public function testW2PgetCleanParam()
{
$params = array('m' => 'projects', 'a' => 'view', 'v' => '<script>alert</script>', 'html' => '<div onclick="doSomething()">asdf</div>', '<script>' => 'Something Nasty');
$this->assertEquals('projects', w2PgetCleanParam($params, 'm'));
$this->assertEquals('', w2PgetCleanParam($params, 'NotGonnaBeThere'));
$this->assertEquals('Some Default', w2PgetCleanParam($params, 'NotGonnaBeThere', 'Some Default'));
$this->assertEquals($params['v'], w2PgetCleanParam($params, 'v', ''));
$this->assertEquals($params['html'], w2PgetCleanParam($params, 'html', ''));
$this->assertEquals($params['<script>'], w2PgetCleanParam($params, '<script>', ''));
//$this->markTestIncomplete("This function does *nothing* for tainted values and I suspect it should...");
}
}
// set the action from the url
$a = $AppUI->checkFileName(w2PgetCleanParam($_GET, 'a', $def_a));
if ($m == 'projects' && $a == 'view' && $w2Pconfig['projectdesigner_view_project'] && !w2PgetParam($_GET, 'bypass') && !isset($_GET['tab'])) {
if ($AppUI->isActiveModule('projectdesigner')) {
$m = 'projectdesigner';
$a = 'index';
}
}
/* This check for $u implies that a file located in a subdirectory of higher depth than 1
* in relation to the module base can't be executed. So it would'nt be possible to
* run for example the file module/directory1/directory2/file.php
* Also it won't be possible to run modules/module/abc.zyz.class.php for that dots are
* not allowed in the request parameters.
*/
$u = $AppUI->checkFileName(w2PgetCleanParam($_GET, 'u', ''));
// load module based locale settings
@(include_once W2P_BASE_DIR . '/locales/' . $AppUI->user_locale . '/locales.php');
include_once W2P_BASE_DIR . '/locales/core.php';
setlocale(LC_TIME, $AppUI->user_lang);
$m_config = w2PgetConfig($m);
// TODO: canRead/Edit assignements should be moved into each file
// check overall module permissions
// these can be further modified by the included action files
$canAccess = canAccess($m);
$canRead = canView($m);
$canEdit = canEdit($m);
$canAuthor = canAdd($m);
$canDelete = canDelete($m);
if (!$suppressHeaders) {
// output the character set header
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
// deny all but system admins
$canEdit = canEdit('system');
if (!$canEdit) {
$AppUI->redirect('m=public&a=access_denied');
}
$AppUI->savePlace();
$dokuwiki_baseURL = w2PgetCleanParam($_POST, 'dokuwiki_base_URL', '');
$dokuwiki_projectsURL = w2PgetCleanParam($_POST, 'dokuwiki_projects_namespace', '');
$dokuwiki_tasksURL = w2PgetCleanParam($_POST, 'dokuwiki_tasks_namespace', '');
$obj = new CDokuwiki();
$obj->load(1);
$obj->dokuwiki_URL = $dokuwiki_baseURL;
$obj->store($AppUI);
$obj->load(2);
$obj->dokuwiki_URL = $dokuwiki_projectsURL;
$obj->store($AppUI);
$obj->load(3);
$obj->dokuwiki_URL = $dokuwiki_tasksURL;
$obj->store($AppUI);
$success = 'm=system&a=viewmods';
$AppUI->redirect($success);
<?php
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$perms = $AppUI->acl();
$canEdit = canEdit('system');
if (!$canEdit) {
$AppUI->redirect('m=public&a=access_denied');
}
$mod_id = (int) w2PgetCleanParam($_POST, 'mod_id');
$module = new w2p_Core_Module();
$module->load($mod_id);
$moduleName = $module->mod_directory;
$configName = w2PgetParam($_POST, 'module_config_name', '');
$displayColumns = w2PgetParam($_POST, 'display', array());
$displayOrder = w2PgetParam($_POST, 'order', array());
$displayFields = w2PgetParam($_POST, 'displayFields', array());
$displayNames = w2PgetParam($_POST, 'displayNames', array());
$result = w2p_Core_Module::saveSettings($moduleName, $configName, $displayColumns, $displayOrder, $displayFields, $displayNames);
$AppUI->redirect('m=system&u=modules&a=addedit&mod_id=' . $mod_id . '&v=' . $configName);
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
require_once W2P_BASE_DIR . '/lib/adodb/adodb.inc.php';
require_once W2P_BASE_DIR . '/includes/version.php';
$dbtype = trim(w2PgetCleanParam($_POST, 'dbtype', 'mysql'));
$dbhost = trim(w2PgetCleanParam($_POST, 'dbhost', ''));
$dbname = trim(w2PgetCleanParam($_POST, 'dbname', ''));
$dbuser = trim(w2PgetCleanParam($_POST, 'dbuser', ''));
$dbpass = trim(w2PgetCleanParam($_POST, 'dbpass', ''));
$dbprefix = trim(w2PgetCleanParam($_POST, 'dbprefix', ''));
$adminpass = trim(w2PgetCleanParam($_POST, 'adminpass', 'passwd'));
$adminpass = $adminpass == '' ? 'passwd' : $adminpass;
$dbpersist = w2PgetCleanParam($_POST, 'dbpersist', false);
$system_timezone = trim(w2PgetCleanParam($_POST, 'system_timezone', ''));
$user_timezone = trim(w2PgetCleanParam($_POST, 'user_timezone', ''));
$do_db = isset($_POST['do_db']);
$do_db_cfg = isset($_POST['do_db_cfg']);
$do_cfg = isset($_POST['do_cfg']);
// Create a w2Pconfig array for dependent code
$w2Pconfig = array('dbtype' => $dbtype, 'dbhost' => $dbhost, 'dbname' => $dbname, 'dbpass' => $dbpass, 'dbuser' => $dbuser, 'dbpersist' => $dbpersist, 'root_dir' => $baseDir, 'base_url' => $baseUrl, 'adminpass' => $adminpass, 'system_timezone' => $system_timezone, 'user_timezone' => $user_timezone);
if (!$manager->testDatabaseCredentials($w2Pconfig)) {
?>
<table cellspacing="0" cellpadding="3" border="0" class="tbl" width="90%" align="center" style="margin-top: 20px;">
<tr>
<td colspan="2" align="center">
<b class="error">Your database credentials failed. System installation has stopped. Please correct them and try again.</b><br /><br />
<form action="<?php
echo $baseUrl;
?>
/index.php" method="post" name="form" id="form" accept-charset="utf-8">
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with dotProject; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
The full text of the GPL is in the COPYING file.
*/
require_once '../base.php';
require_once W2P_BASE_DIR . '/includes/main_functions.php';
if (version_compare(PHP_VERSION, '5.0', '<')) {
echo 'web2Project requires PHP 5.0+. Please upgrade!';
die;
}
require_once W2P_BASE_DIR . '/install/manager.class.php';
$step = trim(w2PgetCleanParam($_POST, 'step', ''));
$manager = new UpgradeManager();
?>
<html>
<head>
<title>web2Project Update Manager</title>
<meta name="Description" content="web2Project Update Manager">
<link rel="stylesheet" type="text/css" href="../style/web2project/main.css" charset="utf-8"/>
</head>
<body>
<table cellspacing="0" cellpadding="3" border="0" class="tbl" width="90%" align="center" style="margin-top: 20px;">
<tr>
<td class="item" colspan="2">Welcome to the web2Project Update Manager!</td>
</tr>
<?php
$action = $manager->getActionRequired();
<?php
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
// check permissions
$perms =& $AppUI->acl();
$canEdit = canEdit('system');
$canRead = canView('system');
if (!$canRead) {
$AppUI->redirect('m=public&a=access_denied');
}
$mod_id = (int) w2PgetCleanParam($_GET, 'mod_id');
$view = w2PgetCleanParam($_GET, 'v');
$module = new w2p_Core_Module();
$module->load($mod_id);
//TODO: generate per-module filter list
$filter = array($module->permissions_item_field, 'user_password', 'user_parent', 'task_updator', 'task_order', 'task_client_publish', 'task_dynamic', 'task_notify', 'task_departments', 'task_contacts', 'task_custom', 'task_allow_other_user_tasklogs', 'tracked_dynamics', 'tracking_dynamics', 'task_target_budget', 'task_project', 'task_parent', 'task_milestone', 'task_access');
//$filter = array('project_id', 'project_status', 'project_active',
// 'project_parent', 'project_color_identifier',
// 'project_original_parent', 'project_departments', 'project_contacts',
// 'project_private', 'project_type', 'project_last_task', 'project_scheduled_hours');
$object = new $module->mod_main_class();
$properties = get_class_vars($module->mod_main_class);
foreach ($filter as $field => $value) {
unset($properties[$value]);
}
// setup the title block
$titleBlock = new w2p_Theme_TitleBlock('Customize ' . $module->mod_name . ' Module :: ' . $view, 'modules/system/control-center.png', $m, $m . '.' . $a);
$titleBlock->addCrumb('?m=system', 'system admin');
$titleBlock->addCrumb('?m=system&a=viewmods', 'modules list');
<?php
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
require_once W2P_BASE_DIR . '/lib/adodb/adodb.inc.php';
require_once W2P_BASE_DIR . '/includes/version.php';
$dbtype = trim(w2PgetCleanParam($_POST, 'dbtype', 'mysql'));
$dbhost = trim(w2PgetCleanParam($_POST, 'dbhost', ''));
$dbname = trim(w2PgetCleanParam($_POST, 'dbname', ''));
$dbuser = trim(w2PgetCleanParam($_POST, 'dbuser', ''));
$dbpass = trim(w2PgetCleanParam($_POST, 'dbpass', ''));
$dbprefix = trim(w2PgetCleanParam($_POST, 'dbprefix', ''));
$adminpass = trim(w2PgetCleanParam($_POST, 'adminpass', 'passwd'));
$adminpass = $adminpass == '' ? 'passwd' : $adminpass;
$dbpersist = w2PgetCleanParam($_POST, 'dbpersist', false);
$do_db = isset($_POST['do_db']);
$do_db_cfg = isset($_POST['do_db_cfg']);
$do_cfg = isset($_POST['do_cfg']);
// Create a w2Pconfig array for dependent code
$w2Pconfig = array('dbtype' => $dbtype, 'dbhost' => $dbhost, 'dbname' => $dbname, 'dbpass' => $dbpass, 'dbuser' => $dbuser, 'dbpersist' => $dbpersist, 'root_dir' => $baseDir, 'base_url' => $baseUrl, 'adminpass' => $adminpass);
if (!$manager->testDatabaseCredentials($w2Pconfig)) {
?>
<table cellspacing="0" cellpadding="3" border="0" class="tbl" width="90%" align="center" style="margin-top: 20px;">
<tr>
<td colspan="2" align="center">
<b class="error">Your database credentials failed. System installation has stopped. Please correct them and try again.</b><br /><br />
<form action="<?php
echo $baseUrl;
?>
/index.php" method="post" name="form" id="form" accept-charset="utf-8">
protected function _processTask(CAppUI $AppUI, $project_id, $task)
{
$myTask = new CTask();
$myTask->task_name = w2PgetCleanParam($task, 'task_name', null);
$myTask->task_project = $project_id;
$myTask->task_description = w2PgetCleanParam($task, 'task_description', '');
$myTask->task_start_date = $task['task_start_date'];
$myTask->task_end_date = $task['task_end_date'];
$myTask->task_duration = $task['task_duration'];
$myTask->task_milestone = (int) $task['task_milestone'];
$myTask->task_owner = (int) $task['task_owner'];
$myTask->task_dynamic = (int) $task['task_dynamic'];
$myTask->task_priority = (int) $task['task_priority'];
$myTask->task_percent_complete = $task['task_percent_complete'];
$myTask->task_duration_type = 1;
$result = $myTask->store($AppUI);
return is_array($result) ? $result : $myTask->task_id;
}
