From cfe9921aa1568cb3ba82364b9014cedbf37c13f6 Mon Sep 17 00:00:00 2001 From: "Pierre Habouzit (MadCoder" Date: Wed, 15 Dec 2004 13:37:19 +0000 Subject: [PATCH] create env access classes there is now Env::, Session::, Get::, Post::, Cookie:: classes. the duplication of code is awful, but is a result of the deficient PHP4 OO design. it would be a lot better in php5 where 'self' is defined as the current class. moreover, I used thoses classes in 3 pages for a proof of concept. code become much much clearer ! So i'll go through the entire site and remove direct accesses to POST/GET/REQUESTS/SESSION/COOKIE note that PHP is not able to parse Session::get('log')->log(foo) so for thoses exceptions, you have to do instead : if (Session::has('log')) { $_SESSION->log(foo); } which IMHO remains more readable than if (isset($_SESSION['log'])) { $_SESSION->log(foo); } purists would even use : if ($logger = Session::getMixed('log')) { $logger->log(foo); } or some other form that does not use $_SESSION explicitely PS: maybe I should create a : WIBBLE::callIfExists('log', Array('func', 'arg1', 'arg2', ...)) but I find that horrible to read. that's why I did'nt implemented it git-archimport-id: opensource@polytechnique.org--2005/platal--mainline--0.9--patch-94 --- htdocs/TESTS/xorg_env.php | 86 ++++++++ htdocs/acces_smtp.php | 28 +-- htdocs/alias.php | 17 +- htdocs/deconnexion.php | 9 +- htdocs/emails/send.php | 51 +++-- htdocs/exit.php | 3 +- htdocs/getphoto.php | 4 +- htdocs/index.php | 3 +- htdocs/newsletter/show.php | 4 +- include/xorg.inc.php | 1 + include/xorg/env.inc.php | 344 +++++++++++++++++++++++++++++++ plugins/modifier.stripslashes.php | 34 +++ templates/emails/send.tpl | 33 +-- templates/include/form.valid.aliases.tpl | 2 +- 14 files changed, 538 insertions(+), 81 deletions(-) create mode 100644 htdocs/TESTS/xorg_env.php create mode 100644 include/xorg/env.inc.php create mode 100644 plugins/modifier.stripslashes.php diff --git a/htdocs/TESTS/xorg_env.php b/htdocs/TESTS/xorg_env.php new file mode 100644 index 0000000..dd34f3f --- /dev/null +++ b/htdocs/TESTS/xorg_env.php @@ -0,0 +1,86 @@ +UnitTestCase('Env access'); + } + + function test_get() { + $_REQUEST['foo'] = 'baz'; + $this->assertIdentical(Env::get('foo'), 'baz'); + + $_REQUEST['foo'] = 123; + $this->assertIdentical(Env::get('foo'), '123'); + + $_REQUEST['foo'] = '123'; + $this->assertIdentical(Env::get('foo'), '123'); + + $this->assertIdentical(Env::get('bar'), ''); + $this->assertIdentical(Env::get('bar', 'bar'), 'bar'); + } + + function test_getMixed() { + $_REQUEST['foo'] = 'baz'; + $this->assertIdentical(Env::getMixed('foo'), 'baz'); + + $_REQUEST['foo'] = 123; + $this->assertIdentical(Env::getMixed('foo'), 123); + + $_REQUEST['foo'] = Array(1,'a'); + $this->assertIdentical(Env::getMixed('foo'), Array(1,'a')); + + $this->assertIdentical(Env::getMixed('bar'), ''); + $this->assertIdentical(Env::getMixed('bar', 'bar'), 'bar'); + } + + function test_getBool() { + $_REQUEST['foo'] = 'baz'; + $this->assertIdentical(Env::getBool('foo'), true); + + $_REQUEST['foo'] = 123; + $this->assertIdentical(Env::getBool('foo'), true); + + $_REQUEST['foo'] = '123'; + $this->assertIdentical(Env::getBool('foo'), true); + + $this->assertIdentical(Env::getBool('bar'), false); + $this->assertIdentical(Env::getBool('bar', true), true); + } + + function test_getInt() { + $_REQUEST['foo'] = 'baz'; + $this->assertIdentical(Env::getInt('foo'), 0); + $this->assertIdentical(Env::getInt('foo', 10), 10); + + $_REQUEST['foo'] = 123; + $this->assertIdentical(Env::getInt('foo'), 123); + + $_REQUEST['foo'] = '123'; + $this->assertIdentical(Env::getInt('foo'), 123); + + $this->assertIdentical(Env::getInt('bar'), 0); + $this->assertIdentical(Env::getInt('bar', 123), 123); + } + + function test_kill() { + $_REQUEST['foo'] = 'baz'; + Env::kill('foo'); + $this->assertFalse(isset($_REQUEST['foo'])); + } + + function test_other_class() { + $_POST['foo'] = 'baz'; + Post::kill('foo'); + $this->assertFalse(isset($_POST['foo'])); + + $_GET['foo'] = 'baz'; + Get::kill('foo'); + $this->assertFalse(isset($_GET['foo'])); + } +} + +$test = &new TestOfEnv(); +$test->run($reporter); +?> diff --git a/htdocs/acces_smtp.php b/htdocs/acces_smtp.php index ec40901..2f3aa5c 100644 --- a/htdocs/acces_smtp.php +++ b/htdocs/acces_smtp.php @@ -21,36 +21,30 @@ require_once("xorg.inc.php"); new_skinned_page('acces_smtp.tpl', AUTH_MDP); + +$uid = Session::getInt('uid'); +$pass = Env::get('smtppass1'); -if (isset($_REQUEST['op']) && $_REQUEST['op'] == "Valider" - && isset($_REQUEST['smtppass1']) && isset($_REQUEST['smtppass2']) - && $_REQUEST['smtppass1'] == $_REQUEST['smtppass2'] - && strlen($_REQUEST['smtppass1'])>=6) { +if ( Env::get('op') == "Valider" && Env::get('smtppass1') == Env::get('smtppass2') && strlen($pass) >= 6 ) { - // on change le mot de passe - $result = $globals->db->query("select smtppass from auth_user_md5 where user_id = ".$_SESSION['uid']); - list($smtppass_old) = mysql_fetch_row($result); - mysql_free_result($result); - $globals->db->query("update auth_user_md5 set smtppass = '{$_REQUEST['smtppass1']}' where user_id = ".$_SESSION['uid']); + $globals->db->query("update auth_user_md5 set smtppass = '$pass' where user_id = $uid"); $_SESSION['log']->log("passwd_ssl"); - $page->trig('Mot de passe enregistré'); -} elseif (isset($_REQUEST['op']) && $_REQUEST['op'] == "Supprimer") { +} elseif (Env::get('op') == "Supprimer") { - $globals->db->query("update auth_user_md5 set smtppass = '' where user_id = ".$_SESSION['uid']); + $globals->db->query("update auth_user_md5 set smtppass = '' where user_id = $uid"); $_SESSION['log']->log("passwd_del"); $page->trig('Compte SMTP et NNTP supprimé'); } -$result = $globals->db->query("select smtppass from auth_user_md5 where user_id = ".$_SESSION['uid']); -list($smtppass_old) = mysql_fetch_row($result); +$result = $globals->db->query("select IF(smtppass != '', 'actif', '') from auth_user_md5 where user_id = ".$_SESSION['uid']); +list($actif) = mysql_fetch_row($result); mysql_free_result($result); -$page->assign('actif', ($smtppass_old != "")); - -$page->run(($smtppass_old != "") ? "actif" : ""); +$page->assign('actif', $actif); +$page->run($actif); // vim:et:sw=4: ?> diff --git a/htdocs/alias.php b/htdocs/alias.php index 3bd91b1..439d758 100644 --- a/htdocs/alias.php +++ b/htdocs/alias.php @@ -24,14 +24,17 @@ require_once("validations.inc.php"); new_skinned_page('alias.tpl', AUTH_MDP); -$page->assign('demande', AliasReq::get_unique_request($_SESSION['uid'])); +$uid = Session::getInt('uid'); +$forlife = Session::get('forlife'); + +$page->assign('demande', AliasReq::get_unique_request($uid)); //Récupération des alias éventuellement existants $sql = "SELECT alias FROM virtual INNER JOIN virtual_redirect USING(vid) - WHERE ( redirect='{$_SESSION['forlife']}@{$globals->mail->domain}' - OR redirect='{$_SESSION['forlife']}@{$globals->mail->domain2}' ) + WHERE ( redirect='$forlife@{$globals->mail->domain}' + OR redirect='$forlife@{$globals->mail->domain2}' ) AND alias LIKE '%@{$globals->mail->alias_dom}'"; if($result = $globals->db->query($sql)) { list($aliases) = mysql_fetch_row($result); @@ -40,9 +43,9 @@ if($result = $globals->db->query($sql)) { } //Si l'utilisateur vient de faire une damande -if (isset($_REQUEST['alias']) and isset($_REQUEST['raison'])) { - $alias = $_REQUEST['alias']; - $raison = $_REQUEST['raison']; +if (Env::has('alias') and Env::has('raison')) { + $alias = Env::get('alias'); + $raison = Env::get('raison'); $page->assign('r_alias', $alias); $page->assign('r_raison', $raison); @@ -74,7 +77,7 @@ if (isset($_REQUEST['alias']) and isset($_REQUEST['raison'])) { } //Insertion de la demande dans la base, écrase les requêtes précédente - $myalias = new AliasReq($_SESSION['uid'], $alias, $raison); + $myalias = new AliasReq($uid, $alias, $raison); $myalias->submit(); $page->assign('success',$alias); $page->run('succes'); diff --git a/htdocs/deconnexion.php b/htdocs/deconnexion.php index 0da618f..1d8e83a 100644 --- a/htdocs/deconnexion.php +++ b/htdocs/deconnexion.php @@ -24,18 +24,15 @@ require_once("xorg.inc.php"); if (isset($_SESSION['suid'])) { require_once('./exit.php'); } if (isset($_SESSION['log'])) { - if (isset($_SERVER['HTTP_REFERER'])) - $ref = $_SERVER['HTTP_REFERER']; - else - $ref = ""; + $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ""; $_SESSION['log']->log("deconnexion",$ref); } session_destroy(); -$has_cookie = (isset($_COOKIE['ORGaccess']) && isset($_COOKIE['ORGuid'])); $_SESSION = array(); -if($has_cookie) +if(isset($_COOKIE['ORGaccess']) && isset($_COOKIE['ORGuid'])) { header("Location: login.php"); +} new_skinned_page('deconnexion.tpl', AUTH_PUBLIC); diff --git a/htdocs/emails/send.php b/htdocs/emails/send.php index 99c9299..aafae3d 100644 --- a/htdocs/emails/send.php +++ b/htdocs/emails/send.php @@ -22,51 +22,46 @@ require_once("xorg.inc.php"); new_skinned_page('emails/send.tpl',AUTH_MDP); - // action si on recoit un formulaire -if (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'Envoyer' - and isset($_REQUEST['to']) and isset($_REQUEST['sujet']) - and isset($_REQUEST['contenu']) and isset($_REQUEST['cc']) - and isset($_REQUEST['bcc'])) { - $autre_to = (isset($_REQUEST['contacts']) ? join(', ',$_REQUEST['contacts']) : ''); +if (Env::get('submit') == 'Envoyer') +{ + $to2 = stripslashes(join(', ', Env::getMixed('contacts', Array()))); + $txt = str_replace('^M', '', stripslashes(Env::get('contenu'))); + $to = stripslashes(Env::get('to')); + $subj = stripslashes(Env::get('sujet')); + $from = stripslashes(Env::get('from')); + $cc = stripslashes(Env::get('cc')); + $bcc = stripslashes(Env::get('bcc')); - if (get_magic_quotes_gpc()) { - $_REQUEST['contenu'] = str_replace(' ', '', stripslashes($_REQUEST['contenu'])); - $_REQUEST['to'] = stripslashes($_REQUEST['to']); - $_REQUEST['sujet'] = stripslashes($_REQUEST['sujet']); - $_REQUEST['from'] = stripslashes($_REQUEST['from']); - $_REQUEST['cc'] = stripslashes($_REQUEST['cc']); - $_REQUEST['bcc'] = stripslashes($_REQUEST['bcc']); - $autre_to = stripslashes($autre_to); - } - - if ($_REQUEST['to'] == '' and $_REQUEST['cc'] == '' and $autre_to == '') { + if (empty($to) && empty($cc) && empty($to2)) { $page->trig("Indique au moins un destinataire."); } else { require_once("diogenes.hermes.inc.php"); - //$_REQUEST['contenu'] = chunk_split($_REQUEST['contenu'], 76, "\n"); // pas bon, ne tient pas compte des mots - $dest = $_REQUEST['to'].', '.$autre_to; + $mymail = new HermesMailer(); - $mymail->setFrom($_REQUEST['from']); - $mymail->addTo($dest); - $mymail->setSubject($_REQUEST['sujet']); - if (!empty($_REQUEST['cc'])) $mymail->addCc($_REQUEST['cc']); - if (!empty($_REQUEST['bcc'])) $mymail->addBcc($_REQUEST['bcc']); - $mymail->setTxtBody(wordwrap($_REQUEST['contenu'],72,"\n")); + $mymail->setFrom($from); + $mymail->setSubject($subj); + if (!empty($to)) { $mymail->addTo($to); } + if (!empty($cc)) { $mymail->addCc($cc); } + if (!empty($bcc)) { $mymail->addCc($bcc); } + if (!empty($to2)) { $mymail->addTo($to2); } + $mymail->setTxtBody(wordwrap($txt,72,"\n")); if ($mymail->send()) { $page->trig("Ton mail a bien été envoyé."); - $_REQUEST = array(); + $_REQUEST = array('bcc' => Session::get('bestalias').'@'.$globals->mail->domain); } else { $page->trig("Erreur lors de l'envoi du courriel, réessaye."); } - } // ! if ($_REQUEST['to'] == '' and $_REQUEST['cc'] == '') + } +} else { + $_REQUEST['bcc'] = Session::get('bestalias').'@'.$globals->mail->domain; } $sql = "SELECT u.prenom, u.nom, u.promo, a.alias as forlife FROM auth_user_md5 AS u INNER JOIN contacts AS c ON (u.user_id = c.contact) INNER JOIN aliases AS a ON (u.user_id=a.id AND FIND_IN_SET('bestalias',a.flags)) - WHERE c.uid = {$_SESSION['uid']} + WHERE c.uid = ".Session::getInt('uid')." ORDER BY u.nom, u.prenom"; $page->mysql_assign($sql, 'contacts','nb_contacts'); diff --git a/htdocs/exit.php b/htdocs/exit.php index 6d247f1..58ffa1d 100644 --- a/htdocs/exit.php +++ b/htdocs/exit.php @@ -24,8 +24,7 @@ new_skinned_page('index.tpl',AUTH_MDP); if (isset($_SESSION['suid'])) { $suid = $_SESSION['suid']; - $log_data = "{$_SESSION['forlife']} by $suid}"; - $_SESSION['log']->log("suid_stop",$log_data); + $_SESSION['log']->log("suid_stop", "{$_SESSION['forlife']} by {$suid['forlife']}"); $_SESSION = $suid; unset($_SESSION['suid']); } diff --git a/htdocs/getphoto.php b/htdocs/getphoto.php index 1c10225..8ab5116 100644 --- a/htdocs/getphoto.php +++ b/htdocs/getphoto.php @@ -63,9 +63,7 @@ if(isset($_REQUEST['x'])) { echo $data; } else { Header( "Content-type: image/png"); - $f=fopen(url("images/none.png"),"r"); - echo fread($f,30000); - fclose($f); + echo file_get_contents(dirname(__FILE__)."/images/none.png"); } } } diff --git a/htdocs/index.php b/htdocs/index.php index 25126d1..82e9a41 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -21,7 +21,8 @@ require_once("xorg.inc.php"); new_skinned_page('index.tpl', AUTH_PUBLIC); -if(logged()) +if (logged()) { header("Location: login.php"); +} $page->run(); ?> diff --git a/htdocs/newsletter/show.php b/htdocs/newsletter/show.php index 68bf243..7478917 100644 --- a/htdocs/newsletter/show.php +++ b/htdocs/newsletter/show.php @@ -29,7 +29,9 @@ $page->assign_by_ref('nl',$nl); if(isset($_POST['send'])) { $res = $globals->db->query("SELECT pref FROM newsletter_ins WHERE user_id='{$_SESSION['uid']}'"); - if(!(list($format) = mysql_fetch_row($res))) $format = 'html'; + if (!(list($format) = mysql_fetch_row($res))) { + $format = 'html'; + } $nl->sendTo($_SESSION['prenom'], $_SESSION['nom'], $_SESSION['bestalias'], $_SESSION['femme'], $format=='html'); } diff --git a/include/xorg.inc.php b/include/xorg.inc.php index df15641..4068be4 100644 --- a/include/xorg.inc.php +++ b/include/xorg.inc.php @@ -45,6 +45,7 @@ define('NO_SKIN', 1); require_once("xorg.globals.inc.php"); require_once('xorg/session.inc.php'); +require_once('xorg/env.inc.php'); XorgGlobals::init(); XorgSession::init(); diff --git a/include/xorg/env.inc.php b/include/xorg/env.inc.php new file mode 100644 index 0000000..f47bce8 --- /dev/null +++ b/include/xorg/env.inc.php @@ -0,0 +1,344 @@ + diff --git a/plugins/modifier.stripslashes.php b/plugins/modifier.stripslashes.php new file mode 100644 index 0000000..0cfde40 --- /dev/null +++ b/plugins/modifier.stripslashes.php @@ -0,0 +1,34 @@ + diff --git a/templates/emails/send.tpl b/templates/emails/send.tpl index 9efb87d..b2979e5 100644 --- a/templates/emails/send.tpl +++ b/templates/emails/send.tpl @@ -39,6 +39,7 @@ {literal} function check(form) { if(form.sujet.value == "") { + form.sujet.focus(); return confirm ("Le sujet du mail est vide, veux tu continuer ?"); } return true; @@ -48,16 +49,16 @@
- +
- + - - - -
en-têtesDestinataires
de : @@ -66,25 +67,19 @@
à : - +
copie : - +
copie cachée : - -
sujet : - +
@@ -131,14 +126,22 @@ + + + + + +
sujet
+ +
- contenu + Corps du mail