Subversion Repositories prepend

Compare Revisions

No changes between revisions

Regard whitespace Rev 9 → Rev 8

/trunk/INSTALL
4,5 → 4,3
to a file located in
/etc/php/7.0/mods-enabled/
 
copy includes/config.dist.php to includes/config.local.php and edit it to your needs
 
/trunk/TODO
0,0 → 1,2
 
Konfiguration (Webseiten-Verzeichnisse) auslagern in Nicht-SVN-Datei
/trunk/php_auto_pre/config.dist.php
File deleted
/trunk/php_auto_pre/001-mysql_replacement.php
3,29 → 3,7
// TODO: test everything
// TODO: return values?
// TODO: check if we matched all stuff mentioned here: https://www.phpclasses.org/blog/package/9199/post/3-Smoothly-Migrate-your-PHP-Code-using-the-Old-MySQL-extension-to-MySQLi.html
// TODO: translate descriptions to english
 
$xxx_vts_prepend_config = array();
if (file_exists($xxx_vts_prepend_config_file = __DIR__.'/config.local.php')) include $xxx_vts_prepend_config_file;
unset($xxx_vts_prepend_config_file);
$xxx_directories_need_mysql = $xxx_vts_prepend_config['directories_need_mysql'];
unset($xxx_vts_prepend_config);
 
$xxx_go = false;
foreach ($xxx_directories_need_mysql as $xxx_directory_need_mysql) {
if ($xxx_negate = (substr($xxx_directory_need_mysql,0,1) === '!')) {
$xxx_directory_need_mysql = substr($xxx_directory_need_mysql,1);
}
if (strpos($_SERVER['SCRIPT_FILENAME'], $xxx_directory_need_mysql) === 0) {
$xxx_go = !$xxx_negate;
}
unset($xxx_negate);
}
unset($xxx_directories_need_mysql);
unset($xxx_directory_need_mysql);
 
if ($xxx_go && !function_exists('mysql_connect')) {
 
$vts_mysqli = null;
$vts_mysqli_report_set_once = false;
 
34,6 → 12,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_affected_rows(). No valid connection to server.");
 
return $li->affected_rows;
}
 
42,6 → 21,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_client_encoding(). No valid connection to server.");
 
return $li->character_set_name();
}
 
50,6 → 30,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_close(). No valid connection to server.");
 
return $li->close();
}
 
77,6 → 58,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_create_db(). No valid connection to server.");
 
return mysql_query("CREATE DATABASE `$database_name`", $li) !== false;
}
 
104,6 → 86,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_db_query(). No valid connection to server.");
 
mysql_select_db($database, $li);
return mysql_query($query, $li);
// Note: The mysql_*() implementation defines, that we will not jump back to our original DB
114,6 → 97,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_drop_db(). No valid connection to server.");
 
return mysql_query("DROP DATABASE `$database_name`", $li) !== false;
}
 
122,6 → 106,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_errno(). No valid connection to server.");
 
return !empty($li->connect_errno) ? $li->connect_errno : $li->errno;
}
 
130,6 → 115,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_error(). No valid connection to server.");
 
return !empty($li->connect_error) ? $li->connect_error : $li->error;
}
 
274,6 → 260,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_get_host_info(). No valid connection to server.");
 
return $li->host_info;
}
 
282,6 → 269,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_get_proto_info(). No valid connection to server.");
 
return $li->protocol_version;
}
 
290,6 → 278,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_get_server_info(). No valid connection to server.");
 
return $li->server_info;
}
 
298,6 → 287,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_info(). No valid connection to server.");
 
return $li->info;
}
 
306,6 → 296,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_insert_id(). No valid connection to server.");
 
return $li->insert_id;
}
 
314,6 → 305,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_list_dbs(). No valid connection to server.");
 
return mysql_query('SHOW DATABASES', $li);
}
 
322,6 → 314,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_list_fields(). No valid connection to server.");
 
return mysql_query("SHOW COLUMNS FROM `$database_name`.`$table_name`", $li);
}
 
330,6 → 323,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_list_processes(). No valid connection to server.");
 
return $li->thread_id;
}
 
338,6 → 332,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_list_tables(). No valid connection to server.");
 
return mysql_query("SHOW TABLES FROM `$database`", $li);
}
 
379,6 → 374,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_ping(). No valid connection to server.");
 
return $li->ping();
}
 
387,6 → 383,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_query(). No valid connection to server.");
 
return $li->query($query, $resultmode=MYSQLI_STORE_RESULT);
}
 
395,6 → 392,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_real_escape_string(). No valid connection to server.");
 
return $li->escape_string($unescaped_string);
}
 
413,6 → 411,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_select_db(). No valid connection to server.");
 
return $li->select_db($database_name);
}
 
421,6 → 420,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_set_charset(). No valid connection to server.");
 
return $li->set_charset($charset);
}
 
429,6 → 429,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_stat(). No valid connection to server.");
 
return $li->stat();
}
 
447,6 → 448,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_thread_id(). No valid connection to server.");
 
return $li->thread_id;
}
 
455,6 → 457,7
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_unbuffered_query(). No valid connection to server.");
 
// http://php.net/manual/de/mysqlinfo.concepts.buffering.php
// https://stackoverflow.com/questions/1982016/unbuffered-query-with-mysqli?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
$li->real_query($query);
461,6 → 464,3
$li->use_result();
}
 
}
unset($xxx_directories_need_mysql);
unset($xxx_directory_need_mysql);
/trunk/php_auto_pre/002-register-globals.php
1,26 → 1,24
<?php
 
$xxx_vts_prepend_config = array();
if (file_exists($xxx_vts_prepend_config_file = __DIR__.'/config.local.php')) include $xxx_vts_prepend_config_file;
unset($xxx_vts_prepend_config_file);
$xxx_directories_need_registerglobals = $xxx_vts_prepend_config['directories_need_registerglobals'];
unset($xxx_vts_prepend_config);
$xxx_directories_need_registerglobals = array(
// Webseiten, die teilweise noch register_globals erfordern
'/home/viathinksoft/public_html',
'/home/weiherhaus/public_html',
'/home/gastro-websoft/public_html'
);
 
// ---
 
$xxx_go = false;
foreach ($xxx_directories_need_registerglobals as $xxx_directory_need_registerglobals) {
if ($xxx_negate = (substr($xxx_directory_need_registerglobals,0,1) === '!')) {
$xxx_directory_need_registerglobals = substr($xxx_directory_need_registerglobals,1);
}
if (strpos($_SERVER['SCRIPT_FILENAME'], $xxx_directory_need_registerglobals) === 0) {
$xxx_go = !$xxx_negate;
$xxx_go = true;
}
unset($xxx_negate);
}
unset($xxx_directories_need_registerglobals);
unset($xxx_directory_need_registerglobals);
 
if ($xxx_go) {
# Warum so viele ___ ? Damit man auf keinen Fall ein GET/POST Argument mit diesen Variablen überschreibt!
# Warum so viele ___ ? Damit man auf keinen Fall ein GET/POST Argument mit diesen Variablen überschreibt!
foreach ($_REQUEST as $___key___ => $___val___) {
global ${$___key___};
${$___key___} = $___val___;
/trunk/php_auto_pre/003-ereg-functions.php
1,24 → 1,19
<?php
 
$xxx_vts_prepend_config = array();
if (file_exists($xxx_vts_prepend_config_file = __DIR__.'/config.local.php')) include $xxx_vts_prepend_config_file;
unset($xxx_vts_prepend_config_file);
$xxx_directories_need_ereg = $xxx_vts_prepend_config['directories_need_ereg'] ?? array();
unset($xxx_vts_prepend_config);
$xxx_directories_need_ereg = array(
'/home/villariva' // Gästebuch arbeitet noch mit ereg... (/home/villariva/public_html/includes/misc_functions.php)
);
 
// ---
 
$xxx_go = false;
foreach ($xxx_directories_need_ereg as $xxx_directory_need_ereg) {
if ($xxx_negate = (substr($xxx_directory_need_ereg,0,1) === '!')) {
$xxx_directory_need_ereg = substr($xxx_directory_need_ereg,1);
}
if (strpos($_SERVER['SCRIPT_FILENAME'], $xxx_directory_need_ereg) === 0) {
$xxx_go = !$xxx_negate;
$xxx_go = true;
}
unset($xxx_negate);
}
unset($xxx_directories_need_ereg);
unset($xxx_directory_need_ereg);
 
if ($xxx_go) {
if (function_exists('ereg') !== true) {
function ereg($pattern, $string, &$regs) {
/trunk/php_auto_pre/004-anti-xss.php
2,18 → 2,17
 
// ATTENTION: This is a very simple XSS "Firewall". There ARE many other ways to do an XSS attack, so please don't rely on this script!
 
$xxx_vts_prepend_config = array();
if (file_exists($xxx_vts_prepend_config_file = __DIR__.'/config.local.php')) include $xxx_vts_prepend_config_file;
unset($xxx_vts_prepend_config_file);
$xxx_directories_need_anti_xss = $xxx_vts_prepend_config['directories_need_anti_xss'];
unset($xxx_vts_prepend_config);
$xxx_directories_need_anti_xss = array(
'/home/'
);
 
// ---
 
function ___check_xss___($str) {
$ary = is_array($str) ? $str : array($str);
foreach ($ary as $str) {
if ((stripos($str, '<svg') !== false) || (stripos($str, '<script') !== false)) {
#@header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
@header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request', true, 400);
@header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
die('There is a problem with the data you have entered. Please write us an email if you think you received this message in error. info at viathinksoft.de');
}
}
23,16 → 22,12
 
$xxx_go = false;
foreach ($xxx_directories_need_anti_xss as $xxx_directory_need_anti_xss) {
if ($xxx_negate = (substr($xxx_directory_need_anti_xss,0,1) === '!')) {
$xxx_directory_need_anti_xss = substr($xxx_directory_need_anti_xss,1);
}
if (strpos($_SERVER['SCRIPT_FILENAME'], $xxx_directory_need_anti_xss) === 0) {
$xxx_go = !$xxx_negate;
$xxx_go = true;
}
}
unset($xxx_directories_need_anti_xss);
unset($xxx_directory_need_anti_xss);
 
if ($xxx_go) {
if (isset($_SERVER['REQUEST_URI'])) ___check_xss___($_SERVER['REQUEST_URI']);
if (isset($_SERVER['QUERY_STRING'])) ___check_xss___($_SERVER['QUERY_STRING']);
/trunk/php_auto_pre
Property changes:
Deleted: svn:ignore
-config.local.php
-