Альтернативный белый список
This commit is contained in:
Origami11
parent
86a180123b
commit
82c129305e
19 changed files with 82 additions and 131 deletions
|
|
@ -331,6 +331,7 @@ class Controller_Action
|
|||
if ($this->view instanceof View_View) {
|
||||
$this->view->assignValues($this->ctrlValues);
|
||||
|
||||
/*.Widgets_Widget.*/$node = null;
|
||||
foreach ($this->childNodes as $name => $node) {
|
||||
$node->make($this);
|
||||
$this->view->setView($name, $node->view);
|
||||
|
|
|
|||
|
|
@ -23,7 +23,8 @@ class ComponentRequest {
|
|||
if ($key == 'active_page') {
|
||||
return $this->r->get($key);
|
||||
}
|
||||
if ($arr = $this->r->get($key)) {
|
||||
$arr = $this->r->get($key);
|
||||
if ($arr !== NULL) {
|
||||
if (is_array($arr)) {
|
||||
return Arr::get($arr, $this->component_id, $default);
|
||||
} else {
|
||||
|
|
@ -127,6 +128,14 @@ class Controller_Component
|
|||
}
|
||||
|
||||
public function getTemplatePath($name) {
|
||||
/*.Settings.*/$registry = $this->registry;
|
||||
$template = ($this->template) ? $this->template : $registry->readKey(array('system', 'template'));
|
||||
foreach ($this->viewPath as $index => $viewPath) {
|
||||
if(is_dir(Path::join($this->viewPath[$index], 'templates', $template))) {
|
||||
return Path::join($this->viewPath[$index], 'templates', $template, $name);
|
||||
}
|
||||
}
|
||||
|
||||
return Path::join($this->viewPath[0], 'templates', 'modern', $name);
|
||||
}
|
||||
|
||||
|
|
@ -182,7 +191,7 @@ class Controller_Component
|
|||
$options = new Form_OptionFactory($this->db, $this->registry);
|
||||
|
||||
$settings = $this->getInfo();
|
||||
$form->addFieldList($settings['parameter'], $options);
|
||||
$form->addFieldList($settings['parameter'], $options);
|
||||
|
||||
$view->form = $form;
|
||||
$view->component = $settings['component'];
|
||||
|
|
@ -271,10 +280,9 @@ class Controller_Component
|
|||
if(class_exists("Controller_Site")){ //Если мы в CMS2
|
||||
$instance = Controller_Site::getInstance();
|
||||
$instance->componentsConfig[] = $editor;
|
||||
}else{
|
||||
} else {
|
||||
global $componentsConfig;
|
||||
$componentsConfig[] = $editor;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,11 +5,14 @@
|
|||
*/
|
||||
class Controller_Service
|
||||
{
|
||||
public $viewPath = array();
|
||||
public $viewPath = [];
|
||||
public $webPath = [];
|
||||
public $registry; // Registry->getInstance
|
||||
public $template;
|
||||
public $templatePath;
|
||||
public $COMPONENTS_WEB;
|
||||
|
||||
public $db;
|
||||
|
||||
public function getTemplatePath($name)
|
||||
{
|
||||
|
|
@ -58,5 +61,14 @@ class Controller_Service
|
|||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
function getInfo() {
|
||||
$filename = Path::join($this->viewPath[0], 'install.json');
|
||||
if (file_exists($filename)) {
|
||||
$settings = json_decode(File::getContents($filename), true);
|
||||
return $settings;
|
||||
}
|
||||
return array();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
<?php
|
||||
///<reference path="Database/PDOStatement.php" />
|
||||
require_once "Database/PDOStatement.php";
|
||||
|
||||
/**
|
||||
* Класс оболочка для PDO для замены Creole
|
||||
*/
|
||||
|
|
@ -12,8 +13,14 @@ class Database extends PDO
|
|||
{
|
||||
parent::__construct($dsn, $username, $password);
|
||||
$this->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
$this->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
|
||||
$this->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('Database_PDOStatement', array()));
|
||||
}
|
||||
|
||||
function prepare($sql, $args = []) {
|
||||
$result = parent::prepare($sql, $args);
|
||||
return $result;
|
||||
}
|
||||
|
||||
public function getDSN()
|
||||
{
|
||||
|
|
@ -34,6 +41,10 @@ class Database extends PDO
|
|||
if ($dsn['phptype'] == 'pgsql') {
|
||||
$connection->query('SET client_encoding="UTF-8"');
|
||||
}
|
||||
|
||||
if (isset($dsn['schema'])) {
|
||||
$connection->query('SET search_path TO ' . $dsn['schema']);
|
||||
}
|
||||
}
|
||||
if ($dsn['phptype'] == 'sqlite') {
|
||||
/*.Database.*/$connection = new static("{$dsn['phptype']}:{$dsn['database']}");
|
||||
|
|
@ -81,7 +92,7 @@ class Database extends PDO
|
|||
/**
|
||||
* Извлекает из базы первый элемент по запросу
|
||||
*/
|
||||
public function fetchOneArray($query,$values=null)
|
||||
public function fetchOneArray($query, $values = null)
|
||||
{
|
||||
/*.Database_PDOStatement.*/$sth = $this->prepare($query);
|
||||
$prep = $this->prepareValues($values);
|
||||
|
|
|
|||
|
|
@ -1,7 +1,5 @@
|
|||
<?php
|
||||
|
||||
require_once __DIR__ .'/../Tools/String.php';
|
||||
|
||||
class Database_PDOStatement extends PDOStatement implements IteratorAggregate
|
||||
{
|
||||
protected $cursorPos = 0;
|
||||
|
|
@ -76,7 +74,7 @@ class Database_PDOStatement extends PDOStatement implements IteratorAggregate
|
|||
}
|
||||
|
||||
function getString($name) {
|
||||
return $this->fields[$name];
|
||||
return isset($this->fields[$name]) ? $this->fields[$name]: null;
|
||||
}
|
||||
|
||||
function getBoolean($name) {
|
||||
|
|
@ -88,10 +86,16 @@ class Database_PDOStatement extends PDOStatement implements IteratorAggregate
|
|||
}
|
||||
|
||||
function getArray($name) {
|
||||
return strToArray($this->fields[$name]);
|
||||
return Tools_String::strToArray($this->fields[$name]);
|
||||
}
|
||||
|
||||
function getRecordCount() {
|
||||
return count($this->cache);
|
||||
}
|
||||
|
||||
function execute($args = null) {
|
||||
$result = parent::execute($args);
|
||||
return $result;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,33 +17,27 @@ class Database_Statement
|
|||
$this->conn = $conn;
|
||||
}
|
||||
|
||||
function setInt($n, $value)
|
||||
{
|
||||
function setInt($n, $value) {
|
||||
$this->binds [] = array($n, $value, PDO::PARAM_INT);
|
||||
}
|
||||
|
||||
function setString($n, $value)
|
||||
{
|
||||
function setString($n, $value) {
|
||||
$this->binds [] = array($n, $value, PDO::PARAM_STR);
|
||||
}
|
||||
|
||||
function setBlob($n, $value)
|
||||
{
|
||||
function setBlob($n, $value) {
|
||||
$this->binds [] = array($n, $value, PDO::PARAM_LOB);
|
||||
}
|
||||
|
||||
function setLimit($limit)
|
||||
{
|
||||
function setLimit($limit) {
|
||||
$this->limit = $limit;
|
||||
}
|
||||
|
||||
function setOffset($offset)
|
||||
{
|
||||
function setOffset($offset) {
|
||||
$this->offset = $offset;
|
||||
}
|
||||
|
||||
function executeQuery()
|
||||
{
|
||||
function executeQuery() {
|
||||
if ($this->limit) {
|
||||
$this->query .= " LIMIT {$this->limit} OFFSET {$this->offset}";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ class Excel_Number
|
|||
|
||||
function __construct($value)
|
||||
{
|
||||
$this->value = intval($value);
|
||||
$this->value = (int)($value);
|
||||
}
|
||||
|
||||
function getString()
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
class Filter_Filter
|
||||
{
|
||||
public $processor;
|
||||
public function __construct(/*.Filter_Filter.*/$processor)
|
||||
public function __construct(/*.Controller_Action.*/$processor)
|
||||
{
|
||||
$this->processor = $processor;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,12 +13,8 @@ class Filter_Login extends Filter_Filter
|
|||
const SESSION_BROWSER_SIGN_SECRET = '@w3dsju45Msk#';
|
||||
const SESSION_BROWSER_SIGN_KEYNAME = 'session.app.browser.sign';
|
||||
public $mode = 'ajax';
|
||||
public $user;
|
||||
|
||||
//AJAX-Реквесты для которых не требуется авторизация, потребовалось для сбора статистики
|
||||
public $whiteRequestList = [['module' => "requiredcontent", "action" => "getcount"],
|
||||
['module' => "requiredcontent", "action" => "teststructure"],
|
||||
['module' => "requiredcontent", "action" => "specialdump"]
|
||||
];
|
||||
/**
|
||||
* Проверка авторизации
|
||||
* @return Boolean Авторизовани пользователь или нет
|
||||
|
|
@ -29,6 +25,7 @@ class Filter_Login extends Filter_Filter
|
|||
session_start();
|
||||
$db = $this->getConnection();
|
||||
Filter_UserAccess::setUp($db); // Соединение
|
||||
|
||||
switch ($request->getAction()) {
|
||||
// Авторизация по постоянному паролю
|
||||
case 'login':
|
||||
|
|
@ -142,7 +139,7 @@ class Filter_Login extends Filter_Filter
|
|||
// Параметры при неправильной авторизации
|
||||
// Действия по умолчанию !! Возможно переход на форму регистрации
|
||||
if ($request->get('mode') == 'ajax') {
|
||||
if (!$this->requestIsWhite($request, $this->whiteRequestList)) {
|
||||
if (!$this->requestIsWhite($request)) {
|
||||
return json_encode(array('result' => 'fail', 'message' =>"NOT_AUTHORIZED"));
|
||||
}
|
||||
} else {
|
||||
|
|
@ -165,11 +162,14 @@ class Filter_Login extends Filter_Filter
|
|||
* Проверка на попадание реквеста в белый список
|
||||
*/
|
||||
|
||||
public function requestIsWhite(Collection $request, $whiteRequestList){
|
||||
public function requestIsWhite(Collection $request) {
|
||||
$module = $request->get('module');
|
||||
$action = $request->get('action');
|
||||
foreach ($whiteRequestList as $whiteRequest) {
|
||||
if ($module == $whiteRequest['module'] && $action == $whiteRequest['action']) {
|
||||
|
||||
$file = Path::join(CMS_PATH, 'modules', $module, 'filters', 'white.php');
|
||||
if (file_exists($file)) {
|
||||
$whiteList = include $file;
|
||||
if (in_array($action, $whiteList)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ class Filter_UserAccess
|
|||
$time = time();
|
||||
if ($time - $lasttime > self::LIFE_TIME) return null; // Вышло время сессии
|
||||
$id = self::$id;
|
||||
self::$db->executeQuery("UPDATE users SET lasttime = $time WHERE id_user = $id"); // Время последнего обращения входа
|
||||
// self::$db->executeQuery("UPDATE users SET lasttime = $time WHERE id_user = $id"); // Время последнего обращения входа
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -105,8 +105,8 @@ class Form_Form extends View_View {
|
|||
public function addFieldClass($name, $class)
|
||||
{
|
||||
$this->constructor [$name] = $class;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Добавляет одно поле ввода на форму
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -126,7 +126,7 @@ class Path
|
|||
*
|
||||
* @return array
|
||||
*/
|
||||
public static function listFromString ($path)
|
||||
public static function listFromString($path)
|
||||
{
|
||||
assert(is_string($path));
|
||||
|
||||
|
|
@ -287,7 +287,7 @@ class Path
|
|||
$result [] = $parts->getParts();
|
||||
}
|
||||
// При обьединении ссылок можно обьеденить path, query, fragment
|
||||
$path = implode(self::SEPARATOR, call_user_func_array('array_merge', $result));
|
||||
$path = implode(self::SEPARATOR, self::optimize(call_user_func_array('array_merge', $result)));
|
||||
$parts0->url['path'] = ($parts0->isAbsolute()) ? '/' . $path : $path;
|
||||
return $parts0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
|
||||
///<reference path="settings.php" />
|
||||
///<reference path="Settings.php" />
|
||||
|
||||
/**
|
||||
* http://www.patternsforphp.com/wiki/Registry
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ class Tools_String {
|
|||
if ($in_subarr > 0) { // already in sub-array?
|
||||
$subarr[$in_subarr][] = $tok;
|
||||
if ('}' === substr($tok, -1, 1)) { // check to see if we just added last component
|
||||
$res[] = strToArray(implode(',', $subarr[$in_subarr]));
|
||||
$res[] = static::strToArray(implode(',', $subarr[$in_subarr]));
|
||||
$in_subarr--;
|
||||
}
|
||||
} elseif ($tok{0} === '{') { // we're inside a new sub-array
|
||||
|
|
@ -25,7 +25,7 @@ class Tools_String {
|
|||
$subarr[$in_subarr] = array();
|
||||
$subarr[$in_subarr][] = $tok;
|
||||
} else {
|
||||
$res[] = strToArray($tok);
|
||||
$res[] = static::strToArray($tok);
|
||||
}
|
||||
} else { // not sub-array
|
||||
$val = trim($tok, '"'); // remove " (surrounding strings)
|
||||
|
|
|
|||
|
|
@ -122,28 +122,26 @@ class Tools_TemplateImage
|
|||
|
||||
$text = strtr($text, $this->context);
|
||||
$size = $value->fontSize;
|
||||
fb('font-style');
|
||||
fb($value->fontStyle);
|
||||
$fontfile = $this->getFontFile($value->fontFamily . $this->fontSuffix($value->fontStyle));
|
||||
|
||||
$color = intval(substr($value->color, 1), 16);
|
||||
if ($value->align[0]) {
|
||||
$align = Drawing::ALIGN_LEFT;
|
||||
$align = Tools_Drawing::ALIGN_LEFT;
|
||||
} elseif ($value->align[2]) {
|
||||
$align = Drawing::ALIGN_RIGHT;
|
||||
$align = Tools_Drawing::ALIGN_RIGHT;
|
||||
} else {
|
||||
$align = Drawing::ALIGN_CENTER;
|
||||
$align = Tools_Drawing::ALIGN_CENTER;
|
||||
}
|
||||
|
||||
if ($value->valign[0]) {
|
||||
$valign = Drawing::ALIGN_TOP;
|
||||
$valign = Tools_Drawing::ALIGN_TOP;
|
||||
} elseif ($value->valign[1]) {
|
||||
$valign = Drawing::ALIGN_CENTER;
|
||||
$valign = Tools_Drawing::ALIGN_CENTER;
|
||||
} else {
|
||||
$valign = Drawing::ALIGN_BOTTOM;
|
||||
$valign = Tools_Drawing::ALIGN_BOTTOM;
|
||||
}
|
||||
|
||||
Drawing::imagettftextbox($this->image, $size, 0, $value->left, $value->top, $color, $fontfile, $text,
|
||||
Tools_Drawing::imagettftextbox($this->image, $size, 0, $value->left, $value->top, $color, $fontfile, $text,
|
||||
$value->width, $value->height,
|
||||
$align, $valign);
|
||||
}
|
||||
|
|
@ -154,7 +152,7 @@ class Tools_TemplateImage
|
|||
function encode($text)
|
||||
{
|
||||
assert(is_string($text));
|
||||
return iconv("WINDOWS-1251", "UTF-8", $text);
|
||||
return $text; //iconv("WINDOWS-1251", "UTF-8", $text);
|
||||
}
|
||||
|
||||
function setSize($new_width, $new_height)
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Validator_Rule_Date extends Validator_Rule_Abstract
|
|||
public function isValid(Collection $container, $status = null)
|
||||
{
|
||||
$pattern = "/^([0-9]{1,2})\/([0-9]{1,2})\/([0-9]{4})$/";
|
||||
$matches = [];
|
||||
return (preg_match($pattern, $container->get($this->field), $matches)
|
||||
&& checkdate($matches[2], $matches[1], $matches[3]));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
|
||||
///<reference path="rule/notnull.php"/>
|
||||
///<reference path="Rule/Notnull.php"/>
|
||||
|
||||
/**
|
||||
* Проверка коллекции
|
||||
|
|
|
|||
|
|
@ -1,78 +0,0 @@
|
|||
<?php
|
||||
|
||||
class View_Page extends View_View
|
||||
{
|
||||
private $counter;
|
||||
public $text;
|
||||
|
||||
function __construct($data)
|
||||
{
|
||||
// Вставка компонентов на странице
|
||||
$pattern = '/<(\w+)(\s+[a-zA-Z\-]+=\"[^\"]*\")*\s+tal:replace="structure\s+component:([^\"]*)"[^>]*>/u';
|
||||
$matches = array();
|
||||
preg_match_all($pattern, $data, $matches, PREG_OFFSET_CAPTURE, 0);
|
||||
|
||||
$split = array();
|
||||
$offset = 0;
|
||||
foreach ($matches[0] as $key => $match) {
|
||||
$text = $this->fixHTML(substr($data, $offset, $match[1] - $offset));
|
||||
if (trim($text)) {
|
||||
$split[] = array('type' => 'page-text', 'content' => $text, 'component' => '', 'module' => '');
|
||||
}
|
||||
$offset = $match[1] + strlen($match[0]);
|
||||
$split[] = $this->replaceContent($matches[3][$key][0], $matches[3][$key][1]);
|
||||
}
|
||||
$text = $this->fixHTML(substr($data, $offset));
|
||||
if (trim($text)) {
|
||||
$split[] = array('type' => 'page-text', 'content' => $text, 'component' => '', 'module' => '');
|
||||
}
|
||||
|
||||
$this->text = $this->merge($split);
|
||||
}
|
||||
|
||||
function fixHTML($fragment) {
|
||||
return $fragment;
|
||||
}
|
||||
|
||||
function merge($data) {
|
||||
if (count($data) == 0) {
|
||||
$data[] = array('type' => 'page-text', 'content' =>"<p>Добавьте текст<p>", 'component' => '', 'module' => '');
|
||||
}
|
||||
$result = array();
|
||||
foreach($data as $key => $part) {
|
||||
$result[] = $part['content'];
|
||||
}
|
||||
return implode("", $result);
|
||||
}
|
||||
|
||||
function replaceContent($match, $offset)
|
||||
{
|
||||
//$result = phptal_component($match, $offset);
|
||||
/*.Controller_Component.*/$component = null;
|
||||
|
||||
|
||||
if(class_exists("Controller_Site")){ //Если мы в CMS2
|
||||
$component = Controller_Site::loadComponent($match);
|
||||
} else {
|
||||
global $db, $registry; //
|
||||
$component = Controller_Component::loadComponent($match, $db, $registry);
|
||||
}
|
||||
|
||||
$req = new HttpRequest();
|
||||
unset($req['active_page']);
|
||||
|
||||
$info = $component->getInfo();
|
||||
$result = $component->execute($req);
|
||||
|
||||
if (is_string($result)) {
|
||||
return array('type' => 'page-component', 'content' => $result, 'component' => $match);
|
||||
} else {
|
||||
$this->setView('view' . $this->counter++, $result);
|
||||
return array('type' => 'page-component', 'content' => $result->execute(), 'component' => $match);
|
||||
}
|
||||
}
|
||||
|
||||
function execute() {
|
||||
return $this->text;
|
||||
}
|
||||
}
|
||||
|
|
@ -48,7 +48,7 @@ function phptal_component ($expression) {
|
|||
$begin = floatval(microtime(true));
|
||||
/*.Controller_Component.*/$component = null;
|
||||
|
||||
if(class_exists("Controller_Site")){ //Если мы в CMS2
|
||||
if (class_exists("Controller_Site")) { //Если мы в CMS2
|
||||
$component = Controller_Site::loadComponent($expression);
|
||||
} else {
|
||||
global $db, $registry; // Иначе обращаемся к глобальным переменным
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue