Merge branch 'master' into 'development'
1.1.2 release Closes #117 See merge request fuzeworks/core!60
This commit is contained in:
commit
acd1f28407
|
@ -47,8 +47,8 @@ return array(
|
|||
| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
|
||||
*/
|
||||
'csrf_protection' => true,
|
||||
'csrf_token_name' => 'csrf_test_name',
|
||||
'csrf_cookie_name' => 'csrf_cookie_name',
|
||||
'csrf_token_name' => 'fw_csrf_token',
|
||||
'csrf_cookie_name' => 'fw_csrf_cookie',
|
||||
'csrf_expire' => 7200,
|
||||
'csrf_regenerate' => TRUE,
|
||||
'csrf_exclude_uris' => array(),
|
||||
|
|
|
@ -73,9 +73,10 @@ class Events
|
|||
/**
|
||||
* Adds a function as listener.
|
||||
*
|
||||
* @param mixed callback The callback when the events get fired, see {@link http://php.net/manual/en/language.types.callable.php PHP.net}
|
||||
* @param string $eventName The name of the event
|
||||
* @param int $priority The priority, even though integers are valid, please use EventPriority (for example EventPriority::Lowest)
|
||||
* @param mixed $callback The callback when the events get fired, see {@link http://php.net/manual/en/language.types.callable.php PHP.net}
|
||||
* @param string $eventName The name of the event
|
||||
* @param int $priority The priority, even though integers are valid, please use EventPriority (for example EventPriority::Lowest)
|
||||
* @param mixed $parameters,... Parameters for the listener
|
||||
*
|
||||
* @see EventPriority
|
||||
*
|
||||
|
@ -106,7 +107,15 @@ class Events
|
|||
self::$listeners[$eventName][$priority] = array();
|
||||
}
|
||||
|
||||
self::$listeners[$eventName][$priority][] = $callback;
|
||||
if (func_num_args() > 3) {
|
||||
$args = array_slice(func_get_args(), 3);
|
||||
}
|
||||
else
|
||||
{
|
||||
$args = array();
|
||||
}
|
||||
|
||||
self::$listeners[$eventName][$priority][] = array($callback, $args);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -131,7 +140,7 @@ class Events
|
|||
}
|
||||
|
||||
foreach (self::$listeners[$eventName][$priority] as $i => $_callback) {
|
||||
if ($_callback == $callback) {
|
||||
if ($_callback[0] == $callback) {
|
||||
unset(self::$listeners[$eventName][$priority][$i]);
|
||||
|
||||
return;
|
||||
|
@ -144,9 +153,10 @@ class Events
|
|||
*
|
||||
* The Event gets created, passed around and then returned to the issuer.
|
||||
*
|
||||
* @param mixed $input Object for direct event, string for system event or notifierEvent
|
||||
* @todo Implement Application Events
|
||||
* @todo Implement Directory input for Events from other locations (like Modules)
|
||||
* @param mixed $input Object for direct event, string for system event or notifierEvent
|
||||
* @param mixed $parameters,... Parameters for the event
|
||||
* @todo Implement Application Events
|
||||
* @todo Implement Directory input for Events from other locations (like Modules)
|
||||
*
|
||||
* @return Event The Event
|
||||
*/
|
||||
|
@ -222,8 +232,9 @@ class Events
|
|||
$listeners = self::$listeners[$eventName][$priority];
|
||||
Logger::newLevel('Found listeners with priority '.EventPriority::getPriority($priority));
|
||||
//Fire the event to each listener
|
||||
foreach ($listeners as $callback) {
|
||||
foreach ($listeners as $callbackArray) {
|
||||
// @codeCoverageIgnoreStart
|
||||
$callback = $callbackArray[0];
|
||||
if (is_callable($callback)) {
|
||||
Logger::newLevel('Firing function');
|
||||
} elseif (!is_string($callback[0])) {
|
||||
|
@ -232,8 +243,9 @@ class Events
|
|||
Logger::newLevel('Firing '.implode('->', $callback));
|
||||
}
|
||||
// @codeCoverageIgnoreEnd
|
||||
|
||||
call_user_func($callback, $event);
|
||||
|
||||
$args = array_merge(array($event), $callbackArray[1]);
|
||||
call_user_func_array($callback, $args);
|
||||
Logger::stopLevel();
|
||||
}
|
||||
|
||||
|
|
|
@ -183,9 +183,9 @@ class Factory
|
|||
$this->language = new Language();
|
||||
$this->utf8 = new Utf8();
|
||||
$this->uri = new URI();
|
||||
$this->output = new Output();
|
||||
$this->security = new Security();
|
||||
$this->input = new Input();
|
||||
$this->output = new Output();
|
||||
$this->router = new Router();
|
||||
|
||||
return true;
|
||||
|
|
|
@ -725,7 +725,7 @@ class Input {
|
|||
}
|
||||
else
|
||||
{
|
||||
set_status_header(503);
|
||||
Core::setStatusHeader(503);
|
||||
echo 'Disallowed Key Characters.';
|
||||
exit(7); // EXIT_USER_INPUT
|
||||
}
|
||||
|
|
|
@ -166,6 +166,8 @@ class Layout
|
|||
$this->assigned_variables['serverName'] = $main_config->server_name;
|
||||
$this->assigned_variables['adminMail'] = $main_config->administrator_mail;
|
||||
$this->assigned_variables['contact'] = $contact_config->toArray();
|
||||
$this->assigned_variables['csrfTokenName'] = Factory::getInstance()->security->get_csrf_token_name();
|
||||
$this->assigned_variables['csrfHash'] = Factory::getInstance()->security->get_csrf_hash();
|
||||
|
||||
// Select an engine if one is not already selected
|
||||
if (is_null($this->current_engine)) {
|
||||
|
|
|
@ -478,10 +478,11 @@ class Logger {
|
|||
/**
|
||||
* Calls an HTTP error, sends it as a header, and loads a template if required to do so.
|
||||
*
|
||||
* @param int $errno HTTP error code
|
||||
* @param bool $layout true to layout error on website
|
||||
* @param int $errno HTTP error code
|
||||
* @param string $message Message describing the reason for the HTTP error
|
||||
* @param bool $layout true to layout error on website
|
||||
*/
|
||||
public static function http_error($errno = 500, $layout = true): bool
|
||||
public static function http_error($errno = 500, $message = '', $layout = true): bool
|
||||
{
|
||||
$http_codes = array(
|
||||
400 => 'Bad Request',
|
||||
|
@ -536,10 +537,11 @@ class Logger {
|
|||
$factory = Factory::getInstance();
|
||||
try {
|
||||
$factory->layout->reset();
|
||||
$factory->layout->assign('httpErrorMessage', $message);
|
||||
$factory->layout->display($layout);
|
||||
} catch (LayoutException $exception) {
|
||||
// No error page could be found, just echo the result
|
||||
$factory->output->set_output("<h1>$errno</h1><h3>" . $http_codes[$errno] . '</h3>');
|
||||
$factory->output->set_output("<h1>$errno</h1><h3>" . $http_codes[$errno] . '</h3><p>' . $message . '</p>');
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
|
@ -364,6 +364,7 @@ class Router
|
|||
if ($performLoading === true)
|
||||
{
|
||||
$this->routeDefault(array_values($this->uri->segments), '.*$');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -532,8 +533,15 @@ class Router
|
|||
|
||||
// Check if method exists or if there is a caller function
|
||||
if (method_exists($this->callable, $event->function) || method_exists($this->callable, '__call')) {
|
||||
// Run the routerCallMethodEvent
|
||||
$methodEvent = Events::fireEvent('routerCallMethodEvent');
|
||||
if ($methodEvent->isCancelled())
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
// Execute the function on the controller
|
||||
echo $this->callable->{$event->function}($event->parameters);
|
||||
$this->output->append_output($this->callable->{$event->function}($event->parameters));
|
||||
} else {
|
||||
// Function could not be found
|
||||
$this->logger->log('Could not find function '.$event->function.' on controller '.$event->className);
|
||||
|
|
|
@ -120,7 +120,7 @@ class Security {
|
|||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $_csrf_cookie_name = 'fw_csrf_token';
|
||||
protected $_csrf_cookie_name = 'fw_csrf_cookie';
|
||||
|
||||
/**
|
||||
* List of never allowed strings
|
||||
|
@ -263,7 +263,7 @@ class Security {
|
|||
$cfg = Factory::getInstance()->config->get('main');
|
||||
$secure_cookie = (bool) $cfg->cookie_secure;
|
||||
|
||||
if ($secure_cookie && ! is_https())
|
||||
if ($secure_cookie && ! Core::isHttps())
|
||||
{
|
||||
return $this;
|
||||
}
|
||||
|
|
|
@ -94,189 +94,6 @@ if ( ! function_exists('get_mimes'))
|
|||
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
if ( ! function_exists('is_https'))
|
||||
{
|
||||
/**
|
||||
* Is HTTPS?
|
||||
*
|
||||
* Determines if the application is accessed via an encrypted
|
||||
* (HTTPS) connection.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
function is_https()
|
||||
{
|
||||
if ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off')
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
elseif ( ! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
if ( ! function_exists('is_cli'))
|
||||
{
|
||||
|
||||
/**
|
||||
* Is CLI?
|
||||
*
|
||||
* Test to see if a request was made from the command line.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
function is_cli()
|
||||
{
|
||||
return (PHP_SAPI === 'cli' OR defined('STDIN'));
|
||||
}
|
||||
}
|
||||
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
if ( ! function_exists('set_status_header'))
|
||||
{
|
||||
/**
|
||||
* Set HTTP Status Header
|
||||
*
|
||||
* @param int the status code
|
||||
* @param string
|
||||
* @return void
|
||||
*/
|
||||
function set_status_header($code = 200, $text = '')
|
||||
{
|
||||
if (is_cli())
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (empty($code) OR ! is_numeric($code))
|
||||
{
|
||||
throw new \FuzeWorks\Exception\Exception('Status codes must be numeric', 1);
|
||||
}
|
||||
|
||||
if (empty($text))
|
||||
{
|
||||
is_int($code) OR $code = (int) $code;
|
||||
$stati = array(
|
||||
100 => 'Continue',
|
||||
101 => 'Switching Protocols',
|
||||
|
||||
200 => 'OK',
|
||||
201 => 'Created',
|
||||
202 => 'Accepted',
|
||||
203 => 'Non-Authoritative Information',
|
||||
204 => 'No Content',
|
||||
205 => 'Reset Content',
|
||||
206 => 'Partial Content',
|
||||
|
||||
300 => 'Multiple Choices',
|
||||
301 => 'Moved Permanently',
|
||||
302 => 'Found',
|
||||
303 => 'See Other',
|
||||
304 => 'Not Modified',
|
||||
305 => 'Use Proxy',
|
||||
307 => 'Temporary Redirect',
|
||||
|
||||
400 => 'Bad Request',
|
||||
401 => 'Unauthorized',
|
||||
402 => 'Payment Required',
|
||||
403 => 'Forbidden',
|
||||
404 => 'Not Found',
|
||||
405 => 'Method Not Allowed',
|
||||
406 => 'Not Acceptable',
|
||||
407 => 'Proxy Authentication Required',
|
||||
408 => 'Request Timeout',
|
||||
409 => 'Conflict',
|
||||
410 => 'Gone',
|
||||
411 => 'Length Required',
|
||||
412 => 'Precondition Failed',
|
||||
413 => 'Request Entity Too Large',
|
||||
414 => 'Request-URI Too Long',
|
||||
415 => 'Unsupported Media Type',
|
||||
416 => 'Requested Range Not Satisfiable',
|
||||
417 => 'Expectation Failed',
|
||||
422 => 'Unprocessable Entity',
|
||||
|
||||
500 => 'Internal Server Error',
|
||||
501 => 'Not Implemented',
|
||||
502 => 'Bad Gateway',
|
||||
503 => 'Service Unavailable',
|
||||
504 => 'Gateway Timeout',
|
||||
505 => 'HTTP Version Not Supported'
|
||||
);
|
||||
|
||||
if (isset($stati[$code]))
|
||||
{
|
||||
$text = $stati[$code];
|
||||
}
|
||||
else
|
||||
{
|
||||
show_error('No status text available. Please check your status code number or supply your own message text.', 500);
|
||||
}
|
||||
}
|
||||
|
||||
if (strpos(PHP_SAPI, 'cgi') === 0)
|
||||
{
|
||||
header('Status: '.$code.' '.$text, TRUE);
|
||||
}
|
||||
else
|
||||
{
|
||||
$server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1';
|
||||
header($server_protocol.' '.$code.' '.$text, TRUE, $code);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// --------------------------------------------------------------------
|
||||
|
||||
if ( ! function_exists('remove_invisible_characters'))
|
||||
{
|
||||
/**
|
||||
* Remove Invisible Characters
|
||||
*
|
||||
* This prevents sandwiching null characters
|
||||
* between ascii characters, like Java\0script.
|
||||
*
|
||||
* @param string
|
||||
* @param bool
|
||||
* @return string
|
||||
*/
|
||||
function remove_invisible_characters($str, $url_encoded = TRUE)
|
||||
{
|
||||
$non_displayables = array();
|
||||
|
||||
// every control character except newline (dec 10),
|
||||
// carriage return (dec 13) and horizontal tab (dec 09)
|
||||
if ($url_encoded)
|
||||
{
|
||||
$non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15
|
||||
$non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31
|
||||
}
|
||||
|
||||
$non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127
|
||||
|
||||
do
|
||||
{
|
||||
$str = preg_replace($non_displayables, '', $str, -1, $count);
|
||||
}
|
||||
while ($count);
|
||||
|
||||
return $str;
|
||||
}
|
||||
}
|
||||
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
if ( ! function_exists('html_escape'))
|
||||
{
|
||||
/**
|
||||
|
@ -344,51 +161,4 @@ if ( ! function_exists('_stringify_attributes'))
|
|||
|
||||
return rtrim($atts, ',');
|
||||
}
|
||||
}
|
||||
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
if ( ! function_exists('function_usable'))
|
||||
{
|
||||
/**
|
||||
* Function usable
|
||||
*
|
||||
* Executes a function_exists() check, and if the Suhosin PHP
|
||||
* extension is loaded - checks whether the function that is
|
||||
* checked might be disabled in there as well.
|
||||
*
|
||||
* This is useful as function_exists() will return FALSE for
|
||||
* functions disabled via the *disable_functions* php.ini
|
||||
* setting, but not for *suhosin.executor.func.blacklist* and
|
||||
* *suhosin.executor.disable_eval*. These settings will just
|
||||
* terminate script execution if a disabled function is executed.
|
||||
*
|
||||
* The above described behavior turned out to be a bug in Suhosin,
|
||||
* but even though a fix was commited for 0.9.34 on 2012-02-12,
|
||||
* that version is yet to be released. This function will therefore
|
||||
* be just temporary, but would probably be kept for a few years.
|
||||
*
|
||||
* @link http://www.hardened-php.net/suhosin/
|
||||
* @param string $function_name Function to check for
|
||||
* @return bool TRUE if the function exists and is safe to call,
|
||||
* FALSE otherwise.
|
||||
*/
|
||||
function function_usable($function_name)
|
||||
{
|
||||
static $_suhosin_func_blacklist;
|
||||
|
||||
if (function_exists($function_name))
|
||||
{
|
||||
if ( ! isset($_suhosin_func_blacklist))
|
||||
{
|
||||
$_suhosin_func_blacklist = extension_loaded('suhosin')
|
||||
? explode(',', trim(ini_get('suhosin.executor.func.blacklist')))
|
||||
: array();
|
||||
}
|
||||
|
||||
return ! in_array($function_name, $_suhosin_func_blacklist, TRUE);
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -202,6 +202,24 @@ class eventsTest extends CoreTestAbstract
|
|||
$this->assertNull(Events::removeListener(function($x) {echo "Called"; }, 'mockEvent', EventPriority::NORMAL));
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testAddAndRemoveListener
|
||||
*/
|
||||
public function testListenerVariablePass()
|
||||
{
|
||||
$event = $this->getMockBuilder(MockEvent::class)->getMock();
|
||||
$passVariable = 'value';
|
||||
|
||||
$eventName = get_class($event);
|
||||
|
||||
Events::addListener(function($event, $passVariable) {
|
||||
$this->assertEquals('value', $passVariable);
|
||||
|
||||
}, $eventName, EventPriority::NORMAL, $passVariable);
|
||||
|
||||
Events::fireEvent($event);
|
||||
}
|
||||
|
||||
public function testDisable()
|
||||
{
|
||||
// First add the listener, expect it to be never called
|
||||
|
|
|
@ -118,7 +118,7 @@ class loggerTest extends CoreTestAbstract
|
|||
Logger::exceptionHandler($exception);
|
||||
|
||||
// Check the output
|
||||
$this->assertEquals('<h1>500</h1><h3>Internal Server Error</h3>', $this->output->get_output());
|
||||
$this->assertEquals('<h1>500</h1><h3>Internal Server Error</h3><p></p>', $this->output->get_output());
|
||||
|
||||
// Check the logs
|
||||
$log = Logger::$Logs[0];
|
||||
|
@ -213,13 +213,21 @@ class loggerTest extends CoreTestAbstract
|
|||
Logger::http_error($code);
|
||||
|
||||
// Check the output
|
||||
$this->assertEquals('<h1>'.$code.'</h1><h3>'.$description.'</h3>', $this->output->get_output());
|
||||
$this->assertEquals('<h1>'.$code.'</h1><h3>'.$description.'</h3><p></p>', $this->output->get_output());
|
||||
}
|
||||
|
||||
// Test when not viewing
|
||||
Logger::http_error(404, false);
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testHttpError
|
||||
*/
|
||||
public function testHttpErrorWithoutLayout()
|
||||
{
|
||||
$this->assertFalse(Logger::http_error(500, '', false));
|
||||
}
|
||||
|
||||
public function testEnableDisable()
|
||||
{
|
||||
// First enable
|
||||
|
|
|
@ -33,6 +33,9 @@
|
|||
<exclude>
|
||||
<directory suffix=".php">../vendor/</directory>
|
||||
<directory suffix=".php">../tests/</directory>
|
||||
<directory suffix=".php">../src/Layout/</directory>
|
||||
<directory suffix=".php">../src/Config/</directory>
|
||||
<directory suffix=".php">../src/Language/</directory>
|
||||
</exclude>
|
||||
</whitelist>
|
||||
</filter>
|
||||
|
|
Loading…
Reference in New Issue