/** * Loads a specific configuration. * * @param array $config An array of configuration values * @param ContainerBuilder $container A ContainerBuilder instance * * @throws \InvalidArgumentException When provided tag is not defined in this extension */ public function load(array $config, ContainerBuilder $container) { foreach ($this->paths as $path) { if (file_exists($path . '/config/services.yml')) { $loader = new YamlFileLoader($container, new FileLocator(src_realpath($path . '/config'))); $loader->load('services.yml'); } } }
/** * Find a list of controllers * * @param string $base_path Base path to prepend to file paths * @return provider */ public function find($base_path = '') { $this->routes = new RouteCollection(); foreach ($this->routing_files as $file_path) { $loader = new YamlFileLoader(new FileLocator(src_realpath($base_path))); $this->routes->addCollection($loader->load($file_path)); } return $this; }
/** * Removes absolute path to src root directory from error messages * and converts backslashes to forward slashes. * * @param string $errfile Absolute file path * (e.g. /var/www/src3/src/includes/functions.php) * Please note that if $errfile is outside of the src root, * the root path will not be found and can not be filtered. * @return string Relative file path * (e.g. /includes/functions.php) */ function src_filter_root_path($errfile) { static $root_path; if (empty($root_path)) { $root_path = src_realpath(dirname(__FILE__) . '/../'); } return str_replace(array($root_path, '\\'), array('[ROOT]', '/'), $errfile); }
/** * Used to test whether we are able to connect to the database the user has specified * and identify any problems (eg there are already tables with the names we want to use * @param array $dbms should be of the format of an element of the array returned by {@link get_available_dbms get_available_dbms()} * necessary extensions should be loaded already */ function connect_check_db($error_connect, &$error, $dbms_details, $table_prefix, $dbhost, $dbuser, $dbpasswd, $dbname, $dbport, $prefix_may_exist = false, $load_dbal = true, $unicode_check = true) { global $src_root_path, $phpEx, $config, $lang; $dbms = $dbms_details['DRIVER']; // Instantiate it and set return on error true $db = new $dbms(); $db->sql_return_on_error(true); // Check that we actually have a database name before going any further..... if ($dbms_details['DRIVER'] != 'src\\db\\driver\\sqlite' && $dbms_details['DRIVER'] != 'src\\db\\driver\\sqlite3' && $dbms_details['DRIVER'] != 'src\\db\\driver\\oracle' && $dbname === '') { $error[] = $lang['INST_ERR_DB_NO_NAME']; return false; } // Make sure we don't have a daft user who thinks having the SQLite database in the forum directory is a good idea if (($dbms_details['DRIVER'] == 'src\\db\\driver\\sqlite' || $dbms_details['DRIVER'] == 'src\\db\\driver\\sqlite3') && stripos(src_realpath($dbhost), src_realpath('../')) === 0) { $error[] = $lang['INST_ERR_DB_FORUM_PATH']; return false; } // Check the prefix length to ensure that index names are not too long and does not contain invalid characters switch ($dbms_details['DRIVER']) { case 'src\\db\\driver\\mysql': case 'src\\db\\driver\\mysqli': if (strspn($table_prefix, '-./\\') !== 0) { $error[] = $lang['INST_ERR_PREFIX_INVALID']; return false; } // no break; // no break; case 'src\\db\\driver\\postgres': $prefix_length = 36; break; case 'src\\db\\driver\\mssql': case 'src\\db\\driver\\mssql_odbc': case 'src\\db\\driver\\mssqlnative': $prefix_length = 90; break; case 'src\\db\\driver\\sqlite': case 'src\\db\\driver\\sqlite3': $prefix_length = 200; break; case 'src\\db\\driver\\oracle': $prefix_length = 6; break; } if (strlen($table_prefix) > $prefix_length) { $error[] = sprintf($lang['INST_ERR_PREFIX_TOO_LONG'], $prefix_length); return false; } // Try and connect ... if (is_array($db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, true))) { $db_error = $db->sql_error(); $error[] = $lang['INST_ERR_DB_CONNECT'] . '<br />' . ($db_error['message'] ? utf8_convert_message($db_error['message']) : $lang['INST_ERR_DB_NO_ERROR']); } else { // Likely matches for an existing src installation if (!$prefix_may_exist) { $temp_prefix = strtolower($table_prefix); $table_ary = array($temp_prefix . 'attachments', $temp_prefix . 'config', $temp_prefix . 'sessions', $temp_prefix . 'topics', $temp_prefix . 'users'); $tables = get_tables($db); $tables = array_map('strtolower', $tables); $table_intersect = array_intersect($tables, $table_ary); if (sizeof($table_intersect)) { $error[] = $lang['INST_ERR_PREFIX']; } } // Make sure that the user has selected a sensible DBAL for the DBMS actually installed switch ($dbms_details['DRIVER']) { case 'src\\db\\driver\\mysqli': if (version_compare(mysqli_get_server_info($db->get_db_connect_id()), '4.1.3', '<')) { $error[] = $lang['INST_ERR_DB_NO_MYSQLI']; } break; case 'src\\db\\driver\\sqlite': if (version_compare(sqlite_libversion(), '2.8.2', '<')) { $error[] = $lang['INST_ERR_DB_NO_SQLITE']; } break; case 'src\\db\\driver\\sqlite3': $version = \SQLite3::version(); if (version_compare($version['versionString'], '3.6.15', '<')) { $error[] = $lang['INST_ERR_DB_NO_SQLITE3']; } break; case 'src\\db\\driver\\oracle': if ($unicode_check) { $sql = "SELECT *\n\t\t\t\t\t\tFROM NLS_DATABASE_PARAMETERS\n\t\t\t\t\t\tWHERE PARAMETER = 'NLS_RDBMS_VERSION'\n\t\t\t\t\t\t\tOR PARAMETER = 'NLS_CHARACTERSET'"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $stats[$row['parameter']] = $row['value']; } $db->sql_freeresult($result); if (version_compare($stats['NLS_RDBMS_VERSION'], '9.2', '<') && $stats['NLS_CHARACTERSET'] !== 'UTF8') { $error[] = $lang['INST_ERR_DB_NO_ORACLE']; } } break; case 'src\\db\\driver\\postgres': if ($unicode_check) { $sql = "SHOW server_encoding;"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row['server_encoding'] !== 'UNICODE' && $row['server_encoding'] !== 'UTF8') { $error[] = $lang['INST_ERR_DB_NO_POSTGRES']; } } break; } } if ($error_connect && (!isset($error) || !sizeof($error))) { return true; } return false; }
/** * Loads a specific configuration. * * @param array $config An array of configuration values * @param ContainerBuilder $container A ContainerBuilder instance * * @throws \InvalidArgumentException When provided tag is not defined in this extension */ public function load(array $config, ContainerBuilder $container) { $loader = new YamlFileLoader($container, new FileLocator(src_realpath($this->config_path))); $loader->load('services.yml'); }
/** * Extract current session page * * @param string $root_path current root path (src_root_path) * @return array */ static function extract_current_page($root_path) { global $request, $symfony_request, $src_filesystem; $page_array = array(); // First of all, get the request uri... $script_name = $request->escape($symfony_request->getScriptName(), true); $args = $request->escape(explode('&', $symfony_request->getQueryString()), true); // If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support... if (!$script_name) { $script_name = htmlspecialchars_decode($request->server('REQUEST_URI')); $script_name = ($pos = strpos($script_name, '?')) !== false ? substr($script_name, 0, $pos) : $script_name; $page_array['failover'] = 1; } // Replace backslashes and doubled slashes (could happen on some proxy setups) $script_name = str_replace(array('\\', '//'), '/', $script_name); // Now, remove the sid and let us get a clean query string... $use_args = array(); // Since some browser do not encode correctly we need to do this with some "special" characters... // " -> %22, ' => %27, < -> %3C, > -> %3E $find = array('"', "'", '<', '>', '"', '<', '>'); $replace = array('%22', '%27', '%3C', '%3E', '%22', '%3C', '%3E'); foreach ($args as $key => $argument) { if (strpos($argument, 'sid=') === 0) { continue; } $use_args[] = str_replace($find, $replace, $argument); } unset($args); // The following examples given are for an request uri of {path to the src directory}/adm/index.php?i=10&b=2 // The current query string $query_string = trim(implode('&', $use_args)); // basenamed page name (for example: index.php) $page_name = substr($script_name, -1, 1) == '/' ? '' : basename($script_name); $page_name = urlencode(htmlspecialchars($page_name)); $symfony_request_path = $src_filesystem->clean_path($symfony_request->getPathInfo()); if ($symfony_request_path !== '/') { $page_name .= str_replace('%2F', '/', urlencode($symfony_request_path)); } // current directory within the src root (for example: adm) $root_dirs = explode('/', str_replace('\\', '/', src_realpath($root_path))); $page_dirs = explode('/', str_replace('\\', '/', src_realpath('./'))); $intersection = array_intersect_assoc($root_dirs, $page_dirs); $root_dirs = array_diff_assoc($root_dirs, $intersection); $page_dirs = array_diff_assoc($page_dirs, $intersection); $page_dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); if ($page_dir && substr($page_dir, -1, 1) == '/') { $page_dir = substr($page_dir, 0, -1); } // Current page from src root (for example: adm/index.php?i=10&b=2) $page = ($page_dir ? $page_dir . '/' : '') . $page_name; if ($query_string) { $page .= '?' . $query_string; } // The script path from the webroot to the current directory (for example: /src3/adm/) : always prefixed with / and ends in / $script_path = $symfony_request->getBasePath(); // The script path from the webroot to the src root (for example: /src3/) $script_dirs = explode('/', $script_path); array_splice($script_dirs, -sizeof($page_dirs)); $root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ? '/' . implode('/', $root_dirs) : ''); // We are on the base level (src root == webroot), lets adjust the variables a bit... if (!$root_script_path) { $root_script_path = $page_dir ? str_replace($page_dir, '', $script_path) : $script_path; } $script_path .= substr($script_path, -1, 1) == '/' ? '' : '/'; $root_script_path .= substr($root_script_path, -1, 1) == '/' ? '' : '/'; $forum_id = $request->variable('f', 0); // maximum forum id value is maximum value of mediumint unsigned column $forum_id = $forum_id > 0 && $forum_id < 16777215 ? $forum_id : 0; $page_array += array('page_name' => $page_name, 'page_dir' => $page_dir, 'query_string' => $query_string, 'script_path' => str_replace(' ', '%20', htmlspecialchars($script_path)), 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), 'page' => $page, 'forum' => $forum_id); return $page_array; }
/** * Find the template * * Override for Twig_Loader_Filesystem::findTemplate to add support * for loading from safe directories. */ protected function findTemplate($name) { $name = (string) $name; // normalize name $name = preg_replace('#/{2,}#', '/', strtr($name, '\\', '/')); // If this is in the cache we can skip the entire process below // as it should have already been validated if (isset($this->cache[$name])) { return $this->cache[$name]; } // First, find the template name. The override above of validateName // causes the validateName process to be skipped for this call $file = parent::findTemplate($name); try { // Try validating the name (which may throw an exception) parent::validateName($name); } catch (\Twig_Error_Loader $e) { if (strpos($e->getRawMessage(), 'Looks like you try to load a template outside configured directories') === 0) { // Ok, so outside of the configured template directories, we // can now check if we're within a "safe" directory // Find the real path of the directory the file is in $directory = src_realpath(dirname($file)); if ($directory === false) { // Some sort of error finding the actual path, must throw the exception throw $e; } foreach ($this->safe_directories as $safe_directory) { if (strpos($directory, $safe_directory) === 0) { // The directory being loaded is below a directory // that is "safe". We're good to load it! return $file; } } } // Not within any safe directories throw $e; } // No exception from validateName, safe to load. return $file; }