/**
* Loads a specific configuration.
*
* @param array $config An array of configuration values
* @param ContainerBuilder $container A ContainerBuilder instance
*
* @throws \InvalidArgumentException When provided tag is not defined in this extension
*/
public function load(array $config, ContainerBuilder $container)
{
foreach ($this->paths as $path) {
if (file_exists($path . '/config/services.yml')) {
$loader = new YamlFileLoader($container, new FileLocator(src_realpath($path . '/config')));
$loader->load('services.yml');
}
}
}
/**
* Find a list of controllers
*
* @param string $base_path Base path to prepend to file paths
* @return provider
*/
public function find($base_path = '')
{
$this->routes = new RouteCollection();
foreach ($this->routing_files as $file_path) {
$loader = new YamlFileLoader(new FileLocator(src_realpath($base_path)));
$this->routes->addCollection($loader->load($file_path));
}
return $this;
}
/**
* Removes absolute path to src root directory from error messages
* and converts backslashes to forward slashes.
*
* @param string $errfile Absolute file path
* (e.g. /var/www/src3/src/includes/functions.php)
* Please note that if $errfile is outside of the src root,
* the root path will not be found and can not be filtered.
* @return string Relative file path
* (e.g. /includes/functions.php)
*/
function src_filter_root_path($errfile)
{
static $root_path;
if (empty($root_path)) {
$root_path = src_realpath(dirname(__FILE__) . '/../');
}
return str_replace(array($root_path, '\\'), array('[ROOT]', '/'), $errfile);
}
/**
* Used to test whether we are able to connect to the database the user has specified
* and identify any problems (eg there are already tables with the names we want to use
* @param array $dbms should be of the format of an element of the array returned by {@link get_available_dbms get_available_dbms()}
* necessary extensions should be loaded already
*/
function connect_check_db($error_connect, &$error, $dbms_details, $table_prefix, $dbhost, $dbuser, $dbpasswd, $dbname, $dbport, $prefix_may_exist = false, $load_dbal = true, $unicode_check = true)
{
global $src_root_path, $phpEx, $config, $lang;
$dbms = $dbms_details['DRIVER'];
// Instantiate it and set return on error true
$db = new $dbms();
$db->sql_return_on_error(true);
// Check that we actually have a database name before going any further.....
if ($dbms_details['DRIVER'] != 'src\\db\\driver\\sqlite' && $dbms_details['DRIVER'] != 'src\\db\\driver\\sqlite3' && $dbms_details['DRIVER'] != 'src\\db\\driver\\oracle' && $dbname === '') {
$error[] = $lang['INST_ERR_DB_NO_NAME'];
return false;
}
// Make sure we don't have a daft user who thinks having the SQLite database in the forum directory is a good idea
if (($dbms_details['DRIVER'] == 'src\\db\\driver\\sqlite' || $dbms_details['DRIVER'] == 'src\\db\\driver\\sqlite3') && stripos(src_realpath($dbhost), src_realpath('../')) === 0) {
$error[] = $lang['INST_ERR_DB_FORUM_PATH'];
return false;
}
// Check the prefix length to ensure that index names are not too long and does not contain invalid characters
switch ($dbms_details['DRIVER']) {
case 'src\\db\\driver\\mysql':
case 'src\\db\\driver\\mysqli':
if (strspn($table_prefix, '-./\\') !== 0) {
$error[] = $lang['INST_ERR_PREFIX_INVALID'];
return false;
}
// no break;
// no break;
case 'src\\db\\driver\\postgres':
$prefix_length = 36;
break;
case 'src\\db\\driver\\mssql':
case 'src\\db\\driver\\mssql_odbc':
case 'src\\db\\driver\\mssqlnative':
$prefix_length = 90;
break;
case 'src\\db\\driver\\sqlite':
case 'src\\db\\driver\\sqlite3':
$prefix_length = 200;
break;
case 'src\\db\\driver\\oracle':
$prefix_length = 6;
break;
}
if (strlen($table_prefix) > $prefix_length) {
$error[] = sprintf($lang['INST_ERR_PREFIX_TOO_LONG'], $prefix_length);
return false;
}
// Try and connect ...
if (is_array($db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, true))) {
$db_error = $db->sql_error();
$error[] = $lang['INST_ERR_DB_CONNECT'] . '<br />' . ($db_error['message'] ? utf8_convert_message($db_error['message']) : $lang['INST_ERR_DB_NO_ERROR']);
} else {
// Likely matches for an existing src installation
if (!$prefix_may_exist) {
$temp_prefix = strtolower($table_prefix);
$table_ary = array($temp_prefix . 'attachments', $temp_prefix . 'config', $temp_prefix . 'sessions', $temp_prefix . 'topics', $temp_prefix . 'users');
$tables = get_tables($db);
$tables = array_map('strtolower', $tables);
$table_intersect = array_intersect($tables, $table_ary);
if (sizeof($table_intersect)) {
$error[] = $lang['INST_ERR_PREFIX'];
}
}
// Make sure that the user has selected a sensible DBAL for the DBMS actually installed
switch ($dbms_details['DRIVER']) {
case 'src\\db\\driver\\mysqli':
if (version_compare(mysqli_get_server_info($db->get_db_connect_id()), '4.1.3', '<')) {
$error[] = $lang['INST_ERR_DB_NO_MYSQLI'];
}
break;
case 'src\\db\\driver\\sqlite':
if (version_compare(sqlite_libversion(), '2.8.2', '<')) {
$error[] = $lang['INST_ERR_DB_NO_SQLITE'];
}
break;
case 'src\\db\\driver\\sqlite3':
$version = \SQLite3::version();
if (version_compare($version['versionString'], '3.6.15', '<')) {
$error[] = $lang['INST_ERR_DB_NO_SQLITE3'];
}
break;
case 'src\\db\\driver\\oracle':
if ($unicode_check) {
$sql = "SELECT *\n\t\t\t\t\t\tFROM NLS_DATABASE_PARAMETERS\n\t\t\t\t\t\tWHERE PARAMETER = 'NLS_RDBMS_VERSION'\n\t\t\t\t\t\t\tOR PARAMETER = 'NLS_CHARACTERSET'";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$stats[$row['parameter']] = $row['value'];
}
$db->sql_freeresult($result);
if (version_compare($stats['NLS_RDBMS_VERSION'], '9.2', '<') && $stats['NLS_CHARACTERSET'] !== 'UTF8') {
$error[] = $lang['INST_ERR_DB_NO_ORACLE'];
}
}
break;
case 'src\\db\\driver\\postgres':
if ($unicode_check) {
$sql = "SHOW server_encoding;";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row['server_encoding'] !== 'UNICODE' && $row['server_encoding'] !== 'UTF8') {
$error[] = $lang['INST_ERR_DB_NO_POSTGRES'];
}
}
break;
}
}
if ($error_connect && (!isset($error) || !sizeof($error))) {
return true;
}
return false;
}
/**
* Loads a specific configuration.
*
* @param array $config An array of configuration values
* @param ContainerBuilder $container A ContainerBuilder instance
*
* @throws \InvalidArgumentException When provided tag is not defined in this extension
*/
public function load(array $config, ContainerBuilder $container)
{
$loader = new YamlFileLoader($container, new FileLocator(src_realpath($this->config_path)));
$loader->load('services.yml');
}
/**
* Extract current session page
*
* @param string $root_path current root path (src_root_path)
* @return array
*/
static function extract_current_page($root_path)
{
global $request, $symfony_request, $src_filesystem;
$page_array = array();
// First of all, get the request uri...
$script_name = $request->escape($symfony_request->getScriptName(), true);
$args = $request->escape(explode('&', $symfony_request->getQueryString()), true);
// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
if (!$script_name) {
$script_name = htmlspecialchars_decode($request->server('REQUEST_URI'));
$script_name = ($pos = strpos($script_name, '?')) !== false ? substr($script_name, 0, $pos) : $script_name;
$page_array['failover'] = 1;
}
// Replace backslashes and doubled slashes (could happen on some proxy setups)
$script_name = str_replace(array('\\', '//'), '/', $script_name);
// Now, remove the sid and let us get a clean query string...
$use_args = array();
// Since some browser do not encode correctly we need to do this with some "special" characters...
// " -> %22, ' => %27, < -> %3C, > -> %3E
$find = array('"', "'", '<', '>', '"', '<', '>');
$replace = array('%22', '%27', '%3C', '%3E', '%22', '%3C', '%3E');
foreach ($args as $key => $argument) {
if (strpos($argument, 'sid=') === 0) {
continue;
}
$use_args[] = str_replace($find, $replace, $argument);
}
unset($args);
// The following examples given are for an request uri of {path to the src directory}/adm/index.php?i=10&b=2
// The current query string
$query_string = trim(implode('&', $use_args));
// basenamed page name (for example: index.php)
$page_name = substr($script_name, -1, 1) == '/' ? '' : basename($script_name);
$page_name = urlencode(htmlspecialchars($page_name));
$symfony_request_path = $src_filesystem->clean_path($symfony_request->getPathInfo());
if ($symfony_request_path !== '/') {
$page_name .= str_replace('%2F', '/', urlencode($symfony_request_path));
}
// current directory within the src root (for example: adm)
$root_dirs = explode('/', str_replace('\\', '/', src_realpath($root_path)));
$page_dirs = explode('/', str_replace('\\', '/', src_realpath('./')));
$intersection = array_intersect_assoc($root_dirs, $page_dirs);
$root_dirs = array_diff_assoc($root_dirs, $intersection);
$page_dirs = array_diff_assoc($page_dirs, $intersection);
$page_dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs);
if ($page_dir && substr($page_dir, -1, 1) == '/') {
$page_dir = substr($page_dir, 0, -1);
}
// Current page from src root (for example: adm/index.php?i=10&b=2)
$page = ($page_dir ? $page_dir . '/' : '') . $page_name;
if ($query_string) {
$page .= '?' . $query_string;
}
// The script path from the webroot to the current directory (for example: /src3/adm/) : always prefixed with / and ends in /
$script_path = $symfony_request->getBasePath();
// The script path from the webroot to the src root (for example: /src3/)
$script_dirs = explode('/', $script_path);
array_splice($script_dirs, -sizeof($page_dirs));
$root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ? '/' . implode('/', $root_dirs) : '');
// We are on the base level (src root == webroot), lets adjust the variables a bit...
if (!$root_script_path) {
$root_script_path = $page_dir ? str_replace($page_dir, '', $script_path) : $script_path;
}
$script_path .= substr($script_path, -1, 1) == '/' ? '' : '/';
$root_script_path .= substr($root_script_path, -1, 1) == '/' ? '' : '/';
$forum_id = $request->variable('f', 0);
// maximum forum id value is maximum value of mediumint unsigned column
$forum_id = $forum_id > 0 && $forum_id < 16777215 ? $forum_id : 0;
$page_array += array('page_name' => $page_name, 'page_dir' => $page_dir, 'query_string' => $query_string, 'script_path' => str_replace(' ', '%20', htmlspecialchars($script_path)), 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), 'page' => $page, 'forum' => $forum_id);
return $page_array;
}
/**
* Find the template
*
* Override for Twig_Loader_Filesystem::findTemplate to add support
* for loading from safe directories.
*/
protected function findTemplate($name)
{
$name = (string) $name;
// normalize name
$name = preg_replace('#/{2,}#', '/', strtr($name, '\\', '/'));
// If this is in the cache we can skip the entire process below
// as it should have already been validated
if (isset($this->cache[$name])) {
return $this->cache[$name];
}
// First, find the template name. The override above of validateName
// causes the validateName process to be skipped for this call
$file = parent::findTemplate($name);
try {
// Try validating the name (which may throw an exception)
parent::validateName($name);
} catch (\Twig_Error_Loader $e) {
if (strpos($e->getRawMessage(), 'Looks like you try to load a template outside configured directories') === 0) {
// Ok, so outside of the configured template directories, we
// can now check if we're within a "safe" directory
// Find the real path of the directory the file is in
$directory = src_realpath(dirname($file));
if ($directory === false) {
// Some sort of error finding the actual path, must throw the exception
throw $e;
}
foreach ($this->safe_directories as $safe_directory) {
if (strpos($directory, $safe_directory) === 0) {
// The directory being loaded is below a directory
// that is "safe". We're good to load it!
return $file;
}
}
}
// Not within any safe directories
throw $e;
}
// No exception from validateName, safe to load.
return $file;
}
