Merge branch 'master' into 'development'

1.1.2 release Closes #117 See merge request fuzeworks/core!60
2018-02-20 22:04:48 +01:00 · 2018-02-20 22:04:48 +01:00 · acd1f28407
parent 9dded39d62 0c7ae1300b
commit acd1f28407
12 changed files with 78 additions and 255 deletions
--- a/src/Config/config.security.php
+++ b/src/Config/config.security.php
@ -47,8 +47,8 @@ return array(
 	| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
 	*/
 	'csrf_protection' => true,
-	'csrf_token_name' => 'csrf_test_name',
-	'csrf_cookie_name' => 'csrf_cookie_name',
+	'csrf_token_name' => 'fw_csrf_token',
+	'csrf_cookie_name' => 'fw_csrf_cookie',
 	'csrf_expire' => 7200,
 	'csrf_regenerate' => TRUE,
 	'csrf_exclude_uris' => array(),
--- a/src/FuzeWorks/Events.php
+++ b/src/FuzeWorks/Events.php
@ -73,9 +73,10 @@ class Events
    /**
     * Adds a function as listener.
     *
-     * @param mixed callback The callback when the events get fired, see {@link http://php.net/manual/en/language.types.callable.php PHP.net}
-     * @param string $eventName The name of the event
-     * @param int    $priority  The priority, even though integers are valid, please use EventPriority (for example EventPriority::Lowest)
+     * @param   mixed   $callback           The callback when the events get fired, see {@link http://php.net/manual/en/language.types.callable.php PHP.net}
+     * @param   string  $eventName          The name of the event
+     * @param   int     $priority           The priority, even though integers are valid, please use EventPriority (for example EventPriority::Lowest)
+     * @param   mixed   $parameters,...     Parameters for the listener
     *
     * @see EventPriority
     *
@ -106,7 +107,15 @@ class Events
            self::$listeners[$eventName][$priority] = array();
        }

-        self::$listeners[$eventName][$priority][] = $callback;
+        if (func_num_args() > 3) {
+            $args = array_slice(func_get_args(), 3);
+        }
+        else
+        {
+            $args = array();
+        }
+
+        self::$listeners[$eventName][$priority][] = array($callback, $args);
    }

    /**
@ -131,7 +140,7 @@ class Events
        }

        foreach (self::$listeners[$eventName][$priority] as $i => $_callback) {
-            if ($_callback == $callback) {
+            if ($_callback[0] == $callback) {
                unset(self::$listeners[$eventName][$priority][$i]);

                return;
@ -144,9 +153,10 @@ class Events
     *
     * The Event gets created, passed around and then returned to the issuer.
     *
-     * @param mixed $input Object for direct event, string for system event or notifierEvent
-     * @todo  Implement Application Events
-     * @todo  Implement Directory input for Events from other locations (like Modules)
+     * @param   mixed $input            Object for direct event, string for system event or notifierEvent
+     * @param   mixed $parameters,...   Parameters for the event
+     * @todo    Implement Application Events
+     * @todo    Implement Directory input for Events from other locations (like Modules)
     *
     * @return Event The Event
     */
@ -222,8 +232,9 @@ class Events
                    $listeners = self::$listeners[$eventName][$priority];
                    Logger::newLevel('Found listeners with priority '.EventPriority::getPriority($priority));
                    //Fire the event to each listener
-                    foreach ($listeners as $callback) {
+                    foreach ($listeners as $callbackArray) {
                        // @codeCoverageIgnoreStart
+                        $callback = $callbackArray[0];
                        if (is_callable($callback)) {
                            Logger::newLevel('Firing function');
                        } elseif (!is_string($callback[0])) {
@ -232,8 +243,9 @@ class Events
                            Logger::newLevel('Firing '.implode('->', $callback));
                        }
                        // @codeCoverageIgnoreEnd
-                        
-                        call_user_func($callback, $event);
+
+                        $args = array_merge(array($event), $callbackArray[1]);
+                        call_user_func_array($callback, $args);
                        Logger::stopLevel();
                    }

--- a/src/FuzeWorks/Factory.php
+++ b/src/FuzeWorks/Factory.php
@ -183,9 +183,9 @@ class Factory
 	        $this->language = new Language();
 	        $this->utf8 = new Utf8();
 	        $this->uri = new URI();
+	        $this->output = new Output();
 	        $this->security = new Security();
 	        $this->input = new Input();
-	        $this->output = new Output();
 	        $this->router = new Router();

 	        return true;
--- a/src/FuzeWorks/Input.php
+++ b/src/FuzeWorks/Input.php
@ -725,7 +725,7 @@ class Input {
 			}
 			else
 			{
-				set_status_header(503);
+				Core::setStatusHeader(503);
 				echo 'Disallowed Key Characters.';
 				exit(7); // EXIT_USER_INPUT
 			}
--- a/src/FuzeWorks/Layout.php
+++ b/src/FuzeWorks/Layout.php
@ -166,6 +166,8 @@ class Layout
        $this->assigned_variables['serverName'] = $main_config->server_name;
        $this->assigned_variables['adminMail'] = $main_config->administrator_mail;
        $this->assigned_variables['contact'] = $contact_config->toArray();
+        $this->assigned_variables['csrfTokenName'] = Factory::getInstance()->security->get_csrf_token_name();
+        $this->assigned_variables['csrfHash'] = Factory::getInstance()->security->get_csrf_hash();

        // Select an engine if one is not already selected
        if (is_null($this->current_engine)) {
--- a/src/FuzeWorks/Logger.php
+++ b/src/FuzeWorks/Logger.php
@ -478,10 +478,11 @@ class Logger {
    /**
     * Calls an HTTP error, sends it as a header, and loads a template if required to do so.
     *
-     * @param int  $errno HTTP error code
-     * @param bool $layout  true to layout error on website
+     * @param int       $errno      HTTP error code
+     * @param string    $message    Message describing the reason for the HTTP error
+     * @param bool      $layout     true to layout error on website
     */
-    public static function http_error($errno = 500, $layout = true): bool
+    public static function http_error($errno = 500, $message = '', $layout = true): bool
    {
        $http_codes = array(
            400 => 'Bad Request',
@ -536,10 +537,11 @@ class Logger {
        $factory = Factory::getInstance();
        try {
            $factory->layout->reset();
+            $factory->layout->assign('httpErrorMessage', $message);
            $factory->layout->display($layout);
        } catch (LayoutException $exception) {
            // No error page could be found, just echo the result
-            $factory->output->set_output("<h1>$errno</h1><h3>" . $http_codes[$errno] . '</h3>');
+            $factory->output->set_output("<h1>$errno</h1><h3>" . $http_codes[$errno] . '</h3><p>' . $message . '</p>');
        }
        
        return true;
--- a/src/FuzeWorks/Router.php
+++ b/src/FuzeWorks/Router.php
@ -364,6 +364,7 @@ class Router
        if ($performLoading === true)
        {
            $this->routeDefault(array_values($this->uri->segments), '.*$');
+            return false;
        }
    }

@ -532,8 +533,15 @@ class Router

            // Check if method exists or if there is a caller function
            if (method_exists($this->callable, $event->function) || method_exists($this->callable, '__call')) {
+                // Run the routerCallMethodEvent
+                $methodEvent = Events::fireEvent('routerCallMethodEvent');
+                if ($methodEvent->isCancelled())
+                {
+                    return;
+                }
+
                // Execute the function on the controller
-                echo $this->callable->{$event->function}($event->parameters);
+                $this->output->append_output($this->callable->{$event->function}($event->parameters));
            } else {
                // Function could not be found
                $this->logger->log('Could not find function '.$event->function.' on controller '.$event->className);
--- a/src/FuzeWorks/Security.php
+++ b/src/FuzeWorks/Security.php
@ -120,7 +120,7 @@ class Security {
 	 *
 	 * @var	string
 	 */
-	protected $_csrf_cookie_name =	'fw_csrf_token';
+	protected $_csrf_cookie_name =	'fw_csrf_cookie';

 	/**
 	 * List of never allowed strings
@ -263,7 +263,7 @@ class Security {
 		$cfg = Factory::getInstance()->config->get('main');
 		$secure_cookie = (bool) $cfg->cookie_secure;

-		if ($secure_cookie && ! is_https())
+		if ($secure_cookie && ! Core::isHttps())
 		{
 			return $this;
 		}
--- a/src/Helpers/common_helper.php
+++ b/src/Helpers/common_helper.php
@ -94,189 +94,6 @@ if ( ! function_exists('get_mimes'))

 // ------------------------------------------------------------------------

-if ( ! function_exists('is_https'))
-{
-	/**
-	 * Is HTTPS?
-	 *
-	 * Determines if the application is accessed via an encrypted
-	 * (HTTPS) connection.
-	 *
-	 * @return	bool
-	 */
-	function is_https()
-	{
-		if ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off')
-		{
-			return TRUE;
-		}
-		elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
-		{
-			return TRUE;
-		}
-		elseif ( ! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')
-		{
-			return TRUE;
-		}
-
-		return FALSE;
-	}
-}
-
-// ------------------------------------------------------------------------
-
-if ( ! function_exists('is_cli'))
-{
-
-	/**
-	 * Is CLI?
-	 *
-	 * Test to see if a request was made from the command line.
-	 *
-	 * @return 	bool
-	 */
-	function is_cli()
-	{
-		return (PHP_SAPI === 'cli' OR defined('STDIN'));
-	}
-}
-
-// ------------------------------------------------------------------------
-
-if ( ! function_exists('set_status_header'))
-{
-	/**
-	 * Set HTTP Status Header
-	 *
-	 * @param	int	the status code
-	 * @param	string
-	 * @return	void
-	 */
-	function set_status_header($code = 200, $text = '')
-	{
-		if (is_cli())
-		{
-			return;
-		}
-
-		if (empty($code) OR ! is_numeric($code))
-		{
-			throw new \FuzeWorks\Exception\Exception('Status codes must be numeric', 1);
-		}
-
-		if (empty($text))
-		{
-			is_int($code) OR $code = (int) $code;
-			$stati = array(
-				100	=> 'Continue',
-				101	=> 'Switching Protocols',
-
-				200	=> 'OK',
-				201	=> 'Created',
-				202	=> 'Accepted',
-				203	=> 'Non-Authoritative Information',
-				204	=> 'No Content',
-				205	=> 'Reset Content',
-				206	=> 'Partial Content',
-
-				300	=> 'Multiple Choices',
-				301	=> 'Moved Permanently',
-				302	=> 'Found',
-				303	=> 'See Other',
-				304	=> 'Not Modified',
-				305	=> 'Use Proxy',
-				307	=> 'Temporary Redirect',
-
-				400	=> 'Bad Request',
-				401	=> 'Unauthorized',
-				402	=> 'Payment Required',
-				403	=> 'Forbidden',
-				404	=> 'Not Found',
-				405	=> 'Method Not Allowed',
-				406	=> 'Not Acceptable',
-				407	=> 'Proxy Authentication Required',
-				408	=> 'Request Timeout',
-				409	=> 'Conflict',
-				410	=> 'Gone',
-				411	=> 'Length Required',
-				412	=> 'Precondition Failed',
-				413	=> 'Request Entity Too Large',
-				414	=> 'Request-URI Too Long',
-				415	=> 'Unsupported Media Type',
-				416	=> 'Requested Range Not Satisfiable',
-				417	=> 'Expectation Failed',
-				422	=> 'Unprocessable Entity',
-
-				500	=> 'Internal Server Error',
-				501	=> 'Not Implemented',
-				502	=> 'Bad Gateway',
-				503	=> 'Service Unavailable',
-				504	=> 'Gateway Timeout',
-				505	=> 'HTTP Version Not Supported'
-			);
-
-			if (isset($stati[$code]))
-			{
-				$text = $stati[$code];
-			}
-			else
-			{
-				show_error('No status text available. Please check your status code number or supply your own message text.', 500);
-			}
-		}
-
-		if (strpos(PHP_SAPI, 'cgi') === 0)
-		{
-			header('Status: '.$code.' '.$text, TRUE);
-		}
-		else
-		{
-			$server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1';
-			header($server_protocol.' '.$code.' '.$text, TRUE, $code);
-		}
-	}
-}
-
-// --------------------------------------------------------------------
-
-if ( ! function_exists('remove_invisible_characters'))
-{
-	/**
-	 * Remove Invisible Characters
-	 *
-	 * This prevents sandwiching null characters
-	 * between ascii characters, like Java\0script.
-	 *
-	 * @param	string
-	 * @param	bool
-	 * @return	string
-	 */
-	function remove_invisible_characters($str, $url_encoded = TRUE)
-	{
-		$non_displayables = array();
-
-		// every control character except newline (dec 10),
-		// carriage return (dec 13) and horizontal tab (dec 09)
-		if ($url_encoded)
-		{
-			$non_displayables[] = '/%0[0-8bcef]/';	// url encoded 00-08, 11, 12, 14, 15
-			$non_displayables[] = '/%1[0-9a-f]/';	// url encoded 16-31
-		}
-
-		$non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S';	// 00-08, 11, 12, 14-31, 127
-
-		do
-		{
-			$str = preg_replace($non_displayables, '', $str, -1, $count);
-		}
-		while ($count);
-
-		return $str;
-	}
-}
-
-// ------------------------------------------------------------------------
-
 if ( ! function_exists('html_escape'))
 {
 	/**
@ -344,51 +161,4 @@ if ( ! function_exists('_stringify_attributes'))

 		return rtrim($atts, ',');
 	}
-}
-
-// ------------------------------------------------------------------------
-
-if ( ! function_exists('function_usable'))
-{
-	/**
-	 * Function usable
-	 *
-	 * Executes a function_exists() check, and if the Suhosin PHP
-	 * extension is loaded - checks whether the function that is
-	 * checked might be disabled in there as well.
-	 *
-	 * This is useful as function_exists() will return FALSE for
-	 * functions disabled via the *disable_functions* php.ini
-	 * setting, but not for *suhosin.executor.func.blacklist* and
-	 * *suhosin.executor.disable_eval*. These settings will just
-	 * terminate script execution if a disabled function is executed.
-	 *
-	 * The above described behavior turned out to be a bug in Suhosin,
-	 * but even though a fix was commited for 0.9.34 on 2012-02-12,
-	 * that version is yet to be released. This function will therefore
-	 * be just temporary, but would probably be kept for a few years.
-	 *
-	 * @link	http://www.hardened-php.net/suhosin/
-	 * @param	string	$function_name	Function to check for
-	 * @return	bool	TRUE if the function exists and is safe to call,
-	 *			FALSE otherwise.
-	 */
-	function function_usable($function_name)
-	{
-		static $_suhosin_func_blacklist;
-
-		if (function_exists($function_name))
-		{
-			if ( ! isset($_suhosin_func_blacklist))
-			{
-				$_suhosin_func_blacklist = extension_loaded('suhosin')
-					? explode(',', trim(ini_get('suhosin.executor.func.blacklist')))
-					: array();
-			}
-
-			return ! in_array($function_name, $_suhosin_func_blacklist, TRUE);
-		}
-
-		return FALSE;
-	}
-}
+}
--- a/tests/core/core_eventsTest.php
+++ b/tests/core/core_eventsTest.php
@ -202,6 +202,24 @@ class eventsTest extends CoreTestAbstract
        $this->assertNull(Events::removeListener(function($x) {echo "Called"; }, 'mockEvent', EventPriority::NORMAL));
    }

+    /**
+     * @depends testAddAndRemoveListener
+     */
+    public function testListenerVariablePass()
+    {
+        $event = $this->getMockBuilder(MockEvent::class)->getMock();
+        $passVariable = 'value';
+
+        $eventName = get_class($event);
+
+        Events::addListener(function($event, $passVariable) {
+            $this->assertEquals('value', $passVariable);
+
+        }, $eventName, EventPriority::NORMAL, $passVariable);
+
+        Events::fireEvent($event);
+    }
+
    public function testDisable()
    {
        // First add the listener, expect it to be never called
--- a/tests/core/core_loggerTest.php
+++ b/tests/core/core_loggerTest.php
@ -118,7 +118,7 @@ class loggerTest extends CoreTestAbstract
        Logger::exceptionHandler($exception);

        // Check the output
-        $this->assertEquals('<h1>500</h1><h3>Internal Server Error</h3>', $this->output->get_output());
+        $this->assertEquals('<h1>500</h1><h3>Internal Server Error</h3><p></p>', $this->output->get_output());

        // Check the logs
        $log = Logger::$Logs[0];
@ -213,13 +213,21 @@ class loggerTest extends CoreTestAbstract
            Logger::http_error($code);

            // Check the output
-            $this->assertEquals('<h1>'.$code.'</h1><h3>'.$description.'</h3>', $this->output->get_output());
+            $this->assertEquals('<h1>'.$code.'</h1><h3>'.$description.'</h3><p></p>', $this->output->get_output());
        }

        // Test when not viewing
        Logger::http_error(404, false);
    }

+    /**
+     * @depends testHttpError
+     */
+    public function testHttpErrorWithoutLayout()
+    {
+        $this->assertFalse(Logger::http_error(500, '', false));
+    }
+
    public function testEnableDisable()
    {
        // First enable
--- a/tests/phpunit.xml
+++ b/tests/phpunit.xml
@ -33,6 +33,9 @@
        <exclude>
          <directory suffix=".php">../vendor/</directory>
          <directory suffix=".php">../tests/</directory>
+          <directory suffix=".php">../src/Layout/</directory>
+          <directory suffix=".php">../src/Config/</directory>
+          <directory suffix=".php">../src/Language/</directory>
        </exclude>
      </whitelist>
    </filter>