Subversion Repositories prepend

Compare Revisions

No changes between revisions

Regard whitespace Rev 8 → Rev 9

/trunk/TODO
File deleted
/trunk/INSTALL
4,3 → 4,5
to a file located in
/etc/php/7.0/mods-enabled/
 
copy includes/config.dist.php to includes/config.local.php and edit it to your needs
 
/trunk/php_auto_pre/001-mysql_replacement.php
3,7 → 3,29
// TODO: test everything
// TODO: return values?
// TODO: check if we matched all stuff mentioned here: https://www.phpclasses.org/blog/package/9199/post/3-Smoothly-Migrate-your-PHP-Code-using-the-Old-MySQL-extension-to-MySQLi.html
// TODO: translate descriptions to english
 
$xxx_vts_prepend_config = array();
if (file_exists($xxx_vts_prepend_config_file = __DIR__.'/config.local.php')) include $xxx_vts_prepend_config_file;
unset($xxx_vts_prepend_config_file);
$xxx_directories_need_mysql = $xxx_vts_prepend_config['directories_need_mysql'];
unset($xxx_vts_prepend_config);
 
$xxx_go = false;
foreach ($xxx_directories_need_mysql as $xxx_directory_need_mysql) {
if ($xxx_negate = (substr($xxx_directory_need_mysql,0,1) === '!')) {
$xxx_directory_need_mysql = substr($xxx_directory_need_mysql,1);
}
if (strpos($_SERVER['SCRIPT_FILENAME'], $xxx_directory_need_mysql) === 0) {
$xxx_go = !$xxx_negate;
}
unset($xxx_negate);
}
unset($xxx_directories_need_mysql);
unset($xxx_directory_need_mysql);
 
if ($xxx_go && !function_exists('mysql_connect')) {
 
$vts_mysqli = null;
$vts_mysqli_report_set_once = false;
 
12,7 → 34,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_affected_rows(). No valid connection to server.");
 
return $li->affected_rows;
}
 
21,7 → 42,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_client_encoding(). No valid connection to server.");
 
return $li->character_set_name();
}
 
30,7 → 50,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_close(). No valid connection to server.");
 
return $li->close();
}
 
58,7 → 77,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_create_db(). No valid connection to server.");
 
return mysql_query("CREATE DATABASE `$database_name`", $li) !== false;
}
 
86,7 → 104,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_db_query(). No valid connection to server.");
 
mysql_select_db($database, $li);
return mysql_query($query, $li);
// Note: The mysql_*() implementation defines, that we will not jump back to our original DB
97,7 → 114,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_drop_db(). No valid connection to server.");
 
return mysql_query("DROP DATABASE `$database_name`", $li) !== false;
}
 
106,7 → 122,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_errno(). No valid connection to server.");
 
return !empty($li->connect_errno) ? $li->connect_errno : $li->errno;
}
 
115,7 → 130,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_error(). No valid connection to server.");
 
return !empty($li->connect_error) ? $li->connect_error : $li->error;
}
 
260,7 → 274,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_get_host_info(). No valid connection to server.");
 
return $li->host_info;
}
 
269,7 → 282,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_get_proto_info(). No valid connection to server.");
 
return $li->protocol_version;
}
 
278,7 → 290,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_get_server_info(). No valid connection to server.");
 
return $li->server_info;
}
 
287,7 → 298,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_info(). No valid connection to server.");
 
return $li->info;
}
 
296,7 → 306,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_insert_id(). No valid connection to server.");
 
return $li->insert_id;
}
 
305,7 → 314,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_list_dbs(). No valid connection to server.");
 
return mysql_query('SHOW DATABASES', $li);
}
 
314,7 → 322,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_list_fields(). No valid connection to server.");
 
return mysql_query("SHOW COLUMNS FROM `$database_name`.`$table_name`", $li);
}
 
323,7 → 330,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_list_processes(). No valid connection to server.");
 
return $li->thread_id;
}
 
332,7 → 338,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_list_tables(). No valid connection to server.");
 
return mysql_query("SHOW TABLES FROM `$database`", $li);
}
 
374,7 → 379,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_ping(). No valid connection to server.");
 
return $li->ping();
}
 
383,7 → 387,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_query(). No valid connection to server.");
 
return $li->query($query, $resultmode=MYSQLI_STORE_RESULT);
}
 
392,7 → 395,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_real_escape_string(). No valid connection to server.");
 
return $li->escape_string($unescaped_string);
}
 
411,7 → 413,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_select_db(). No valid connection to server.");
 
return $li->select_db($database_name);
}
 
420,7 → 421,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_set_charset(). No valid connection to server.");
 
return $li->set_charset($charset);
}
 
429,7 → 429,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_stat(). No valid connection to server.");
 
return $li->stat();
}
 
448,7 → 447,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_thread_id(). No valid connection to server.");
 
return $li->thread_id;
}
 
457,7 → 455,6
global $vts_mysqli;
$li = is_null($link_identifier) ? $vts_mysqli : $link_identifier;
if (is_null($li)) throw new Exception("Cannot execute mysql_unbuffered_query(). No valid connection to server.");
 
// http://php.net/manual/de/mysqlinfo.concepts.buffering.php
// https://stackoverflow.com/questions/1982016/unbuffered-query-with-mysqli?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
$li->real_query($query);
464,3 → 461,6
$li->use_result();
}
 
}
unset($xxx_directories_need_mysql);
unset($xxx_directory_need_mysql);
/trunk/php_auto_pre/002-register-globals.php
1,24 → 1,26
<?php
 
$xxx_directories_need_registerglobals = array(
// Webseiten, die teilweise noch register_globals erfordern
'/home/viathinksoft/public_html',
'/home/weiherhaus/public_html',
'/home/gastro-websoft/public_html'
);
$xxx_vts_prepend_config = array();
if (file_exists($xxx_vts_prepend_config_file = __DIR__.'/config.local.php')) include $xxx_vts_prepend_config_file;
unset($xxx_vts_prepend_config_file);
$xxx_directories_need_registerglobals = $xxx_vts_prepend_config['directories_need_registerglobals'];
unset($xxx_vts_prepend_config);
 
// ---
 
$xxx_go = false;
foreach ($xxx_directories_need_registerglobals as $xxx_directory_need_registerglobals) {
if ($xxx_negate = (substr($xxx_directory_need_registerglobals,0,1) === '!')) {
$xxx_directory_need_registerglobals = substr($xxx_directory_need_registerglobals,1);
}
if (strpos($_SERVER['SCRIPT_FILENAME'], $xxx_directory_need_registerglobals) === 0) {
$xxx_go = true;
$xxx_go = !$xxx_negate;
}
unset($xxx_negate);
}
unset($xxx_directories_need_registerglobals);
unset($xxx_directory_need_registerglobals);
 
if ($xxx_go) {
# Warum so viele ___ ? Damit man auf keinen Fall ein GET/POST Argument mit diesen Variablen überschreibt!
# Warum so viele ___ ? Damit man auf keinen Fall ein GET/POST Argument mit diesen Variablen überschreibt!
foreach ($_REQUEST as $___key___ => $___val___) {
global ${$___key___};
${$___key___} = $___val___;
/trunk/php_auto_pre/003-ereg-functions.php
1,19 → 1,24
<?php
 
$xxx_directories_need_ereg = array(
'/home/villariva' // Gästebuch arbeitet noch mit ereg... (/home/villariva/public_html/includes/misc_functions.php)
);
$xxx_vts_prepend_config = array();
if (file_exists($xxx_vts_prepend_config_file = __DIR__.'/config.local.php')) include $xxx_vts_prepend_config_file;
unset($xxx_vts_prepend_config_file);
$xxx_directories_need_ereg = $xxx_vts_prepend_config['directories_need_ereg'] ?? array();
unset($xxx_vts_prepend_config);
 
// ---
 
$xxx_go = false;
foreach ($xxx_directories_need_ereg as $xxx_directory_need_ereg) {
if ($xxx_negate = (substr($xxx_directory_need_ereg,0,1) === '!')) {
$xxx_directory_need_ereg = substr($xxx_directory_need_ereg,1);
}
if (strpos($_SERVER['SCRIPT_FILENAME'], $xxx_directory_need_ereg) === 0) {
$xxx_go = true;
$xxx_go = !$xxx_negate;
}
unset($xxx_negate);
}
unset($xxx_directories_need_ereg);
unset($xxx_directory_need_ereg);
 
if ($xxx_go) {
if (function_exists('ereg') !== true) {
function ereg($pattern, $string, &$regs) {
/trunk/php_auto_pre/004-anti-xss.php
2,17 → 2,18
 
// ATTENTION: This is a very simple XSS "Firewall". There ARE many other ways to do an XSS attack, so please don't rely on this script!
 
$xxx_directories_need_anti_xss = array(
'/home/'
);
$xxx_vts_prepend_config = array();
if (file_exists($xxx_vts_prepend_config_file = __DIR__.'/config.local.php')) include $xxx_vts_prepend_config_file;
unset($xxx_vts_prepend_config_file);
$xxx_directories_need_anti_xss = $xxx_vts_prepend_config['directories_need_anti_xss'];
unset($xxx_vts_prepend_config);
 
// ---
 
function ___check_xss___($str) {
$ary = is_array($str) ? $str : array($str);
foreach ($ary as $str) {
if ((stripos($str, '<svg') !== false) || (stripos($str, '<script') !== false)) {
@header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
#@header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
@header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request', true, 400);
die('There is a problem with the data you have entered. Please write us an email if you think you received this message in error. info at viathinksoft.de');
}
}
22,12 → 23,16
 
$xxx_go = false;
foreach ($xxx_directories_need_anti_xss as $xxx_directory_need_anti_xss) {
if ($xxx_negate = (substr($xxx_directory_need_anti_xss,0,1) === '!')) {
$xxx_directory_need_anti_xss = substr($xxx_directory_need_anti_xss,1);
}
if (strpos($_SERVER['SCRIPT_FILENAME'], $xxx_directory_need_anti_xss) === 0) {
$xxx_go = true;
$xxx_go = !$xxx_negate;
}
}
unset($xxx_directories_need_anti_xss);
unset($xxx_directory_need_anti_xss);
 
if ($xxx_go) {
if (isset($_SERVER['REQUEST_URI'])) ___check_xss___($_SERVER['REQUEST_URI']);
if (isset($_SERVER['QUERY_STRING'])) ___check_xss___($_SERVER['QUERY_STRING']);
/trunk/php_auto_pre/config.dist.php
0,0 → 1,34
<?php
 
// PLEASE DO NOT EDIT THIS FILE!
// INSTEAD, COPY IT TO config.local.php AND THEN EDIT IT
 
// Add directories which need mysql_* methods (plugin 001)
// Add '!' in front of a dir to exclude the directory instead of including it
$xxx_vts_prepend_config['directories_need_mysql'] = array(
'/'
);
 
// Add directories which need register globals (plugin 002)
// Add '!' in front of a dir to exclude the directory instead of including it
$xxx_vts_prepend_config['directories_need_registerglobals'] = array(
# '/home/user1/',
# '!/home/user1/secure/',
# '/home/user2/'
);
 
// Add directories which need ereg_* methods (plugin 003)
// Add '!' in front of a dir to exclude the directory instead of including it
$xxx_vts_prepend_config['directories_need_ereg'] = array(
# '/home/user1/',
# '!/home/user1/secure/',
# '/home/user2/'
);
 
// Add directories which are protected with a (weak) XSS WAF (plugin 004)
// Add '!' in front of a dir to exclude the directory instead of including it
$xxx_vts_prepend_config['directories_need_anti_xss'] = array(
# '/home/user1/',
# '!/home/user1/secure/',
# '/home/user2/'
);
/trunk/php_auto_pre
Property changes:
Added: svn:ignore
+config.local.php
+