578 lines
19 KiB
PHP
578 lines
19 KiB
PHP
<?php
|
|
/**
|
|
* The Horde_Util:: class provides generally useful methods.
|
|
*
|
|
* Copyright 1999-2017 Horde LLC (http://www.horde.org/)
|
|
*
|
|
* See the enclosed file COPYING for license information (LGPL). If you
|
|
* did not receive this file, see http://www.horde.org/licenses/lgpl21.
|
|
*
|
|
* @author Chuck Hagenbuch <chuck@horde.org>
|
|
* @author Jon Parise <jon@horde.org>
|
|
* @category Horde
|
|
* @license http://www.horde.org/licenses/lgpl21 LGPL 2.1
|
|
* @package Util
|
|
*/
|
|
class Horde_Util
|
|
{
|
|
/**
|
|
* A list of random patterns to use for overwriting purposes.
|
|
* See http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html.
|
|
* We save the random overwrites for efficiency reasons.
|
|
*
|
|
* @var array
|
|
*/
|
|
public static $patterns = array(
|
|
"\x55", "\xaa", "\x92\x49\x24", "\x49\x24\x92", "\x24\x92\x49",
|
|
"\x00", "\x11", "\x22", "\x33", "\x44", "\x55", "\x66", "\x77",
|
|
"\x88", "\x99", "\xaa", "\xbb", "\xcc", "\xdd", "\xee", "\xff",
|
|
"\x92\x49\x24", "\x49\x24\x92", "\x24\x92\x49", "\x6d\xb6\xdb",
|
|
"\xb6\xdb\x6d", "\xdb\x6d\xb6"
|
|
);
|
|
|
|
/**
|
|
* Are magic quotes in use?
|
|
*
|
|
* @var boolean
|
|
*/
|
|
protected static $_magicquotes = null;
|
|
|
|
/**
|
|
* Data used to determine shutdown deletion.
|
|
*
|
|
* @var array
|
|
*/
|
|
protected static $_shutdowndata = array(
|
|
'paths' => array(),
|
|
'secure' => array()
|
|
);
|
|
|
|
/**
|
|
* Has the shutdown method been registered?
|
|
*
|
|
* @var boolean
|
|
*/
|
|
protected static $_shutdownreg = false;
|
|
|
|
/**
|
|
* Cache for extensionExists().
|
|
*
|
|
* @var array
|
|
*/
|
|
protected static $_cache = array();
|
|
|
|
/**
|
|
* Checks to see if a value has been set by the script and not by GET,
|
|
* POST, or cookie input. The value being checked MUST be in the global
|
|
* scope.
|
|
*
|
|
* @param string $varname The variable name to check.
|
|
* @param mixed $default Default value if the variable isn't present
|
|
* or was specified by the user. Defaults to null.
|
|
*
|
|
* @return mixed $default if the var is in user input or not present,
|
|
* the variable value otherwise.
|
|
*/
|
|
public static function nonInputVar($varname, $default = null)
|
|
{
|
|
return (isset($_GET[$varname]) || isset($_POST[$varname]) || isset($_COOKIE[$varname]))
|
|
? $default
|
|
: (isset($GLOBALS[$varname]) ? $GLOBALS[$varname] : $default);
|
|
}
|
|
|
|
/**
|
|
* Returns a hidden form input containing the session name and id.
|
|
*
|
|
* @param boolean $append_session 0 = only if needed, 1 = always.
|
|
*
|
|
* @return string The hidden form input, if needed/requested.
|
|
*/
|
|
public static function formInput($append_session = 0)
|
|
{
|
|
return (($append_session == 1) || !isset($_COOKIE[session_name()]))
|
|
? '<input type="hidden" name="' . htmlspecialchars(session_name()) . '" value="' . htmlspecialchars(session_id()) . "\" />\n"
|
|
: '';
|
|
}
|
|
|
|
/**
|
|
* Prints a hidden form input containing the session name and id.
|
|
*
|
|
* @param boolean $append_session 0 = only if needed, 1 = always.
|
|
*/
|
|
public static function pformInput($append_session = 0)
|
|
{
|
|
echo self::formInput($append_session);
|
|
}
|
|
|
|
/**
|
|
* If magic_quotes_gpc is in use, run stripslashes() on $var.
|
|
*
|
|
* @param mixed $var The string, or an array of strings, to un-quote.
|
|
*
|
|
* @return mixed $var, minus any magic quotes.
|
|
*/
|
|
public static function dispelMagicQuotes($var)
|
|
{
|
|
if (is_null(self::$_magicquotes)) {
|
|
self::$_magicquotes = function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc();
|
|
}
|
|
|
|
if (self::$_magicquotes) {
|
|
$var = is_array($var)
|
|
? array_map(array(__CLASS__, 'dispelMagicQuotes'), $var)
|
|
: stripslashes($var);
|
|
}
|
|
|
|
return $var;
|
|
}
|
|
|
|
/**
|
|
* Gets a form variable from GET or POST data, stripped of magic quotes if
|
|
* necessary. If the variable is somehow set in both the GET data and the
|
|
* POST data, the value from the POST data will be returned and the GET
|
|
* value will be ignored.
|
|
*
|
|
* @param string $var The name of the form variable to look for.
|
|
* @param string $default The value to return if the variable is not
|
|
* there.
|
|
*
|
|
* @return string The cleaned form variable, or $default.
|
|
*/
|
|
public static function getFormData($var, $default = null)
|
|
{
|
|
return (($val = self::getPost($var)) !== null)
|
|
? $val
|
|
: self::getGet($var, $default);
|
|
}
|
|
|
|
/**
|
|
* Gets a form variable from GET data, stripped of magic quotes if
|
|
* necessary. This function will NOT return a POST variable.
|
|
*
|
|
* @param string $var The name of the form variable to look for.
|
|
* @param string $default The value to return if the variable is not
|
|
* there.
|
|
*
|
|
* @return string The cleaned form variable, or $default.
|
|
*/
|
|
public static function getGet($var, $default = null)
|
|
{
|
|
return (isset($_GET[$var]))
|
|
? self::dispelMagicQuotes($_GET[$var])
|
|
: $default;
|
|
}
|
|
|
|
/**
|
|
* Gets a form variable from POST data, stripped of magic quotes if
|
|
* necessary. This function will NOT return a GET variable.
|
|
*
|
|
* @param string $var The name of the form variable to look for.
|
|
* @param string $default The value to return if the variable is not
|
|
* there.
|
|
*
|
|
* @return string The cleaned form variable, or $default.
|
|
*/
|
|
public static function getPost($var, $default = null)
|
|
{
|
|
return (isset($_POST[$var]))
|
|
? self::dispelMagicQuotes($_POST[$var])
|
|
: $default;
|
|
}
|
|
|
|
/**
|
|
* Creates a temporary filename for the lifetime of the script, and
|
|
* (optionally) registers it to be deleted at request shutdown.
|
|
*
|
|
* @param string $prefix Prefix to make the temporary name more
|
|
* recognizable.
|
|
* @param boolean $delete Delete the file at the end of the request?
|
|
* @param string $dir Directory to create the temporary file in.
|
|
* @param boolean $secure If deleting the file, should we securely delete
|
|
* the file by overwriting it with random data?
|
|
*
|
|
* @return string Returns the full path-name to the temporary file.
|
|
* Returns false if a temp file could not be created.
|
|
*/
|
|
public static function getTempFile($prefix = '', $delete = true, $dir = '',
|
|
$secure = false)
|
|
{
|
|
$tempDir = (empty($dir) || !is_dir($dir))
|
|
? sys_get_temp_dir()
|
|
: $dir;
|
|
|
|
$tempFile = tempnam($tempDir, $prefix);
|
|
|
|
// If the file was created, then register it for deletion and return.
|
|
if (empty($tempFile)) {
|
|
return false;
|
|
}
|
|
|
|
if ($delete) {
|
|
self::deleteAtShutdown($tempFile, true, $secure);
|
|
}
|
|
|
|
return $tempFile;
|
|
}
|
|
|
|
/**
|
|
* Creates a temporary filename with a specific extension for the lifetime
|
|
* of the script, and (optionally) registers it to be deleted at request
|
|
* shutdown.
|
|
*
|
|
* @param string $extension The file extension to use.
|
|
* @param string $prefix Prefix to make the temporary name more
|
|
* recognizable.
|
|
* @param boolean $delete Delete the file at the end of the request?
|
|
* @param string $dir Directory to create the temporary file in.
|
|
* @param boolean $secure If deleting file, should we securely delete
|
|
* the file by overwriting it with random data?
|
|
*
|
|
* @return string Returns the full path-name to the temporary file.
|
|
* Returns false if a temporary file could not be created.
|
|
*/
|
|
public static function getTempFileWithExtension($extension = '.tmp',
|
|
$prefix = '',
|
|
$delete = true, $dir = '',
|
|
$secure = false)
|
|
{
|
|
$tempDir = (empty($dir) || !is_dir($dir))
|
|
? sys_get_temp_dir()
|
|
: $dir;
|
|
|
|
if (empty($tempDir)) {
|
|
return false;
|
|
}
|
|
|
|
$windows = substr(PHP_OS, 0, 3) == 'WIN';
|
|
$tries = 1;
|
|
do {
|
|
// Get a known, unique temporary file name.
|
|
$sysFileName = tempnam($tempDir, $prefix);
|
|
if ($sysFileName === false) {
|
|
return false;
|
|
}
|
|
|
|
// tack on the extension
|
|
$tmpFileName = $sysFileName . $extension;
|
|
if ($sysFileName == $tmpFileName) {
|
|
return $sysFileName;
|
|
}
|
|
|
|
// Move or point the created temporary file to the full filename
|
|
// with extension. These calls fail if the new name already
|
|
// exists.
|
|
$fileCreated = ($windows ? @rename($sysFileName, $tmpFileName) : @link($sysFileName, $tmpFileName));
|
|
if ($fileCreated) {
|
|
if (!$windows) {
|
|
unlink($sysFileName);
|
|
}
|
|
|
|
if ($delete) {
|
|
self::deleteAtShutdown($tmpFileName, true, $secure);
|
|
}
|
|
|
|
return $tmpFileName;
|
|
}
|
|
|
|
unlink($sysFileName);
|
|
} while (++$tries <= 5);
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Creates a temporary directory in the system's temporary directory.
|
|
*
|
|
* @param boolean $delete Delete the temporary directory at the end of
|
|
* the request?
|
|
* @param string $temp_dir Use this temporary directory as the directory
|
|
* where the temporary directory will be created.
|
|
*
|
|
* @return string The pathname to the new temporary directory.
|
|
* Returns false if directory not created.
|
|
*/
|
|
public static function createTempDir($delete = true, $temp_dir = null)
|
|
{
|
|
if (is_null($temp_dir)) {
|
|
$temp_dir = sys_get_temp_dir();
|
|
}
|
|
|
|
if (empty($temp_dir)) {
|
|
return false;
|
|
}
|
|
|
|
/* Get the first 8 characters of a random string to use as a temporary
|
|
directory name. */
|
|
do {
|
|
$new_dir = $temp_dir . '/' . substr(base_convert(uniqid(mt_rand()), 16, 36), 0, 8);
|
|
} while (file_exists($new_dir));
|
|
|
|
$old_umask = umask(0000);
|
|
if (!mkdir($new_dir, 0700)) {
|
|
$new_dir = false;
|
|
} elseif ($delete) {
|
|
self::deleteAtShutdown($new_dir);
|
|
}
|
|
umask($old_umask);
|
|
|
|
return $new_dir;
|
|
}
|
|
|
|
/**
|
|
* Returns the canonical path of the string. Like PHP's built-in
|
|
* realpath() except the directory need not exist on the local server.
|
|
*
|
|
* Algorithim loosely based on code from the Perl File::Spec::Unix module
|
|
* (version 1.5).
|
|
*
|
|
* @param string $path A file path.
|
|
*
|
|
* @return string The canonicalized file path.
|
|
*/
|
|
public static function realPath($path)
|
|
{
|
|
/* Standardize on UNIX directory separators. */
|
|
if (!strncasecmp(PHP_OS, 'WIN', 3)) {
|
|
$path = str_replace('\\', '/', $path);
|
|
}
|
|
|
|
/* xx////xx -> xx/xx
|
|
* xx/././xx -> xx/xx */
|
|
$path = preg_replace(array("|/+|", "@(/\.)+(/|\Z(?!\n))@"), array('/', '/'), $path);
|
|
|
|
/* ./xx -> xx */
|
|
if ($path != './') {
|
|
$path = preg_replace("|^(\./)+|", '', $path);
|
|
}
|
|
|
|
/* /../../xx -> xx */
|
|
$path = preg_replace("|^/(\.\./?)+|", '/', $path);
|
|
|
|
/* xx/ -> xx */
|
|
if ($path != '/') {
|
|
$path = preg_replace("|/\Z(?!\n)|", '', $path);
|
|
}
|
|
|
|
/* /xx/.. -> / */
|
|
while (strpos($path, '/..') !== false) {
|
|
$path = preg_replace("|/[^/]+/\.\.|", '', $path);
|
|
}
|
|
|
|
return empty($path) ? '/' : $path;
|
|
}
|
|
|
|
/**
|
|
* Removes given elements at request shutdown.
|
|
*
|
|
* If called with a filename will delete that file at request shutdown; if
|
|
* called with a directory will remove that directory and all files in that
|
|
* directory at request shutdown.
|
|
*
|
|
* If called with no arguments, return all elements to be deleted (this
|
|
* should only be done by Horde_Util::_deleteAtShutdown()).
|
|
*
|
|
* The first time it is called, it initializes the array and registers
|
|
* Horde_Util::_deleteAtShutdown() as a shutdown function - no need to do
|
|
* so manually.
|
|
*
|
|
* The second parameter allows the unregistering of previously registered
|
|
* elements.
|
|
*
|
|
* @param string $filename The filename to be deleted at the end of the
|
|
* request.
|
|
* @param boolean $register If true, then register the element for
|
|
* deletion, otherwise, unregister it.
|
|
* @param boolean $secure If deleting file, should we securely delete
|
|
* the file?
|
|
*/
|
|
public static function deleteAtShutdown($filename, $register = true,
|
|
$secure = false)
|
|
{
|
|
/* Initialization of variables and shutdown functions. */
|
|
if (!self::$_shutdownreg) {
|
|
register_shutdown_function(array(__CLASS__, 'shutdown'));
|
|
self::$_shutdownreg = true;
|
|
}
|
|
|
|
$ptr = &self::$_shutdowndata;
|
|
if ($register) {
|
|
$ptr['paths'][$filename] = true;
|
|
if ($secure) {
|
|
$ptr['secure'][$filename] = true;
|
|
}
|
|
} else {
|
|
unset($ptr['paths'][$filename], $ptr['secure'][$filename]);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Deletes registered files at request shutdown.
|
|
*
|
|
* This function should never be called manually; it is registered as a
|
|
* shutdown function by Horde_Util::deleteAtShutdown() and called
|
|
* automatically at the end of the request.
|
|
*
|
|
* Contains code from gpg_functions.php.
|
|
* Copyright 2002-2003 Braverock Ventures
|
|
*/
|
|
public static function shutdown()
|
|
{
|
|
$ptr = &self::$_shutdowndata;
|
|
|
|
foreach (array_keys($ptr['paths']) as $val) {
|
|
if (@is_file($val)) {
|
|
self::_secureDelete($val);
|
|
continue;
|
|
}
|
|
|
|
try {
|
|
$it = new RecursiveIteratorIterator(
|
|
new RecursiveDirectoryIterator($val),
|
|
RecursiveIteratorIterator::CHILD_FIRST
|
|
);
|
|
} catch (UnexpectedValueException $e) {
|
|
continue;
|
|
}
|
|
|
|
while ($it->valid()) {
|
|
if (!$it->isDot()) {
|
|
if ($it->isDir()) {
|
|
@rmdir($it->key());
|
|
} elseif ($it->isFile()) {
|
|
self::_secureDelete($it->key());
|
|
} else {
|
|
@unlink($it->key());
|
|
}
|
|
}
|
|
$it->next();
|
|
}
|
|
|
|
@rmdir($val);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Securely delete the file by overwriting the data with a random
|
|
* string.
|
|
*
|
|
* @param string $file Filename.
|
|
*/
|
|
protected static function _secureDelete($file)
|
|
{
|
|
if (isset($ptr['secure'][$file])) {
|
|
$filesize = filesize($file);
|
|
$fp = fopen($file, 'r+');
|
|
foreach (self::$patterns as $pattern) {
|
|
$pattern = substr(str_repeat($pattern, floor($filesize / strlen($pattern)) + 1), 0, $filesize);
|
|
fwrite($fp, $pattern);
|
|
fseek($fp, 0);
|
|
}
|
|
fclose($fp);
|
|
}
|
|
|
|
@unlink($file);
|
|
}
|
|
|
|
/**
|
|
* Caches the result of extension_loaded() calls.
|
|
*
|
|
* @param string $ext The extension name.
|
|
*
|
|
* @return boolean Is the extension loaded?
|
|
*/
|
|
public static function extensionExists($ext)
|
|
{
|
|
if (!isset(self::$_cache[$ext])) {
|
|
self::$_cache[$ext] = extension_loaded($ext);
|
|
}
|
|
|
|
return self::$_cache[$ext];
|
|
}
|
|
|
|
/**
|
|
* Tries to load a PHP extension, behaving correctly for all operating
|
|
* systems.
|
|
*
|
|
* @param string $ext The extension to load.
|
|
*
|
|
* @return boolean True if the extension is now loaded, false if not.
|
|
* True can mean that the extension was already loaded,
|
|
* OR was loaded dynamically.
|
|
*/
|
|
public static function loadExtension($ext)
|
|
{
|
|
/* If $ext is already loaded, our work is done. */
|
|
if (self::extensionExists($ext)) {
|
|
return true;
|
|
}
|
|
|
|
/* See if we can call dl() at all, by the current ini settings.
|
|
* dl() has been removed in some PHP 5.3 SAPIs. */
|
|
if ((ini_get('enable_dl') != 1) ||
|
|
(ini_get('safe_mode') == 1) ||
|
|
!function_exists('dl')) {
|
|
return false;
|
|
}
|
|
|
|
if (!strncasecmp(PHP_OS, 'WIN', 3)) {
|
|
$suffix = 'dll';
|
|
} else {
|
|
switch (PHP_OS) {
|
|
case 'HP-UX':
|
|
$suffix = 'sl';
|
|
break;
|
|
|
|
case 'AIX':
|
|
$suffix = 'a';
|
|
break;
|
|
|
|
case 'OSX':
|
|
$suffix = 'bundle';
|
|
break;
|
|
|
|
default:
|
|
$suffix = 'so';
|
|
}
|
|
}
|
|
|
|
return dl($ext . '.' . $suffix) || dl('php_' . $ext . '.' . $suffix);
|
|
}
|
|
|
|
/**
|
|
* Utility function to obtain PATH_INFO information.
|
|
*
|
|
* @return string The PATH_INFO string.
|
|
*/
|
|
public static function getPathInfo()
|
|
{
|
|
if (isset($_SERVER['PATH_INFO']) &&
|
|
(strpos($_SERVER['SERVER_SOFTWARE'], 'lighttpd') === false)) {
|
|
return $_SERVER['PATH_INFO'];
|
|
} elseif (isset($_SERVER['REQUEST_URI']) &&
|
|
isset($_SERVER['SCRIPT_NAME'])) {
|
|
$search = Horde_String::common($_SERVER['SCRIPT_NAME'], $_SERVER['REQUEST_URI']);
|
|
if (substr($search, -1) == '/') {
|
|
$search = substr($search, 0, -1);
|
|
}
|
|
$search = array($search);
|
|
if (!empty($_SERVER['QUERY_STRING'])) {
|
|
// We can't use QUERY_STRING directly because URL rewriting
|
|
// might add more parameters to the query string than those
|
|
// from the request URI.
|
|
$url = parse_url($_SERVER['REQUEST_URI']);
|
|
if (!empty($url['query'])) {
|
|
$search[] = '?' . $url['query'];
|
|
}
|
|
}
|
|
$path = str_replace($search, '', $_SERVER['REQUEST_URI']);
|
|
if ($path == '/') {
|
|
$path = '';
|
|
}
|
|
return $path;
|
|
}
|
|
|
|
return '';
|
|
}
|
|
|
|
}
|