Esempio n. 1
0
 function undoMagicQuotes($array, $topLevel = true)
 {
     $newArray = array();
     foreach ($array as $key => $value) {
         if (!$topLevel) {
             $key = stripslashes($key);
         }
         if (is_array($value)) {
             $newArray[$key] = undoMagicQuotes($value, false);
         } else {
             $newArray[$key] = stripslashes($value);
         }
     }
     return $newArray;
 }
Esempio n. 2
0
 function undoMagicQuotes($array, $topLevel = true)
 {
     $newArray = array();
     foreach ($array as $key => $value) {
         if (!$topLevel) {
             $newKey = stripslashes($key);
             if ($newKey !== $key) {
                 unset($array[$key]);
             }
             $key = $newKey;
         }
         $newArray[$key] = is_array($value) ? undoMagicQuotes($value, false) : stripslashes($value);
     }
     return $newArray;
 }
Esempio n. 3
0
 //php ids
 /******************************************/
 #phpids sucks a lot, we need explicitely define the include dir, base path has no effect! ;P bad style, doesnt really work as explained, lacks documentation, example is just a fake. needs too much tweaking.
 if (TM_PHPIDS) {
     require_once TM_INCLUDEPATH . "/PHPIDS.inc.php";
 }
 /***********************************************************/
 //handle magic quotes
 /***********************************************************/
 //http://talks.php.net/show/php-best-practices/26
 if (get_magic_quotes_gpc()) {
     //http://www.php.net/manual/en/security.magicquotes.disabling.php#id2553906
     $_GET = undoMagicQuotes($_GET);
     $_POST = undoMagicQuotes($_POST);
     $_COOKIE = undoMagicQuotes($_COOKIE);
     $_REQUEST = undoMagicQuotes($_REQUEST);
 }
 //http://www.php.net/manual/en/function.htmlentities.php#77556
 foreach ($_POST as $key => $val) {
     // scrubbing the field NAME...
     if (preg_match('/%/', urlencode($key))) {
         die('XSS');
     }
     //'FATAL::XSS hack attempt detected. Your IP has been logged.'
 }
 /***********************************************************/
 //Errorhandler:
 /***********************************************************/
 require_once TM_INCLUDEPATH . "/Errorhandling.inc.php";
 //eigene errorhandler funktion
 set_error_handler("userErrorHandler");
Esempio n. 4
0
<?php

require_once "report-file-path.php";
function undoMagicQuotes($value)
{
    if (get_magic_quotes_gpc()) {
        return stripslashes($value);
    }
    return $value;
}
$reportFile = fopen($reportFilePath . ".tmp", 'w');
$httpHeaders = $_SERVER;
ksort($httpHeaders, SORT_STRING);
foreach ($httpHeaders as $name => $value) {
    if ($name === "CONTENT_TYPE" || $name === "HTTP_REFERER" || $name === "REQUEST_METHOD" || $name === "HTTP_COOKIE" || $name === "HTTP_HOST" || $name === "REQUEST_URI") {
        $value = undoMagicQuotes($value);
        fwrite($reportFile, "{$name}: {$value}\n");
    }
}
fwrite($reportFile, "=== POST DATA ===\n");
fwrite($reportFile, file_get_contents("php://input"));
fclose($reportFile);
rename($reportFilePath . ".tmp", $reportFilePath);
if (!isset($DO_NOT_CLEAR_COOKIES) || !$DO_NOT_CLEAR_COOKIES) {
    foreach ($_COOKIE as $name => $value) {
        setcookie($name, "deleted", time() - 60, "/");
    }
}
Esempio n. 5
0
 public static function process($url, $history_call = false, $refresh = false)
 {
     if (MODULE_TIMES) {
         $time = microtime(true);
     }
     $url = str_replace('&amp;', '&', $url);
     //do we need this if we set arg_separator.output to &?
     if ($url) {
         $_POST = array();
         parse_str($url, $_POST);
         if (get_magic_quotes_gpc()) {
             $_POST = undoMagicQuotes($_POST);
         }
         $_GET = $_REQUEST =& $_POST;
     }
     ModuleManager::load_modules();
     self::check_firstrun();
     if ($history_call === '0') {
         History::clear();
     } elseif ($history_call) {
         History::set_id($history_call);
     }
     //on init call methods...
     $ret = on_init(null, null, null, true);
     foreach ($ret as $k) {
         call_user_func_array($k['func'], $k['args']);
     }
     $root =& ModuleManager::create_root();
     self::go($root);
     //go somewhere else?
     $loc = location(null, true);
     //on exit call methods...
     $ret = on_exit(null, null, null, true, $loc === false);
     foreach ($ret as $k) {
         call_user_func_array($k['func'], $k['args']);
     }
     if ($loc !== false) {
         if (isset($_REQUEST['__action_module__'])) {
             $loc['__action_module__'] = $_REQUEST['__action_module__'];
         }
         //clean up
         foreach (self::$content as $k => $v) {
             unset(self::$content[$k]);
         }
         foreach (self::$jses as $k => $v) {
             if ($v[1]) {
                 unset(self::$jses[$k]);
             }
         }
         //go
         $loc['__location'] = microtime(true);
         return self::process(http_build_query($loc), false, true);
     }
     $debug = '';
     if (DEBUG && ($debug_diff = @(include_once 'tools/Diff.php'))) {
         require_once 'tools/Text/Diff/Renderer/inline.php';
         $diff_renderer = new Text_Diff_Renderer_inline();
     }
     //clean up old modules
     if (isset($_SESSION['client']['__module_content__'])) {
         $to_cleanup = array_keys($_SESSION['client']['__module_content__']);
         foreach ($to_cleanup as $k) {
             $mod = ModuleManager::get_instance($k);
             if ($mod === null) {
                 $xx = explode('/', $k);
                 $yy = explode('|', $xx[count($xx) - 1]);
                 $mod = $yy[0];
                 if (is_callable(array($mod . 'Common', 'destroy'))) {
                     call_user_func(array($mod . 'Common', 'destroy'), $k, isset($_SESSION['client']['__module_vars__'][$k]) ? $_SESSION['client']['__module_vars__'][$k] : null);
                 }
                 if (DEBUG) {
                     $debug .= 'Clearing mod vars & module content ' . $k . '<br>';
                 }
                 unset($_SESSION['client']['__module_vars__'][$k]);
                 unset($_SESSION['client']['__module_content__'][$k]);
             }
         }
     }
     $reloaded = array();
     foreach (self::$content as $k => $v) {
         $reload = $v['module']->get_reload();
         $parent = $v['module']->get_parent_path();
         if (DEBUG && REDUCING_TRANSFER) {
             $debug .= '<hr style="height: 3px; background-color:black">';
             $debug .= '<b> Checking ' . $k . ', &nbsp;&nbsp;&nbsp; parent=' . $v['module']->get_parent_path() . '</b><ul>' . '<li>Force - ' . (isset($reload) ? print_r($reload, true) : 'not set') . '</li>' . '<li>First display - ' . (isset($_SESSION['client']['__module_content__'][$k]) ? 'no</li>' . '<li>Content changed - ' . ($_SESSION['client']['__module_content__'][$k]['value'] !== $v['value'] ? 'yes' : 'no') . '</li>' . '<li>JS changed - ' . ($_SESSION['client']['__module_content__'][$k]['js'] !== $v['js'] ? 'yes' : 'no') : 'yes') . '</li>' . '<li>Parent reloaded - ' . (isset($reloaded[$parent]) ? 'yes' : 'no') . '</li>' . '<li>History call - ' . ($history_call ? 'yes' : 'no') . '</li>' . '</ul>';
         }
         if (!REDUCING_TRANSFER || (!isset($reload) && (!isset($_SESSION['client']['__module_content__'][$k]) || $_SESSION['client']['__module_content__'][$k]['value'] !== $v['value'] || $_SESSION['client']['__module_content__'][$k]['js'] !== $v['js']) || $history_call || $reload == true || isset($reloaded[$parent]))) {
             //force reload or parent reloaded
             if (DEBUG && isset($_SESSION['client']['__module_content__'])) {
                 $debug .= '<b>Reloading: ' . (isset($v['span']) ? ';&nbsp;&nbsp;&nbsp;&nbsp;span=' . $v['span'] . ',' : '') . '&nbsp;&nbsp;&nbsp;&nbsp;triggered=' . ($reload == true ? 'force' : 'auto') . ',&nbsp;&nbsp;</b><hr><b>New value:</b><br><pre>' . htmlspecialchars($v['value']) . '</pre>' . (isset($_SESSION['client']['__module_content__'][$k]['value']) ? '<hr><b>Old value:</b><br><pre>' . htmlspecialchars($_SESSION['client']['__module_content__'][$k]['value']) . '</pre>' : '');
                 if ($debug_diff && isset($_SESSION['client']['__module_content__'][$k]['value'])) {
                     $xxx = new Text_Diff(explode("\n", $_SESSION['client']['__module_content__'][$k]['value']), explode("\n", $v['value']));
                     $debug .= '<hr><b>Diff:</b><br><pre>' . $diff_renderer->render($xxx) . '</pre>';
                 }
                 $debug .= '<hr style="height: 5px; background-color:black">';
             }
             if (isset($v['span'])) {
                 self::text($v['value'], $v['span']);
             }
             if ($v['js']) {
                 self::js(join(";", $v['js']));
             }
             if (REDUCING_TRANSFER) {
                 $_SESSION['client']['__module_content__'][$k]['value'] = $v['value'];
                 $_SESSION['client']['__module_content__'][$k]['js'] = $v['js'];
             }
             $_SESSION['client']['__module_content__'][$k]['parent'] = $parent;
             $reloaded[$k] = true;
             if (method_exists($v['module'], 'reloaded')) {
                 $v['module']->reloaded();
             }
         }
     }
     foreach ($_SESSION['client']['__module_content__'] as $k => $v) {
         if (!array_key_exists($k, self::$content) && isset($reloaded[$v['parent']])) {
             if (DEBUG) {
                 $debug .= 'Reloading missing ' . $k . '<hr>';
             }
             if (isset($v['span'])) {
                 self::text($v['value'], $v['span']);
             }
             if (isset($v['js']) && $v['js']) {
                 self::js(join(";", $v['js']));
             }
             $reloaded[$k] = true;
         }
     }
     if (DEBUG) {
         $debug .= 'vars ' . CID . ': ' . print_r($_SESSION['client']['__module_vars__'], true) . '<br>';
         $debug .= 'user='******'<br>';
         if (isset($_REQUEST['__action_module__'])) {
             $debug .= 'action module=' . $_REQUEST['__action_module__'] . '<br>';
         }
     }
     $debug .= self::debug();
     if (MODULE_TIMES) {
         foreach (self::$content as $k => $v) {
             $style = 'color:red;font-weight:bold';
             if ($v['time'] < 0.5) {
                 $style = 'color:orange;font-weight:bold';
             }
             if ($v['time'] < 0.05) {
                 $style = 'color:green;font-weight:bold';
             }
             $debug .= 'Time of loading module <b>' . $k . '</b>: <i>' . '<span style="' . $style . ';">' . number_format($v['time'], 4) . '</span>' . '</i><br>';
         }
         $debug .= 'Page renderered in ' . (microtime(true) - $time) . 's<hr>';
     }
     if (SQL_TIMES) {
         $debug .= '<font size="+1">QUERIES</font><br>';
         $queries = DB::GetQueries();
         $sum = 0;
         $qty = 0;
         foreach ($queries as $kk => $q) {
             $style = 'color:red;font-weight:bold';
             if ($q['time'] < 0.5) {
                 $style = 'color:orange;font-weight:bold';
             }
             if ($q['time'] < 0.05) {
                 $style = 'color:green';
             }
             for ($kkk = 0; $kkk < $kk; $kkk++) {
                 if ($queries[$kkk]['args'] == $q['args']) {
                     $style .= ';text-decoration:underline';
                 }
             }
             $debug .= '<span style="' . $style . ';">' . '<b>' . $q['func'] . '</b> ' . htmlspecialchars(var_export($q['args'], true)) . ' <i><b>' . number_format($q['time'], 4) . '</b></i>' . (isset($q['caller']) ? ', ' . $q['caller'] : '') . '<br>' . '</span>';
             $sum += $q['time'];
             $qty++;
         }
         $debug .= '<b>Number of queries:</b> ' . $qty . '<br>';
         $debug .= '<b>Queries times:</b> ' . $sum . '<br>';
     }
     if (!isset($_SESSION['client']['custom_debug']) || $debug != $_SESSION['client']['custom_debug']) {
         self::text($debug, 'debug');
         if ($debug) {
             Epesi::js("\$('debug_content').style.display='block';");
         }
         $_SESSION['client']['custom_debug'] = $debug;
     }
     if (!$history_call && !History::soft_call()) {
         History::set();
     }
     if (!$history_call) {
         self::js('Epesi.history_add(' . History::get_id() . ')');
     }
     self::send_output();
 }
Esempio n. 6
0
function undoMagicQuotes($value)
{
    if (!is_array($value)) {
        return stripslashes($value);
    } else {
        foreach ($value as $k => $v) {
            $value[$k] = undoMagicQuotes($v);
        }
        return $value;
    }
}