function undoMagicQuotes($array, $topLevel = true)
{
$newArray = array();
foreach ($array as $key => $value) {
if (!$topLevel) {
$key = stripslashes($key);
}
if (is_array($value)) {
$newArray[$key] = undoMagicQuotes($value, false);
} else {
$newArray[$key] = stripslashes($value);
}
}
return $newArray;
}
function undoMagicQuotes($array, $topLevel = true)
{
$newArray = array();
foreach ($array as $key => $value) {
if (!$topLevel) {
$newKey = stripslashes($key);
if ($newKey !== $key) {
unset($array[$key]);
}
$key = $newKey;
}
$newArray[$key] = is_array($value) ? undoMagicQuotes($value, false) : stripslashes($value);
}
return $newArray;
}
//php ids
/******************************************/
#phpids sucks a lot, we need explicitely define the include dir, base path has no effect! ;P bad style, doesnt really work as explained, lacks documentation, example is just a fake. needs too much tweaking.
if (TM_PHPIDS) {
require_once TM_INCLUDEPATH . "/PHPIDS.inc.php";
}
/***********************************************************/
//handle magic quotes
/***********************************************************/
//http://talks.php.net/show/php-best-practices/26
if (get_magic_quotes_gpc()) {
//http://www.php.net/manual/en/security.magicquotes.disabling.php#id2553906
$_GET = undoMagicQuotes($_GET);
$_POST = undoMagicQuotes($_POST);
$_COOKIE = undoMagicQuotes($_COOKIE);
$_REQUEST = undoMagicQuotes($_REQUEST);
}
//http://www.php.net/manual/en/function.htmlentities.php#77556
foreach ($_POST as $key => $val) {
// scrubbing the field NAME...
if (preg_match('/%/', urlencode($key))) {
die('XSS');
}
//'FATAL::XSS hack attempt detected. Your IP has been logged.'
}
/***********************************************************/
//Errorhandler:
/***********************************************************/
require_once TM_INCLUDEPATH . "/Errorhandling.inc.php";
//eigene errorhandler funktion
set_error_handler("userErrorHandler");
<?php
require_once "report-file-path.php";
function undoMagicQuotes($value)
{
if (get_magic_quotes_gpc()) {
return stripslashes($value);
}
return $value;
}
$reportFile = fopen($reportFilePath . ".tmp", 'w');
$httpHeaders = $_SERVER;
ksort($httpHeaders, SORT_STRING);
foreach ($httpHeaders as $name => $value) {
if ($name === "CONTENT_TYPE" || $name === "HTTP_REFERER" || $name === "REQUEST_METHOD" || $name === "HTTP_COOKIE" || $name === "HTTP_HOST" || $name === "REQUEST_URI") {
$value = undoMagicQuotes($value);
fwrite($reportFile, "{$name}: {$value}\n");
}
}
fwrite($reportFile, "=== POST DATA ===\n");
fwrite($reportFile, file_get_contents("php://input"));
fclose($reportFile);
rename($reportFilePath . ".tmp", $reportFilePath);
if (!isset($DO_NOT_CLEAR_COOKIES) || !$DO_NOT_CLEAR_COOKIES) {
foreach ($_COOKIE as $name => $value) {
setcookie($name, "deleted", time() - 60, "/");
}
}
public static function process($url, $history_call = false, $refresh = false)
{
if (MODULE_TIMES) {
$time = microtime(true);
}
$url = str_replace('&', '&', $url);
//do we need this if we set arg_separator.output to &?
if ($url) {
$_POST = array();
parse_str($url, $_POST);
if (get_magic_quotes_gpc()) {
$_POST = undoMagicQuotes($_POST);
}
$_GET = $_REQUEST =& $_POST;
}
ModuleManager::load_modules();
self::check_firstrun();
if ($history_call === '0') {
History::clear();
} elseif ($history_call) {
History::set_id($history_call);
}
//on init call methods...
$ret = on_init(null, null, null, true);
foreach ($ret as $k) {
call_user_func_array($k['func'], $k['args']);
}
$root =& ModuleManager::create_root();
self::go($root);
//go somewhere else?
$loc = location(null, true);
//on exit call methods...
$ret = on_exit(null, null, null, true, $loc === false);
foreach ($ret as $k) {
call_user_func_array($k['func'], $k['args']);
}
if ($loc !== false) {
if (isset($_REQUEST['__action_module__'])) {
$loc['__action_module__'] = $_REQUEST['__action_module__'];
}
//clean up
foreach (self::$content as $k => $v) {
unset(self::$content[$k]);
}
foreach (self::$jses as $k => $v) {
if ($v[1]) {
unset(self::$jses[$k]);
}
}
//go
$loc['__location'] = microtime(true);
return self::process(http_build_query($loc), false, true);
}
$debug = '';
if (DEBUG && ($debug_diff = @(include_once 'tools/Diff.php'))) {
require_once 'tools/Text/Diff/Renderer/inline.php';
$diff_renderer = new Text_Diff_Renderer_inline();
}
//clean up old modules
if (isset($_SESSION['client']['__module_content__'])) {
$to_cleanup = array_keys($_SESSION['client']['__module_content__']);
foreach ($to_cleanup as $k) {
$mod = ModuleManager::get_instance($k);
if ($mod === null) {
$xx = explode('/', $k);
$yy = explode('|', $xx[count($xx) - 1]);
$mod = $yy[0];
if (is_callable(array($mod . 'Common', 'destroy'))) {
call_user_func(array($mod . 'Common', 'destroy'), $k, isset($_SESSION['client']['__module_vars__'][$k]) ? $_SESSION['client']['__module_vars__'][$k] : null);
}
if (DEBUG) {
$debug .= 'Clearing mod vars & module content ' . $k . '<br>';
}
unset($_SESSION['client']['__module_vars__'][$k]);
unset($_SESSION['client']['__module_content__'][$k]);
}
}
}
$reloaded = array();
foreach (self::$content as $k => $v) {
$reload = $v['module']->get_reload();
$parent = $v['module']->get_parent_path();
if (DEBUG && REDUCING_TRANSFER) {
$debug .= '<hr style="height: 3px; background-color:black">';
$debug .= '<b> Checking ' . $k . ', parent=' . $v['module']->get_parent_path() . '</b><ul>' . '<li>Force - ' . (isset($reload) ? print_r($reload, true) : 'not set') . '</li>' . '<li>First display - ' . (isset($_SESSION['client']['__module_content__'][$k]) ? 'no</li>' . '<li>Content changed - ' . ($_SESSION['client']['__module_content__'][$k]['value'] !== $v['value'] ? 'yes' : 'no') . '</li>' . '<li>JS changed - ' . ($_SESSION['client']['__module_content__'][$k]['js'] !== $v['js'] ? 'yes' : 'no') : 'yes') . '</li>' . '<li>Parent reloaded - ' . (isset($reloaded[$parent]) ? 'yes' : 'no') . '</li>' . '<li>History call - ' . ($history_call ? 'yes' : 'no') . '</li>' . '</ul>';
}
if (!REDUCING_TRANSFER || (!isset($reload) && (!isset($_SESSION['client']['__module_content__'][$k]) || $_SESSION['client']['__module_content__'][$k]['value'] !== $v['value'] || $_SESSION['client']['__module_content__'][$k]['js'] !== $v['js']) || $history_call || $reload == true || isset($reloaded[$parent]))) {
//force reload or parent reloaded
if (DEBUG && isset($_SESSION['client']['__module_content__'])) {
$debug .= '<b>Reloading: ' . (isset($v['span']) ? '; span=' . $v['span'] . ',' : '') . ' triggered=' . ($reload == true ? 'force' : 'auto') . ', </b><hr><b>New value:</b><br><pre>' . htmlspecialchars($v['value']) . '</pre>' . (isset($_SESSION['client']['__module_content__'][$k]['value']) ? '<hr><b>Old value:</b><br><pre>' . htmlspecialchars($_SESSION['client']['__module_content__'][$k]['value']) . '</pre>' : '');
if ($debug_diff && isset($_SESSION['client']['__module_content__'][$k]['value'])) {
$xxx = new Text_Diff(explode("\n", $_SESSION['client']['__module_content__'][$k]['value']), explode("\n", $v['value']));
$debug .= '<hr><b>Diff:</b><br><pre>' . $diff_renderer->render($xxx) . '</pre>';
}
$debug .= '<hr style="height: 5px; background-color:black">';
}
if (isset($v['span'])) {
self::text($v['value'], $v['span']);
}
if ($v['js']) {
self::js(join(";", $v['js']));
}
if (REDUCING_TRANSFER) {
$_SESSION['client']['__module_content__'][$k]['value'] = $v['value'];
$_SESSION['client']['__module_content__'][$k]['js'] = $v['js'];
}
$_SESSION['client']['__module_content__'][$k]['parent'] = $parent;
$reloaded[$k] = true;
if (method_exists($v['module'], 'reloaded')) {
$v['module']->reloaded();
}
}
}
foreach ($_SESSION['client']['__module_content__'] as $k => $v) {
if (!array_key_exists($k, self::$content) && isset($reloaded[$v['parent']])) {
if (DEBUG) {
$debug .= 'Reloading missing ' . $k . '<hr>';
}
if (isset($v['span'])) {
self::text($v['value'], $v['span']);
}
if (isset($v['js']) && $v['js']) {
self::js(join(";", $v['js']));
}
$reloaded[$k] = true;
}
}
if (DEBUG) {
$debug .= 'vars ' . CID . ': ' . print_r($_SESSION['client']['__module_vars__'], true) . '<br>';
$debug .= 'user='******'<br>';
if (isset($_REQUEST['__action_module__'])) {
$debug .= 'action module=' . $_REQUEST['__action_module__'] . '<br>';
}
}
$debug .= self::debug();
if (MODULE_TIMES) {
foreach (self::$content as $k => $v) {
$style = 'color:red;font-weight:bold';
if ($v['time'] < 0.5) {
$style = 'color:orange;font-weight:bold';
}
if ($v['time'] < 0.05) {
$style = 'color:green;font-weight:bold';
}
$debug .= 'Time of loading module <b>' . $k . '</b>: <i>' . '<span style="' . $style . ';">' . number_format($v['time'], 4) . '</span>' . '</i><br>';
}
$debug .= 'Page renderered in ' . (microtime(true) - $time) . 's<hr>';
}
if (SQL_TIMES) {
$debug .= '<font size="+1">QUERIES</font><br>';
$queries = DB::GetQueries();
$sum = 0;
$qty = 0;
foreach ($queries as $kk => $q) {
$style = 'color:red;font-weight:bold';
if ($q['time'] < 0.5) {
$style = 'color:orange;font-weight:bold';
}
if ($q['time'] < 0.05) {
$style = 'color:green';
}
for ($kkk = 0; $kkk < $kk; $kkk++) {
if ($queries[$kkk]['args'] == $q['args']) {
$style .= ';text-decoration:underline';
}
}
$debug .= '<span style="' . $style . ';">' . '<b>' . $q['func'] . '</b> ' . htmlspecialchars(var_export($q['args'], true)) . ' <i><b>' . number_format($q['time'], 4) . '</b></i>' . (isset($q['caller']) ? ', ' . $q['caller'] : '') . '<br>' . '</span>';
$sum += $q['time'];
$qty++;
}
$debug .= '<b>Number of queries:</b> ' . $qty . '<br>';
$debug .= '<b>Queries times:</b> ' . $sum . '<br>';
}
if (!isset($_SESSION['client']['custom_debug']) || $debug != $_SESSION['client']['custom_debug']) {
self::text($debug, 'debug');
if ($debug) {
Epesi::js("\$('debug_content').style.display='block';");
}
$_SESSION['client']['custom_debug'] = $debug;
}
if (!$history_call && !History::soft_call()) {
History::set();
}
if (!$history_call) {
self::js('Epesi.history_add(' . History::get_id() . ')');
}
self::send_output();
}
function undoMagicQuotes($value)
{
if (!is_array($value)) {
return stripslashes($value);
} else {
foreach ($value as $k => $v) {
$value[$k] = undoMagicQuotes($v);
}
return $value;
}
}
