Commit Graph

100 Commits

Author SHA1 Message Date
Ralf Becker
80774a3468 avoid warning in php5.3, if argument is an array 2009-11-30 14:39:38 +00:00
Klaus Leithoff
e3d06b2219 if we encounter potential malicious script, we run it through html::purify. we test that again against potential malicious code, and drop the content only if we fail the test against the cleaned content as well. we set egw_unset_vars at any case with the original content, in case the application in question makes use of it. 2009-11-24 11:28:49 +00:00
Klaus Leithoff
c5453aa3f9 make sure there is a wordboundary after script, while testing for malicious code (as text like < blabla description blabla > triggered the expunge of the text 2009-11-02 11:36:00 +00:00
Ralf Becker
756ecd2b18 "updated function_backtrace to show if class method is called static (::) or not (->)" 2009-10-12 09:44:36 +00:00
Ralf Becker
bcfe710de2 Fixed typo happend --> happened, as reported by David Rankin 2009-08-25 08:31:37 +00:00
Ralf Becker
cdd5103888 fixing a few more PHP5.3 problems, caused by PHP5.3 behavior to NOT
register cookies in $_REQUEST any more by default (there's now a php.ini
variable 'request_order' to controll that, but we want to work with a
default configuraltion):
- session restore was not working, as only $_REQUEST[sessionid] was checked
- multi domain installs not working, as domain cookie was not checked
- encrypted session were not working, because kp3 cookie was not checked
--> there's now a static method egw_session::get_request($name), which
checks $_REQUEST[$name], $_COOKIE[$name] and for that Safari bug also
$_COOKIE[ucfirst($name)]
2009-08-22 19:32:28 +00:00
Ralf Becker
232252475f patch fixing many depricated functions (eg. posix regular expressions) and features, which fill up the error_log under php5.3 (and will no longer be available under php6).
Patch is mostly created by script in egroupware/doc/fix_depricated.php in separate commit.
I do NOT advice to apply this patch to a production system (it's commited to trunk!), as the automatic modified regular expressions have a good change to break something ...
2009-06-08 16:21:14 +00:00
Ralf Becker
3ec3c205ee created a rpm post script to automatic install or update EGroupware:
- cleaned up exceptions in cli code (no need to log, as it goes direct to the user)
- regarding small rpm redirect header (< 200 bytes) as no header
- fixed wrong detected vars for cli install (eg. webserver_url)
- fixed egw_cache to not stall if system_charset is not yet in db
2009-05-30 20:15:31 +00:00
Ralf Becker
6d72b2b297 - fixed in some cases not working setup-cli (domain not detected)
- make update a separat setup-cmd-object
- fixed handling of egw_exception_wrong_userinput, to not include a
  trace (which is unneeded for regular input-validation)
2009-05-25 06:39:38 +00:00
Ralf Becker
9e202e10f6 "fix for bug #2070" 2009-05-06 10:13:43 +00:00
Ralf Becker
7f976bd883 "fix for newly introduced bug reported on the lists:
Fatal error: Class 'notifications' not found in
  /home/domain/public_html/egw/etemplate/inc/class.bo_tracking.inc.php
--> reverts an older commit fixing a problem between the (depracated and no longer working) browser app and the browser class in the API"
2009-04-29 09:50:25 +00:00
Ralf Becker
eec6596e94 "__autoload()
- fix for error_reporting E_ALL
- disabling search over all apps: classes should either conform to new naming schema or use explicit includes"
2009-04-28 16:18:34 +00:00
Ralf Becker
3da8703202 "fix for bug #2049: PHP Extention error since last SVC update..." 2009-04-21 05:20:04 +00:00
Ralf Becker
bf036043b2 - making all methods of translation class static
- caching the phrases in new egw_cache on Tree level
--> a good speed improvment on my devel system
- also added a global function
check_load_extension($extension,$throw=false)
2009-04-20 11:59:39 +00:00
Ralf Becker
a6836fb367 "some more info for error_log on Exceptions: Instance, User & URL causing the exception" 2009-04-03 13:29:47 +00:00
Ralf Becker
923c98f079 "imporved array2string to give a type-specific output (eg. TRUE or FALSE for boolean)" 2009-04-01 09:32:35 +00:00
Ralf Becker
efb3189b49 "fixed CreateObject to not suppress the error, if it cant find a class file or there are eg. syntax errors in it
--> now you can find the error in the error_log and dont get only a blank page
(also optimized it so far, that we first try to autoload the class and use the diverse \"magic\" only if that fails)"
2009-03-13 12:47:53 +00:00
Ralf Becker
fa73ad5339 Improved exception handling:
- exceptions get now always logged to the error_log
- in the webgui it's now configurable, if the message contains a
  stacktrace (incl. function arguments) - default no (security)
- command line interfaces get detected and contain no html anymore
- webdav and groupdav send the exceptions as basic auth realms to the
  client
- webdav and groupdav login failures contain the reason as part of the
  basic auth realm
2008-10-26 12:13:01 +00:00
Ralf Becker
4694b6e917 "prevent fatal error if only egw_minimal is instanciated in $GLOBALS[egw], eg. setup" 2008-10-26 07:34:21 +00:00
Ralf Becker
d60d8376e1 - classnames according to new naming schema
- file_access method
- updated version and dependencies for 1.6
2008-10-07 17:57:50 +00:00
Ralf Becker
9bca7a7689 moved phpgw compatibility stuff into common_functions.inc.php 2008-10-07 15:50:53 +00:00
Ralf Becker
fa1996a0c9 uiinfolog --> infolog_ui 2008-10-07 12:56:18 +00:00
Ralf Becker
c3e40ade99 added an array of replacement names to ease the transition to the new class naming scheme: app_class 2008-10-07 08:51:14 +00:00
Ralf Becker
cebdeab490 "fixed notice in cron call: Undefined index: egw_unset_vars" 2008-09-29 06:55:25 +00:00
Ralf Becker
1fcb14b03c "- test if $GLOBALS[HTTP_(GET|POST)_VARS] is set to prevent warning
- removed php4 clone function, as we require now php5.1+"
2008-08-16 05:58:33 +00:00
Ralf Becker
b40382df80 exception handler for xajax and ability to use static methods as ajax callbacks eg. filemanager_ui::ajax_check_something 2008-07-27 12:48:39 +00:00
Ralf Becker
5477c71045 "silenced autoloaded class ..." 2008-07-15 06:48:59 +00:00
Ralf Becker
9008414fff "- array2string() to format arrays (or objects) as string, eg. for error_log()
- allow apps to specify their own autoload handler, only tried after the standard one does not find the class"
2008-05-17 07:34:16 +00:00
Ralf Becker
3a5b24dfda "fixed bug reported by matsie(at)terra.es: fatal error on ical export in calendar:
was cased by browser/inc/class.browser.inc.php having top priority in autoloading, which was never intended"
2008-05-06 05:57:21 +00:00
Ralf Becker
a3a7503c0f "new static hook methods (class::method) are navitvly supported from php5.2.3+ on, so we need to add some compatibility for our required php5.1
"
2008-04-27 11:55:11 +00:00
Ralf Becker
4ecce4f5ae allow all php callables (eg. "class::method" for static calls) for ExecMethod, ExecMethod2 and as methodstring for hooks 2008-04-25 18:54:06 +00:00
Ralf Becker
40f32b5d74 "function_backtrace:
- dont output first function param for unserialize()
- limit output of function param to 64 chars"
2008-04-18 14:59:59 +00:00
Ralf Becker
7e22bf1347 "New method try_lang(), usefull for exception handlers or early stages of the initialisation of the egw object,
as calling lang would try to load the translations, evtl. cause more errors, eg. because there's no db-connection."
2008-04-01 10:47:50 +00:00
Ralf Becker
3d909d4776 fixed fatal error "Exception thrown without a stack frame in Unknown on line 0", if DB does not exist when calling the regular eGW url 2008-04-01 10:33:54 +00:00
Ralf Becker
3bf9ad5efa dynamically autoloading sub-object of egw-object, moved __wakeup methods to concerned classes and other "modernsations" ;-) 2008-03-21 20:11:59 +00:00
Klaus Leithoff
85c7be0259 checking if apparray exist in __autoload, before looping through 2008-03-07 10:18:17 +00:00
Ralf Becker
c25ba82735 - slightly modified exception handler, to cover the situation when the egw object is not yet or only partially initialised
- somehow the baseclass stuff in __autoload was never working as intended (could not load the exceptions derived from egw_exception)
2008-01-19 05:28:33 +00:00
Klaus Leithoff
2aa82e48ff expanding the autoload function to enable it to step through the registered modules to find old naming shema classes.
This is due to a bug in felamimail, when typing an address, the auto completion produces an XML Error, because the
socontacts_sql class is not found. 
The problem may be resolved by another method, the solution provided here is probably not wanted, for proper style reasons, 
and will not solve all possible autoload problems.
2008-01-11 12:33:17 +00:00
Ralf Becker
cae8bb40a8 added draft of an exception class for eGW, plus a global exception handler and replaced the fatal errors in the db-class plus the application rights check in the egw object with exceptions, modified the exceptions in admin_cmd* to use egw_excpetion*, instead just Exception 2007-12-06 08:00:41 +00:00
Ralf Becker
82f2b4e91f global bytes() function returning the number of bytes of a string, independent of mbstring available and mbstring.func_overload set 2007-09-29 09:17:42 +00:00
Ralf Becker
88048ecc2f renamed datetime class to egw_datetime to support php5.2 2006-10-22 06:39:49 +00:00
Ralf Becker
4c1d7489fe some code to make register_globals On installs safer, we might commit that after a test-periode to 1.2 too 2006-10-03 15:16:42 +00:00
Ralf Becker
8b199cf8e2 better error-message 2006-08-14 18:33:41 +00:00
Ralf Becker
e419a6aa6d allow ',' in order 2006-03-09 22:33:06 +00:00
Miles Lott
5f9d52623c Fix minor bug in lang() for common, and update setup's version to match common 2006-02-24 03:06:40 +00:00
Ralf Becker
35833c2583 fixed not working reference assignment 2005-11-09 13:54:36 +00:00
Ralf Becker
c5a6a2bcc0 phpgw --> egw plus some documentation 2005-11-09 12:44:32 +00:00
Cornelius Weiß
e4ed1ac5b0 add execmethod2 which could handle multiple arguments
There was no way of patching the existing ExecMethod, as Felamimail,
emailadmin and ldapadmin depend on the class consturction of this
method
2005-11-01 14:19:00 +00:00
Ralf Becker
f99f2ef4e8 1) eGW enviroment (egw_info-array and egw-object) can now be stored in a php-session and restored from there. It is no longer necessary to create it on every page-request.
At the moment you need to log out to activate any changes in the config, preferences or the apps enabled for a user. This can be changed easily by invalidating the cache.
2) New way to create an anoymous session: you can specify a callback function, which gets called if the session could not be verified. The callback can use the DB or instanciate a config object to get the account-date, which it returns. A new session get then created.
2005-07-17 21:00:49 +00:00
Ralf Becker
1a5243c9c4 _check_script_tags function:
1) fixed problems pointed out by gulftech, iframes get now unset too
2) unset variables from _check_script_tags are now found in $GLOBALS['egw_unset_vars'], eg. a posted input-field called content would be found in $GLOBALS['egw_unset_vars']['_POST[content]'] (please not the array is only 1-dimensional!), if it has been unset by check_script_tags
3) speed up the function a bit, by not checking all possible names of the superglobals arrays, if nothing found in $_GET and $_POST
2005-03-15 15:36:44 +00:00