root / trunk / contrib / php-xinha.php

Revision 1251, 6.2 kB (checked in by gogo, 2 years ago)

ticket:1518

Changeset requires that if a non default key location is used in xinha_pass_to_php_backend, that the same key location must also be passed as a parameter to xinha_read_passed_data.
Potentially this whole non-default thing could be stripped out as it's perhaps not that useful anyway, but seems reasonable to minimise the change in this manner.

  • Property svn:keywords set to LastChangedDate LastChangedRevision LastChangedBy HeadURL Id
Line 
1<?php
2  /** Write the appropriate xinha_config directives to pass data to a PHP (Plugin) backend file.
3   *
4   *  ImageManager Example:
5   *  The following would be placed in step 3 of your configuration (see the NewbieGuide
6   *  (http://xinha.python-hosting.com/wiki/NewbieGuide)
7   *
8   * <script language="javascript">
9   *  with (xinha_config.ImageManager)
10   *  {
11   *    <?php
12   *      xinha_pass_to_php_backend
13   *      (       
14   *        array
15   *        (
16   *         'images_dir' => '/home/your/directory',
17   *         'images_url' => '/directory'
18   *        )
19   *      )
20   *    ?>
21   *  }
22   *  </script>
23   *
24   */
25     
26  function xinha_pass_to_php_backend($Data, $KeyLocation = 'Xinha:BackendKey', $ReturnPHP = FALSE)
27  {
28   
29    $bk = array();
30    $bk['data']       = serialize($Data);
31   
32    @session_start();
33    if(!isset($_SESSION[$KeyLocation]))
34    {
35      $_SESSION[$KeyLocation] = uniqid('Key_');
36    }
37   
38    $bk['session_name'] = session_name();     
39    $bk['key_location'] = $KeyLocation;     
40    $bk['hash']         =
41      function_exists('sha1') ?
42        sha1($_SESSION[$KeyLocation] . $bk['data'])
43      : md5($_SESSION[$KeyLocation] . $bk['data']);
44     
45     
46    // The data will be passed via a postback to the
47    // backend, we want to make sure these are going to come
48    // out from the PHP as an array like $bk above, so
49    // we need to adjust the keys.
50    $backend_data = array();
51    foreach($bk as $k => $v)
52    {
53      $backend_data["backend_data[$k]"] = $v;
54    }
55   
56    // The session_start() above may have been after data was sent, so cookies
57    // wouldn't have worked.
58    $backend_data[session_name()] = session_id();
59   
60    if($ReturnPHP)
61    {     
62      return array('backend_data' => $backend_data);     
63    }
64    else
65    {     
66      echo 'backend_data = ' . xinha_to_js($backend_data) . "; \n"
67    }               
68  } 
69   
70  /** Convert PHP data structure to Javascript */
71 
72  function xinha_to_js($var, $tabs = 0)
73  {
74    if(is_numeric($var))
75    {
76      return $var;
77    }
78 
79    if(is_string($var))
80    {
81      return "'" . xinha_js_encode($var) . "'";
82    }
83 
84    if(is_bool($var))
85    {
86      return $var ? 'true': 'false';
87    }
88 
89    if(is_array($var))
90    {
91      $useObject = false;
92      foreach(array_keys($var) as $k) {
93          if(!is_numeric($k)) $useObject = true;
94      }
95      $js = array();
96      foreach($var as $k => $v)
97      {
98        $i = "";
99        if($useObject) {
100          if(preg_match('#^[a-zA-Z]+[a-zA-Z0-9]*$#', $k)) {
101            $i .= "$k: ";
102          } else {
103            $i .= "'$k': ";
104          }
105        }
106        $i .= xinha_to_js($v, $tabs + 1);
107        $js[] = $i;
108      }
109      if($useObject) {
110          $ret = "{\n" . xinha_tabify(implode(",\n", $js), $tabs) . "\n}";
111      } else {
112          $ret = "[\n" . xinha_tabify(implode(",\n", $js), $tabs) . "\n]";
113      }
114      return $ret;
115    }
116 
117    return 'null';
118  }
119   
120  /** Like htmlspecialchars() except for javascript strings. */
121 
122  function xinha_js_encode($string)
123  {
124    static $strings = "\\,\",',%,&,<,>,{,},@,\n,\r";
125 
126    if(!is_array($strings))
127    {
128      $tr = array();
129      foreach(explode(',', $strings) as $chr)
130      {
131        $tr[$chr] = sprintf('\x%02X', ord($chr));
132      }
133      $strings = $tr;
134    }
135 
136    return strtr($string, $strings);
137  }
138       
139   
140  /** Used by plugins to get the config passed via
141  *   xinha_pass_to_backend()
142  *  returns either the structure given, or NULL
143  *  if none was passed or a security error was encountered.
144  */
145 
146  function xinha_read_passed_data($KeyLocation = 'Xinha:BackendKey')
147  {
148   if(isset($_REQUEST['backend_data']) && is_array($_REQUEST['backend_data']))
149   {
150     $bk = $_REQUEST['backend_data'];
151     session_name($bk['session_name']);
152     @session_start();
153     if(!isset($_SESSION[$bk['key_location']])) return NULL;
154     
155     if($KeyLocation !== $bk['key_location'])
156     {
157      trigger_error('Programming Error - please contact the website administrator/programmer to alert them to this problem. A non-default backend key location is being used to pass backend data to Xinha, but the same key location is not being used to receive data.  The special backend configuration has been ignored.  To resolve this, find where you are using xinha_pass_to_php_backend and remove the non default key, or find the locations where xinha_read_passed_data is used (in Xinha) and add a parameter with the non default key location, or edit contrib/php-xinha.php and change the default key location in both these functions.  See: http://trac.xinha.org/ticket/1518', E_USER_ERROR);     
158      return NULL;
159     }
160         
161     if($bk['hash']         ===
162        function_exists('sha1') ?
163          sha1($_SESSION[$bk['key_location']] . $bk['data'])
164        : md5($_SESSION[$bk['key_location']] . $bk['data']))
165     {
166       return unserialize(ini_get('magic_quotes_gpc') ? stripslashes($bk['data']) : $bk['data']);
167     }
168   }
169   
170   return NULL;
171  }
172   
173  /** Used by plugins to get a query string that can be sent to the backend
174  * (or another part of the backend) to send the same data.
175  */
176 
177  function xinha_passed_data_querystring()
178  {
179   $qs = array();
180   if(isset($_REQUEST['backend_data']) && is_array($_REQUEST['backend_data']))
181   {
182     foreach($_REQUEST['backend_data'] as $k => $v)
183     {
184       $v ini_get('magic_quotes_gpc') ? stripslashes($v) : $v;
185       $qs[] = "backend_data[" . rawurlencode($k) . "]=" . rawurlencode($v);
186     }       
187   }
188   
189   $qs[] = session_name() . '=' . session_id();
190   return implode('&', $qs);
191  }
192   
193   
194  /** Just space-tab indent some text */
195  function xinha_tabify($text, $tabs)
196  {
197    if($text)
198    {
199      return str_repeat("  ", $tabs) . preg_replace('/\n(.)/', "\n" . str_repeat("  ", $tabs) . "\$1", $text);
200    }
201  }       
202
203  /** Return upload_max_filesize value from php.ini in kilobytes (function adapted from php.net)**/
204  function upload_max_filesize_kb()
205  {
206    $val = ini_get('upload_max_filesize');
207    $val = trim($val);
208    $last = strtolower($val{strlen($val)-1});
209    switch($last)
210    {
211      // The 'G' modifier is available since PHP 5.1.0
212      case 'g':
213        $val *= 1024;
214      case 'm':
215        $val *= 1024;
216   }
217   return $val;
218}
219?>
Note: See TracBrowser for help on using the browser.