public function testW2PgetCleanParam() { $params = array('m' => 'projects', 'a' => 'view', 'v' => '<script>alert</script>', 'html' => '<div onclick="doSomething()">asdf</div>', '<script>' => 'Something Nasty'); $this->assertEquals('projects', w2PgetCleanParam($params, 'm')); $this->assertEquals('', w2PgetCleanParam($params, 'NotGonnaBeThere')); $this->assertEquals('Some Default', w2PgetCleanParam($params, 'NotGonnaBeThere', 'Some Default')); $this->assertEquals($params['v'], w2PgetCleanParam($params, 'v', '')); $this->assertEquals($params['html'], w2PgetCleanParam($params, 'html', '')); $this->assertEquals($params['<script>'], w2PgetCleanParam($params, '<script>', '')); //$this->markTestIncomplete("This function does *nothing* for tainted values and I suspect it should..."); }
} // set the action from the url $a = $AppUI->checkFileName(w2PgetCleanParam($_GET, 'a', $def_a)); if ($m == 'projects' && $a == 'view' && $w2Pconfig['projectdesigner_view_project'] && !w2PgetParam($_GET, 'bypass') && !isset($_GET['tab'])) { if ($AppUI->isActiveModule('projectdesigner')) { $m = 'projectdesigner'; $a = 'index'; } } /* This check for $u implies that a file located in a subdirectory of higher depth than 1 * in relation to the module base can't be executed. So it would'nt be possible to * run for example the file module/directory1/directory2/file.php * Also it won't be possible to run modules/module/abc.zyz.class.php for that dots are * not allowed in the request parameters. */ $u = $AppUI->checkFileName(w2PgetCleanParam($_GET, 'u', '')); // load module based locale settings @(include_once W2P_BASE_DIR . '/locales/' . $AppUI->user_locale . '/locales.php'); include_once W2P_BASE_DIR . '/locales/core.php'; setlocale(LC_TIME, $AppUI->user_lang); $m_config = w2PgetConfig($m); // TODO: canRead/Edit assignements should be moved into each file // check overall module permissions // these can be further modified by the included action files $canAccess = canAccess($m); $canRead = canView($m); $canEdit = canEdit($m); $canAuthor = canAdd($m); $canDelete = canDelete($m); if (!$suppressHeaders) { // output the character set header
<?php /* $Id$ $URL$ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } // deny all but system admins $canEdit = canEdit('system'); if (!$canEdit) { $AppUI->redirect('m=public&a=access_denied'); } $AppUI->savePlace(); $dokuwiki_baseURL = w2PgetCleanParam($_POST, 'dokuwiki_base_URL', ''); $dokuwiki_projectsURL = w2PgetCleanParam($_POST, 'dokuwiki_projects_namespace', ''); $dokuwiki_tasksURL = w2PgetCleanParam($_POST, 'dokuwiki_tasks_namespace', ''); $obj = new CDokuwiki(); $obj->load(1); $obj->dokuwiki_URL = $dokuwiki_baseURL; $obj->store($AppUI); $obj->load(2); $obj->dokuwiki_URL = $dokuwiki_projectsURL; $obj->store($AppUI); $obj->load(3); $obj->dokuwiki_URL = $dokuwiki_tasksURL; $obj->store($AppUI); $success = 'm=system&a=viewmods'; $AppUI->redirect($success);
<?php if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $perms = $AppUI->acl(); $canEdit = canEdit('system'); if (!$canEdit) { $AppUI->redirect('m=public&a=access_denied'); } $mod_id = (int) w2PgetCleanParam($_POST, 'mod_id'); $module = new w2p_Core_Module(); $module->load($mod_id); $moduleName = $module->mod_directory; $configName = w2PgetParam($_POST, 'module_config_name', ''); $displayColumns = w2PgetParam($_POST, 'display', array()); $displayOrder = w2PgetParam($_POST, 'order', array()); $displayFields = w2PgetParam($_POST, 'displayFields', array()); $displayNames = w2PgetParam($_POST, 'displayNames', array()); $result = w2p_Core_Module::saveSettings($moduleName, $configName, $displayColumns, $displayOrder, $displayFields, $displayNames); $AppUI->redirect('m=system&u=modules&a=addedit&mod_id=' . $mod_id . '&v=' . $configName);
if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } require_once W2P_BASE_DIR . '/lib/adodb/adodb.inc.php'; require_once W2P_BASE_DIR . '/includes/version.php'; $dbtype = trim(w2PgetCleanParam($_POST, 'dbtype', 'mysql')); $dbhost = trim(w2PgetCleanParam($_POST, 'dbhost', '')); $dbname = trim(w2PgetCleanParam($_POST, 'dbname', '')); $dbuser = trim(w2PgetCleanParam($_POST, 'dbuser', '')); $dbpass = trim(w2PgetCleanParam($_POST, 'dbpass', '')); $dbprefix = trim(w2PgetCleanParam($_POST, 'dbprefix', '')); $adminpass = trim(w2PgetCleanParam($_POST, 'adminpass', 'passwd')); $adminpass = $adminpass == '' ? 'passwd' : $adminpass; $dbpersist = w2PgetCleanParam($_POST, 'dbpersist', false); $system_timezone = trim(w2PgetCleanParam($_POST, 'system_timezone', '')); $user_timezone = trim(w2PgetCleanParam($_POST, 'user_timezone', '')); $do_db = isset($_POST['do_db']); $do_db_cfg = isset($_POST['do_db_cfg']); $do_cfg = isset($_POST['do_cfg']); // Create a w2Pconfig array for dependent code $w2Pconfig = array('dbtype' => $dbtype, 'dbhost' => $dbhost, 'dbname' => $dbname, 'dbpass' => $dbpass, 'dbuser' => $dbuser, 'dbpersist' => $dbpersist, 'root_dir' => $baseDir, 'base_url' => $baseUrl, 'adminpass' => $adminpass, 'system_timezone' => $system_timezone, 'user_timezone' => $user_timezone); if (!$manager->testDatabaseCredentials($w2Pconfig)) { ?> <table cellspacing="0" cellpadding="3" border="0" class="tbl" width="90%" align="center" style="margin-top: 20px;"> <tr> <td colspan="2" align="center"> <b class="error">Your database credentials failed. System installation has stopped. Please correct them and try again.</b><br /><br /> <form action="<?php echo $baseUrl; ?> /index.php" method="post" name="form" id="form" accept-charset="utf-8">
GNU General Public License for more details. You should have received a copy of the GNU General Public License along with dotProject; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA The full text of the GPL is in the COPYING file. */ require_once '../base.php'; require_once W2P_BASE_DIR . '/includes/main_functions.php'; if (version_compare(PHP_VERSION, '5.0', '<')) { echo 'web2Project requires PHP 5.0+. Please upgrade!'; die; } require_once W2P_BASE_DIR . '/install/manager.class.php'; $step = trim(w2PgetCleanParam($_POST, 'step', '')); $manager = new UpgradeManager(); ?> <html> <head> <title>web2Project Update Manager</title> <meta name="Description" content="web2Project Update Manager"> <link rel="stylesheet" type="text/css" href="../style/web2project/main.css" charset="utf-8"/> </head> <body> <table cellspacing="0" cellpadding="3" border="0" class="tbl" width="90%" align="center" style="margin-top: 20px;"> <tr> <td class="item" colspan="2">Welcome to the web2Project Update Manager!</td> </tr> <?php $action = $manager->getActionRequired();
<?php if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } // check permissions $perms =& $AppUI->acl(); $canEdit = canEdit('system'); $canRead = canView('system'); if (!$canRead) { $AppUI->redirect('m=public&a=access_denied'); } $mod_id = (int) w2PgetCleanParam($_GET, 'mod_id'); $view = w2PgetCleanParam($_GET, 'v'); $module = new w2p_Core_Module(); $module->load($mod_id); //TODO: generate per-module filter list $filter = array($module->permissions_item_field, 'user_password', 'user_parent', 'task_updator', 'task_order', 'task_client_publish', 'task_dynamic', 'task_notify', 'task_departments', 'task_contacts', 'task_custom', 'task_allow_other_user_tasklogs', 'tracked_dynamics', 'tracking_dynamics', 'task_target_budget', 'task_project', 'task_parent', 'task_milestone', 'task_access'); //$filter = array('project_id', 'project_status', 'project_active', // 'project_parent', 'project_color_identifier', // 'project_original_parent', 'project_departments', 'project_contacts', // 'project_private', 'project_type', 'project_last_task', 'project_scheduled_hours'); $object = new $module->mod_main_class(); $properties = get_class_vars($module->mod_main_class); foreach ($filter as $field => $value) { unset($properties[$value]); } // setup the title block $titleBlock = new w2p_Theme_TitleBlock('Customize ' . $module->mod_name . ' Module :: ' . $view, 'modules/system/control-center.png', $m, $m . '.' . $a); $titleBlock->addCrumb('?m=system', 'system admin'); $titleBlock->addCrumb('?m=system&a=viewmods', 'modules list');
<?php if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } require_once W2P_BASE_DIR . '/lib/adodb/adodb.inc.php'; require_once W2P_BASE_DIR . '/includes/version.php'; $dbtype = trim(w2PgetCleanParam($_POST, 'dbtype', 'mysql')); $dbhost = trim(w2PgetCleanParam($_POST, 'dbhost', '')); $dbname = trim(w2PgetCleanParam($_POST, 'dbname', '')); $dbuser = trim(w2PgetCleanParam($_POST, 'dbuser', '')); $dbpass = trim(w2PgetCleanParam($_POST, 'dbpass', '')); $dbprefix = trim(w2PgetCleanParam($_POST, 'dbprefix', '')); $adminpass = trim(w2PgetCleanParam($_POST, 'adminpass', 'passwd')); $adminpass = $adminpass == '' ? 'passwd' : $adminpass; $dbpersist = w2PgetCleanParam($_POST, 'dbpersist', false); $do_db = isset($_POST['do_db']); $do_db_cfg = isset($_POST['do_db_cfg']); $do_cfg = isset($_POST['do_cfg']); // Create a w2Pconfig array for dependent code $w2Pconfig = array('dbtype' => $dbtype, 'dbhost' => $dbhost, 'dbname' => $dbname, 'dbpass' => $dbpass, 'dbuser' => $dbuser, 'dbpersist' => $dbpersist, 'root_dir' => $baseDir, 'base_url' => $baseUrl, 'adminpass' => $adminpass); if (!$manager->testDatabaseCredentials($w2Pconfig)) { ?> <table cellspacing="0" cellpadding="3" border="0" class="tbl" width="90%" align="center" style="margin-top: 20px;"> <tr> <td colspan="2" align="center"> <b class="error">Your database credentials failed. System installation has stopped. Please correct them and try again.</b><br /><br /> <form action="<?php echo $baseUrl; ?> /index.php" method="post" name="form" id="form" accept-charset="utf-8">
protected function _processTask(CAppUI $AppUI, $project_id, $task) { $myTask = new CTask(); $myTask->task_name = w2PgetCleanParam($task, 'task_name', null); $myTask->task_project = $project_id; $myTask->task_description = w2PgetCleanParam($task, 'task_description', ''); $myTask->task_start_date = $task['task_start_date']; $myTask->task_end_date = $task['task_end_date']; $myTask->task_duration = $task['task_duration']; $myTask->task_milestone = (int) $task['task_milestone']; $myTask->task_owner = (int) $task['task_owner']; $myTask->task_dynamic = (int) $task['task_dynamic']; $myTask->task_priority = (int) $task['task_priority']; $myTask->task_percent_complete = $task['task_percent_complete']; $myTask->task_duration_type = 1; $result = $myTask->store($AppUI); return is_array($result) ? $result : $myTask->task_id; }