commit | author | age
|
9db0c8
|
1 |
<?php |
1aceb9
|
2 |
|
a95874
|
3 |
/** |
1aceb9
|
4 |
+-----------------------------------------------------------------------+ |
A |
5 |
| This file is part of the Roundcube Webmail client | |
|
6 |
| Copyright (C) 2008-2012, The Roundcube Dev Team | |
|
7 |
| Copyright (C) 2011-2012, Kolab Systems AG | |
|
8 |
| | |
|
9 |
| Licensed under the GNU General Public License version 3 or | |
|
10 |
| any later version with exceptions for skins & plugins. | |
|
11 |
| See the README file for a full license statement. | |
|
12 |
| | |
|
13 |
| PURPOSE: | |
|
14 |
| Utility class providing common functions | |
|
15 |
+-----------------------------------------------------------------------+ |
|
16 |
| Author: Thomas Bruederli <roundcube@gmail.com> | |
|
17 |
| Author: Aleksander Machniak <alec@alec.pl> | |
|
18 |
+-----------------------------------------------------------------------+ |
|
19 |
*/ |
|
20 |
|
|
21 |
/** |
|
22 |
* Utility class providing common functions |
|
23 |
* |
9ab346
|
24 |
* @package Framework |
AM |
25 |
* @subpackage Utils |
1aceb9
|
26 |
*/ |
A |
27 |
class rcube_utils |
|
28 |
{ |
|
29 |
// define constants for input reading |
|
30 |
const INPUT_GET = 0x0101; |
|
31 |
const INPUT_POST = 0x0102; |
|
32 |
const INPUT_GPC = 0x0103; |
|
33 |
|
|
34 |
/** |
|
35 |
* Helper method to set a cookie with the current path and host settings |
|
36 |
* |
|
37 |
* @param string Cookie name |
|
38 |
* @param string Cookie value |
|
39 |
* @param string Expiration time |
|
40 |
*/ |
|
41 |
public static function setcookie($name, $value, $exp = 0) |
|
42 |
{ |
|
43 |
if (headers_sent()) { |
|
44 |
return; |
|
45 |
} |
|
46 |
|
|
47 |
$cookie = session_get_cookie_params(); |
09e5fc
|
48 |
$secure = $cookie['secure'] || self::https_check(); |
1aceb9
|
49 |
|
A |
50 |
setcookie($name, $value, $exp, $cookie['path'], $cookie['domain'], $secure, true); |
|
51 |
} |
|
52 |
|
|
53 |
/** |
|
54 |
* E-mail address validation. |
|
55 |
* |
|
56 |
* @param string $email Email address |
|
57 |
* @param boolean $dns_check True to check dns |
|
58 |
* |
|
59 |
* @return boolean True on success, False if address is invalid |
|
60 |
*/ |
|
61 |
public static function check_email($email, $dns_check=true) |
|
62 |
{ |
|
63 |
// Check for invalid characters |
|
64 |
if (preg_match('/[\x00-\x1F\x7F-\xFF]/', $email)) { |
|
65 |
return false; |
|
66 |
} |
|
67 |
|
|
68 |
// Check for length limit specified by RFC 5321 (#1486453) |
|
69 |
if (strlen($email) > 254) { |
|
70 |
return false; |
|
71 |
} |
|
72 |
|
|
73 |
$email_array = explode('@', $email); |
|
74 |
|
|
75 |
// Check that there's one @ symbol |
|
76 |
if (count($email_array) < 2) { |
|
77 |
return false; |
|
78 |
} |
|
79 |
|
|
80 |
$domain_part = array_pop($email_array); |
|
81 |
$local_part = implode('@', $email_array); |
|
82 |
|
|
83 |
// from PEAR::Validate |
|
84 |
$regexp = '&^(?: |
413df0
|
85 |
("\s*(?:[^"\f\n\r\t\v\b\s]+\s*)+")| #1 quoted name |
AM |
86 |
([-\w!\#\$%\&\'*+~/^`|{}=]+(?:\.[-\w!\#\$%\&\'*+~/^`|{}=]+)*)) #2 OR dot-atom (RFC5322) |
|
87 |
$&xi'; |
1aceb9
|
88 |
|
A |
89 |
if (!preg_match($regexp, $local_part)) { |
|
90 |
return false; |
|
91 |
} |
|
92 |
|
da2812
|
93 |
// Validate domain part |
AM |
94 |
if (preg_match('/^\[((IPv6:[0-9a-f:.]+)|([0-9.]+))\]$/i', $domain_part, $matches)) { |
a65ce5
|
95 |
return self::check_ip(preg_replace('/^IPv6:/i', '', $matches[1])); // valid IPv4 or IPv6 address |
1aceb9
|
96 |
} |
A |
97 |
else { |
|
98 |
// If not an IP address |
|
99 |
$domain_array = explode('.', $domain_part); |
|
100 |
// Not enough parts to be a valid domain |
|
101 |
if (sizeof($domain_array) < 2) { |
|
102 |
return false; |
|
103 |
} |
|
104 |
|
|
105 |
foreach ($domain_array as $part) { |
848e20
|
106 |
if (!preg_match('/^((xn--)?([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]))$/', $part)) { |
1aceb9
|
107 |
return false; |
A |
108 |
} |
|
109 |
} |
|
110 |
|
c83b83
|
111 |
// last domain part |
848e20
|
112 |
$last_part = array_pop($domain_array); |
AM |
113 |
if (strpos($last_part, 'xn--') !== 0 && preg_match('/[^a-zA-Z]/', $last_part)) { |
c83b83
|
114 |
return false; |
1aceb9
|
115 |
} |
A |
116 |
|
|
117 |
$rcube = rcube::get_instance(); |
|
118 |
|
|
119 |
if (!$dns_check || !$rcube->config->get('email_dns_check')) { |
|
120 |
return true; |
|
121 |
} |
|
122 |
|
|
123 |
// find MX record(s) |
9ff345
|
124 |
if (!function_exists('getmxrr') || getmxrr($domain_part, $mx_records)) { |
1aceb9
|
125 |
return true; |
A |
126 |
} |
|
127 |
|
|
128 |
// find any DNS record |
9ff345
|
129 |
if (!function_exists('checkdnsrr') || checkdnsrr($domain_part, 'ANY')) { |
1aceb9
|
130 |
return true; |
A |
131 |
} |
|
132 |
} |
|
133 |
|
|
134 |
return false; |
|
135 |
} |
|
136 |
|
da2812
|
137 |
/** |
AM |
138 |
* Validates IPv4 or IPv6 address |
|
139 |
* |
|
140 |
* @param string $ip IP address in v4 or v6 format |
|
141 |
* |
|
142 |
* @return bool True if the address is valid |
|
143 |
*/ |
a65ce5
|
144 |
public static function check_ip($ip) |
da2812
|
145 |
{ |
7a4217
|
146 |
return filter_var($ip, FILTER_VALIDATE_IP) !== false; |
da2812
|
147 |
} |
AM |
148 |
|
1aceb9
|
149 |
/** |
A |
150 |
* Check whether the HTTP referer matches the current request |
|
151 |
* |
|
152 |
* @return boolean True if referer is the same host+path, false if not |
|
153 |
*/ |
|
154 |
public static function check_referer() |
|
155 |
{ |
f00e1f
|
156 |
$uri = parse_url($_SERVER['REQUEST_URI']); |
be71ab
|
157 |
$referer = parse_url(self::request_header('Referer')); |
f00e1f
|
158 |
|
be71ab
|
159 |
return $referer['host'] == self::request_header('Host') && $referer['path'] == $uri['path']; |
1aceb9
|
160 |
} |
A |
161 |
|
|
162 |
/** |
|
163 |
* Replacing specials characters to a specific encoding type |
|
164 |
* |
a03233
|
165 |
* @param string Input string |
AM |
166 |
* @param string Encoding type: text|html|xml|js|url |
|
167 |
* @param string Replace mode for tags: show|remove|strict |
|
168 |
* @param boolean Convert newlines |
1aceb9
|
169 |
* |
a03233
|
170 |
* @return string The quoted string |
1aceb9
|
171 |
*/ |
A |
172 |
public static function rep_specialchars_output($str, $enctype = '', $mode = '', $newlines = true) |
|
173 |
{ |
|
174 |
static $html_encode_arr = false; |
f00e1f
|
175 |
static $js_rep_table = false; |
AM |
176 |
static $xml_rep_table = false; |
1aceb9
|
177 |
|
fa4bf4
|
178 |
if (!is_string($str)) { |
AM |
179 |
$str = strval($str); |
|
180 |
} |
|
181 |
|
1aceb9
|
182 |
// encode for HTML output |
A |
183 |
if ($enctype == 'html') { |
|
184 |
if (!$html_encode_arr) { |
|
185 |
$html_encode_arr = get_html_translation_table(HTML_SPECIALCHARS); |
|
186 |
unset($html_encode_arr['?']); |
|
187 |
} |
|
188 |
|
|
189 |
$encode_arr = $html_encode_arr; |
|
190 |
|
f00e1f
|
191 |
if ($mode == 'remove') { |
AM |
192 |
$str = strip_tags($str); |
|
193 |
} |
|
194 |
else if ($mode != 'strict') { |
|
195 |
// don't replace quotes and html tags |
1aceb9
|
196 |
$ltpos = strpos($str, '<'); |
A |
197 |
if ($ltpos !== false && strpos($str, '>', $ltpos) !== false) { |
|
198 |
unset($encode_arr['"']); |
|
199 |
unset($encode_arr['<']); |
|
200 |
unset($encode_arr['>']); |
|
201 |
unset($encode_arr['&']); |
|
202 |
} |
|
203 |
} |
|
204 |
|
|
205 |
$out = strtr($str, $encode_arr); |
|
206 |
|
|
207 |
return $newlines ? nl2br($out) : $out; |
|
208 |
} |
|
209 |
|
|
210 |
// if the replace tables for XML and JS are not yet defined |
|
211 |
if ($js_rep_table === false) { |
|
212 |
$js_rep_table = $xml_rep_table = array(); |
|
213 |
$xml_rep_table['&'] = '&'; |
|
214 |
|
|
215 |
// can be increased to support more charsets |
|
216 |
for ($c=160; $c<256; $c++) { |
|
217 |
$xml_rep_table[chr($c)] = "&#$c;"; |
|
218 |
} |
|
219 |
|
|
220 |
$xml_rep_table['"'] = '"'; |
|
221 |
$js_rep_table['"'] = '\\"'; |
|
222 |
$js_rep_table["'"] = "\\'"; |
|
223 |
$js_rep_table["\\"] = "\\\\"; |
|
224 |
// Unicode line and paragraph separators (#1486310) |
93e640
|
225 |
$js_rep_table[chr(hexdec('E2')).chr(hexdec('80')).chr(hexdec('A8'))] = '
'; |
AM |
226 |
$js_rep_table[chr(hexdec('E2')).chr(hexdec('80')).chr(hexdec('A9'))] = '
'; |
1aceb9
|
227 |
} |
A |
228 |
|
|
229 |
// encode for javascript use |
|
230 |
if ($enctype == 'js') { |
|
231 |
return preg_replace(array("/\r?\n/", "/\r/", '/<\\//'), array('\n', '\n', '<\\/'), strtr($str, $js_rep_table)); |
|
232 |
} |
|
233 |
|
|
234 |
// encode for plaintext |
|
235 |
if ($enctype == 'text') { |
f00e1f
|
236 |
return str_replace("\r\n", "\n", $mode == 'remove' ? strip_tags($str) : $str); |
1aceb9
|
237 |
} |
A |
238 |
|
|
239 |
if ($enctype == 'url') { |
|
240 |
return rawurlencode($str); |
|
241 |
} |
|
242 |
|
|
243 |
// encode for XML |
|
244 |
if ($enctype == 'xml') { |
|
245 |
return strtr($str, $xml_rep_table); |
|
246 |
} |
|
247 |
|
|
248 |
// no encoding given -> return original string |
|
249 |
return $str; |
|
250 |
} |
|
251 |
|
|
252 |
/** |
|
253 |
* Read input value and convert it for internal use |
|
254 |
* Performs stripslashes() and charset conversion if necessary |
|
255 |
* |
a03233
|
256 |
* @param string Field name to read |
AM |
257 |
* @param int Source to get value from (GPC) |
|
258 |
* @param boolean Allow HTML tags in field value |
|
259 |
* @param string Charset to convert into |
1aceb9
|
260 |
* |
a03233
|
261 |
* @return string Field value or NULL if not available |
1aceb9
|
262 |
*/ |
a03233
|
263 |
public static function get_input_value($fname, $source, $allow_html = false, $charset = null) |
1aceb9
|
264 |
{ |
a03233
|
265 |
$value = null; |
1aceb9
|
266 |
|
A |
267 |
if ($source == self::INPUT_GET) { |
|
268 |
if (isset($_GET[$fname])) { |
|
269 |
$value = $_GET[$fname]; |
|
270 |
} |
|
271 |
} |
|
272 |
else if ($source == self::INPUT_POST) { |
|
273 |
if (isset($_POST[$fname])) { |
|
274 |
$value = $_POST[$fname]; |
|
275 |
} |
|
276 |
} |
|
277 |
else if ($source == self::INPUT_GPC) { |
|
278 |
if (isset($_POST[$fname])) { |
|
279 |
$value = $_POST[$fname]; |
|
280 |
} |
|
281 |
else if (isset($_GET[$fname])) { |
|
282 |
$value = $_GET[$fname]; |
|
283 |
} |
|
284 |
else if (isset($_COOKIE[$fname])) { |
|
285 |
$value = $_COOKIE[$fname]; |
|
286 |
} |
|
287 |
} |
|
288 |
|
|
289 |
return self::parse_input_value($value, $allow_html, $charset); |
|
290 |
} |
|
291 |
|
|
292 |
/** |
|
293 |
* Parse/validate input value. See self::get_input_value() |
|
294 |
* Performs stripslashes() and charset conversion if necessary |
|
295 |
* |
a03233
|
296 |
* @param string Input value |
AM |
297 |
* @param boolean Allow HTML tags in field value |
|
298 |
* @param string Charset to convert into |
1aceb9
|
299 |
* |
a03233
|
300 |
* @return string Parsed value |
1aceb9
|
301 |
*/ |
a03233
|
302 |
public static function parse_input_value($value, $allow_html = false, $charset = null) |
1aceb9
|
303 |
{ |
A |
304 |
global $OUTPUT; |
|
305 |
|
|
306 |
if (empty($value)) { |
|
307 |
return $value; |
|
308 |
} |
|
309 |
|
|
310 |
if (is_array($value)) { |
|
311 |
foreach ($value as $idx => $val) { |
|
312 |
$value[$idx] = self::parse_input_value($val, $allow_html, $charset); |
|
313 |
} |
|
314 |
return $value; |
|
315 |
} |
|
316 |
|
|
317 |
// strip slashes if magic_quotes enabled |
39b905
|
318 |
if (get_magic_quotes_gpc() || get_magic_quotes_runtime()) { |
1aceb9
|
319 |
$value = stripslashes($value); |
A |
320 |
} |
|
321 |
|
|
322 |
// remove HTML tags if not allowed |
|
323 |
if (!$allow_html) { |
|
324 |
$value = strip_tags($value); |
|
325 |
} |
|
326 |
|
|
327 |
$output_charset = is_object($OUTPUT) ? $OUTPUT->get_charset() : null; |
|
328 |
|
|
329 |
// remove invalid characters (#1488124) |
|
330 |
if ($output_charset == 'UTF-8') { |
|
331 |
$value = rcube_charset::clean($value); |
|
332 |
} |
|
333 |
|
|
334 |
// convert to internal charset |
|
335 |
if ($charset && $output_charset) { |
|
336 |
$value = rcube_charset::convert($value, $output_charset, $charset); |
|
337 |
} |
|
338 |
|
|
339 |
return $value; |
|
340 |
} |
|
341 |
|
|
342 |
/** |
|
343 |
* Convert array of request parameters (prefixed with _) |
|
344 |
* to a regular array with non-prefixed keys. |
|
345 |
* |
eafd5b
|
346 |
* @param int $mode Source to get value from (GPC) |
AM |
347 |
* @param string $ignore PCRE expression to skip parameters by name |
|
348 |
* @param boolean $allow_html Allow HTML tags in field value |
1aceb9
|
349 |
* |
A |
350 |
* @return array Hash array with all request parameters |
|
351 |
*/ |
eafd5b
|
352 |
public static function request2param($mode = null, $ignore = 'task|action', $allow_html = false) |
1aceb9
|
353 |
{ |
A |
354 |
$out = array(); |
|
355 |
$src = $mode == self::INPUT_GET ? $_GET : ($mode == self::INPUT_POST ? $_POST : $_REQUEST); |
|
356 |
|
3725cf
|
357 |
foreach (array_keys($src) as $key) { |
1aceb9
|
358 |
$fname = $key[0] == '_' ? substr($key, 1) : $key; |
A |
359 |
if ($ignore && !preg_match('/^(' . $ignore . ')$/', $fname)) { |
eafd5b
|
360 |
$out[$fname] = self::get_input_value($key, $mode, $allow_html); |
1aceb9
|
361 |
} |
A |
362 |
} |
|
363 |
|
|
364 |
return $out; |
|
365 |
} |
|
366 |
|
|
367 |
/** |
|
368 |
* Convert the given string into a valid HTML identifier |
|
369 |
* Same functionality as done in app.js with rcube_webmail.html_identifier() |
|
370 |
*/ |
|
371 |
public static function html_identifier($str, $encode=false) |
|
372 |
{ |
|
373 |
if ($encode) { |
|
374 |
return rtrim(strtr(base64_encode($str), '+/', '-_'), '='); |
|
375 |
} |
|
376 |
else { |
|
377 |
return asciiwords($str, true, '_'); |
|
378 |
} |
|
379 |
} |
|
380 |
|
|
381 |
/** |
|
382 |
* Replace all css definitions with #container [def] |
|
383 |
* and remove css-inlined scripting |
|
384 |
* |
|
385 |
* @param string CSS source code |
|
386 |
* @param string Container ID to use as prefix |
|
387 |
* |
|
388 |
* @return string Modified CSS source |
|
389 |
*/ |
a03233
|
390 |
public static function mod_css_styles($source, $container_id, $allow_remote = false) |
1aceb9
|
391 |
{ |
a03233
|
392 |
$last_pos = 0; |
1aceb9
|
393 |
$replacements = new rcube_string_replacer; |
A |
394 |
|
|
395 |
// ignore the whole block if evil styles are detected |
|
396 |
$source = self::xss_entity_decode($source); |
|
397 |
$stripped = preg_replace('/[^a-z\(:;]/i', '', $source); |
|
398 |
$evilexpr = 'expression|behavior|javascript:|import[^a]' . (!$allow_remote ? '|url\(' : ''); |
d1abd8
|
399 |
|
1aceb9
|
400 |
if (preg_match("/$evilexpr/i", $stripped)) { |
A |
401 |
return '/* evil! */'; |
|
402 |
} |
|
403 |
|
d1abd8
|
404 |
$strict_url_regexp = '!url\s*\([ "\'](https?:)//[a-z0-9/._+-]+["\' ]\)!Uims'; |
AM |
405 |
|
1aceb9
|
406 |
// cut out all contents between { and } |
A |
407 |
while (($pos = strpos($source, '{', $last_pos)) && ($pos2 = strpos($source, '}', $pos))) { |
fdb30f
|
408 |
$nested = strpos($source, '{', $pos+1); |
TB |
409 |
if ($nested && $nested < $pos2) // when dealing with nested blocks (e.g. @media), take the inner one |
|
410 |
$pos = $nested; |
ff6de9
|
411 |
$length = $pos2 - $pos - 1; |
AM |
412 |
$styles = substr($source, $pos+1, $length); |
1aceb9
|
413 |
|
A |
414 |
// check every line of a style block... |
|
415 |
if ($allow_remote) { |
|
416 |
$a_styles = preg_split('/;[\r\n]*/', $styles, -1, PREG_SPLIT_NO_EMPTY); |
d1abd8
|
417 |
|
1aceb9
|
418 |
foreach ($a_styles as $line) { |
A |
419 |
$stripped = preg_replace('/[^a-z\(:;]/i', '', $line); |
|
420 |
// ... and only allow strict url() values |
d1abd8
|
421 |
if (stripos($stripped, 'url(') && !preg_match($strict_url_regexp, $line)) { |
1aceb9
|
422 |
$a_styles = array('/* evil! */'); |
A |
423 |
break; |
|
424 |
} |
|
425 |
} |
d1abd8
|
426 |
|
1aceb9
|
427 |
$styles = join(";\n", $a_styles); |
A |
428 |
} |
|
429 |
|
d1abd8
|
430 |
$key = $replacements->add($styles); |
AM |
431 |
$repl = $replacements->get_replacement($key); |
|
432 |
$source = substr_replace($source, $repl, $pos+1, $length); |
|
433 |
$last_pos = $pos2 - ($length - strlen($repl)); |
1aceb9
|
434 |
} |
A |
435 |
|
|
436 |
// remove html comments and add #container to each tag selector. |
|
437 |
// also replace body definition because we also stripped off the <body> tag |
af79a7
|
438 |
$source = preg_replace( |
1aceb9
|
439 |
array( |
af79a7
|
440 |
'/(^\s*<\!--)|(-->\s*$)/m', |
1aceb9
|
441 |
'/(^\s*|,\s*|\}\s*)([a-z0-9\._#\*][a-z0-9\.\-_]*)/im', |
A |
442 |
'/'.preg_quote($container_id, '/').'\s+body/i', |
|
443 |
), |
|
444 |
array( |
|
445 |
'', |
|
446 |
"\\1#$container_id \\2", |
|
447 |
$container_id, |
|
448 |
), |
|
449 |
$source); |
|
450 |
|
|
451 |
// put block contents back in |
af79a7
|
452 |
$source = $replacements->resolve($source); |
1aceb9
|
453 |
|
af79a7
|
454 |
return $source; |
1aceb9
|
455 |
} |
A |
456 |
|
|
457 |
/** |
|
458 |
* Generate CSS classes from mimetype and filename extension |
|
459 |
* |
a03233
|
460 |
* @param string $mimetype Mimetype |
AM |
461 |
* @param string $filename Filename |
1aceb9
|
462 |
* |
A |
463 |
* @return string CSS classes separated by space |
|
464 |
*/ |
|
465 |
public static function file2class($mimetype, $filename) |
|
466 |
{ |
fe0f1d
|
467 |
$mimetype = strtolower($mimetype); |
AM |
468 |
$filename = strtolower($filename); |
|
469 |
|
1aceb9
|
470 |
list($primary, $secondary) = explode('/', $mimetype); |
A |
471 |
|
7e3298
|
472 |
$classes = array($primary ?: 'unknown'); |
fe0f1d
|
473 |
|
1aceb9
|
474 |
if ($secondary) { |
A |
475 |
$classes[] = $secondary; |
|
476 |
} |
fe0f1d
|
477 |
|
AM |
478 |
if (preg_match('/\.([a-z0-9]+)$/', $filename, $m)) { |
|
479 |
if (!in_array($m[1], $classes)) { |
|
480 |
$classes[] = $m[1]; |
|
481 |
} |
1aceb9
|
482 |
} |
A |
483 |
|
fe0f1d
|
484 |
return join(" ", $classes); |
1aceb9
|
485 |
} |
A |
486 |
|
|
487 |
/** |
|
488 |
* Decode escaped entities used by known XSS exploits. |
|
489 |
* See http://downloads.securityfocus.com/vulnerabilities/exploits/26800.eml for examples |
|
490 |
* |
|
491 |
* @param string CSS content to decode |
|
492 |
* |
|
493 |
* @return string Decoded string |
|
494 |
*/ |
|
495 |
public static function xss_entity_decode($content) |
|
496 |
{ |
|
497 |
$out = html_entity_decode(html_entity_decode($content)); |
|
498 |
$out = preg_replace_callback('/\\\([0-9a-f]{4})/i', |
|
499 |
array(self, 'xss_entity_decode_callback'), $out); |
|
500 |
$out = preg_replace('#/\*.*\*/#Ums', '', $out); |
|
501 |
|
|
502 |
return $out; |
|
503 |
} |
|
504 |
|
|
505 |
/** |
|
506 |
* preg_replace_callback callback for xss_entity_decode |
|
507 |
* |
|
508 |
* @param array $matches Result from preg_replace_callback |
|
509 |
* |
|
510 |
* @return string Decoded entity |
|
511 |
*/ |
|
512 |
public static function xss_entity_decode_callback($matches) |
|
513 |
{ |
|
514 |
return chr(hexdec($matches[1])); |
|
515 |
} |
|
516 |
|
|
517 |
/** |
|
518 |
* Check if we can process not exceeding memory_limit |
|
519 |
* |
|
520 |
* @param integer Required amount of memory |
|
521 |
* |
|
522 |
* @return boolean True if memory won't be exceeded, False otherwise |
|
523 |
*/ |
|
524 |
public static function mem_check($need) |
|
525 |
{ |
|
526 |
$mem_limit = parse_bytes(ini_get('memory_limit')); |
|
527 |
$memory = function_exists('memory_get_usage') ? memory_get_usage() : 16*1024*1024; // safe value: 16MB |
|
528 |
|
|
529 |
return $mem_limit > 0 && $memory + $need > $mem_limit ? false : true; |
|
530 |
} |
|
531 |
|
|
532 |
/** |
|
533 |
* Check if working in SSL mode |
|
534 |
* |
|
535 |
* @param integer $port HTTPS port number |
|
536 |
* @param boolean $use_https Enables 'use_https' option checking |
|
537 |
* |
|
538 |
* @return boolean |
|
539 |
*/ |
|
540 |
public static function https_check($port=null, $use_https=true) |
|
541 |
{ |
|
542 |
if (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off') { |
|
543 |
return true; |
|
544 |
} |
ef721f
|
545 |
if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) |
FE |
546 |
&& strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' |
a03233
|
547 |
&& in_array($_SERVER['REMOTE_ADDR'], rcube::get_instance()->config->get('proxy_whitelist', array())) |
AM |
548 |
) { |
1aceb9
|
549 |
return true; |
A |
550 |
} |
|
551 |
if ($port && $_SERVER['SERVER_PORT'] == $port) { |
|
552 |
return true; |
|
553 |
} |
30e6b9
|
554 |
if ($use_https && rcube::get_instance()->config->get('use_https')) { |
1aceb9
|
555 |
return true; |
A |
556 |
} |
|
557 |
|
|
558 |
return false; |
|
559 |
} |
|
560 |
|
|
561 |
/** |
|
562 |
* Replaces hostname variables. |
|
563 |
* |
|
564 |
* @param string $name Hostname |
|
565 |
* @param string $host Optional IMAP hostname |
|
566 |
* |
|
567 |
* @return string Hostname |
|
568 |
*/ |
|
569 |
public static function parse_host($name, $host = '') |
|
570 |
{ |
f6d23a
|
571 |
if (!is_string($name)) { |
AM |
572 |
return $name; |
|
573 |
} |
|
574 |
|
1aceb9
|
575 |
// %n - host |
A |
576 |
$n = preg_replace('/:\d+$/', '', $_SERVER['SERVER_NAME']); |
d359dc
|
577 |
// %t - host name without first part, e.g. %n=mail.domain.tld, %t=domain.tld |
a13035
|
578 |
$t = preg_replace('/^[^\.]+\./', '', $n); |
TB |
579 |
// %d - domain name without first part |
d359dc
|
580 |
$d = preg_replace('/^[^\.]+\./', '', $_SERVER['HTTP_HOST']); |
1aceb9
|
581 |
// %h - IMAP host |
7e3298
|
582 |
$h = $_SESSION['storage_host'] ?: $host; |
1aceb9
|
583 |
// %z - IMAP domain without first part, e.g. %h=imap.domain.tld, %z=domain.tld |
A |
584 |
$z = preg_replace('/^[^\.]+\./', '', $h); |
a03233
|
585 |
// %s - domain name after the '@' from e-mail address provided at login screen. |
AM |
586 |
// Returns FALSE if an invalid email is provided |
1aceb9
|
587 |
if (strpos($name, '%s') !== false) { |
A |
588 |
$user_email = self::get_input_value('_user', self::INPUT_POST); |
a13035
|
589 |
$user_email = self::idn_convert($user_email, true); |
1aceb9
|
590 |
$matches = preg_match('/(.*)@([a-z0-9\.\-\[\]\:]+)/i', $user_email, $s); |
A |
591 |
if ($matches < 1 || filter_var($s[1]."@".$s[2], FILTER_VALIDATE_EMAIL) === false) { |
|
592 |
return false; |
|
593 |
} |
|
594 |
} |
|
595 |
|
f6d23a
|
596 |
return str_replace(array('%n', '%t', '%d', '%h', '%z', '%s'), array($n, $t, $d, $h, $z, $s[2]), $name); |
1aceb9
|
597 |
} |
A |
598 |
|
|
599 |
/** |
|
600 |
* Returns remote IP address and forwarded addresses if found |
|
601 |
* |
|
602 |
* @return string Remote IP address(es) |
|
603 |
*/ |
|
604 |
public static function remote_ip() |
|
605 |
{ |
|
606 |
$address = $_SERVER['REMOTE_ADDR']; |
|
607 |
|
|
608 |
// append the NGINX X-Real-IP header, if set |
|
609 |
if (!empty($_SERVER['HTTP_X_REAL_IP'])) { |
|
610 |
$remote_ip[] = 'X-Real-IP: ' . $_SERVER['HTTP_X_REAL_IP']; |
|
611 |
} |
a03233
|
612 |
|
1aceb9
|
613 |
// append the X-Forwarded-For header, if set |
A |
614 |
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { |
|
615 |
$remote_ip[] = 'X-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR']; |
|
616 |
} |
|
617 |
|
|
618 |
if (!empty($remote_ip)) { |
|
619 |
$address .= '(' . implode(',', $remote_ip) . ')'; |
|
620 |
} |
|
621 |
|
|
622 |
return $address; |
|
623 |
} |
|
624 |
|
|
625 |
/** |
4d480b
|
626 |
* Returns the real remote IP address |
TB |
627 |
* |
|
628 |
* @return string Remote IP address |
|
629 |
*/ |
|
630 |
public static function remote_addr() |
|
631 |
{ |
ef721f
|
632 |
// Check if any of the headers are set first to improve performance |
FE |
633 |
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) || !empty($_SERVER['HTTP_X_REAL_IP'])) { |
|
634 |
$proxy_whitelist = rcube::get_instance()->config->get('proxy_whitelist', array()); |
|
635 |
if (in_array($_SERVER['REMOTE_ADDR'], $proxy_whitelist)) { |
|
636 |
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { |
|
637 |
foreach(array_reverse(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])) as $forwarded_ip) { |
|
638 |
if (!in_array($forwarded_ip, $proxy_whitelist)) { |
|
639 |
return $forwarded_ip; |
|
640 |
} |
|
641 |
} |
|
642 |
} |
a520f3
|
643 |
|
ef721f
|
644 |
if (!empty($_SERVER['HTTP_X_REAL_IP'])) { |
FE |
645 |
return $_SERVER['HTTP_X_REAL_IP']; |
|
646 |
} |
|
647 |
} |
a520f3
|
648 |
} |
AM |
649 |
|
|
650 |
if (!empty($_SERVER['REMOTE_ADDR'])) { |
|
651 |
return $_SERVER['REMOTE_ADDR']; |
4d480b
|
652 |
} |
TB |
653 |
|
|
654 |
return ''; |
|
655 |
} |
|
656 |
|
|
657 |
/** |
1aceb9
|
658 |
* Read a specific HTTP request header. |
A |
659 |
* |
a03233
|
660 |
* @param string $name Header name |
1aceb9
|
661 |
* |
a03233
|
662 |
* @return mixed Header value or null if not available |
1aceb9
|
663 |
*/ |
A |
664 |
public static function request_header($name) |
|
665 |
{ |
|
666 |
if (function_exists('getallheaders')) { |
|
667 |
$hdrs = array_change_key_case(getallheaders(), CASE_UPPER); |
|
668 |
$key = strtoupper($name); |
|
669 |
} |
|
670 |
else { |
|
671 |
$key = 'HTTP_' . strtoupper(strtr($name, '-', '_')); |
|
672 |
$hdrs = array_change_key_case($_SERVER, CASE_UPPER); |
|
673 |
} |
|
674 |
|
|
675 |
return $hdrs[$key]; |
|
676 |
} |
|
677 |
|
|
678 |
/** |
|
679 |
* Explode quoted string |
|
680 |
* |
|
681 |
* @param string Delimiter expression string for preg_match() |
|
682 |
* @param string Input string |
|
683 |
* |
|
684 |
* @return array String items |
|
685 |
*/ |
|
686 |
public static function explode_quoted_string($delimiter, $string) |
|
687 |
{ |
|
688 |
$result = array(); |
|
689 |
$strlen = strlen($string); |
|
690 |
|
|
691 |
for ($q=$p=$i=0; $i < $strlen; $i++) { |
|
692 |
if ($string[$i] == "\"" && $string[$i-1] != "\\") { |
|
693 |
$q = $q ? false : true; |
|
694 |
} |
|
695 |
else if (!$q && preg_match("/$delimiter/", $string[$i])) { |
|
696 |
$result[] = substr($string, $p, $i - $p); |
|
697 |
$p = $i + 1; |
|
698 |
} |
|
699 |
} |
|
700 |
|
3a54cc
|
701 |
$result[] = (string) substr($string, $p); |
1aceb9
|
702 |
|
A |
703 |
return $result; |
|
704 |
} |
|
705 |
|
|
706 |
/** |
|
707 |
* Improved equivalent to strtotime() |
|
708 |
* |
a03233
|
709 |
* @param string $date Date string |
AM |
710 |
* @param DateTimeZone $timezone Timezone to use for DateTime object |
1aceb9
|
711 |
* |
A |
712 |
* @return int Unix timestamp |
|
713 |
*/ |
09c58d
|
714 |
public static function strtotime($date, $timezone = null) |
1aceb9
|
715 |
{ |
a03233
|
716 |
$date = self::clean_datestr($date); |
09c58d
|
717 |
$tzname = $timezone ? ' ' . $timezone->getName() : ''; |
b32fab
|
718 |
|
AM |
719 |
// unix timestamp |
|
720 |
if (is_numeric($date)) { |
896e2b
|
721 |
return (int) $date; |
1aceb9
|
722 |
} |
A |
723 |
|
|
724 |
// if date parsing fails, we have a date in non-rfc format. |
|
725 |
// remove token from the end and try again |
09c58d
|
726 |
while ((($ts = @strtotime($date . $tzname)) === false) || ($ts < 0)) { |
1aceb9
|
727 |
$d = explode(' ', $date); |
A |
728 |
array_pop($d); |
|
729 |
if (!$d) { |
|
730 |
break; |
|
731 |
} |
|
732 |
$date = implode(' ', $d); |
|
733 |
} |
|
734 |
|
896e2b
|
735 |
return (int) $ts; |
1aceb9
|
736 |
} |
A |
737 |
|
52830e
|
738 |
/** |
TB |
739 |
* Date parsing function that turns the given value into a DateTime object |
|
740 |
* |
a03233
|
741 |
* @param string $date Date string |
AM |
742 |
* @param DateTimeZone $timezone Timezone to use for DateTime object |
52830e
|
743 |
* |
a03233
|
744 |
* @return DateTime instance or false on failure |
52830e
|
745 |
*/ |
cc8502
|
746 |
public static function anytodatetime($date, $timezone = null) |
52830e
|
747 |
{ |
a03233
|
748 |
if ($date instanceof DateTime) { |
52830e
|
749 |
return $date; |
TB |
750 |
} |
|
751 |
|
b1f3c3
|
752 |
$dt = false; |
AM |
753 |
$date = self::clean_datestr($date); |
52830e
|
754 |
|
TB |
755 |
// try to parse string with DateTime first |
|
756 |
if (!empty($date)) { |
|
757 |
try { |
787a42
|
758 |
$dt = $timezone ? new DateTime($date, $timezone) : new DateTime($date); |
52830e
|
759 |
} |
TB |
760 |
catch (Exception $e) { |
|
761 |
// ignore |
|
762 |
} |
|
763 |
} |
|
764 |
|
|
765 |
// try our advanced strtotime() method |
09c58d
|
766 |
if (!$dt && ($timestamp = self::strtotime($date, $timezone))) { |
52830e
|
767 |
try { |
TB |
768 |
$dt = new DateTime("@".$timestamp); |
09c58d
|
769 |
if ($timezone) { |
TB |
770 |
$dt->setTimezone($timezone); |
|
771 |
} |
52830e
|
772 |
} |
TB |
773 |
catch (Exception $e) { |
|
774 |
// ignore |
|
775 |
} |
|
776 |
} |
|
777 |
|
|
778 |
return $dt; |
|
779 |
} |
1aceb9
|
780 |
|
b1f3c3
|
781 |
/** |
AM |
782 |
* Clean up date string for strtotime() input |
|
783 |
* |
|
784 |
* @param string $date Date string |
|
785 |
* |
|
786 |
* @return string Date string |
|
787 |
*/ |
|
788 |
public static function clean_datestr($date) |
|
789 |
{ |
|
790 |
$date = trim($date); |
|
791 |
|
|
792 |
// check for MS Outlook vCard date format YYYYMMDD |
|
793 |
if (preg_match('/^([12][90]\d\d)([01]\d)([0123]\d)$/', $date, $m)) { |
|
794 |
return sprintf('%04d-%02d-%02d 00:00:00', intval($m[1]), intval($m[2]), intval($m[3])); |
|
795 |
} |
|
796 |
|
|
797 |
// Clean malformed data |
|
798 |
$date = preg_replace( |
|
799 |
array( |
|
800 |
'/GMT\s*([+-][0-9]+)/', // support non-standard "GMTXXXX" literal |
|
801 |
'/[^a-z0-9\x20\x09:+-\/]/i', // remove any invalid characters |
|
802 |
'/\s*(Mon|Tue|Wed|Thu|Fri|Sat|Sun)\s*/i', // remove weekday names |
|
803 |
), |
|
804 |
array( |
|
805 |
'\\1', |
|
806 |
'', |
|
807 |
'', |
|
808 |
), $date); |
|
809 |
|
|
810 |
$date = trim($date); |
|
811 |
|
|
812 |
// try to fix dd/mm vs. mm/dd discrepancy, we can't do more here |
|
813 |
if (preg_match('/^(\d{1,2})[.\/-](\d{1,2})[.\/-](\d{4})$/', $date, $m)) { |
|
814 |
$mdy = $m[2] > 12 && $m[1] <= 12; |
|
815 |
$day = $mdy ? $m[2] : $m[1]; |
|
816 |
$month = $mdy ? $m[1] : $m[2]; |
|
817 |
$date = sprintf('%04d-%02d-%02d 00:00:00', intval($m[3]), $month, $day); |
|
818 |
} |
|
819 |
// I've found that YYYY.MM.DD is recognized wrong, so here's a fix |
|
820 |
else if (preg_match('/^(\d{4})\.(\d{1,2})\.(\d{1,2})$/', $date)) { |
|
821 |
$date = str_replace('.', '-', $date) . ' 00:00:00'; |
|
822 |
} |
|
823 |
|
|
824 |
return $date; |
|
825 |
} |
|
826 |
|
1aceb9
|
827 |
/* |
A |
828 |
* Idn_to_ascii wrapper. |
|
829 |
* Intl/Idn modules version of this function doesn't work with e-mail address |
|
830 |
*/ |
|
831 |
public static function idn_to_ascii($str) |
|
832 |
{ |
|
833 |
return self::idn_convert($str, true); |
|
834 |
} |
|
835 |
|
|
836 |
/* |
|
837 |
* Idn_to_ascii wrapper. |
|
838 |
* Intl/Idn modules version of this function doesn't work with e-mail address |
|
839 |
*/ |
|
840 |
public static function idn_to_utf8($str) |
|
841 |
{ |
|
842 |
return self::idn_convert($str, false); |
|
843 |
} |
|
844 |
|
a95874
|
845 |
public static function idn_convert($input, $is_utf = false) |
1aceb9
|
846 |
{ |
A |
847 |
if ($at = strpos($input, '@')) { |
|
848 |
$user = substr($input, 0, $at); |
|
849 |
$domain = substr($input, $at+1); |
|
850 |
} |
|
851 |
else { |
|
852 |
$domain = $input; |
|
853 |
} |
|
854 |
|
|
855 |
$domain = $is_utf ? idn_to_ascii($domain) : idn_to_utf8($domain); |
|
856 |
|
|
857 |
if ($domain === false) { |
|
858 |
return ''; |
|
859 |
} |
|
860 |
|
|
861 |
return $at ? $user . '@' . $domain : $domain; |
|
862 |
} |
|
863 |
|
ceb5b5
|
864 |
/** |
TB |
865 |
* Split the given string into word tokens |
|
866 |
* |
|
867 |
* @param string Input to tokenize |
e8b82c
|
868 |
* @param integer Minimum length of a single token |
ceb5b5
|
869 |
* @return array List of tokens |
TB |
870 |
*/ |
e8b82c
|
871 |
public static function tokenize_string($str, $minlen = 2) |
ceb5b5
|
872 |
{ |
c32998
|
873 |
$expr = array('/[\s;,"\'\/+-]+/ui', '/(\d)[-.\s]+(\d)/u'); |
e8b82c
|
874 |
$repl = array(' ', '\\1\\2'); |
TB |
875 |
|
|
876 |
if ($minlen > 1) { |
|
877 |
$minlen--; |
|
878 |
$expr[] = "/(^|\s+)\w{1,$minlen}(\s+|$)/u"; |
|
879 |
$repl[] = ' '; |
|
880 |
} |
|
881 |
|
|
882 |
return array_filter(explode(" ", preg_replace($expr, $repl, $str))); |
ceb5b5
|
883 |
} |
TB |
884 |
|
|
885 |
/** |
|
886 |
* Normalize the given string for fulltext search. |
49dad5
|
887 |
* Currently only optimized for ISO-8859-1 and ISO-8859-2 characters; to be extended |
ceb5b5
|
888 |
* |
TB |
889 |
* @param string Input string (UTF-8) |
|
890 |
* @param boolean True to return list of words as array |
e8b82c
|
891 |
* @param integer Minimum length of tokens |
d19c0f
|
892 |
* |
a03233
|
893 |
* @return mixed Normalized string or a list of normalized tokens |
ceb5b5
|
894 |
*/ |
e8b82c
|
895 |
public static function normalize_string($str, $as_array = false, $minlen = 2) |
ceb5b5
|
896 |
{ |
d19c0f
|
897 |
// replace 4-byte unicode characters with '?' character, |
AM |
898 |
// these are not supported in default utf-8 charset on mysql, |
|
899 |
// the chance we'd need them in searching is very low |
|
900 |
$str = preg_replace('/(' |
|
901 |
. '\xF0[\x90-\xBF][\x80-\xBF]{2}' |
|
902 |
. '|[\xF1-\xF3][\x80-\xBF]{3}' |
|
903 |
. '|\xF4[\x80-\x8F][\x80-\xBF]{2}' |
|
904 |
. ')/', '?', $str); |
|
905 |
|
ceb5b5
|
906 |
// split by words |
e8b82c
|
907 |
$arr = self::tokenize_string($str, $minlen); |
ceb5b5
|
908 |
|
49dad5
|
909 |
// detect character set |
AM |
910 |
if (utf8_encode(utf8_decode($str)) == $str) { |
|
911 |
// ISO-8859-1 (or ASCII) |
|
912 |
preg_match_all('/./u', 'äâàåáãæçéêëèïîìíñöôòøõóüûùúýÿ', $keys); |
|
913 |
preg_match_all('/./', 'aaaaaaaceeeeiiiinoooooouuuuyy', $values); |
|
914 |
|
|
915 |
$mapping = array_combine($keys[0], $values[0]); |
|
916 |
$mapping = array_merge($mapping, array('ß' => 'ss', 'ae' => 'a', 'oe' => 'o', 'ue' => 'u')); |
|
917 |
} |
|
918 |
else if (rcube_charset::convert(rcube_charset::convert($str, 'UTF-8', 'ISO-8859-2'), 'ISO-8859-2', 'UTF-8') == $str) { |
|
919 |
// ISO-8859-2 |
|
920 |
preg_match_all('/./u', 'ąáâäćçčéęëěíîłľĺńňóôöŕřśšşťţůúűüźžżý', $keys); |
|
921 |
preg_match_all('/./', 'aaaaccceeeeiilllnnooorrsssttuuuuzzzy', $values); |
|
922 |
|
|
923 |
$mapping = array_combine($keys[0], $values[0]); |
|
924 |
$mapping = array_merge($mapping, array('ß' => 'ss', 'ae' => 'a', 'oe' => 'o', 'ue' => 'u')); |
|
925 |
} |
|
926 |
|
ceb5b5
|
927 |
foreach ($arr as $i => $part) { |
49dad5
|
928 |
$part = mb_strtolower($part); |
AM |
929 |
|
|
930 |
if (!empty($mapping)) { |
|
931 |
$part = strtr($part, $mapping); |
ceb5b5
|
932 |
} |
49dad5
|
933 |
|
AM |
934 |
$arr[$i] = $part; |
ceb5b5
|
935 |
} |
TB |
936 |
|
|
937 |
return $as_array ? $arr : join(" ", $arr); |
|
938 |
} |
|
939 |
|
929030
|
940 |
/** |
c32998
|
941 |
* Compare two strings for matching words (order not relevant) |
TB |
942 |
* |
|
943 |
* @param string Haystack |
|
944 |
* @param string Needle |
a03233
|
945 |
* |
AM |
946 |
* @return boolean True if match, False otherwise |
c32998
|
947 |
*/ |
TB |
948 |
public static function words_match($haystack, $needle) |
|
949 |
{ |
cbe701
|
950 |
$a_needle = self::tokenize_string($needle, 1); |
AM |
951 |
$_haystack = join(" ", self::tokenize_string($haystack, 1)); |
|
952 |
$valid = strlen($_haystack) > 0; |
|
953 |
$hits = 0; |
c32998
|
954 |
|
TB |
955 |
foreach ($a_needle as $w) { |
cbe701
|
956 |
if ($valid) { |
AM |
957 |
if (stripos($_haystack, $w) !== false) { |
|
958 |
$hits++; |
|
959 |
} |
|
960 |
} |
|
961 |
else if (stripos($haystack, $w) !== false) { |
c32998
|
962 |
$hits++; |
TB |
963 |
} |
|
964 |
} |
|
965 |
|
|
966 |
return $hits >= count($a_needle); |
|
967 |
} |
|
968 |
|
|
969 |
/** |
929030
|
970 |
* Parse commandline arguments into a hash array |
AM |
971 |
* |
|
972 |
* @param array $aliases Argument alias names |
|
973 |
* |
|
974 |
* @return array Argument values hash |
|
975 |
*/ |
|
976 |
public static function get_opt($aliases = array()) |
|
977 |
{ |
|
978 |
$args = array(); |
|
979 |
|
|
980 |
for ($i=1; $i < count($_SERVER['argv']); $i++) { |
|
981 |
$arg = $_SERVER['argv'][$i]; |
|
982 |
$value = true; |
|
983 |
$key = null; |
|
984 |
|
|
985 |
if ($arg[0] == '-') { |
|
986 |
$key = preg_replace('/^-+/', '', $arg); |
|
987 |
$sp = strpos($arg, '='); |
|
988 |
if ($sp > 0) { |
|
989 |
$key = substr($key, 0, $sp - 2); |
|
990 |
$value = substr($arg, $sp+1); |
|
991 |
} |
|
992 |
else if (strlen($_SERVER['argv'][$i+1]) && $_SERVER['argv'][$i+1][0] != '-') { |
|
993 |
$value = $_SERVER['argv'][++$i]; |
|
994 |
} |
|
995 |
|
|
996 |
$args[$key] = is_string($value) ? preg_replace(array('/^["\']/', '/["\']$/'), '', $value) : $value; |
|
997 |
} |
|
998 |
else { |
|
999 |
$args[] = $arg; |
|
1000 |
} |
|
1001 |
|
|
1002 |
if ($alias = $aliases[$key]) { |
|
1003 |
$args[$alias] = $args[$key]; |
|
1004 |
} |
|
1005 |
} |
|
1006 |
|
|
1007 |
return $args; |
|
1008 |
} |
|
1009 |
|
|
1010 |
/** |
|
1011 |
* Safe password prompt for command line |
|
1012 |
* from http://blogs.sitepoint.com/2009/05/01/interactive-cli-password-prompt-in-php/ |
|
1013 |
* |
|
1014 |
* @return string Password |
|
1015 |
*/ |
|
1016 |
public static function prompt_silent($prompt = "Password:") |
|
1017 |
{ |
|
1018 |
if (preg_match('/^win/i', PHP_OS)) { |
|
1019 |
$vbscript = sys_get_temp_dir() . 'prompt_password.vbs'; |
|
1020 |
$vbcontent = 'wscript.echo(InputBox("' . addslashes($prompt) . '", "", "password here"))'; |
|
1021 |
file_put_contents($vbscript, $vbcontent); |
|
1022 |
|
|
1023 |
$command = "cscript //nologo " . escapeshellarg($vbscript); |
|
1024 |
$password = rtrim(shell_exec($command)); |
|
1025 |
unlink($vbscript); |
|
1026 |
|
|
1027 |
return $password; |
|
1028 |
} |
|
1029 |
else { |
|
1030 |
$command = "/usr/bin/env bash -c 'echo OK'"; |
|
1031 |
if (rtrim(shell_exec($command)) !== 'OK') { |
|
1032 |
echo $prompt; |
|
1033 |
$pass = trim(fgets(STDIN)); |
|
1034 |
echo chr(8)."\r" . $prompt . str_repeat("*", strlen($pass))."\n"; |
|
1035 |
return $pass; |
|
1036 |
} |
|
1037 |
|
|
1038 |
$command = "/usr/bin/env bash -c 'read -s -p \"" . addslashes($prompt) . "\" mypassword && echo \$mypassword'"; |
|
1039 |
$password = rtrim(shell_exec($command)); |
|
1040 |
echo "\n"; |
|
1041 |
return $password; |
|
1042 |
} |
|
1043 |
} |
f707fe
|
1044 |
|
AM |
1045 |
/** |
|
1046 |
* Find out if the string content means true or false |
|
1047 |
* |
|
1048 |
* @param string $str Input value |
|
1049 |
* |
|
1050 |
* @return boolean Boolean value |
|
1051 |
*/ |
|
1052 |
public static function get_boolean($str) |
|
1053 |
{ |
|
1054 |
$str = strtolower($str); |
|
1055 |
|
|
1056 |
return !in_array($str, array('false', '0', 'no', 'off', 'nein', ''), true); |
|
1057 |
} |
|
1058 |
|
517c9f
|
1059 |
/** |
AM |
1060 |
* OS-dependent absolute path detection |
|
1061 |
*/ |
|
1062 |
public static function is_absolute_path($path) |
|
1063 |
{ |
|
1064 |
if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') { |
|
1065 |
return (bool) preg_match('!^[a-z]:[\\\\/]!i', $path); |
|
1066 |
} |
|
1067 |
else { |
29c24e
|
1068 |
return $path[0] == '/'; |
517c9f
|
1069 |
} |
AM |
1070 |
} |
5f5812
|
1071 |
|
AM |
1072 |
/** |
|
1073 |
* Resolve relative URL |
|
1074 |
* |
|
1075 |
* @param string $url Relative URL |
|
1076 |
* |
|
1077 |
* @return string Absolute URL |
|
1078 |
*/ |
|
1079 |
public static function resolve_url($url) |
|
1080 |
{ |
|
1081 |
// prepend protocol://hostname:port |
|
1082 |
if (!preg_match('|^https?://|', $url)) { |
|
1083 |
$schema = 'http'; |
|
1084 |
$default_port = 80; |
|
1085 |
|
|
1086 |
if (self::https_check()) { |
|
1087 |
$schema = 'https'; |
|
1088 |
$default_port = 443; |
|
1089 |
} |
|
1090 |
|
|
1091 |
$prefix = $schema . '://' . preg_replace('/:\d+$/', '', $_SERVER['HTTP_HOST']); |
|
1092 |
if ($_SERVER['SERVER_PORT'] != $default_port) { |
|
1093 |
$prefix .= ':' . $_SERVER['SERVER_PORT']; |
|
1094 |
} |
|
1095 |
|
|
1096 |
$url = $prefix . ($url[0] == '/' ? '' : '/') . $url; |
|
1097 |
} |
|
1098 |
|
|
1099 |
return $url; |
|
1100 |
} |
3994b3
|
1101 |
|
AM |
1102 |
/** |
260869
|
1103 |
* Generate a random string |
3994b3
|
1104 |
* |
8447ba
|
1105 |
* @param int $length String length |
260869
|
1106 |
* @param bool $raw Return RAW data instead of ascii |
3994b3
|
1107 |
* |
AM |
1108 |
* @return string The generated random string |
|
1109 |
*/ |
8447ba
|
1110 |
public static function random_bytes($length, $raw = false) |
3994b3
|
1111 |
{ |
260869
|
1112 |
// Use PHP7 true random generator |
AM |
1113 |
if (function_exists('random_bytes')) { |
b2b9b5
|
1114 |
// random_bytes() can throw an Error/TypeError/Exception in some cases |
e85bbc
|
1115 |
try { |
b2b9b5
|
1116 |
$random = random_bytes($length); |
e85bbc
|
1117 |
} |
b2b9b5
|
1118 |
catch (Throwable $e) {} |
260869
|
1119 |
} |
AM |
1120 |
|
|
1121 |
if (!$random) { |
|
1122 |
$random = openssl_random_pseudo_bytes($length); |
|
1123 |
} |
3994b3
|
1124 |
|
8447ba
|
1125 |
if ($raw) { |
AM |
1126 |
return $random; |
3994b3
|
1127 |
} |
AM |
1128 |
|
260869
|
1129 |
$random = self::bin2ascii($random); |
8447ba
|
1130 |
|
260869
|
1131 |
// truncate to the specified size... |
8447ba
|
1132 |
if ($length < strlen($random)) { |
AM |
1133 |
$random = substr($random, 0, $length); |
3994b3
|
1134 |
} |
AM |
1135 |
|
|
1136 |
return $random; |
|
1137 |
} |
9aae1b
|
1138 |
|
AM |
1139 |
/** |
260869
|
1140 |
* Convert binary data into readable form (containing a-zA-Z0-9 characters) |
AM |
1141 |
* |
|
1142 |
* @param string $input Binary input |
|
1143 |
* |
|
1144 |
* @return string Readable output |
|
1145 |
*/ |
|
1146 |
public static function bin2ascii($input) |
|
1147 |
{ |
|
1148 |
// Above method returns "hexits". |
|
1149 |
// Based on bin_to_readable() function in ext/session/session.c. |
|
1150 |
// Note: removed ",-" characters from hextab |
|
1151 |
$hextab = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; |
|
1152 |
$nbits = 6; // can be 4, 5 or 6 |
|
1153 |
$length = strlen($input); |
|
1154 |
$result = ''; |
|
1155 |
$char = 0; |
|
1156 |
$i = 0; |
|
1157 |
$have = 0; |
|
1158 |
$mask = (1 << $nbits) - 1; |
|
1159 |
|
|
1160 |
while (true) { |
|
1161 |
if ($have < $nbits) { |
|
1162 |
if ($i < $length) { |
|
1163 |
$char |= ord($input[$i++]) << $have; |
|
1164 |
$have += 8; |
|
1165 |
} |
|
1166 |
else if (!$have) { |
|
1167 |
break; |
|
1168 |
} |
|
1169 |
else { |
|
1170 |
$have = $nbits; |
|
1171 |
} |
|
1172 |
} |
|
1173 |
|
|
1174 |
// consume nbits |
|
1175 |
$result .= $hextab[$char & $mask]; |
|
1176 |
$char >>= $nbits; |
|
1177 |
$have -= $nbits; |
|
1178 |
} |
|
1179 |
|
|
1180 |
return $result; |
|
1181 |
} |
|
1182 |
|
|
1183 |
/** |
9aae1b
|
1184 |
* Format current date according to specified format. |
AM |
1185 |
* This method supports microseconds (u). |
|
1186 |
* |
|
1187 |
* @param string $format Date format (default: 'd-M-Y H:i:s O') |
|
1188 |
* |
|
1189 |
* @return string Formatted date |
|
1190 |
*/ |
|
1191 |
public static function date_format($format = null) |
|
1192 |
{ |
|
1193 |
if (empty($format)) { |
|
1194 |
$format = 'd-M-Y H:i:s O'; |
|
1195 |
} |
|
1196 |
|
|
1197 |
if (strpos($format, 'u') !== false |
|
1198 |
&& ($date = date_create_from_format('U.u.e', microtime(true) . '.' . date_default_timezone_get())) |
|
1199 |
) { |
|
1200 |
return $date->format($format); |
|
1201 |
} |
|
1202 |
|
|
1203 |
return date($format); |
|
1204 |
} |
1aceb9
|
1205 |
} |