Commit Graph

150 Commits

Author SHA1 Message Date
Ralf Becker
80774a3468 avoid warning in php5.3, if argument is an array 2009-11-30 14:39:38 +00:00
Klaus Leithoff
e3d06b2219 if we encounter potential malicious script, we run it through html::purify. we test that again against potential malicious code, and drop the content only if we fail the test against the cleaned content as well. we set egw_unset_vars at any case with the original content, in case the application in question makes use of it. 2009-11-24 11:28:49 +00:00
Klaus Leithoff
c5453aa3f9 make sure there is a wordboundary after script, while testing for malicious code (as text like < blabla description blabla > triggered the expunge of the text 2009-11-02 11:36:00 +00:00
Ralf Becker
756ecd2b18 "updated function_backtrace to show if class method is called static (::) or not (->)" 2009-10-12 09:44:36 +00:00
Ralf Becker
bcfe710de2 Fixed typo happend --> happened, as reported by David Rankin 2009-08-25 08:31:37 +00:00
Ralf Becker
cdd5103888 fixing a few more PHP5.3 problems, caused by PHP5.3 behavior to NOT
register cookies in $_REQUEST any more by default (there's now a php.ini
variable 'request_order' to controll that, but we want to work with a
default configuraltion):
- session restore was not working, as only $_REQUEST[sessionid] was checked
- multi domain installs not working, as domain cookie was not checked
- encrypted session were not working, because kp3 cookie was not checked
--> there's now a static method egw_session::get_request($name), which
checks $_REQUEST[$name], $_COOKIE[$name] and for that Safari bug also
$_COOKIE[ucfirst($name)]
2009-08-22 19:32:28 +00:00
Ralf Becker
232252475f patch fixing many depricated functions (eg. posix regular expressions) and features, which fill up the error_log under php5.3 (and will no longer be available under php6).
Patch is mostly created by script in egroupware/doc/fix_depricated.php in separate commit.
I do NOT advice to apply this patch to a production system (it's commited to trunk!), as the automatic modified regular expressions have a good change to break something ...
2009-06-08 16:21:14 +00:00
Ralf Becker
3ec3c205ee created a rpm post script to automatic install or update EGroupware:
- cleaned up exceptions in cli code (no need to log, as it goes direct to the user)
- regarding small rpm redirect header (< 200 bytes) as no header
- fixed wrong detected vars for cli install (eg. webserver_url)
- fixed egw_cache to not stall if system_charset is not yet in db
2009-05-30 20:15:31 +00:00
Ralf Becker
6d72b2b297 - fixed in some cases not working setup-cli (domain not detected)
- make update a separat setup-cmd-object
- fixed handling of egw_exception_wrong_userinput, to not include a
  trace (which is unneeded for regular input-validation)
2009-05-25 06:39:38 +00:00
Ralf Becker
9e202e10f6 "fix for bug #2070" 2009-05-06 10:13:43 +00:00
Ralf Becker
7f976bd883 "fix for newly introduced bug reported on the lists:
Fatal error: Class 'notifications' not found in
  /home/domain/public_html/egw/etemplate/inc/class.bo_tracking.inc.php
--> reverts an older commit fixing a problem between the (depracated and no longer working) browser app and the browser class in the API"
2009-04-29 09:50:25 +00:00
Ralf Becker
eec6596e94 "__autoload()
- fix for error_reporting E_ALL
- disabling search over all apps: classes should either conform to new naming schema or use explicit includes"
2009-04-28 16:18:34 +00:00
Ralf Becker
3da8703202 "fix for bug #2049: PHP Extention error since last SVC update..." 2009-04-21 05:20:04 +00:00
Ralf Becker
bf036043b2 - making all methods of translation class static
- caching the phrases in new egw_cache on Tree level
--> a good speed improvment on my devel system
- also added a global function
check_load_extension($extension,$throw=false)
2009-04-20 11:59:39 +00:00
Ralf Becker
a6836fb367 "some more info for error_log on Exceptions: Instance, User & URL causing the exception" 2009-04-03 13:29:47 +00:00
Ralf Becker
923c98f079 "imporved array2string to give a type-specific output (eg. TRUE or FALSE for boolean)" 2009-04-01 09:32:35 +00:00
Ralf Becker
efb3189b49 "fixed CreateObject to not suppress the error, if it cant find a class file or there are eg. syntax errors in it
--> now you can find the error in the error_log and dont get only a blank page
(also optimized it so far, that we first try to autoload the class and use the diverse \"magic\" only if that fails)"
2009-03-13 12:47:53 +00:00
Ralf Becker
fa73ad5339 Improved exception handling:
- exceptions get now always logged to the error_log
- in the webgui it's now configurable, if the message contains a
  stacktrace (incl. function arguments) - default no (security)
- command line interfaces get detected and contain no html anymore
- webdav and groupdav send the exceptions as basic auth realms to the
  client
- webdav and groupdav login failures contain the reason as part of the
  basic auth realm
2008-10-26 12:13:01 +00:00
Ralf Becker
4694b6e917 "prevent fatal error if only egw_minimal is instanciated in $GLOBALS[egw], eg. setup" 2008-10-26 07:34:21 +00:00
Ralf Becker
d60d8376e1 - classnames according to new naming schema
- file_access method
- updated version and dependencies for 1.6
2008-10-07 17:57:50 +00:00
Ralf Becker
9bca7a7689 moved phpgw compatibility stuff into common_functions.inc.php 2008-10-07 15:50:53 +00:00
Ralf Becker
fa1996a0c9 uiinfolog --> infolog_ui 2008-10-07 12:56:18 +00:00
Ralf Becker
c3e40ade99 added an array of replacement names to ease the transition to the new class naming scheme: app_class 2008-10-07 08:51:14 +00:00
Ralf Becker
cebdeab490 "fixed notice in cron call: Undefined index: egw_unset_vars" 2008-09-29 06:55:25 +00:00
Ralf Becker
1fcb14b03c "- test if $GLOBALS[HTTP_(GET|POST)_VARS] is set to prevent warning
- removed php4 clone function, as we require now php5.1+"
2008-08-16 05:58:33 +00:00
Ralf Becker
b40382df80 exception handler for xajax and ability to use static methods as ajax callbacks eg. filemanager_ui::ajax_check_something 2008-07-27 12:48:39 +00:00
Ralf Becker
5477c71045 "silenced autoloaded class ..." 2008-07-15 06:48:59 +00:00
Ralf Becker
9008414fff "- array2string() to format arrays (or objects) as string, eg. for error_log()
- allow apps to specify their own autoload handler, only tried after the standard one does not find the class"
2008-05-17 07:34:16 +00:00
Ralf Becker
3a5b24dfda "fixed bug reported by matsie(at)terra.es: fatal error on ical export in calendar:
was cased by browser/inc/class.browser.inc.php having top priority in autoloading, which was never intended"
2008-05-06 05:57:21 +00:00
Ralf Becker
a3a7503c0f "new static hook methods (class::method) are navitvly supported from php5.2.3+ on, so we need to add some compatibility for our required php5.1
"
2008-04-27 11:55:11 +00:00
Ralf Becker
4ecce4f5ae allow all php callables (eg. "class::method" for static calls) for ExecMethod, ExecMethod2 and as methodstring for hooks 2008-04-25 18:54:06 +00:00
Ralf Becker
40f32b5d74 "function_backtrace:
- dont output first function param for unserialize()
- limit output of function param to 64 chars"
2008-04-18 14:59:59 +00:00
Ralf Becker
7e22bf1347 "New method try_lang(), usefull for exception handlers or early stages of the initialisation of the egw object,
as calling lang would try to load the translations, evtl. cause more errors, eg. because there's no db-connection."
2008-04-01 10:47:50 +00:00
Ralf Becker
3d909d4776 fixed fatal error "Exception thrown without a stack frame in Unknown on line 0", if DB does not exist when calling the regular eGW url 2008-04-01 10:33:54 +00:00
Ralf Becker
3bf9ad5efa dynamically autoloading sub-object of egw-object, moved __wakeup methods to concerned classes and other "modernsations" ;-) 2008-03-21 20:11:59 +00:00
Klaus Leithoff
85c7be0259 checking if apparray exist in __autoload, before looping through 2008-03-07 10:18:17 +00:00
Ralf Becker
c25ba82735 - slightly modified exception handler, to cover the situation when the egw object is not yet or only partially initialised
- somehow the baseclass stuff in __autoload was never working as intended (could not load the exceptions derived from egw_exception)
2008-01-19 05:28:33 +00:00
Klaus Leithoff
2aa82e48ff expanding the autoload function to enable it to step through the registered modules to find old naming shema classes.
This is due to a bug in felamimail, when typing an address, the auto completion produces an XML Error, because the
socontacts_sql class is not found. 
The problem may be resolved by another method, the solution provided here is probably not wanted, for proper style reasons, 
and will not solve all possible autoload problems.
2008-01-11 12:33:17 +00:00
Ralf Becker
cae8bb40a8 added draft of an exception class for eGW, plus a global exception handler and replaced the fatal errors in the db-class plus the application rights check in the egw object with exceptions, modified the exceptions in admin_cmd* to use egw_excpetion*, instead just Exception 2007-12-06 08:00:41 +00:00
Ralf Becker
82f2b4e91f global bytes() function returning the number of bytes of a string, independent of mbstring available and mbstring.func_overload set 2007-09-29 09:17:42 +00:00
Ralf Becker
88048ecc2f renamed datetime class to egw_datetime to support php5.2 2006-10-22 06:39:49 +00:00
Ralf Becker
4c1d7489fe some code to make register_globals On installs safer, we might commit that after a test-periode to 1.2 too 2006-10-03 15:16:42 +00:00
Ralf Becker
8b199cf8e2 better error-message 2006-08-14 18:33:41 +00:00
Ralf Becker
e419a6aa6d allow ',' in order 2006-03-09 22:33:06 +00:00
Miles Lott
5f9d52623c Fix minor bug in lang() for common, and update setup's version to match common 2006-02-24 03:06:40 +00:00
Ralf Becker
35833c2583 fixed not working reference assignment 2005-11-09 13:54:36 +00:00
Ralf Becker
c5a6a2bcc0 phpgw --> egw plus some documentation 2005-11-09 12:44:32 +00:00
Cornelius Weiß
e4ed1ac5b0 add execmethod2 which could handle multiple arguments
There was no way of patching the existing ExecMethod, as Felamimail,
emailadmin and ldapadmin depend on the class consturction of this
method
2005-11-01 14:19:00 +00:00
Ralf Becker
f99f2ef4e8 1) eGW enviroment (egw_info-array and egw-object) can now be stored in a php-session and restored from there. It is no longer necessary to create it on every page-request.
At the moment you need to log out to activate any changes in the config, preferences or the apps enabled for a user. This can be changed easily by invalidating the cache.
2) New way to create an anoymous session: you can specify a callback function, which gets called if the session could not be verified. The callback can use the DB or instanciate a config object to get the account-date, which it returns. A new session get then created.
2005-07-17 21:00:49 +00:00
Ralf Becker
1a5243c9c4 _check_script_tags function:
1) fixed problems pointed out by gulftech, iframes get now unset too
2) unset variables from _check_script_tags are now found in $GLOBALS['egw_unset_vars'], eg. a posted input-field called content would be found in $GLOBALS['egw_unset_vars']['_POST[content]'] (please not the array is only 1-dimensional!), if it has been unset by check_script_tags
3) speed up the function a bit, by not checking all possible names of the superglobals arrays, if nothing found in $_GET and $_POST
2005-03-15 15:36:44 +00:00
Ralf Becker
0a104f1063 1) $GLOBALS['phpgw{_info}'] ==> $GLOBALS['egw{_info}']
2) modernized CreateObject
2005-03-04 20:48:05 +00:00
Lars Kneschke
a0cfcc38e4 make the clone hack working with PHP5 too 2004-10-21 18:12:11 +00:00
Ralf Becker
1b53a1ce6d added clone function for php4, use as $db = clone($this->db); 2004-10-19 14:54:57 +00:00
Ralf Becker
d5b8419f8d fixing the fix, now even all sub-arrays get reset 2004-08-24 20:01:49 +00:00
Ralf Becker
e027149a05 fixed delete-problem of anglemail after security update 2004-08-24 10:45:07 +00:00
Ralf Becker
d7fc09daef fixed probs pointed out by Joxean Koret 2004-08-23 18:18:26 +00:00
Ralf Becker
aa86cc11eb small fix 2004-08-22 18:32:20 +00:00
Ralf Becker
092bca5805 small fix 2004-08-22 14:14:38 +00:00
Ralf Becker
1cabb62405 new schema_proc class seems to work now 2004-08-13 18:59:00 +00:00
Lars Kneschke
ab6a4ae74f added class to create pdf file
http://www.fpdf.org
2004-06-04 06:17:23 +00:00
Ralf Becker
5cb848c8d6 re-enabled error-messages if CreateObject fails, gave a blank page, but no error 2004-05-09 20:04:07 +00:00
reinerj
48f840d7de move from old projct to new one 2004-05-05 12:06:13 +00:00
Ralf Becker
273f6b0a2f fix for bug #944311: Calendar: Error on user-defined fields 2004-05-03 10:39:42 +00:00
Lars Kneschke
76f22cc700 make sorting in felmaimail working again 2004-04-20 02:43:11 +00:00
Ralf Becker
517913682c as talked with lars 2004-04-04 18:06:37 +00:00
Ralf Becker
94b0845564 as talked with lars 2004-04-04 17:58:00 +00:00
Miles Lott
745a6c347b Comment out php5-specific code since it causes php4 syntax error 2004-02-20 16:30:19 +00:00
Miles Lott
5b2e153cc6 Possible fix for latest beta of php5 2004-02-20 14:49:39 +00:00
Miles Lott
300badbfec Cleanup other cases of PHP_OS testing for WINNT 2004-01-28 13:34:47 +00:00
Lars Kneschke
0364332b5c add stripslashes for a second level for arrays 2004-01-20 05:28:04 +00:00
Lars Kneschke
69e0eea014 strip slashes from value only if it exists 2004-01-12 06:11:23 +00:00
Miles Lott
e0e5763821 stripslashes on the first level of a posted array, per discussion with lars 2004-01-10 15:04:17 +00:00
Miles Lott
6a08a48087 Should fix array posting problem 2004-01-03 10:36:50 +00:00
Miles Lott
ff8d604036 Maybe some minor speed improvements 2004-01-02 05:47:24 +00:00
Lars Kneschke
75e6e79ddb added stripslashes when magic qoutes is on 2004-01-02 01:42:23 +00:00
Miles Lott
1df412f9c4 ereg_replace/intval update 2003-12-10 11:45:03 +00:00
shrykedude
8b9c73d089 Prefixed code that generates PHP notices with a '@' to minimize new user confusion. 2003-10-24 04:38:48 +00:00
Ralf Becker
6fbf81abed added class to functions_backtrace 2003-10-19 18:25:14 +00:00
Miles Lott
4c74f7e463 Allow passing of single, non-array paramater for e.g. POST or GET to get_var() 2003-10-18 10:36:34 +00:00
Ralf Becker
cb12c82707 added function to generate a function-name backtrace 2003-10-16 16:41:35 +00:00
Ralf Becker
3f3d0c79e9 added function to generate a function-name backtrace 2003-10-16 16:34:45 +00:00
Miles Lott
e07e330732 Add copyobj() function for php5 object cloning vs php3/4 copies, fix _debug_array() for php5 2003-10-16 10:37:31 +00:00
Ralf Becker
b8557e49d9 make the phpgw Version-0_9_16-branch HEAD 2003-08-28 14:31:11 +00:00
Ralf Becker
486fd309c0 changed wrong php-version-number 2003-04-02 10:42:12 +00:00
seek3r
d1f5fdf372 oops. left debug line in safe_args() 2003-01-12 03:46:38 +00:00
seek3r
8ae1ee9e14 fixed validation bug in safe_args() and removed debug line I left in createobject() 2003-01-12 03:43:55 +00:00
seek3r
637307f51c added new safe_args function which should help to make our functions safer and more flexible 2003-01-11 08:32:44 +00:00
seek3r
8abf9fa1a5 Switched to using the register_exit_function() and added scrolling divs to a couple places for examples 2002-09-28 15:20:20 +00:00
skeeter
883882338d Changed EXP_DEBUG_APP to DEBUG_APP. 2002-08-22 03:05:58 +00:00
Miles Lott
eec43e2901 Remove stray whitespace 2002-08-20 12:41:48 +00:00
seek3r
4a2729a720 massive and sweeping change to the link() function, the way the app loads up, to a single templates class instance, to a new template set structure which automaticly handles frames support. We will have much cleanup to do to get apps working again and have them following the new guidelines 2002-05-30 09:47:09 +00:00
seek3r
60a0c1ac74 fixed password strength rules names to be compatible with phpGW 2002-05-27 03:13:28 +00:00
Miles Lott
090f676483 remove stray whitespace, etc 2002-05-26 20:00:35 +00:00
seek3r
d2f00f43ce added password validation routines, as well as general improvements on sanitize function 2002-05-26 08:50:40 +00:00
seek3r
2d37f41455 added password validation routines, as well as general improvements on sanitize function 2002-05-26 08:26:44 +00:00
skeeter
aee8a57ece Added the SERVER usage for HTTP_SERVER_VARS, and added the 4.2.0 check to use the newer [common_functions.inc.php>method>]. 2002-04-30 03:01:01 +00:00
skeeter
92c0505fe3 This now allows the _debug_array() to either print or not print the debug info. 2002-04-06 15:13:51 +00:00
skeeter
3be3f5d506 Interim step in moving a a<less|more>thanb to some sommon functions to use it for app_registry functions. 2002-03-16 02:56:57 +00:00
Miles Lott
78d862aacb minor formatting and grammar 2002-03-02 04:08:20 +00:00
skeeter
6970aefe57 Split out common files from functions.inc.php so that the API and setup can have a single source base. 2002-03-01 12:31:50 +00:00