Beispiel #1
0
def munge_filename(filename, extensions, alerts = True):
  """
   Munge the filename as needed for security purposes + For instance the file
   name "exploit.php.pps" would become "exploit.php_.pps".
  
   @param filename The name of a file to modify.
   @param extensions A space separated list of extensions that should not
     be altered.
   @param alerts Whether alerts (watchdog, drupal_set_message()) should be
     displayed.
   @return filename The potentially modified filename.
  """
  original = filename
  # Allow potentially insecure uploads for very savvy users and admin
  if (not variable_get('allow_insecure_uploads', 0)):
    whitelist = array_unique(php.explode(' ', php.trim(extensions)))
    # Split the filename up by periods + The first part becomes the basename
    # the last part the final extension.
    filename_parts = php.explode('.', filename)
    new_filename = php.array_shift(filename_parts); # Remove file basename.
    final_extension = php.array_pop(filename_parts); # Remove final extension.
    # Loop through the middle parts of the name and add an underscore to the
    # end of each section that could be a file extension but isn't in the list
    # of allowed extensions.
    for filename_part in filename_parts:
      new_filename += '.' + filename_part
      if (not php.in_array(filename_part, whitelist) and \
          php.preg_match("/^[a-zA-Z]{2,5}\d?$/", filename_part)):
        new_filename += '_'
    filename = new_filename + '.' + final_extension
    if (alerts and original != filename):
      drupal_set_message(t('For security reasons, your upload has ' + \
        'been renamed to %filename.', {'%filename' : filename}))
  return filename
Beispiel #2
0
def validate_image_resolution(file, maximum_dimensions = 0, \
    minimum_dimensions = 0):
    """
   If the file is an image verify that its dimensions are within the specified
   maximum and minimum dimensions + Non-image files will be ignored.
  
   @param file
     A Drupal file object + This function may resize the file
     affecting its size.
   @param maximum_dimensions
     An optional string in the form WIDTHxHEIGHT e.g + '640x480' or '85x85'. If
     an image toolkit is installed the image will be resized down to these
     dimensions + A value of 0 indicates no restriction on size, so resizing
     will be attempted.
   @param minimum_dimensions
     An optional string in the form WIDTHxHEIGHT.
     This will check that the image
     meets a minimum size + A value of 0 indicates no restriction.
   @return
     An array + If the file is an image and did not meet the requirements, it
     will contain an error message.
  """
    php.Reference.check(file)
    errors = []
    # Check first that the file is an image.
    info = image_get_info(file.filepath)
    if (info):
        if (maximum_dimensions):
            # Check that it is smaller than the given dimensions.
            width, height = php.explode('x', maximum_dimensions)
            if (info['width'] > width or info['height'] > height):
                # Try to resize the image to fit the dimensions.
                if (image_get_toolkit() and image_scale(file.filepath, \
                    file.filepath, width, height)):
                    drupal_set_message(t('The image was resized to fit within ' + \
                      'the maximum allowed dimensions of %dimensions pixels.', \
                      {'%dimensions' : maximum_dimensions}))
                    # Clear the cached filesize and refresh the image information.
                    clearstatcache()
                    info = image_get_info(file.filepath)
                    file.filesize = info['file_size']
                else:
                    errors.append( t('The image is too large; the maximum ' + \
                      'dimensions are %dimensions pixels.', \
                      {'%dimensions' : maximum_dimensions}) )
        if (minimum_dimensions):
            # Check that it is larger than the given dimensions.
            width, height = php.explode('x', minimum_dimensions)
            if (info['width'] < width or info['height'] < height):
                errors.append( t('The image is too small; the ' + \
                  'minimum dimensions are %dimensions pixels.', \
                  {'%dimensions' : minimum_dimensions}) )
    return errors
Beispiel #3
0
def validate_image_resolution(file, maximum_dimensions = 0, \
    minimum_dimensions = 0):
  """
   If the file is an image verify that its dimensions are within the specified
   maximum and minimum dimensions + Non-image files will be ignored.
  
   @param file
     A Drupal file object + This function may resize the file
     affecting its size.
   @param maximum_dimensions
     An optional string in the form WIDTHxHEIGHT e.g + '640x480' or '85x85'. If
     an image toolkit is installed the image will be resized down to these
     dimensions + A value of 0 indicates no restriction on size, so resizing
     will be attempted.
   @param minimum_dimensions
     An optional string in the form WIDTHxHEIGHT.
     This will check that the image
     meets a minimum size + A value of 0 indicates no restriction.
   @return
     An array + If the file is an image and did not meet the requirements, it
     will contain an error message.
  """
  php.Reference.check(file)
  errors = []
  # Check first that the file is an image.
  info = image_get_info(file.filepath)
  if (info):
    if (maximum_dimensions):
      # Check that it is smaller than the given dimensions.
      width, height = php.explode('x', maximum_dimensions)
      if (info['width'] > width or info['height'] > height):
        # Try to resize the image to fit the dimensions.
        if (image_get_toolkit() and image_scale(file.filepath, \
            file.filepath, width, height)):
          drupal_set_message(t('The image was resized to fit within ' + \
            'the maximum allowed dimensions of %dimensions pixels.', \
            {'%dimensions' : maximum_dimensions}))
          # Clear the cached filesize and refresh the image information.
          clearstatcache()
          info = image_get_info(file.filepath)
          file.filesize = info['file_size']
        else:
          errors.append( t('The image is too large; the maximum ' + \
            'dimensions are %dimensions pixels.', \
            {'%dimensions' : maximum_dimensions}) )
    if (minimum_dimensions):
      # Check that it is larger than the given dimensions.
      width, height = php.explode('x', minimum_dimensions)
      if (info['width'] < width or info['height'] < height):
        errors.append( t('The image is too small; the ' + \
          'minimum dimensions are %dimensions pixels.', \
          {'%dimensions' : minimum_dimensions}) )
  return errors
Beispiel #4
0
def arg(index=None, path=None):
    """
   Return a component of the current Drupal path.
  
   When viewing a page at the path "admin/build/types", for example, arg(0)
   would return "admin", arg(1) would return "content", and arg(2) would return
   "types".
  
   Avoid use of this function where possible, as resulting code is hard to read.
   Instead, attempt to use named arguments in menu callback functions. See the
   explanation in menu.inc for how to construct callbacks that take arguments.
  
   @param index
     The index of the component, where each component is separated by a '/'
     (forward-slash), and where the first component has an index of 0 (zero).
  
   @return
     The component specified by index, or NULL if the specified component was
     not found.
  """
    php.static(arg, 'arguments', {})
    if (path is None):
        path = php.GET['q']
    if (not php.isset(arg.arguments, path)):
        arg.arguments[path] = php.explode('/', path)
    if (index is None):
        return arg.arguments[path]
    if (php.isset(arg.arguments[path], index)):
        return arg.arguments[path][index]
Beispiel #5
0
def ip_address(reset=False):
    """
   If Drupal is behind a reverse proxy, we use the X-Forwarded-For header
   instead of $_SERVER['REMOTE_ADDR'], which would be the IP address of 
   the proxy server, and not the client's.  If Drupal is run in a cluster
   we use the X-Cluster-Client-Ip header instead.

   @param $reset
     Reset the current IP address saved in static.
   @return
     IP address of client machine, adjusted for reverse proxy and/or cluster
     environments.
  """
    php.static(ip_address, "ip_address")
    if ip_address.ip_address is None or reset:
        ip_address.ip_address = php.SERVER["REMOTE_ADDR"]
        if variable_get("reverse_proxy", 0):
            if php.array_key_exists("HTTP_X_FORWARDED_FOR", php.SERVER):
                # If an array of known reverse proxy IPs is provided, then trust
                # the XFF header if request really comes from one of them.
                reverse_proxy_addresses = variable_get("reverse_proxy_addresses", tuple())
                if not php.empty(reverse_proxy_addresses) and php.in_array(
                    ip_address.ip_address, reverse_proxy_addresses, True
                ):
                    # If there are several arguments, we need to check the most
                    # recently added one, i.e. the last one.
                    ip_address.ip_address = php.array_pop(php.explode(",", php.SERVER["HTTP_X_FORWARDED_FOR"]))
            # When Drupal is run in a cluster environment,
            # REMOTE_ADDR contains the IP
            # address of a server in the cluster, while the IP address
            # of the client is
            # stored in HTTP_X_CLUSTER_CLIENT_IP.
            if php.array_key_exists("HTTP_X_CLUSTER_CLIENT_IP", php.SERVER):
                ip_address.ip_address = php.SERVER["HTTP_X_CLUSTER_CLIENT_IP"]
    return ip_address.ip_address
Beispiel #6
0
def arg(index = None, path = None):
  """
   Return a component of the current Drupal path.
  
   When viewing a page at the path "admin/build/types", for example, arg(0)
   would return "admin", arg(1) would return "content", and arg(2) would return
   "types".
  
   Avoid use of this function where possible, as resulting code is hard to read.
   Instead, attempt to use named arguments in menu callback functions. See the
   explanation in menu.inc for how to construct callbacks that take arguments.
  
   @param index
     The index of the component, where each component is separated by a '/'
     (forward-slash), and where the first component has an index of 0 (zero).
  
   @return
     The component specified by index, or NULL if the specified component was
     not found.
  """
  php.static(arg, 'arguments', {})
  if (path is None):
    path = php.GET['q'];
  if (not php.isset(arg.arguments, path)):
    arg.arguments[path] = php.explode('/', path);
  if (index is None):
    return arg.arguments[path];
  if (php.isset(arg.arguments[path], index)):
    return arg.arguments[path][index];
Beispiel #7
0
def version():
    """
   Returns the version of the database server currently in use.
  
   @return Database server version
  """
    version = php.explode('-', \
      DrupyMySQL.mysqli_get_server_info(lib_appglobals.active_db))
    return version
def version():
  """
   Returns the version of the database server currently in use.
  
   @return Database server version
  """
  version = php.explode('-', \
    DrupyMySQL.mysqli_get_server_info(lib_appglobals.active_db))
  return version
Beispiel #9
0
def drupal_page_cache_header(cache):
    """
   Set HTTP headers in preparation for a cached page response.
  
   The general approach here is that anonymous users can keep a local
   cache of the page, but must revalidate it on every request.  Then,
   they are given a '304 Not Modified' response as long as they stay
   logged out and the page has not been modified.
  """
    # Set default values:
    last_modified = php.gmdate("D, d M Y H:i:s", cache.created) + " GMT"
    etag = '"' + drupy_md5(last_modified) + '"'
    # See if the client has provided the required HTTP headers:
    if_modified_since = (
        php.stripslashes(php.SERVER["HTTP_IF_MODIFIED_SINCE"])
        if php.isset(php.SERVER, "HTTP_IF_MODIFIED_SINCE")
        else False
    )
    if_none_match = (
        php.stripslashes(php.SERVER["HTTP_IF_NONE_MATCH"]) if php.isset(php.SERVER, "HTTP_IF_NONE_MATCH") else False
    )
    if (
        if_modified_since
        and if_none_match
        and if_none_match == etag  # etag must match
        and if_modified_since == last_modified
    ):  # if-modified-since must match
        php.header(php.SERVER["SERVER_PROTOCOL"] + " 304 Not Modified")
        # All 304 responses must send an etag if the 200 response for the same
        # object contained an etag
        php.header("Etag: %(etag)s" % {"etag": etag})
        exit()
    # Send appropriate response:
    php.header("Last-Modified: %(last_modified)s" % {"last_modified": last_modified})
    php.header("Etag: %(etag)s" % {"etag": etag})
    # The following headers force validation of cache:
    php.header("Expires: Sun, 19 Nov 1978 05:00:00 GMT")
    php.header("Cache-Control: must-revalidate")
    if variable_get("page_compression", True):
        # Determine if the browser accepts gzipped data.
        if php.strpos(php.SERVER["HTTP_ACCEPT_ENCODING"], "gzip") == False and php.function_exists("gzencode"):
            # Strip the gzip php.header and run uncompress.
            cache.data = php.gzinflate(php.substr(php.substr(cache.data, 10), 0, -8))
        elif php.function_exists("gzencode"):
            php.header("Content-Encoding: gzip")
    # Send the original request's headers. We send them one after
    # another so PHP's php.header() def can deal with duplicate
    # headers.
    headers = php.explode("\n", cache.headers)
    for php.header_ in headers:
        php.header(php.header_)
    print cache.data
def _query(query_, debug = 0):
  """
   Helper function for db_query().
  """
  if (lib_bootstrap.variable_get('dev_query', 0)):
    usec,sec = php.explode(' ', php.microtime())
    timer = float(usec) + float(sec)
    # If devel.plugin query logging is enabled, prepend a comment 
    # with the username and calling function
    # to the SQL string. This is useful when running mysql's 
    # SHOW PROCESSLIST to learn what exact
    # code is issueing the slow query.
    bt = debug_backtrace()
    # t() may not be available yet so we don't wrap 'Anonymous'
    name = (lib_appglobals.user.name if (lib_appglobals.user.uid > 0) else \
      variable_get('anonymous', 'Anonymous'))
    # php.str_replace() to prevent SQL injection via username
    # or anonymous name.
    name = php.str_replace(['*', '/'], '', name)
    query_ = '/* ' +  name  + ' : ' . bt[2]['function'] + ' */ ' + query_
  result = DrupyMySQL.mysqli_query(lib_appglobals.active_db, query_)
  if (lib_bootstrap.variable_get('dev_query', 0)):
    query_ = bt[2]['function'] +  "\n"  + query_
    usec,sec = php.explode(' ', php.microtime())
    stop = float(usec) + float(sec)
    diff = stop - timer
    lib_appglobals.queries.append( [query_, diff] )
  if (debug):
    print '<p>query: ' +  query_  + '<br />error:' + \
      DrupyMySQL.mysqli_error(lib_appglobals.active_db) + '</p>'
  if (not DrupyMySQL.mysqli_errno(lib_appglobals.active_db)):
    return result
  else:
    # Indicate to drupal_error_handler that this is a database error.
    DB_ERROR = True
    php.trigger_error(lib_bootstrap.check_plain(\
      DrupyMySQL.mysqli_error(lib_appglobals.active_db) +  \
      "\nquery: "  + query_), php.E_USER_WARNING)
    return False
Beispiel #11
0
def _query(query_, debug=0):
    """
   Helper function for db_query().
  """
    if (lib_bootstrap.variable_get('dev_query', 0)):
        usec, sec = php.explode(' ', php.microtime())
        timer = float(usec) + float(sec)
        # If devel.plugin query logging is enabled, prepend a comment
        # with the username and calling function
        # to the SQL string. This is useful when running mysql's
        # SHOW PROCESSLIST to learn what exact
        # code is issueing the slow query.
        bt = debug_backtrace()
        # t() may not be available yet so we don't wrap 'Anonymous'
        name = (lib_appglobals.user.name if (lib_appglobals.user.uid > 0) else \
          variable_get('anonymous', 'Anonymous'))
        # php.str_replace() to prevent SQL injection via username
        # or anonymous name.
        name = php.str_replace(['*', '/'], '', name)
        query_ = '/* ' + name + ' : '.bt[2]['function'] + ' */ ' + query_
    result = DrupyMySQL.mysqli_query(lib_appglobals.active_db, query_)
    if (lib_bootstrap.variable_get('dev_query', 0)):
        query_ = bt[2]['function'] + "\n" + query_
        usec, sec = php.explode(' ', php.microtime())
        stop = float(usec) + float(sec)
        diff = stop - timer
        lib_appglobals.queries.append([query_, diff])
    if (debug):
        print '<p>query: ' +  query_  + '<br />error:' + \
          DrupyMySQL.mysqli_error(lib_appglobals.active_db) + '</p>'
    if (not DrupyMySQL.mysqli_errno(lib_appglobals.active_db)):
        return result
    else:
        # Indicate to drupal_error_handler that this is a database error.
        DB_ERROR = True
        php.trigger_error(lib_bootstrap.check_plain(\
          DrupyMySQL.mysqli_error(lib_appglobals.active_db) +  \
          "\nquery: "  + query_), php.E_USER_WARNING)
        return False
Beispiel #12
0
def registry_load_path_files(return_=False):
    """
   registry_load_path_files
  """
    php.static(registry_load_path_files, 'file_cache_data', [])
    if (return_):
        sort(registry_load_path_files.file_cache_data)
        return registry_load_path_files.file_cache_data
    menu = menu_get_item()
    cache = cache_get('registry:' + menu['path'], 'cache_registry')
    if (not php.empty(cache.data)):
        for file in php.explode(';', cache.data):
            php.require_once(file)
            registry_load_path_files.file_cache_data.append(file)
Beispiel #13
0
def registry_load_path_files(return_=False):
    """
   registry_load_path_files
  """
    php.static(registry_load_path_files, "file_cache_data", [])
    if return_:
        sort(registry_load_path_files.file_cache_data)
        return registry_load_path_files.file_cache_data
    menu = menu_get_item()
    cache = cache_get("registry:" + menu["path"], "cache_registry")
    if not php.empty(cache.data):
        for file in php.explode(";", cache.data):
            php.require_once(file)
            registry_load_path_files.file_cache_data.append(file)
Beispiel #14
0
def drupal_page_cache_header(cache):
    """
   Set HTTP headers in preparation for a cached page response.
  
   The general approach here is that anonymous users can keep a local
   cache of the page, but must revalidate it on every request.  Then,
   they are given a '304 Not Modified' response as long as they stay
   logged out and the page has not been modified.
  """
    # Set default values:
    last_modified = php.gmdate('D, d M Y H:i:s', cache.created) + ' GMT'
    etag = '"' + drupy_md5(last_modified) + '"'
    # See if the client has provided the required HTTP headers:
    if_modified_since =  (php.stripslashes(php.SERVER['HTTP_IF_MODIFIED_SINCE']) \
      if php.isset(php.SERVER, 'HTTP_IF_MODIFIED_SINCE') else False)
    if_none_match = (php.stripslashes(php.SERVER['HTTP_IF_NONE_MATCH']) \
      if php.isset(php.SERVER, 'HTTP_IF_NONE_MATCH') else False)
    if (if_modified_since and if_none_match
            and if_none_match == etag  # etag must match
            and if_modified_since
            == last_modified):  # if-modified-since must match
        php.header(php.SERVER['SERVER_PROTOCOL'] + ' 304 Not Modified')
        # All 304 responses must send an etag if the 200 response for the same
        # object contained an etag
        php.header("Etag: %(etag)s" % {'etag': etag})
        exit()
    # Send appropriate response:
    php.header("Last-Modified: %(last_modified)s" % \
      {'last_modified':last_modified})
    php.header("Etag: %(etag)s" % {'etag': etag})
    # The following headers force validation of cache:
    php.header("Expires: Sun, 19 Nov 1978 05:00:00 GMT")
    php.header("Cache-Control: must-revalidate")
    if (variable_get('page_compression', True)):
        # Determine if the browser accepts gzipped data.
        if (php.strpos(php.SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') == False and \
            php.function_exists('gzencode')):
            # Strip the gzip php.header and run uncompress.
            cache.data = php.gzinflate(
                php.substr(php.substr(cache.data, 10), 0, -8))
        elif (php.function_exists('gzencode')):
            php.header('Content-Encoding: gzip')
    # Send the original request's headers. We send them one after
    # another so PHP's php.header() def can deal with duplicate
    # headers.
    headers = php.explode("\n", cache.headers)
    for php.header_ in headers:
        php.header(php.header_)
    print cache.data
Beispiel #15
0
def munge_filename(filename, extensions, alerts=True):
    """
   Munge the filename as needed for security purposes + For instance the file
   name "exploit.php.pps" would become "exploit.php_.pps".
  
   @param filename The name of a file to modify.
   @param extensions A space separated list of extensions that should not
     be altered.
   @param alerts Whether alerts (watchdog, drupal_set_message()) should be
     displayed.
   @return filename The potentially modified filename.
  """
    original = filename
    # Allow potentially insecure uploads for very savvy users and admin
    if (not variable_get('allow_insecure_uploads', 0)):
        whitelist = array_unique(php.explode(' ', php.trim(extensions)))
        # Split the filename up by periods + The first part becomes the basename
        # the last part the final extension.
        filename_parts = php.explode('.', filename)
        new_filename = php.array_shift(filename_parts)
        # Remove file basename.
        final_extension = php.array_pop(filename_parts)
        # Remove final extension.
        # Loop through the middle parts of the name and add an underscore to the
        # end of each section that could be a file extension but isn't in the list
        # of allowed extensions.
        for filename_part in filename_parts:
            new_filename += '.' + filename_part
            if (not php.in_array(filename_part, whitelist) and \
                php.preg_match("/^[a-zA-Z]{2,5}\d?$/", filename_part)):
                new_filename += '_'
        filename = new_filename + '.' + final_extension
        if (alerts and original != filename):
            drupal_set_message(t('For security reasons, your upload has ' + \
              'been renamed to %filename.', {'%filename' : filename}))
    return filename
Beispiel #16
0
def timer_read(name):
    """
   Read the current timer value without stopping the timer.
  
   @param name
     The name of the timer.
   @return
     The current timer value in ms.
  """
    if (php.isset(lib_appglobals.timers[name], 'start')):
        (usec, sec) = php.explode(' ', php.microtime())
        stop = float(usec) + float(sec)
        diff = round((stop - lib_appglobals.timers[name]['start']) * 1000, 2)
        if (php.isset(lib_appglobals.timers[name], 'time')):
            diff += lib_appglobals.timers[name]['time']
        return diff
Beispiel #17
0
def timer_read(name):
    """
   Read the current timer value without stopping the timer.
  
   @param name
     The name of the timer.
   @return
     The current timer value in ms.
  """
    if php.isset(lib_appglobals.timers[name], "start"):
        (usec, sec) = php.explode(" ", php.microtime())
        stop = float(usec) + float(sec)
        diff = round((stop - lib_appglobals.timers[name]["start"]) * 1000, 2)
        if php.isset(lib_appglobals.timers[name], "time"):
            diff += lib_appglobals.timers[name]["time"]
        return diff
Beispiel #18
0
def timer_start(name):
    """
   Start the timer with the specified name. If you start and stop
   the same timer multiple times, the measured intervals will be
   accumulated.
  
   @param name
     The name of the timer.
  """
    if lib_appglobals.timers == None:
        lib_appglobals.timers = {}
    if not php.isset(lib_appglobals.timers, name):
        lib_appglobals.timers[name] = {}
    (usec, sec) = php.explode(" ", php.microtime())
    lib_appglobals.timers[name]["start"] = float(usec) + float(sec)
    lib_appglobals.timers[name]["count"] = (
        (lib_appglobals.timers[name]["count"] + 1) if php.isset(lib_appglobals.timers[name], "count") else 1
    )
Beispiel #19
0
def timer_start(name):
    """
   Start the timer with the specified name. If you start and stop
   the same timer multiple times, the measured intervals will be
   accumulated.
  
   @param name
     The name of the timer.
  """
    if lib_appglobals.timers == None:
        lib_appglobals.timers = {}
    if not php.isset(lib_appglobals.timers, name):
        lib_appglobals.timers[name] = {}
    (usec, sec) = php.explode(' ', php.microtime())
    lib_appglobals.timers[name]['start'] = float(usec) + float(sec)
    lib_appglobals.timers[name]['count'] = \
      ((lib_appglobals.timers[name]['count'] + 1) if \
      php.isset(lib_appglobals.timers[name],'count') else 1)
Beispiel #20
0
def initialize():
  """
    Choose a language for the page, based on language negotiation settings.
  """
  # Configured presentation language mode.
  mode = variable_get('language_negotiation', \
    lib_bootstrap.LANGUAGE_NEGOTIATION_NONE)
  # Get a list of enabled languages.
  languages = lib_bootstrap.language_list('enabled')
  languages = languages[1]
  if mode == lib_bootstrap.LANGUAGE_NEGOTIATION_NONE:
    return language_default()
  elif mode == lib_bootstrap.LANGUAGE_NEGOTIATION_DOMAIN:
    for language in languages:
      parts = php.parse_url(language.domain)
      if (not php.empty(parts['host']) and \
          (php.SERVER['php.SERVER_NAME'] == parts['host'])):
        return language
    return language_default()
  elif mode == lib_bootstrap.LANGUAGE_NEGOTIATION_PATH_DEFAULT or \
      mode == lib_bootstrap.LANGUAGE_NEGOTIATION_PATH:
    # _GET['q'] might not be available at this time, because
    # path initialization runs after the language bootstrap phase.
    args =  (php.explode('/', _GET['q']) if php.isset(_GET, 'q') else [])
    prefix = php.array_shift(args)
    # Search prefix within enabled languages.
    for language in languages:
      if (not php.empty(language.prefix) and language.prefix == prefix):
        # Rebuild php.GET['q'] with the language removed.
        php.GET['q'] = php.implode('/', args)
        return language
    if (mode == LANGUAGE_NEGOTIATION_PATH_DEFAULT):
      # If we did not found the language by prefix, choose the default.
      return language_default()
  # User language.
  if (lib_appglobals.user.uid and \
      php.isset(languages[lib_appglobals.user.language])):
    return languages[lib_appglobals.user.language]
  # Browser accept-language parsing.
  language = language_from_browser()
  if (language):
    return language
  # Fall back on the default if everything else fails.
  return language_default()
Beispiel #21
0
def initialize():
    """
    Choose a language for the page, based on language negotiation settings.
  """
    # Configured presentation language mode.
    mode = variable_get('language_negotiation', \
      lib_bootstrap.LANGUAGE_NEGOTIATION_NONE)
    # Get a list of enabled languages.
    languages = lib_bootstrap.language_list('enabled')
    languages = languages[1]
    if mode == lib_bootstrap.LANGUAGE_NEGOTIATION_NONE:
        return language_default()
    elif mode == lib_bootstrap.LANGUAGE_NEGOTIATION_DOMAIN:
        for language in languages:
            parts = php.parse_url(language.domain)
            if (not php.empty(parts['host']) and \
                (php.SERVER['php.SERVER_NAME'] == parts['host'])):
                return language
        return language_default()
    elif mode == lib_bootstrap.LANGUAGE_NEGOTIATION_PATH_DEFAULT or \
        mode == lib_bootstrap.LANGUAGE_NEGOTIATION_PATH:
        # _GET['q'] might not be available at this time, because
        # path initialization runs after the language bootstrap phase.
        args = (php.explode('/', _GET['q']) if php.isset(_GET, 'q') else [])
        prefix = php.array_shift(args)
        # Search prefix within enabled languages.
        for language in languages:
            if (not php.empty(language.prefix) and language.prefix == prefix):
                # Rebuild php.GET['q'] with the language removed.
                php.GET['q'] = php.implode('/', args)
                return language
        if (mode == LANGUAGE_NEGOTIATION_PATH_DEFAULT):
            # If we did not found the language by prefix, choose the default.
            return language_default()
    # User language.
    if (lib_appglobals.user.uid and \
        php.isset(languages[lib_appglobals.user.language])):
        return languages[lib_appglobals.user.language]
    # Browser accept-language parsing.
    language = language_from_browser()
    if (language):
        return language
    # Fall back on the default if everything else fails.
    return language_default()
Beispiel #22
0
def ip_address(reset=False):
    """
   If Drupal is behind a reverse proxy, we use the X-Forwarded-For header
   instead of $_SERVER['REMOTE_ADDR'], which would be the IP address of 
   the proxy server, and not the client's.  If Drupal is run in a cluster
   we use the X-Cluster-Client-Ip header instead.

   @param $reset
     Reset the current IP address saved in static.
   @return
     IP address of client machine, adjusted for reverse proxy and/or cluster
     environments.
  """
    php.static(ip_address, 'ip_address')
    if (ip_address.ip_address is None or reset):
        ip_address.ip_address = php.SERVER['REMOTE_ADDR']
        if (variable_get('reverse_proxy', 0)):
            if (php.array_key_exists('HTTP_X_FORWARDED_FOR', php.SERVER)):
                # If an array of known reverse proxy IPs is provided, then trust
                # the XFF header if request really comes from one of them.
                reverse_proxy_addresses = variable_get('reverse_proxy_addresses', \
                  tuple())
                if (not php.empty(reverse_proxy_addresses) and \
                    php.in_array(ip_address.ip_address, reverse_proxy_addresses, \
                    True)):
                    # If there are several arguments, we need to check the most
                    # recently added one, i.e. the last one.
                    ip_address.ip_address = php.array_pop(\
                      php.explode(',', php.SERVER['HTTP_X_FORWARDED_FOR']))
            # When Drupal is run in a cluster environment,
            # REMOTE_ADDR contains the IP
            # address of a server in the cluster, while the IP address
            # of the client is
            # stored in HTTP_X_CLUSTER_CLIENT_IP.
            if (php.array_key_exists('HTTP_X_CLUSTER_CLIENT_IP', php.SERVER)):
                ip_address.ip_address = php.SERVER['HTTP_X_CLUSTER_CLIENT_IP']
    return ip_address.ip_address
Beispiel #23
0
def from_browser():
    """
   Identify language from the Accept-language HTTP php.header we got.
  """
    # Specified by the user via the browser's Accept Language setting
    # Samples: "hu, en-us;q=0.66, en;q=0.33", "hu,en-us;q=0.5"
    browser_langs = []
    if (php.isset(php.SERVER, 'HTTP_ACCEPT_LANGUAGE')):
        browser_accept = php.explode(",", php.SERVER['HTTP_ACCEPT_LANGUAGE'])
        for i in range(php.count(browser_accept)):
            # The language part is either a code or a code with a quality.
            # We cannot do anything with a * code, so it is skipped.
            # If the quality is missing, it is assumed to be 1 according to the RFC.
            if (php.preg_match("not ([a-z-]+)(;q=([0-9\\.]+))?not ", \
                php.trim(browser_accept[i]), found)):
                browser_langs[found[1]] = (float(found[3]) if \
                  php.isset(found, 3) else 1.0)
    # Order the codes by quality
    arsort(browser_langs)
    # Try to find the first preferred language we have
    languages = language_list('enabled')
    for langcode, q in browser_langs.items():
        if (php.isset(languages['1'], langcode)):
            return languages['1'][langcode]
Beispiel #24
0
def from_browser():
  """
   Identify language from the Accept-language HTTP php.header we got.
  """
  # Specified by the user via the browser's Accept Language setting
  # Samples: "hu, en-us;q=0.66, en;q=0.33", "hu,en-us;q=0.5"
  browser_langs = []
  if (php.isset(php.SERVER, 'HTTP_ACCEPT_LANGUAGE')):
    browser_accept = php.explode(",", php.SERVER['HTTP_ACCEPT_LANGUAGE'])
    for i in range(php.count(browser_accept)):
      # The language part is either a code or a code with a quality.
      # We cannot do anything with a * code, so it is skipped.
      # If the quality is missing, it is assumed to be 1 according to the RFC.
      if (php.preg_match("not ([a-z-]+)(;q=([0-9\\.]+))?not ", \
          php.trim(browser_accept[i]), found)):
        browser_langs[found[1]] = (float(found[3]) if \
          php.isset(found, 3) else 1.0)
  # Order the codes by quality
  arsort(browser_langs)
  # Try to find the first preferred language we have
  languages = language_list('enabled')
  for langcode,q in browser_langs.items():
    if (php.isset(languages['1'], langcode)):
      return languages['1'][langcode]
Beispiel #25
0
def conf_init():
    """
   Loads the configuration and sets the base URL, cookie domain, and
   session name correctly.
  """
    # These will come from settings
    # db_url, db_prefix, cookie_domain, conf, installed_profile, update_free_access
    if lib_appglobals.base_url != None:
        # Parse fixed base URL from settings.php.
        parts = php.parse_url(lib_appglobals.base_url)
        if not php.isset(parts, "path"):
            parts["path"] = ""
        lib_appglobals.base_path = parts["path"] + "/"
        # Build base_root (everything until first slash after "scheme://").
        lib_appglobals.base_root = php.substr(
            lib_appglobals.base_url, 0, php.strlen(lib_appglobals.base_url) - php.strlen(parts["path"])
        )
    else:
        # Create base URL
        lib_appglobals.base_root = (
            "https" if (php.isset(php.SERVER, "HTTPS") and php.SERVER["HTTPS"] == "on") else "http"
        )
        # As php.SERVER['HTTP_HOST'] is user input, ensure it only contains
        # characters allowed in hostnames.
        lib_appglobals.base_root += "://" + php.preg_replace("/[^a-z0-9-:._]/i", "", php.SERVER["HTTP_HOST"])
        lib_appglobals.base_url = lib_appglobals.base_root
        # php.SERVER['SCRIPT_NAME'] can, in contrast to php.SERVER['PHP_SELF'], not
        # be modified by a visitor.
        dir = php.trim(php.dirname(php.SERVER["SCRIPT_NAME"]), "\,/")
        if len(dir) > 0:
            lib_appglobals.base_path = "/dir"
            lib_appglobals.base_url += lib_appglobals.base_path
            lib_appglobals.base_path += "/"
        else:
            lib_appglobals.base_path = "/"
    if settings.cookie_domain != None:
        # If the user specifies the cookie domain, also use it for session name.
        session_name_ = settings.cookie_domain
    else:
        # Otherwise use base_url as session name, without the protocol
        # to use the same session identifiers across http and https.
        session_name_ = php.explode("://", lib_appglobals.base_url, 2)[1]
        # We escape the hostname because it can be modified by a visitor.
        if not php.empty(php.SERVER["HTTP_HOST"]):
            settings.cookie_domain = check_plain(php.SERVER["HTTP_HOST"])
    # To prevent session cookies from being hijacked, a user can configure the
    # SSL version of their website to only transfer session cookies via SSL by
    # using PHP's session.cookie_secure setting. The browser will then use two
    # separate session cookies for the HTTPS and HTTP versions of the site. So we
    # must use different session identifiers for HTTPS and HTTP to prevent a
    # cookie collision.
    if php.ini_get("session.cookie_secure"):
        session_name_ += "SSL"
    # Strip leading periods, www., and port numbers from cookie domain.
    settings.cookie_domain = php.ltrim(settings.cookie_domain, ".")
    if php.strpos(settings.cookie_domain, "www.") == 0:
        settings.cookie_domain = php.substr(settings.cookie_domain, 4)
    settings.cookie_domain = php.explode(":", settings.cookie_domain)
    settings.cookie_domain = "." + settings.cookie_domain[0]
    # Per RFC 2109, cookie domains must contain at least one dot other than the
    # first. For hosts such as 'localhost' or IP Addresses we don't set a
    # cookie domain.
    if php.count(php.explode(".", settings.cookie_domain)) > 2 and not php.is_numeric(
        php.str_replace(".", "", settings.cookie_domain)
    ):
        php.ini_set("session.cookie_domain", settings.cookie_domain)
    # print session_name;
    lib_session.name("SESS" + php.md5(session_name_))
Beispiel #26
0
def conf_init():
    """
   Loads the configuration and sets the base URL, cookie domain, and
   session name correctly.
  """
    # These will come from settings
    # db_url, db_prefix, cookie_domain, conf, installed_profile, update_free_access
    if (lib_appglobals.base_url != None):
        # Parse fixed base URL from settings.php.
        parts = php.parse_url(lib_appglobals.base_url)
        if (not php.isset(parts, 'path')):
            parts['path'] = ''
        lib_appglobals.base_path = parts['path'] + '/'
        # Build base_root (everything until first slash after "scheme://").
        lib_appglobals.base_root = \
          php.substr(lib_appglobals.base_url, 0, \
          php.strlen(lib_appglobals.base_url) - \
          php.strlen(parts['path']))
    else:
        # Create base URL
        lib_appglobals.base_root = \
          ('https' if (php.isset(php.SERVER, 'HTTPS') and \
          php.SERVER['HTTPS'] == 'on') else 'http')
        # As php.SERVER['HTTP_HOST'] is user input, ensure it only contains
        # characters allowed in hostnames.
        lib_appglobals.base_root += '://' + \
          php.preg_replace('/[^a-z0-9-:._]/i', '', \
          php.SERVER['HTTP_HOST'])
        lib_appglobals.base_url = lib_appglobals.base_root
        # php.SERVER['SCRIPT_NAME'] can, in contrast to php.SERVER['PHP_SELF'], not
        # be modified by a visitor.
        dir = php.trim(php.dirname(php.SERVER['SCRIPT_NAME']), '\,/')
        if (len(dir) > 0):
            lib_appglobals.base_path = "/dir"
            lib_appglobals.base_url += lib_appglobals.base_path
            lib_appglobals.base_path += '/'
        else:
            lib_appglobals.base_path = '/'
    if (settings.cookie_domain != None):
        # If the user specifies the cookie domain, also use it for session name.
        session_name_ = settings.cookie_domain
    else:
        # Otherwise use base_url as session name, without the protocol
        # to use the same session identifiers across http and https.
        session_name_ = php.explode('://', lib_appglobals.base_url, 2)[1]
        # We escape the hostname because it can be modified by a visitor.
        if (not php.empty(php.SERVER['HTTP_HOST'])):
            settings.cookie_domain = check_plain(php.SERVER['HTTP_HOST'])
    # To prevent session cookies from being hijacked, a user can configure the
    # SSL version of their website to only transfer session cookies via SSL by
    # using PHP's session.cookie_secure setting. The browser will then use two
    # separate session cookies for the HTTPS and HTTP versions of the site. So we
    # must use different session identifiers for HTTPS and HTTP to prevent a
    # cookie collision.
    if (php.ini_get('session.cookie_secure')):
        session_name_ += 'SSL'
    # Strip leading periods, www., and port numbers from cookie domain.
    settings.cookie_domain = php.ltrim(settings.cookie_domain, '.')
    if (php.strpos(settings.cookie_domain, 'www.') == 0):
        settings.cookie_domain = php.substr(settings.cookie_domain, 4)
    settings.cookie_domain = php.explode(':', settings.cookie_domain)
    settings.cookie_domain = '.' + settings.cookie_domain[0]
    # Per RFC 2109, cookie domains must contain at least one dot other than the
    # first. For hosts such as 'localhost' or IP Addresses we don't set a
    # cookie domain.
    if (php.count(php.explode('.', settings.cookie_domain)) > 2 and not \
        php.is_numeric(php.str_replace('.', '', settings.cookie_domain))):
        php.ini_set('session.cookie_domain', settings.cookie_domain)
    #print session_name;
    lib_session.name('SESS' + php.md5(session_name_))