mirrors/h5ai
1
0
Fork 0
mirror of https://github.com/lrsjng/h5ai.git synced 2025-05-25 20:44:53 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add safety check on PHP options lookup.

Browse source
This commit is contained in:
Lars Jung 2015-05-02 01:44:50 +02:00
parent 6ad53ec2aa
commit 509074c263
6 changed files with 26 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/_h5ai/client/js/inc/main/info.js
View file

@ -62,7 +62,7 @@ modulejs.define('main/info', ['$', 'config'], function ($, config) {
addTest( addTest(
'PHP version', 'PHP version >= ' + setup.MIN_PHP_VERSION, 'PHP version', 'PHP version >= ' + setup.MIN_PHP_VERSION,
setup.HAS_PHP_VERSION, setup.PHP_VERSION setup.HAS_MIN_PHP_VERSION, setup.PHP_VERSION
); );
addTest( addTest(

4
src/_h5ai/server/php/inc/class-api.php
View file

@ -99,7 +99,7 @@ class Api {
private function on_getThumbHref() { private function on_getThumbHref() {
Util::json_fail(Util::RC_DISABLED, "thumbnails disabled", !$this->options["thumbnails"]["enabled"]); Util::json_fail(Util::RC_DISABLED, "thumbnails disabled", !$this->get_option("thumbnails.enabled", false));
Util::json_fail(Util::RC_UNSUPPORTED, "thumbnails not supported", !HAS_PHP_JPG); Util::json_fail(Util::RC_UNSUPPORTED, "thumbnails not supported", !HAS_PHP_JPG);
$type = Util::get_request_param("type"); $type = Util::get_request_param("type");
@ -117,7 +117,7 @@ class Api {
private function on_download() { private function on_download() {
Util::json_fail(Util::RC_DISABLED, "downloads disabled", !$this->options["download"]["enabled"]); Util::json_fail(Util::RC_DISABLED, "downloads disabled", !$this->get_option("download.enabled", false));
$as = Util::get_request_param("as"); $as = Util::get_request_param("as");
$type = Util::get_request_param("type"); $type = Util::get_request_param("type");

25
src/_h5ai/server/php/inc/class-app.php
View file

@ -22,6 +22,21 @@ class App {
} }
public function get_option($keypath, $default) {
$value = $this->options;
$keys = array_filter(explode(".", $keypath));
foreach ($keys as $key) {
if (array_key_exists($key, $value)) {
$value = $value[$key];
} else {
return $default;
}
}
return $value;
}
public function get_setup() { public function get_setup() {
$consts = get_defined_constants(true); $consts = get_defined_constants(true);
@ -53,7 +68,7 @@ class App {
public function get_theme() { public function get_theme() {
$theme = $this->options["view"]["theme"]; $theme = $this->get_option("view.theme", "-NONE-");
$theme_path = APP_PATH . "/client/images/themes/${theme}"; $theme_path = APP_PATH . "/client/images/themes/${theme}";
$icons = array(); $icons = array();
@ -103,7 +118,7 @@ class App {
return true; return true;
} }
foreach ($this->options["view"]["hidden"] as $re) { foreach ($this->get_option("view.hidden", array()) as $re) {
$re = App::$RE_DELIMITER . str_replace(App::$RE_DELIMITER, '\\' . App::$RE_DELIMITER, $re) . App::$RE_DELIMITER; $re = App::$RE_DELIMITER . str_replace(App::$RE_DELIMITER, '\\' . App::$RE_DELIMITER, $re) . App::$RE_DELIMITER;
if (preg_match($re, $name)) { if (preg_match($re, $name)) {
return true; return true;
@ -122,7 +137,7 @@ class App {
if ( if (
$this->is_hidden($name) $this->is_hidden($name)
|| $this->is_hidden($this->to_url($path) . $name) || $this->is_hidden($this->to_url($path) . $name)
|| (!is_readable($path .'/'. $name) && $this->options["view"]["hideIf403"]) || (!is_readable($path .'/'. $name) && $this->get_option("view.hideIf403", false))
) { ) {
continue; continue;
} }
@ -149,7 +164,7 @@ class App {
return false; return false;
} }
foreach ($this->options["view"]["unmanaged"] as $name) { foreach ($this->get_option("view.unmanaged", array()) as $name) {
if (file_exists($path . "/" . $name)) { if (file_exists($path . "/" . $name)) {
return false; return false;
} }
@ -351,7 +366,7 @@ class App {
public function get_customizations($url) { public function get_customizations($url) {
if (!$this->options["custom"]["enabled"]) { if (!$this->get_option("custom.enabled", false)) {
return array( return array(
"header" => null, "header" => null,
"header_type" => null, "header_type" => null,

2
src/_h5ai/server/php/inc/class-bootstrap.php
View file

@ -41,7 +41,7 @@ class Bootstrap {
// PHP // PHP
define("MIN_PHP_VERSION", "5.4.0"); define("MIN_PHP_VERSION", "5.4.0");
define("HAS_PHP_VERSION", version_compare(PHP_VERSION, MIN_PHP_VERSION) >= 0); define("HAS_MIN_PHP_VERSION", version_compare(PHP_VERSION, MIN_PHP_VERSION) >= 0);
define("HAS_PHP_EXIF", function_exists("exif_thumbnail")); define("HAS_PHP_EXIF", function_exists("exif_thumbnail"));
$has_php_jpg = false; $has_php_jpg = false;
if (function_exists("gd_info")) { if (function_exists("gd_info")) {

12
src/_h5ai/server/php/inc/class-item.php
View file

@ -50,18 +50,6 @@ class Item {
$this->date = @filemtime($this->path); $this->date = @filemtime($this->path);
$this->size = Util::filesize($app, $this->path); $this->size = Util::filesize($app, $this->path);
$this->is_content_fetched = false; $this->is_content_fetched = false;
// $options = $app->get_options();
// if (!$this->is_folder && $options["hashes"]["enabled"]) {
if (!$this->is_folder) {
// $this->md5 = md5_file($this->path);
// $this->sha1 = sha1_file($this->path);
$this->md5 = null;
$this->sha1 = null;
} else {
$this->md5 = null;
$this->sha1 = null;
}
} }

4
src/_h5ai/server/php/inc/class-util.php
View file

@ -171,8 +171,8 @@ class Util {
} else if (is_dir($path)) { } else if (is_dir($path)) {
$options = $app->get_options(); $options = $app->get_options();
if ($options["foldersize"]["enabled"]) { if ($app->get_option("foldersize.enabled", false)) {
if (HAS_CMD_DU && $options["foldersize"]["type"] === "shell-du") { if (HAS_CMD_DU && $app->get_option("foldersize.type", null) === "shell-du") {
$cmdv = array("du", "-sk", $path); $cmdv = array("du", "-sk", $path);
$size = intval(preg_replace("#\s.*$#", "", Util::exec_cmdv($cmdv)), 10) * 1024; $size = intval(preg_replace("#\s.*$#", "", Util::exec_cmdv($cmdv)), 10) * 1024;
} else { } else {