/** * Retrieves default configuration array for HTML Purifier. * * @return array HTML Purifier default configuration settings. */ private static function _getpurifierdefaultconfig() { $purifierDefaultConfig = HTMLPurifier_Config::createDefault(); $purifierDefaultConfigValues = $purifierDefaultConfig->def->defaults; $config = array(); foreach ($purifierDefaultConfigValues as $key => $val) { $keys = explode(".", $key, 2); $config[$keys[0]][$keys[1]] = $val; } $charset = ZLanguage::getEncoding(); if (strtolower($charset) != 'utf-8') { // set a different character encoding with iconv $config['Core']['Encoding'] = $charset; // Note that HTML Purifier's support for non-Unicode encodings is crippled by the // fact that any character not supported by that encoding will be silently // dropped, EVEN if it is ampersand escaped. If you want to work around // this, you are welcome to read docs/enduser-utf8.html in the full package for a fix, // but please be cognizant of the issues the "solution" creates (for this // reason, I do not include the solution in this document). } // determine doctype of current theme // supported doctypes include: // // HTML 4.01 Strict // HTML 4.01 Transitional // XHTML 1.0 Strict // XHTML 1.0 Transitional (default) // XHTML 1.1 // // TODO - we need a new theme field for doctype declaration // for now we will use non-strict modes $currentThemeID = ThemeUtil::getIDFromName(UserUtil::getTheme()); $themeInfo = ThemeUtil::getInfo($currentThemeID); $useXHTML = (isset($themeInfo['xhtml']) && $themeInfo['xhtml']) ? true : false; // as XHTML 1.0 Transitional is the default, we only set HTML (for now) if (!$useXHTML) { $config['HTML']['Doctype'] = 'HTML 4.01 Transitional'; } // allow nofollow and imageviewer to be used as document relationships in the rel attribute // see http://htmlpurifier.org/live/configdoc/plain.html#Attr.AllowedRel $config['Attr']['AllowedRel'] = array('nofollow' => true, 'imageviewer' => true, 'lightbox' => true); // allow Youtube by default $config['Filter']['YouTube'] = false; // technically deprecated in favour of HTML.SafeEmbed and HTML.Object // general enable for embeds and objects $config['HTML']['SafeObject'] = true; $config['Output']['FlashCompat'] = true; $config['HTML']['SafeEmbed'] = true; return $config; }
/** * Retrieve and display the site's charset. * * Available attributes: * - assign (string) the name of a template variable to assign the * output to, instead of returning it to the template. (optional) * * Example: * * <samp><meta http-equiv="Content-Type" content="text/html; charset={charset}"></samp> * * @param array $params All attributes passed to this function from the template. * @param Zikula_View $view Reference to the {@link Zikula_View} object. * * @return string The value of the charset. */ function smarty_function_charset($params, Zikula_View $view) { $return = ZLanguage::getEncoding(); if (isset($params['assign'])) { $view->assign($params['assign'], $return); } else { return $return; } }
public function handleCommand(Zikula_Form_View $view, &$args) { switch($args['commandName']) { case 'cancel': break; case 'save': if (!$view->isValid()) { return false; } $this->formValues = $view->getValues(); // set our new module variable values $vars = array(); $vars['mailertype'] = (int)$this->getFormValue('mailertype', 1); $vars['charset'] = (string)$this->getFormValue('charset', ZLanguage::getEncoding()); $vars['encoding'] = (string)$this->getFormValue('encoding', '8bit'); $vars['html'] = (bool)$this->getFormValue('html', false); $vars['wordwrap'] = (int)$this->getFormValue('wordwrap', 50); $vars['msmailheaders'] = (bool)$this->getFormValue('msmailheaders', false); $vars['sendmailpath'] = (string)$this->getFormValue('sendmailpath', '/usr/sbin/sendmail'); $vars['smtpauth'] = (bool)$this->getFormValue('smtpauth', false); $vars['smtpserver'] = (string)$this->getFormValue('smtpserver', 'localhost'); $vars['smtpport'] = (int)$this->getFormValue('smtpport', 25); $vars['smtptimeout'] = (int)$this->getFormValue('smtptimeout', 10); $vars['smtpusername'] = (string)$this->getFormValue('smtpusername', ''); $vars['smtppassword'] = (string)$this->getFormValue('smtppassword', ''); $vars['smtpsecuremethod'] = (string)$this->getFormValue('smtpsecuremethod', ''); $this->setVars($vars); // the module configuration has been updated successfuly LogUtil::registerStatus($this->__('Done! Saved module configuration.')); break; } return $view->redirect(ModUtil::url('Mailer', 'admin', 'modifyconfig')); }
/** * @param Request $request * @param string $name * @return Response */ public function displayAction(Request $request, $name = "INSTALL-1.4.0.md") { // @TODO this is temporary method of restricting the user input if (!in_array($name, array("INSTALL-1.4.0.md", "UPGRADE-1.4.0.md", "CHANGELOG.md", "README.md"))) { $name = "INSTALL-1.4.0.md"; } $this->setBasePath(); if (file_exists($this->basePath . "/{$name}")) { $content = file_get_contents($this->basePath . "/{$name}"); } else { $content = __f('The file you requested (%s) could not be found.', "{$name}"); } $content = $this->parser->defaultTransform($content); $templateParams = array('lang' => $this->locale, 'charset' => \ZLanguage::getEncoding(), 'content' => $content); return $this->templatingService->renderResponse('ZikulaCoreInstallerBundle::doc.html.twig', $templateParams); }
/** * initialise the template module * This function is only ever called once during the lifetime of a particular * module instance * @return bool true if successful, false otherwise */ public function install() { $this->setVar('mailertype', 1); $this->setVar('charset', ZLanguage::getEncoding()); $this->setVar('encoding', '8bit'); $this->setVar('html', false); $this->setVar('wordwrap', 50); $this->setVar('msmailheaders', false); $this->setVar('sendmailpath', '/usr/sbin/sendmail'); $this->setVar('smtpauth', false); $this->setVar('smtpserver', 'localhost'); $this->setVar('smtpport', 25); $this->setVar('smtptimeout', 10); $this->setVar('smtpusername', ''); $this->setVar('smtppassword', ''); $this->setVar('smtpsecuremethod', 'ssl'); // Initialisation successful return true; }
/** * This is a standard function to update the configuration parameters of the * module given the information passed back by the modification form * @see Mailer_admin_updateconfig() * @param int mailertype Mail transport agent * @param string charset default character set of the message * @param string encoding default encoding * @param bool html send html e-mails by default * @param int wordwrap word wrap column * @param int msmailheaders include MS mail headers * @param string sendmailpath path to sendmail * @param int smtpauth enable SMTPAuth * @param string smtpserver ip address of SMTP server * @param int smtpport port number of SMTP server * @param int smtptimeout SMTP timeout * @param string smtpusername SMTP username * @param string smtppassword SMTP password * @return bool true if update successful */ public function updateconfig() { $this->checkCsrfToken(); // security check $this->throwForbiddenUnless(SecurityUtil::checkPermission('Mailer::', '::', ACCESS_ADMIN)); // set our new module variable values $mailertype = (int) $this->request->getPost()->get('mailertype', 1); $this->setVar('mailertype', $mailertype); $charset = (string) $this->request->getPost()->get('charset', ZLanguage::getEncoding()); $this->setVar('charset', $charset); $encoding = (string) $this->request->getPost()->get('encoding', '8bit'); $this->setVar('encoding', $encoding); $html = (bool) $this->request->getPost()->get('html', false); $this->setVar('html', $html); $wordwrap = (int) $this->request->getPost()->get('wordwrap', 50); $this->setVar('wordwrap', $wordwrap); $msmailheaders = (bool) $this->request->getPost()->get('msmailheaders', false); $this->setVar('msmailheaders', $msmailheaders); $sendmailpath = (string) $this->request->getPost()->get('sendmailpath', '/usr/sbin/sendmail'); $this->setVar('sendmailpath', $sendmailpath); $smtpauth = (bool) $this->request->getPost()->get('smtpauth', false); $this->setVar('smtpauth', $smtpauth); $smtpserver = (string) $this->request->getPost()->get('smtpserver', 'localhost'); $this->setVar('smtpserver', $smtpserver); $smtpport = (int) $this->request->getPost()->get('smtpport', 25); $this->setVar('smtpport', $smtpport); $smtptimeout = (int) $this->request->getPost()->get('smtptimeout', 10); $this->setVar('smtptimeout', $smtptimeout); $smtpusername = (string) $this->request->getPost()->get('smtpusername', ''); $this->setVar('smtpusername', $smtpusername); $smtppassword = (string) $this->request->getPost()->get('smtppassword', ''); $this->setVar('smtppassword', $smtppassword); $smtpsecuremethod = (string) $this->request->getPost()->get('smtpsecuremethod', ''); $this->setVar('smtpsecuremethod', $smtpsecuremethod); // the module configuration has been updated successfuly LogUtil::registerStatus($this->__('Done! Saved module configuration.')); // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work $this->redirect(ModUtil::url('Mailer', 'admin', 'modifyconfig')); }
/** * Generate the header of upgrade page. * * This function generate the header of upgrade page. * * @return void */ function _upg_header() { $lang = ZLanguage::getLanguageCode(); $charset = ZLanguage::getEncoding(); echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">' . "\n"; echo '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="' . $lang . '">' . "\n"; echo '<head>' . "\n"; echo '<meta http-equiv="Content-Type" content="text/html; charset=' . $charset . '" />' . "\n"; echo '<title>' . __('Zikula Upgrade script') . "</title>\n"; echo '<link rel="stylesheet" href="install/style/installer.css" type="text/css" />' . "\n"; echo '<link rel="stylesheet" href="style/core.css" type="text/css" />' . "\n"; echo '<!--[if IE]><link rel="stylesheet" type="text/css" href="style/core_iehacks.css" media="print,projection,screen" /><![endif]-->' . "\n"; echo '<script src="javascript/ajax/proto_scriptaculous.combined.min.js" type="text/javascript"></script>' . "\n"; echo '<script src="install/javascript/install.js" type="text/javascript"></script>' . "\n"; echo '</head>' . "\n"; echo '<body>' . "\n"; echo '<div id="container"><div id="content">' . "\n"; echo '<div id="header">' . "\n"; echo '<h1>' . __('Zikula Application Framework') . '</h1>' . "\n"; echo '<h2>' . __('Upgrade script') . '</h2></div>' . "\n"; echo '<div id="maincontent">'; if (UserUtil::isLoggedIn()) { echo '<h3>' . __f('Zikula Upgrade script (for Zikula version %s and up)', array(_Z_MINUPGVER)) . '</h3>' . "\n"; echo '<p>' . __f('This script will upgrade any Zikula v%1$s+ installation. Upgrades from less than Zikula v%1$s are not supported by this script.', array(_Z_MINUPGVER)) . "</p>\n"; } }
/** * return an array of variables to assign to all installer templates * * @return array */ public function getTemplateGlobals(StageInterface $currentStage) { $globals = array('lang' => \ZLanguage::getLanguageCode(), 'charset' => \ZLanguage::getEncoding(), 'version' => \Zikula_Core::VERSION_NUM, 'currentstage' => $currentStage->getName()); return array_merge($globals, $currentStage->getTemplateParams()); }
/** * Convert a string from utf-8. * * @param mixed $input String or array to convert from utf-8. * * @return mixed Converted string. */ public static function convertFromUTF8($input = '') { if (is_array($input)) { $return = array(); foreach ($input as $key => $value) { $return[$key] = self::convertFromUTF8($value); } return $return; } elseif (is_string($input)) { if (function_exists('mb_convert_encoding')) { return mb_convert_encoding($input, strtoupper(ZLanguage::getEncoding()), 'UTF-8'); } else { return utf8_decode($input); } } else { return $input; } }
/** * Install controller. * * @return void */ function install(Core $core) { define('_ZINSTALLVER', Core::VERSION_NUM); $serviceManager = $core->getContainer(); $eventManager = $core->getDispatcher(); // Lazy load DB connection to avoid testing DSNs that are not yet valid (e.g. no DB created yet) $dbEvent = new GenericEvent(null, array('lazy' => true)); $eventManager->dispatch('doctrine.init_connection', $dbEvent); $core->init(Core::STAGE_ALL & ~Core::STAGE_THEME & ~Core::STAGE_MODS & ~Core::STAGE_LANGS & ~Core::STAGE_DECODEURLS & ~Core::STAGE_SESSIONS); // Power users might have moved the temp folder out of the root and changed the config.php // accordingly. Make sure we respect this security related settings $tempDir = isset($GLOBALS['ZConfig']['System']['temp']) ? $GLOBALS['ZConfig']['System']['temp'] : 'ztemp'; // define our smarty object $smarty = new Smarty(); $smarty->caching = false; $smarty->compile_check = true; $smarty->left_delimiter = '{'; $smarty->right_delimiter = '}'; $smarty->compile_dir = $tempDir . '/view_compiled'; $smarty->template_dir = 'install/templates'; $smarty->plugins_dir = array('plugins', 'install/templates/plugins'); $smarty->clear_compiled_tpl(); file_put_contents("{$tempDir}/view_compiled/index.html", ''); $lang = FormUtil::getPassedValue('lang', '', 'GETPOST'); $dbhost = FormUtil::getPassedValue('dbhost', '', 'GETPOST'); $dbusername = FormUtil::getPassedValue('dbusername', '', 'GETPOST'); $dbpassword = FormUtil::getPassedValue('dbpassword', '', 'GETPOST'); $dbname = FormUtil::getPassedValue('dbname', '', 'GETPOST'); $dbprefix = ''; $dbdriver = FormUtil::getPassedValue('dbdriver', '', 'GETPOST'); $dbtabletype = FormUtil::getPassedValue('dbtabletype', '', 'GETPOST'); $username = FormUtil::getPassedValue('username', '', 'POST'); $password = FormUtil::getPassedValue('password', '', 'POST'); $repeatpassword = FormUtil::getPassedValue('repeatpassword', '', 'POST'); $email = FormUtil::getPassedValue('email', '', 'GETPOST'); $action = FormUtil::getPassedValue('action', '', 'GETPOST'); $notinstalled = isset($_GET['notinstalled']); $installedState = isset($GLOBALS['ZConfig']['System']['installed']) ? $GLOBALS['ZConfig']['System']['installed'] : 0; // If somehow we are browsing the not installed page but installed, redirect back to homepage if ($installedState && $notinstalled) { $response = new RedirectResponse(System::getHomepageUrl()); return $response->send(); } // see if the language was already selected $languageAlreadySelected = $lang ? true : false; if (!$notinstalled && $languageAlreadySelected && empty($action)) { $response = new RedirectResponse(System::getBaseUri() . "/install.php?action=requirements&lang={$lang}"); return $response->send(); } // see if the language was already selected $languageAlreadySelected = $lang ? true : false; if (!$notinstalled && $languageAlreadySelected && empty($action)) { $response = new RedirectResponse(System::getBaseUri() . "/install.php?action=requirements&lang={$lang}"); return $response->send(); } // load the installer language files if (empty($lang)) { if (is_readable('config/installer.ini')) { $test = parse_ini_file('config/installer.ini'); $lang = isset($test['language']) ? $test['language'] : 'en'; } else { $available = ZLanguage::getInstalledLanguages(); $detector = new ZLanguageBrowser($available); $lang = $detector->discover(); } $lang = DataUtil::formatForDisplay($lang); } // setup multilingual $GLOBALS['ZConfig']['System']['language_i18n'] = $lang; $GLOBALS['ZConfig']['System']['multilingual'] = true; $GLOBALS['ZConfig']['System']['languageurl'] = true; $GLOBALS['ZConfig']['System']['language_detect'] = false; $serviceManager->loadArguments($GLOBALS['ZConfig']['System']); $_lang = ZLanguage::getInstance(); $_lang->setup(); $lang = ZLanguage::getLanguageCode(); $installbySQL = file_exists("install/sql/custom-{$lang}.sql") ? "install/sql/custom-{$lang}.sql" : false; $smarty->assign('lang', $lang); $smarty->assign('installbySQL', $installbySQL); $smarty->assign('langdirection', ZLanguage::getDirection()); $smarty->assign('charset', ZLanguage::getEncoding()); // show not installed case if ($notinstalled) { header('HTTP/1.1 503 Service Unavailable'); $smarty->display('notinstalled.tpl'); $smarty->clear_compiled_tpl(); file_put_contents("{$tempDir}/view_compiled/index.html", ''); exit; } // assign the values from config.php $smarty->assign($GLOBALS['ZConfig']['System']); // if the system is already installed, halt. if ($GLOBALS['ZConfig']['System']['installed']) { _installer_alreadyinstalled($smarty); } // check for an empty action - if so then show the first installer page if (empty($action)) { $action = 'lang'; } // perform tasks based on our action switch ($action) { case 'processBDInfo': $dbname = trim($dbname); $dbusername = trim($dbusername); if (empty($dbname) || empty($dbusername)) { $action = 'dbinformation'; $smarty->assign('dbconnectmissing', true); } elseif (!preg_match('/^[\\w-]*$/', $dbname) || strlen($dbname) > 64) { $action = 'dbinformation'; $smarty->assign('dbinvalidname', true); } else { update_config_php($dbhost, $dbusername, $dbpassword, $dbname, $dbdriver, $dbtabletype); update_installed_status(0); try { $dbh = new PDO("{$dbdriver}:host={$dbhost};dbname={$dbname}", $dbusername, $dbpassword); } catch (PDOException $e) { $action = 'dbinformation'; $smarty->assign('reason', $e->getMessage()); $smarty->assign('dbconnectfailed', true); } } if ($action != 'dbinformation') { $action = 'createadmin'; } break; case 'finish': if (!$username || preg_match('/[^\\p{L}\\p{N}_\\.\\-]/u', $username)) { $action = 'createadmin'; $smarty->assign('uservalidatefailed', true); $smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email)); } elseif (mb_strlen($password) < 7) { $action = 'createadmin'; $smarty->assign('badpassword', true); $smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email)); } elseif ($password !== $repeatpassword) { $action = 'createadmin'; $smarty->assign('passwordcomparefailed', true); $smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email)); } elseif (!validateMail($email)) { $action = 'createadmin'; $smarty->assign('emailvalidatefailed', true); $smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email)); } else { $installedOk = false; // if it is the distribution and the process have not failed in a previous step if ($installbySQL) { // checks if exists a previous installation with the same prefix $proceed = true; $dbnameConfig = $GLOBALS['ZConfig']['DBInfo']['databases']['default']['dbname']; $exec = $dbdriver == 'mysql' || $dbdriver == 'mysqli' ? "SHOW TABLES FROM `{$dbnameConfig}` LIKE '%'" : "SHOW TABLES FROM {$dbnameConfig} LIKE '%'"; $tables = DBUtil::executeSQL($exec); if ($tables->rowCount() > 0) { $proceed = false; $action = 'dbinformation'; $smarty->assign('dbexists', true); } if ($proceed) { // checks if file exists if (!file_exists($installbySQL)) { $action = 'dbinformation'; $smarty->assign('dbdumpfailed', true); } else { // execute the SQL dump $lines = file($installbySQL); $exec = ''; foreach ($lines as $line_num => $line) { $line = trim($line); if (empty($line) || strpos($line, '--') === 0) { continue; } $exec .= $line; if (strrpos($line, ';') === strlen($line) - 1) { if (!DBUtil::executeSQL($exec)) { $action = 'dbinformation'; $smarty->assign('dbdumpfailed', true); break; } $exec = ''; } } ModUtil::dbInfoLoad('Users', 'Users'); ModUtil::dbInfoLoad('Extensions', 'Extensions'); ModUtil::initCoreVars(true); createuser($username, $password, $email); $installedOk = true; } } } else { installmodules($lang); createuser($username, $password, $email); $installedOk = true; } if ($installedOk) { // create our new site admin // TODO: Email username/password to administrator email address. Cannot use ModUtil::apiFunc for this. $serviceManager->get('session')->start(); $authenticationInfo = array('login_id' => $username, 'pass' => $password); $authenticationMethod = array('modname' => 'Users', 'method' => 'uname'); UserUtil::loginUsing($authenticationMethod, $authenticationInfo); // add admin email as site email System::setVar('adminmail', $email); if (!$installbySQL) { Theme_Util::regenerate(); } // set site status as installed and protect config.php file update_installed_status(1); @chmod('config/config.php', 0400); if (!is_readable('config/config.php')) { @chmod('config/config.php', 0440); if (!is_readable('config/config.php')) { @chmod('config/config.php', 0444); } } // install all plugins $systemPlugins = PluginUtil::loadAllSystemPlugins(); foreach ($systemPlugins as $plugin) { PluginUtil::install($plugin); } LogUtil::registerStatus(__('Congratulations! Zikula has been successfullly installed.')); $response = new RedirectResponse(ModUtil::url('Admin', 'admin', 'adminpanel')); $response->send(); exit; } } break; case 'requirements': $checks = _check_requirements(); $ok = true; foreach ($checks as $check) { if (!$check) { $ok = false; break; } } foreach ($checks['files'] as $check) { if (!$check['writable']) { $ok = false; break; } } if ($ok) { $response = new RedirectResponse(System::getBaseUri() . "/install.php?action=dbinformation&lang={$lang}"); $response->send(); exit; } $smarty->assign('checks', $checks); break; } // check our action template exists $action = DataUtil::formatForOS($action); if ($smarty->template_exists("installer_{$action}.tpl")) { $smarty->assign('action', $action); $templateName = "installer_{$action}.tpl"; } else { $smarty->assign('action', 'error'); $templateName = 'installer_error.tpl'; } $smarty->assign('maincontent', $smarty->fetch($templateName)); $smarty->display('installer_page.tpl'); $smarty->clear_compiled_tpl(); file_put_contents("{$tempDir}/view_compiled/index.html", ''); }
/** * Encode data in JSON and return. * * This functions can add a new authid if requested to do so (default). * If the supplied args is not an array, it will be converted to an * array with 'data' as key. * Authid field will always be named 'authid'. Any other field 'authid' * will be overwritten! * Script execution stops here * * @param mixed $args String or array of data. * @param boolean $createauthid Create a new authid and send it back to the calling javascript. * @param boolean $xjsonheader Send result in X-JSON: header for prototype.js. * @param boolean $statusmsg Include statusmsg in output. * @param string $code Optional error code, default '200 OK'. * * @deprecated since 1.3.0 * * @return void */ public static function output($args, $createauthid = false, $xjsonheader = false, $statusmsg = true, $code = '200 OK') { if (!System::isLegacyMode()) { $response = new Zikula_Response_Ajax($args); echo $response; System::shutDown(); } // Below for reference - to be deleted. // check if an error message is set $msgs = LogUtil::getErrorMessagesText('<br />'); if ($msgs != false && !empty($msgs)) { self::error($msgs); } $data = !is_array($args) ? array('data' => $args) : $args; if ($statusmsg === true) { // now check if a status message is set $msgs = LogUtil::getStatusMessagesText('<br />'); $data['statusmsg'] = $msgs; } if ($createauthid === true) { $data['authid'] = SecurityUtil::generateAuthKey(ModUtil::getName()); } // convert the data to UTF-8 if not already encoded as such // Note: this isn't strict test but relying on the site language pack encoding seems to be a good compromise if (ZLanguage::getEncoding() != 'utf-8') { $data = DataUtil::convertToUTF8($data); } $output = json_encode($data); header("HTTP/1.0 $code"); header('Content-type: application/json'); if ($xjsonheader == true) { header('X-JSON:(' . $output . ')'); } echo $output; System::shutdown(); }