Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
bab8460f80 | ||
|
|
a092217201 | ||
|
|
e286d7f913 | ||
|
|
e148a39902 | ||
|
|
b7d5a79c3a | ||
|
|
9f8a86b4b0 |
@@ -1 +1 @@
|
||||
9.24.1
|
||||
9.25.3
|
||||
|
||||
@@ -14,9 +14,6 @@ declare(strict_types=1);
|
||||
|
||||
namespace CoreLibs\Admin;
|
||||
|
||||
use Exception;
|
||||
use SmartyException;
|
||||
|
||||
class EditBase
|
||||
{
|
||||
/** @var array<mixed> */
|
||||
@@ -63,6 +60,7 @@ class EditBase
|
||||
// smarty template engine (extended Translation version)
|
||||
$this->smarty = new \CoreLibs\Template\SmartyExtend(
|
||||
$l10n,
|
||||
$log,
|
||||
$options['cache_id'] ?? '',
|
||||
$options['compile_id'] ?? '',
|
||||
);
|
||||
@@ -538,8 +536,7 @@ class EditBase
|
||||
* builds the smarty content and runs smarty display output
|
||||
*
|
||||
* @return void
|
||||
* @throws Exception
|
||||
* @throws SmartyException
|
||||
* @throws \Smarty\Exception
|
||||
*/
|
||||
public function editBaseRun(
|
||||
?string $template_dir = null,
|
||||
|
||||
@@ -363,11 +363,12 @@ class Session
|
||||
* set the auto write close flag
|
||||
*
|
||||
* @param bool $flag
|
||||
* @return void
|
||||
* @return Session
|
||||
*/
|
||||
public function setAutoWriteClose(bool $flag): void
|
||||
public function setAutoWriteClose(bool $flag): Session
|
||||
{
|
||||
$this->auto_write_close = $flag;
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -513,14 +514,15 @@ class Session
|
||||
*
|
||||
* @param string $name array name in _SESSION
|
||||
* @param mixed $value value to set (can be anything)
|
||||
* @return void
|
||||
* @return Session
|
||||
*/
|
||||
public function set(string $name, mixed $value): void
|
||||
public function set(string $name, mixed $value): Session
|
||||
{
|
||||
$this->checkValidSessionEntryKey($name);
|
||||
$this->restartSession();
|
||||
$_SESSION[$name] = $value;
|
||||
$this->closeSessionCall();
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -577,16 +579,17 @@ class Session
|
||||
* unset one _SESSION entry 'name' if exists
|
||||
*
|
||||
* @param string $name _SESSION key name to remove
|
||||
* @return void
|
||||
* @return Session
|
||||
*/
|
||||
public function unset(string $name): void
|
||||
public function unset(string $name): Session
|
||||
{
|
||||
if (!isset($_SESSION[$name])) {
|
||||
return;
|
||||
return $this;
|
||||
}
|
||||
$this->restartSession();
|
||||
unset($_SESSION[$name]);
|
||||
$this->closeSessionCall();
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -26,7 +26,9 @@ class ConvertPlaceholder
|
||||
. '&&|' // array overlap
|
||||
. '\-\|\-|' // range overlap for array
|
||||
. '[^-]-{1}|' // single -, used in JSON too
|
||||
. '->|->>|#>|#>>|@>|<@|@@|@\?|\?{1}|\?\||\?&|#-'; //JSON searches, Array searchs, etc
|
||||
. '->|->>|#>|#>>|@>|<@|@@|@\?|\?{1}|\?\||\?&|#-|' // JSON searches, Array searchs, etc
|
||||
. 'THEN|ELSE' // command parts (CASE)
|
||||
;
|
||||
/** @var string the main regex including the pattern query split */
|
||||
private const PATTERN_ELEMENT = '(?:\'.*?\')?\s*(?:' . self::PATTERN_QUERY_SPLIT . ')\s*';
|
||||
/** @var string comment regex
|
||||
|
||||
@@ -115,7 +115,7 @@ class AsymmetricAnonymousEncryption
|
||||
* @return string
|
||||
* @throws \UnexpectedValueException key pair empty
|
||||
* @throws \UnexpectedValueException invalid hex key pair
|
||||
* @throws \UnexpectedValueException key pair not correct size
|
||||
* @throws \RangeException key pair not correct size
|
||||
*/
|
||||
private function createKeyPair(
|
||||
#[\SensitiveParameter]
|
||||
@@ -147,7 +147,7 @@ class AsymmetricAnonymousEncryption
|
||||
* @return string
|
||||
* @throws \UnexpectedValueException public key empty
|
||||
* @throws \UnexpectedValueException invalid hex key
|
||||
* @throws \UnexpectedValueException invalid key length
|
||||
* @throws \RangeException invalid key length
|
||||
*/
|
||||
private function createPublicKey(?string $public_key): string
|
||||
{
|
||||
@@ -256,13 +256,13 @@ class AsymmetricAnonymousEncryption
|
||||
* sets the private key for encryption
|
||||
*
|
||||
* @param string $key_pair Key pair in hex
|
||||
* @return void
|
||||
* @return AsymmetricAnonymousEncryption
|
||||
* @throws \UnexpectedValueException key pair empty
|
||||
*/
|
||||
public function setKeyPair(
|
||||
#[\SensitiveParameter]
|
||||
string $key_pair
|
||||
) {
|
||||
): AsymmetricAnonymousEncryption {
|
||||
if (empty($key_pair)) {
|
||||
throw new \UnexpectedValueException('Key pair cannot be empty');
|
||||
}
|
||||
@@ -277,6 +277,7 @@ class AsymmetricAnonymousEncryption
|
||||
// check if valid
|
||||
$this->createPublicKey($this->public_key);
|
||||
}
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -308,10 +309,10 @@ class AsymmetricAnonymousEncryption
|
||||
* extract the public key from the key pair
|
||||
*
|
||||
* @param string $public_key Public Key in hex
|
||||
* @return void
|
||||
* @return AsymmetricAnonymousEncryption
|
||||
* @throws \UnexpectedValueException public key empty
|
||||
*/
|
||||
public function setPublicKey(string $public_key)
|
||||
public function setPublicKey(string $public_key): AsymmetricAnonymousEncryption
|
||||
{
|
||||
if (empty($public_key)) {
|
||||
throw new \UnexpectedValueException('Public key cannot be empty');
|
||||
@@ -320,6 +321,7 @@ class AsymmetricAnonymousEncryption
|
||||
$this->createPublicKey($public_key);
|
||||
$this->public_key = $public_key;
|
||||
sodium_memzero($public_key);
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -209,13 +209,13 @@ class SymmetricEncryption
|
||||
* set a new key for encryption
|
||||
*
|
||||
* @param string $key
|
||||
* @return void
|
||||
* @return SymmetricEncryption
|
||||
* @throws \UnexpectedValueException key cannot be empty
|
||||
*/
|
||||
public function setKey(
|
||||
#[\SensitiveParameter]
|
||||
string $key
|
||||
) {
|
||||
): SymmetricEncryption {
|
||||
if (empty($key)) {
|
||||
throw new \UnexpectedValueException('Key cannot be empty');
|
||||
}
|
||||
@@ -224,6 +224,7 @@ class SymmetricEncryption
|
||||
// set key
|
||||
$this->key = $key;
|
||||
sodium_memzero($key);
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -19,12 +19,13 @@ declare(strict_types=1);
|
||||
|
||||
namespace CoreLibs\Template;
|
||||
|
||||
// leading slash if this is in lib\Smarty
|
||||
class SmartyExtend extends \Smarty
|
||||
class SmartyExtend extends \Smarty\Smarty
|
||||
{
|
||||
// internal translation engine
|
||||
/** @var \CoreLibs\Language\L10n */
|
||||
/** @var \CoreLibs\Language\L10n language class */
|
||||
public \CoreLibs\Language\L10n $l10n;
|
||||
/** @var \CoreLibs\Logging\Logging $log logging class */
|
||||
public \CoreLibs\Logging\Logging $log;
|
||||
|
||||
// lang & encoding
|
||||
/** @var string */
|
||||
@@ -157,14 +158,18 @@ class SmartyExtend extends \Smarty
|
||||
* calls L10 for pass on internaly in smarty
|
||||
* also registers the getvar caller plugin
|
||||
*
|
||||
* @param \CoreLibs\Language\L10n $l10n l10n language class
|
||||
* @param string|null $cache_id
|
||||
* @param string|null $compile_id
|
||||
* @param \CoreLibs\Language\L10n $l10n l10n language class
|
||||
* @param \CoreLibs\Logging\Logging $log Logger class
|
||||
* @param string|null $cache_id [default=null]
|
||||
* @param string|null $compile_id [default=null]
|
||||
* @param array<string,mixed> $options [default=[]]
|
||||
*/
|
||||
public function __construct(
|
||||
\CoreLibs\Language\L10n $l10n,
|
||||
\CoreLibs\Logging\Logging $log,
|
||||
?string $cache_id = null,
|
||||
?string $compile_id = null
|
||||
?string $compile_id = null,
|
||||
array $options = []
|
||||
) {
|
||||
// trigger deprecation
|
||||
if (
|
||||
@@ -177,14 +182,33 @@ class SmartyExtend extends \Smarty
|
||||
E_USER_DEPRECATED
|
||||
);
|
||||
}
|
||||
// set variables (to be deprecated)
|
||||
$cache_id = $cache_id ??
|
||||
(defined('CACHE_ID') ? CACHE_ID : '');
|
||||
$compile_id = $compile_id ??
|
||||
(defined('COMPILE_ID') ? COMPILE_ID : '');
|
||||
// set variables from global constants (deprecated)
|
||||
if ($cache_id === null && defined('CACHE_ID')) {
|
||||
trigger_error(
|
||||
'SmartyExtended: No cache_id set and CACHE_ID constant set, this is deprecated',
|
||||
E_USER_DEPRECATED
|
||||
);
|
||||
$cache_id = CACHE_ID;
|
||||
}
|
||||
if ($compile_id === null && defined('COMPILE_ID')) {
|
||||
trigger_error(
|
||||
'SmartyExtended: No compile_id set and COMPILE_ID constant set, this is deprecated',
|
||||
E_USER_DEPRECATED
|
||||
);
|
||||
$compile_id = COMPILE_ID;
|
||||
}
|
||||
if (empty($cache_id)) {
|
||||
throw new \BadMethodCallException('cache_id parameter is not set');
|
||||
}
|
||||
if (empty($compile_id)) {
|
||||
throw new \BadMethodCallException('compile_id parameter is not set');
|
||||
}
|
||||
|
||||
// call basic smarty
|
||||
// or Smarty::__construct();
|
||||
parent::__construct();
|
||||
|
||||
$this->log = $log;
|
||||
|
||||
// init lang
|
||||
$this->l10n = $l10n;
|
||||
// parse and read, legacy stuff
|
||||
@@ -194,7 +218,6 @@ class SmartyExtend extends \Smarty
|
||||
$this->lang_short = $locale['lang_short'];
|
||||
$this->domain = $locale['domain'];
|
||||
$this->lang_dir = $locale['path'];
|
||||
|
||||
// opt load functions so we can use legacy init for smarty run perhaps
|
||||
\CoreLibs\Language\L10n::loadFunctions();
|
||||
_setlocale(LC_MESSAGES, $locale['locale']);
|
||||
@@ -203,7 +226,6 @@ class SmartyExtend extends \Smarty
|
||||
_bind_textdomain_codeset($this->domain, $this->encoding);
|
||||
|
||||
// register smarty variable
|
||||
// $this->registerPlugin(\Smarty\Smarty::PLUGIN_MODIFIER, 'getvar', [&$this, 'getTemplateVars']);
|
||||
$this->registerPlugin(self::PLUGIN_MODIFIER, 'getvar', [&$this, 'getTemplateVars']);
|
||||
|
||||
$this->page_name = \CoreLibs\Get\System::getPageName();
|
||||
@@ -211,6 +233,77 @@ class SmartyExtend extends \Smarty
|
||||
// set internal settings
|
||||
$this->CACHE_ID = $cache_id;
|
||||
$this->COMPILE_ID = $compile_id;
|
||||
// set options
|
||||
$this->setOptions($options);
|
||||
}
|
||||
|
||||
/**
|
||||
* set options
|
||||
*
|
||||
* @param array<string,mixed> $options
|
||||
* @return void
|
||||
*/
|
||||
private function setOptions(array $options): void
|
||||
{
|
||||
// set escape html if option is set
|
||||
if (!empty($options['escape_html'])) {
|
||||
$this->setEscapeHtml(true);
|
||||
}
|
||||
// load plugins
|
||||
// plugin array:
|
||||
// 'file': string, path to plugin content to load
|
||||
// 'type': a valid smarty type see Smarty PLUGIN_ constants for correct names
|
||||
// 'tag': the smarty tag
|
||||
// 'callback': the function to call in 'file'
|
||||
if (!empty($options['plugins'])) {
|
||||
foreach ($options['plugins'] as $plugin) {
|
||||
// file is readable
|
||||
if (
|
||||
empty($plugin['file']) ||
|
||||
!is_file($plugin['file']) ||
|
||||
!is_readable($plugin['file'])
|
||||
) {
|
||||
$this->log->warning('SmartyExtended plugin load failed, file not accessable', [
|
||||
'plugin' => $plugin,
|
||||
]);
|
||||
continue;
|
||||
}
|
||||
// tag is alphanumeric
|
||||
if (!preg_match("/^\w+$/", $plugin['tag'] ?? '')) {
|
||||
$this->log->warning('SmartyExtended plugin load failed, invalid tag', [
|
||||
'plugin' => $plugin,
|
||||
]);
|
||||
continue;
|
||||
}
|
||||
// callback is alphanumeric
|
||||
if (!preg_match("/^\w+$/", $plugin['callback'] ?? '')) {
|
||||
$this->log->warning('SmartyExtended plugin load failed, invalid callback', [
|
||||
'plugin' => $plugin,
|
||||
]);
|
||||
continue;
|
||||
}
|
||||
try {
|
||||
/** @phan-suppress-next-line PhanNoopNew */
|
||||
new \ReflectionClassConstant($this, $plugin['type']);
|
||||
} catch (\ReflectionException $e) {
|
||||
$this->log->error('SmartyExtended plugin load failed, type is not valid', [
|
||||
'message' => $e->getMessage(),
|
||||
'plugin' => $plugin,
|
||||
]);
|
||||
continue;
|
||||
}
|
||||
try {
|
||||
require $plugin['file'];
|
||||
$this->registerPlugin($plugin['type'], $plugin['tag'], $plugin['callback']);
|
||||
} catch (\Smarty\Exception $e) {
|
||||
$this->log->error('SmartyExtended plugin load failed with exception', [
|
||||
'message' => $e->getMessage(),
|
||||
'plugin' => $plugin,
|
||||
]);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -5196,6 +5196,27 @@ final class CoreLibsDBIOTest extends TestCase
|
||||
SQL,
|
||||
'count' => 1,
|
||||
'convert' => false,
|
||||
],
|
||||
'update with case' => [
|
||||
'query' => <<<SQL
|
||||
UPDATE table_with_primary_key SET
|
||||
row_int = $1::INT,
|
||||
row_varchar = CASE WHEN row_int = 1 THEN $2 ELSE 'bar'::VARCHAR END
|
||||
WHERE
|
||||
row_varchar = $3
|
||||
SQL,
|
||||
'count' => 3,
|
||||
'convert' => false,
|
||||
],
|
||||
'select with case' => [
|
||||
'query' => <<<SQL
|
||||
SELECT row_int
|
||||
FROM table_with_primary_key
|
||||
WHERE
|
||||
row_varchar = CASE WHEN row_int = 1 THEN $1 ELSE $2 END
|
||||
SQL,
|
||||
'count' => 2,
|
||||
'convert' => false,
|
||||
]
|
||||
];
|
||||
}
|
||||
|
||||
@@ -13,6 +13,11 @@ use PHPUnit\Framework\TestCase;
|
||||
*/
|
||||
final class CoreLibsSecurityPasswordTest extends TestCase
|
||||
{
|
||||
/**
|
||||
* Undocumented function
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function passwordProvider(): array
|
||||
{
|
||||
return [
|
||||
@@ -21,6 +26,11 @@ final class CoreLibsSecurityPasswordTest extends TestCase
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Note: we need different hash types for PHP versions
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function passwordRehashProvider(): array
|
||||
{
|
||||
return [
|
||||
@@ -63,6 +73,10 @@ final class CoreLibsSecurityPasswordTest extends TestCase
|
||||
*/
|
||||
public function testPasswordRehashCheck(string $input, bool $expected): void
|
||||
{
|
||||
// in PHP 8.4 the length is $12
|
||||
if (PHP_VERSION_ID > 80400) {
|
||||
$input = str_replace('$2y$10$', '$2y$12$', $input);
|
||||
}
|
||||
$this->assertEquals(
|
||||
$expected,
|
||||
\CoreLibs\Security\Password::passwordRehashCheck($input)
|
||||
|
||||
Reference in New Issue
Block a user