From 506a6573c875a6c56946e46e835bf13f378eb46d Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Fri, 18 Apr 2008 15:37:55 +0000 Subject: [PATCH] function_backtrace: - dont output first function param for unserialize() - limit output of function param to 64 chars --- phpgwapi/inc/common_functions.inc.php | 55 ++++++++++++++------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/phpgwapi/inc/common_functions.inc.php b/phpgwapi/inc/common_functions.inc.php index 708cac8fe3..b4b9d95852 100755 --- a/phpgwapi/inc/common_functions.inc.php +++ b/phpgwapi/inc/common_functions.inc.php @@ -38,9 +38,9 @@ function bytes($str) { static $func_overload; - + if (is_null($func_overload)) $func_overload = extension_loaded('mbstring') ? ini_get('mbstring.func_overload') : 0; - + return $func_overload & 2 ? mb_strlen($str,'ascii') : strlen($str); } @@ -67,7 +67,7 @@ * print debug data only when debugging mode is turned on. * * @author seek3r - * This function is used to debugging data. + * This function is used to debugging data. * print_debug('this is some debugging data',$somevar); */ function print_debug($message,$var = 'messageonly',$part = 'app', $level = 3) @@ -169,7 +169,7 @@ * * @author seek3r * This function is used to validate param data as well as offer flexible function usage. - * + * function somefunc() { $expected_args[0] = Array('name'=>'fname','default'=>'joe', 'type'=>'string'); @@ -181,21 +181,21 @@ //default result would be: // Full name: joe hick bob
} - + Using this it is possible to use the function in any of the following ways somefunc('jack','city','brown'); or somefunc(array('fname'=>'jack','mname'=>'city','lname'=>'brown')); or somefunc(array('lname'=>'brown','fname'=>'jack','mname'=>'city')); - + For the last one, when using named params in an array you dont have to follow any order All three would result in - Full name: jack city brown
- + When you use this method of handling params you can secure your functions as well offer flexibility needed for both normal use and web services use. If you have params that are required just set the default as ##REQUIRED## - Users of your functions can also use ##DEFAULT## to use your default value for a param + Users of your functions can also use ##DEFAULT## to use your default value for a param when using the standard format like this: somefunc('jack','##DEFAULT##','brown'); This would result in - Full name: jack hick brown
@@ -210,7 +210,7 @@ /* This array will contain all types for sanatization checking */ /* only used when an array is passed as the first arg */ $types = Array(); - + /* start by looping thru the expected list and set params with */ /* the default values */ $num = count($expected); @@ -221,9 +221,9 @@ { $required[$expected[$i]['name']] = True; } - $types[$expected[$i]['name']] = $expected[$i]['type']; + $types[$expected[$i]['name']] = $expected[$i]['type']; } - + /* Make sure they passed at least one param */ if(count($recieved) != 0) { @@ -252,7 +252,7 @@ { for ($i = 0; $i < $num; $i++) { - $types[$expected[$i]['name']] = $expected[$i]['type']; + $types[$expected[$i]['name']] = $expected[$i]['type']; } while(list($key,$val) = each($recieved[0])) { @@ -287,7 +287,7 @@ * Validate data. * * @author seek3r - * This function is used to validate input data. + * This function is used to validate input data. * sanitize('number',$somestring); */ function sanitize($string,$type) @@ -387,7 +387,7 @@ { $pass_verify_non_alpha = True; } - + if(@isset($GLOBALS['egw_info']['server']['pass_require_numbers']) && $GLOBALS['egw_info']['server']['pass_require_numbers'] == True) { $pass_verify_num = False; @@ -405,7 +405,7 @@ { $pass_verify_special_char = True; } - + if ($password_length >= $min_length) { for ($i=0; $i != $password_length; $i++) @@ -439,7 +439,7 @@ { $GLOBALS['egw_info']['flags']['msgbox_data']['Password requires at least one special character (non-letter and non-number)']=False; } - + if ($pass_verify_num == True && $pass_verify_special_char == True) { return True; @@ -649,7 +649,7 @@ * retrieve a value from either a POST, GET, COOKIE, SERVER or from a class variable. * * @author skeeter - * This function is used to retrieve a value from a user defined order of methods. + * This function is used to retrieve a value from a user defined order of methods. * $this->id = get_var('id',array('HTTP_POST_VARS'||'POST','HTTP_GET_VARS'||'GET','HTTP_COOKIE_VARS'||'COOKIE','GLOBAL','DEFAULT')); * @param $variable name * @param $method ordered array of methods to search for supplied variable @@ -667,7 +667,7 @@ /** * Load a class and include the class file if not done so already. * - * This function is used to create an instance of a class, and if the class file has not been included it will do so. + * This function is used to create an instance of a class, and if the class file has not been included it will do so. * $GLOBALS['egw']->acl =& CreateObject('phpgwapi.acl'); * * @author RalfBecker@outdoor-training.de @@ -678,7 +678,7 @@ function &CreateObject($class) { list($appname,$classname) = explode('.',$class); - + if ($classname == 'datetime') $classname = 'egw_datetime'; // php5.2 fix include_once(EGW_INCLUDE_ROOT.'/'.$appname.'/inc/class.'.$classname.'.inc.php'); @@ -727,13 +727,13 @@ $newobj = 1; $obj =& CreateObject($acm); } - + if (!method_exists($obj,$method)) { echo "

".function_backtrace().": no methode '$method' in class '$class'

\n"; return False; } - + $args = func_get_args(); unset($args[0]); $code = '$return =& $obj->'.$method.'('; @@ -867,7 +867,7 @@ * duplicates the result of copying an object under php3/4 even when using php5 * * This is critical when looping on db object output and updating or inserting to the database using a copy of the db object. This was first added to GroupWhere - * + * * @deprecated use $copy = clone($obj); * @author milosch * @param $a - Source Object @@ -956,7 +956,7 @@ function _debug_array($array,$print=True) { $output = '
'.print_r($array,true)."
\n"; - + if ($print) { echo $output; @@ -1134,7 +1134,7 @@ return False; } } - + /** * prepend a prefix to an array of table names * @@ -1170,7 +1170,8 @@ if ($remove-- < 0) { $ret[] = (isset($level['class'])?$level['class'].'::':'').$level['function']. - (!$level['class'] ? '('.str_replace(EGW_SERVER_ROOT,'',$level['args'][0]).')' : ''); + (!$level['class'] && !is_object($level['args'][0]) && $level['function'] != 'unserialize' ? + '('.substr(str_replace(EGW_SERVER_ROOT,'',$level['args'][0]),0,64).')' : ''); } } if (is_array($ret)) @@ -1184,7 +1185,7 @@ /** * check $_REQUEST data for XSS, vars containing script tags are moved to $GLOBALS['egw_unset_vars'] * - * @internal + * @internal * @param array &$var reference of array to check * @param string $name='' name of the array */ @@ -1212,7 +1213,7 @@ reset($var); } } - + foreach(array('_GET','_POST','_REQUEST','HTTP_GET_VARS','HTTP_POST_VARS') as $n => $where) { $pregs = array(