Issues in install.php - Fixed Issues - Inspection of ""Hotfix Release 2017-02-19a "Frusterick Manners"" - splitbrain/dokuwiki - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — stable ( 252620...e349ed )

unknown

created 2017-02-20 19:42 UTC

install.php (1 issue)

Labels

Best Practice 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Dokuwiki installation assistance
 *
 * @author      Chris Smith <[email protected]>
 */

if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/');
if(!defined('DOKU_CONF')) define('DOKU_CONF',DOKU_INC.'conf/');
if(!defined('DOKU_LOCAL')) define('DOKU_LOCAL',DOKU_INC.'conf/');

require_once(DOKU_INC.'inc/PassHash.class.php');

// check for error reporting override or set error reporting to sane values
if (!defined('DOKU_E_LEVEL')) { error_reporting(E_ALL ^ E_NOTICE); }
else { error_reporting(DOKU_E_LEVEL); }

// kill magic quotes
if (get_magic_quotes_gpc() && !defined('MAGIC_QUOTES_STRIPPED')) {
    if (!empty($_GET))    remove_magic_quotes($_GET);
    if (!empty($_POST))   remove_magic_quotes($_POST);
    if (!empty($_COOKIE)) remove_magic_quotes($_COOKIE);
    if (!empty($_REQUEST)) remove_magic_quotes($_REQUEST);
    @ini_set('magic_quotes_gpc', 0);
    define('MAGIC_QUOTES_STRIPPED',1);
}
if (function_exists('set_magic_quotes_runtime')) @set_magic_quotes_runtime(0);
@ini_set('magic_quotes_sybase',0);

// language strings
require_once(DOKU_INC.'inc/lang/en/lang.php');
if(isset($_REQUEST['l']) && !is_array($_REQUEST['l'])) {
    $LC = preg_replace('/[^a-z\-]+/','',$_REQUEST['l']);
}
if(empty($LC)) $LC = 'en';
if($LC && $LC != 'en' ) {
    require_once(DOKU_INC.'inc/lang/'.$LC.'/lang.php');
}

// initialise variables ...
$error = array();

$dokuwiki_hash = array(
    '2005-09-22'   => 'e33223e957b0b0a130d0520db08f8fb7',
    '2006-03-05'   => '51295727f79ab9af309a2fd9e0b61acc',
    '2006-03-09'   => '51295727f79ab9af309a2fd9e0b61acc',
    '2006-11-06'   => 'b3a8af76845977c2000d85d6990dd72b',
    '2007-05-24'   => 'd80f2740c84c4a6a791fd3c7a353536f',
    '2007-06-26'   => 'b3ca19c7a654823144119980be73cd77',
    '2008-05-04'   => '1e5c42eac3219d9e21927c39e3240aad',
    '2009-02-14'   => 'ec8c04210732a14fdfce0f7f6eead865',
    '2009-12-25'   => '993c4b2b385643efe5abf8e7010e11f4',
    '2010-11-07'   => '7921d48195f4db21b8ead6d9bea801b8',
    '2011-05-25'   => '4241865472edb6fa14a1227721008072',
    '2011-11-10'   => 'b46ff19a7587966ac4df61cbab1b8b31',
    '2012-01-25'   => '72c083c73608fc43c586901fd5dabb74',
    '2012-09-10'   => 'eb0b3fc90056fbc12bac6f49f7764df3',
    '2013-05-10'   => '7b62b75245f57f122d3e0f8ed7989623',
    '2013-12-08'   => '263c76af309fbf083867c18a34ff5214',
    '2014-05-05'   => '263c76af309fbf083867c18a34ff5214',
    '2015-08-10'   => '263c76af309fbf083867c18a34ff5214',
    '2016-06-26'   => 'fd3abb6d89853dacb032907e619fbd73',
    '2017-02-19'   => 'e4f2f5a34c9dbcd96a5ecc8f2df25bd9'
);


// begin output
header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html>
<html lang="<?php echo $LC?>" dir="<?php echo $lang['direction']?>">
<head>
    <meta charset="utf-8" />
    <title><?php echo $lang['i_installer']?></title>
    <style type="text/css">
        body { width: 90%; margin: 0 auto; font: 84% Verdana, Helvetica, Arial, sans-serif; }
        img { border: none }
        br.cl { clear:both; }
        code { font-size: 110%; color: #800000; }
        fieldset { border: none }
        label { display: block; margin-top: 0.5em; }
        select.text, input.text { width: 30em; margin: 0 0.5em; }
        a {text-decoration: none}
    </style>
    <script type="text/javascript">
        function acltoggle(){
            var cb = document.getElementById('acl');
            var fs = document.getElementById('acldep');
            if(!cb || !fs) return;
            if(cb.checked){
                fs.style.display = '';
            }else{
                fs.style.display = 'none';
            }
        }
        window.onload = function(){
            acltoggle();
            var cb = document.getElementById('acl');
            if(cb) cb.onchange = acltoggle;
        };
    </script>
</head>
<body style="">
    <h1 style="float:left">
        <img src="lib/exe/fetch.php?media=wiki:dokuwiki-128.png"
             style="vertical-align: middle;" alt="" height="64" width="64" />
        <?php echo $lang['i_installer']?>
    </h1>
    <div style="float:right; margin: 1em;">
        <?php langsel()?>
    </div>
    <br class="cl" />

    <div style="float: right; width: 34%;">
        <?php
            if(file_exists(DOKU_INC.'inc/lang/'.$LC.'/install.html')){
                include(DOKU_INC.'inc/lang/'.$LC.'/install.html');
            }else{
                print "<div lang=\"en\" dir=\"ltr\">\n";
                include(DOKU_INC.'inc/lang/en/install.html');
                print "</div>\n";
            }
        ?>
        <a style="background: transparent url(data/security.png) left top no-repeat;
                  display: block; width:380px; height:73px; border:none; clear:both;"
           target="_blank"
           href="http://www.dokuwiki.org/security#web_access_security"></a>
    </div>

    <div style="float: left; width: 58%;">
        <?php
            if(! (check_functions() && check_permissions()) ){
                echo '<p>'.$lang['i_problems'].'</p>';
                print_errors();
                print_retry();
            }elseif(!check_configs()){
                echo '<p>'.$lang['i_modified'].'</p>';
                print_errors();
            }elseif(check_data($_REQUEST['d'])){
                // check_data has sanitized all input parameters
                if(!store_data($_REQUEST['d'])){
                    echo '<p>'.$lang['i_failure'].'</p>';
                    print_errors();
                }else{
                    echo '<p>'.$lang['i_success'].'</p>';
                }
            }else{
                print_errors();
                print_form($_REQUEST['d']);
            }
        ?>
    </div>


<div style="clear: both">
  <a href="http://dokuwiki.org/"><img src="lib/tpl/dokuwiki/images/button-dw.png" alt="driven by DokuWiki" /></a>
  <a href="http://php.net"><img src="lib/tpl/dokuwiki/images/button-php.gif" alt="powered by PHP" /></a>
</div>
</body>
</html>
<?php

/**
 * Print the input form
 *
 * @param array $d submitted entry 'd' of request data
 */
function print_form($d){
    global $lang;
    global $LC;

    include(DOKU_CONF.'license.php');

    if(!is_array($d)) $d = array();
    $d = array_map('htmlspecialchars',$d);

    if(!isset($d['acl'])) $d['acl']=1;
    if(!isset($d['pop'])) $d['pop']=1;

    ?>
    <form action="" method="post">
    <input type="hidden" name="l" value="<?php echo $LC ?>" />
    <fieldset>
        <label for="title"><?php echo $lang['i_wikiname']?>
        <input type="text" name="d[title]" id="title" value="<?php echo $d['title'] ?>" style="width: 20em;" />
        </label>

        <fieldset style="margin-top: 1em;">
            <label for="acl">
            <input type="checkbox" name="d[acl]" id="acl" <?php echo(($d['acl'] ? ' checked="checked"' : ''));?> />
            <?php echo $lang['i_enableacl']?></label>

            <fieldset id="acldep">
                <label for="superuser"><?php echo $lang['i_superuser']?></label>
                <input class="text" type="text" name="d[superuser]" id="superuser" value="<?php echo $d['superuser'] ?>" />

                <label for="fullname"><?php echo $lang['fullname']?></label>
                <input class="text" type="text" name="d[fullname]" id="fullname" value="<?php echo $d['fullname'] ?>" />

                <label for="email"><?php echo $lang['email']?></label>
                <input class="text" type="text" name="d[email]" id="email" value="<?php echo $d['email'] ?>" />

                <label for="password"><?php echo $lang['pass']?></label>
                <input class="text" type="password" name="d[password]" id="password" />

                <label for="confirm"><?php echo $lang['passchk']?></label>
                <input class="text" type="password" name="d[confirm]" id="confirm" />

                <label for="policy"><?php echo $lang['i_policy']?></label>
                <select class="text" name="d[policy]" id="policy">
                    <option value="0" <?php echo ($d['policy'] == 0)?'selected="selected"':'' ?>><?php echo $lang['i_pol0']?></option>
                    <option value="1" <?php echo ($d['policy'] == 1)?'selected="selected"':'' ?>><?php echo $lang['i_pol1']?></option>
                    <option value="2" <?php echo ($d['policy'] == 2)?'selected="selected"':'' ?>><?php echo $lang['i_pol2']?></option>
                </select>

                <label for="allowreg">
                    <input type="checkbox" name="d[allowreg]" id="allowreg" <?php echo(($d['allowreg'] ? ' checked="checked"' : ''));?> />
                    <?php echo $lang['i_allowreg']?>
                </label>
            </fieldset>
        </fieldset>

        <fieldset>
            <p><?php echo $lang['i_license']?></p>
            <?php
            array_push($license,array('name' => $lang['i_license_none'], 'url'=>''));
            if(empty($d['license'])) $d['license'] = 'cc-by-sa';
            foreach($license as $key => $lic){
                echo '<label for="lic_'.$key.'">';
                echo '<input type="radio" name="d[license]" value="'.htmlspecialchars($key).'" id="lic_'.$key.'"'.
                     (($d['license'] === $key)?' checked="checked"':'').'>';
                echo htmlspecialchars($lic['name']);
                if($lic['url']) echo ' <a href="'.$lic['url'].'" target="_blank"><sup>[?]</sup></a>';
                echo '</label>';
            }
            ?>
        </fieldset>

        <fieldset>
            <p><?php echo $lang['i_pop_field']?></p>
            <label for="pop">
                <input type="checkbox" name="d[pop]" id="pop" <?php echo(($d['pop'] ? ' checked="checked"' : ''));?> />
                <?php echo $lang['i_pop_label']?> <a href="http://www.dokuwiki.org/popularity" target="_blank"><sup>[?]</sup></a>
            </label>
        </fieldset>

    </fieldset>
    <fieldset id="process">
        <button type="submit" name="submit"><?php echo $lang['btn_save']?></button>
    </fieldset>
    </form>
    <?php
}

function print_retry() {
    global $lang;
    global $LC;
    ?>
    <form action="" method="get">
      <fieldset>
        <input type="hidden" name="l" value="<?php echo $LC ?>" />
        <button type="submit"><?php echo $lang['i_retry'];?></button>
      </fieldset>
    </form>
    <?php
}

/**
 * Check validity of data
 *
 * @author Andreas Gohr
 *
 * @param array $d
 * @return bool ok?
 */
function check_data(&$d){
    static $form_default = array(
        'title'     => '',
        'acl'       => '1',
        'superuser' => '',
        'fullname'  => '',
        'email'     => '',
        'password'  => '',
        'confirm'   => '',
        'policy'    => '0',
        'allowreg'  => '0',
        'license'   => 'cc-by-sa'
    );
    global $lang;
    global $error;

    if(!is_array($d)) $d = array();
    foreach($d as $k => $v) {
        if(is_array($v))
            unset($d[$k]);
        else
            $d[$k] = (string)$v;
    }

    //autolowercase the username
    $d['superuser'] = isset($d['superuser']) ? strtolower($d['superuser']) : "";

    $ok = false;

    if(isset($_REQUEST['submit'])) {
        $ok = true;

        // check input
        if(empty($d['title'])){
            $error[] = sprintf($lang['i_badval'],$lang['i_wikiname']);
            $ok      = false;
        }
        if(isset($d['acl'])){
            if(!preg_match('/^[a-z0-9_]+$/',$d['superuser'])){
                $error[] = sprintf($lang['i_badval'],$lang['i_superuser']);
                $ok      = false;
            }
            if(empty($d['password'])){
                $error[] = sprintf($lang['i_badval'],$lang['pass']);
                $ok      = false;
            }
            elseif(!isset($d['confirm']) || $d['confirm'] != $d['password']){
                $error[] = sprintf($lang['i_badval'],$lang['passchk']);
                $ok      = false;
            }
            if(empty($d['fullname']) || strstr($d['fullname'],':')){
                $error[] = sprintf($lang['i_badval'],$lang['fullname']);
                $ok      = false;
            }
            if(empty($d['email']) || strstr($d['email'],':') || !strstr($d['email'],'@')){
                $error[] = sprintf($lang['i_badval'],$lang['email']);
                $ok      = false;
            }
        }
    }
    $d = array_merge($form_default, $d);
    return $ok;
}

/**
 * Writes the data to the config files
 *
 * @author  Chris Smith <[email protected]>
 *
 * @param array $d
 * @return bool
 */
function store_data($d){
    global $LC;
    $ok = true;
    $d['policy'] = (int) $d['policy'];

    // create local.php
    $now    = gmdate('r');
    $output = <<<EOT
<?php
/**
 * Dokuwiki's Main Configuration File - Local Settings
 * Auto-generated by install script
 * Date: $now
 */

EOT;
    // add any config options set by a previous installer
    $preset = __DIR__.'/install.conf';
    if(file_exists($preset)){
        $output .= "# preset config options\n";
        $output .= file_get_contents($preset);
        $output .= "\n\n";
        $output .= "# options selected in installer\n";
        @unlink($preset);
    }

    $output .= '$conf[\'title\'] = \''.addslashes($d['title'])."';\n";
    $output .= '$conf[\'lang\'] = \''.addslashes($LC)."';\n";
    $output .= '$conf[\'license\'] = \''.addslashes($d['license'])."';\n";
    if($d['acl']){
        $output .= '$conf[\'useacl\'] = 1'.";\n";
        $output .= "\$conf['superuser'] = '@admin';\n";
    }
    if(!$d['allowreg']){
        $output .= '$conf[\'disableactions\'] = \'register\''.";\n";
    }
    $ok = $ok && fileWrite(DOKU_LOCAL.'local.php',$output);

    if ($d['acl']) {
        // hash the password
        $phash = new PassHash();
        $pass = $phash->hash_smd5($d['password']);

        // create users.auth.php
        // --- user:SMD5password:Real Name:email:groups,comma,seperated
        $output = join(":",array($d['superuser'], $pass, $d['fullname'], $d['email'], 'admin,user'));
        $output = @file_get_contents(DOKU_CONF.'users.auth.php.dist')."\n$output\n";
        $ok = $ok && fileWrite(DOKU_LOCAL.'users.auth.php', $output);

        // create acl.auth.php
        $output = <<<EOT
# acl.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Access Control Lists
#
# Auto-generated by install script
# Date: $now

EOT;
        if($d['policy'] == 2){
            $output .=  "*               @ALL          0\n";
            $output .=  "*               @user         8\n";
        }elseif($d['policy'] == 1){
            $output .=  "*               @ALL          1\n";
            $output .=  "*               @user         8\n";
        }else{
            $output .=  "*               @ALL          8\n";
        }
        $ok = $ok && fileWrite(DOKU_LOCAL.'acl.auth.php', $output);
    }

    // enable popularity submission
    if($d['pop']){
        @touch(DOKU_INC.'data/cache/autosubmit.txt');
    }

    // disable auth plugins til needed
    $output = <<<EOT
<?php
/*
 * Local plugin enable/disable settings
 *
 * Auto-generated by install script
 * Date: $now
 */

\$plugins['authad']    = 0;
\$plugins['authldap']  = 0;
\$plugins['authmysql'] = 0;
\$plugins['authpgsql'] = 0;

EOT;
    $ok = $ok && fileWrite(DOKU_LOCAL.'plugins.local.php', $output);

    return $ok;
}

/**
 * Write the given content to a file
 *
 * @author  Chris Smith <[email protected]>
 *
 * @param string $filename
 * @param string $data
 * @return bool
 */
function fileWrite($filename, $data) {
    global $error;
    global $lang;

    if (($fp = @fopen($filename, 'wb')) === false) {
        $filename = str_replace($_SERVER['DOCUMENT_ROOT'],'{DOCUMENT_ROOT}/', $filename);
        $error[]  = sprintf($lang['i_writeerr'],$filename);
        return false;
    }

    if (!empty($data)) { fwrite($fp, $data);  }
    fclose($fp);
    return true;
}


/**
 * check installation dependent local config files and tests for a known
 * unmodified main config file
 *
 * @author      Chris Smith <[email protected]>
 *
 * @return bool
 */
function check_configs(){
    global $error;
    global $lang;
    global $dokuwiki_hash;

    $ok = true;

    $config_files = array(
        'local' => DOKU_LOCAL.'local.php',
        'users' => DOKU_LOCAL.'users.auth.php',
        'auth'  => DOKU_LOCAL.'acl.auth.php'
    );

    // main dokuwiki config file (conf/dokuwiki.php) must not have been modified
    $installation_hash = md5(preg_replace("/(\015\012)|(\015)/","\012",
                             @file_get_contents(DOKU_CONF.'dokuwiki.php')));
    if (!in_array($installation_hash, $dokuwiki_hash)) {
        $error[] = sprintf($lang['i_badhash'],$installation_hash);
        $ok = false;
    }

    // configs shouldn't exist
    foreach ($config_files as $file) {
        if (file_exists($file) && filesize($file)) {
            $file    = str_replace($_SERVER['DOCUMENT_ROOT'],'{DOCUMENT_ROOT}/', $file);
            $error[] = sprintf($lang['i_confexists'],$file);
            $ok      = false;
        }
    }
    return $ok;
}


/**
 * Check other installation dir/file permission requirements
 *
 * @author      Chris Smith <[email protected]>
 *
 * @return bool
 */
function check_permissions(){
    global $error;
    global $lang;

    $dirs = array(
        'conf'        => DOKU_LOCAL,
        'data'        => DOKU_INC.'data',
        'pages'       => DOKU_INC.'data/pages',
        'attic'       => DOKU_INC.'data/attic',
        'media'       => DOKU_INC.'data/media',
        'media_attic' => DOKU_INC.'data/media_attic',
        'media_meta'  => DOKU_INC.'data/media_meta',
        'meta'        => DOKU_INC.'data/meta',
        'cache'       => DOKU_INC.'data/cache',
        'locks'       => DOKU_INC.'data/locks',
        'index'       => DOKU_INC.'data/index',
        'tmp'         => DOKU_INC.'data/tmp'
    );

    $ok = true;
    foreach($dirs as $dir){
        if(!file_exists("$dir/.") || !is_writable($dir)){
            $dir     = str_replace($_SERVER['DOCUMENT_ROOT'],'{DOCUMENT_ROOT}', $dir);
            $error[] = sprintf($lang['i_permfail'],$dir);
            $ok      = false;
        }
    }
    return $ok;
}

/**
 * Check the availability of functions used in DokuWiki and the PHP version
 *
 * @author Andreas Gohr <[email protected]>
 *
 * @return bool
 */
function check_functions(){
    global $error;
    global $lang;
    $ok = true;

    if(version_compare(phpversion(),'5.3.3','<')){
        $error[] = sprintf($lang['i_phpver'],phpversion(),'5.3.3');
        $ok = false;
    }

    if(ini_get('mbstring.func_overload') != 0){
        $error[] = $lang['i_mbfuncoverload'];
        $ok = false;
    }

    $funcs = explode(' ','addslashes call_user_func chmod copy fgets '.
                         'file file_exists fseek flush filesize ftell fopen '.
                         'glob header ignore_user_abort ini_get mail mkdir '.
                         'ob_start opendir parse_ini_file readfile realpath '.
                         'rename rmdir serialize session_start unlink usleep '.
                         'preg_replace file_get_contents htmlspecialchars_decode '.
                         'spl_autoload_register stream_select fsockopen pack');

    if (!function_exists('mb_substr')) {
        $funcs[] = 'utf8_encode';
        $funcs[] = 'utf8_decode';
    }

    foreach($funcs as $func){
        if(!function_exists($func)){
            $error[] = sprintf($lang['i_funcna'],$func);
            $ok = false;
        }
    }
    return $ok;
}

/**
 * Print language selection
 *
 * @author Andreas Gohr <[email protected]>
 */
function langsel(){
    global $lang;
    global $LC;

    $dir = DOKU_INC.'inc/lang';
    $dh  = opendir($dir);
    if(!$dh) return;

    $langs = array();
    while (($file = readdir($dh)) !== false) {
        if(preg_match('/^[\._]/',$file)) continue;
        if(is_dir($dir.'/'.$file) && file_exists($dir.'/'.$file.'/lang.php')){
            $langs[] = $file;
        }
    }
    closedir($dh);
    sort($langs);

    echo '<form action="">';
    echo $lang['i_chooselang'];
    echo ': <select name="l" onchange="submit()">';
    foreach($langs as $l){
        $sel = ($l == $LC) ? 'selected="selected"' : '';
        echo '<option value="'.$l.'" '.$sel.'>'.$l.'</option>';
    }
    echo '</select> ';
    echo '<button type="submit">'.$lang['btn_update'].'</button>';
    echo '</form>';
}

/**
 * Print global error array
 *
 * @author Andreas Gohr <[email protected]>
 */
function print_errors(){
    global $error;
    if(!empty($error)) {
        echo '<ul>';
        foreach ($error as $err){
            echo "<li>$err</li>";
        }
        echo '</ul>';
    }
}

/**
 * remove magic quotes recursivly
 *
 * @author Andreas Gohr <[email protected]>
 *
 * @param array $array
 */
function remove_magic_quotes(&$array) {
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
    foreach (array_keys($array) as $key) {
        if (is_array($array[$key])) {
            remove_magic_quotes($array[$key]);
        }else {
            $array[$key] = stripslashes($array[$key]);
        }
    }
}



1			<?php
2			/**
3			* Dokuwiki installation assistance
4			*
5			* @author Chris Smith <[email protected]>
6			*/
7
8			if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/');
9			if(!defined('DOKU_CONF')) define('DOKU_CONF',DOKU_INC.'conf/');
10			if(!defined('DOKU_LOCAL')) define('DOKU_LOCAL',DOKU_INC.'conf/');
11
12			require_once(DOKU_INC.'inc/PassHash.class.php');
13
14			// check for error reporting override or set error reporting to sane values
15			if (!defined('DOKU_E_LEVEL')) { error_reporting(E_ALL ^ E_NOTICE); }
16			else { error_reporting(DOKU_E_LEVEL); }
17
18			// kill magic quotes
19			if (get_magic_quotes_gpc() && !defined('MAGIC_QUOTES_STRIPPED')) {
20			if (!empty($_GET)) remove_magic_quotes($_GET);
21			if (!empty($_POST)) remove_magic_quotes($_POST);
22			if (!empty($_COOKIE)) remove_magic_quotes($_COOKIE);
23			if (!empty($_REQUEST)) remove_magic_quotes($_REQUEST);
24			@ini_set('magic_quotes_gpc', 0);
25			define('MAGIC_QUOTES_STRIPPED',1);
26			}
27			if (function_exists('set_magic_quotes_runtime')) @set_magic_quotes_runtime(0);
28			@ini_set('magic_quotes_sybase',0);
29
30			// language strings
31			require_once(DOKU_INC.'inc/lang/en/lang.php');
32			if(isset($_REQUEST['l']) && !is_array($_REQUEST['l'])) {
33			$LC = preg_replace('/[^a-z\-]+/','',$_REQUEST['l']);
34			}
35			if(empty($LC)) $LC = 'en';
36			if($LC && $LC != 'en' ) {
37			require_once(DOKU_INC.'inc/lang/'.$LC.'/lang.php');
38			}
39
40			// initialise variables ...
41			$error = array();
42
43			$dokuwiki_hash = array(
44			'2005-09-22' => 'e33223e957b0b0a130d0520db08f8fb7',
45			'2006-03-05' => '51295727f79ab9af309a2fd9e0b61acc',
46			'2006-03-09' => '51295727f79ab9af309a2fd9e0b61acc',
47			'2006-11-06' => 'b3a8af76845977c2000d85d6990dd72b',
48			'2007-05-24' => 'd80f2740c84c4a6a791fd3c7a353536f',
49			'2007-06-26' => 'b3ca19c7a654823144119980be73cd77',
50			'2008-05-04' => '1e5c42eac3219d9e21927c39e3240aad',
51			'2009-02-14' => 'ec8c04210732a14fdfce0f7f6eead865',
52			'2009-12-25' => '993c4b2b385643efe5abf8e7010e11f4',
53			'2010-11-07' => '7921d48195f4db21b8ead6d9bea801b8',
54			'2011-05-25' => '4241865472edb6fa14a1227721008072',
55			'2011-11-10' => 'b46ff19a7587966ac4df61cbab1b8b31',
56			'2012-01-25' => '72c083c73608fc43c586901fd5dabb74',
57			'2012-09-10' => 'eb0b3fc90056fbc12bac6f49f7764df3',
58			'2013-05-10' => '7b62b75245f57f122d3e0f8ed7989623',
59			'2013-12-08' => '263c76af309fbf083867c18a34ff5214',
60			'2014-05-05' => '263c76af309fbf083867c18a34ff5214',
61			'2015-08-10' => '263c76af309fbf083867c18a34ff5214',
62			'2016-06-26' => 'fd3abb6d89853dacb032907e619fbd73',
63			'2017-02-19' => 'e4f2f5a34c9dbcd96a5ecc8f2df25bd9'
64			);
65
66
67			// begin output
68			header('Content-Type: text/html; charset=utf-8');
69			?>
70			<!DOCTYPE html>
71			<html lang="<?php echo $LC?>" dir="<?php echo $lang['direction']?>">
72			<head>
73			<meta charset="utf-8" />
74			<title><?php echo $lang['i_installer']?></title>
75			<style type="text/css">
76			body { width: 90%; margin: 0 auto; font: 84% Verdana, Helvetica, Arial, sans-serif; }
77			img { border: none }
78			br.cl { clear:both; }
79			code { font-size: 110%; color: #800000; }
80			fieldset { border: none }
81			label { display: block; margin-top: 0.5em; }
82			select.text, input.text { width: 30em; margin: 0 0.5em; }
83			a {text-decoration: none}
84			</style>
85			<script type="text/javascript">
86			function acltoggle(){
87			var cb = document.getElementById('acl');
88			var fs = document.getElementById('acldep');
89			if(!cb \|\| !fs) return;
90			if(cb.checked){
91			fs.style.display = '';
92			}else{
93			fs.style.display = 'none';
94			}
95			}
96			window.onload = function(){
97			acltoggle();
98			var cb = document.getElementById('acl');
99			if(cb) cb.onchange = acltoggle;
100			};
101			</script>
102			</head>
103			<body style="">
104			<h1 style="float:left">
105			<img src="lib/exe/fetch.php?media=wiki:dokuwiki-128.png"
106			style="vertical-align: middle;" alt="" height="64" width="64" />
107			<?php echo $lang['i_installer']?>
108			</h1>
109			<div style="float:right; margin: 1em;">
110			<?php langsel()?>
111			</div>
112			<br class="cl" />
113
114			<div style="float: right; width: 34%;">
115			<?php
116			if(file_exists(DOKU_INC.'inc/lang/'.$LC.'/install.html')){
117			include(DOKU_INC.'inc/lang/'.$LC.'/install.html');
118			}else{
119			print "<div lang=\"en\" dir=\"ltr\">\n";
120			include(DOKU_INC.'inc/lang/en/install.html');
121			print "</div>\n";
122			}
123			?>
124			<a style="background: transparent url(data/security.png) left top no-repeat;
125			display: block; width:380px; height:73px; border:none; clear:both;"
126			target="_blank"
127			href="http://www.dokuwiki.org/security#web_access_security"></a>
128			</div>
129
130			<div style="float: left; width: 58%;">
131			<?php
132			if(! (check_functions() && check_permissions()) ){
133			echo '<p>'.$lang['i_problems'].'</p>';
134			print_errors();
135			print_retry();
136			}elseif(!check_configs()){
137			echo '<p>'.$lang['i_modified'].'</p>';
138			print_errors();
139			}elseif(check_data($_REQUEST['d'])){
140			// check_data has sanitized all input parameters
141			if(!store_data($_REQUEST['d'])){
142			echo '<p>'.$lang['i_failure'].'</p>';
143			print_errors();
144			}else{
145			echo '<p>'.$lang['i_success'].'</p>';
146			}
147			}else{
148			print_errors();
149			print_form($_REQUEST['d']);
150			}
151			?>
152			</div>
153
154
155			<div style="clear: both">
156			<a href="http://dokuwiki.org/"><img src="lib/tpl/dokuwiki/images/button-dw.png" alt="driven by DokuWiki" /></a>
157			<a href="http://php.net"><img src="lib/tpl/dokuwiki/images/button-php.gif" alt="powered by PHP" /></a>
158			</div>
159			</body>
160			</html>
161			<?php
162
163			/**
164			* Print the input form
165			*
166			* @param array $d submitted entry 'd' of request data
167			*/
168			function print_form($d){
169			global $lang;
170			global $LC;
171
172			include(DOKU_CONF.'license.php');
173
174			if(!is_array($d)) $d = array();
175			$d = array_map('htmlspecialchars',$d);
176
177			if(!isset($d['acl'])) $d['acl']=1;
178			if(!isset($d['pop'])) $d['pop']=1;
179
180			?>
181			<form action="" method="post">
182			<input type="hidden" name="l" value="<?php echo $LC ?>" />
183			<fieldset>
184			<label for="title"><?php echo $lang['i_wikiname']?>
185			<input type="text" name="d[title]" id="title" value="<?php echo $d['title'] ?>" style="width: 20em;" />
186			</label>
187
188			<fieldset style="margin-top: 1em;">
189			<label for="acl">
190			<input type="checkbox" name="d[acl]" id="acl" <?php echo(($d['acl'] ? ' checked="checked"' : ''));?> />
191			<?php echo $lang['i_enableacl']?></label>
192
193			<fieldset id="acldep">
194			<label for="superuser"><?php echo $lang['i_superuser']?></label>
195			<input class="text" type="text" name="d[superuser]" id="superuser" value="<?php echo $d['superuser'] ?>" />
196
197			<label for="fullname"><?php echo $lang['fullname']?></label>
198			<input class="text" type="text" name="d[fullname]" id="fullname" value="<?php echo $d['fullname'] ?>" />
199
200			<label for="email"><?php echo $lang['email']?></label>
201			<input class="text" type="text" name="d[email]" id="email" value="<?php echo $d['email'] ?>" />
202
203			<label for="password"><?php echo $lang['pass']?></label>
204			<input class="text" type="password" name="d[password]" id="password" />
205
206			<label for="confirm"><?php echo $lang['passchk']?></label>
207			<input class="text" type="password" name="d[confirm]" id="confirm" />
208
209			<label for="policy"><?php echo $lang['i_policy']?></label>
210			<select class="text" name="d[policy]" id="policy">
211			<option value="0" <?php echo ($d['policy'] == 0)?'selected="selected"':'' ?>><?php echo $lang['i_pol0']?></option>
212			<option value="1" <?php echo ($d['policy'] == 1)?'selected="selected"':'' ?>><?php echo $lang['i_pol1']?></option>
213			<option value="2" <?php echo ($d['policy'] == 2)?'selected="selected"':'' ?>><?php echo $lang['i_pol2']?></option>
214			</select>
215
216			<label for="allowreg">
217			<input type="checkbox" name="d[allowreg]" id="allowreg" <?php echo(($d['allowreg'] ? ' checked="checked"' : ''));?> />
218			<?php echo $lang['i_allowreg']?>
219			</label>
220			</fieldset>
221			</fieldset>
222
223			<fieldset>
224			<p><?php echo $lang['i_license']?></p>
225			<?php
226			array_push($license,array('name' => $lang['i_license_none'], 'url'=>''));
227			if(empty($d['license'])) $d['license'] = 'cc-by-sa';
228			foreach($license as $key => $lic){
229			echo '<label for="lic_'.$key.'">';
230			echo '<input type="radio" name="d[license]" value="'.htmlspecialchars($key).'" id="lic_'.$key.'"'.
231			(($d['license'] === $key)?' checked="checked"':'').'>';
232			echo htmlspecialchars($lic['name']);
233			if($lic['url']) echo ' <a href="'.$lic['url'].'" target="_blank"><sup>[?]</sup></a>';
234			echo '</label>';
235			}
236			?>
237			</fieldset>
238
239			<fieldset>
240			<p><?php echo $lang['i_pop_field']?></p>
241			<label for="pop">
242			<input type="checkbox" name="d[pop]" id="pop" <?php echo(($d['pop'] ? ' checked="checked"' : ''));?> />
243			<?php echo $lang['i_pop_label']?> <a href="http://www.dokuwiki.org/popularity" target="_blank"><sup>[?]</sup></a>
244			</label>
245			</fieldset>
246
247			</fieldset>
248			<fieldset id="process">
249			<button type="submit" name="submit"><?php echo $lang['btn_save']?></button>
250			</fieldset>
251			</form>
252			<?php
253			}
254
255			function print_retry() {
256			global $lang;
257			global $LC;
258			?>
259			<form action="" method="get">
260			<fieldset>
261			<input type="hidden" name="l" value="<?php echo $LC ?>" />
262			<button type="submit"><?php echo $lang['i_retry'];?></button>
263			</fieldset>
264			</form>
265			<?php
266			}
267
268			/**
269			* Check validity of data
270			*
271			* @author Andreas Gohr
272			*
273			* @param array $d
274			* @return bool ok?
275			*/
276			function check_data(&$d){
277			static $form_default = array(
278			'title' => '',
279			'acl' => '1',
280			'superuser' => '',
281			'fullname' => '',
282			'email' => '',
283			'password' => '',
284			'confirm' => '',
285			'policy' => '0',
286			'allowreg' => '0',
287			'license' => 'cc-by-sa'
288			);
289			global $lang;
290			global $error;
291
292			if(!is_array($d)) $d = array();
293			foreach($d as $k => $v) {
294			if(is_array($v))
295			unset($d[$k]);
296			else
297			$d[$k] = (string)$v;
298			}
299
300			//autolowercase the username
301			$d['superuser'] = isset($d['superuser']) ? strtolower($d['superuser']) : "";
302
303			$ok = false;
304
305			if(isset($_REQUEST['submit'])) {
306			$ok = true;
307
308			// check input
309			if(empty($d['title'])){
310			$error[] = sprintf($lang['i_badval'],$lang['i_wikiname']);
311			$ok = false;
312			}
313			if(isset($d['acl'])){
314			if(!preg_match('/^[a-z0-9_]+$/',$d['superuser'])){
315			$error[] = sprintf($lang['i_badval'],$lang['i_superuser']);
316			$ok = false;
317			}
318			if(empty($d['password'])){
319			$error[] = sprintf($lang['i_badval'],$lang['pass']);
320			$ok = false;
321			}
322			elseif(!isset($d['confirm']) \|\| $d['confirm'] != $d['password']){
323			$error[] = sprintf($lang['i_badval'],$lang['passchk']);
324			$ok = false;
325			}
326			if(empty($d['fullname']) \|\| strstr($d['fullname'],':')){
327			$error[] = sprintf($lang['i_badval'],$lang['fullname']);
328			$ok = false;
329			}
330			if(empty($d['email']) \|\| strstr($d['email'],':') \|\| !strstr($d['email'],'@')){
331			$error[] = sprintf($lang['i_badval'],$lang['email']);
332			$ok = false;
333			}
334			}
335			}
336			$d = array_merge($form_default, $d);
337			return $ok;
338			}
339
340			/**
341			* Writes the data to the config files
342			*
343			* @author Chris Smith <[email protected]>
344			*
345			* @param array $d
346			* @return bool
347			*/
348			function store_data($d){
349			global $LC;
350			$ok = true;
351			$d['policy'] = (int) $d['policy'];
352
353			// create local.php
354			$now = gmdate('r');
355			$output = <<<EOT
356			<?php
357			/**
358			* Dokuwiki's Main Configuration File - Local Settings
359			* Auto-generated by install script
360			* Date: $now
361			*/
362
363			EOT;
364			// add any config options set by a previous installer
365			$preset = __DIR__.'/install.conf';
366			if(file_exists($preset)){
367			$output .= "# preset config options\n";
368			$output .= file_get_contents($preset);
369			$output .= "\n\n";
370			$output .= "# options selected in installer\n";
371			@unlink($preset);
372			}
373
374			$output .= '$conf[\'title\'] = \''.addslashes($d['title'])."';\n";
375			$output .= '$conf[\'lang\'] = \''.addslashes($LC)."';\n";
376			$output .= '$conf[\'license\'] = \''.addslashes($d['license'])."';\n";
377			if($d['acl']){
378			$output .= '$conf[\'useacl\'] = 1'.";\n";
379			$output .= "\$conf['superuser'] = '@admin';\n";
380			}
381			if(!$d['allowreg']){
382			$output .= '$conf[\'disableactions\'] = \'register\''.";\n";
383			}
384			$ok = $ok && fileWrite(DOKU_LOCAL.'local.php',$output);
385
386			if ($d['acl']) {
387			// hash the password
388			$phash = new PassHash();
389			$pass = $phash->hash_smd5($d['password']);
390
391			// create users.auth.php
392			// --- user:SMD5password:Real Name:email:groups,comma,seperated
393			$output = join(":",array($d['superuser'], $pass, $d['fullname'], $d['email'], 'admin,user'));
394			$output = @file_get_contents(DOKU_CONF.'users.auth.php.dist')."\n$output\n";
395			$ok = $ok && fileWrite(DOKU_LOCAL.'users.auth.php', $output);
396
397			// create acl.auth.php
398			$output = <<<EOT
399			# acl.auth.php
400			# <?php exit()?>
401			# Don't modify the lines above
402			#
403			# Access Control Lists
404			#
405			# Auto-generated by install script
406			# Date: $now
407
408			EOT;
409			if($d['policy'] == 2){
410			$output .= "* @ALL 0\n";
411			$output .= "* @user 8\n";
412			}elseif($d['policy'] == 1){
413			$output .= "* @ALL 1\n";
414			$output .= "* @user 8\n";
415			}else{
416			$output .= "* @ALL 8\n";
417			}
418			$ok = $ok && fileWrite(DOKU_LOCAL.'acl.auth.php', $output);
419			}
420
421			// enable popularity submission
422			if($d['pop']){
423			@touch(DOKU_INC.'data/cache/autosubmit.txt');
424			}
425
426			// disable auth plugins til needed
427			$output = <<<EOT
428			<?php
429			/*
430			* Local plugin enable/disable settings
431			*
432			* Auto-generated by install script
433			* Date: $now
434			*/
435
436			\$plugins['authad'] = 0;
437			\$plugins['authldap'] = 0;
438			\$plugins['authmysql'] = 0;
439			\$plugins['authpgsql'] = 0;
440
441			EOT;
442			$ok = $ok && fileWrite(DOKU_LOCAL.'plugins.local.php', $output);
443
444			return $ok;
445			}
446
447			/**
448			* Write the given content to a file
449			*
450			* @author Chris Smith <[email protected]>
451			*
452			* @param string $filename
453			* @param string $data
454			* @return bool
455			*/
456			function fileWrite($filename, $data) {
457			global $error;
458			global $lang;
459
460			if (($fp = @fopen($filename, 'wb')) === false) {
461			$filename = str_replace($_SERVER['DOCUMENT_ROOT'],'{DOCUMENT_ROOT}/', $filename);
462			$error[] = sprintf($lang['i_writeerr'],$filename);
463			return false;
464			}
465
466			if (!empty($data)) { fwrite($fp, $data); }
467			fclose($fp);
468			return true;
469			}
470
471
472			/**
473			* check installation dependent local config files and tests for a known
474			* unmodified main config file
475			*
476			* @author Chris Smith <[email protected]>
477			*
478			* @return bool
479			*/
480			function check_configs(){
481			global $error;
482			global $lang;
483			global $dokuwiki_hash;
484
485			$ok = true;
486
487			$config_files = array(
488			'local' => DOKU_LOCAL.'local.php',
489			'users' => DOKU_LOCAL.'users.auth.php',
490			'auth' => DOKU_LOCAL.'acl.auth.php'
491			);
492
493			// main dokuwiki config file (conf/dokuwiki.php) must not have been modified
494			$installation_hash = md5(preg_replace("/(\015\012)\|(\015)/","\012",
495			@file_get_contents(DOKU_CONF.'dokuwiki.php')));
496			if (!in_array($installation_hash, $dokuwiki_hash)) {
497			$error[] = sprintf($lang['i_badhash'],$installation_hash);
498			$ok = false;
499			}
500
501			// configs shouldn't exist
502			foreach ($config_files as $file) {
503			if (file_exists($file) && filesize($file)) {
504			$file = str_replace($_SERVER['DOCUMENT_ROOT'],'{DOCUMENT_ROOT}/', $file);
505			$error[] = sprintf($lang['i_confexists'],$file);
506			$ok = false;
507			}
508			}
509			return $ok;
510			}
511
512
513			/**
514			* Check other installation dir/file permission requirements
515			*
516			* @author Chris Smith <[email protected]>
517			*
518			* @return bool
519			*/
520			function check_permissions(){
521			global $error;
522			global $lang;
523
524			$dirs = array(
525			'conf' => DOKU_LOCAL,
526			'data' => DOKU_INC.'data',
527			'pages' => DOKU_INC.'data/pages',
528			'attic' => DOKU_INC.'data/attic',
529			'media' => DOKU_INC.'data/media',
530			'media_attic' => DOKU_INC.'data/media_attic',
531			'media_meta' => DOKU_INC.'data/media_meta',
532			'meta' => DOKU_INC.'data/meta',
533			'cache' => DOKU_INC.'data/cache',
534			'locks' => DOKU_INC.'data/locks',
535			'index' => DOKU_INC.'data/index',
536			'tmp' => DOKU_INC.'data/tmp'
537			);
538
539			$ok = true;
540			foreach($dirs as $dir){
541			if(!file_exists("$dir/.") \|\| !is_writable($dir)){
542			$dir = str_replace($_SERVER['DOCUMENT_ROOT'],'{DOCUMENT_ROOT}', $dir);
543			$error[] = sprintf($lang['i_permfail'],$dir);
544			$ok = false;
545			}
546			}
547			return $ok;
548			}
549
550			/**
551			* Check the availability of functions used in DokuWiki and the PHP version
552			*
553			* @author Andreas Gohr <[email protected]>
554			*
555			* @return bool
556			*/
557			function check_functions(){
558			global $error;
559			global $lang;
560			$ok = true;
561
562			if(version_compare(phpversion(),'5.3.3','<')){
563			$error[] = sprintf($lang['i_phpver'],phpversion(),'5.3.3');
564			$ok = false;
565			}
566
567			if(ini_get('mbstring.func_overload') != 0){
568			$error[] = $lang['i_mbfuncoverload'];
569			$ok = false;
570			}
571
572			$funcs = explode(' ','addslashes call_user_func chmod copy fgets '.
573			'file file_exists fseek flush filesize ftell fopen '.
574			'glob header ignore_user_abort ini_get mail mkdir '.
575			'ob_start opendir parse_ini_file readfile realpath '.
576			'rename rmdir serialize session_start unlink usleep '.
577			'preg_replace file_get_contents htmlspecialchars_decode '.
578			'spl_autoload_register stream_select fsockopen pack');
579
580			if (!function_exists('mb_substr')) {
581			$funcs[] = 'utf8_encode';
582			$funcs[] = 'utf8_decode';
583			}
584
585			foreach($funcs as $func){
586			if(!function_exists($func)){
587			$error[] = sprintf($lang['i_funcna'],$func);
588			$ok = false;
589			}
590			}
591			return $ok;
592			}
593
594			/**
595			* Print language selection
596			*
597			* @author Andreas Gohr <[email protected]>
598			*/
599			function langsel(){
600			global $lang;
601			global $LC;
602
603			$dir = DOKU_INC.'inc/lang';
604			$dh = opendir($dir);
605			if(!$dh) return;
606
607			$langs = array();
608			while (($file = readdir($dh)) !== false) {
609			if(preg_match('/^[\._]/',$file)) continue;
610			if(is_dir($dir.'/'.$file) && file_exists($dir.'/'.$file.'/lang.php')){
611			$langs[] = $file;
612			}
613			}
614			closedir($dh);
615			sort($langs);
616
617			echo '<form action="">';
618			echo $lang['i_chooselang'];
619			echo ': <select name="l" onchange="submit()">';
620			foreach($langs as $l){
621			$sel = ($l == $LC) ? 'selected="selected"' : '';
622			echo '<option value="'.$l.'" '.$sel.'>'.$l.'</option>';
623			}
624			echo '</select> ';
625			echo '<button type="submit">'.$lang['btn_update'].'</button>';
626			echo '</form>';
627			}
628
629			/**
630			* Print global error array
631			*
632			* @author Andreas Gohr <[email protected]>
633			*/
634			function print_errors(){
635			global $error;
636			if(!empty($error)) {
637			echo '<ul>';
638			foreach ($error as $err){
639			echo "<li>$err</li>";
640			}
641			echo '</ul>';
642			}
643			}
644
645			/**
646			* remove magic quotes recursivly
647			*
648			* @author Andreas Gohr <[email protected]>
649			*
650			* @param array $array
651			*/
652			function remove_magic_quotes(&$array) {
			0 ignored issues – show Best Practice introduced 2016-02-04 19:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `remove_magic_quotes()` has been defined more than once; this definition is ignored, only the first definition in `inc/init.php` (L383-400) is considered. This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the `@ignore` annotation. /** * @ignore */ function getUser() { } function getUser($id, $realm) { } See also the PhpDoc documentation for @ignore. Loading history...
653			foreach (array_keys($array) as $key) {
654			if (is_array($array[$key])) {
655			remove_magic_quotes($array[$key]);
656			}else {
657			$array[$key] = stripslashes($array[$key]);
658			}
659			}
660			}
661
662

splitbrain / dokuwiki

Push — stable ( 252620...e349ed )

install.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like