Пример #1
0
/**
 * Retrieve the contents of a remote URL.
 * First tries using built-in PHP modules (OpenSSL and cURL), then attempts 
 * system call as last resort.
 * @param string URL
 * @return null|string URL contents (NULL in case of errors)
 */
function url_get($p_url)
{
    # Generic PHP call
    if (ini_get_bool('allow_url_fopen')) {
        $t_data = @file_get_contents($p_url);
        if ($t_data !== false) {
            return $t_data;
        }
        # If the call failed (e.g. due to lack of https wrapper)
        # we fall through to attempt retrieving URL with another method
    }
    # Use the PHP cURL extension
    if (function_exists('curl_init')) {
        $t_curl = curl_init($p_url);
        curl_setopt($t_curl, CURLOPT_RETURNTRANSFER, true);
        # @todo It may be useful to provide users a way to define additional
        # custom options for curl module, e.g. proxy settings and authentication.
        # This could be stored in a global config option.
        $t_data = curl_exec($t_curl);
        curl_close($t_curl);
        if ($t_data !== false) {
            return $t_data;
        }
    }
    # Last resort system call
    $t_url = escapeshellarg($p_url);
    return shell_exec('curl ' . $t_url);
}
Пример #2
0
/**
 * Retrieve the contents of a remote URL.
 * First tries using built-in PHP modules (OpenSSL and cURL), then attempts
 * system call as last resort.
 * @param string $p_url The URL to fetch.
 * @return null|string URL contents (NULL in case of errors)
 */
function url_get($p_url)
{
    # Generic PHP call
    if (ini_get_bool('allow_url_fopen')) {
        $t_data = @file_get_contents($p_url);
        if ($t_data !== false) {
            return $t_data;
        }
        # If the call failed (e.g. due to lack of https wrapper)
        # we fall through to attempt retrieving URL with another method
    }
    # Use the PHP cURL extension
    if (function_exists('curl_init')) {
        $t_curl = curl_init($p_url);
        # cURL options
        $t_curl_opt[CURLOPT_RETURNTRANSFER] = true;
        # @todo It may be useful to provide users a way to define additional
        # custom options for curl module, e.g. proxy settings and authentication.
        # This could be stored in a global config option.
        # Default User Agent (Mantis version + php curl extension version)
        $t_vers = curl_version();
        $t_curl_opt[CURLOPT_USERAGENT] = 'mantisbt/' . MANTIS_VERSION . ' php-curl/' . $t_vers['version'];
        # Set the options
        curl_setopt_array($t_curl, $t_curl_opt);
        # Retrieve data
        $t_data = curl_exec($t_curl);
        curl_close($t_curl);
        if ($t_data !== false) {
            return $t_data;
        }
    }
    # Last resort system call
    $t_url = escapeshellarg($p_url);
    return shell_exec('curl ' . $t_url);
}
Пример #3
0
 public function preInit()
 {
     //! вызывается только для публичных страниц только если prolog.php подключался (нет, если prolog_before.php)
     if (file_exists($_SERVER["DOCUMENT_ROOT"] . BX_PERSONAL_ROOT . "/html_pages/.enabled")) {
         define("BITRIX_STATIC_PAGES", true);
         require_once dirname(__FILE__) . "/../classes/general/cache_html.php";
         \CHTMLPagesCache::startCaching();
     }
     //!
     define("START_EXEC_PROLOG_BEFORE_1", microtime());
     $GLOBALS["BX_STATE"] = "PB";
     if (isset($_REQUEST["BX_STATE"])) {
         unset($_REQUEST["BX_STATE"]);
     }
     if (isset($_GET["BX_STATE"])) {
         unset($_GET["BX_STATE"]);
     }
     if (isset($_POST["BX_STATE"])) {
         unset($_POST["BX_STATE"]);
     }
     if (isset($_COOKIE["BX_STATE"])) {
         unset($_COOKIE["BX_STATE"]);
     }
     if (isset($_FILES["BX_STATE"])) {
         unset($_FILES["BX_STATE"]);
     }
     // вызывается только для админских страниц
     if (defined("ADMIN_SECTION") && ADMIN_SECTION === true) {
         define("NEED_AUTH", true);
         if (isset($_REQUEST['bxpublic']) && $_REQUEST['bxpublic'] == 'Y' && !defined('BX_PUBLIC_MODE')) {
             define('BX_PUBLIC_MODE', 1);
         }
     }
     //
     // <start.php>
     if (!isset($USER)) {
         global $USER;
     }
     if (!isset($APPLICATION)) {
         global $APPLICATION;
     }
     if (!isset($DB)) {
         global $DB;
     }
     error_reporting(E_COMPILE_ERROR | E_ERROR | E_CORE_ERROR | E_PARSE);
     define("START_EXEC_TIME", microtime(true));
     define("B_PROLOG_INCLUDED", true);
     require_once $_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/classes/general/version.php";
     require_once $_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/tools.php";
     if (version_compare(PHP_VERSION, "5.0.0") >= 0 && @ini_get_bool("register_long_arrays") != true) {
         $GLOBALS["HTTP_POST_FILES"] = $_FILES;
         $GLOBALS["HTTP_SERVER_VARS"] = $_SERVER;
         $GLOBALS["HTTP_GET_VARS"] = $_GET;
         $GLOBALS["HTTP_POST_VARS"] = $_POST;
         $GLOBALS["HTTP_COOKIE_VARS"] = $_COOKIE;
         $GLOBALS["HTTP_ENV_VARS"] = $_ENV;
     }
     UnQuoteAll();
     FormDecode();
 }
Пример #4
0
 protected function addRawImage($m)
 {
     $url = $m[3];
     if (isset($this->addedImage[$url])) {
         return $m[0];
     }
     if (isset(self::$imageCache[$url])) {
         $data =& self::$imageCache[$url];
     } else {
         if (ini_get_bool('allow_url_fopen')) {
             $data = file_get_contents($url);
         } else {
             $data = new HTTP_Request($url);
             $data->sendRequest();
             $data = $data->getResponseBody();
         }
         self::$imageCache[$url] =& $data;
     }
     switch (strtolower($m[4])) {
         case 'png':
             $mime = 'image/png';
             break;
         case 'gif':
             $mime = 'image/gif';
             break;
         default:
             $mime = 'image/jpeg';
     }
     $this->addHtmlImage($data, $mime, $url, false);
     $this->addedImage[$url] = true;
     return $m[0];
 }
Пример #5
0
/**
 * This function will look for the risky PHP setting register_globals
 * in order to inform about. MDL-12914
 *
 * @param object $result the environment_results object to be modified
 * @return mixed null if the test is irrelevant or environment_results object with
 *               status set to true (test passed) or false (test failed)
 */
function php_check_register_globals($result)
{
    /// Check for register_globals. If enabled, security warning
    if (ini_get_bool('register_globals')) {
        $result->status = false;
    } else {
        $result = null;
    }
    return $result;
}
Пример #6
0
/**
 * Start compression handler if required
 * @return void
 * @access public
 */
function compress_start_handler()
{
    if (compress_handler_is_enabled()) {
        # Before doing anything else, start output buffering so we don't prevent
        # headers from being sent if there's a blank line in an included file
        ob_start('compress_handler');
    } else {
        if (ini_get_bool('zlib.output_compression') == true) {
            if (defined('COMPRESSION_DISABLED')) {
                return;
            }
            ob_start();
        }
    }
}
Пример #7
0
/**
 * Retrieve the contents of a remote URL.
 * First tries using built-in PHP modules, then
 * attempts system calls as last resort.
 * @param string URL
 * @return string URL contents
 */
function url_get($p_url)
{
    # Generic PHP call
    if (ini_get_bool('allow_url_fopen')) {
        return @file_get_contents($p_url);
    }
    # Use the PHP cURL extension
    if (function_exists('curl_init')) {
        $t_curl = curl_init($p_url);
        curl_setopt($t_curl, CURLOPT_RETURNTRANSFER, true);
        $t_data = curl_exec($t_curl);
        curl_close($t_curl);
        return $t_data;
    }
    # Last resort system call
    $t_url = escapeshellarg($p_url);
    return shell_exec('curl ' . $t_url);
}
Пример #8
0
/**
 * Verifies register globals PHP setting.
 * @param bool $detailed
 * @return object result
 */
function report_security_check_globals($detailed = false)
{
    $result = new object();
    $result->issue = 'report_security_check_globals';
    $result->name = get_string('check_globals_name', 'report_security');
    $result->info = null;
    $result->details = null;
    $result->status = null;
    $result->link = null;
    if (ini_get_bool('register_globals')) {
        $result->status = REPORT_SECURITY_CRITICAL;
        $result->info = get_string('check_globals_error', 'report_security');
    } else {
        $result->status = REPORT_SECURITY_OK;
        $result->info = get_string('check_globals_ok', 'report_security');
    }
    if ($detailed) {
        $result->details = get_string('check_globals_details', 'report_security');
    }
    return $result;
}
Пример #9
0
/**
 * Try to disable all output buffering and purge
 * all headers.
 *
 * @access private to be called only from lib/setup.php !
 * @return void
 */
function disable_output_buffering()
{
    $olddebug = error_reporting(0);
    // disable compression, it would prevent closing of buffers
    if (ini_get_bool('zlib.output_compression')) {
        ini_set('zlib.output_compression', 'Off');
    }
    // try to flush everything all the time
    ob_implicit_flush(true);
    // close all buffers if possible and discard any existing output
    // this can actually work around some whitespace problems in config.php
    while (ob_get_level()) {
        if (!ob_end_clean()) {
            // prevent infinite loop when buffer can not be closed
            break;
        }
    }
    // disable any other output handlers
    ini_set('output_handler', '');
    error_reporting($olddebug);
}
Пример #10
0
/**
 * Standard Debugging Function
 *
 * Returns true if the current site debugging settings are equal or above specified level.
 * If passed a parameter it will emit a debugging notice similar to trigger_error(). The
 * routing of notices is controlled by $CFG->debugdisplay
 * eg use like this:
 *
 * 1)  debugging('a normal debug notice');
 * 2)  debugging('something really picky', DEBUG_ALL);
 * 3)  debugging('annoying debug message only for developers', DEBUG_DEVELOPER);
 * 4)  if (debugging()) { perform extra debugging operations (do not use print or echo) }
 *
 * In code blocks controlled by debugging() (such as example 4)
 * any output should be routed via debugging() itself, or the lower-level
 * trigger_error() or error_log(). Using echo or print will break XHTML
 * JS and HTTP headers.
 *
 * It is also possible to define NO_DEBUG_DISPLAY which redirects the message to error_log.
 *
 * @uses DEBUG_NORMAL
 * @param string $message a message to print
 * @param int $level the level at which this debugging statement should show
 * @param array $backtrace use different backtrace
 * @return bool
 */
function debugging($message = '', $level = DEBUG_NORMAL, $backtrace = null)
{
    global $CFG, $USER, $UNITTEST;
    $forcedebug = false;
    if (!empty($CFG->debugusers)) {
        $debugusers = explode(',', $CFG->debugusers);
        $forcedebug = in_array($USER->id, $debugusers);
    }
    if (!$forcedebug and empty($CFG->debug) || $CFG->debug < $level) {
        return false;
    }
    if (!isset($CFG->debugdisplay)) {
        $CFG->debugdisplay = ini_get_bool('display_errors');
    }
    if ($message) {
        if (!$backtrace) {
            $backtrace = debug_backtrace();
        }
        $from = format_backtrace($backtrace, CLI_SCRIPT);
        if (!empty($UNITTEST->running)) {
            // When the unit tests are running, any call to trigger_error
            // is intercepted by the test framework and reported as an exception.
            // Therefore, we cannot use trigger_error during unit tests.
            // At the same time I do not think we should just discard those messages,
            // so displaying them on-screen seems like the only option. (MDL-20398)
            echo '<div class="notifytiny">' . $message . $from . '</div>';
        } else {
            if (NO_DEBUG_DISPLAY) {
                // script does not want any errors or debugging in output,
                // we send the info to error log instead
                error_log('Debugging: ' . $message . $from);
            } else {
                if ($forcedebug or $CFG->debugdisplay) {
                    if (!defined('DEBUGGING_PRINTED')) {
                        define('DEBUGGING_PRINTED', 1);
                        // indicates we have printed something
                    }
                    if (CLI_SCRIPT) {
                        echo "++ {$message} ++\n{$from}";
                    } else {
                        echo '<div class="notifytiny">' . $message . $from . '</div>';
                    }
                } else {
                    trigger_error($message . $from, E_USER_NOTICE);
                }
            }
        }
    }
    return true;
}
Пример #11
0
$confirmplugins = optional_param('confirmplugincheck', 0, PARAM_BOOL);
$showallplugins = optional_param('showallplugins', 0, PARAM_BOOL);
$agreelicense = optional_param('agreelicense', 0, PARAM_BOOL);
$fetchupdates = optional_param('fetchupdates', 0, PARAM_BOOL);
// Check some PHP server settings
$PAGE->set_url('/admin/index.php');
$PAGE->set_pagelayout('admin');
// Set a default pagelayout
$documentationlink = '<a href="http://docs.moodle.org/en/Installation">Installation docs</a>';
if (ini_get_bool('session.auto_start')) {
    print_error('phpvaroff', 'debug', '', (object) array('name' => 'session.auto_start', 'link' => $documentationlink));
}
if (ini_get_bool('magic_quotes_runtime')) {
    print_error('phpvaroff', 'debug', '', (object) array('name' => 'magic_quotes_runtime', 'link' => $documentationlink));
}
if (!ini_get_bool('file_uploads')) {
    print_error('phpvaron', 'debug', '', (object) array('name' => 'file_uploads', 'link' => $documentationlink));
}
if (is_float_problem()) {
    print_error('phpfloatproblem', 'admin', '', $documentationlink);
}
// Set some necessary variables during set-up to avoid PHP warnings later on this page
if (!isset($CFG->release)) {
    $CFG->release = '';
}
if (!isset($CFG->version)) {
    $CFG->version = '';
}
$version = null;
$release = null;
require "{$CFG->dirroot}/version.php";
Пример #12
0
if (!is_blank(config_get_global('default_timezone'))) {
    if (print_test_row('Checking if a timezone is set in config.inc.php....', !is_blank(config_get_global('default_timezone')), config_get_global('default_timezone'))) {
        print_test_row('Checking if timezone is valid from config.inc.php....', in_array(config_get_global('default_timezone'), timezone_identifiers_list()), config_get_global('default_timezone'));
    }
} else {
    if (print_test_row('Checking if timezone is set in php.ini....', ini_get('date.timezone') !== '')) {
        print_test_row('Checking if timezone is valid in php.ini....', in_array(ini_get('date.timezone'), timezone_identifiers_list()), ini_get('date.timezone'));
    }
}
test_database_utf8();
print_test_row('Checking Register Globals is set to off', !ini_get_bool('register_globals'));
print_test_row('Checking CRYPT_FULL_SALT is NOT logon method', !(CRYPT_FULL_SALT == config_get_global('login_method')));
print_test_warn_row('Warn if passwords are stored in PLAIN text', !(PLAIN == config_get_global('login_method')));
print_test_warn_row('Warn if CRYPT is used (not MD5) for passwords', !(CRYPT == config_get_global('login_method')));
if (config_get_global('allow_file_upload')) {
    print_test_row('Checking that fileuploads are allowed in php (enabled in mantis config)', ini_get_bool('file_uploads'));
    print_info_row('PHP variable "upload_max_filesize"', ini_get_number('upload_max_filesize'));
    print_info_row('PHP variable "post_max_size"', ini_get_number('post_max_size'));
    print_info_row('MantisBT variable "max_file_size"', config_get_global('max_file_size'));
    print_test_row('Checking MantisBT upload file size is less than php', config_get_global('max_file_size') <= ini_get_number('post_max_size') && config_get_global('max_file_size') <= ini_get_number('upload_max_filesize'));
    switch (config_get_global('file_upload_method')) {
        case DATABASE:
            print_info_row('There may also be settings in your web server and database that prevent you from  uploading files or limit the maximum file size.  See the documentation for those packages if you need more information.');
            if (500 < min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get_global('max_file_size'))) {
                print_info_row('<span class="error">Your current settings will most likely need adjustments to the PHP max_execution_time or memory_limit settings, the MySQL max_allowed_packet setting, or equivalent.');
            }
            break;
        case DISK:
            $t_upload_path = config_get_global('absolute_path_default_upload_folder');
            print_test_row('Checking that absolute_path_default_upload_folder has a trailing directory separator: "' . $t_upload_path . '"', DIRECTORY_SEPARATOR == substr($t_upload_path, -1, 1));
            break;
Пример #13
0
/**
 * Fix value of the translated string before it is saved into the file
 *
 * @uses $CFG
 * @param string $value Raw string to be saved into the lang pack
 * @return string Fixed value
 */
function lang_fix_value_before_save($value = '')
{
    global $CFG;
    if ($CFG->lang != "zh_hk" and $CFG->lang != "zh_tw") {
        // Some MB languages include backslash bytes
        $value = str_replace("\\", "", $value);
        // Delete all slashes
    }
    if (ini_get_bool('magic_quotes_sybase')) {
        // Unescape escaped sybase quotes
        $value = str_replace("''", "'", $value);
    }
    $value = str_replace("'", "\\'", $value);
    // Add slashes for '
    $value = str_replace('"', "\\\"", $value);
    // Add slashes for "
    $value = str_replace("%", "%%", $value);
    // Escape % characters
    $value = str_replace("\r", "", $value);
    // Remove linefeed characters
    $value = trim($value);
    // Delete leading/trailing white space
    return $value;
}
Пример #14
0
</tr>



<!-- Checking register_globals are off -->

<tr>

	<td bgcolor="#ffffff">

		Checking for register_globals are off for DILPS

	</td>

	<?php 
    if (!ini_get_bool('register_globals')) {
        print_test_result(GOOD);
    } else {
        print_test_result(BAD);
    }
    ?>

</tr>



<!-- Checking config file is writable -->

<tr>

	<td bgcolor="#ffffff">
Пример #15
0
/**
 * Returns true if the current site debugging settings are equal or above specified level.
 * If passed a parameter it will emit a debugging notice similar to trigger_error(). The
 * routing of notices is controlled by $CFG->debugdisplay
 * eg use like this:
 *
 * 1)  debugging('a normal debug notice');
 * 2)  debugging('something really picky', DEBUG_ALL);
 * 3)  debugging('annoying debug message only for develpers', DEBUG_DEVELOPER);
 * 4)  if (debugging()) { perform extra debugging operations (do not use print or echo) }
 *
 * In code blocks controlled by debugging() (such as example 4)
 * any output should be routed via debugging() itself, or the lower-level
 * trigger_error() or error_log(). Using echo or print will break XHTML
 * JS and HTTP headers.
 *
 *
 * @param string $message a message to print
 * @param int $level the level at which this debugging statement should show
 * @return bool
 */
function debugging($message = '', $level = DEBUG_NORMAL)
{
    global $CFG;
    if (empty($CFG->debug)) {
        return false;
    }
    if ($CFG->debug >= $level) {
        if ($message) {
            $callers = debug_backtrace();
            $from = '<ul style="text-align: left">';
            foreach ($callers as $caller) {
                if (!isset($caller['line'])) {
                    $caller['line'] = '?';
                    // probably call_user_func()
                }
                if (!isset($caller['file'])) {
                    $caller['file'] = $CFG->dirroot . '/unknownfile';
                    // probably call_user_func()
                }
                $from .= '<li>line ' . $caller['line'] . ' of ' . substr($caller['file'], strlen($CFG->dirroot) + 1);
                if (isset($caller['function'])) {
                    $from .= ': call to ';
                    if (isset($caller['class'])) {
                        $from .= $caller['class'] . $caller['type'];
                    }
                    $from .= $caller['function'] . '()';
                }
                $from .= '</li>';
            }
            $from .= '</ul>';
            if (!isset($CFG->debugdisplay)) {
                $CFG->debugdisplay = ini_get_bool('display_errors');
            }
            if ($CFG->debugdisplay) {
                if (!defined('DEBUGGING_PRINTED')) {
                    define('DEBUGGING_PRINTED', 1);
                    // indicates we have printed something
                }
                notify($message . $from, 'notifytiny');
            } else {
                trigger_error($message . $from, E_USER_NOTICE);
            }
        }
        return true;
    }
    return false;
}
Пример #16
0
/**
 * This function will check if php extensions requirements are satisfied
 *
 * @uses NO_VERSION_DATA_FOUND
 * @uses NO_PHP_SETTINGS_NAME_FOUND
 * @param string $version xml version we are going to use to test this server
 * @param int $env_select one of ENV_SELECT_NEWER | ENV_SELECT_DATAROOT | ENV_SELECT_RELEASE decide xml to use.
 * @return array array of results encapsulated in one environment_result object
 */
function environment_check_php_settings($version, $env_select)
{
    $results = array();
    /// Get the enviroment version we need
    if (!($data = get_environment_for_version($version, $env_select))) {
        /// Error. No version data found
        $result = new environment_results('php_setting');
        $result->setStatus(false);
        $result->setErrorCode(NO_VERSION_DATA_FOUND);
        $results[] = $result;
        return $results;
    }
    /// Extract the php_setting part
    if (!isset($data['#']['PHP_SETTINGS']['0']['#']['PHP_SETTING'])) {
        /// No PHP section found - ignore
        return $results;
    }
    /// Iterate over settings checking them and creating the needed environment_results
    foreach ($data['#']['PHP_SETTINGS']['0']['#']['PHP_SETTING'] as $setting) {
        $result = new environment_results('php_setting');
        /// Check for level
        $level = get_level($setting);
        $result->setLevel($level);
        /// Check for extension name
        if (!isset($setting['@']['name'])) {
            $result->setStatus(false);
            $result->setErrorCode(NO_PHP_SETTINGS_NAME_FOUND);
        } else {
            $setting_name = $setting['@']['name'];
            $setting_value = $setting['@']['value'];
            $result->setInfo($setting_name);
            if ($setting_name == 'memory_limit') {
                $current = ini_get('memory_limit');
                if ($current == -1) {
                    $result->setStatus(true);
                } else {
                    $current = get_real_size($current);
                    $minlimit = get_real_size($setting_value);
                    if ($current < $minlimit) {
                        @ini_set('memory_limit', $setting_value);
                        $current = ini_get('memory_limit');
                        $current = get_real_size($current);
                    }
                    $result->setStatus($current >= $minlimit);
                }
            } else {
                $current = ini_get_bool($setting_name);
                /// The name exists. Just check if it's an installed extension
                if ($current == $setting_value) {
                    $result->setStatus(true);
                } else {
                    $result->setStatus(false);
                }
            }
        }
        /// Do any actions defined in the XML file.
        process_environment_result($setting, $result);
        /// Add the result to the array of results
        $results[] = $result;
    }
    return $results;
}
Пример #17
0
/**
 * Standard Debugging Function
 *
 * Returns true if the current site debugging settings are equal or above specified level.
 * If passed a parameter it will emit a debugging notice similar to trigger_error(). The
 * routing of notices is controlled by $CFG->debugdisplay
 * eg use like this:
 *
 * 1)  debugging('a normal debug notice');
 * 2)  debugging('something really picky', DEBUG_ALL);
 * 3)  debugging('annoying debug message only for developers', DEBUG_DEVELOPER);
 * 4)  if (debugging()) { perform extra debugging operations (do not use print or echo) }
 *
 * In code blocks controlled by debugging() (such as example 4)
 * any output should be routed via debugging() itself, or the lower-level
 * trigger_error() or error_log(). Using echo or print will break XHTML
 * JS and HTTP headers.
 *
 * It is also possible to define NO_DEBUG_DISPLAY which redirects the message to error_log.
 *
 * @param string $message a message to print
 * @param int $level the level at which this debugging statement should show
 * @param array $backtrace use different backtrace
 * @return bool
 */
function debugging($message = '', $level = DEBUG_NORMAL, $backtrace = null)
{
    global $CFG, $USER;
    $forcedebug = false;
    if (!empty($CFG->debugusers) && $USER) {
        $debugusers = explode(',', $CFG->debugusers);
        $forcedebug = in_array($USER->id, $debugusers);
    }
    if (!$forcedebug and empty($CFG->debug) || ($CFG->debug != -1 and $CFG->debug < $level)) {
        return false;
    }
    if (!isset($CFG->debugdisplay)) {
        $CFG->debugdisplay = ini_get_bool('display_errors');
    }
    if ($message) {
        if (!$backtrace) {
            $backtrace = debug_backtrace();
        }
        $from = format_backtrace($backtrace, CLI_SCRIPT || NO_DEBUG_DISPLAY);
        if (PHPUNIT_TEST) {
            if (phpunit_util::debugging_triggered($message, $level, $from)) {
                // We are inside test, the debug message was logged.
                return true;
            }
        }
        if (NO_DEBUG_DISPLAY) {
            // Script does not want any errors or debugging in output,
            // we send the info to error log instead.
            error_log('Debugging: ' . $message . ' in ' . PHP_EOL . $from);
        } else {
            if ($forcedebug or $CFG->debugdisplay) {
                if (!defined('DEBUGGING_PRINTED')) {
                    define('DEBUGGING_PRINTED', 1);
                    // Indicates we have printed something.
                }
                if (CLI_SCRIPT) {
                    echo "++ {$message} ++\n{$from}";
                } else {
                    echo '<div class="notifytiny debuggingmessage" data-rel="debugging">', $message, $from, '</div>';
                }
            } else {
                trigger_error($message . $from, E_USER_NOTICE);
            }
        }
    }
    return true;
}
Пример #18
0
/**
 * This function expects to called during shutdown
 * should be set via register_shutdown_function()
 * in lib/setup.php .
 *
 * @return void
 */
function moodle_request_shutdown()
{
    global $CFG;
    // help apache server if possible
    $apachereleasemem = false;
    if (function_exists('apache_child_terminate') && function_exists('memory_get_usage') && ini_get_bool('child_terminate')) {
        $limit = empty($CFG->apachemaxmem) ? 64 * 1024 * 1024 : $CFG->apachemaxmem;
        //64MB default
        if (memory_get_usage() > get_real_size($limit)) {
            $apachereleasemem = $limit;
            @apache_child_terminate();
        }
    }
    // deal with perf logging
    if (defined('MDL_PERF') || (!empty($CFG->perfdebug) and $CFG->perfdebug > 7)) {
        if ($apachereleasemem) {
            error_log('Mem usage over ' . $apachereleasemem . ': marking Apache child for reaping.');
        }
        if (defined('MDL_PERFTOLOG')) {
            $perf = get_performance_info();
            error_log("PERF: " . $perf['txt']);
        }
        if (defined('MDL_PERFINC')) {
            $inc = get_included_files();
            $ts = 0;
            foreach ($inc as $f) {
                if (preg_match(':^/:', $f)) {
                    $fs = filesize($f);
                    $ts += $fs;
                    $hfs = display_size($fs);
                    error_log(substr($f, strlen($CFG->dirroot)) . " size: {$fs} ({$hfs})", NULL, NULL, 0);
                } else {
                    error_log($f, NULL, NULL, 0);
                }
            }
            if ($ts > 0) {
                $hts = display_size($ts);
                error_log("Total size of files included: {$ts} ({$hts})");
            }
        }
    }
}
Пример #19
0
function explodeping_init()
{
    global $CFG, $messages;
    // FIXME: workaround to annoying warning when is enabled open_basedir
    // restriction
    if (@ini_get('open_basedir') || !ini_get_bool('allow_url_fopen')) {
        return;
    }
    if (!($explodeservice = get_record('datalists', 'name', 'explodeservice'))) {
        ini_set('default_socket_timeout', 20);
        /*$pingvars = "pingtype=registernew";
          $pingvars .= "&url=" . urlencode($CFG->wwwroot);
          $pingvars .= "&profileurl=" . urlencode($CFG->wwwroot . "%username%");
          $pingvars .= "&name=" . urlencode($CFG->sitename);
          $pingvars .= "&rssurl=" . urlencode($CFG->wwwroot . "%username%/rss");
          $pingvars .= "&foafurl=" . urlencode($CFG->wwwroot . "%username%/foaf");*/
        //$pingresponse = file_get_contents("http://ex.plode.us/mod/searchping/elggping.php?{$pingvars}");
        /*if (user_flag_get("admin",$_SESSION['userid'])) {
              $messages[] = str_replace("&","<br />",$pingvars);
              $messages[] = $pingresponse;
          }*/
        if (!empty($pingresponse)) {
            if ($uspingresponse = unserialize($pingresponse)) {
                $datalist = new stdClass();
                $datalist->name = 'explodeservice';
                $datalist->value = $pingresponse;
                insert_record('datalists', $datalist);
            }
        }
    } else {
        $explodelastpinged = get_record('datalists', 'name', 'explodelastpinged');
        $triggertime = time() - 86400 * 7;
        if (!$explodelastpinged || $explodelastpinged->value < $triggertime) {
            //reduce likelihood of concurrent pings on a stall
            delete_records('datalists', 'name', 'explodelastpinged');
            $datalist = new stdClass();
            $datalist->name = 'explodelastpinged';
            $datalist->value = $triggertime + 600;
            insert_record('datalists', $datalist);
            ini_set('default_socket_timeout', 20);
            //don't do anything if initial connect doesn't work
            $testresponse = file_get_contents("http://ex.plode.us/mod/searchping/elggping.php");
            if ($testresponse !== false) {
                $search_sql = "SELECT u.ident, u.username, COUNT(m.ident) AS members FROM `" . $CFG->prefix . "users` u JOIN " . $CFG->prefix . "friends m ON m.owner = u.ident WHERE u.user_type = 'person' GROUP BY u.ident ORDER BY members DESC LIMIT 1";
                if ($users = get_records_sql($search_sql)) {
                    foreach ($users as $user) {
                        $username = $user->username;
                        $explodeservice = get_record_sql("select * from {$CFG->prefix}datalists where name = 'explodeservice'");
                        // ('datalists', 'name', 'explodeservice');
                        $explodeservice = unserialize($explodeservice->value);
                        $crypt_reping = sha1($explodeservice->ident . ":" . $username . ":" . $explodeservice->secretkey);
                        $pingvars = "pingtype=reping";
                        $pingvars .= "&service=" . urlencode($explodeservice->ident);
                        $pingvars .= "&crypt=" . urlencode($crypt_reping);
                        $pingvars .= "&username=" . urlencode($username);
                        //$response = file_get_contents("http://ex.plode.us/mod/searchping/elggping.php?{$pingvars}");
                    }
                }
                delete_records('datalists', 'name', 'explodelastpinged');
                $datalist = new stdClass();
                $datalist->name = 'explodelastpinged';
                $datalist->value = time();
                insert_record('datalists', $datalist);
            }
        }
    }
}
Пример #20
0
    }
}
# end install_state == 5
if (6 == $t_install_state) {
    # post install checks
    ?>
<table width="100%" bgcolor="#222222" cellpadding="10" cellspacing="1">
<tr>
	<td bgcolor="#e8e8e8" colspan="2">
		<span class="title">Checking Installation...</span>
	</td>
</tr>

<!-- Checking register_globals are off -->
<?php 
    print_test('Checking for register_globals are off for mantis', !ini_get_bool('register_globals'), false, 'change php.ini to disable register_globals setting');
    ?>

<tr>
	<td bgcolor="#ffffff">
		Attempting to connect to database as user
	</td>
	<?php 
    $g_db = ADONewConnection($f_db_type);
    $t_result = @$g_db->Connect($f_hostname, $f_db_username, $f_db_password, $f_database_name);
    if ($t_result == true) {
        print_test_result(GOOD);
    } else {
        print_test_result(BAD, false, 'Database user does not have access to the database ( ' . db_error_msg() . ' )');
    }
    if ($f_db_type == 'db2') {
Пример #21
0
/**
 * Check output buffering settings before sending file.
 * Please note you should not send any other headers after calling this function.
 *
 * @private to be called only from lib/filelib.php !
 * @return void
 */
function prepare_file_content_sending()
{
    // We needed to be able to send headers up until now
    if (headers_sent()) {
        throw new file_serving_exception('Headers already sent, can not serve file.');
    }
    $olddebug = error_reporting(0);
    // IE compatibility HACK - it does not like zlib compression much
    // there is also a problem with the length header in older PHP versions
    if (ini_get_bool('zlib.output_compression')) {
        ini_set('zlib.output_compression', 'Off');
    }
    // flush and close all buffers if possible
    while (ob_get_level()) {
        if (!ob_end_flush()) {
            // prevent infinite loop when buffer can not be closed
            break;
        }
    }
    error_reporting($olddebug);
    //NOTE: we can not reliable test headers_sent() here because
    //      the headers might be sent which trying to close the buffers,
    //      this happens especially if browser does not support gzip or deflate
}
Пример #22
0
function moodle_request_shutdown()
{
    global $CFG;
    // initially, we are only ever called under apache
    // but check just in case
    if (function_exists('apache_child_terminate') && function_exists('memory_get_usage') && ini_get_bool('child_terminate')) {
        if (empty($CFG->apachemaxmem)) {
            $CFG->apachemaxmem = 25000000;
            // default 25MiB
        }
        if (memory_get_usage() > (int) $CFG->apachemaxmem) {
            trigger_error('Mem usage over $CFG->apachemaxmem: marking child for reaping.');
            @apache_child_terminate();
        }
    }
    if (defined('MDL_PERF') || (!empty($CFG->perfdebug) and $CFG->perfdebug > 7)) {
        if (defined('MDL_PERFTOLOG')) {
            $perf = get_performance_info();
            error_log("PERF: " . $perf['txt']);
        }
        if (defined('MDL_PERFINC')) {
            $inc = get_included_files();
            $ts = 0;
            foreach ($inc as $f) {
                if (preg_match(':^/:', $f)) {
                    $fs = filesize($f);
                    $ts += $fs;
                    $hfs = display_size($fs);
                    error_log(substr($f, strlen($CFG->dirroot)) . " size: {$fs} ({$hfs})", NULL, NULL, 0);
                } else {
                    error_log($f, NULL, NULL, 0);
                }
            }
            if ($ts > 0) {
                $hts = display_size($ts);
                error_log("Total size of files included: {$ts} ({$hts})");
            }
        }
    }
}
Пример #23
0
if (PHPUNIT_TEST) {
    phpunit_util::initialise_cfg();
} else {
    initialise_cfg();
}
if (isset($CFG->debug)) {
    $CFG->debug = (int) $CFG->debug;
    error_reporting($CFG->debug);
} else {
    $CFG->debug = 0;
}
$CFG->debugdeveloper = ($CFG->debug & DEBUG_DEVELOPER) === DEBUG_DEVELOPER;
// Find out if PHP configured to display warnings,
// this is a security problem because some moodle scripts may
// disclose sensitive information.
if (ini_get_bool('display_errors')) {
    define('WARN_DISPLAY_ERRORS_ENABLED', true);
}
// If we want to display Moodle errors, then try and set PHP errors to match.
if (!isset($CFG->debugdisplay)) {
    // Keep it "as is" during installation.
} else {
    if (NO_DEBUG_DISPLAY) {
        // Some parts of Moodle cannot display errors and debug at all.
        ini_set('display_errors', '0');
        ini_set('log_errors', '1');
    } else {
        if (empty($CFG->debugdisplay)) {
            ini_set('display_errors', '0');
            ini_set('log_errors', '1');
        } else {
Пример #24
0
function FormDecode()
{
	global $HTTP_ENV_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_POST_FILES, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS;
	$superglobals = Array('_GET'=>1, '_SESSION'=>1, '_POST'=>1, '_COOKIE'=>1, '_REQUEST'=>1, '_FILES'=>1, '_SERVER'=>1, 'GLOBALS'=>1, '_ENV'=>1, 'DBSQLServerType'=>1);

	foreach($superglobals as $gl=>$t)
	{
		unset($_REQUEST[$gl]);
		unset($_GET[$gl]);
		unset($_POST[$gl]);
		unset($_COOKIE[$gl]);
	}

	$register_globals = ini_get_bool("register_globals");
	if (!$register_globals)
	{
		$HTTP_ENV_VARS = $_ENV;
		foreach($_ENV as $key => $val)
			if(!isset($superglobals[$key]))
				$GLOBALS[$key] = $val;

		$HTTP_GET_VARS = $_GET;
		foreach($_GET as $key => $val)
			if(!isset($superglobals[$key]))
				$GLOBALS[$key] = $val;

		$HTTP_POST_VARS = $_POST;
		foreach($_POST as $key => $val)
			if(!isset($superglobals[$key]))
				$GLOBALS[$key] = $val;

		$HTTP_POST_FILES = $_FILES;
		foreach($_FILES as $key => $val)
			if(!isset($superglobals[$key]))
				$GLOBALS[$key] = $val;

		$HTTP_COOKIE_VARS = $_COOKIE;
		foreach($_COOKIE as $key => $val)
			if(!isset($superglobals[$key]))
				$GLOBALS[$key] = $val;

		$HTTP_SERVER_VARS = $_SERVER;
		foreach($_SERVER as $key => $val)
			if(!isset($superglobals[$key]))
				$GLOBALS[$key] = $val;
	}
}
Пример #25
0
array_push($tests, $this_test);
// MAGIC QUOTES RUNTIME
if (ini_get_bool('magic_quotes_runtime') === true) {
    $this_val = 'enabled';
} else {
    $this_val = 'disabled';
}
$this_test = array('title' => 'PHP Magic Quotes Runtime', 'suggestion' => 'disabled', 'value' => $this_val, 'tip' => 'Automatically escapes user inputted data. Not needed when using properly coded software.');
if ($this_val != 'disabled') {
    $this_test['status'] = 'WARNING';
} else {
    $this_test['status'] = 'OK';
}
array_push($tests, $this_test);
// SAFE MODE
if (ini_get_bool('safe_mode') === true) {
    $this_val = 'enabled';
} else {
    $this_val = 'disabled';
}
$this_test = array('title' => 'PHP Safe Mode', 'suggestion' => 'disabled', 'value' => $this_val, 'tip' => 'This mode is HIGHLY discouraged and is a sign of a poorly configured host.');
if ($this_val != 'disabled') {
    $this_test['status'] = 'WARNING';
} else {
    $this_test['status'] = 'OK';
}
array_push($tests, $this_test);
// OS
$this_test = array('title' => 'Operating System', 'suggestion' => 'Linux', 'value' => PHP_OS, 'tip' => 'The server operating system running this site. Linux based systems are encouraged. Windows users may need to perform additional steps to get plugins to perform properly.');
if (PHP_OS == 'WINNT') {
    $this_test['status'] = 'WARNING';
Пример #26
0
/**
 * Returns true if the current site debugging settings are equal or above specified level.
 * If passed a parameter it will emit a debugging notice similar to trigger_error(). The
 * routing of notices is controlled by $CFG->debugdisplay
 * eg use like this:
 *
 * 1)  debugging('a normal debug notice');
 * 2)  debugging('something really picky', DEBUG_ALL);
 * 3)  debugging('annoying debug message only for develpers', DEBUG_DEVELOPER);
 * 4)  if (debugging()) { perform extra debugging operations (do not use print or echo) }
 *
 * In code blocks controlled by debugging() (such as example 4)
 * any output should be routed via debugging() itself, or the lower-level
 * trigger_error() or error_log(). Using echo or print will break XHTML
 * JS and HTTP headers.
 *
 *
 * @param string $message a message to print
 * @param int $level the level at which this debugging statement should show
 * @param array $backtrace use different backtrace
 * @return bool
 */
function debugging($message = '', $level = DEBUG_NORMAL, $backtrace = null)
{
    global $CFG;
    if (empty($CFG->debug)) {
        return false;
    }
    if ($CFG->debug >= $level) {
        if ($message) {
            if (!$backtrace) {
                $backtrace = debug_backtrace();
            }
            $from = print_backtrace($backtrace, true);
            if (!isset($CFG->debugdisplay)) {
                $CFG->debugdisplay = ini_get_bool('display_errors');
            }
            if ($CFG->debugdisplay) {
                if (!defined('DEBUGGING_PRINTED')) {
                    define('DEBUGGING_PRINTED', 1);
                    // indicates we have printed something
                }
                notify($message . $from, 'notifytiny');
            } else {
                trigger_error($message . $from, E_USER_NOTICE);
            }
        }
        return true;
    }
    return false;
}
Пример #27
0
ini_set('pcre.backtrack_limit', 20971520);
// 20 MB
// Location of standard files
$CFG->wordlist = $CFG->libdir . '/wordlist.txt';
$CFG->moddata = 'moddata';
// Create the $PAGE global.
if (!empty($CFG->moodlepageclass)) {
    $classname = $CFG->moodlepageclass;
} else {
    $classname = 'moodle_page';
}
$PAGE = new $classname();
unset($classname);
// A hack to get around magic_quotes_gpc being turned on
// It is strongly recommended to disable "magic_quotes_gpc"!
if (ini_get_bool('magic_quotes_gpc')) {
    function stripslashes_deep($value)
    {
        $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
        return $value;
    }
    $_POST = array_map('stripslashes_deep', $_POST);
    $_GET = array_map('stripslashes_deep', $_GET);
    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
    $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
    if (!empty($_SERVER['REQUEST_URI'])) {
        $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']);
    }
    if (!empty($_SERVER['QUERY_STRING'])) {
        $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']);
    }
Пример #28
0
 function exists()
 {
     return !ini_get_bool('file_uploads');
 }
Пример #29
0
/**
 * Register input functions and sanitize input
 *
 * @return void
 * @access private
 */
function input_init()
{
    // register an endpoint for live search / autocomplete.
    elgg_register_page_handler('livesearch', 'input_livesearch_page_handler');
    if (ini_get_bool('magic_quotes_gpc')) {
        /**
         * do keys as well, cos array_map ignores them
         *
         * @param array $array Array of values
         *
         * @return array Sanitized array
         */
        function stripslashes_arraykeys($array)
        {
            if (is_array($array)) {
                $array2 = array();
                foreach ($array as $key => $data) {
                    if ($key != stripslashes($key)) {
                        $array2[stripslashes($key)] = $data;
                    } else {
                        $array2[$key] = $data;
                    }
                }
                return $array2;
            } else {
                return $array;
            }
        }
        /**
         * Strip slashes on everything
         *
         * @param mixed $value The value to remove slashes from
         *
         * @return mixed
         */
        function stripslashes_deep($value)
        {
            if (is_array($value)) {
                $value = stripslashes_arraykeys($value);
                $value = array_map('stripslashes_deep', $value);
            } else {
                $value = stripslashes($value);
            }
            return $value;
        }
        $_POST = stripslashes_arraykeys($_POST);
        $_GET = stripslashes_arraykeys($_GET);
        $_COOKIE = stripslashes_arraykeys($_COOKIE);
        $_REQUEST = stripslashes_arraykeys($_REQUEST);
        $_POST = array_map('stripslashes_deep', $_POST);
        $_GET = array_map('stripslashes_deep', $_GET);
        $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
        $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
        if (!empty($_SERVER['REQUEST_URI'])) {
            $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']);
        }
        if (!empty($_SERVER['QUERY_STRING'])) {
            $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']);
        }
        if (!empty($_SERVER['HTTP_REFERER'])) {
            $_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']);
        }
        if (!empty($_SERVER['PATH_INFO'])) {
            $_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']);
        }
        if (!empty($_SERVER['PHP_SELF'])) {
            $_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']);
        }
        if (!empty($_SERVER['PATH_TRANSLATED'])) {
            $_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']);
        }
    }
}
Пример #30
0
}
if (isset($_SERVER['REDIRECT_STATUS']) && $_SERVER['REDIRECT_STATUS'] == '404' || isset($_GET["SEF_APPLICATION_CUR_PAGE_URL"])) {
    if (isset($_SERVER['REDIRECT_STATUS']) && $_SERVER['REDIRECT_STATUS'] == '404' && !isset($_GET["SEF_APPLICATION_CUR_PAGE_URL"])) {
        $url = $requestUri;
    } else {
        $url = $requestUri = $_SERVER["REQUEST_URI"] = $REQUEST_URI = is_array($_GET["SEF_APPLICATION_CUR_PAGE_URL"]) ? '' : $_GET["SEF_APPLICATION_CUR_PAGE_URL"];
        unset($_GET["SEF_APPLICATION_CUR_PAGE_URL"]);
    }
    if (($pos = strpos($url, "?")) !== false) {
        $params = substr($url, $pos + 1);
        if ($params !== false && $params !== "") {
            parse_str($params, $vars);
            unset($vars["SEF_APPLICATION_CUR_PAGE_URL"]);
            $_GET += $vars;
            $_REQUEST += $vars;
            if (ini_get_bool("register_globals")) {
                $GLOBALS += $vars;
            }
            $_SERVER["QUERY_STRING"] = $QUERY_STRING = $params;
        }
    }
    if (isset($_GET["SEF_APPLICATION_CUR_PAGE_URL"]) && (isset($_SERVER['REDIRECT_STATUS']) && $_SERVER['REDIRECT_STATUS'] == '404' || $requestUriWithoutParams != "/bitrix/urlrewrite.php")) {
        $url = $requestUri = $_SERVER["REQUEST_URI"] = $REQUEST_URI = "";
        $_GET = array();
        $_REQUEST = array();
        $_SERVER["QUERY_STRING"] = $QUERY_STRING = "";
    }
    $HTTP_GET_VARS = $_GET;
    $uriPath = GetRequestUri();
    define("POST_FORM_ACTION_URI", htmlspecialcharsbx("/bitrix/urlrewrite.php?SEF_APPLICATION_CUR_PAGE_URL=" . urlencode($uriPath)));
}