From c89ab3e93dc9b6fadb29518a47e4b32a49666729 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Mon, 18 Feb 2013 14:49:42 +0000 Subject: remove php_strip_whitespace() alternate, no longer required as php min req't ensures its always present --- lib/plugins/config/settings/config.class.php | 94 ---------------------------- 1 file changed, 94 deletions(-) (limited to 'lib/plugins/config/settings/config.class.php') diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index e5e09d8f8..427178c40 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -1083,97 +1083,3 @@ if (!class_exists('setting_multicheckbox')) { } } } - -/** - * Provide php_strip_whitespace (php5 function) functionality - * - * @author Chris Smith - */ -if (!function_exists('php_strip_whitespace')) { - - if (function_exists('token_get_all')) { - - if (!defined('T_ML_COMMENT')) { - define('T_ML_COMMENT', T_COMMENT); - } else { - define('T_DOC_COMMENT', T_ML_COMMENT); - } - - /** - * modified from original - * source Google Groups, php.general, by David Otton - */ - function php_strip_whitespace($file) { - if (!@is_readable($file)) return ''; - - $in = join('',@file($file)); - $out = ''; - - $tokens = token_get_all($in); - - foreach ($tokens as $token) { - if (is_string ($token)) { - $out .= $token; - } else { - list ($id, $text) = $token; - switch ($id) { - case T_COMMENT : // fall thru - case T_ML_COMMENT : // fall thru - case T_DOC_COMMENT : // fall thru - case T_WHITESPACE : - break; - default : $out .= $text; break; - } - } - } - return ($out); - } - - } else { - - function is_whitespace($c) { return (strpos("\t\n\r ",$c) !== false); } - function is_quote($c) { return (strpos("\"'",$c) !== false); } - function is_escaped($s,$i) { - $idx = $i-1; - while(($idx>=0) && ($s{$idx} == '\\')) $idx--; - return (($i - $idx + 1) % 2); - } - - function is_commentopen($str, $i) { - if ($str{$i} == '#') return "\n"; - if ($str{$i} == '/') { - if ($str{$i+1} == '/') return "\n"; - if ($str{$i+1} == '*') return "*/"; - } - - return false; - } - - function php_strip_whitespace($file) { - - if (!@is_readable($file)) return ''; - - $contents = join('',@file($file)); - $out = ''; - - $state = 0; - for ($i=0; $i Date: Mon, 18 Feb 2013 15:14:51 +0000 Subject: remove no longer used email pattern, validation is done by mail_* functions --- lib/plugins/config/settings/config.class.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib/plugins/config/settings/config.class.php') diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index 427178c40..ec5f73fa5 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -659,10 +659,8 @@ if (!class_exists('setting_password')) { } if (!class_exists('setting_email')) { - if (!defined('SETTING_EMAIL_PATTERN')) define('SETTING_EMAIL_PATTERN','<^'.PREG_PATTERN_VALID_EMAIL.'$>'); class setting_email extends setting_string { - var $_pattern = SETTING_EMAIL_PATTERN; // no longer required, retained for backward compatibility - FIXME, may not be necessary var $_multiple = false; var $_placeholders = false; -- cgit v1.2.3 From d110fb0d68e5a037b6db151d7bfd4881c48ccdec Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Mon, 18 Feb 2013 15:51:06 +0000 Subject: FS#2722 add settings_regex class, use it for hidepages --- lib/plugins/config/settings/config.class.php | 37 ++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'lib/plugins/config/settings/config.class.php') diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index ec5f73fa5..bbb25b695 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -1081,3 +1081,40 @@ if (!class_exists('setting_multicheckbox')) { } } } + +if (!class_exists('setting_regex')){ + class setting_regex extends setting_string { + + var $_delimiter = '/'; // regex delimiter to be used in testing input + var $_pregflags = 'ui'; // regex pattern modifiers to be used in testing input + + /** + * update changed setting with user provided value $input + * - if changed value fails error check, save it to $this->_input (to allow echoing later) + * - if changed value passes error check, set $this->_local to the new value + * + * @param mixed $input the new value + * @return boolean true if changed, false otherwise (incl. on error) + */ + function update($input) { + + // let parent do basic checks, value, not changed, etc. + $local = $this->_local; + if (!parent::update($input)) return false; + $this->_local = $local; + + // see if the regex compiles and runs (we don't check for effectiveness) + $regex = $this->_delimiter . $input . $this->_delimiter . $this->_pregflags; + $lastError = error_get_last(); + $ok = @preg_match($regex,'testdata'); + if (preg_last_error() != PREG_NO_ERROR || error_get_last() != $lastError) { + $this->_input = $input; + $this->_error = true; + return false; + } + + $this->_local = $input; + return true; + } + } +} \ No newline at end of file -- cgit v1.2.3 From d433710d8084d65218569a93034cec1e28bbeb43 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Mon, 18 Feb 2013 17:32:13 +0000 Subject: fix security caution for 'remote' setting (was 'xmlrpc') --- lib/plugins/config/settings/config.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/plugins/config/settings/config.class.php') diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index bbb25b695..f7ab6606b 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -370,7 +370,7 @@ if (!class_exists('setting')) { var $_cautionList = array( 'basedir' => 'danger', 'baseurl' => 'danger', 'savedir' => 'danger', 'cookiedir' => 'danger', 'useacl' => 'danger', 'authtype' => 'danger', 'superuser' => 'danger', 'userewrite' => 'danger', 'start' => 'warning', 'camelcase' => 'warning', 'deaccent' => 'warning', 'sepchar' => 'warning', 'compression' => 'warning', 'xsendfile' => 'warning', 'renderer_xhtml' => 'warning', 'fnencode' => 'warning', - 'allowdebug' => 'security', 'htmlok' => 'security', 'phpok' => 'security', 'iexssprotect' => 'security', 'xmlrpc' => 'security', 'fullpath' => 'security' + 'allowdebug' => 'security', 'htmlok' => 'security', 'phpok' => 'security', 'iexssprotect' => 'security', 'remote' => 'security', 'fullpath' => 'security' ); function setting($key, $params=null) { -- cgit v1.2.3 From 9dc3b8ab758eb9236e8f1933309f2bc539cf3f5e Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Mon, 18 Feb 2013 17:51:45 +0000 Subject: replace preset _cautionList property with _caution config metadata parameter, plugins can now easily set cautions on their settings --- lib/plugins/config/settings/config.class.php | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) (limited to 'lib/plugins/config/settings/config.class.php') diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index f7ab6606b..1c7d8f680 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -366,12 +366,11 @@ if (!class_exists('setting')) { var $_pattern = ''; var $_error = false; // only used by those classes which error check var $_input = null; // only used by those classes which error check + var $_caution = null; // used by any setting to provide an alert along with the setting + // valid alerts, 'warning', 'danger', 'security' + // images matching the alerts are in the plugin's images directory - var $_cautionList = array( - 'basedir' => 'danger', 'baseurl' => 'danger', 'savedir' => 'danger', 'cookiedir' => 'danger', 'useacl' => 'danger', 'authtype' => 'danger', 'superuser' => 'danger', 'userewrite' => 'danger', - 'start' => 'warning', 'camelcase' => 'warning', 'deaccent' => 'warning', 'sepchar' => 'warning', 'compression' => 'warning', 'xsendfile' => 'warning', 'renderer_xhtml' => 'warning', 'fnencode' => 'warning', - 'allowdebug' => 'security', 'htmlok' => 'security', 'phpok' => 'security', 'iexssprotect' => 'security', 'remote' => 'security', 'fullpath' => 'security' - ); + static protected $_validCautions = array('warning','danger','security'); function setting($key, $params=null) { $this->_key = $key; @@ -473,8 +472,22 @@ if (!class_exists('setting')) { function error() { return $this->_error; } function caution() { - if (!array_key_exists($this->_key, $this->_cautionList)) return false; - return $this->_cautionList[$this->_key]; + if (!empty($this->_caution)) { + if (!in_array($this->_caution, setting::$_validCautions)) { + trigger_error('Invalid caution string ('.$this->_caution.') in metadata for setting "'.$this->_key.'"', E_USER_WARNING); + return false; + } + return $this->_caution; + } + // compatibility with previous cautionList + // TODO: check if any plugins use; remove + if (!empty($this->_cautionList[$this->_key])) { + $this->_caution = $this->_cautionList[$this->_key]; + unset($this->_cautionList); + + return $this->caution(); + } + return false; } function _out_key($pretty=false,$url=false) { -- cgit v1.2.3 From 2586f61fa6012e65f30cd5e9004ea4d6dea25238 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 31 Jul 2013 19:07:29 +0200 Subject: add html5 attributes to email fields of the config manager --- lib/plugins/config/settings/config.class.php | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'lib/plugins/config/settings/config.class.php') diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index 8eb99284d..63be3a726 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -717,6 +717,29 @@ if (!class_exists('setting_email')) { $this->_local = $input; return true; } + function html(&$plugin, $echo=false) { + $value = ''; + $disable = ''; + + if ($this->is_protected()) { + $value = $this->_protected; + $disable = 'disabled="disabled"'; + } else { + if ($echo && $this->_error) { + $value = $this->_input; + } else { + $value = is_null($this->_local) ? $this->_default : $this->_local; + } + } + + $multiple = $this->_multiple ? 'multiple="multiple"' : ''; + $key = htmlspecialchars($this->_key); + $value = htmlspecialchars($value); + + $label = ''; + $input = ''; + return array($label,$input); + } } } -- cgit v1.2.3