From 3267fc0266c5b85d418537a016d7e1a1cbfb8f2f Mon Sep 17 00:00:00 2001
From: Clemens Schwaighofer <clemens.schwaighofer@egplusww.com>
Date: Wed, 22 Jan 2020 14:55:23 +0900
Subject: [PATCH] Updates and fixes, remove .htaccess

Remove .htaccess file with php variable settings as this will not work
on FPM calls.
Various minor fixes in core libs

Basic lib debug output check is now a sub class so we can use this
everywhere without writing the whole if statement again

Basic lib has a dummy uniq id method added. Not yet finished
---
 .htaccess => .htaccess.old                |  0
 www/includes/edit_base.php                |  5 +-
 www/layout/admin/javascript/edit.jq.js    | 13 +--
 www/lib/CoreLibs/Admin/Backend.php        |  1 +
 www/lib/CoreLibs/Basic.php                | 98 +++++++++++++++++++++--
 www/lib/CoreLibs/Output/Form/Generate.php |  4 +-
 www/lib/FileUpload/qqFileUploader.php     |  2 +-
 7 files changed, 107 insertions(+), 16 deletions(-)
 rename .htaccess => .htaccess.old (100%)

diff --git a/.htaccess b/.htaccess.old
similarity index 100%
rename from .htaccess
rename to .htaccess.old
diff --git a/www/includes/edit_base.php b/www/includes/edit_base.php
index d9244e4a..4f8f450b 100644
--- a/www/includes/edit_base.php
+++ b/www/includes/edit_base.php
@@ -282,7 +282,7 @@ if ($form->my_page_name == 'edit_order') {
 				''
 			).
 			// filename
-			$data['filename'].
+			(isset($data['filename']) ? $data['filename'] : '').
 			// query string
 			(isset($data['query_string']) && $data['query_string'] ?
 				$data['query_string'] :
@@ -294,7 +294,8 @@ if ($form->my_page_name == 'edit_order') {
 			$menu_data[$i]['splitfactor_in'] = 0;
 		}
 		// on matching, we also need to check if we are in the same folder
-		if ($data['filename'] == $form->getPageName() &&
+		if (isset($data['filename']) &&
+			$data['filename'] == $form->getPageName() &&
 			(!isset($data['hostname']) || (
 				isset($data['hostname']) &&
 					(!$data['hostname'] || strstr($data['hostname'], CONTENT_PATH) !== false)
diff --git a/www/layout/admin/javascript/edit.jq.js b/www/layout/admin/javascript/edit.jq.js
index 7272c0fd..c1ce5906 100644
--- a/www/layout/admin/javascript/edit.jq.js
+++ b/www/layout/admin/javascript/edit.jq.js
@@ -86,9 +86,10 @@ function getScrollOffset()
 function setCenter(id, left, top)
 {
 	// get size of id
-	var dimensions = {};
-	dimensions.height = $('#' + id).height();
-	dimensions.width = $('#' + id).width();
+	var dimensions = {
+		height: $('#' + id).height(),
+		width: $('#' + id).width()
+	};
 	var type = $('#' + id).css('position');
 	var viewport = getWindowSize();
 	var offset = getScrollOffset();
@@ -474,11 +475,11 @@ function overlayBoxHide()
  */
 function setOverlayBox()
 {
-	var viewport = document.viewport.getDimensions();
-	$('#overlayBox').setStyle ({
+/*	var viewport = document.viewport.getDimensions();
+	$('#overlayBox').css ({
 		width: '100%',
 		height: '100%'
-	});
+	});*/
 	$('#overlayBox').show();
 }
 
diff --git a/www/lib/CoreLibs/Admin/Backend.php b/www/lib/CoreLibs/Admin/Backend.php
index c38241bd..853b3957 100644
--- a/www/lib/CoreLibs/Admin/Backend.php
+++ b/www/lib/CoreLibs/Admin/Backend.php
@@ -256,6 +256,7 @@ class Backend extends \CoreLibs\DB\IO
 						$type = 'popup';
 					} else {
 						$type = 'normal';
+						/** @phan-suppress-next-line PhanTypeArraySuspicious */
 						$data['popup'] = 0;
 					}
 					$query_string = '';
diff --git a/www/lib/CoreLibs/Basic.php b/www/lib/CoreLibs/Basic.php
index 047154a1..a6fab41e 100644
--- a/www/lib/CoreLibs/Basic.php
+++ b/www/lib/CoreLibs/Basic.php
@@ -686,6 +686,63 @@ class Basic
 		}
 	}
 
+	/**
+	 * checks if we have a need to work on certain debug output
+	 * Needs debug/echo/print ad target for which of the debug flag groups we check
+	 * also needs level string to check in the per level output flag check.
+	 * In case we have invalid target it will return false
+	 * @param  string $target target group to check debug/echo/print
+	 * @param  string $level  level to check in detailed level flag
+	 * @return bool           true on access allowed or false on no access
+	 */
+	private function doDebugTrigger(string $target, string $level): bool
+	{
+		$access = false;
+		// check if we do debug, echo or print
+		switch ($target) {
+			case 'debug':
+				if ((
+						(isset($this->debug_output[$level]) && $this->debug_output[$level]) ||
+						$this->debug_output_all
+					) &&
+					(!isset($this->debug_output_not[$level]) ||
+						(isset($this->debug_output_not[$level]) && !$this->debug_output_not[$level])
+					)
+				) {
+					$access = true;
+				}
+				break;
+			case 'echo':
+				if ((
+						(isset($this->echo_output[$level]) && $this->echo_output[$level]) ||
+						$this->echo_output_all
+					) &&
+					(!isset($this->echo_output_not[$level]) ||
+						(isset($this->echo_output_not[$level]) && !$this->echo_output_not[$level])
+					)
+				) {
+					$access = true;
+				}
+				break;
+			case 'print':
+				if ((
+						(isset($this->print_output[$level]) && $this->print_output[$level]) ||
+						$this->print_output_all
+					) &&
+					(!isset($this->print_output_not[$level]) ||
+						(isset($this->print_output_not[$level]) && !$this->print_output_not[$level])
+					)
+				) {
+					$access = true;
+				}
+				break;
+			default:
+				// fall through with access false
+				break;
+		}
+		return $access;
+	}
+
 	/**
 	 * write debug data to error_msg array
 	 * @param  string       $level  id for error message, groups messages together
@@ -697,7 +754,7 @@ class Basic
 	 */
 	public function debug(string $level, string $string, bool $strip = false): void
 	{
-		if (($this->debug_output[$level] || $this->debug_output_all) && !$this->debug_output_not[$level]) {
+		if ($this->doDebugTrigger('debug', $level)) {
 			if (!isset($this->error_msg[$level])) {
 				$this->error_msg[$level] = '';
 			}
@@ -721,7 +778,7 @@ class Basic
 			// write to file if set
 			$this->writeErrorMsg($level, $error_string_print);
 			// write to error level
-			if (($this->echo_output[$level] || $this->echo_output_all) && !$this->echo_output_not[$level]) {
+			if ($this->doDebugTrigger('echo', $level)) {
 				$this->error_msg[$level] .= $error_string;
 			}
 		}
@@ -782,8 +839,8 @@ class Basic
 			}
 			$script_end = microtime(true) - $this->script_starttime;
 			foreach ($this->error_msg as $level => $temp_debug_output) {
-				if (($this->debug_output[$level] || $this->debug_output_all) && !$this->debug_output_not[$level]) {
-					if (($this->echo_output[$level] || $this->echo_output_all) && !$this->echo_output_not[$level]) {
+				if ($this->doDebugTrigger('debug', $level)) {
+					if ($this->doDebugTrigger('echo', $level)) {
 						$string_output .= '<div style="font-size: 12px;">[<span style="font-style: italic; color: #c56c00;">'.$level.'</span>] '.(($string) ? "<b>**** ".$this->htmlent($string)." ****</b>\n" : "").'</div>';
 						$string_output .= $temp_debug_output;
 					} // echo it out
@@ -809,9 +866,9 @@ class Basic
 	 */
 	private function writeErrorMsg(string $level, string $error_string): void
 	{
-		if (($this->debug_output[$level] || $this->debug_output_all) && !$this->debug_output_not[$level]) {
+		if ($this->doDebugTrigger('debug', $level)) {
 			// only write if write is requested
-			if (($this->print_output[$level] || $this->print_output_all) && !$this->print_output_not[$level]) {
+			if ($this->doDebugTrigger('print', $level)) {
 				// replace all html tags
 				// $error_string = preg_replace("/(<\/?)(\w+)([^>]*>)/", "##\\2##", $error_string);
 				// $error_string = preg_replace("/(<\/?)(\w+)([^>]*>)/", "", $error_string);
@@ -2648,6 +2705,35 @@ class Basic
 		);
 	}
 
+	/**
+	 * TODO: make this a proper uniq ID creation
+	 *       add uuidv4 subcall to the uuid function too
+	 * creates a uniq id
+	 * @param  string $type uniq id type, currently md5 or sha256 allowed
+	 *                      if not set will use DEFAULT_HASH if set
+	 * @return string       uniq id
+	 */
+	public function uniqId(string $type = ''): string
+	{
+		$uniq_id = '';
+		switch ($type) {
+			case 'md5':
+				$uniq_id = md5(uniqid((string)rand(), true));
+				break;
+			case 'sha256':
+				$uniq_id = hash('sha256', uniqid((string)rand(), true));
+				break;
+			default:
+				$hash = 'sha256';
+				if (is_defined(DEFAULT_HASH)) {
+					$hash = DEFAULT_HASH;
+				}
+				$uniq_id = hash($hash, uniqid((string)rand(), true));
+				break;
+		}
+		return $uniq_id;
+	}
+
 	// [!!! DEPRECATED !!!]
 	// ALL crypt* methids are DEPRECATED and SHALL NOT BE USED
 	// use the new password* instead
diff --git a/www/lib/CoreLibs/Output/Form/Generate.php b/www/lib/CoreLibs/Output/Form/Generate.php
index 12b6beba..5b9a96b2 100644
--- a/www/lib/CoreLibs/Output/Form/Generate.php
+++ b/www/lib/CoreLibs/Output/Form/Generate.php
@@ -689,7 +689,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 						$t_string .= $field_array['before_value'];
 					}
 					// must have res element set
-					if (isset($res[$field_array['name']])) {
+					if (isset($field_array['name']) &&
+						isset($res[$field_array['name']])
+					) {
 						if (isset($field_array['binary'])) {
 							if (isset($field_array['binary'][0])) {
 								$t_string .= $field_array['binary'][0];
diff --git a/www/lib/FileUpload/qqFileUploader.php b/www/lib/FileUpload/qqFileUploader.php
index 7a17d433..265c9ca5 100755
--- a/www/lib/FileUpload/qqFileUploader.php
+++ b/www/lib/FileUpload/qqFileUploader.php
@@ -2,7 +2,7 @@
 
 namespace FileUpload;
 
-use \FileUpload\Core;
+// use \FileUpload\Core;
 
 class qqFileUploader
 {