<?php
require_once "lib/recaptchalib.php";
require_once "lib/securimage/securimage.php";
require_once "lib/context.php";
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
* Input / Output Sanitising *
\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/**
* Make some data safe for printing into HTML
*
* @param $input
* @return string
*/
function html_escape($input) {
return htmlentities($input, ENT_QUOTES, "UTF-8");
}
/**
* Make sure some data is safe to be used in integer context
*
* @param $input
* @return int
*/
function int_escape($input) {
/*
Side note, Casting to an integer is FASTER than using intval.
http://hakre.wordpress.com/2010/05/13/php-casting-vs-intval/
*/
return (int)$input;
}
/**
* Make sure some data is safe to be used in URL context
*
* @param $input
* @return string
*/
function url_escape($input) {
/*
Shish: I have a feeling that these three lines are important, possibly for searching for tags with slashes in them like fate/stay_night
green-ponies: indeed~
$input = str_replace('^', '^^', $input);
$input = str_replace('/', '^s', $input);
$input = str_replace('\\', '^b', $input);
/* The function idn_to_ascii is used to support Unicode domains / URLs as well.
See here for more: http://php.net/manual/en/function.filter-var.php
However, it is only supported by PHP version 5.3 and up
if (function_exists('idn_to_ascii')) {
return filter_var(idn_to_ascii($input), FILTER_SANITIZE_URL);
} else {
return filter_var($input, FILTER_SANITIZE_URL);
}
*/
if(is_null($input)) {
return "";
}
$input = str_replace('^', '^^', $input);
$input = str_replace('/', '^s', $input);
$input = str_replace('\\', '^b', $input);
$input = rawurlencode($input);
return $input;
}
/**
* Make sure some data is safe to be used in SQL context
*
* @param $input
* @return string
*/
function sql_escape($input) {
global $database;
return $database->escape($input);
}
/**
* Turn all manner of HTML / INI / JS / DB booleans into a PHP one
*
* @param $input
* @return boolean
*/
function bool_escape($input) {
/*
Sometimes, I don't like PHP -- this, is one of those times...
"a boolean FALSE is not considered a valid boolean value by this function."
Yay for Got'chas!
http://php.net/manual/en/filter.filters.validate.php
*/
if (is_bool($input)) {
return $input;
} else if (is_numeric($input)) {
return ($input === 1);
} else {
$value = filter_var($input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
if (!is_null($value)) {
return $value;
} else {
$input = strtolower( trim($input) );
return (
$input === "y" ||
$input === "yes" ||
$input === "t" ||
$input === "true" ||
$input === "on" ||
$input === "1"
);
}
}
}
/**
* Some functions require a callback function for escaping,
* but we might not want to alter the data
*
* @param $input
* @return string
*/
function no_escape($input) {
return $input;
}
/**
* @param string $name
* @param array $attrs
* @param array $children
* @return string
*/
function xml_tag($name, $attrs=array(), $children=array()) {
$xml = "<$name ";
foreach($attrs as $k => $v) {
$xv = str_replace(''', ''', htmlspecialchars($v, ENT_QUOTES));
$xml .= "$k=\"$xv\" ";
}
if(count($children) > 0) {
$xml .= ">\n";
foreach($children as $child) {
$xml .= xml_tag($child);
}
$xml .= "</$name>\n";
}
else {
$xml .= "/>\n";
}
return $xml;
}
// Original PHP code by Chirp Internet: www.chirp.com.au
// Please acknowledge use of this code by including this header.
function truncate($string, $limit, $break=" ", $pad="...") {
// return with no change if string is shorter than $limit
if(strlen($string) <= $limit) return $string;
// is $break present between $limit and the end of the string?
if(false !== ($breakpoint = strpos($string, $break, $limit))) {
if($breakpoint < strlen($string) - 1) {
$string = substr($string, 0, $breakpoint) . $pad;
}
}
return $string;
}
/**
* Turn a human readable filesize into an integer, eg 1KB -> 1024
*
* @param $limit
* @return int
*/
function parse_shorthand_int($limit) {
if(is_numeric($limit)) {
return (int)$limit;
}
if(preg_match('/^([\d\.]+)([gmk])?b?$/i', (string)$limit, $m)) {
$value = $m[1];
if (isset($m[2])) {
switch(strtolower($m[2])) {
/** @noinspection PhpMissingBreakStatementInspection */
case 'g': $value *= 1024; // fall through
/** @noinspection PhpMissingBreakStatementInspection */
case 'm': $value *= 1024; // fall through
/** @noinspection PhpMissingBreakStatementInspection */
case 'k': $value *= 1024; break;
default: $value = -1;
}
}
return (int)$value;
} else {
return -1;
}
}
/**
* Turn an integer into a human readable filesize, eg 1024 -> 1KB
*
* @param $int
* @return string
*/
function to_shorthand_int($int) {
if($int >= pow(1024, 3)) {
return sprintf("%.1fGB", $int / pow(1024, 3));
}
else if($int >= pow(1024, 2)) {
return sprintf("%.1fMB", $int / pow(1024, 2));
}
else if($int >= 1024) {
return sprintf("%.1fKB", $int / 1024);
}
else {
return (string)$int;
}
}
/**
* Turn a date into a time, a date, an "X minutes ago...", etc
*
* @param $date
* @param bool $html
* @return string
*/
function autodate($date, $html=true) {
$cpu = date('c', strtotime($date));
$hum = date('F j, Y; H:i', strtotime($date));
return ($html ? "<time datetime='$cpu'>$hum</time>" : $hum);
}
/**
* Check if a given string is a valid date-time. ( Format: yyyy-mm-dd hh:mm:ss )
*
* @param $dateTime
* @return boolean
*/
function isValidDateTime($dateTime) {
if (preg_match("/^(\d{4})-(\d{2})-(\d{2}) ([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$/", $dateTime, $matches)) {
if (checkdate($matches[2], $matches[3], $matches[1])) {
return true;
}
}
return false;
}
/**
* Check if a given string is a valid date. ( Format: yyyy-mm-dd )
*
* @param $date
* @return boolean
*/
function isValidDate($date) {
if (preg_match("/^(\d{4})-(\d{2})-(\d{2})$/", $date, $matches)) {
// checkdate wants (month, day, year)
if (checkdate($matches[2], $matches[3], $matches[1])) {
return true;
}
}
return false;
}
/**
* Give a HTML string which shows an IP (if the user is allowed to see IPs),
* and a link to ban that IP (if the user is allowed to ban IPs)
*
* FIXME: also check that IP ban ext is installed
*
* @param $ip
* @param $ban_reason
* @return string
*/
function show_ip($ip, $ban_reason) {
global $user;
$u_reason = url_escape($ban_reason);
$u_end = url_escape("+1 week");
$ban = $user->can("ban_ip") ? ", <a href='".make_link("ip_ban/list", "ip=$ip&reason=$u_reason&end=$u_end#add")."'>Ban</a>" : "";
$ip = $user->can("view_ip") ? $ip.$ban : "";
return $ip;
}
/**
* Checks if a given string contains another at the beginning.
*
* @param $haystack String to examine.
* @param $needle String to look for.
* @return bool
*/
function startsWith(/*string*/ $haystack, /*string*/ $needle) {
$length = strlen($needle);
return (substr($haystack, 0, $length) === $needle);
}
/**
* Checks if a given string contains another at the end.
*
* @param $haystack String to examine.
* @param $needle String to look for.
* @return bool
*/
function endsWith(/*string*/ $haystack, /*string*/ $needle) {
$length = strlen($needle);
$start = $length * -1; //negative
return (substr($haystack, $start) === $needle);
}
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
* HTML Generation *
\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/**
* Figure out the correct way to link to a page, taking into account
* things like the nice URLs setting.
*
* eg make_link("post/list") becomes "/v2/index.php?q=post/list"
*
* @param null|string $page
* @param null|string $query
* @return string
*/
function make_link($page=null, $query=null) {
global $config;
if(is_null($page)) $page = $config->get_string('main_page');
if(NICE_URLS || $config->get_bool('nice_urls', false)) {
#$full = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"];
$full = $_SERVER["PHP_SELF"];
$base = str_replace('/'.basename($_SERVER["SCRIPT_FILENAME"]), "", $full);
}
else {
$base = "./".basename($_SERVER["SCRIPT_FILENAME"])."?q=";
}
if(is_null($query)) {
return str_replace("//", "/", $base.'/'.$page );
}
else {
if(strpos($base, "?")) {
return $base .'/'. $page .'&'. $query;
}
else if(strpos($query, "#") === 0) {
return $base .'/'. $page . $query;
}
else {
return $base .'/'. $page .'?'. $query;
}
}
}
/**
* Take the current URL and modify some parameters
*
* @param $changes
* @return string
*/
function modify_current_url($changes) {
return modify_url($_SERVER['QUERY_STRING'], $changes);
}
function modify_url($url, $changes) {
// SHIT: PHP is officially the worst web API ever because it does not
// have a built-in function to do this.
// SHIT: parse_str is magically retarded; not only is it a useless name, it also
// didn't return the parsed array, preferring to overwrite global variables with
// whatever data the user supplied. Thankfully, 4.0.3 added an extra option to
// give it an array to use...
$params = array();
parse_str($url, $params);
if(isset($changes['q'])) {
$base = $changes['q'];
unset($changes['q']);
}
else {
$base = $_GET['q'];
}
if(isset($params['q'])) {
unset($params['q']);
}
foreach($changes as $k => $v) {
if(is_null($v) and isset($params[$k])) unset($params[$k]);
$params[$k] = $v;
}
return make_link($base, http_build_query($params));
}
/**
* Turn a relative link into an absolute one, including hostname
*
* @param string $link
* @return string
*/
function make_http(/*string*/ $link) {
if(strpos($link, "ttp://") > 0) return $link;
if(strlen($link) > 0 && $link[0] != '/') $link = get_base_href().'/'.$link;
$link = "http://".$_SERVER["HTTP_HOST"].$link;
$link = str_replace("/./", "/", $link);
return $link;
}
/**
* Make a form tag with relevant auth token and stuff
*
* @param string $target
* @param string $method
* @param bool $multipart
* @param string $form_id
* @param string $onsubmit
*
* @return string
*/
function make_form($target, $method="POST", $multipart=False, $form_id="", $onsubmit="") {
global $user;
$auth = $user->get_auth_html();
$extra = empty($form_id) ? '' : 'id="'. $form_id .'"';
if($multipart) {
$extra .= " enctype='multipart/form-data'";
}
if($onsubmit) {
$extra .= ' onsubmit="'.$onsubmit.'"';
}
return '<form action="'.$target.'" method="'.$method.'" '.$extra.'>'.$auth;
}
/**
* @param string $file The filename
* @return string
*/
function mtimefile($file) {
$data_href = get_base_href();
$mtime = filemtime($file);
return "$data_href/$file?$mtime";
}
/**
* Return the current theme as a string
*
* @return string
*/
function get_theme() {
global $config;
$theme = $config->get_string("theme", "default");
if(!file_exists("themes/$theme")) $theme = "default";
return $theme;
}
/**
* Like glob, with support for matching very long patterns with braces.
*
* @param string $pattern
* @return array
*/
function zglob($pattern) {
$results = array();
if(preg_match('/(.*)\{(.*)\}(.*)/', $pattern, $matches)) {
$braced = explode(",", $matches[2]);
foreach($braced as $b) {
$sub_pattern = $matches[1].$b.$matches[3];
$results = array_merge($results, zglob($sub_pattern));
}
return $results;
}
else {
$r = glob($pattern);
if($r) return $r;
else return array();
}
}
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
* CAPTCHA abstraction *
\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/**
* @return string
*/
function captcha_get_html() {
global $config, $user;
if(DEBUG && ip_in_range($_SERVER['REMOTE_ADDR'], "127.0.0.0/8")) return "";
$captcha = "";
if($user->is_anonymous() && $config->get_bool("comment_captcha")) {
$r_publickey = $config->get_string("api_recaptcha_pubkey");
if(!empty($r_publickey)) {
$captcha = recaptcha_get_html($r_publickey);
}
else {
session_start();
//$securimg = new Securimage();
$base = get_base_href();
$captcha = "<br/><img src='$base/lib/securimage/securimage_show.php?sid=". md5(uniqid(time())) ."'>".
"<br/>CAPTCHA: <input type='text' name='code' value='' />";
}
}
return $captcha;
}
/**
* @return bool
*/
function captcha_check() {
global $config, $user;
if(DEBUG && ip_in_range($_SERVER['REMOTE_ADDR'], "127.0.0.0/8")) return true;
if($user->is_anonymous() && $config->get_bool("comment_captcha")) {
$r_privatekey = $config->get_string('api_recaptcha_privkey');
if(!empty($r_privatekey)) {
$resp = recaptcha_check_answer(
$r_privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]
);
if(!$resp->is_valid) {
log_info("core", "Captcha failed (ReCaptcha): " . $resp->error);
return false;
}
}
else {
session_start();
$securimg = new Securimage();
if($securimg->check($_POST['code']) == false) {
log_info("core", "Captcha failed (Securimage)");
return false;
}
}
}
return true;
}
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
* Misc *
\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/**
* Get MIME type for file
*
* The contents of this function are taken from the __getMimeType() function
* from the "Amazon S3 PHP class" which is Copyright (c) 2008, Donovan Schönknecht
* and released under the 'Simplified BSD License'.
*
* @internal Used to get mime types
* @param string &$file File path
* @param string $ext
* @param bool $list
* @return string
*/
function getMimeType($file, $ext="", $list=false) {
// Static extension lookup
$ext = strtolower($ext);
static $exts = array(
'jpg' => 'image/jpeg', 'gif' => 'image/gif', 'png' => 'image/png',
'tif' => 'image/tiff', 'tiff' => 'image/tiff', 'ico' => 'image/x-icon',
'swf' => 'application/x-shockwave-flash', 'video/x-flv' => 'flv',
'svg' => 'image/svg+xml', 'pdf' => 'application/pdf',
'zip' => 'application/zip', 'gz' => 'application/x-gzip',
'tar' => 'application/x-tar', 'bz' => 'application/x-bzip',
'bz2' => 'application/x-bzip2', 'txt' => 'text/plain',
'asc' => 'text/plain', 'htm' => 'text/html', 'html' => 'text/html',
'css' => 'text/css', 'js' => 'text/javascript',
'xml' => 'text/xml', 'xsl' => 'application/xsl+xml',
'ogg' => 'application/ogg', 'mp3' => 'audio/mpeg', 'wav' => 'audio/x-wav',
'avi' => 'video/x-msvideo', 'mpg' => 'video/mpeg', 'mpeg' => 'video/mpeg',
'mov' => 'video/quicktime', 'flv' => 'video/x-flv', 'php' => 'text/x-php',
'mp4' => 'video/mp4', 'ogv' => 'video/ogg', 'webm' => 'video/webm'
);
if ($list == true){ return $exts; }
if (isset($exts[$ext])) { return $exts[$ext]; }
$type = false;
// Fileinfo documentation says fileinfo_open() will use the
// MAGIC env var for the magic file
if (extension_loaded('fileinfo') && isset($_ENV['MAGIC']) &&
($finfo = finfo_open(FILEINFO_MIME, $_ENV['MAGIC'])) !== false)
{
if (($type = finfo_file($finfo, $file)) !== false)
{
// Remove the charset and grab the last content-type
$type = explode(' ', str_replace('; charset=', ';charset=', $type));
$type = array_pop($type);
$type = explode(';', $type);
$type = trim(array_shift($type));
}
finfo_close($finfo);
// If anyone is still using mime_content_type()
} elseif (function_exists('mime_content_type'))
$type = trim(mime_content_type($file));
if ($type !== false && strlen($type) > 0) return $type;
return 'application/octet-stream';
}
/**
* @param string $mime_type
* @return bool|string
*/
function getExtension ($mime_type){
if(empty($mime_type)){
return false;
}
$extensions = getMimeType(null, null, true);
$ext = array_search($mime_type, $extensions);
return ($ext ? $ext : false);
}
/**
* @private
*/
function _version_check() {
$min_version = "5.3.7";
if(version_compare(PHP_VERSION, $min_version) == -1) {
print "
Currently SCore Engine doesn't support versions of PHP lower than $min_version --
if your web host is running an older version, they are dangerously out of
date and you should plan on moving elsewhere.
";
exit;
}
}
/**
* @private
*/
function is_cli() {
return (PHP_SAPI === 'cli');
}
$_execs = 0;
/**
* $db is the connection object
*
* @private
*/
function _count_execs($db, $sql, $inputarray) {
global $_execs;
if ((defined(DEBUG_SQL) && DEBUG_SQL === true) || (!defined(DEBUG_SQL) && @$_GET['DEBUG_SQL'])) {
$fp = @fopen("data/sql.log", "a");
if($fp) {
if(isset($inputarray) && is_array($inputarray)) {
fwrite($fp, preg_replace('/\s+/msi', ' ', $sql)." -- ".join(", ", $inputarray)."\n");
}
else {
fwrite($fp, preg_replace('/\s+/msi', ' ', $sql)."\n");
}
fclose($fp);
}
else {
# WARNING:
# SQL queries happen before the event system is fully initialised
# (eg, "select theme from config" happens before "load themes"),
# so using the event system to report an error will create some
# really weird looking bugs.
#
#log_error("core", "failed to open sql.log for appending");
}
}
if (!is_array($inputarray)) $_execs++;
# handle 2-dimensional input arrays
else if (is_array(reset($inputarray))) $_execs += sizeof($inputarray);
else $_execs++;
# in PHP4.4 and PHP5, we need to return a value by reference
$null = null; return $null;
}
/**
* Compare two Block objects, used to sort them before being displayed
*
* @param Block $a
* @param Block $b
* @return int
*/
function blockcmp(Block $a, Block $b) {
if($a->position == $b->position) {
return 0;
}
else {
return ($a->position > $b->position);
}
}
/**
* Figure out PHP's internal memory limit
*
* @return int
*/
function get_memory_limit() {
global $config;
// thumbnail generation requires lots of memory
$default_limit = 8*1024*1024; // 8 MB of memory is PHP's default.
$shimmie_limit = parse_shorthand_int($config->get_int("thumb_mem_limit"));
if($shimmie_limit < 3*1024*1024) {
// we aren't going to fit, override
$shimmie_limit = $default_limit;
}
/*
Get PHP's configured memory limit.
Note that this is set to -1 for NO memory limit.
http://ca2.php.net/manual/en/ini.core.php#ini.memory-limit
*/
$memory = parse_shorthand_int(ini_get("memory_limit"));
if($memory == -1) {
// No memory limit.
// Return the larger of the set limits.
return max($shimmie_limit, $default_limit);
}
else {
// PHP has a memory limit set.
if ($shimmie_limit > $memory) {
// Shimmie wants more memory than what PHP is currently set for.
// Attempt to set PHP's memory limit.
if ( ini_set("memory_limit", $shimmie_limit) === FALSE ) {
/* We can't change PHP's limit, oh well, return whatever its currently set to */
return $memory;
}
$memory = parse_shorthand_int(ini_get("memory_limit"));
}
// PHP's memory limit is more than Shimmie needs.
return $memory; // return the current setting
}
}
/**
* Get the currently active IP, masked to make it not change when the last
* octet or two change, for use in session cookies and such
*
* @param Config $config
* @return string
*/
function get_session_ip(Config $config) {
$mask = $config->get_string("session_hash_mask", "255.255.0.0");
$addr = $_SERVER['REMOTE_ADDR'];
$addr = inet_ntop(inet_pton($addr) & inet_pton($mask));
return $addr;
}
/**
* similar to $_COOKIE[$name], but $name has the site-wide cookie
* prefix prepended to it, eg username -> shm_username, to prevent
* conflicts from multiple installs within one domain.
*/
function get_prefixed_cookie(/*string*/ $name) {
global $config;
$full_name = COOKIE_PREFIX."_".$name;
if(isset($_COOKIE[$full_name])) {
return $_COOKIE[$full_name];
}
else {
return null;
}
}
/**
* The counterpart for get_prefixed_cookie, this works like php's
* setcookie method, but prepends the site-wide cookie prefix to
* the $name argument before doing anything.
*
* @param string $name
* @param string $value
* @param int $time
* @param string $path
*/
function set_prefixed_cookie($name, $value, $time, $path) {
global $config;
$full_name = COOKIE_PREFIX."_".$name;
setcookie($full_name, $value, $time, $path);
}
/**
* Set (or extend) a flash-message cookie.
*
* This can optionally be done at the same time as saving a log message with log_*()
*
* Generally one should flash a message in onPageRequest and log a message wherever
* the action actually takes place (eg onWhateverElse) - but much of the time, actions
* are taken from within onPageRequest...
*
* @param string $text
* @param string $type
*/
function flash_message(/*string*/ $text, /*string*/ $type="info") {
$current = get_prefixed_cookie("flash_message");
if($current) {
$text = $current . "\n" . $text;
}
# the message should be viewed pretty much immediately,
# so 60s timeout should be more than enough
set_prefixed_cookie("flash_message", $text, time()+60, "/");
}
/**
* Figure out the path to the shimmie install directory.
*
* eg if shimmie is visible at http://foo.com/gallery, this
* function should return /gallery
*
* PHP really, really sucks.
*
* @return string
*/
function get_base_href() {
$possible_vars = array('SCRIPT_NAME', 'PHP_SELF', 'PATH_INFO', 'ORIG_PATH_INFO');
$ok_var = null;
foreach($possible_vars as $var) {
if(substr($_SERVER[$var], -4) === '.php') {
$ok_var = $_SERVER[$var];
break;
}
}
assert(!empty($ok_var));
$dir = dirname($ok_var);
$dir = str_replace("\\", "/", $dir);
$dir = str_replace("//", "/", $dir);
$dir = rtrim($dir, "/");
return $dir;
}
/**
* A shorthand way to send a TextFormattingEvent and get the results.
*
* @param string $string
* @return string
*/
function format_text(/*string*/ $string) {
$tfe = new TextFormattingEvent($string);
send_event($tfe);
return $tfe->formatted;
}
/**
* @param string $base
* @param string $hash
* @param bool $create
* @return string
*/
function warehouse_path(/*string*/ $base, /*string*/ $hash, /*bool*/ $create=true) {
$ab = substr($hash, 0, 2);
$cd = substr($hash, 2, 2);
if(WH_SPLITS == 2) {
$pa = $base.'/'.$ab.'/'.$cd.'/'.$hash;
}
else {
$pa = $base.'/'.$ab.'/'.$hash;
}
if($create && !file_exists(dirname($pa))) mkdir(dirname($pa), 0755, true);
return $pa;
}
/**
* @param string $filename
* @return string
*/
function data_path($filename) {
$filename = "data/" . $filename;
if(!file_exists(dirname($filename))) mkdir(dirname($filename), 0755, true);
return $filename;
}
/**
* @param string $url
* @param string $mfile
* @return array|bool
*/
function transload($url, $mfile) {
global $config;
if($config->get_string("transload_engine") === "curl" && function_exists("curl_init")) {
$ch = curl_init($url);
$fp = fopen($mfile, "w");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_USERAGENT, "Shimmie-".VERSION);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$response = curl_exec($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headers = http_parse_headers(implode("\n", preg_split('/\R/', rtrim(substr($response, 0, $header_size)))));
$body = substr($response, $header_size);
curl_close($ch);
fwrite($fp, $body);
fclose($fp);
return $headers;
}
if($config->get_string("transload_engine") === "wget") {
$s_url = escapeshellarg($url);
$s_mfile = escapeshellarg($mfile);
system("wget --no-check-certificate $s_url --output-document=$s_mfile");
return file_exists($mfile);
}
if($config->get_string("transload_engine") === "fopen") {
$fp = @fopen($url, "r");
if(!$fp) {
return false;
}
$data = "";
$length = 0;
while(!feof($fp) && $length <= $config->get_int('upload_size')) {
$data .= fread($fp, 8192);
$length = strlen($data);
}
fclose($fp);
$fp = fopen($mfile, "w");
fwrite($fp, $data);
fclose($fp);
//
// Scrutinizer-ci complains that $http_response_header does not exist,
// however, $http_response_header is actually a super-global.
// I have filed a bug with PHP-Analyzer here: https://github.com/scrutinizer-ci/php-analyzer/issues/212
//
$headers = http_parse_headers(implode("\n", $http_response_header));
return $headers;
}
return false;
}
if (!function_exists('http_parse_headers')) { #http://www.php.net/manual/en/function.http-parse-headers.php#112917
function http_parse_headers ($raw_headers){
$headers = array(); // $headers = [];
foreach (explode("\n", $raw_headers) as $i => $h) {
$h = explode(':', $h, 2);
if (isset($h[1])){
if(!isset($headers[$h[0]])){
$headers[$h[0]] = trim($h[1]);
}else if(is_array($headers[$h[0]])){
$tmp = array_merge($headers[$h[0]],array(trim($h[1])));
$headers[$h[0]] = $tmp;
}else{
$tmp = array_merge(array($headers[$h[0]]),array(trim($h[1])));
$headers[$h[0]] = $tmp;
}
}
}
return $headers;
}
}
function findHeader ($headers, $name){
//HTTP Headers can sometimes be lowercase which will cause issues.
//In cases like these, we need to make sure to check for them if the camelcase version does not exist.
$header = FALSE;
if(array_key_exists($name, $headers)){
$header = $headers[$name];
}else{
$headers = array_change_key_case($headers);
if(array_key_exists(strtolower($name), $headers)){
$header = $headers[strtolower($name)];
}
}
return $header;
}
$_included = array();
/**
* Get the active contents of a .php file
*
* @param string $fname
* @return string|null
*/
function manual_include($fname) {
global $_included;
if(!file_exists($fname)) return null;
if(in_array($fname, $_included)) return null;
$_included[] = $fname;
print "$fname\n";
$text = file_get_contents($fname);
// we want one continuous file
$text = str_replace('<'.'?php', '', $text);
$text = str_replace('?'.'>', '', $text);
// most requires are built-in, but we want /lib separately
$text = str_replace('require_', '// require_', $text);
$text = str_replace('// require_once "lib', 'require_once "lib', $text);
// @include_once is used for user-creatable config files
$text = preg_replace('/@include_once "(.*)";/e', "manual_include('$1')", $text);
// wibble the defines for HipHop's sake
$text = str_replace('function _d(', '// function _messed_d(', $text);
$text = preg_replace('/_d\("(.*)", (.*)\);/', 'if(!defined("$1")) define("$1", $2);', $text);
return $text;
}
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
* Logging convenience *
\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
define("SCORE_LOG_CRITICAL", 50);
define("SCORE_LOG_ERROR", 40);
define("SCORE_LOG_WARNING", 30);
define("SCORE_LOG_INFO", 20);
define("SCORE_LOG_DEBUG", 10);
define("SCORE_LOG_NOTSET", 0);
/**
* A shorthand way to send a LogEvent
*
* When parsing a user request, a flash message should give info to the user
* When taking action, a log event should be stored by the server
* Quite often, both of these happen at once, hence log_*() having $flash
*
* $flash = null (default) - log to server only, no flash message
* $flash = true - show the message to the user as well
* $flash = "some string" - log the message, flash the string
*
* @param string $section
* @param int $priority
* @param string $message
* @param null|bool|string $flash
* @param array $args
*/
function log_msg(/*string*/ $section, /*int*/ $priority, /*string*/ $message, $flash=null, $args=array()) {
send_event(new LogEvent($section, $priority, $message, $args));
$threshold = defined("CLI_LOG_LEVEL") ? CLI_LOG_LEVEL : 0;
if(is_cli() && ($priority >= $threshold)) {
print date("c")." $section: $message\n";
}
if($flash === True) {
flash_message($message);
}
else if(!is_null($flash)) {
flash_message($flash);
}
}
// More shorthand ways of logging
function log_debug( /*string*/ $section, /*string*/ $message, $flash=null, $args=array()) {log_msg($section, SCORE_LOG_DEBUG, $message, $flash, $args);}
function log_info( /*string*/ $section, /*string*/ $message, $flash=null, $args=array()) {log_msg($section, SCORE_LOG_INFO, $message, $flash, $args);}
function log_warning( /*string*/ $section, /*string*/ $message, $flash=null, $args=array()) {log_msg($section, SCORE_LOG_WARNING, $message, $flash, $args);}
function log_error( /*string*/ $section, /*string*/ $message, $flash=null, $args=array()) {log_msg($section, SCORE_LOG_ERROR, $message, $flash, $args);}
function log_critical(/*string*/ $section, /*string*/ $message, $flash=null, $args=array()) {log_msg($section, SCORE_LOG_CRITICAL, $message, $flash, $args);}
$_request_id = null;
/**
* Get a unique ID for this request, useful for grouping log messages.
*
* @return null|string
*/
function get_request_id() {
global $_request_id;
if(!$_request_id) {
// not completely trustworthy, as a user can spoof this
if(@$_SERVER['HTTP_X_VARNISH']) {
$_request_id = $_SERVER['HTTP_X_VARNISH'];
}
else {
$_request_id = "P" . uniqid();
}
}
return $_request_id;
}
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
* Things which should be in the core API *
\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/**
* Remove an item from an array
*
* @param $array
* @param $to_remove
* @return array
*/
function array_remove($array, $to_remove) {
$array = array_unique($array);
$a2 = array();
foreach($array as $existing) {
if($existing != $to_remove) {
$a2[] = $existing;
}
}
return $a2;
}
/**
* Adds an item to an array.
*
* Also removes duplicate values from the array.
*
* @param $array
* @param $element
* @return array
*/
function array_add($array, $element) {
// Could we just use array_push() ?
// http://www.php.net/manual/en/function.array-push.php
$array[] = $element;
$array = array_unique($array);
return $array;
}
/**
* Return the unique elements of an array, case insensitively
*
* @param $array
* @return array
*/
function array_iunique($array) {
$ok = array();
foreach($array as $element) {
$found = false;
foreach($ok as $existing) {
if(strtolower($element) == strtolower($existing)) {
$found = true; break;
}
}
if(!$found) {
$ok[] = $element;
}
}
return $ok;
}
/**
* Figure out if an IP is in a specified range
*
* from http://uk.php.net/network
*
* @param $IP
* @param $CIDR
* @return bool
*/
function ip_in_range($IP, $CIDR) {
list ($net, $mask) = explode("/", $CIDR);
$ip_net = ip2long ($net);
$ip_mask = ~((1 << (32 - $mask)) - 1);
$ip_ip = ip2long ($IP);
$ip_ip_net = $ip_ip & $ip_mask;
return ($ip_ip_net == $ip_net);
}
/**
* Delete an entire file heirachy
*
* from a patch by Christian Walde; only intended for use in the
* "extension manager" extension, but it seems to fit better here
*/
function deltree($f) {
//Because Windows (I know, bad excuse)
if(PHP_OS === 'WINNT') {
$real = realpath($f);
$path = realpath('./').'\\'.str_replace('/', '\\', $f);
if($path != $real) {
rmdir($path);
}
else {
foreach(glob($f.'/*') as $sf) {
if (is_dir($sf) && !is_link($sf)) {
deltree($sf);
}
else {
unlink($sf);
}
}
rmdir($f);
}
}
else {
if (is_link($f)) {
unlink($f);
}
else if(is_dir($f)) {
foreach(glob($f.'/*') as $sf) {
if (is_dir($sf) && !is_link($sf)) {
deltree($sf);
}
else {
unlink($sf);
}
}
rmdir($f);
}
}
}
/**
* Copy an entire file hierarchy
*
* from a comment on http://uk.php.net/copy
*/
function full_copy($source, $target) {
if(is_dir($source)) {
@mkdir($target);
$d = dir($source);
while(FALSE !== ($entry = $d->read())) {
if($entry == '.' || $entry == '..') {
continue;
}
$Entry = $source . '/' . $entry;
if(is_dir($Entry)) {
full_copy($Entry, $target . '/' . $entry);
continue;
}
copy($Entry, $target . '/' . $entry);
}
$d->close();
}
else {
copy($source, $target);
}
}
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
* Event API *
\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/** @private */
$_event_listeners = array();
/**
* Register an Extension.
*
* @param Extension $extension
* @param int $pos
* @param array $events
*/
function add_event_listener(Extension $extension, $pos=50, $events=array()) {
global $_event_listeners;
$pos *= 100;
foreach($events as $event) {
while(isset($_event_listeners[$event][$pos])) {
$pos += 1;
}
$_event_listeners[$event][$pos] = $extension;
}
}
/** @private */
$_event_count = 0;
/**
* Send an event to all registered Extensions.
*
* @param Event $event
*/
function send_event(Event $event) {
global $_event_listeners, $_event_count;
if(!isset($_event_listeners[get_class($event)])) return;
$method_name = "on".str_replace("Event", "", get_class($event));
ctx_log_start(get_class($event));
// SHIT: http://bugs.php.net/bug.php?id=35106
$my_event_listeners = $_event_listeners[get_class($event)];
ksort($my_event_listeners);
foreach($my_event_listeners as $listener) {
ctx_log_start(get_class($listener));
if(method_exists($listener, $method_name)) {
$listener->$method_name($event);
}
ctx_log_endok();
}
$_event_count++;
ctx_log_endok();
}
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
* Debugging functions *
\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
// SHIT by default this returns the time as a string. And it's not even a
// string representation of a number, it's two numbers separated by a space.
// What the fuck were the PHP developers smoking.
$_load_start = microtime(true);
/**
* Collects some debug information (execution time, memory usage, queries, etc)
* and formats it to stick in the footer of the page.
*
* @return string debug info to add to the page.
*/
function get_debug_info() {
global $config, $_event_count, $database, $_execs, $_load_start;
$i_mem = sprintf("%5.2f", ((memory_get_peak_usage(true)+512)/1024)/1024);
if($config->get_string("commit_hash", "unknown") == "unknown"){
$commit = "";
}
else {
$commit = " (".$config->get_string("commit_hash").")";
}
$time = sprintf("%.2f", microtime(true) - $_load_start);
$dbtime = sprintf("%.2f", $database->dbtime);
$i_files = count(get_included_files());
$hits = $database->cache->get_hits();
$miss = $database->cache->get_misses();
$debug = "<br>Took $time seconds (db:$dbtime) and {$i_mem}MB of RAM";
$debug .= "; Used $i_files files and $_execs queries";
$debug .= "; Sent $_event_count events";
$debug .= "; $hits cache hits and $miss misses";
$debug .= "; Shimmie version ". VERSION . $commit; // .", SCore Version ". SCORE_VERSION;
return $debug;
}
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
* Request initialisation stuff *
\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/** @privatesection */
/**
* @param array|string $arr
* @return array|string
*/
function _stripslashes_r($arr) {
return is_array($arr) ? array_map('_stripslashes_r', $arr) : stripslashes($arr);
}
function _sanitise_environment() {
if(TIMEZONE) {
date_default_timezone_set(TIMEZONE);
}
if(DEBUG) {
error_reporting(E_ALL);
}
if(CONTEXT) {
ctx_set_log(CONTEXT);
ctx_log_start(@$_SERVER["REQUEST_URI"], true, true);
}
if(COVERAGE) {
_start_coverage();
register_shutdown_function("_end_coverage");
}
assert_options(ASSERT_ACTIVE, 1);
assert_options(ASSERT_BAIL, 1);
ob_start();
if(get_magic_quotes_gpc()) {
$_GET = _stripslashes_r($_GET);
$_POST = _stripslashes_r($_POST);
$_COOKIE = _stripslashes_r($_COOKIE);
}
if(is_cli()) {
if(isset($_SERVER['REMOTE_ADDR'])) {
die("CLI with remote addr? Confused, not taking the risk.");
}
$_SERVER['REMOTE_ADDR'] = "0.0.0.0";
$_SERVER['HTTP_HOST'] = "<cli command>";
}
}
/**
* @param string $_theme
* @return array
*/
function _get_themelet_files($_theme) {
$base_themelets = array();
if(file_exists('themes/'.$_theme.'/custompage.class.php')) $base_themelets[] = 'themes/'.$_theme.'/custompage.class.php';
$base_themelets[] = 'themes/'.$_theme.'/layout.class.php';
$base_themelets[] = 'themes/'.$_theme.'/themelet.class.php';
$ext_themelets = zglob("ext/{".ENABLED_EXTS."}/theme.php");
$custom_themelets = zglob('themes/'.$_theme.'/{'.ENABLED_EXTS.'}.theme.php');
return array_merge($base_themelets, $ext_themelets, $custom_themelets);
}
function _set_event_listeners($classes) {
global $_event_listeners;
$_event_listeners = array();
foreach($classes as $class) {
$rclass = new ReflectionClass($class);
if($rclass->isAbstract()) {
// don't do anything
}
elseif(is_subclass_of($class, "Extension")) {
$c = new $class();
$c->i_am($c);
$my_events = array();
foreach(get_class_methods($c) as $method) {
if(substr($method, 0, 2) == "on") {
$my_events[] = substr($method, 2) . "Event";
}
}
add_event_listener($c, $c->get_priority(), $my_events);
}
}
}
function _dump_event_listeners($event_listeners, $path) {
$p = "<"."?php\n";
foreach(get_declared_classes() as $class) {
$rclass = new ReflectionClass($class);
if($rclass->isAbstract()) {}
elseif(is_subclass_of($class, "Extension")) {
$p .= "\$$class = new $class(); ";
$p .= "\${$class}->i_am(\$$class);\n";
}
}
$p .= "\$_event_listeners = array(\n";
foreach($event_listeners as $event => $listeners) {
$p .= "\t'$event' => array(\n";
foreach($listeners as $id => $listener) {
$p .= "\t\t$id => \$".get_class($listener).",\n";
}
$p .= "\t),\n";
}
$p .= ");\n";
$p .= "?".">";
file_put_contents($path, $p);
}
function _load_extensions() {
global $_event_listeners;
ctx_log_start("Loading extensions");
if(COMPILE_ELS && file_exists("data/cache/event_listeners.php")) {
require_once("data/cache/event_listeners.php");
}
else {
_set_event_listeners(get_declared_classes());
if(COMPILE_ELS) {
_dump_event_listeners($_event_listeners, data_path("cache/event_listeners.php"));
}
}
ctx_log_endok();
}
/**
* Used to display fatal errors to the web user.
* @param Exception $e
*/
function _fatal_error(Exception $e) {
$version = VERSION;
$message = $e->getMessage();
//$trace = var_dump($e->getTrace());
//$hash = exec("git rev-parse HEAD");
//$h_hash = $hash ? "<p><b>Hash:</b> $hash" : "";
//'.$h_hash.'
header("HTTP/1.0 500 Internal Error");
echo '
<html>
<head>
<title>Internal error - SCore-'.$version.'</title>
</head>
<body>
<h1>Internal Error</h1>
<p><b>Message:</b> '.$message.'
<p><b>Version:</b> '.$version.'
</body>
</html>
';
}
/**
* Turn ^^ into ^ and ^s into /
*
* Necessary because various servers and various clients
* think that / is special...
*
* @param string $str
* @return string
*/
function _decaret($str) {
$out = "";
$length = strlen($str);
for($i=0; $i<$length; $i++) {
if($str[$i] == "^") {
$i++;
if($str[$i] == "^") $out .= "^";
if($str[$i] == "s") $out .= "/";
if($str[$i] == "b") $out .= "\\";
}
else {
$out .= $str[$i];
}
}
return $out;
}
/**
* @return User
*/
function _get_user() {
global $config;
$user = null;
if(get_prefixed_cookie("user") && get_prefixed_cookie("session")) {
$tmp_user = User::by_session(get_prefixed_cookie("user"), get_prefixed_cookie("session"));
if(!is_null($tmp_user)) {
$user = $tmp_user;
}
}
if(is_null($user)) {
$user = User::by_id($config->get_int("anon_id", 0));
}
assert(!is_null($user));
return $user;
}
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
* Code coverage *
\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
function _start_coverage() {
if(function_exists("xdebug_start_code_coverage")) {
#xdebug_start_code_coverage(XDEBUG_CC_UNUSED|XDEBUG_CC_DEAD_CODE);
xdebug_start_code_coverage(XDEBUG_CC_UNUSED);
}
}
function _end_coverage() {
if(function_exists("xdebug_get_code_coverage")) {
// Absolute path is necessary because working directory
// inside register_shutdown_function is unpredictable.
$absolute_path = dirname(dirname(__FILE__)) . "/data/coverage";
if(!file_exists($absolute_path)) mkdir($absolute_path);
$n = 0;
$t = time();
while(file_exists("$absolute_path/$t.$n.log")) $n++;
file_put_contents("$absolute_path/$t.$n.log", gzdeflate(serialize(xdebug_get_code_coverage())));
}
}