Subversion Repositories oidplus

Rev

Rev 467 | Rev 480 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
2 daniel-mar 1 
<?php
2 
 
3 
/*
4 
 * OIDplus 2.0
5 
 * Copyright 2019 Daniel Marschall, ViaThinkSoft
6 
 *
7 
 * Licensed under the Apache License, Version 2.0 (the "License");
8 
 * you may not use this file except in compliance with the License.
9 
 * You may obtain a copy of the License at
10 
 *
11 
 *     http://www.apache.org/licenses/LICENSE-2.0
12 
 *
13 
 * Unless required by applicable law or agreed to in writing, software
14 
 * distributed under the License is distributed on an "AS IS" BASIS,
15 
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 
 * See the License for the specific language governing permissions and
17 
 * limitations under the License.
18 
 */
19 
 
236 daniel-mar 20 
// Before we do ANYTHING, check for dependencies! Do not include anything (except the GMP supplement) yet.
21 
 
463 daniel-mar 22 
require_once __DIR__ . '/functions.inc.php'; // Required for _L()
23 
 
236 daniel-mar 24 
if (version_compare(PHP_VERSION, '7.0.0') < 0) {
25 
        // Reasons why we currently require PHP 7.0:
26 
        // - Return values (e.g. "function foo(): array") (added 2020-04-06 at the database classes)
27 
        //   Note: By removing these return values (e.g. removing ": array"), you *might* be
28 
        //   able to run OIDplus with PHP lower than version 7.0 (not tested)
29 
        //
269 daniel-mar 30 
        // Currently we do NOT require 7.1, because some (old-)stable distros are still using PHP 7.0
31 
        // (e.g. Debian 9 which has LTS support till May 2022).
32 
        // Therefore we commented out following features which would require PHP 7.1:
236 daniel-mar 33 
        // - Nullable return values (e.g. "function foo(): ?array")
464 daniel-mar 34 
        // - void return value (e.g. "function foo(): void")
35 
        // - private/protected/public consts
463 daniel-mar 36 
        echo '<!DOCTYPE HTML>';
37 
        echo '<html><head><title>'._L('OIDplus error').'</title></head><body>';
360 daniel-mar 38 
        echo '<h1>'._L('OIDplus error').'</h1>';
39 
        echo '<p>'._L('OIDplus requires at least PHP version %1! You are currently using version %2','7.0',PHP_VERSION).'</p>'."\n";
463 daniel-mar 40 
        echo '</body></html>';
236 daniel-mar 41 
        die();
42 
}
43 
 
44 
include_once __DIR__ . '/gmp_supplement.inc.php';
467 daniel-mar 45 
include_once __DIR__ . '/mbstring_supplement.inc.php';
236 daniel-mar 46 
 
463 daniel-mar 47 
require_once __DIR__ . '/oidplus_dependency.inc.php';
236 daniel-mar 48 
 
463 daniel-mar 49 
$missing_dependencies = oidplus_get_missing_dependencies();
236 daniel-mar 50 
 
51 
if (count($missing_dependencies) >= 1) {
463 daniel-mar 52 
        echo '<!DOCTYPE HTML>';
53 
        echo '<html><head><title>'._L('OIDplus error').'</title></head><body>';
360 daniel-mar 54 
        echo '<h1>'._L('OIDplus error').'</h1>';
55 
        echo '<p>'._L('The following PHP extensions need to be installed in order to run OIDplus:').'</p>';
236 daniel-mar 56 
        echo '<ul>';
57 
        foreach ($missing_dependencies as $dependency) {
463 daniel-mar 58 
                echo '<li>'.$dependency.'<br><br></li>';
236 daniel-mar 59 
        }
60 
        echo '</ul>';
463 daniel-mar 61 
        echo '</body></html>';
236 daniel-mar 62 
        die();
63 
}
64 
 
65 
unset($missing_dependencies);
66 
 
67 
// Now we can continue!
68 
 
444 daniel-mar 69 
if (PHP_SAPI != 'cli') {
476 daniel-mar 70 
        // TODO: Plugins should be able to extend CSP
50 daniel-mar 71 
        header('X-Content-Type-Options: nosniff');
72 
        header('X-XSS-Protection: 1; mode=block');
178 daniel-mar 73 
        header("Content-Security-Policy: default-src 'self' blob: https://fonts.gstatic.com https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/; ".
50 daniel-mar 74 
               "style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/; ".
476 daniel-mar 75 
               "img-src blob: data: http: https:; ".
160 daniel-mar 76 
               "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://polyfill.io/; ".
50 daniel-mar 77 
               "frame-ancestors 'none'; ".
78 
               "object-src 'none'");
79 
        header('X-Frame-Options: SAMEORIGIN');
80 
        header('Referrer-Policy: no-referrer-when-downgrade');
81 
}
2 daniel-mar 82 
 
419 daniel-mar 83 
require_once __DIR__ . '/../3p/0xbb/Sha3.php';
2 daniel-mar 84 
 
85 
require_once __DIR__ . '/oid_utils.inc.php';
16 daniel-mar 86 
require_once __DIR__ . '/uuid_utils.inc.php';
286 daniel-mar 87 
require_once __DIR__ . '/color_utils.inc.php';
17 daniel-mar 88 
require_once __DIR__ . '/ipv4_functions.inc.php';
89 
require_once __DIR__ . '/ipv6_functions.inc.php';
12 daniel-mar 90 
require_once __DIR__ . '/anti_xss.inc.php';
2 daniel-mar 91 
 
444 daniel-mar 92 
if (PHP_SAPI != 'cli') {
315 daniel-mar 93 
        if (!file_exists(__DIR__ . '/../3p/vts_vnag/vnag_framework.inc.php')) {
94 
                // This can happen if WebSVN did not catch the external SVN repository right
95 
                // If WebSVN was the reason, then we are safe to assume that writing is possible
466 daniel-mar 96 
                // Also, if OIDplus was checked out via GitHub (not recommended),
97 
                // then the external SVN repositories are not included, so this will get
98 
                // the third party scripts.
315 daniel-mar 99 
                @mkdir(__DIR__ . '/../3p/vts_vnag');
100 
                @file_put_contents(__DIR__ . '/../3p/vts_vnag/vnag_framework.inc.php', file_get_contents('https://svn.viathinksoft.com/svn/vnag/trunk/framework/vnag_framework.inc.php'));
101 
        }
310 daniel-mar 102 
        include_once __DIR__ . '/../3p/vts_vnag/vnag_framework.inc.php';
260 daniel-mar 103 
}
315 daniel-mar 104 
 
105 
if (!file_exists(__DIR__ . '/../3p/vts_fileformats/VtsFileTypeDetect.class.php')) {
106 
        // This can happen if WebSVN did not catch the external SVN repository right
107 
        // If WebSVN was the reason, then we are safe to assume that writing is possible
466 daniel-mar 108 
        // Also, if OIDplus was checked out via GitHub (not recommended),
109 
        // then the external SVN repositories are not included, so this will get
110 
        // the third party scripts.
315 daniel-mar 111 
        @mkdir(__DIR__ . '/../3p/vts_fileformats');
112 
        foreach (array('VtsFileTypeDetect.class.php', 'filetypes.conf', 'mimetype_lookup.inc.php') as $file) {
113 
                @file_put_contents(__DIR__ . '/../3p/vts_fileformats/'.$file, file_get_contents('https://svn.viathinksoft.com/svn/fileformats/trunk/'.$file));
114 
        }
115 
}
310 daniel-mar 116 
include_once __DIR__ . '/../3p/vts_fileformats/VtsFileTypeDetect.class.php';
260 daniel-mar 117 
 
2 daniel-mar 118 
// ---
119 
 
229 daniel-mar 120 
spl_autoload_register(function ($class_name) {
444 daniel-mar 121 
        static $class_refs = null;
122 
 
123 
        if (is_null($class_refs)) {
124 
                $class_refs = array();
125 
 
445 daniel-mar 126 
                $class_files = array_merge(
444 daniel-mar 127 
                        glob(__DIR__ . '/classes/'.'*'.'.class.php'),
128 
                        glob(__DIR__ . '/../plugins/'.'*'.'/'.'*'.'/'.'*'.'.class.php')
129 
                );
445 daniel-mar 130 
                foreach ($class_files as $filename) {
131 
                        $cn = basename($filename, '.class.php');
132 
                        if (!isset($class_refs[$cn])) {
133 
                                $class_refs[$cn] = $filename;
134 
                        }
444 daniel-mar 135 
                }
277 daniel-mar 136 
        }
444 daniel-mar 137 
 
138 
        if (isset($class_refs[$class_name])) {
139 
                require_once $class_refs[$class_name];
140 
        }
419 daniel-mar 141 
});