https://src.bluestatic.org / isso.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added input sanitize functions. The new system works by merging $_GET and $_POST...
[isso.git] / kernel.php
1 <?php
2 /*=====================================================================*\
3 || ################################################################### ||
4 || # Iris Studios Shared Object Framework [#]version[#]
5 || # --------------------------------------------------------------- # ||
6 || # All parts of this file are ©2003-[#]year[#] Iris Studios, Inc. No # ||
7 || # part of this file may be reproduced in any way: part or whole. # ||
8 || # --------------------------------------------------------------- # ||
9 || # ©2003 - [#]year[#] Iris Studios, Inc. | http://www.iris-studios.com # ||
10 || ################################################################### ||
11 \*=====================================================================*/
12
13 define('ERR_FATAL', E_USER_ERROR);
14 define('ERR_ERROR', E_USER_WARNING);
15 define('ERR_WARNING', E_USER_NOTICE);
16
17 /**
18 * Iris Studios Shared Object Framework (ISSO)
19 *
20 * This framework allows a common backend to be used amongst all Iris
21 * Studios applications and can is built to be abstract and flexible.
22 * The base framework handles all loading and module management.
23 *
24 * @author Iris Studios, Inc.
25 * @copyright Copyright ©2003 - [#]year[#], Iris Studios, Inc.
26 * @version $Revision$
27 *
28 */
29 class Shared_Object_Framework
30 {
31 /**
32 * Global environment variables
33 *
34 * This is where we keep the global variables that are used within the shared framework
35 *
36 * @var version ISSO version
37 * @var sourcepath The location of the framework sources
38 * @var appath The path to the application's location
39 * @var application The name of the application that is using the framework
40 * @var debug Variable for debug mode
41 * @var debuginfo Listing of all debug notices
42 * @var modules An array of loaded framework modules
43 * @var input All input data for the system
44 * @var magicquotes Status of Magic Quotes GPC
45 */
46 var $version = '[#]version[#]';
47 var $sourcepath = '';
48 var $apppath = '';
49 var $application = '';
50 var $debug = false;
51 var $debuginfo = array();
52 var $modules = array();
53 var $input = array();
54 var $magicquotes = 0;
55
56 /**
57 * Constructor
58 */
59 function Shared_Object_Framework()
60 {
61 // error reporting
62 set_error_handler(array(&$this, '_error_handler'));
63
64 // magic quotes
65 $this->magicquotes = get_magic_quotes_gpc();
66 set_magic_quotes_runtime(0);
67
68 // start input sanitize using variable_order GP
69 $this->input = $this->_sanitize_input_recursive(array_merge($_GET, $_POST));
70
71 $this->modules['kernel'] = 'Shared Object Framework Core';
72 }
73
74 /**
75 * Prepares a path for being set as the sourcepath
76 *
77 * @param str Source path or URL
78 *
79 * @return str Prepared source path
80 */
81 function fetch_sourcepath($source)
82 {
83 if (substr($source, strlen($source) - 1) != '/')
84 {
85 $source .= '/';
86 }
87 return $source;
88 }
89
90 /**
91 * Loads a framework extension
92 *
93 * @param str Name of the framework
94 */
95 function load($framework)
96 {
97 if (!$this->is_loaded($framework))
98 {
99 $newobj = $this->locate($framework);
100 $this->$newobj['OBJ'] = new $newobj['CLASS']();
101 $GLOBALS["$newobj[OBJ]"] =& $this->$newobj['OBJ'];
102 $this->modules["$framework"] = $newobj['OBJECT'];
103 }
104 }
105
106 /**
107 * Includes a framework module. Module definitions need three variables:
108 * class, object, and obj. Class is the name of the class, object is
109 * the name human-readable name, and obj is the name that the module
110 * should be initialized as; this is used in class extensions.
111 *
112 * @param str Name of the framework
113 *
114 * @return array List of initialization variables
115 */
116 function locate($framework)
117 {
118 if ($this->sourcepath == '')
119 {
120 trigger_error('Invalid sourcepath specified', ERR_FATAL);
121 }
122
123 if (file_exists($this->sourcepath . $framework . '.php'))
124 {
125 require_once($this->sourcepath . $framework . '.php');
126 return array('CLASS' => $CLASS, 'OBJECT' => $OBJECT, 'OBJ' => $OBJ);
127 }
128 else
129 {
130 trigger_error('Could not find the framework ' . $this->sourcepath . $framework . '.php', ERR_FATAL);
131 exit;
132 }
133 }
134
135 /**
136 * Prints a list of all currently loaded framework modules
137 *
138 * @param bool Return the data as an array?
139 *
140 * @return mixed HTML output or an array of loaded modules
141 */
142 function show_modules($return = false)
143 {
144 if ($return)
145 {
146 return $this->modules;
147 }
148 else
149 {
150 $output = "\n\n<ul>\n\t<li>";
151 $output .= implode("</li>\n\t<li>", $this->modules);
152 $output .= "</li>\n</ul>\n\n";
153 $this->_message('Loaded Modules', $output, 1);
154 }
155 }
156
157 /**
158 * Verifies to see if a framework has been loaded
159 *
160 * @param str Framework name
161 *
162 * @return bool Whether or not the framework has been loaded
163 */
164 function is_loaded($framework)
165 {
166 if (isset($this->modules["$framework"]))
167 {
168 return true;
169 }
170 else
171 {
172 return false;
173 }
174 }
175
176 /**
177 * Prints an ISSO message
178 *
179 * @param str The title of the message
180 * @param str The content of the message
181 * @param int Type of message to be printed
182 * @param bool Return the output?
183 *
184 * @return mixed Output or null
185 */
186 function _message($title, $message, $type, $return = false)
187 {
188 switch ($type)
189 {
190 // Message
191 case 1:
192 $prefix = 'Message';
193 $color = '#669900';
194 $font = '#000000';
195 break;
196
197 // Warning
198 case 2:
199 $prefix = 'Warning';
200 $color = '#003399';
201 $font = '#FFFFFF';
202 break;
203
204 case 3:
205 $prefix = 'Error';
206 $color = '#990000';
207 $font = '#EFEFEF';
208 break;
209 }
210
211 $output = "\n<br />\n<table cellpadding=\"4\" cellspacing=\"1\" border=\"0\" width=\"500\" style=\"background-color: $color; font-family: Verdana, sans-serif; font-size: 12px;\">";
212 $output .= "\n<tr style=\"color: $font\">\n\t<td><strong>$prefix: $title</strong></td>\n</tr>";
213 $output .= "\n<tr style=\"background-color: #FFFFFF\">\n\t<td>$message</td>\n</tr>\n</table>\n<br />\n";
214
215 if ($return)
216 {
217 return $output;
218 }
219 else
220 {
221 print($output);
222 }
223 }
224
225 /**
226 * Custom error handler for ISSO
227 *
228 * @param int Error number
229 * @param str Error message string
230 * @param str File that contains the error
231 * @param str The line number of the error
232 * @param str The active symbol table at which point the error occurred
233 */
234 function _error_handler($errno, $errstr, $errfile, $errline)
235 {
236 switch ($errno)
237 {
238 // Fatal
239 case ERR_FATAL:
240 $title = 'Fatal';
241 break;
242
243 // Error
244 case ERR_ERROR:
245 $title = 'Alert';
246 break;
247
248 // Warning
249 case ERR_WARNING:
250 default:
251 $title = 'Warning';
252 break;
253 }
254
255 $errstr .= " in <strong>$errfile</strong> on line <strong>$errline</strong>";
256
257 $this->_message($title, $errstr, 3);
258
259 if ($errno == ERR_FATAL)
260 {
261 exit;
262 }
263 }
264
265 /**
266 * Logs a debug message for verbose output
267 *
268 * @param str Message
269 */
270 function debug($message)
271 {
272 if ($this->debug)
273 {
274 $this->debuginfo[] = $message;
275 }
276 }
277
278 /**
279 * Recursive XSS cleaner
280 *
281 * @param mixed Unsanitized REQUEST data
282 *
283 * @return mixed Sanitized data
284 */
285 function _sanitize_input_recursive($data)
286 {
287 foreach($data AS $key => $value)
288 {
289 if (is_array($value))
290 {
291 $data["$key"] = $this->_sanitize_input_recursive($value);
292 }
293 else
294 {
295 $data["$key"] = $this->sanitize($value);
296 }
297 }
298 return $data;
299 }
300
301 /**
302 * Simple way to protect against HTML attacks with Unicode support
303 *
304 * @param str Unsanitzed text
305 *
306 * @return str Properly protected text that only encodes potential threats
307 */
308 function sanitize($text)
309 {
310 return str_replace(array('<', '>', '"'), array('&lt;', '&gt;', '&quot;'), $text);
311 }
312
313 /**
314 * Takes text that has been processed for HTML and unsanitizes it
315 *
316 * @param str Text that needs to be turned back into HTML
317 *
318 * @return str Unsanitized text
319 */
320 function unsanitize($text)
321 {
322 return str_replace(array('&lt;', '&gt;', '&quot;'), array('<', '>', '"'), $text);
323 }
324
325 /**
326 * Smart addslashes() that only applies itself it the Magic Quotes GPC is off
327 *
328 * @param str Some string
329 *
330 * @return str String that has slashes added
331 */
332 function escape($str)
333 {
334 global $_isso;
335
336 if ($this->magicquotes)
337 {
338 return $str;
339 }
340 else
341 {
342 if (isset($_isso->db))
343 {
344 if (is_resource($_isso->db->link_id))
345 {
346 return $_isso->db->escape_string($str);
347 }
348 else
349 {
350 return addslashes($str);
351 }
352 }
353 else
354 {
355 return addslashes($str);
356 }
357 }
358 }
359 }
360
361 /**
362 * Global callback used for module calls back to the kernel
363 */
364 $_isso = new Shared_Object_Framework();
365
366 /**
367 * Wrapper for ternary operator that has to be in the global scope
368 *
369 * @param expr Expression
370 * @param mixed If the expression is true
371 * @param mixed If the expression is false
372 *
373 * @return mixed True or false data
374 */
375 function iff($condition, $iftrue, $iffalse = null)
376 {
377 return ($condition) ? ($iftrue) : ($iffalse);
378 }
379
380 /*=====================================================================*\
381 || ###################################################################
382 || # $HeadURL$
383 || # $Id$
384 || ###################################################################
385 \*=====================================================================*/
386 ?>
The PHP framework used in Blue Static's web applications that provides common functionality through shared classes.