https://src.bluestatic.org / isso.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
We now hide the path when we use ISSO::_error_handler(). Added ability to check for...
[isso.git] / kernel.php
1 <?php
2 /*=====================================================================*\
3 || ################################################################### ||
4 || # Iris Studios Shared Object Framework [#]version[#]
5 || # --------------------------------------------------------------- # ||
6 || # All parts of this file are ©2003-[#]year[#] Iris Studios, Inc. No # ||
7 || # part of this file may be reproduced in any way: part or whole. # ||
8 || # --------------------------------------------------------------- # ||
9 || # ©2003 - [#]year[#] Iris Studios, Inc. | http://www.iris-studios.com # ||
10 || ################################################################### ||
11 \*=====================================================================*/
12
13 define('ERR_FATAL', E_USER_ERROR);
14 define('ERR_ALERT', E_USER_WARNING);
15 define('ERR_WARNING', E_USER_NOTICE);
16
17 if (PHP_VERSION < '4.1.0')
18 {
19 trigger_error('You need PHP version 4.1.0 or newer to run ISSO', ERR_FATAL);
20 exit;
21 }
22
23 if (version_compare(PHP_VERSION, '5.0.0', '>='))
24 {
25 if (ini_get('error_reporting') & E_NOTICE)
26 {
27 error_reporting(ini_get('error_reporting') - E_NOTICE);
28 }
29 if (ini_get('error_reporting') & E_USER_NOTICE)
30 {
31 error_reporting(ini_get('error_reporting') - E_USER_NOTICE);
32 }
33 }
34
35 if (!(ini_get('error_reporting') & E_NOTICE) AND ini_get('error_reporting') & E_USER_NOTICE)
36 {
37 error_reporting(ini_get('error_reporting') - E_USER_NOTICE);
38 }
39
40 if (!(ini_get('error_reporting') & E_WARNING) AND ini_get('error_reporting') & E_USER_WARNING)
41 {
42 error_reporting(ini_get('error_reporting') - E_USER_WARNING);
43 }
44
45 if (!(ini_get('error_reporting') & E_ERROR) AND ini_get('error_reporting') & E_USER_ERROR)
46 {
47 error_reporting(ini_get('error_reporting') - E_USER_ERROR);
48 }
49
50 if ((bool)ini_get('register_globals') === true)
51 {
52 $superglobals = array('_GET', '_COOKIE', '_FILES', '_POST', '_SERVER', '_ENV');
53 foreach ($superglobals AS $global)
54 {
55 if (is_array(${$global}))
56 {
57 foreach (${$global} AS $_key => $_val)
58 {
59 if (isset(${$_key}))
60 {
61 unset(${$_key});
62 }
63 }
64 }
65 }
66 }
67
68 /**
69 * Iris Studios Shared Object Framework (ISSO)
70 *
71 * This framework allows a common backend to be used amongst all Iris
72 * Studios applications and can is built to be abstract and flexible.
73 * The base framework handles all loading and module management.
74 *
75 * @author Iris Studios, Inc.
76 * @copyright Copyright ©2003 - [#]year[#], Iris Studios, Inc.
77 * @version $Revision$
78 *
79 */
80 class Shared_Object_Framework
81 {
82 /**
83 * Global environment variables
84 *
85 * This is where we keep the global variables that are used within the shared framework
86 *
87 * @var version ISSO version
88 * @var sourcepath The location of the framework sources
89 * @var appath The path to the application's location
90 * @var application The name of the application that is using the framework
91 * @var appversion The version of the application
92 * @var debug Variable for debug mode
93 * @var debuginfo Listing of all debug notices
94 * @var modules An array of loaded framework modules
95 * @var input All input data for the system
96 * @var i Short-hand reference to $isso::input
97 * @var in Short-hand reference to $isso::input
98 * @var magicquotes Status of Magic Quotes GPC
99 * @var escapestrings Sets whether or not we escape strings automatically
100 */
101 var $version = '[#]version[#]';
102 var $sourcepath = '';
103 var $apppath = '';
104 var $application = '';
105 var $appversion = '';
106 var $debug = false;
107 var $debuginfo = array();
108 var $modules = array();
109 var $input = array();
110 var $i = array();
111 var $in = array();
112 var $magicquotes = 0;
113 var $escapestrings = false;
114
115 /**
116 * Constructor
117 */
118 function Shared_Object_Framework()
119 {
120 // error reporting
121 set_error_handler(array(&$this, '_error_handler'));
122
123 // magic quotes
124 $this->magicquotes = get_magic_quotes_gpc();
125 set_magic_quotes_runtime(0);
126
127 if (defined('ISSO_ESCAPE_STRINGS'))
128 {
129 $this->escapestrings = (bool)constant('ISSO_ESCAPE_STRINGS');
130 }
131
132 // start input sanitize using variable_order GP
133 if (!$this->escapestrings)
134 {
135 $this->exec_sanitize_data();
136 }
137
138 $this->modules['kernel'] = 'Shared Object Framework Core';
139 }
140
141 /**
142 * Prepares a path for being set as the sourcepath
143 *
144 * @param str Source path or URL
145 *
146 * @return str Prepared source path
147 */
148 function fetch_sourcepath($source)
149 {
150 if (substr($source, strlen($source) - 1) != '/')
151 {
152 $source .= '/';
153 }
154 return $source;
155 }
156
157 /**
158 * Loads a framework extension
159 *
160 * @param str Name of the framework
161 */
162 function load($framework)
163 {
164 if (!$this->is_loaded($framework))
165 {
166 $newobj = $this->locate($framework);
167 $this->$newobj['OBJ'] = new $newobj['CLASS']();
168 $GLOBALS["$newobj[OBJ]"] =& $this->$newobj['OBJ'];
169 $this->modules["$framework"] = $newobj['OBJECT'];
170 }
171 }
172
173 /**
174 * Includes a framework module. Module definitions need three variables:
175 * class, object, and obj. Class is the name of the class, object is
176 * the name human-readable name, and obj is the name that the module
177 * should be initialized as; this is used in class extensions.
178 *
179 * @param str Name of the framework
180 *
181 * @return array List of initialization variables
182 */
183 function locate($framework)
184 {
185 if ($this->sourcepath == '')
186 {
187 trigger_error('Invalid sourcepath specified', ERR_FATAL);
188 }
189
190 if (file_exists($this->sourcepath . $framework . '.php'))
191 {
192 require_once($this->sourcepath . $framework . '.php');
193 return array('CLASS' => $CLASS, 'OBJECT' => $OBJECT, 'OBJ' => $OBJ);
194 }
195 else
196 {
197 trigger_error('Could not find the framework ' . $this->sourcepath . $framework . '.php', ERR_FATAL);
198 exit;
199 }
200 }
201
202 /**
203 * Prints a list of all currently loaded framework modules
204 *
205 * @param bool Return the data as an array?
206 *
207 * @return mixed HTML output or an array of loaded modules
208 */
209 function show_modules($return = false)
210 {
211 if ($return)
212 {
213 return $this->modules;
214 }
215 else
216 {
217 $output = "\n\n<ul>\n\t<li>";
218 $output .= implode("</li>\n\t<li>", $this->modules);
219 $output .= "</li>\n</ul>\n\n";
220 $this->_message('Loaded Modules', $output, 1);
221 }
222 }
223
224 /**
225 * Verifies to see if a framework has been loaded
226 *
227 * @param str Framework name
228 *
229 * @return bool Whether or not the framework has been loaded
230 */
231 function is_loaded($framework)
232 {
233 if (isset($this->modules["$framework"]))
234 {
235 return true;
236 }
237 else
238 {
239 return false;
240 }
241 }
242
243 /**
244 * Prints an ISSO message
245 *
246 * @param str The title of the message
247 * @param str The content of the message
248 * @param int Type of message to be printed
249 * @param bool Return the output?
250 *
251 * @return mixed Output or null
252 */
253 function _message($title, $message, $type, $return = false)
254 {
255 switch ($type)
256 {
257 // Message
258 case 1:
259 $prefix = 'Message';
260 $color = '#669900';
261 $font = '#000000';
262 break;
263
264 // Warning
265 case 2:
266 $prefix = 'Warning';
267 $color = '#003399';
268 $font = '#FFFFFF';
269 break;
270
271 case 3:
272 $prefix = 'Error';
273 $color = '#990000';
274 $font = '#EFEFEF';
275 break;
276 }
277
278 $output = "\n<br />\n<table cellpadding=\"4\" cellspacing=\"1\" border=\"0\" width=\"500\" style=\"background-color: $color; font-family: Verdana, sans-serif; font-size: 12px;\">";
279 $output .= "\n<tr style=\"color: $font\">\n\t<td><strong>$prefix: $title</strong></td>\n</tr>";
280 $output .= "\n<tr style=\"background-color: #FFFFFF\">\n\t<td>$message</td>\n</tr>\n</table>\n<br />\n";
281
282 if ($return)
283 {
284 return $output;
285 }
286 else
287 {
288 print($output);
289 }
290 }
291
292 /**
293 * Custom error handler for ISSO
294 *
295 * @param int Error number
296 * @param str Error message string
297 * @param str File that contains the error
298 * @param str The line number of the error
299 * @param str The active symbol table at which point the error occurred
300 */
301 function _error_handler($errno, $errstr, $errfile, $errline)
302 {
303 switch ($errno)
304 {
305 // Fatal
306 case ERR_FATAL:
307 $title = 'Fatal';
308 if (!(ini_get('error_reporting') & ERR_FATAL))
309 {
310 return;
311 }
312 break;
313
314 // Error
315 case ERR_ALERT:
316 $title = 'Alert';
317 if (!(ini_get('error_reporting') & ERR_ALERT))
318 {
319 return;
320 }
321 break;
322
323 // Warning
324 case ERR_WARNING:
325 default:
326 $title = 'Warning';
327 if (!(ini_get('error_reporting') & ERR_WARNING))
328 {
329 return;
330 }
331 break;
332 }
333
334 $errfile = str_replace(getcwd(), '', $errfile);
335
336 $errstr .= " in <strong>$errfile</strong> on line <strong>$errline</strong>";
337
338 $this->_message($title, $errstr, 3);
339
340 if ($errno == ERR_FATAL)
341 {
342 exit;
343 }
344 }
345
346 /**
347 * Logs a debug message for verbose output
348 *
349 * @param str Message
350 */
351 function debug($message)
352 {
353 if ($this->debug)
354 {
355 $this->debuginfo[] = $message;
356 }
357 }
358
359 /**
360 * Recursive XSS cleaner
361 *
362 * @param mixed Unsanitized REQUEST data
363 *
364 * @return mixed Sanitized data
365 */
366 function _sanitize_input_recursive($data)
367 {
368 foreach($data AS $key => $value)
369 {
370 if (is_array($value))
371 {
372 $data["$key"] = $this->_sanitize_input_recursive($value);
373 }
374 else
375 {
376 if ($this->escapestrings)
377 {
378 $data["$key"] = $this->escape($this->sanitize($value));
379 }
380 else
381 {
382 $data["$key"] = $this->sanitize($value);
383 }
384 }
385 }
386 return $data;
387 }
388
389 /**
390 * Simple way to protect against HTML attacks with Unicode support
391 *
392 * @param str Unsanitzed text
393 *
394 * @return str Properly protected text that only encodes potential threats
395 */
396 function sanitize($text)
397 {
398 if ($this->magicquotes)
399 {
400 return str_replace(array('<', '>', '\"', '"'), array('&lt;', '&gt;', '&quot;', '&quot;'), $text);
401 }
402 else
403 {
404 return str_replace(array('<', '>', '"'), array('&lt;', '&gt;', '&quot;'), $text);
405 }
406 }
407
408 /**
409 * Takes text that has been processed for HTML and unsanitizes it
410 *
411 * @param str Text that needs to be turned back into HTML
412 * @param bool Force magicquotes off
413 *
414 * @return str Unsanitized text
415 */
416 function unsanitize($text, $force = false)
417 {
418 if ($this->magicquotes AND !$force)
419 {
420 return str_replace(array('&lt;', '&gt;', '&quot;'), array('<', '>', '\"'), $text);
421 }
422 else
423 {
424 return str_replace(array('&lt;', '&gt;', '&quot;'), array('<', '>', '"'), $text);
425 }
426 }
427
428 /**
429 * Smart addslashes() that only applies itself it the Magic Quotes GPC is off
430 *
431 * @param str Some string
432 *
433 * @return str String that has slashes added
434 */
435 function escape($str, $binary = false, $force = false)
436 {
437 global $_isso;
438
439 if ($this->magicquotes AND !$force)
440 {
441 if (isset($_isso->db) AND $binary)
442 {
443 if (is_resource($_isso->db->link_id))
444 {
445 return $_isso->db->escape_string(stripslashes($str));
446 }
447 }
448 return $str;
449 }
450 else
451 {
452 if (isset($_isso->db) AND $binary)
453 {
454 if (is_resource($_isso->db->link_id))
455 {
456 return $_isso->db->escape_string($str);
457 }
458 }
459 return addslashes($str);
460 }
461 }
462
463 /**
464 * Runs through all of the input data and sanitizes it.
465 */
466 function exec_sanitize_data()
467 {
468 $this->input = $this->_sanitize_input_recursive(array_merge($_GET, $_POST));
469 $this->i =& $this->input;
470 $this->in =& $this->input;
471 // we're now using magic quotes
472 if ($this->escapestrings)
473 {
474 $this->magicquotes = 1;
475 }
476 }
477 }
478
479 /**
480 * Global callback used for module calls back to the kernel
481 */
482 $_isso = new Shared_Object_Framework();
483
484 /**
485 * Wrapper for ternary operator that has to be in the global scope.
486 * This function is going to be removed from our applications due
487 * to it's latency in processing. This will remain here purely
488 * for legacy reasons. It will be removed when necessary.
489 *
490 * @param expr Expression
491 * @param mixed If the expression is true
492 * @param mixed If the expression is false
493 *
494 * @return mixed True or false data
495 */
496 function iff($condition, $iftrue, $iffalse = null)
497 {
498 return ($condition) ? ($iftrue) : ($iffalse);
499 }
500
501 if (defined('ISSO_CHECK_POST_REFERER'))
502 {
503 if ($_SERVER['REQUEST_METHOD'] == 'POST')
504 {
505 $host = ($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_ENV['HTTP_HOST'];
506 $host = preg_replace('#^www\.#i', '', $host);
507 $parts = parse_url($_SERVER['HTTP_REFERER']);
508 $ourhost = $parts['host'] . (($parts['port']) ? ":$parts[port]" : '');
509
510 if ($ourhost != $host)
511 {
512 trigger_error('No external hosts are allowed to POST to this application', ERR_FATAL);
513 }
514 }
515 }
516
517 /*=====================================================================*\
518 || ###################################################################
519 || # $HeadURL$
520 || # $Id$
521 || ###################################################################
522 \*=====================================================================*/
523 ?>
The PHP framework used in Blue Static's web applications that provides common functionality through shared classes.