/trunk/INSTALL |
---|
0,0 → 1,8 |
To use this solution, add |
auto_prepend_file=/..../php_auto_pre.php |
to a file located in |
/etc/php/7.0/mods-enabled/ |
copy includes/config.dist.php to includes/config.local.php and edit it to your needs |
/trunk/LICENSE |
---|
0,0 → 1,202 |
Apache License |
Version 2.0, January 2004 |
http://www.apache.org/licenses/ |
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION |
1. Definitions. |
"License" shall mean the terms and conditions for use, reproduction, |
and distribution as defined by Sections 1 through 9 of this document. |
"Licensor" shall mean the copyright owner or entity authorized by |
the copyright owner that is granting the License. |
"Legal Entity" shall mean the union of the acting entity and all |
other entities that control, are controlled by, or are under common |
control with that entity. For the purposes of this definition, |
"control" means (i) the power, direct or indirect, to cause the |
direction or management of such entity, whether by contract or |
otherwise, or (ii) ownership of fifty percent (50%) or more of the |
outstanding shares, or (iii) beneficial ownership of such entity. |
"You" (or "Your") shall mean an individual or Legal Entity |
exercising permissions granted by this License. |
"Source" form shall mean the preferred form for making modifications, |
including but not limited to software source code, documentation |
source, and configuration files. |
"Object" form shall mean any form resulting from mechanical |
transformation or translation of a Source form, including but |
not limited to compiled object code, generated documentation, |
and conversions to other media types. |
"Work" shall mean the work of authorship, whether in Source or |
Object form, made available under the License, as indicated by a |
copyright notice that is included in or attached to the work |
(an example is provided in the Appendix below). |
"Derivative Works" shall mean any work, whether in Source or Object |
form, that is based on (or derived from) the Work and for which the |
editorial revisions, annotations, elaborations, or other modifications |
represent, as a whole, an original work of authorship. For the purposes |
of this License, Derivative Works shall not include works that remain |
separable from, or merely link (or bind by name) to the interfaces of, |
the Work and Derivative Works thereof. |
"Contribution" shall mean any work of authorship, including |
the original version of the Work and any modifications or additions |
to that Work or Derivative Works thereof, that is intentionally |
submitted to Licensor for inclusion in the Work by the copyright owner |
or by an individual or Legal Entity authorized to submit on behalf of |
the copyright owner. For the purposes of this definition, "submitted" |
means any form of electronic, verbal, or written communication sent |
to the Licensor or its representatives, including but not limited to |
communication on electronic mailing lists, source code control systems, |
and issue tracking systems that are managed by, or on behalf of, the |
Licensor for the purpose of discussing and improving the Work, but |
excluding communication that is conspicuously marked or otherwise |
designated in writing by the copyright owner as "Not a Contribution." |
"Contributor" shall mean Licensor and any individual or Legal Entity |
on behalf of whom a Contribution has been received by Licensor and |
subsequently incorporated within the Work. |
2. Grant of Copyright License. Subject to the terms and conditions of |
this License, each Contributor hereby grants to You a perpetual, |
worldwide, non-exclusive, no-charge, royalty-free, irrevocable |
copyright license to reproduce, prepare Derivative Works of, |
publicly display, publicly perform, sublicense, and distribute the |
Work and such Derivative Works in Source or Object form. |
3. Grant of Patent License. Subject to the terms and conditions of |
this License, each Contributor hereby grants to You a perpetual, |
worldwide, non-exclusive, no-charge, royalty-free, irrevocable |
(except as stated in this section) patent license to make, have made, |
use, offer to sell, sell, import, and otherwise transfer the Work, |
where such license applies only to those patent claims licensable |
by such Contributor that are necessarily infringed by their |
Contribution(s) alone or by combination of their Contribution(s) |
with the Work to which such Contribution(s) was submitted. If You |
institute patent litigation against any entity (including a |
cross-claim or counterclaim in a lawsuit) alleging that the Work |
or a Contribution incorporated within the Work constitutes direct |
or contributory patent infringement, then any patent licenses |
granted to You under this License for that Work shall terminate |
as of the date such litigation is filed. |
4. Redistribution. You may reproduce and distribute copies of the |
Work or Derivative Works thereof in any medium, with or without |
modifications, and in Source or Object form, provided that You |
meet the following conditions: |
(a) You must give any other recipients of the Work or |
Derivative Works a copy of this License; and |
(b) You must cause any modified files to carry prominent notices |
stating that You changed the files; and |
(c) You must retain, in the Source form of any Derivative Works |
that You distribute, all copyright, patent, trademark, and |
attribution notices from the Source form of the Work, |
excluding those notices that do not pertain to any part of |
the Derivative Works; and |
(d) If the Work includes a "NOTICE" text file as part of its |
distribution, then any Derivative Works that You distribute must |
include a readable copy of the attribution notices contained |
within such NOTICE file, excluding those notices that do not |
pertain to any part of the Derivative Works, in at least one |
of the following places: within a NOTICE text file distributed |
as part of the Derivative Works; within the Source form or |
documentation, if provided along with the Derivative Works; or, |
within a display generated by the Derivative Works, if and |
wherever such third-party notices normally appear. The contents |
of the NOTICE file are for informational purposes only and |
do not modify the License. You may add Your own attribution |
notices within Derivative Works that You distribute, alongside |
or as an addendum to the NOTICE text from the Work, provided |
that such additional attribution notices cannot be construed |
as modifying the License. |
You may add Your own copyright statement to Your modifications and |
may provide additional or different license terms and conditions |
for use, reproduction, or distribution of Your modifications, or |
for any such Derivative Works as a whole, provided Your use, |
reproduction, and distribution of the Work otherwise complies with |
the conditions stated in this License. |
5. Submission of Contributions. Unless You explicitly state otherwise, |
any Contribution intentionally submitted for inclusion in the Work |
by You to the Licensor shall be under the terms and conditions of |
this License, without any additional terms or conditions. |
Notwithstanding the above, nothing herein shall supersede or modify |
the terms of any separate license agreement you may have executed |
with Licensor regarding such Contributions. |
6. Trademarks. This License does not grant permission to use the trade |
names, trademarks, service marks, or product names of the Licensor, |
except as required for reasonable and customary use in describing the |
origin of the Work and reproducing the content of the NOTICE file. |
7. Disclaimer of Warranty. Unless required by applicable law or |
agreed to in writing, Licensor provides the Work (and each |
Contributor provides its Contributions) on an "AS IS" BASIS, |
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
implied, including, without limitation, any warranties or conditions |
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A |
PARTICULAR PURPOSE. You are solely responsible for determining the |
appropriateness of using or redistributing the Work and assume any |
risks associated with Your exercise of permissions under this License. |
8. Limitation of Liability. In no event and under no legal theory, |
whether in tort (including negligence), contract, or otherwise, |
unless required by applicable law (such as deliberate and grossly |
negligent acts) or agreed to in writing, shall any Contributor be |
liable to You for damages, including any direct, indirect, special, |
incidental, or consequential damages of any character arising as a |
result of this License or out of the use or inability to use the |
Work (including but not limited to damages for loss of goodwill, |
work stoppage, computer failure or malfunction, or any and all |
other commercial damages or losses), even if such Contributor |
has been advised of the possibility of such damages. |
9. Accepting Warranty or Additional Liability. While redistributing |
the Work or Derivative Works thereof, You may choose to offer, |
and charge a fee for, acceptance of support, warranty, indemnity, |
or other liability obligations and/or rights consistent with this |
License. However, in accepting such obligations, You may act only |
on Your own behalf and on Your sole responsibility, not on behalf |
of any other Contributor, and only if You agree to indemnify, |
defend, and hold each Contributor harmless for any liability |
incurred by, or claims asserted against, such Contributor by reason |
of your accepting any such warranty or additional liability. |
END OF TERMS AND CONDITIONS |
APPENDIX: How to apply the Apache License to your work. |
To apply the Apache License to your work, attach the following |
boilerplate notice, with the fields enclosed by brackets "[]" |
replaced with your own identifying information. (Don't include |
the brackets!) The text should be enclosed in the appropriate |
comment syntax for the file format. We also recommend that a |
file or class name and description of purpose be included on the |
same "printed page" as the copyright notice for easier |
identification within third-party archives. |
Copyright 2018 Daniel Marschall, ViaThinkSoft |
Licensed under the Apache License, Version 2.0 (the "License"); |
you may not use this file except in compliance with the License. |
You may obtain a copy of the License at |
http://www.apache.org/licenses/LICENSE-2.0 |
Unless required by applicable law or agreed to in writing, software |
distributed under the License is distributed on an "AS IS" BASIS, |
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
See the License for the specific language governing permissions and |
limitations under the License. |
/trunk/README.md |
---|
0,0 → 1,11 |
# PHP prepend scripts for compatibility |
This package contains php functions for backwards compatibility, which can be included as "prepend" script - this means, that all PHP scripts (called via Apache, CLI etc.) include these scripts and therefore offer the backwards compatibility functions. |
Currently, the pack contains following units: |
- Replacement of mysql-functions with PHP 7 |
- Replacement of register_globals |
- Replacement for ereg-functions and split-functions |
- Small (weak) XSS WAF |
If you need `htmlentities()`, `htmlspecialchars()` or `html_entity_decode()` with old semantics, you can download compatibility functions [url=https://misc.daniel-marschall.de/code/php/php_utils/htmlentities_compat.inc.php]here[/url] |
Property changes: |
Added: svn:mime-type |
+text/markdown |
\ No newline at end of property |
/trunk/config.dist.php |
---|
0,0 → 1,34 |
<?php |
// PLEASE DO NOT EDIT THIS FILE! |
// INSTEAD, COPY IT TO config.local.php AND THEN EDIT IT |
// Add directories which need mysql_* methods (plugin 001) |
// Add '!' in front of a dir to exclude the directory instead of including it |
$xxx_vts_prepend_config['directories_need_mysql'] = array( |
'/' |
); |
// Add directories which need register globals (plugin 002) |
// Add '!' in front of a dir to exclude the directory instead of including it |
$xxx_vts_prepend_config['directories_need_registerglobals'] = array( |
# '/home/user1/', |
# '!/home/user1/secure/', |
# '/home/user2/' |
); |
// Add directories which need ereg_* methods (plugin 003) |
// Add '!' in front of a dir to exclude the directory instead of including it |
$xxx_vts_prepend_config['directories_need_ereg'] = array( |
# '/home/user1/', |
# '!/home/user1/secure/', |
# '/home/user2/' |
); |
// Add directories which are protected with a (weak) XSS WAF (plugin 004) |
// Add '!' in front of a dir to exclude the directory instead of including it |
$xxx_vts_prepend_config['directories_need_anti_xss'] = array( |
# '/home/user1/', |
# '!/home/user1/secure/', |
# '/home/user2/' |
); |
/trunk/php_auto_pre/001-mysql_replacement.php |
---|
0,0 → 1,469 |
<?php |
// TODO: test everything |
// TODO: return values? |
// TODO: check if we matched all stuff mentioned here: https://www.phpclasses.org/blog/package/9199/post/3-Smoothly-Migrate-your-PHP-Code-using-the-Old-MySQL-extension-to-MySQLi.html |
// TODO: translate descriptions to english |
$xxx_vts_prepend_config = array(); |
if (file_exists($xxx_vts_prepend_config_file = __DIR__.'/../config.local.php')) include $xxx_vts_prepend_config_file; |
unset($xxx_vts_prepend_config_file); |
$xxx_directories_need_mysql = $xxx_vts_prepend_config['directories_need_mysql'] ?? array(); /* @phpstan-ignore-line */ |
unset($xxx_vts_prepend_config); |
$xxx_go = false; |
foreach ($xxx_directories_need_mysql as $xxx_directory_need_mysql) { /* @phpstan-ignore-line */ |
if ($xxx_negate = (substr($xxx_directory_need_mysql,0,1) === '!')) { |
$xxx_directory_need_mysql = substr($xxx_directory_need_mysql,1); |
} |
if (strpos($_SERVER['SCRIPT_FILENAME']??'', $xxx_directory_need_mysql) === 0) { |
$xxx_go = !$xxx_negate; |
} |
if (strpos(rtrim($_SERVER['PWD']??'',DIRECTORY_SEPARATOR), rtrim($xxx_directory_need_mysql,DIRECTORY_SEPARATOR)) === 0) { |
$xxx_go = !$xxx_negate; |
} |
unset($xxx_negate); |
} |
unset($xxx_directories_need_mysql); |
unset($xxx_directory_need_mysql); |
if ($xxx_go && !function_exists('mysql_connect')) { /* @phpstan-ignore-line */ |
$vts_mysqli = null; |
$vts_mysqli_report_set_once = false; |
// Liefert die Anzahl betroffener Datensätze einer vorhergehenden MySQL Operation |
function mysql_affected_rows($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_affected_rows(). No valid connection to server."); |
return $li->affected_rows; |
} |
// Liefert den Namen des Zeichensatzes |
function mysql_client_encoding($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_client_encoding(). No valid connection to server."); |
return $li->character_set_name(); |
} |
// Schließt eine Verbindung zu MySQL |
function mysql_close($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_close(). No valid connection to server."); |
return $li->close(); |
} |
// Öffnet eine Verbindung zu einem MySQL-Server |
function mysql_connect($server=null, $username=null, $password=null, $new_link=false, $client_flags=0) { |
global $vts_mysqli; |
global $vts_mysqli_report_set_once; |
$ary = explode(':', $server); |
$host = $ary[0]; |
$ini_port = ini_get("mysqli.default_port"); |
$port = isset($ary[1]) ? (int)$ary[1] : ($ini_port ? (int)$ini_port : 3306); |
if (is_null($server)) $port = ini_get("mysqli.default_host"); |
if (is_null($username)) $port = ini_get("mysqli.default_user"); |
if (is_null($password)) $port = ini_get("mysqli.default_password"); |
$vts_mysqli = new mysqli($host, $username, $password, /*dbname*/'', $port, ini_get("mysqli.default_socket")); |
if (!$vts_mysqli_report_set_once) { |
mysqli_report(MYSQLI_REPORT_OFF); // PHP <8.1 compatibility |
$vts_mysqli_report_set_once = true; |
} |
return (empty($vts_mysqli->connect_error) && ($vts_mysqli->connect_errno == 0)) ? $vts_mysqli : false; |
} |
// Anlegen einer MySQL-Datenbank |
function mysql_create_db($database_name, $link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_create_db(). No valid connection to server."); |
return mysql_query("CREATE DATABASE `$database_name`", $li) !== false; |
} |
// Bewegt den internen Ergebnis-Zeiger |
function mysql_data_seek($result, $row_number) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_data_seek() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->data_seek($row_number) !== false; |
} |
// Liefert Schema Namen vom Aufruf von mysql_list_dbs |
function mysql_db_name($result, $row, $field=NULL) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_db_name() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
$result->data_seek($row); |
return mysql_fetch_array($result)[is_null($field) ? 0 : $field]; |
} |
// Selektiert ein Schema und führt in ihm Anfrage aus |
function mysql_db_query($database, $query, $link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_db_query(). No valid connection to server."); |
mysql_select_db($database, $li); |
return mysql_query($query, $li); |
// Note: The mysql_*() implementation defines, that we will not jump back to our original DB |
} |
// Löschen eines Schemas |
function mysql_drop_db($database_name, $link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_drop_db(). No valid connection to server."); |
return mysql_query("DROP DATABASE `$database_name`", $li) !== false; |
} |
// Liefert die Nummer einer Fehlermeldung einer zuvor ausgeführten MySQL Operation |
function mysql_errno($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_errno(). No valid connection to server."); |
return !empty($li->connect_errno) ? $li->connect_errno : $li->errno; |
} |
// Liefert den Fehlertext der zuvor ausgeführten MySQL Operation |
function mysql_error($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_error(). No valid connection to server."); |
return !empty($li->connect_error) ? $li->connect_error : $li->error; |
} |
// Maskiert einen String zur Benutzung in einer MySQL Abfrage |
function mysql_escape_string($unescaped_string) { |
global $vts_mysqli; |
return $vts_mysqli->real_escape_string($unescaped_string); |
} |
// Liefert einen Datensatz als assoziatives Array, als numerisches Array oder beides |
define('MYSQL_ASSOC', MYSQLI_ASSOC); |
define('MYSQL_NUM', MYSQLI_NUM); |
define('MYSQL_BOTH', MYSQLI_BOTH); |
function mysql_fetch_array($result, $result_type=MYSQL_BOTH) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_fetch_array() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->fetch_array($result_type); |
} |
// Liefert einen Datensatz als assoziatives Array |
function mysql_fetch_assoc($result) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_fetch_assoc() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->fetch_assoc(); |
} |
// Liefert ein Objekt mit Feldinformationen aus einem Anfrageergebnis |
function mysql_fetch_field($result, $field_offset=0) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_fetch_field() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->fetch_field(); |
} |
// Liefert die Länge eines jeden Feldes in einem Ergebnis |
function mysql_fetch_lengths($result) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_fetch_lengths() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->lengths; |
} |
// Liefert eine Ergebniszeile als Objekt |
function mysql_fetch_object($result, $class_name="stdClass", $params=null) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_fetch_object() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
if ($params) { |
return $result->fetch_object($class_name, $params); |
} else { |
return $result->fetch_object($class_name); |
} |
} |
// Liefert einen Datensatz als indiziertes Array |
function mysql_fetch_row($result) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_fetch_row() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->fetch_row(); |
} |
// Liefert die Flags des spezifizierten Feldes in einem Anfrageergebnis |
function mysql_field_flags($result, $field_offset) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_field_flags() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->fetch_field_direct($field_offset)->flags; |
} |
// Liefert die Länge des angegebenen Feldes |
function mysql_field_len($result, $field_offset) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_field_len() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->fetch_field_direct($field_offset)->length; |
} |
// Liefert den Namen eines Feldes in einem Ergebnis |
function mysql_field_name($result, $field_offset) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_field_name() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->fetch_field_direct($field_offset)->name; //or "orgname" |
} |
// Setzt den Ergebniszeiger auf ein bestimmtes Feldoffset |
function mysql_field_seek($result, $field_offset) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_field_seek() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->field_seek($field_offset); |
} |
// Liefert den Namen der Tabelle, die das genannte Feld enthält |
function mysql_field_table($result, $field_offset) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_field_table() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->fetch_field_direct($field_offset)->table; // or "orgtable" |
} |
// Liefert den Typ des spezifizierten Feldes in einem Ergebnis |
function mysql_field_type($result, $field_offset) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_field_type() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->fetch_field_direct($field_offset)->type; |
} |
// Gibt belegten Speicher wieder frei |
function mysql_free_result($result) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_free_result() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->free(); |
} |
// Liefert MySQL Clientinformationen |
function mysql_get_client_info() { |
global $vts_mysqli; |
return $vts_mysqli->get_client_info(); |
} |
// Liefert MySQL Host Informationen |
function mysql_get_host_info($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_get_host_info(). No valid connection to server."); |
return $li->host_info; |
} |
// Liefert MySQL Protokollinformationen |
function mysql_get_proto_info($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_get_proto_info(). No valid connection to server."); |
return $li->protocol_version; |
} |
// Liefert MySQL Server Informationen |
function mysql_get_server_info($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_get_server_info(). No valid connection to server."); |
return $li->server_info; |
} |
// Liefert Informationen über die zuletzt ausgeführte Anfrage zurück |
function mysql_info($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_info(). No valid connection to server."); |
return $li->info; |
} |
// Liefert die ID, die in der vorherigen Abfrage erzeugt wurde |
function mysql_insert_id($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_insert_id(). No valid connection to server."); |
return $li->insert_id; |
} |
// Auflistung der verfügbaren Datenbanken (Schemata) auf einem MySQL Server |
function mysql_list_dbs($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_list_dbs(). No valid connection to server."); |
return mysql_query('SHOW DATABASES', $li); |
} |
// Listet MySQL Tabellenfelder auf |
function mysql_list_fields($database_name, $table_name, $link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_list_fields(). No valid connection to server."); |
return mysql_query("SHOW COLUMNS FROM `$database_name`.`$table_name`", $li); |
} |
// Zeigt die MySQL Prozesse an |
function mysql_list_processes($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_list_processes(). No valid connection to server."); |
return $li->thread_id; |
} |
// Listet Tabellen in einer MySQL Datenbank auf |
function mysql_list_tables($database, $link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_list_tables(). No valid connection to server."); |
return mysql_query("SHOW TABLES FROM `$database`", $li); |
} |
// Liefert die Anzahl der Felder in einem Ergebnis |
function mysql_num_fields($result) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_num_fields() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
global $vts_mysqli; |
return $vts_mysqli->field_count; |
} |
// Liefert die Anzahl der Zeilen im Ergebnis |
function mysql_num_rows($result) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_num_rows() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
return $result->num_rows; |
} |
// Öffnet eine persistente Verbindung zum MySQL Server |
function mysql_pconnect($server=null, $username=null, $password=null, $client_flags=0) { |
global $vts_mysqli; |
$ary = explode(':', $server); |
$host = $ary[0]; |
$ini_port = ini_get("mysqli.default_port"); |
$port = isset($ary[1]) ? (int)$ary[1] : ($ini_port ? (int)$ini_port : 3306); |
if (is_null($server)) $port = ini_get("mysqli.default_host"); |
if (is_null($username)) $port = ini_get("mysqli.default_user"); |
if (is_null($password)) $port = ini_get("mysqli.default_password"); |
$vts_mysqli = new mysqli('p:'.$host, $username, $password, /*dbname*/'', $port, ini_get("mysqli.default_socket")); |
return (empty($vts_mysqli->connect_error) && ($vts_mysqli->connect_errno == 0)) ? $vts_mysqli : false; |
} |
// Ping a server connection or reconnect if there is no connection |
function mysql_ping($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_ping(). No valid connection to server."); |
return $li->ping(); |
} |
// Sendet eine Anfrage an MySQL |
function mysql_query($query, $link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_query(). No valid connection to server."); |
return $li->query($query, $resultmode=MYSQLI_STORE_RESULT); |
} |
// Maskiert spezielle Zeichen innerhalb eines Strings für die Verwendung in einer SQL-Anweisung |
function mysql_real_escape_string($unescaped_string, $link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_real_escape_string(). No valid connection to server."); |
return $li->escape_string($unescaped_string); |
} |
// Liefert Ergebnis |
function mysql_result($result, $row, $field=0) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_result() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
$result->data_seek($row); |
return mysql_fetch_array($result)[$field]; |
} |
// Auswahl einer MySQL Datenbank |
function mysql_select_db($database_name, $link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_select_db(). No valid connection to server."); |
return $li->select_db($database_name); |
} |
// Setzt den Verbindungszeichensatz |
function mysql_set_charset($charset, $link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_set_charset(). No valid connection to server."); |
return $li->set_charset($charset); |
} |
// Zeigt den momentanen Serverstatus an |
function mysql_stat($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_stat(). No valid connection to server."); |
return $li->stat(); |
} |
// Liefert den Namen einer Tabelle |
function mysql_tablename($result, $i) { |
if (!$result) { |
$err = mysql_error(); |
throw new Exception("Called mysql_tablename() with an erroneous argument.".($err == '' ? '' : " Possible cause: $err")); |
} |
$result->data_seek($i); |
return mysql_fetch_array($result)[0]; |
} |
// Zeigt die aktuelle Thread ID an |
function mysql_thread_id($link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_thread_id(). No valid connection to server."); |
return $li->thread_id; |
} |
// Sendet eine SQL Anfrage an MySQL, ohne Ergebniszeilen abzuholen und zu puffern |
function mysql_unbuffered_query($query, $link_identifier=NULL) { |
global $vts_mysqli; |
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier; |
if (is_null($li)) throw new Exception("Cannot execute mysql_unbuffered_query(). No valid connection to server."); |
// http://php.net/manual/de/mysqlinfo.concepts.buffering.php |
// https://stackoverflow.com/questions/1982016/unbuffered-query-with-mysqli?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa |
$li->real_query($query); |
$li->use_result(); |
} |
} |
unset($xxx_directories_need_mysql); |
unset($xxx_directory_need_mysql); |
/trunk/php_auto_pre/002-register-globals.php |
---|
0,0 → 1,34 |
<?php |
$xxx_vts_prepend_config = array(); |
if (file_exists($xxx_vts_prepend_config_file = __DIR__.'/../config.local.php')) include $xxx_vts_prepend_config_file; |
unset($xxx_vts_prepend_config_file); |
$xxx_directories_need_registerglobals = $xxx_vts_prepend_config['directories_need_registerglobals'] ?? array(); /* @phpstan-ignore-line */ |
unset($xxx_vts_prepend_config); |
$xxx_go = false; |
foreach ($xxx_directories_need_registerglobals as $xxx_directory_need_registerglobals) { /* @phpstan-ignore-line */ |
if ($xxx_negate = (substr($xxx_directory_need_registerglobals,0,1) === '!')) { |
$xxx_directory_need_registerglobals = substr($xxx_directory_need_registerglobals,1); |
} |
if (strpos($_SERVER['SCRIPT_FILENAME']??'', $xxx_directory_need_registerglobals) === 0) { |
$xxx_go = !$xxx_negate; |
} |
if (strpos(rtrim($_SERVER['PWD']??'',DIRECTORY_SEPARATOR), rtrim($xxx_directory_need_registerglobals,DIRECTORY_SEPARATOR)) === 0) { |
$xxx_go = !$xxx_negate; |
} |
unset($xxx_negate); |
} |
unset($xxx_directories_need_registerglobals); |
unset($xxx_directory_need_registerglobals); |
if ($xxx_go) { /* @phpstan-ignore-line */ |
# Warum so viele ___ ? Damit man auf keinen Fall ein GET/POST Argument mit diesen Variablen überschreibt! |
foreach ($_REQUEST as $___key___ => $___val___) { |
global ${$___key___}; |
${$___key___} = $___val___; |
} |
unset($___key___); |
unset($___val___); |
} |
unset($xxx_go); |
/trunk/php_auto_pre/003-ereg-functions.php |
---|
0,0 → 1,79 |
<?php |
$xxx_vts_prepend_config = array(); |
if (file_exists($xxx_vts_prepend_config_file = __DIR__.'/../config.local.php')) include $xxx_vts_prepend_config_file; |
unset($xxx_vts_prepend_config_file); |
$xxx_directories_need_ereg = $xxx_vts_prepend_config['directories_need_ereg'] ?? array(); /* @phpstan-ignore-line */ |
unset($xxx_vts_prepend_config); |
$xxx_go = false; |
foreach ($xxx_directories_need_ereg as $xxx_directory_need_ereg) { /* @phpstan-ignore-line */ |
if ($xxx_negate = (substr($xxx_directory_need_ereg,0,1) === '!')) { |
$xxx_directory_need_ereg = substr($xxx_directory_need_ereg,1); |
} |
if (strpos($_SERVER['SCRIPT_FILENAME']??'', $xxx_directory_need_ereg) === 0) { |
$xxx_go = !$xxx_negate; |
} |
if (strpos(rtrim($_SERVER['PWD']??'',DIRECTORY_SEPARATOR), rtrim($xxx_directory_need_ereg,DIRECTORY_SEPARATOR)) === 0) { |
$xxx_go = !$xxx_negate; |
} |
unset($xxx_negate); |
} |
unset($xxx_directories_need_ereg); |
unset($xxx_directory_need_ereg); |
if ($xxx_go) { /* @phpstan-ignore-line */ |
if (function_exists('ereg') !== true) { |
function ereg($pattern, $string, &$regs) { |
return preg_match('~' . addcslashes($pattern, '~') . '~', $string, $regs); |
} |
} |
if (function_exists('eregi') !== true) { |
function eregi($pattern, $string, &$regs) { |
return preg_match('~' . addcslashes($pattern, '~') . '~i', $string, $regs); |
} |
} |
if (function_exists('ereg_replace') !== true) { |
function ereg_replace($pattern, $string, $replace) { |
return preg_replace('~' . addcslashes($pattern, '~') . '~', $string, $replace); |
} |
} |
if (function_exists('eregi_replace') !== true) { |
function eregi_replace($pattern, $string, $replace) { |
return preg_replace('~' . addcslashes($pattern, '~') . '~i', $string, $replace); |
} |
} |
if (function_exists('split') !== true) { |
function split($pattern, $string, $limit=-1) { |
return preg_split('~' . addcslashes($pattern, '~') . '~', $string, $limit); |
} |
} |
if (function_exists('spliti') !== true) { |
function spliti($pattern, $string, $limit=-1) { |
return preg_split('~' . addcslashes($pattern, '~') . '~i', $string, $limit); |
} |
} |
if (function_exists('sql_regcase') !== true) { |
function sql_regcase($string) { |
$out = ''; |
for ($i=0; $i<strlen($string); $i++) { |
$char = $string[$i]; |
$up = strtoupper($char); |
$low = strtolower($char); |
if ($up != $low) { |
$out .= "[$up$low]"; |
} else { |
$out .= $char; |
} |
} |
return $out; |
} |
} |
} |
unset($xxx_go); |
/trunk/php_auto_pre/004-anti-xss.php |
---|
0,0 → 1,54 |
<?php |
// ATTENTION: This is a very simple XSS "Firewall". There ARE many other ways to do an XSS attack, so please don't rely on this script! |
$xxx_vts_prepend_config = array(); |
if (file_exists($xxx_vts_prepend_config_file = __DIR__.'/../config.local.php')) include $xxx_vts_prepend_config_file; |
unset($xxx_vts_prepend_config_file); |
$xxx_directories_need_anti_xss = $xxx_vts_prepend_config['directories_need_anti_xss'] ?? array(); /* @phpstan-ignore-line */ |
unset($xxx_vts_prepend_config); |
function ___check_xss___($str) { |
$ary = is_array($str) ? $str : array($str); |
foreach ($ary as $str) { |
if (!is_string($str)) continue; |
if ((stripos($str, '<svg') !== false) || (stripos($str, '<script') !== false)) { |
#@header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500); |
@header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request', true, 400); |
die('There is a problem with the data you have entered. Please write us an email if you think you received this message in error. info at viathinksoft.de'); |
} |
} |
} |
// --- |
$xxx_go = false; |
foreach ($xxx_directories_need_anti_xss as $xxx_directory_need_anti_xss) { /* @phpstan-ignore-line */ |
if ($xxx_negate = (substr($xxx_directory_need_anti_xss,0,1) === '!')) { |
$xxx_directory_need_anti_xss = substr($xxx_directory_need_anti_xss,1); |
} |
if (strpos($_SERVER['SCRIPT_FILENAME']??'', $xxx_directory_need_anti_xss) === 0) { |
$xxx_go = !$xxx_negate; |
} |
if (strpos(rtrim($_SERVER['PWD']??'',DIRECTORY_SEPARATOR), rtrim($xxx_directory_need_anti_xss,DIRECTORY_SEPARATOR)) === 0) { |
$xxx_go = !$xxx_negate; |
} |
} |
unset($xxx_directories_need_anti_xss); |
unset($xxx_directory_need_anti_xss); |
if ($xxx_go) { /* @phpstan-ignore-line */ |
if (isset($_SERVER['REQUEST_URI'])) ___check_xss___($_SERVER['REQUEST_URI']); |
if (isset($_SERVER['QUERY_STRING'])) ___check_xss___($_SERVER['QUERY_STRING']); |
if (isset($_SERVER['SCRIPT_URI'])) ___check_xss___($_SERVER['SCRIPT_URI']); |
if (isset($_SERVER['SCRIPT_URL'])) ___check_xss___($_SERVER['SCRIPT_URL']); |
if (isset($_SERVER['PHP_SELF'])) ___check_xss___($_SERVER['PHP_SELF']); |
# Warum so viele ___ ? Damit man auf keinen Fall ein GET/POST Argument mit diesen Variablen überschreibt! |
foreach ($_REQUEST as $___key___ => $___val___) { |
___check_xss___($___val___); |
} |
unset($___key___); |
unset($___val___); |
} |
unset($xxx_go); |
/trunk/php_auto_pre.php |
---|
0,0 → 1,10 |
<?php |
$xxx_autoPreFiles = glob(__DIR__ . '/php_auto_pre/*.php'); |
sort($xxx_autoPreFiles); |
foreach ($xxx_autoPreFiles as $xxx_autoPreFile) { |
require_once $xxx_autoPreFile; |
} |
unset($xxx_autoPreFiles); |
unset($xxx_autoPreFile); |
/trunk/phpstan.neon.dist |
---|
0,0 → 1,15 |
parameters: |
level: 5 |
fileExtensions: |
- php |
- phps |
paths: |
- . |
excludePaths: |
analyseAndScan: |
- .phpstan.tmp |
tmpDir: .phpstan.tmp |
ignoreErrors: |
#- '#is always (true|false)\.#' |
#- '#Call to function assert\(\) with false will always evaluate to false\.#' |
#- '#with no typehint specified\.#' |
/trunk |
---|
Property changes: |
Added: svn:ignore |
+config.local.php |
+.phpstan.tmp |
+phpstan.neon |