=')) { if (ini_get('error_reporting') & E_NOTICE) { error_reporting(ini_get('error_reporting') - E_NOTICE); } if (ini_get('error_reporting') & E_USER_NOTICE) { error_reporting(ini_get('error_reporting') - E_USER_NOTICE); } } $oldlevel = ini_get('error_reporting'); $newlevel = $oldlevel; $levels = array(E_ERROR => E_USER_ERROR, E_WARNING => E_USER_WARNING, E_NOTICE => E_USER_NOTICE); foreach ($levels AS $php => $isso) { if ($oldlevel & $php) { if (!($oldlevel & $isso)) { //echo "increasing newlevel by $isso; "; $newlevel += $isso; } } else { if ($oldlevel & $isso) { //echo "decreasing newlevel by $isso; "; $newlevel -= $isso; } } } error_reporting($newlevel); if ((bool)ini_get('register_globals') === true) { $superglobals = array('_GET', '_COOKIE', '_FILES', '_POST', '_SERVER', '_ENV'); foreach ($superglobals AS $global) { if (is_array(${$global})) { foreach (${$global} AS $_key => $_val) { if (isset(${$_key})) { unset(${$_key}); } } } } } /**#@+ * Input cleaning type constant */ /** * Integer type */ define('TYPE_INT', 1); /** * Unsigned integer */ define('TYPE_UINT', 2); /** * Float type */ define('TYPE_FLOAT', 4); /** * Boolean type */ define('TYPE_BOOL', 8); /** * String - cleaned */ define('TYPE_STR', 16); /** * String - deliberate unclean */ define('TYPE_STRUN', 32); /** * No cleaning - here for use in API */ define('TYPE_NOCLEAN', 64); /**#@-*/ /** * Iris Studios Shared Object Framework (ISSO) * * This framework allows a common backend to be used amongst all Iris * Studios applications and is built to be abstract and flexible. * The base framework handles all loading and module management. * * @author Iris Studios, Inc. * @copyright Copyright ©2002 - [#]year[#], Iris Studios, Inc. * @version $Revision$ * @package ISSO * */ class Shared_Object_Framework { /** * ISSO version * @var string */ var $version = '[#]version[#]'; /** * Location of ISSO, used for internal linking * @var string */ var $sourcepath = ''; /** * Path of the current application * @var string */ var $apppath = ''; /** * Web path used to get the web location of the installation of ISSO; only used for Printer module * @var string */ var $webpath = ''; /** * Name of the current application * @var string */ var $application = ''; /** * Version of the current application * @var string */ var $appversion = ''; /** * Whether debug mode is on or off * @var bool */ var $debug = false; /** * List of all active debug messages * @var array */ var $debuginfo = array(); /** * List of loaded modules * @var array */ var $modules = array(); /** * An array of sanitized variables that have been cleaned for HTML tag openers and double quotes * @var array */ var $in = array(); /** * If we are running with magic_quotes_gpc on or off * @var int */ var $magicquotes = 0; /** * If we should automagically escape strings, mimicking magic_quotes_gpc * @var bool */ var $escapestrings = false; /** * Constructor */ function __construct() { // error reporting set_error_handler(array(&$this, '_error_handler')); // magic quotes $this->magicquotes = get_magic_quotes_gpc(); set_magic_quotes_runtime(0); if (defined('ISSO_ESCAPE_STRINGS')) { $this->escapestrings = (bool)constant('ISSO_ESCAPE_STRINGS'); } // start input sanitize using variable_order GPC if (!$this->escapestrings) { $this->exec_sanitize_data(); } if (defined('ISSO_CHECK_POST_REFERER')) { $this->exec_referer_check(); } $GLOBALS['isso:null-framework'] = null; } /** * (PHP 4) Constructor */ function Shared_Object_Framework() { $this->__construct(); } /** * Prepares a path for being set as the sourcepath * * @param string Source path or URL * * @return string Prepared source path */ function fetch_sourcepath($source) { if (substr($source, strlen($source) - 1) != DIRECTORY_SEPARATOR) { $source .= DIRECTORY_SEPARATOR; } return $source; } /** * Loads a framework module * * @param string Name of the framework file to load * @param string Internal variable to initialize as; to not instantiate (just require) leave it as NULL * @param bool Globalize the internal variable? * * @return object Instantiated instance */ function &load($framework, $asobject, $globalize = false) { // set the object interlock if (!method_exists($GLOBALS['isso:null-framework'], 'load')) { $GLOBALS['isso:null-framework'] =& $this; } if ($this->is_loaded($framework)) { return $this->modules["$framework"]; } if ($this->sourcepath == '') { trigger_error('Invalid sourcepath specified', E_USER_ERROR); } if (file_exists($this->sourcepath . $framework . '.php')) { require_once($this->sourcepath . $framework . '.php'); } else { trigger_error('Could not find the framework ' . $this->sourcepath . $framework . '.php', E_USER_ERROR); } if ($asobject === null) { return; } if (isset($this->$asobject)) { trigger_error('Cannot instantiate framework `' . $framework . '` into `' . $asobject . '`', E_USER_ERROR); } $this->$asobject = new $framework($this); $this->modules["$framework"] =& $this->$asobject; if ($globalize) { $GLOBALS["$asobject"] =& $this->$asobject; } return $this->$asobject; } /** * Prints a list of all currently loaded framework modules * * @param bool Return the data as an array? * * @return mixed HTML output or an array of loaded modules */ function show_modules($return = false) { foreach ($this->modules AS $object) { $modules[] = get_class($object); } if ($return) { return $modules; } else { $output = "\n\n\n\n"; $this->message('Loaded Modules', $output, 1); } } /** * Verifies to see if a framework has been loaded * * @param string Framework name * * @return bool Whether or not the framework has been loaded */ function is_loaded($framework) { if (isset($this->modules["$framework"])) { return true; } else { return false; } } /** * Prints an ISSO message * * @param string The title of the message * @param string The content of the message * @param integer Type of message to be printed * @param bool Return the output? * @param bool Show the debug stack? * * @return mixed Output or null */ function message($title, $message, $type, $return = false, $stack = true) { switch ($type) { // Message case 1: $prefix = 'Message'; $color = '#669900'; $font = '#000000'; break; // Warning case 2: $prefix = 'Warning'; $color = '#003399'; $font = '#FFFFFF'; break; case 3: $prefix = 'Error'; $color = '#990000'; $font = '#EFEFEF'; break; } $backtrace = debug_backtrace(); unset($backtrace[0]); $output = "\n
\n"; $output .= "\n\n\t\n"; $output .= "\n\n\t\n"; $output .= (($stack AND $GLOBALS['isso:null-framework']->debug) ? "\n\n\t\n" : ''); $output .= "\n
$prefix: $title
$message
Debug Stack:
" . print_r($backtrace, true) . "
\n
\n"; if ($return) { return $output; } else { print($output); } } /** * Custom error handler for ISSO * We only handle E_WARNING, E_NOTICE, E_USER_ERROR, E_USER_WARNING, E_USER_NOTICE * * @param integer Error number * @param string Error message string * @param string File that contains the error * @param string The line number of the error * @param string The active symbol table at which point the error occurred */ function _error_handler($errno, $errstr, $errfile, $errline) { switch ($errno) { // Fatal case E_USER_ERROR: $title = 'Fatal'; $level = 3; if (!(ini_get('error_reporting') & E_USER_ERROR)) { return; } break; // Error case E_USER_WARNING: $title = 'Warning'; $level = 2; if (!(ini_get('error_reporting') & E_USER_WARNING) AND !(ini_get('error_reporting') & E_WARNING)) { return; } break; // Warning case E_USER_NOTICE: default: $title = 'Notice'; $level = 1; if (!(ini_get('error_reporting') & E_USER_NOTICE) AND !(ini_get('error_reporting') & E_NOTICE)) { return; } break; } $errfile = str_replace(array(getcwd(), dirname(getcwd())), '', $errfile); $errstr .= " in $errfile on line $errline"; $this->message($title, $errstr, $level); if ($errno == E_USER_ERROR) { exit; } } /** * Creates a table that explains the error reporting levels and their sate */ function explain_error_reporting() { $levels = array( 'E_ERROR' => E_ERROR, 'E_WARNING' => E_WARNING, 'E_PARSE' => E_PARSE, 'E_NOTICE' => E_NOTICE, 'E_CORE_ERROR' => E_CORE_ERROR, 'E_CORE_WARNING' => E_CORE_WARNING, 'E_COMPILE_ERROR' => 64, 'E_COMPILE_WARNING' => 128, 'E_USER_ERROR' => E_USER_ERROR, 'E_USER_WARNING' => E_USER_WARNING, 'E_USER_NOTICE' => E_USER_NOTICE, 'E_ALL' => E_ALL, 'E_STRICT' => 2048 ); $table = ''; foreach ($levels AS $name => $value) { $table .= ' '; } $table .= '
' . $name . ' ' . (ini_get('error_reporting') & $value) . '
'; $this->message('Error Reporting', $table, 1); } /** * Logs a debug message for verbose output * * @param string Message */ function debug($message) { $this->debuginfo[] = $message; } /** * Recursive XSS cleaner * * @param mixed Unsanitized REQUEST data * * @return mixed Sanitized data */ function _sanitize_input_recursive($data) { foreach ($data AS $key => $value) { if (is_array($value)) { $data["$key"] = $this->_sanitize_input_recursive($value); } else { if ($this->escapestrings) { $data["$key"] = $this->escape($this->sanitize($value), false, false); } else { $data["$key"] = $this->sanitize($value); } } } return $data; } /** * Simple way to protect against HTML attacks with Unicode support * * @param string Unsanitzed text * * @return string Properly protected text that only encodes potential threats */ function sanitize($text) { if ($this->magicquotes) { return str_replace(array('<', '>', '\"', '"'), array('<', '>', '"', '"'), $text); } else { return str_replace(array('<', '>', '"'), array('<', '>', '"'), $text); } } /** * Unicode-safe entity encoding system; similar to sanitize() * * @param string Unsanitized text * * @return string Unicode-safe sanitized text with entities preserved */ function entity_encode($text) { $text = str_replace('&', '&', $text); $text = $this->sanitize($text); return $text; } /** * Takes text that has been processed for HTML and unsanitizes it * * @param string Text that needs to be turned back into HTML * @param bool Force magicquotes off * * @return string Unsanitized text */ function unsanitize($text, $force = false) { if ($this->magicquotes AND !$force) { return str_replace(array('<', '>', '"'), array('<', '>', '\"'), $text); } else { return str_replace(array('<', '>', '"'), array('<', '>', '"'), $text); } } /** * Smart addslashes() that only applies itself it the Magic Quotes GPC is off * * @param string Some string * @param bool If the data is binary; if so it'll be run through DB::escape_stringing() * @param bool Force magic quotes to be off * * @return string String that has slashes added */ function escape($str, $binary = false, $force = true) { if ($this->magicquotes AND !$force) { if (isset($this->db) AND $binary) { if (is_resource($this->db->link_id)) { return $this->db->escape_string(stripslashes($str)); } } return $str; } else { if (isset($this->db) AND $binary) { if (is_resource($this->db->link_id)) { return $this->db->escape_string($str); } } return addslashes($str); } } /** * Runs through all of the input data and sanitizes it. */ function exec_sanitize_data() { $this->in = $this->_sanitize_input_recursive(array_merge($_GET, $_POST, $_COOKIE)); // we're now using magic quotes if ($this->escapestrings) { $this->magicquotes = 1; } } /** * Sanitize function for something other than a string (which everything is sanitized for if you use exec_sanitize_data(). * Cleaned data is placed back into $isso->in; this makes it so you don't have to constantly intval() [etc.] data * * @param array Array of elements to clean as varname => type */ function input_clean_array($vars) { foreach ($vars AS $varname => $type) { $this->input_clean($varname, $type); } } /** * Sanitize function that does a single variable as oppoesd to an array (see input_clean_array() for more details) * * @param string Variable name in $isso->in[] * @param integer Sanitization type constant */ function input_clean($varname, $type) { if (isset($this->in["$varname"])) { $this->in["$varname"] = $this->clean($this->in["$varname"], $type); } else { $this->in["$varname"] = null; } } /** * Cleaning function that does the work for input_clean(); this is moved here so it can be used to clean things that aren't in $isso->in[] * * @param mixed Data * @param integer Sanitization type constant * * @return mixed Cleaned data */ function clean($value, $type) { if ($type == TYPE_INT) { $value = intval($value); } else if ($type == TYPE_UINT) { $value = abs(intval($value)); } else if ($type == TYPE_FLOAT) { $value = floatval($value); } else if ($type == TYPE_BOOL) { $value = (bool)$value; } else if ($type == TYPE_STR) { if (!$this->escapestrings) { $value = $this->escape($value); } } else if ($type == TYPE_STRUN) { $value = $this->unsanitize($value); } else if ($type == TYPE_NOCLEAN) { if ($this->escapestrings) { $value = $this->escape($value); } } else { trigger_error('Invalid clean type `' . $type . '` specified', E_USER_ERROR); } return $value; } /** * Checks to see if a POST refer is actually from us */ function exec_referer_check() { if ($_SERVER['REQUEST_METHOD'] == 'POST') { $host = ($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_ENV['HTTP_HOST']; if ($host AND $_SERVER['HTTP_REFERER']) { $parts = parse_url($_SERVER['HTTP_REFERER']); $ourhost = $parts['host'] . (($parts['port']) ? ":$parts[port]" : ''); if ($ourhost != $host) { trigger_error('No external hosts are allowed to POST to this application', E_USER_ERROR); } $this->debug('remote post check = ok'); } else { $this->debug('remote post check = FAILED'); } } } } /*=====================================================================*\ || ################################################################### || # $HeadURL$ || # $Id$ || ################################################################### \*=====================================================================*/ ?>