protected function checkSanitizing($in, $expectedOut) { $offset = '/cms/'; $langDir = 'de/'; $ls = new \LinkSanitizer($offset . $langDir, $in); $this->assertEquals($expectedOut, $ls->replace()); }
/** * Get the requested Page. * * @access public */ public function getPage() { $_GET['act'] = empty($_GET['act']) ? '' : $_GET['act']; switch ($_GET['act']) { case 'lostpw': $this->showPasswordLost(); break; case 'resetpw': $this->showPasswordReset(); break; case 'verify': $this->verifyUserAccount(); break; case 'captcha': $this->getCaptcha(); break; default: $this->showLogin(); break; } $this->objTemplate->setVariable('CONTREXX_CHARSET', CONTREXX_CHARSET); $endcode = $this->objTemplate->get(); // replace links from before contrexx 3 $ls = new \LinkSanitizer(ASCMS_PATH_OFFSET . ASCMS_BACKEND_PATH . '/', $endcode); $endcode = $ls->replace(); echo $endcode; exit; }
/** * Get the requested Page. * * @access public */ public function getPage() { $_GET['act'] = empty($_GET['act']) ? '' : $_GET['act']; switch ($_GET['act']) { case 'lostpw': $this->showPasswordLost(); break; case 'resetpw': $this->showPasswordReset(); break; case 'verify': $this->verifyUserAccount(); break; case 'captcha': $this->getCaptcha(); break; default: $this->showLogin(); break; } $this->objTemplate->setVariable('CONTREXX_CHARSET', CONTREXX_CHARSET); $endcode = $this->objTemplate->get(); // replace links from before contrexx 3 $cx = \Cx\Core\Core\Controller\Cx::instanciate(); $ls = new \LinkSanitizer($cx, $cx->getCodeBaseOffsetPath() . $cx->getBackendFolderName() . '/', $endcode); $endcode = $ls->replace(); echo $endcode; exit; }
private static function __kill() { global $_CORELANG; $data = $_SERVER['REQUEST_METHOD'] == 'GET' ? $_GET : $_POST; self::add_code(); $tpl = new \Cx\Core\Html\Sigma(\Env::get('cx')->getCodeBaseCorePath() . '/Csrf/View/Template/Generic/'); $tpl->setErrorHandling(PEAR_ERROR_DIE); $tpl->loadTemplateFile('Warning.html'); $form = ''; foreach ($data as $key => $value) { if ($key == self::$formkey || $key == 'amp;' . self::$formkey || $key == '__cap') { continue; } // There *MUST NOT* be any form element with a name attribute // value of "submit" -- this will break the form's submit() method! if ($key == 'submit') { continue; } $form .= self::parseRequestParametersForForm($key, $value); } $csrfContinue = 'javascript:sendData();'; $csrfAbort = 'index.php' . (isset($_GET['cmd']) ? '?cmd=' . $_GET['cmd'] : ''); $_CORELANG['TXT_CSRF_DESCR'] = str_replace('%1$s', $csrfContinue . '" tabindex="-1', $_CORELANG['TXT_CSRF_DESCR']); $_CORELANG['TXT_CSRF_DESCR'] = str_replace('%2$s', $csrfAbort . '" tabindex="-1', $_CORELANG['TXT_CSRF_DESCR']); $action = $_SERVER['REQUEST_URI']; $tpl->setGlobalVariable(array('TXT_CSRF_TITLE' => $_CORELANG['TXT_CSRF_TITLE'], 'TXT_CSRF_DESCR' => $_CORELANG['TXT_CSRF_DESCR'], 'TXT_CSRF_CONTINUE' => $_CORELANG['TXT_CSRF_CONTINUE'], 'TXT_CSRF_ABORT' => $_CORELANG['TXT_CSRF_ABORT'], 'CSRF_CONTINUE' => $csrfContinue . '" tabindex="1', 'CSRF_ABORT' => $csrfAbort . '" tabindex="2', 'REQUEST_METHOD' => strtolower($_SERVER['REQUEST_METHOD']), 'ACTION' => $action, 'FORM_ELEMENTS' => $form, 'IMAGES_PATH' => ASCMS_ADMIN_WEB_PATH . '/images/csrfprotection')); $tpl->parse(); $endcode = $tpl->get(); // replace links from before contrexx 3 $ls = new \LinkSanitizer(ASCMS_PATH_OFFSET . ASCMS_BACKEND_PATH . '/', $endcode); $endcode = $ls->replace(); echo $endcode; die; }
/** * Save the block content * * @param array $params all given params from http request * @throws NoPermissionException * @throws NotEnoughArgumentsException * @throws BlockCouldNotBeSavedException * @return boolean true if everything finished with success */ public function saveBlockContent($params) { global $_CORELANG, $objDatabase; // security check if (!\FWUser::getFWUserObject()->objUser->login() || !\Permission::checkAccess(76, 'static', true)) { throw new NoPermissionException($_CORELANG['TXT_ACCESS_DENIED_DESCRIPTION']); } // check arguments if (empty($params['get']['block']) || empty($params['get']['lang'])) { throw new NotEnoughArgumentsException('not enough arguments'); } // get language and block id $id = intval($params['get']['block']); $lang = \FWLanguage::getLanguageIdByCode($params['get']['lang']); if (!$lang) { $lang = FRONTEND_LANG_ID; } $content = $params['post']['content']; // query to update content in database $query = "UPDATE `" . DBPREFIX . "module_block_rel_lang_content`\n SET content = '" . \contrexx_input2db($content) . "'\n WHERE\n block_id = " . $id . " AND lang_id = " . $lang; $result = $objDatabase->Execute($query); // error handling if ($result === false) { throw new BlockCouldNotBeSavedException('block could not be saved'); } \LinkGenerator::parseTemplate($content); $ls = new \LinkSanitizer(ASCMS_PATH_OFFSET . \Env::get('virtualLanguageDirectory') . '/', $content); $this->messages[] = $_CORELANG['TXT_CORE_SAVED_BLOCK']; return array('content' => $ls->replace()); }
public function getFrameXHtml() { global $_CORELANG; if (!empty($_SESSION['upload']['handlers'][$this->uploadId]['singleFileMode'])) { \ContrexxJavascript::getInstance()->setVariable('restrictUpload2SingleFile', true, "upload/widget_{$this->uploadId}"); } //JS / CSS dependencies \JS::activate('cx'); \JS::registerCSS('core_modules/Upload/css/uploaders/form/formUploader.css'); \JS::registerJS('core_modules/Upload/js/uploaders/form/formUploader.js'); $uploadPath = $this->getUploadPath('form'); $redirectUrl = ''; if ($this->isBackendRequest) { $redirectUrl = ASCMS_ADMIN_WEB_PATH . '/index.php?cmd=Upload&act=formUploaderFrameFinished&uploadId=' . $this->uploadId; } else { $url = clone \Env::get('cx')->getRequest()->getUrl(); $url->removeAllParams(); $url->setParams(array('section' => 'Upload', 'cmd' => 'formUploaderFrameFinished', 'uploadId' => $this->uploadId)); $redirectUrl = (string) $url; } $this->setRedirectUrl($redirectUrl); $tpl = new \Cx\Core\Html\Sigma(ASCMS_CORE_MODULE_PATH . '/Upload/template/uploaders'); $tpl->setErrorHandling(PEAR_ERROR_DIE); $tpl->loadTemplateFile('formFrame.html'); $tpl->setVariable('UPLOAD_URL', $uploadPath); $tpl->setVariable('INCLUDES', \JS::getCode()); $tpl->setVariable('CXJS_INIT_JS', \ContrexxJavascript::getInstance()->initJs()); $tpl->setVariable('UPLOAD_FORM_ADD', $_CORELANG['UPLOAD_FORM_ADD']); $tpl->setVariable('UPLOAD', $_CORELANG['UPLOAD']); $tpl->setVariable('UPLOAD_ID', $this->uploadId); $tpl->setVariable('MAX_FILE_SIZE', \FWSystem::getMaxUploadFileSize() - 1000); $cx = \Cx\Core\Core\Controller\Cx::instanciate(); $ls = new \LinkSanitizer($cx, $cx->getCodeBaseOffsetPath(), $tpl->get()); return $ls->replace(); }
/** * Parses the main template in order to finish request * @todo Remove usage of globals * @global type $themesPages * @global null $moduleStyleFile * @global array $_CONFIG * @global type $subMenuTitle * @global type $_CORELANG * @global type $plainCmd * @global type $cmd */ protected function finalize() { global $themesPages, $moduleStyleFile, $_CONFIG, $subMenuTitle, $_CORELANG, $plainCmd, $cmd; if ($this->mode == self::MODE_FRONTEND) { // parse system $parsingTime = $this->stopTimer(); $this->template->setVariable('PARSING_TIME', $parsingTime); $this->parseGlobalPlaceholders($themesPages['sidebar']); $this->template->setVariable(array('SIDEBAR_FILE' => $themesPages['sidebar'], 'JAVASCRIPT_FILE' => $themesPages['javascript'], 'BUILDIN_STYLE_FILE' => $themesPages['buildin_style'], 'DATE_YEAR' => date('Y'), 'DATE_MONTH' => date('m'), 'DATE_DAY' => date('d'), 'DATE_TIME' => date('H:i'), 'BUILDIN_STYLE_FILE' => $themesPages['buildin_style'], 'JAVASCRIPT_LIGHTBOX' => '<script type="text/javascript" src="lib/lightbox/javascript/mootools.js"></script> <script type="text/javascript" src="lib/lightbox/javascript/slimbox.js"></script>', 'JAVASCRIPT_MOBILE_DETECTOR' => '<script type="text/javascript" src="lib/mobiledetector.js"></script>')); if (!empty($moduleStyleFile)) { $this->template->setVariable('STYLE_FILE', "<link rel=\"stylesheet\" href=\"{$moduleStyleFile}\" type=\"text/css\" media=\"screen, projection\" />"); } if (!$this->resolvedPage->getUseSkinForAllChannels() && isset($_GET['pdfview']) && intval($_GET['pdfview']) == 1) { $pageTitle = $this->resolvedPage->getTitle(); $extenstion = empty($pageTitle) ? null : '.pdf'; $objPDF = new \Cx\Core_Modules\Pdf\Model\Entity\PdfDocument(); $objPDF->SetTitle($pageTitle . $extenstion); $objPDF->setContent($this->template->get()); $objPDF->Create(); exit; } // fetch the parsed webpage $this->template->setVariable('JAVASCRIPT', 'javascript_inserting_here'); $endcode = $this->template->get(); /** * Get all javascripts in the code, replace them with nothing, and register the js file * to the javascript lib. This is because we don't want something twice, and there could be * a theme that requires a javascript, which then could be used by a module too and therefore would * be loaded twice. */ /* Finds all uncommented script tags, strips them out of the HTML and * stores them internally so we can put them in the placeholder later * (see JS::getCode() below) */ \JS::findJavascripts($endcode); /* * Proposal: Use this * $endcode = preg_replace_callback('/<script\s.*?src=(["\'])(.*?)(\1).*?\/?>(?:<\/script>)?/i', array('JS', 'registerFromRegex'), $endcode); * and change JS::registerFromRegex to use index 2 */ // i know this is ugly, but is there another way $endcode = str_replace('javascript_inserting_here', \JS::getCode(), $endcode); // do a final replacement of all those node-urls ({NODE_<ID>_<LANG>}- placeholders) that haven't been captured earlier $endcode = preg_replace('/\\[\\[([A-Z0-9_-]+)\\]\\]/', '{\\1}', $endcode); \LinkGenerator::parseTemplate($endcode); // remove the meta tag X-UA-Compatible if the user agent ist neighter internet explorer nor chromeframe if (!preg_match('/(msie|chromeframe)/i', $_SERVER['HTTP_USER_AGENT'])) { $endcode = preg_replace('/<meta.*?X-UA-Compatible.*?>/i', '', $endcode); } // replace links from before contrexx 3 $ls = new \LinkSanitizer($this, $this->getCodeBaseOffsetPath() . \Env::get('virtualLanguageDirectory') . '/', $endcode); $this->endcode = $ls->replace(); } else { // backend meta navigation if ($this->template->blockExists('backend_metanavigation')) { // parse language navigation if ($this->template->blockExists('backend_language_navigation') && $this->template->blockExists('backend_language_navigation_item')) { $backendLanguage = \FWLanguage::getActiveBackendLanguages(); if (count($backendLanguage) > 1) { $this->template->setVariable('TXT_LANGUAGE', $_CORELANG['TXT_LANGUAGE']); foreach ($backendLanguage as $language) { $languageUrl = \Env::get('init')->getUriBy('setLang', $language['id']); $this->template->setVariable(array('LANGUAGE_URL' => contrexx_raw2xhtml($languageUrl), 'LANGUAGE_NAME' => $language['name'], 'LANGUAGE_CSS' => \Env::get('init')->getBackendLangId() == $language['id'] ? 'active' : '')); $this->template->parse('backend_language_navigation_item'); } $this->template->parse('backend_language_navigation'); } else { $this->template->hideBlock('backend_language_navigation'); } } $this->template->touchBlock('backend_metanavigation'); } // page parsing $parsingTime = $this->stopTimer(); // var_dump($parsingTime); /*echo ($finishTime[0] - $startTime[0]) . '<br />'; if (!isset($_SESSION['asdf1']) || isset($_GET['reset'])) { $_SESSION['asdf1'] = 0; $_SESSION['asdf2'] = 0; } echo $_SESSION['asdf1'] . '<br />'; if ($_SESSION['asdf1'] > 0) { echo $_SESSION['asdf2'] / $_SESSION['asdf1']; } $_SESSION['asdf1']++; $_SESSION['asdf2'] += ($finishTime[0] - $startTime[0]);//*/ $objAdminNav = new \adminMenu($plainCmd); $objAdminNav->getAdminNavbar(); $this->template->setVariable(array('SUB_MENU_TITLE' => $subMenuTitle, 'FRONTEND_LANG_MENU' => \Env::get('init')->getUserFrontendLangMenu(), 'TXT_GENERATED_IN' => $_CORELANG['TXT_GENERATED_IN'], 'TXT_SECONDS' => $_CORELANG['TXT_SECONDS'], 'TXT_LOGOUT_WARNING' => $_CORELANG['TXT_LOGOUT_WARNING'], 'PARSING_TIME' => $parsingTime, 'LOGGED_NAME' => htmlentities($this->getUser()->objUser->getProfileAttribute('firstname') . ' ' . $this->getUser()->objUser->getProfileAttribute('lastname'), ENT_QUOTES, CONTREXX_CHARSET), 'TXT_LOGGED_IN_AS' => $_CORELANG['TXT_LOGGED_IN_AS'], 'TXT_LOG_OUT' => $_CORELANG['TXT_LOG_OUT'], 'MODULE_INDEX' => MODULE_INDEX, 'JAVASCRIPT' => \JS::getCode(), 'CX_EDITION' => $_CONFIG['coreCmsEdition'], 'CX_VERSION' => $_CONFIG['coreCmsVersion'], 'CX_CODE_NAME' => $_CONFIG['coreCmsCodeName'], 'CX_STATUS' => $_CONFIG['coreCmsStatus'], 'CX_RELEASE_DATE' => date(ASCMS_DATE_FORMAT_DATE, $_CONFIG['coreCmsReleaseDate']), 'CX_NAME' => $_CONFIG['coreCmsName'])); // Style parsing if (file_exists($this->codeBaseAdminTemplatePath . '/css/' . $cmd . '.css')) { // check if there's a css file in the core section $this->template->setVariable('ADD_STYLE_URL', $this->codeBaseAdminTemplateWebPath . '/css/' . $cmd . '.css'); $this->template->parse('additional_style'); } elseif (file_exists($this->codeBaseModulePath . '/' . $cmd . '/template/backend.css')) { // of maybe in the current module directory $this->template->setVariable('ADD_STYLE_URL', $this->codeBaseModuleWebPath . '/' . $cmd . '/template/backend.css'); $this->template->parse('additional_style'); } elseif (file_exists($this->codeBaseCoreModulePath . '/' . $cmd . '/template/backend.css')) { // or in the core module directory $this->template->setVariable('ADD_STYLE_URL', $this->codeBaseCoreModuleWebPath . '/' . $cmd . '/template/backend.css'); $this->template->parse('additional_style'); } else { $this->template->hideBlock('additional_style'); } /*echo '<pre>'; print_r($_SESSION); /*echo '<b>Overall time: ' . (microtime(true) - $timeAtStart) . 's<br />'; echo 'Max RAM usage: ' . formatBytes(memory_get_peak_usage()) . '<br />'; echo 'End RAM usage: ' . formatBytes(memory_get_usage()) . '<br /></b>';*/ $endcode = $this->template->get(); // replace links from before contrexx 3 $ls = new \LinkSanitizer($this, $this->getCodeBaseOffsetPath() . $this->getBackendFolderName() . '/', $endcode); $this->endcode = $ls->replace(); } \DBG::log("(Cx: {$this->id}) Request parsing completed after {$parsingTime}"); }