gif" alt="powered by PHP" /></a>
</div>
</body>
</html>
<?php

/**
 * Print the input form
 *
 * @param array $d submitted entry 'd' of request data
 */
function print_form($d){
    global $lang;
    global $LC;

    include(DOKU_CONF.'license.php');

    if(!is_array($d)) $d = array();
    $d = array_map('htmlspecialchars',$d);

    if(!isset($d['acl'])) $d['acl']=1;
    if(!isset($d['pop'])) $d['pop']=1;

    ?>
    <form action="" method="post">
    <input type="hidden" name="l" value="<?php echo $LC ?>" />
    <fieldset>
        <label for="title"><?php echo $lang['i_wikiname']?>
        <input type="text" name="d[title]" id="title" value="<?php echo $d['title'] ?>" style="width: 20em;" />
        </label>

        <fieldset style="margin-top: 1em;">
            <label for="acl">
            <input type="checkbox" name="d[acl]" id="acl" <?php echo(($d['acl'] ? ' checked="checked"' : ''));?> />
            <?php echo $lang['i_enableacl']?></label>

            <fieldset id="acldep">
                <label for="superuser"><?php echo $lang['i_superuser']?></label>
                <input class="text" type="text" name="d[superuser]" id="superuser" value="<?php echo $d['superuser'] ?>" />

                <label for="fullname"><?php echo $lang['fullname']?></label>
                <input class="text" type="text" name="d[fullname]" id="fullname" value="<?php echo $d['fullname'] ?>" />

                <label for="email"><?php echo $lang['email']?></label>
                <input class="text" type="text" name="d[email]" id="email" value="<?php echo $d['email'] ?>" />

                <label for="password"><?php echo $lang['pass']?></label>
                <input class="text" type="password" name="d[password]" id="password" />

                <label for="confirm"><?php echo $lang['passchk']?></label>
                <input class="text" type="password" name="d[confirm]" id="confirm" />

                <label for="policy"><?php echo $lang['i_policy']?></label>
                <select class="text" name="d[policy]" id="policy">
                    <option value="0" <?php echo ($d['policy'] == 0)?'selected="selected"':'' ?>><?php echo $lang['i_pol0']?></option>
                    <option value="1" <?php echo ($d['policy'] == 1)?'selected="selected"':'' ?>><?php echo $lang['i_pol1']?></option>
                    <option value="2" <?php echo ($d['policy'] == 2)?'selected="selected"':'' ?>><?php echo $lang['i_pol2']?></option>
                </select>

                <label for="allowreg">
                    <input type="checkbox" name="d[allowreg]" id="allowreg" <?php echo(($d['allowreg'] ? ' checked="checked"' : ''));?> />
                    <?php echo $lang['i_allowreg']?>
                </label>
            </fieldset>
        </fieldset>

        <fieldset>
            <p><?php echo $lang['i_license']?></p>
            <?php
            array_push($license,array('name' => $lang['i_license_none'], 'url'=>''));
            if(empty($d['license'])) $d['license'] = 'cc-by-sa';
            foreach($license as $key => $lic){
                echo '<label for="lic_'.$key.'">';
                echo '<input type="radio" name="d[license]" value="'.htmlspecialchars($key).'" id="lic_'.$key.'"'.
                     (($d['license'] === $key)?' checked="checked"':'').'>';
                echo htmlspecialchars($lic['name']);
                if($lic['url']) echo ' <a href="'.$lic['url'].'" target="_blank"><sup>[?]</sup></a>';
                echo '</label>';
            }
            ?>
        </fieldset>

        <fieldset>
            <p><?php echo $lang['i_pop_field']?></p>
            <label for="pop">
                <input type="checkbox" name="d[pop]" id="pop" <?php echo(($d['pop'] ? ' checked="checked"' : ''));?> />
                <?php echo $lang['i_pop_label']?> <a href="http://www.dokuwiki.org/popularity" target="_blank"><sup>[?]</sup></a>
            </label>
        </fieldset>

    </fieldset>
    <fieldset id="process">
        <button type="submit" name="submit"><?php echo $lang['btn_save']?></button>
    </fieldset>
    </form>
    <?php
}

function print_retry() {
    global $lang;
    global $LC;
    ?>
    <form action="" method="get">
      <fieldset>
        <input type="hidden" name="l" value="<?php echo $LC ?>" />
        <button type="submit"><?php echo $lang['i_retry'];?></button>
      </fieldset>
    </form>
    <?php
}

/**
 * Check validity of data
 *
 * @author Andreas Gohr
 *
 * @param array $d
 * @return bool ok?
 */
function check_data(&$d){
    static $form_default = array(
        'title'     => '',
        'acl'       => '1',
        'superuser' => '',
        'fullname'  => '',
        'email'     => '',
        'password'  => '',
        'confirm'   => '',
        'policy'    => '0',
        'allowreg'  => '0',
        'license'   => 'cc-by-sa'
    );
    global $lang;
    global $error;

    if(!is_array($d)) $d = array();
    foreach($d as $k => $v) {
        if(is_array($v))
            unset($d[$k]);
        else
            $d[$k] = (string)$v;
    }

    //autolowercase the username
    $d['superuser'] = isset($d['superuser']) ? strtolower($d['superuser']) : "";

    $ok = false;

    if(isset($_REQUEST['submit'])) {
        $ok = true;

        // check input
        if(empty($d['title'])){
            $error[] = sprintf($lang['i_badval'],$lang['i_wikiname']);
            $ok      = false;
        }
        if(isset($d['acl'])){
            if(!preg_match('/^[a-z0-9_]+$/',$d['superuser'])){
                $error[] = sprintf($lang['i_badval'],$lang['i_superuser']);
                $ok      = false;
            }
            if(empty($d['password'])){
                $error[] = sprintf($lang['i_badval'],$lang['pass']);
                $ok      = false;
            }
            elseif(!isset($d['confirm']) || $d['confirm'] != $d['password']){
                $error[] = sprintf($lang['i_badval'],$lang['passchk']);
                $ok      = false;
            }
            if(empty($d['fullname']) || strstr($d['fullname'],':')){
                $error[] = sprintf($lang['i_badval'],$lang['fullname']);
                $ok      = false;
            }
            if(empty($d['email']) || strstr($d['email'],':') || !strstr($d['email'],'@')){
                $error[] = sprintf($lang['i_badval'],$lang['email']);
                $ok      = false;
            }
        }
    }
    $d = array_merge($form_default, $d);
    return $ok;
}

/**
 * Writes the data to the config files
 *
 * @author  Chris Smith <[email protected]>
 *
 * @param array $d
 * @return bool
 */
function store_data($d){
    global $LC;
    $ok = true;
    $d['policy'] = (int) $d['policy'];

    // create local.php
    $now    = gmdate('r');
    $output = <<<EOT
<?php
/**
 * Dokuwiki's Main Configuration File - Local Settings
 * Auto-generated by install script
 * Date: $now
 */

EOT;
    // add any config options set by a previous installer
    $preset = __DIR__.'/install.conf';
    if(file_exists($preset)){
        $output .= "# preset config options\n";
        $output .= file_get_contents($preset);
        $output .= "\n\n";
        $output .= "# options selected in installer\n";
        @unlink($preset);
    }

    $output .= '$conf[\'title\'] = \''.addslashes($d['title'])."';\n";
    $output .= '$conf[\'lang\'] = \''.addslashes($LC)."';\n";
    $output .= '$conf[\'license\'] = \''.addslashes($d['license'])."';\n";
    if($d['acl']){
        $output .= '$conf[\'useacl\'] = 1'.";\n";
        $output .= "\$conf['superuser'] = '@admin';\n";
    }
    if(!$d['allowreg']){
        $output .= '$conf[\'disableactions\'] = \'register\''.";\n";
    }
    $ok = $ok && fileWrite(DOKU_LOCAL.'local.php',$output);

    if ($d['acl']) {
        // hash the password
        $phash = new PassHash();
        $pass = $phash->hash_smd5($d['password']);

        // create users.auth.php
        // --- user:SMD5password:Real Name:email:groups,comma,seperated
        $output = join(":",array($d['superuser'], $pass, $d['fullname'], $d['email'], 'admin,user'));
        $output = @file_get_contents(DOKU_CONF.'users.auth.php.dist')."\n$output\n";
        $ok = $ok && fileWrite(DOKU_LOCAL.'users.auth.php', $output);

        // create acl.auth.php
        $output = <<<EOT
# acl.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Access Control Lists
#
# Auto-generated by install script
# Date: $now

EOT;
        if($d['policy'] == 2){
            $output .=  "*               @ALL          0\n";
            $output .=  "*               @user         8\n";
        }elseif($d['policy'] == 1){
            $output .=  "*               @ALL          1\n";
            $output .=  "*               @user         8\n";
        }else{
            $output .=  "*               @ALL          8\n";
        }
        $ok = $ok && fileWrite(DOKU_LOCAL.'acl.auth.php', $output);
    }

    // enable popularity submission
    if($d['pop']){
        @touch(DOKU_INC.'data/cache/autosubmit.txt');
    }

    // disable auth plugins til needed
    $output = <<<EOT
<?php
/*
 * Local plugin enable/disable settings
 *
 * Auto-generated by install script
 * Date: $now
 */

\$plugins['authad']    = 0;
\$plugins['authldap']  = 0;
\$plugins['authmysql'] = 0;
\$plugins['authpgsql'] = 0;

EOT;
    $ok = $ok && fileWrite(DOKU_LOCAL.'plugins.local.php', $output);

    return $ok;
}

/**
 * Write the given content to a file
 *
 * @author  Chris Smith <[email protected]>
 *
 * @param string $filename
 * @param string $data
 * @return bool
 */
function fileWrite($filename, $data) {
    global $error;
    global $lang;

    if (($fp = @fopen($filename, 'wb')) === false) {
        $filename = str_replace($_SERVER['DOCUMENT_ROOT'],'{DOCUMENT_ROOT}/', $filename);
        $error[]  = sprintf($lang['i_writeerr'],$filename);
        return false;
    }

    if (!empty($data)) { fwrite($fp, $data);  }
    fclose($fp);
    return true;
}


/**
 * check installation dependent local config files and tests for a known
 * unmodified main config file
 *
 * @author      Chris Smith <[email protected]>
 *
 * @return bool
 */
function check_configs(){
    global $error;
    global $lang;
    global $dokuwiki_hash;

    $ok = true;

    $config_files = array(
        'local' => DOKU_LOCAL.'local.php',
        'users' => DOKU_LOCAL.'users.auth.php',
        'auth'  => DOKU_LOCAL.'acl.auth.php'
    );

    // main dokuwiki config file (conf/dokuwiki.php) must not have been modified
    $installation_hash = md5(preg_replace("/(\015\012)|(\015)/","\012",
                             @file_get_contents(DOKU_CONF.'dokuwiki.php')));
    if (!in_array($installation_hash, $dokuwiki_hash)) {
        $error[] = sprintf($lang['i_badhash'],$installation_hash);
        $ok = false;
    }

    // configs shouldn't exist
    foreach ($config_files as $file) {
        if (file_exists($file) && filesize($file)) {
            $file    = str_replace($_SERVER['DOCUMENT_ROOT'],'{DOCUMENT_ROOT}/', $file);
            $error[] = sprintf($lang['i_confexists'],$file);
            $ok      = false;
        }
    }
    return $ok;
}


/**
 * Check other installation dir/file permission requirements
 *
 * @author      Chris Smith <[email protected]>
 *
 * @return bool
 */
function check_permissions(){
    global $error;
    global $lang;

    $dirs = array(
        'conf'        => DOKU_LOCAL,
        'data'        => DOKU_INC.'data',
        'pages'       => DOKU_INC.'data/pages',
        'attic'       => DOKU_INC.'data/attic',
        'media'       => DOKU_INC.'data/media',
        'media_attic' => DOKU_INC.'data/media_attic',
        'media_meta'  => DOKU_INC.'data/media_meta',
        'meta'        => DOKU_INC.'data/meta',
        'cache'       => DOKU_INC.'data/cache',
        'locks'       => DOKU_INC.'data/locks',
        'index'       => DOKU_INC.'data/index',
        'tmp'         => DOKU_INC.'data/tmp'
    );

    $ok = true;
    foreach($dirs as $dir){
        if(!file_exists("$dir/.") || !is_writable($dir)){
            $dir     = str_replace($_SERVER['DOCUMENT_ROOT'],'{DOCUMENT_ROOT}', $dir);
            $error[] = sprintf($lang['i_permfail'],$dir);
            $ok      = false;
        }
    }
    return $ok;
}

/**
 * Check the availability of functions used in DokuWiki and the PHP version
 *
 * @author Andreas Gohr <[email protected]>
 *
 * @return bool
 */
function check_functions(){
    global $error;
    global $lang;
    $ok = true;

    if(version_compare(phpversion(),'5.3.3','<')){
        $error[] = sprintf($lang['i_phpver'],phpversion(),'5.3.3');
        $ok = false;
    }

    if(ini_get('mbstring.func_overload') != 0){
        $error[] = $lang['i_mbfuncoverload'];
        $ok = false;
    }

    $funcs = explode(' ','addslashes call_user_func chmod copy fgets '.
                         'file file_exists fseek flush filesize ftell fopen '.
                         'glob header ignore_user_abort ini_get mail mkdir '.
                         'ob_start opendir parse_ini_file readfile realpath '.
                         'rename rmdir serialize session_start unlink usleep '.
                         'preg_replace file_get_contents htmlspecialchars_decode '.
                         'spl_autoload_register stream_select fsockopen pack');

    if (!function_exists('mb_substr')) {
        $funcs[] = 'utf8_encode';
        $funcs[] = 'utf8_decode';
    }

    foreach($funcs as $func){
        if(!function_exists($func)){
            $error[] = sprintf($lang['i_funcna'],$func);
            $ok = false;
        }
    }
    return $ok;
}

/**
 * Print language selection
 *
 * @author Andreas Gohr <[email protected]>
 */
function langsel(){
    global $lang;
    global $LC;

    $dir = DOKU_INC.'inc/lang';
    $dh  = opendir($dir);
    if(!$dh) return;

    $langs = array();
    while (($file = readdir($dh)) !== false) {
        if(preg_match('/^[\._]/',$file)) continue;
        if(is_dir($dir.'/'.$file) && file_exists($dir.'/'.$file.'/lang.php')){
            $langs[] = $file;
        }
    }
    closedir($dh);
    sort($langs);

    echo '<form action="">';
    echo $lang['i_chooselang'];
    echo ': <select name="l" onchange="submit()">';
    foreach($langs as $l){
        $sel = ($l == $LC) ? 'selected="selected"' : '';
        echo '<option value="'.$l.'" '.$sel.'>'.$l.'</option>';
    }
    echo '</select> ';
    echo '<button type="submit">'.$lang['btn_update'].'</button>';
    echo '</form>';
}

/**
 * Print global error array
 *
 * @author Andreas Gohr <[email protected]>
 */
function print_errors(){
    global $error;
    if(!empty($error)) {
        echo '<ul>';
        foreach ($error as $err){
            echo "<li>$err</li>";
        }
        echo '</ul>';
    }
}

/**
 * remove magic quotes recursivly
 *
 * @author Andreas Gohr <[email protected]>
 *
 * @param array $array
 */
function remove_magic_quotes(&$array) {
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
    foreach (array_keys($array) as $key) {
        if (is_array($array[$key])) {
            remove_magic_quotes($array[$key]);
        }else {
            $array[$key] = stripslashes($array[$key]);
        }
    }
}



1			<?php
2			/**
3			* Dokuwiki installation assistance
4			*
5			* @author Chris Smith <[email protected]>
6			*/
7
8			if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/');
9			if(!defined('DOKU_CONF')) define('DOKU_CONF',DOKU_INC.'conf/');
10			if(!defined('DOKU_LOCAL')) define('DOKU_LOCAL',DOKU_INC.'conf/');
11
12			require_once(DOKU_INC.'inc/PassHash.class.php');
13
14			// check for error reporting override or set error reporting to sane values
15			if (!defined('DOKU_E_LEVEL')) { error_reporting(E_ALL ^ E_NOTICE); }
16			else { error_reporting(DOKU_E_LEVEL); }
17
18			// kill magic quotes
19			if (get_magic_quotes_gpc() && !defined('MAGIC_QUOTES_STRIPPED')) {
20			if (!empty($_GET)) remove_magic_quotes($_GET);
21			if (!empty($_POST)) remove_magic_quotes($_POST);
22			if (!empty($_COOKIE)) remove_magic_quotes($_COOKIE);
23			if (!empty($_REQUEST)) remove_magic_quotes($_REQUEST);
24			@ini_set('magic_quotes_gpc', 0);
25			define('MAGIC_QUOTES_STRIPPED',1);
26			}
27			if (function_exists('set_magic_quotes_runtime')) @set_magic_quotes_runtime(0);
28			@ini_set('magic_quotes_sybase',0);
29
30			// language strings
31			require_once(DOKU_INC.'inc/lang/en/lang.php');
32			if(isset($_REQUEST['l']) && !is_array($_REQUEST['l'])) {
33			$LC = preg_replace('/[^a-z\-]+/','',$_REQUEST['l']);
34			}
35			if(empty($LC)) $LC = 'en';
36			if($LC && $LC != 'en' ) {
37			require_once(DOKU_INC.'inc/lang/'.$LC.'/lang.php');
38			}
39
40			// initialise variables ...
41			$error = array();
42
43			$dokuwiki_hash = array(
44			'2005-09-22' => 'e33223e957b0b0a130d0520db08f8fb7',
45			'2006-03-05' => '51295727f79ab9af309a2fd9e0b61acc',
46			'2006-03-09' => '51295727f79ab9af309a2fd9e0b61acc',
47			'2006-11-06' => 'b3a8af76845977c2000d85d6990dd72b',
48			'2007-05-24' => 'd80f2740c84c4a6a791fd3c7a353536f',
49			'2007-06-26' => 'b3ca19c7a654823144119980be73cd77',
50			'2008-05-04' => '1e5c42eac3219d9e21927c39e3240aad',
51			'2009-02-14' => 'ec8c04210732a14fdfce0f7f6eead865',
52			'2009-12-25' => '993c4b2b385643efe5abf8e7010e11f4',
53			'2010-11-07' => '7921d48195f4db21b8ead6d9bea801b8',
54			'2011-05-25' => '4241865472edb6fa14a1227721008072',
55			'2011-11-10' => 'b46ff19a7587966ac4df61cbab1b8b31',
56			'2012-01-25' => '72c083c73608fc43c586901fd5dabb74',
57			'2012-09-10' => 'eb0b3fc90056fbc12bac6f49f7764df3',
58			'2013-05-10' => '7b62b75245f57f122d3e0f8ed7989623',
59			'2013-12-08' => '263c76af309fbf083867c18a34ff5214',
60			'2014-05-05' => '263c76af309fbf083867c18a34ff5214',
61			'2015-08-10' => '263c76af309fbf083867c18a34ff5214'
62			);
63
64
65			// begin output
66			header('Content-Type: text/html; charset=utf-8');
67			?>
68			<!DOCTYPE html>
69			<html lang="<?php echo $LC?>" dir="<?php echo $lang['direction']?>">
70			<head>
71			<meta charset="utf-8" />
72			<title><?php echo $lang['i_installer']?></title>
73			<style type="text/css">
74			body { width: 90%; margin: 0 auto; font: 84% Verdana, Helvetica, Arial, sans-serif; }
75			img { border: none }
76			br.cl { clear:both; }
77			code { font-size: 110%; color: #800000; }
78			fieldset { border: none }
79			label { display: block; margin-top: 0.5em; }
80			select.text, input.text { width: 30em; margin: 0 0.5em; }
81			a {text-decoration: none}
82			</style>
83			<script type="text/javascript">
84			function acltoggle(){
85			var cb = document.getElementById('acl');
86			var fs = document.getElementById('acldep');
87			if(!cb \|\| !fs) return;
88			if(cb.checked){
89			fs.style.display = '';
90			}else{
91			fs.style.display = 'none';
92			}
93			}
94			window.onload = function(){
95			acltoggle();
96			var cb = document.getElementById('acl');
97			if(cb) cb.onchange = acltoggle;
98			};
99			</script>
100			</head>
101			<body style="">
102			<h1 style="float:left">
103			<img src="lib/exe/fetch.php?media=wiki:dokuwiki-128.png"
104			style="vertical-align: middle;" alt="" height="64" width="64" />
105			<?php echo $lang['i_installer']?>
106			</h1>
107			<div style="float:right; margin: 1em;">
108			<?php langsel()?>
109			</div>
110			<br class="cl" />
111
112			<div style="float: right; width: 34%;">
113			<?php
114			if(file_exists(DOKU_INC.'inc/lang/'.$LC.'/install.html')){
115			include(DOKU_INC.'inc/lang/'.$LC.'/install.html');
116			}else{
117			print "<div lang=\"en\" dir=\"ltr\">\n";
118			include(DOKU_INC.'inc/lang/en/install.html');
119			print "</div>\n";
120			}
121			?>
122			<a style="background: transparent url(data/security.png) left top no-repeat;
123			display: block; width:380px; height:73px; border:none; clear:both;"
124			target="_blank"
125			href="http://www.dokuwiki.org/security#web_access_security"></a>
126			</div>
127
128			<div style="float: left; width: 58%;">
129			<?php
130			if(! (check_functions() && check_permissions()) ){
131			echo '<p>'.$lang['i_problems'].'</p>';
132			print_errors();
133			print_retry();
134			}elseif(!check_configs()){
135			echo '<p>'.$lang['i_modified'].'</p>';
136			print_errors();
137			}elseif(check_data($_REQUEST['d'])){
138			// check_data has sanitized all input parameters
139			if(!store_data($_REQUEST['d'])){
140			echo '<p>'.$lang['i_failure'].'</p>';
141			print_errors();
142			}else{
143			echo '<p>'.$lang['i_success'].'</p>';
144			}
145			}else{
146			print_errors();
147			print_form($_REQUEST['d']);
148			}
149			?>
150			</div>
151
152
153			<div style="clear: both">
154			<a href="http://dokuwiki.org/"><img src="lib/tpl/dokuwiki/images/button-dw.png" alt="driven by DokuWiki" /></a>
155			<a href="http://www.php.net"><img src="lib/tpl/dokuwiki/images/button-php.gif" alt="powered by PHP" /></a>
156			</div>
157			</body>
158			</html>
159			<?php
160
161			/**
162			* Print the input form
163			*
164			* @param array $d submitted entry 'd' of request data
165			*/
166			function print_form($d){
167			global $lang;
168			global $LC;
169
170			include(DOKU_CONF.'license.php');
171
172			if(!is_array($d)) $d = array();
173			$d = array_map('htmlspecialchars',$d);
174
175			if(!isset($d['acl'])) $d['acl']=1;
176			if(!isset($d['pop'])) $d['pop']=1;
177
178			?>
179			<form action="" method="post">
180			<input type="hidden" name="l" value="<?php echo $LC ?>" />
181			<fieldset>
182			<label for="title"><?php echo $lang['i_wikiname']?>
183			<input type="text" name="d[title]" id="title" value="<?php echo $d['title'] ?>" style="width: 20em;" />
184			</label>
185
186			<fieldset style="margin-top: 1em;">
187			<label for="acl">
188			<input type="checkbox" name="d[acl]" id="acl" <?php echo(($d['acl'] ? ' checked="checked"' : ''));?> />
189			<?php echo $lang['i_enableacl']?></label>
190
191			<fieldset id="acldep">
192			<label for="superuser"><?php echo $lang['i_superuser']?></label>
193			<input class="text" type="text" name="d[superuser]" id="superuser" value="<?php echo $d['superuser'] ?>" />
194
195			<label for="fullname"><?php echo $lang['fullname']?></label>
196			<input class="text" type="text" name="d[fullname]" id="fullname" value="<?php echo $d['fullname'] ?>" />
197
198			<label for="email"><?php echo $lang['email']?></label>
199			<input class="text" type="text" name="d[email]" id="email" value="<?php echo $d['email'] ?>" />
200
201			<label for="password"><?php echo $lang['pass']?></label>
202			<input class="text" type="password" name="d[password]" id="password" />
203
204			<label for="confirm"><?php echo $lang['passchk']?></label>
205			<input class="text" type="password" name="d[confirm]" id="confirm" />
206
207			<label for="policy"><?php echo $lang['i_policy']?></label>
208			<select class="text" name="d[policy]" id="policy">
209			<option value="0" <?php echo ($d['policy'] == 0)?'selected="selected"':'' ?>><?php echo $lang['i_pol0']?></option>
210			<option value="1" <?php echo ($d['policy'] == 1)?'selected="selected"':'' ?>><?php echo $lang['i_pol1']?></option>
211			<option value="2" <?php echo ($d['policy'] == 2)?'selected="selected"':'' ?>><?php echo $lang['i_pol2']?></option>
212			</select>
213
214			<label for="allowreg">
215			<input type="checkbox" name="d[allowreg]" id="allowreg" <?php echo(($d['allowreg'] ? ' checked="checked"' : ''));?> />
216			<?php echo $lang['i_allowreg']?>
217			</label>
218			</fieldset>
219			</fieldset>
220
221			<fieldset>
222			<p><?php echo $lang['i_license']?></p>
223			<?php
224			array_push($license,array('name' => $lang['i_license_none'], 'url'=>''));
225			if(empty($d['license'])) $d['license'] = 'cc-by-sa';
226			foreach($license as $key => $lic){
227			echo '<label for="lic_'.$key.'">';
228			echo '<input type="radio" name="d[license]" value="'.htmlspecialchars($key).'" id="lic_'.$key.'"'.
229			(($d['license'] === $key)?' checked="checked"':'').'>';
230			echo htmlspecialchars($lic['name']);
231			if($lic['url']) echo ' <a href="'.$lic['url'].'" target="_blank"><sup>[?]</sup></a>';
232			echo '</label>';
233			}
234			?>
235			</fieldset>
236
237			<fieldset>
238			<p><?php echo $lang['i_pop_field']?></p>
239			<label for="pop">
240			<input type="checkbox" name="d[pop]" id="pop" <?php echo(($d['pop'] ? ' checked="checked"' : ''));?> />
241			<?php echo $lang['i_pop_label']?> <a href="http://www.dokuwiki.org/popularity" target="_blank"><sup>[?]</sup></a>
242			</label>
243			</fieldset>
244
245			</fieldset>
246			<fieldset id="process">
247			<button type="submit" name="submit"><?php echo $lang['btn_save']?></button>
248			</fieldset>
249			</form>
250			<?php
251			}
252
253			function print_retry() {
254			global $lang;
255			global $LC;
256			?>
257			<form action="" method="get">
258			<fieldset>
259			<input type="hidden" name="l" value="<?php echo $LC ?>" />
260			<button type="submit"><?php echo $lang['i_retry'];?></button>
261			</fieldset>
262			</form>
263			<?php
264			}
265
266			/**
267			* Check validity of data
268			*
269			* @author Andreas Gohr
270			*
271			* @param array $d
272			* @return bool ok?
273			*/
274			function check_data(&$d){
275			static $form_default = array(
276			'title' => '',
277			'acl' => '1',
278			'superuser' => '',
279			'fullname' => '',
280			'email' => '',
281			'password' => '',
282			'confirm' => '',
283			'policy' => '0',
284			'allowreg' => '0',
285			'license' => 'cc-by-sa'
286			);
287			global $lang;
288			global $error;
289
290			if(!is_array($d)) $d = array();
291			foreach($d as $k => $v) {
292			if(is_array($v))
293			unset($d[$k]);
294			else
295			$d[$k] = (string)$v;
296			}
297
298			//autolowercase the username
299			$d['superuser'] = isset($d['superuser']) ? strtolower($d['superuser']) : "";
300
301			$ok = false;
302
303			if(isset($_REQUEST['submit'])) {
304			$ok = true;
305
306			// check input
307			if(empty($d['title'])){
308			$error[] = sprintf($lang['i_badval'],$lang['i_wikiname']);
309			$ok = false;
310			}
311			if(isset($d['acl'])){
312			if(!preg_match('/^[a-z0-9_]+$/',$d['superuser'])){
313			$error[] = sprintf($lang['i_badval'],$lang['i_superuser']);
314			$ok = false;
315			}
316			if(empty($d['password'])){
317			$error[] = sprintf($lang['i_badval'],$lang['pass']);
318			$ok = false;
319			}
320			elseif(!isset($d['confirm']) \|\| $d['confirm'] != $d['password']){
321			$error[] = sprintf($lang['i_badval'],$lang['passchk']);
322			$ok = false;
323			}
324			if(empty($d['fullname']) \|\| strstr($d['fullname'],':')){
325			$error[] = sprintf($lang['i_badval'],$lang['fullname']);
326			$ok = false;
327			}
328			if(empty($d['email']) \|\| strstr($d['email'],':') \|\| !strstr($d['email'],'@')){
329			$error[] = sprintf($lang['i_badval'],$lang['email']);
330			$ok = false;
331			}
332			}
333			}
334			$d = array_merge($form_default, $d);
335			return $ok;
336			}
337
338			/**
339			* Writes the data to the config files
340			*
341			* @author Chris Smith <[email protected]>
342			*
343			* @param array $d
344			* @return bool
345			*/
346			function store_data($d){
347			global $LC;
348			$ok = true;
349			$d['policy'] = (int) $d['policy'];
350
351			// create local.php
352			$now = gmdate('r');
353			$output = <<<EOT
354			<?php
355			/**
356			* Dokuwiki's Main Configuration File - Local Settings
357			* Auto-generated by install script
358			* Date: $now
359			*/
360
361			EOT;
362			// add any config options set by a previous installer
363			$preset = __DIR__.'/install.conf';
364			if(file_exists($preset)){
365			$output .= "# preset config options\n";
366			$output .= file_get_contents($preset);
367			$output .= "\n\n";
368			$output .= "# options selected in installer\n";
369			@unlink($preset);
370			}
371
372			$output .= '$conf[\'title\'] = \''.addslashes($d['title'])."';\n";
373			$output .= '$conf[\'lang\'] = \''.addslashes($LC)."';\n";
374			$output .= '$conf[\'license\'] = \''.addslashes($d['license'])."';\n";
375			if($d['acl']){
376			$output .= '$conf[\'useacl\'] = 1'.";\n";
377			$output .= "\$conf['superuser'] = '@admin';\n";
378			}
379			if(!$d['allowreg']){
380			$output .= '$conf[\'disableactions\'] = \'register\''.";\n";
381			}
382			$ok = $ok && fileWrite(DOKU_LOCAL.'local.php',$output);
383
384			if ($d['acl']) {
385			// hash the password
386			$phash = new PassHash();
387			$pass = $phash->hash_smd5($d['password']);
388
389			// create users.auth.php
390			// --- user:SMD5password:Real Name:email:groups,comma,seperated
391			$output = join(":",array($d['superuser'], $pass, $d['fullname'], $d['email'], 'admin,user'));
392			$output = @file_get_contents(DOKU_CONF.'users.auth.php.dist')."\n$output\n";
393			$ok = $ok && fileWrite(DOKU_LOCAL.'users.auth.php', $output);
394
395			// create acl.auth.php
396			$output = <<<EOT
397			# acl.auth.php
398			# <?php exit()?>
399			# Don't modify the lines above
400			#
401			# Access Control Lists
402			#
403			# Auto-generated by install script
404			# Date: $now
405
406			EOT;
407			if($d['policy'] == 2){
408			$output .= "* @ALL 0\n";
409			$output .= "* @user 8\n";
410			}elseif($d['policy'] == 1){
411			$output .= "* @ALL 1\n";
412			$output .= "* @user 8\n";
413			}else{
414			$output .= "* @ALL 8\n";
415			}
416			$ok = $ok && fileWrite(DOKU_LOCAL.'acl.auth.php', $output);
417			}
418
419			// enable popularity submission
420			if($d['pop']){
421			@touch(DOKU_INC.'data/cache/autosubmit.txt');
422			}
423
424			// disable auth plugins til needed
425			$output = <<<EOT
426			<?php
427			/*
428			* Local plugin enable/disable settings
429			*
430			* Auto-generated by install script
431			* Date: $now
432			*/
433
434			\$plugins['authad'] = 0;
435			\$plugins['authldap'] = 0;
436			\$plugins['authmysql'] = 0;
437			\$plugins['authpgsql'] = 0;
438
439			EOT;
440			$ok = $ok && fileWrite(DOKU_LOCAL.'plugins.local.php', $output);
441
442			return $ok;
443			}
444
445			/**
446			* Write the given content to a file
447			*
448			* @author Chris Smith <[email protected]>
449			*
450			* @param string $filename
451			* @param string $data
452			* @return bool
453			*/
454			function fileWrite($filename, $data) {
455			global $error;
456			global $lang;
457
458			if (($fp = @fopen($filename, 'wb')) === false) {
459			$filename = str_replace($_SERVER['DOCUMENT_ROOT'],'{DOCUMENT_ROOT}/', $filename);
460			$error[] = sprintf($lang['i_writeerr'],$filename);
461			return false;
462			}
463
464			if (!empty($data)) { fwrite($fp, $data); }
465			fclose($fp);
466			return true;
467			}
468
469
470			/**
471			* check installation dependent local config files and tests for a known
472			* unmodified main config file
473			*
474			* @author Chris Smith <[email protected]>
475			*
476			* @return bool
477			*/
478			function check_configs(){
479			global $error;
480			global $lang;
481			global $dokuwiki_hash;
482
483			$ok = true;
484
485			$config_files = array(
486			'local' => DOKU_LOCAL.'local.php',
487			'users' => DOKU_LOCAL.'users.auth.php',
488			'auth' => DOKU_LOCAL.'acl.auth.php'
489			);
490
491			// main dokuwiki config file (conf/dokuwiki.php) must not have been modified
492			$installation_hash = md5(preg_replace("/(\015\012)\|(\015)/","\012",
493			@file_get_contents(DOKU_CONF.'dokuwiki.php')));
494			if (!in_array($installation_hash, $dokuwiki_hash)) {
495			$error[] = sprintf($lang['i_badhash'],$installation_hash);
496			$ok = false;
497			}
498
499			// configs shouldn't exist
500			foreach ($config_files as $file) {
501			if (file_exists($file) && filesize($file)) {
502			$file = str_replace($_SERVER['DOCUMENT_ROOT'],'{DOCUMENT_ROOT}/', $file);
503			$error[] = sprintf($lang['i_confexists'],$file);
504			$ok = false;
505			}
506			}
507			return $ok;
508			}
509
510
511			/**
512			* Check other installation dir/file permission requirements
513			*
514			* @author Chris Smith <[email protected]>
515			*
516			* @return bool
517			*/
518			function check_permissions(){
519			global $error;
520			global $lang;
521
522			$dirs = array(
523			'conf' => DOKU_LOCAL,
524			'data' => DOKU_INC.'data',
525			'pages' => DOKU_INC.'data/pages',
526			'attic' => DOKU_INC.'data/attic',
527			'media' => DOKU_INC.'data/media',
528			'media_attic' => DOKU_INC.'data/media_attic',
529			'media_meta' => DOKU_INC.'data/media_meta',
530			'meta' => DOKU_INC.'data/meta',
531			'cache' => DOKU_INC.'data/cache',
532			'locks' => DOKU_INC.'data/locks',
533			'index' => DOKU_INC.'data/index',
534			'tmp' => DOKU_INC.'data/tmp'
535			);
536
537			$ok = true;
538			foreach($dirs as $dir){
539			if(!file_exists("$dir/.") \|\| !is_writable($dir)){
540			$dir = str_replace($_SERVER['DOCUMENT_ROOT'],'{DOCUMENT_ROOT}', $dir);
541			$error[] = sprintf($lang['i_permfail'],$dir);
542			$ok = false;
543			}
544			}
545			return $ok;
546			}
547
548			/**
549			* Check the availability of functions used in DokuWiki and the PHP version
550			*
551			* @author Andreas Gohr <[email protected]>
552			*
553			* @return bool
554			*/
555			function check_functions(){
556			global $error;
557			global $lang;
558			$ok = true;
559
560			if(version_compare(phpversion(),'5.3.3','<')){
561			$error[] = sprintf($lang['i_phpver'],phpversion(),'5.3.3');
562			$ok = false;
563			}
564
565			if(ini_get('mbstring.func_overload') != 0){
566			$error[] = $lang['i_mbfuncoverload'];
567			$ok = false;
568			}
569
570			$funcs = explode(' ','addslashes call_user_func chmod copy fgets '.
571			'file file_exists fseek flush filesize ftell fopen '.
572			'glob header ignore_user_abort ini_get mail mkdir '.
573			'ob_start opendir parse_ini_file readfile realpath '.
574			'rename rmdir serialize session_start unlink usleep '.
575			'preg_replace file_get_contents htmlspecialchars_decode '.
576			'spl_autoload_register stream_select fsockopen pack');
577
578			if (!function_exists('mb_substr')) {
579			$funcs[] = 'utf8_encode';
580			$funcs[] = 'utf8_decode';
581			}
582
583			foreach($funcs as $func){
584			if(!function_exists($func)){
585			$error[] = sprintf($lang['i_funcna'],$func);
586			$ok = false;
587			}
588			}
589			return $ok;
590			}
591
592			/**
593			* Print language selection
594			*
595			* @author Andreas Gohr <[email protected]>
596			*/
597			function langsel(){
598			global $lang;
599			global $LC;
600
601			$dir = DOKU_INC.'inc/lang';
602			$dh = opendir($dir);
603			if(!$dh) return;
604
605			$langs = array();
606			while (($file = readdir($dh)) !== false) {
607			if(preg_match('/^[\._]/',$file)) continue;
608			if(is_dir($dir.'/'.$file) && file_exists($dir.'/'.$file.'/lang.php')){
609			$langs[] = $file;
610			}
611			}
612			closedir($dh);
613			sort($langs);
614
615			echo '<form action="">';
616			echo $lang['i_chooselang'];
617			echo ': <select name="l" onchange="submit()">';
618			foreach($langs as $l){
619			$sel = ($l == $LC) ? 'selected="selected"' : '';
620			echo '<option value="'.$l.'" '.$sel.'>'.$l.'</option>';
621			}
622			echo '</select> ';
623			echo '<button type="submit">'.$lang['btn_update'].'</button>';
624			echo '</form>';
625			}
626
627			/**
628			* Print global error array
629			*
630			* @author Andreas Gohr <[email protected]>
631			*/
632			function print_errors(){
633			global $error;
634			if(!empty($error)) {
635			echo '<ul>';
636			foreach ($error as $err){
637			echo "<li>$err</li>";
638			}
639			echo '</ul>';
640			}
641			}
642
643			/**
644			* remove magic quotes recursivly
645			*
646			* @author Andreas Gohr <[email protected]>
647			*
648			* @param array $array
649			*/
650			function remove_magic_quotes(&$array) {
			0 ignored issues – show Best Practice introduced 2015-11-27 08:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `remove_magic_quotes()` has been defined more than once; this definition is ignored, only the first definition in `inc/init.php` (L401-418) is considered. This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the `@ignore` annotation. /** * @ignore */ function getUser() { } function getUser($id, $realm) { } See also the PhpDoc documentation for @ignore. Loading history...
651			foreach (array_keys($array) as $key) {
652			if (is_array($array[$key])) {
653			remove_magic_quotes($array[$key]);
654			}else {
655			$array[$key] = stripslashes($array[$key]);
656			}
657			}
658			}
659
660

splitbrain / dokuwiki

Push — nozlib ( e6a6ca )

install.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like