Subversion Repositories oidplus

Rev

Rev 315 | Rev 419 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed

  1. <?php
  2.  
  3. /*
  4.  * OIDplus 2.0
  5.  * Copyright 2019 Daniel Marschall, ViaThinkSoft
  6.  *
  7.  * Licensed under the Apache License, Version 2.0 (the "License");
  8.  * you may not use this file except in compliance with the License.
  9.  * You may obtain a copy of the License at
  10.  *
  11.  *     http://www.apache.org/licenses/LICENSE-2.0
  12.  *
  13.  * Unless required by applicable law or agreed to in writing, software
  14.  * distributed under the License is distributed on an "AS IS" BASIS,
  15.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16.  * See the License for the specific language governing permissions and
  17.  * limitations under the License.
  18.  */
  19.  
  20. // Before we do ANYTHING, check for dependencies! Do not include anything (except the GMP supplement) yet.
  21.  
  22. if (version_compare(PHP_VERSION, '7.0.0') < 0) {
  23.         // Reasons why we currently require PHP 7.0:
  24.         // - Return values (e.g. "function foo(): array") (added 2020-04-06 at the database classes)
  25.         //   Note: By removing these return values (e.g. removing ": array"), you *might* be
  26.         //   able to run OIDplus with PHP lower than version 7.0 (not tested)
  27.         //
  28.         // Currently we do NOT require 7.1, because some (old-)stable distros are still using PHP 7.0
  29.         // (e.g. Debian 9 which has LTS support till May 2022).
  30.         // Therefore we commented out following features which would require PHP 7.1:
  31.         // - Nullable return values (e.g. "function foo(): ?array")
  32.         // - void return value (e.g. "function foo(): void") => currently commented out
  33.         // - private/protected/public consts => currently commented out
  34.         echo '<h1>'._L('OIDplus error').'</h1>';
  35.         echo '<p>'._L('OIDplus requires at least PHP version %1! You are currently using version %2','7.0',PHP_VERSION).'</p>'."\n";
  36.         die();
  37. }
  38.  
  39. include_once __DIR__ . '/gmp_supplement.inc.php';
  40.  
  41. $missing_dependencies = array();
  42.  
  43. if (!function_exists('gmp_init')) {
  44.         // GMP Required for includes/uuid_functions.inc.php
  45.         //                  includes/ipv6_functions.inc.php
  46.         //                  plugins/adminPages/400_oidinfo_export/oidinfo_api.inc.php (if GMP is not available, BC will be used)
  47.         // Note that gmp_supplement.inc.php will implement the GMP functions if BCMath is present.
  48.         // This is the reason why we use function_exists('gmp_init') instead of extension_loaded('gmp')
  49.         $missing_dependencies[] = _L('GMP (Install it using <code>sudo aptitude update && sudo aptitude install php-gmp && sudo service apache2 restart</code> on Linux systems.)') .
  50.                                   '<br>'._L('or alternatively').'<br>' .
  51.                                   _L('BCMath (Install it using <code>sudo aptitude update && sudo aptitude install php-bcmath && sudo service apache2 restart</code> on Linux systems.)');
  52. }
  53.  
  54. if (!function_exists('mb_substr')) {
  55.         // Required for includes/classes/OIDplusSessionHandler.class.php
  56.         //              includes/oid_utils.inc.php
  57.         //              3p/minify/path-converter/Converter.php
  58.         //              3p/0xbb/Sha3.class.php
  59.         $missing_dependencies[] = _L('MBString (Install it using <code>sudo aptitude update && sudo aptitude install php-mbstring && sudo service apache2 restart</code> on Linux systems.)');
  60. }
  61.  
  62. if (count($missing_dependencies) >= 1) {
  63.         echo '<h1>'._L('OIDplus error').'</h1>';
  64.         echo '<p>'._L('The following PHP extensions need to be installed in order to run OIDplus:').'</p>';
  65.         echo '<ul>';
  66.         foreach ($missing_dependencies as $dependency) {
  67.                 echo '<li>'.$dependency.'</li>';
  68.         }
  69.         echo '</ul>';
  70.         die();
  71. }
  72.  
  73. unset($missing_dependencies);
  74.  
  75. // Now we can continue!
  76.  
  77. if (php_sapi_name() != 'cli') {
  78.         header('X-Content-Type-Options: nosniff');
  79.         header('X-XSS-Protection: 1; mode=block');
  80.         header("Content-Security-Policy: default-src 'self' blob: https://fonts.gstatic.com https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/; ".
  81.                "style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/; ".
  82.                "img-src data: http: https:; ".
  83.                "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://polyfill.io/; ".
  84.                "frame-ancestors 'none'; ".
  85.                "object-src 'none'");
  86.         header('X-Frame-Options: SAMEORIGIN');
  87.         header('Referrer-Policy: no-referrer-when-downgrade');
  88. }
  89.  
  90. require_once __DIR__ . '/../3p/0xbb/Sha3.class.php';
  91.  
  92. require_once __DIR__ . '/functions.inc.php';
  93. require_once __DIR__ . '/oid_utils.inc.php';
  94. require_once __DIR__ . '/uuid_utils.inc.php';
  95. require_once __DIR__ . '/color_utils.inc.php';
  96. require_once __DIR__ . '/ipv4_functions.inc.php';
  97. require_once __DIR__ . '/ipv6_functions.inc.php';
  98. require_once __DIR__ . '/anti_xss.inc.php';
  99.  
  100. if (php_sapi_name() != 'cli') {
  101.         if (!file_exists(__DIR__ . '/../3p/vts_vnag/vnag_framework.inc.php')) {
  102.                 // This can happen if WebSVN did not catch the external SVN repository right
  103.                 // If WebSVN was the reason, then we are safe to assume that writing is possible
  104.                 @mkdir(__DIR__ . '/../3p/vts_vnag');
  105.                 @file_put_contents(__DIR__ . '/../3p/vts_vnag/vnag_framework.inc.php', file_get_contents('https://svn.viathinksoft.com/svn/vnag/trunk/framework/vnag_framework.inc.php'));
  106.         }
  107.         include_once __DIR__ . '/../3p/vts_vnag/vnag_framework.inc.php';
  108. }
  109.  
  110. if (!file_exists(__DIR__ . '/../3p/vts_fileformats/VtsFileTypeDetect.class.php')) {
  111.         // This can happen if WebSVN did not catch the external SVN repository right
  112.         // If WebSVN was the reason, then we are safe to assume that writing is possible
  113.         @mkdir(__DIR__ . '/../3p/vts_fileformats');
  114.         foreach (array('VtsFileTypeDetect.class.php', 'filetypes.conf', 'mimetype_lookup.inc.php') as $file) {
  115.                 @file_put_contents(__DIR__ . '/../3p/vts_fileformats/'.$file, file_get_contents('https://svn.viathinksoft.com/svn/fileformats/trunk/'.$file));
  116.         }
  117. }
  118. include_once __DIR__ . '/../3p/vts_fileformats/VtsFileTypeDetect.class.php';
  119.  
  120. // ---
  121.  
  122. spl_autoload_register(function ($class_name) {
  123.         $candidate = __DIR__ . '/classes/' . $class_name . '.class.php';
  124.         if (file_exists($candidate)) require_once $candidate;
  125.         $candidates = glob(__DIR__ . '/../plugins/'.'*'.'/'.'*'.'/' . $class_name . '.class.php');
  126.         foreach ($candidates as $candidate) {
  127.                 if (file_exists($candidate)) require_once $candidate;
  128.         }
  129. });