diff options
| -rw-r--r-- | lib/plugins/authldap/lang/en/settings.php | 2 | ||||
| -rw-r--r-- | lib/plugins/config/settings/config.class.php | 140 | ||||
| -rw-r--r-- | lib/plugins/config/settings/config.metadata.php | 55 |
3 files changed, 80 insertions, 117 deletions
diff --git a/lib/plugins/authldap/lang/en/settings.php b/lib/plugins/authldap/lang/en/settings.php index e3f385f99..b73166ab2 100644 --- a/lib/plugins/authldap/lang/en/settings.php +++ b/lib/plugins/authldap/lang/en/settings.php @@ -20,4 +20,4 @@ $lang['debug'] = 'Display additional debug information on errors'; $lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; $lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; $lang['deref_o_2'] = 'LDAP_DEREF_FINDING'; -$lang['deref_o_3'] = 'LDAP_DEREF_ALWAYS';
\ No newline at end of file +$lang['deref_o_3'] = 'LDAP_DEREF_ALWAYS'; diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index 63be3a726..6d582ad30 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -366,12 +366,11 @@ if (!class_exists('setting')) { var $_pattern = ''; var $_error = false; // only used by those classes which error check var $_input = null; // only used by those classes which error check + var $_caution = null; // used by any setting to provide an alert along with the setting + // valid alerts, 'warning', 'danger', 'security' + // images matching the alerts are in the plugin's images directory - var $_cautionList = array( - 'basedir' => 'danger', 'baseurl' => 'danger', 'savedir' => 'danger', 'cookiedir' => 'danger', 'useacl' => 'danger', 'authtype' => 'danger', 'superuser' => 'danger', 'userewrite' => 'danger', - 'start' => 'warning', 'camelcase' => 'warning', 'deaccent' => 'warning', 'sepchar' => 'warning', 'compression' => 'warning', 'xsendfile' => 'warning', 'renderer_xhtml' => 'warning', 'fnencode' => 'warning', - 'allowdebug' => 'security', 'htmlok' => 'security', 'phpok' => 'security', 'iexssprotect' => 'security', 'remote' => 'security', 'fullpath' => 'security' - ); + static protected $_validCautions = array('warning','danger','security'); function setting($key, $params=null) { $this->_key = $key; @@ -473,8 +472,22 @@ if (!class_exists('setting')) { function error() { return $this->_error; } function caution() { - if (!array_key_exists($this->_key, $this->_cautionList)) return false; - return $this->_cautionList[$this->_key]; + if (!empty($this->_caution)) { + if (!in_array($this->_caution, setting::$_validCautions)) { + trigger_error('Invalid caution string ('.$this->_caution.') in metadata for setting "'.$this->_key.'"', E_USER_WARNING); + return false; + } + return $this->_caution; + } + // compatibility with previous cautionList + // TODO: check if any plugins use; remove + if (!empty($this->_cautionList[$this->_key])) { + $this->_caution = $this->_cautionList[$this->_key]; + unset($this->_cautionList); + + return $this->caution(); + } + return false; } function _out_key($pretty=false,$url=false) { @@ -659,10 +672,8 @@ if (!class_exists('setting_password')) { } if (!class_exists('setting_email')) { - if (!defined('SETTING_EMAIL_PATTERN')) define('SETTING_EMAIL_PATTERN','<^'.PREG_PATTERN_VALID_EMAIL.'$>'); class setting_email extends setting_string { - var $_pattern = SETTING_EMAIL_PATTERN; // no longer required, retained for backward compatibility - FIXME, may not be necessary var $_multiple = false; var $_placeholders = false; @@ -1107,96 +1118,39 @@ if (!class_exists('setting_multicheckbox')) { } } -/** - * Provide php_strip_whitespace (php5 function) functionality - * - * @author Chris Smith <chris@jalakai.co.uk> - */ -if (!function_exists('php_strip_whitespace')) { - - if (function_exists('token_get_all')) { - - if (!defined('T_ML_COMMENT')) { - define('T_ML_COMMENT', T_COMMENT); - } else { - define('T_DOC_COMMENT', T_ML_COMMENT); - } +if (!class_exists('setting_regex')){ + class setting_regex extends setting_string { - /** - * modified from original - * source Google Groups, php.general, by David Otton - */ - function php_strip_whitespace($file) { - if (!@is_readable($file)) return ''; + var $_delimiter = '/'; // regex delimiter to be used in testing input + var $_pregflags = 'ui'; // regex pattern modifiers to be used in testing input - $in = join('',@file($file)); - $out = ''; + /** + * update changed setting with user provided value $input + * - if changed value fails error check, save it to $this->_input (to allow echoing later) + * - if changed value passes error check, set $this->_local to the new value + * + * @param mixed $input the new value + * @return boolean true if changed, false otherwise (incl. on error) + */ + function update($input) { - $tokens = token_get_all($in); + // let parent do basic checks, value, not changed, etc. + $local = $this->_local; + if (!parent::update($input)) return false; + $this->_local = $local; - foreach ($tokens as $token) { - if (is_string ($token)) { - $out .= $token; - } else { - list ($id, $text) = $token; - switch ($id) { - case T_COMMENT : // fall thru - case T_ML_COMMENT : // fall thru - case T_DOC_COMMENT : // fall thru - case T_WHITESPACE : - break; - default : $out .= $text; break; + // see if the regex compiles and runs (we don't check for effectiveness) + $regex = $this->_delimiter . $input . $this->_delimiter . $this->_pregflags; + $lastError = error_get_last(); + $ok = @preg_match($regex,'testdata'); + if (preg_last_error() != PREG_NO_ERROR || error_get_last() != $lastError) { + $this->_input = $input; + $this->_error = true; + return false; } - } - } - return ($out); - } - - } else { - - function is_whitespace($c) { return (strpos("\t\n\r ",$c) !== false); } - function is_quote($c) { return (strpos("\"'",$c) !== false); } - function is_escaped($s,$i) { - $idx = $i-1; - while(($idx>=0) && ($s{$idx} == '\\')) $idx--; - return (($i - $idx + 1) % 2); - } - - function is_commentopen($str, $i) { - if ($str{$i} == '#') return "\n"; - if ($str{$i} == '/') { - if ($str{$i+1} == '/') return "\n"; - if ($str{$i+1} == '*') return "*/"; - } - - return false; - } - - function php_strip_whitespace($file) { - - if (!@is_readable($file)) return ''; - $contents = join('',@file($file)); - $out = ''; - - $state = 0; - for ($i=0; $i<strlen($contents); $i++) { - if (!$state && is_whitespace($contents{$i})) continue; - - if (!$state && ($c_close = is_commentopen($contents, $i))) { - $c_open_len = ($contents{$i} == '/') ? 2 : 1; - $i = strpos($contents, $c_close, $i+$c_open_len)+strlen($c_close)-1; - continue; - } - - $out .= $contents{$i}; - if (is_quote($contents{$i})) { - if (($state == $contents{$i}) && !is_escaped($contents, $i)) { $state = 0; continue; } - if (!$state) {$state = $contents{$i}; continue; } - } + $this->_local = $input; + return true; } - - return $out; } - } } diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index 5d9b049a4..f4c2ed265 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -34,6 +34,9 @@ * 'array' - a simple (one dimensional) array of string values, shown as comma separated list in the * config manager but saved as PHP array(). Values may not contain commas themselves. * _pattern matching on the array values supported. + * 'regex' - regular expression string, normally without delimiters; as for string, in addition tested + * to see if will compile & run as a regex. in addition to _pattern, also accepts _delimiter + * (default '/') and _pregflags (default 'ui') * * Single Setting (source: settings/extra.class.php) * ------------------------------------------------- @@ -43,10 +46,13 @@ * 'im_convert' - as 'setting', input must exist and be an im_convert module * 'disableactions' - as 'setting' * 'compression' - no additional parameters. checks php installation supports possible compression alternatives + * 'licence' - as multichoice, selection constructed from licence strings in language files + * 'renderer' - as multichoice, selection constructed from enabled renderer plugins which canRender() * * Any setting commented or missing will use 'setting' class - text input, minimal validation, quoted output * * Defined parameters: + * '_caution' - no value (default) or 'warning', 'danger', 'security'. display an alert along with the setting * '_pattern' - string, a preg pattern. input is tested against this pattern before being accepted * optional all classes, except onoff & multichoice which ignore it * '_choices' - array of choices. used to populate a selection box. choice will be replaced by a localised @@ -59,6 +65,9 @@ * '_code' - encoding method to use, accepted values: 'base64','uuencode','plain'. defaults to plain. * '_min' - minimum numeric value, optional for 'numeric' and 'numericopt', ignored by others * '_max' - maximum numeric value, optional for 'numeric' and 'numericopt', ignored by others + * '_delimiter' - string, default '/', a single character used as a delimiter for testing regex input values + * '_pregflags' - string, default 'ui', valid preg pattern modifiers used when testing regex input values, for more + * information see http://uk1.php.net/manual/en/reference.pcre.pattern.modifiers.php * '_multiple' - bool, allow multiple comma separated email values; optional for 'email', ignored by others * * @author Chris Smith <chris@jalakai.co.uk> @@ -83,26 +92,26 @@ $config['heading'] = 'Dokuwiki\'s Main Configuration File - Local Settings'; $meta['_basic'] = array('fieldset'); $meta['title'] = array('string'); -$meta['start'] = array('string','_pattern' => '!^[^:;/]+$!'); // don't accept namespaces +$meta['start'] = array('string','_caution' => 'warning','_pattern' => '!^[^:;/]+$!'); // don't accept namespaces $meta['lang'] = array('dirchoice','_dir' => DOKU_INC.'inc/lang/'); $meta['template'] = array('dirchoice','_dir' => DOKU_INC.'lib/tpl/','_pattern' => '/^[\w-]+$/'); $meta['tagline'] = array('string'); $meta['sidebar'] = array('string'); $meta['license'] = array('license'); -$meta['savedir'] = array('savedir'); -$meta['basedir'] = array('string'); -$meta['baseurl'] = array('string'); -$meta['cookiedir'] = array('string'); +$meta['savedir'] = array('savedir','_caution' => 'danger'); +$meta['basedir'] = array('string','_caution' => 'danger'); +$meta['baseurl'] = array('string','_caution' => 'danger'); +$meta['cookiedir'] = array('string','_caution' => 'danger'); $meta['dmode'] = array('numeric','_pattern' => '/0[0-7]{3,4}/'); // only accept octal representation $meta['fmode'] = array('numeric','_pattern' => '/0[0-7]{3,4}/'); // only accept octal representation -$meta['allowdebug'] = array('onoff'); +$meta['allowdebug'] = array('onoff','_caution' => 'security'); $meta['_display'] = array('fieldset'); $meta['recent'] = array('numeric'); $meta['recent_days'] = array('numeric'); $meta['breadcrumbs'] = array('numeric','_min' => 0); $meta['youarehere'] = array('onoff'); -$meta['fullpath'] = array('onoff'); +$meta['fullpath'] = array('onoff','_caution' => 'security'); $meta['typography'] = array('multichoice','_choices' => array(0,1,2)); $meta['dformat'] = array('string'); $meta['signature'] = array('string'); @@ -111,19 +120,19 @@ $meta['toptoclevel'] = array('multichoice','_choices' => array(1,2,3,4,5)); // $meta['tocminheads'] = array('multichoice','_choices' => array(0,1,2,3,4,5,10,15,20)); $meta['maxtoclevel'] = array('multichoice','_choices' => array(0,1,2,3,4,5)); $meta['maxseclevel'] = array('multichoice','_choices' => array(0,1,2,3,4,5)); // 0 for no sec edit buttons -$meta['camelcase'] = array('onoff'); -$meta['deaccent'] = array('multichoice','_choices' => array(0,1,2)); +$meta['camelcase'] = array('onoff','_caution' => 'warning'); +$meta['deaccent'] = array('multichoice','_choices' => array(0,1,2),'_caution' => 'warning'); $meta['useheading'] = array('multichoice','_choices' => array(0,'navigation','content',1)); $meta['sneaky_index'] = array('onoff'); -$meta['hidepages'] = array('string'); +$meta['hidepages'] = array('regex'); $meta['_authentication'] = array('fieldset'); -$meta['useacl'] = array('onoff'); +$meta['useacl'] = array('onoff','_caution' => 'danger'); $meta['autopasswd'] = array('onoff'); -$meta['authtype'] = array('authtype'); +$meta['authtype'] = array('authtype','_caution' => 'danger'); $meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5','mediawiki','bcrypt','djangomd5','djangosha1','sha512')); $meta['defaultgroup']= array('string'); -$meta['superuser'] = array('string'); +$meta['superuser'] = array('string','_caution' => 'danger'); $meta['manager'] = array('string'); $meta['profileconfirm'] = array('onoff'); $meta['rememberme'] = array('onoff'); @@ -132,7 +141,7 @@ $meta['disableactions'] = array('disableactions', '_combine' => array('subscription' => array('subscribe','unsubscribe'), 'wikicode' => array('source','export_raw'))); $meta['auth_security_timeout'] = array('numeric'); $meta['securecookie'] = array('onoff'); -$meta['remote'] = array('onoff'); +$meta['remote'] = array('onoff','_caution' => 'security'); $meta['remoteuser'] = array('string'); $meta['_anti_spam'] = array('fieldset'); @@ -140,12 +149,12 @@ $meta['usewordblock']= array('onoff'); $meta['relnofollow'] = array('onoff'); $meta['indexdelay'] = array('numeric'); $meta['mailguard'] = array('multichoice','_choices' => array('visible','hex','none')); -$meta['iexssprotect']= array('onoff'); +$meta['iexssprotect']= array('onoff','_caution' => 'security'); $meta['_editing'] = array('fieldset'); $meta['usedraft'] = array('onoff'); -$meta['htmlok'] = array('onoff'); -$meta['phpok'] = array('onoff'); +$meta['htmlok'] = array('onoff','_caution' => 'security'); +$meta['phpok'] = array('onoff','_caution' => 'security'); $meta['locktime'] = array('numeric'); $meta['cachetime'] = array('numeric'); @@ -184,20 +193,20 @@ $meta['rss_show_summary'] = array('onoff'); $meta['_advanced'] = array('fieldset'); $meta['updatecheck'] = array('onoff'); -$meta['userewrite'] = array('multichoice','_choices' => array(0,1,2)); +$meta['userewrite'] = array('multichoice','_choices' => array(0,1,2),'_caution' => 'danger'); $meta['useslash'] = array('onoff'); -$meta['sepchar'] = array('sepchar'); +$meta['sepchar'] = array('sepchar','_caution' => 'warning'); $meta['canonical'] = array('onoff'); -$meta['fnencode'] = array('multichoice','_choices' => array('url','safe','utf-8')); +$meta['fnencode'] = array('multichoice','_choices' => array('url','safe','utf-8'),'_caution' => 'warning'); $meta['autoplural'] = array('onoff'); $meta['compress'] = array('onoff'); $meta['cssdatauri'] = array('numeric','_pattern' => '/^\d+$/'); $meta['gzip_output'] = array('onoff'); $meta['send404'] = array('onoff'); -$meta['compression'] = array('compression'); +$meta['compression'] = array('compression','_caution' => 'warning'); $meta['broken_iua'] = array('onoff'); -$meta['xsendfile'] = array('multichoice','_choices' => array(0,1,2,3)); -$meta['renderer_xhtml'] = array('renderer','_format' => 'xhtml','_choices' => array('xhtml')); +$meta['xsendfile'] = array('multichoice','_choices' => array(0,1,2,3),'_caution' => 'warning'); +$meta['renderer_xhtml'] = array('renderer','_format' => 'xhtml','_choices' => array('xhtml'),'_caution' => 'warning'); $meta['readdircache'] = array('numeric'); $meta['_network'] = array('fieldset'); |