james/fembooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add core/sanitize_php.php

Browse Source 
A small number of PHP-sanity things (eg don't silently ignore errors) to
be included right at the very start of index.php and tests/bootstrap.php
This commit is contained in:
Shish 2020-06-24 14:53:36 +01:00
parent eecd35d175
commit 2197b15012
6 changed files with 86 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/database.php
View File

@ -78,7 +78,10 @@ class Database
} elseif ($db_proto === DatabaseDriver::SQLITE) {
$this->engine = new SQLite();
} else {
die('Unknown PDO driver: '.$db_proto);
die_nicely(
'Unknown PDO driver: '.$db_proto,
"Please check that this is a valid driver, installing the PHP modules if needed"
);
}
}

30
core/install.php
View File

@ -20,7 +20,7 @@ function install()
date_default_timezone_set('UTC');
if (is_readable("data/config/shimmie.conf.php")) {
exit_with_page(
die_nicely(
"Shimmie is already installed.",
"data/config/shimmie.conf.php exists, how did you get here?"
);
@ -69,7 +69,7 @@ function do_install($dsn)
create_tables(new Database($dsn));
write_config($dsn);
} catch (InstallerException $e) {
exit_with_page($e->title, $e->body, $e->code);
die_nicely($e->title, $e->body, $e->code);
}
}
@ -117,7 +117,7 @@ function ask_questions()
$warn_msg = $warnings ? "<h3>Warnings</h3>".implode("\n<p>", $warnings) : "";
$err_msg = $errors ? "<h3>Errors</h3>".implode("\n<p>", $errors) : "";
exit_with_page(
die_nicely(
"Install Options",
<<<EOD
$warn_msg
@ -304,7 +304,7 @@ function write_config($dsn)
if (file_put_contents("data/config/shimmie.conf.php", $file_content, LOCK_EX)) {
header("Location: index.php?flash=Installation%20complete");
exit_with_page(
die_nicely(
"Installation Successful",
"<p>If you aren't redirected, <a href=\"index.php\">click here to Continue</a>."
);
@ -324,25 +324,3 @@ function write_config($dsn)
);
}
}
function exit_with_page($title, $body, $code=0)
{
print("<!DOCTYPE html>
<html lang='en'>
<head>
<title>Shimmie Installer</title>
<link rel=\"shortcut icon\" href=\"ext/static_files/static/favicon.ico\">
<link rel=\"stylesheet\" href=\"ext/static_files/style.css\" type=\"text/css\">
</head>
<body>
<div id=\"installer\">
<h1>Shimmie Installer</h1>
<h3>$title</h3>
<div class=\"container\">
$body
</div>
</div>
</body>
</html>");
exit($code);
}

63
core/sanitize_php.php Normal file
View File

@ -0,0 +1,63 @@
<?php declare(strict_types=1);
/*
* A small number of PHP-sanity things (eg don't silently ignore errors) to
* be included right at the very start of index.php and tests/bootstrap.php
*/
$min_php = "7.3";
if (version_compare(phpversion(), $min_php, ">=") === false) {
print "
Shimmie does not support versions of PHP lower than $min_php
(PHP reports that it is version ".phpversion().").
If your web host is running an older version, they are dangerously out of
date and you should plan on moving elsewhere.
";
exit;
}
# ini_set('zend.assertions', '1'); // generate assertions
ini_set('assert.exception', '1'); // throw exceptions when failed
set_error_handler(function ($errNo, $errStr) {
// Should we turn ALL notices into errors? PHP allows a lot of
// terrible things to happen by default...
if (strpos($errStr, 'Use of undefined constant ') === 0) {
throw new Exception("PHP Error#$errNo: $errStr");
} else {
return false;
}
});
ob_start();
if (PHP_SAPI === 'cli' || PHP_SAPI == 'phpdbg') {
if (isset($_SERVER['REMOTE_ADDR'])) {
die("CLI with remote addr? Confused, not taking the risk.");
}
$_SERVER['REMOTE_ADDR'] = "0.0.0.0";
$_SERVER['HTTP_HOST'] = "<cli command>";
}
function die_nicely($title, $body, $code=0)
{
print("<!DOCTYPE html>
<html lang='en'>
<head>
<title>Shimmie</title>
<link rel=\"shortcut icon\" href=\"ext/static_files/static/favicon.ico\">
<link rel=\"stylesheet\" href=\"ext/static_files/style.css\" type=\"text/css\">
</head>
<body>
<div id=\"installer\">
<h1>Shimmie</h1>
<h3>$title</h3>
<div class=\"container\">
$body
</div>
</div>
</body>
</html>");
if ($code != 0) {
http_response_code(500);
}
exit($code);
}

36
core/util.php
View File

@ -554,58 +554,26 @@ function _load_theme_files()
require_all(_get_themelet_files(get_theme()));
}
function _sanitise_environment(): void
function _set_up_shimmie_environment(): void
{
global $tracer_enabled;
$min_php = "7.3";
if (version_compare(phpversion(), $min_php, ">=") === false) {
print "
Shimmie does not support versions of PHP lower than $min_php
(PHP reports that it is version ".phpversion().").
If your web host is running an older version, they are dangerously out of
date and you should plan on moving elsewhere.
";
exit;
}
if (file_exists("images") && !file_exists("data/images")) {
die("As of Shimmie 2.7 images and thumbs should be moved to data/images and data/thumbs");
die_nicely("Upgrade error", "As of Shimmie 2.7 images and thumbs should be moved to data/images and data/thumbs");
}
if (TIMEZONE) {
date_default_timezone_set(TIMEZONE);
}
# ini_set('zend.assertions', '1'); // generate assertions
ini_set('assert.exception', '1'); // throw exceptions when failed
if (DEBUG) {
error_reporting(E_ALL);
}
set_error_handler(function ($errNo, $errStr) {
// Should we turn ALL notices into errors? PHP allows a lot of
// terrible things to happen by default...
if (strpos($errStr, 'Use of undefined constant ') === 0) {
throw new Exception("PHP Error#$errNo: $errStr");
} else {
return false;
}
});
// The trace system has a certain amount of memory consumption every time it is used,
// so to prevent running out of memory during complex operations code that uses it should
// check if tracer output is enabled before making use of it.
$tracer_enabled = constant('TRACE_FILE')!==null;
ob_start();
if (PHP_SAPI === 'cli' || PHP_SAPI == 'phpdbg') {
if (isset($_SERVER['REMOTE_ADDR'])) {
die("CLI with remote addr? Confused, not taking the risk.");
}
$_SERVER['REMOTE_ADDR'] = "0.0.0.0";
$_SERVER['HTTP_HOST'] = "<cli command>";
}
}

31
index.php
View File

@ -3,31 +3,18 @@
* Make sure that shimmie is correctly installed *
\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
require_once "core/sanitize_php.php";
if (!file_exists("vendor/")) {
$cwd = getcwd();
print <<<EOD
<!DOCTYPE html>
<html lang="en">
<head>
<title>Shimmie Error</title>
<link rel="shortcut icon" href="ext/static_files/static/favicon.ico">
<link rel="stylesheet" href="ext/static_files/style.css" type="text/css">
</head>
<body>
<div id="installer">
<h1>Install Error</h1>
<h3>Shimmie is unable to find the composer <code>vendor</code> directory.</h3>
<div class="container">
die_nicely(
"Shimmie is unable to find the composer <code>vendor</code> directory.",
"
<p>To finish installing, you need to run <code>composer install</code>
in the shimmie directory (<code>$cwd</code>).</p>
<p>(If you don't have composer, <a href="https://getcomposer.org/">get it here</a>)</p>
</div>
</div>
</body>
</html>
EOD;
http_response_code(500);
exit;
<p>(If you don't have composer, <a href='https://getcomposer.org/'>get it here</a>)</p>
"
);
}
if (!file_exists("data/config/shimmie.conf.php")) {
@ -50,7 +37,7 @@ require_once "core/polyfills.php";
require_once "core/util.php";
global $cache, $config, $database, $user, $page, $_tracer;
_sanitise_environment();
_set_up_shimmie_environment();
$_tracer = new EventTracer();
$_tracer->begin("Bootstrap");
_load_core_files();

3
tests/bootstrap.php
View File

@ -3,6 +3,7 @@
use PHPUnit\Framework\TestCase;
chdir(dirname(dirname(__FILE__)));
require_once "core/sanitize_php.php";
require_once "vendor/autoload.php";
require_once "tests/defines.php";
require_once "core/sys_config.php";
@ -15,7 +16,7 @@ if (file_exists("tests/trace.json")) {
}
global $cache, $config, $database, $user, $page, $_tracer;
_sanitise_environment();
_set_up_shimmie_environment();
$tracer_enabled = true;
$_tracer = new EventTracer();
$_tracer->begin("bootstrap");