and that from a security point of view, cannot be trusted.
</li>
<li>$_SESSION - contains HTTP variables registered by the session module</li>
</ul>
<p>
Now, other than the fact that these variables contain this special information,
they're also special in another way - they're automatically global in any
scope. This means that you can access them anywhere, without having to
'global' them first. For example:
</p>
<?php
highlight_php('<?php
function example1()
{
print $_GET["name"]; // works, \'global $_GET;\' is not necessary!
}
?>');
?>
<p>
would work fine! We hope that this fact would ease the pain in migrating
old code to new code a bit, and we're confident it's going to make writing
new code easier. Another neat trick is that creating new entries in the
$_SESSION array will automatically register them as session variables, as
if you called session_register(). This trick is limited to the session
module only - for example, setting new entries in $_ENV will
<strong>not</strong> perform an implicit putenv().
</p>
<p>
function highlight_html($code)
{
return highlight_php($code);
}
$_SESSION - contient toutes les variables HTTP enregistrées par le
module des sessions
</li>
</ul>
<p>
Maintenant, entre autre le fait que ces variables contiennent ces
informations spéciales, elles sont aussi automatiquement globales
dans toutes les portées. Cela signifie que vous pouvez y accéder
de n'importe où, sans avoir à les déclarer en globales. Par exemple:
</p>
<?php
highlight_php('<?php
function example1()
{
print $_GET["name"]; // fonctionne, pas besoin de \'global $_GET;\' !
}
?>');
?>
<p>
va fonctionner très bien! Nous espérons que cela va faciliter la tâche
durant la migration de vieux code vers le nouveau, et nous sommes sûrs
que cela vous simplifiera l'écriture de nouveaux codes.
Une autre astuce est que le fait de créer de nouvelles entrées dans
$_SESSION va automatiquement les enregistrer comme variables de session,
comme si vous auriez appelé session_register(). Cette astuce est limitée
uniquement au module de gestion de session - par exemple, créer de
nouvelles entrés dans $_ENV ne va <strong>pas</strong> exécuter un put_env()
implicite.
</p>
if (isset($difference['to'])) {
$diffcheck .= highlight_php(implode("\n", $difference['to']), $rowfile2[0]);
}
$diffcheck .= '</td>';
$diffcheck .= '</tr>';
}
$diffcheck .= '</table>';
}
} else {
if (check_if_image($filename)) {
$svnurl = parse_url(ROSTER_SVNREMOTE);
$svnpath = pathinfo($svnurl['path'], PATHINFO_DIRNAME);
$svnurl = $svnurl['scheme'] . '://' . $svnurl['host'] . $svnpath . '/';
$diffcheck = '<table width="100%" border="0" cellspacing="0">' . '<tr><th class="membersHeaderRight">SVN Image</th></tr>' . '<tr><td class="membersRowRight1"><img src="' . $svnurl . $filename . '" alt="" /></td></tr>' . '<tr><td class="membersRowRight2"> </td></tr></table>';
} else {
$diffcheck = '<table width="100%" border="0" cellspacing="0">' . '<tr><th class="membersHeaderRight">SVN File</th></tr>' . '<tr><td class="membersRowRight1">' . highlight_php(str_replace("\r\n", "\n", $filesvnsource)) . '</td></tr>' . '</table>';
}
}
print '<table border="0" cellspacing="6"><tr><td valign="top" align="right">' . "\n";
print border('syellow', 'start', 'MD5 Information for file: ' . $filename) . "\n";
print '<table width="100%" cellspacing="0" border="0" class="bodyline">';
print '<tr><td class="membersRow1">Remote:</td><td class="membersRowRight1">' . $md5remote . "</td></tr>\n";
print '<tr><td class="membersRow2">Local:</td><td class="membersRowRight2">' . $md5local . "</td></tr>\n";
print "</table>\n";
print border('syellow', 'end');
print '</td><td> </td><td valign="top" align="left">';
print border('sblue', 'start', 'Back Link');
print '<table width="100%" cellspacing="0" border="0" class="bodyline">';
print '<tr><td class="membersRowRight2"><form method="post" action="' . makelink() . '">';
print '<input type="hidden" name="filename" value="' . $filename . '" />';
print '<input type="hidden" name="downloadsvn" value="savefile" />';
$getgold_snippet .= "}\n";
$getgold_snippet .= "// - end User gold \n";
$activity_snippet = "<?php \n";
$activity_snippet .= "// - Start User Gold \n";
$activity_snippet .= "if (USERGOLD)\n";
$activity_snippet .= "{\n";
$activity_snippet .= "activity_check(\$gold,\$userid);\n";
$activity_snippet .= "}\n";
$activity_snippet .= "// - end User gold \n";
opentable($title . ' ' . $locale['urg_a_makecode_101']);
echo $locale['urg_a_makecode_102'];
if ($_REQUEST['title'] == 'getgold') {
echo "<hr />" . $locale['urg_a_makecode_103'];
echo highlight_php($getgold_snippet);
} elseif ($_REQUEST['title'] == 'activity') {
echo "<hr />" . sprintf($locale['urg_a_makecode_104'], $userid, $gold);
echo highlight_php($activity_snippet);
} else {
echo "<hr />" . $locale['urg_a_makecode_105'];
echo highlight_php($core_snippet);
echo "<hr />" . $locale['urg_a_makecode_106'];
echo highlight_php($pay_snippet);
echo "<hr />" . $locale['urg_a_makecode_107'];
echo highlight_php($take_snippet);
echo "<hr />\n";
}
echo "<div align='center'><strong>\n";
echo "<a href='javascript:window.close();'><img style='border: 0;' src='../images/close.png' title='" . $locale['urg_a_makecode_108'] . "' alt='" . $locale['urg_a_makecode_108'] . "' /></a>\n";
echo "</strong></div>\n";
closetable();
echo "</body>\n</html>\n";
/**
* Analyzes a given file and produces an HTML table of all commentable elements
*/
static function AJAX_Analyze()
{
// Which file?
$file = $_POST['File'];
// Prevent loading illegal files
if (strpos($file, ":") !== FALSE || strpos($file, "..") !== FALSE || strtolower(substr(pathinfo($file, PATHINFO_EXTENSION), 0, 3)) != "php") {
die("Invalid file");
}
// Does this file exist?
if (!file_exists($file)) {
die("Error: file not found");
}
// File too big?
if (filesize($file) > 4 * 1024 * 1024) {
die("Error: this file is over 4 megabytes, parsing would take too long.");
}
// Read file...
$source = @file_get_contents($file);
if (!$source) {
die("ERR3");
}
// Display
$blocks = DocBlock::ParseCode($source);
if ($blocks === null) {
echo "This PHP script does not seem to contain any PHP code. It cannot be documented.";
} else {
//echo "<pre>";
$out = "\n\t\t\t\t<table cellspacing=0 cellpadding=0 id='blocklist'>\n\t\t\t\t\t<thead>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<th> </th>\n\t\t\t\t\t\t\t<th>Done</th>\n\t\t\t\t\t\t\t<th>Line</th>\n\t\t\t\t\t\t\t<th>Code</th>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t</thead>\n\t\t\t\t\t<tbody>\n\t\t\t";
$pageblock = false;
$complete = 0;
$i = 0;
$rows = "";
foreach ($blocks as $block) {
if ($block->type == BLOCK_PAGE) {
$pageblock = true;
}
if ($block->type == BLOCK_PAGE && !$_POST['Dpage']) {
continue;
}
$jsoncomment = str_replace("\n", '', str_replace("\r", '', str_replace('"', '"', strip_tags(implode('<br />', $block->Output(true)), "<br>"))));
$state = $block->valid ? "<span class='valid comment' title='Comment' data-comment=\"{$jsoncomment}\">Yes</span>" : "-<span class='todo'>No</span>-";
$jsonobj = json_encode($block);
$rows .= "\n\t\t\t\t\t<tr class='" . ($i % 2 == 1 ? "odd" : "") . "'>\n\t\t\t\t\t\t<td><button data-index='{$i}' id='action{$i}' data-type='{$block->type}' data-obj=\"" . str_replace('"', '"', $jsonobj) . "\" class='action'>Edit</button></td>\n\t\t\t\t\t\t<td align=center>{$state}</td>\n\t\t\t\t\t\t<td align=center><a href='#line" . $block->line . "' style='text-decoration: none;' title='Jump to code (when "Display Source" option is enabled)'>" . $block->line . "</a></td>\n\t\t\t\t\t\t<td>" . ($block->type != BLOCK_PAGE ? $block->associatedHlCode : "(Page DocBlock)") . "</td>\n\t\t\t\t\t</tr>\n\t\t\t\t";
$complete += $block->valid ? 1 : 0;
$i++;
}
if (!$pageblock && $_POST['Dpage']) {
$rows = "<tr class='dbmissing'><td><button data-stuff='' class='action'>Edit</button></td><td align=center colspan=3><span class=todo>Page DocBlock is missing</span></td></tr>" . $rows;
}
$out .= $rows . "</tbody></table>";
// Statistics
$total = count($blocks);
if (!$pageblock) {
$total++;
}
$completion = round($complete / $total * 100);
$out .= "<br />Current code commenting completion: <b>{$completion}%</b><br />";
// No rows at all?
if (!$rows) {
$out = "No code to document.";
}
}
// Output
echo $out;
// Do we show the source?
if ($_POST['ShowSource']) {
echo "<h2>Source Code</h2>";
$lines = preg_split("/((\r?\n)|(\n?\r))/", $source);
echo highlight_php(isUtf8($source) ? implode(PHP_EOL, $lines) : utf8_encode(implode(PHP_EOL, $lines)), true);
}
die;
}
site_header("Show Source", array("current" => "FIXME"));
// No file param specified
if (!isset($_GET['url']) || isset($_GET['url']) && !is_string($_GET['url'])) {
echo "<h1>No page URL specified</h1>";
site_footer();
exit;
}
echo "<h1>Source of: " . htmlentities($_GET['url'], ENT_IGNORE, 'UTF-8') . "</h1>";
// Get dirname of the specified URL part
$dir = dirname($_GET['url']);
// Some dir was present in the filename
if (!empty($dir) && !preg_match("!^(\\.|/)\$!", $dir)) {
// Check if the specified dir is valid
$legal_dirs = array("/manual", "/include", "/stats", "/error", "/license", "/conferences", "/archive", "/releases", "/security", "/reST");
if ((preg_match("!^/manual/!", $dir) || in_array($dir, $legal_dirs)) && strpos($dir, "..") === FALSE) {
$page_name = $_SERVER['DOCUMENT_ROOT'] . $_GET['url'];
} else {
$page_name = FALSE;
}
} else {
$page_name = $_SERVER['DOCUMENT_ROOT'] . '/' . basename($_GET['url']);
}
// Provide some feedback based on the file found
if (!$page_name || @is_dir($page_name)) {
echo "<p>Invalid file or folder specified</p>\n";
} elseif (file_exists($page_name)) {
highlight_php(join("", file($page_name)));
} else {
echo "<p>This file does not exist.</p>\n";
}
site_footer();