def destination(destination, replace): """ Determines the destination path for a file depending on how replacement of existing files should be handled. @param destination A string specifying the desired path. @param replace Replace behavior when the destination file already exists. - FILE_EXISTS_REPLACE - Replace the existing file - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique - FILE_EXISTS_ERROR - Do nothing and return False. @return The destination file path or False if the file already exists and FILE_EXISTS_ERROR was specified. """ if (php.file_exists(destination)): if replace == FILE_EXISTS_RENAME: basename = basename(destination) directory = php.dirname(destination) destination = file_create_filename(basename, directory) elif replace == FILE_EXISTS_ERROR: drupal_set_message(t('The selected file %file could not be copied, \ because a file by that name already exists in the destination.' , \ {'%file' : destination}), 'error') return False return destination
def destination(destination, replace): """ Determines the destination path for a file depending on how replacement of existing files should be handled. @param destination A string specifying the desired path. @param replace Replace behavior when the destination file already exists. - FILE_EXISTS_REPLACE - Replace the existing file - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique - FILE_EXISTS_ERROR - Do nothing and return False. @return The destination file path or False if the file already exists and FILE_EXISTS_ERROR was specified. """ if (php.file_exists(destination)): if replace == FILE_EXISTS_RENAME: basename = basename(destination) directory = php.dirname(destination) destination = file_create_filename(basename, directory) elif replace == FILE_EXISTS_ERROR: drupal_set_message(t('The selected file %file could not be copied, \ because a file by that name already exists in the destination.', \ {'%file' : destination}), 'error') return False return destination
def check_location(source, directory=''): """ Check if a file is really located inside directory + Should be used to make sure a file specified is really located within the directory to prevent exploits. @code // Returns False: file_check_location('/www/example.com/files/../../../etc/passwd', \ '/www/example.com/files') @endcode @param source A string set to the file to check. @param directory A string where the file should be located. @return FALSE for invalid path or the real path of the source. """ check = realpath(source) if (check): source = check else: # This file does not yet exist source = realpath(php.dirname(source)) + '/' + basename(source) directory = realpath(directory) if (directory and php.strpos(source, directory) != 0): return False return source
def check_location(source, directory = ''): """ Check if a file is really located inside directory + Should be used to make sure a file specified is really located within the directory to prevent exploits. @code // Returns False: file_check_location('/www/example.com/files/../../../etc/passwd', \ '/www/example.com/files') @endcode @param source A string set to the file to check. @param directory A string where the file should be located. @return FALSE for invalid path or the real path of the source. """ check = realpath(source) if (check): source = check else: # This file does not yet exist source = realpath(php.dirname(source)) + '/' + basename(source) directory = realpath(directory) if (directory and php.strpos(source, directory) != 0): return False return source
def rebuild_cache(): """ Rebuild the database cache of plugin files. @return The array of filesystem objects used to rebuild the cache. """ # Get current list of plugins files = drupal_system_listing('\.plugin$', 'plugins', 'name', 0) # Extract current files from database. system_get_files_database(files, 'plugin') ksort(files) # Set defaults for plugin info defaults = { 'dependencies' : [], 'dependents' : [], 'description' : '', 'version' : None, 'php' : DRUPAL_MINIMUM_PHP, } for filename,file in files.items(): # Look for the info file. file.info = drupal_parse_info_file(php.dirname(file.filename) + '/' + \ file.name + '.info') # Skip plugins that don't provide info. if (php.empty(file.info)): del(files[filename]) continue # Merge in defaults and save. files[filename].info = file.info + defaults # Invoke hook_system_info_alter() to give installed plugins a chance to # modify the data in the .info files if necessary. drupal_alter('system_info', files[filename].info, files[filename]) # Log the critical hooks implemented by this plugin. bootstrap = 0 for hook in bootstrap_hooks(): if (plugin_hook(file.name, hook)): bootstrap = 1 break # Update the contents of the system table: if (php.isset(file, 'status') or (php.isset(file, 'old_filename') and \ file.old_filename != file.filename)): db_query(\ "UPDATE {system} SET info = '%s', name = '%s', " + \ "filename = '%s', bootstrap = %d WHERE filename = '%s'", \ php.serialize(files[filename].info), file.name, \ file.filename, bootstrap, file.old_filename) else: # This is a new plugin. files[filename].status = 0 db_query(\ "INSERT INTO {system} (name, info, type, " + \ "filename, status, bootstrap) VALUES " + \ "('%s', '%s', '%s', '%s', %d, %d)", \ file.name, php.serialize(files[filename].info), \ 'plugin', file.filename, 0, bootstrap) files = _plugin_build_dependencies(files) return files
def rebuild_cache(): """ Rebuild the database cache of plugin files. @return The array of filesystem objects used to rebuild the cache. """ # Get current list of plugins files = drupal_system_listing('\.plugin$', 'plugins', 'name', 0) # Extract current files from database. system_get_files_database(files, 'plugin') ksort(files) # Set defaults for plugin info defaults = { 'dependencies': [], 'dependents': [], 'description': '', 'version': None, 'php': DRUPAL_MINIMUM_PHP, } for filename, file in files.items(): # Look for the info file. file.info = drupal_parse_info_file(php.dirname(file.filename) + '/' + \ file.name + '.info') # Skip plugins that don't provide info. if (php.empty(file.info)): del (files[filename]) continue # Merge in defaults and save. files[filename].info = file.info + defaults # Invoke hook_system_info_alter() to give installed plugins a chance to # modify the data in the .info files if necessary. drupal_alter('system_info', files[filename].info, files[filename]) # Log the critical hooks implemented by this plugin. bootstrap = 0 for hook in bootstrap_hooks(): if (plugin_hook(file.name, hook)): bootstrap = 1 break # Update the contents of the system table: if (php.isset(file, 'status') or (php.isset(file, 'old_filename') and \ file.old_filename != file.filename)): db_query(\ "UPDATE {system} SET info = '%s', name = '%s', " + \ "filename = '%s', bootstrap = %d WHERE filename = '%s'", \ php.serialize(files[filename].info), file.name, \ file.filename, bootstrap, file.old_filename) else: # This is a new plugin. files[filename].status = 0 db_query(\ "INSERT INTO {system} (name, info, type, " + \ "filename, status, bootstrap) VALUES " + \ "('%s', '%s', '%s', '%s', %d, %d)", \ file.name, php.serialize(files[filename].info), \ 'plugin', file.filename, 0, bootstrap) files = _plugin_build_dependencies(files) return files
def check_path(path): """ Checks path to see if it is a directory, or a dir/file. @param path A string containing a file path + This will be set to the directory's path. @return If the directory is not in a Drupal writable directory, False is returned + Otherwise, the base name of the path is returned. """ php.Reference.check(path) # Check if path is a directory. if (file_check_directory(path)): return '' # Check if path is a possible dir/file. filename = basename(path) path = php.dirname(path) if (file_check_directory(path)): return filename return False
def conf_init(): """ Loads the configuration and sets the base URL, cookie domain, and session name correctly. """ # These will come from settings # db_url, db_prefix, cookie_domain, conf, installed_profile, update_free_access if (lib_appglobals.base_url != None): # Parse fixed base URL from settings.php. parts = php.parse_url(lib_appglobals.base_url) if (not php.isset(parts, 'path')): parts['path'] = '' lib_appglobals.base_path = parts['path'] + '/' # Build base_root (everything until first slash after "scheme://"). lib_appglobals.base_root = \ php.substr(lib_appglobals.base_url, 0, \ php.strlen(lib_appglobals.base_url) - \ php.strlen(parts['path'])) else: # Create base URL lib_appglobals.base_root = \ ('https' if (php.isset(php.SERVER, 'HTTPS') and \ php.SERVER['HTTPS'] == 'on') else 'http') # As php.SERVER['HTTP_HOST'] is user input, ensure it only contains # characters allowed in hostnames. lib_appglobals.base_root += '://' + \ php.preg_replace('/[^a-z0-9-:._]/i', '', \ php.SERVER['HTTP_HOST']) lib_appglobals.base_url = lib_appglobals.base_root # php.SERVER['SCRIPT_NAME'] can, in contrast to php.SERVER['PHP_SELF'], not # be modified by a visitor. dir = php.trim(php.dirname(php.SERVER['SCRIPT_NAME']), '\,/') if (len(dir) > 0): lib_appglobals.base_path = "/dir" lib_appglobals.base_url += lib_appglobals.base_path lib_appglobals.base_path += '/' else: lib_appglobals.base_path = '/' if (settings.cookie_domain != None): # If the user specifies the cookie domain, also use it for session name. session_name_ = settings.cookie_domain else: # Otherwise use base_url as session name, without the protocol # to use the same session identifiers across http and https. session_name_ = php.explode('://', lib_appglobals.base_url, 2)[1] # We escape the hostname because it can be modified by a visitor. if (not php.empty(php.SERVER['HTTP_HOST'])): settings.cookie_domain = check_plain(php.SERVER['HTTP_HOST']) # To prevent session cookies from being hijacked, a user can configure the # SSL version of their website to only transfer session cookies via SSL by # using PHP's session.cookie_secure setting. The browser will then use two # separate session cookies for the HTTPS and HTTP versions of the site. So we # must use different session identifiers for HTTPS and HTTP to prevent a # cookie collision. if (php.ini_get('session.cookie_secure')): session_name_ += 'SSL' # Strip leading periods, www., and port numbers from cookie domain. settings.cookie_domain = php.ltrim(settings.cookie_domain, '.') if (php.strpos(settings.cookie_domain, 'www.') == 0): settings.cookie_domain = php.substr(settings.cookie_domain, 4) settings.cookie_domain = php.explode(':', settings.cookie_domain) settings.cookie_domain = '.' + settings.cookie_domain[0] # Per RFC 2109, cookie domains must contain at least one dot other than the # first. For hosts such as 'localhost' or IP Addresses we don't set a # cookie domain. if (php.count(php.explode('.', settings.cookie_domain)) > 2 and not \ php.is_numeric(php.str_replace('.', '', settings.cookie_domain))): php.ini_set('session.cookie_domain', settings.cookie_domain) #print session_name; lib_session.name('SESS' + php.md5(session_name_))
def conf_init(): """ Loads the configuration and sets the base URL, cookie domain, and session name correctly. """ # These will come from settings # db_url, db_prefix, cookie_domain, conf, installed_profile, update_free_access if lib_appglobals.base_url != None: # Parse fixed base URL from settings.php. parts = php.parse_url(lib_appglobals.base_url) if not php.isset(parts, "path"): parts["path"] = "" lib_appglobals.base_path = parts["path"] + "/" # Build base_root (everything until first slash after "scheme://"). lib_appglobals.base_root = php.substr( lib_appglobals.base_url, 0, php.strlen(lib_appglobals.base_url) - php.strlen(parts["path"]) ) else: # Create base URL lib_appglobals.base_root = ( "https" if (php.isset(php.SERVER, "HTTPS") and php.SERVER["HTTPS"] == "on") else "http" ) # As php.SERVER['HTTP_HOST'] is user input, ensure it only contains # characters allowed in hostnames. lib_appglobals.base_root += "://" + php.preg_replace("/[^a-z0-9-:._]/i", "", php.SERVER["HTTP_HOST"]) lib_appglobals.base_url = lib_appglobals.base_root # php.SERVER['SCRIPT_NAME'] can, in contrast to php.SERVER['PHP_SELF'], not # be modified by a visitor. dir = php.trim(php.dirname(php.SERVER["SCRIPT_NAME"]), "\,/") if len(dir) > 0: lib_appglobals.base_path = "/dir" lib_appglobals.base_url += lib_appglobals.base_path lib_appglobals.base_path += "/" else: lib_appglobals.base_path = "/" if settings.cookie_domain != None: # If the user specifies the cookie domain, also use it for session name. session_name_ = settings.cookie_domain else: # Otherwise use base_url as session name, without the protocol # to use the same session identifiers across http and https. session_name_ = php.explode("://", lib_appglobals.base_url, 2)[1] # We escape the hostname because it can be modified by a visitor. if not php.empty(php.SERVER["HTTP_HOST"]): settings.cookie_domain = check_plain(php.SERVER["HTTP_HOST"]) # To prevent session cookies from being hijacked, a user can configure the # SSL version of their website to only transfer session cookies via SSL by # using PHP's session.cookie_secure setting. The browser will then use two # separate session cookies for the HTTPS and HTTP versions of the site. So we # must use different session identifiers for HTTPS and HTTP to prevent a # cookie collision. if php.ini_get("session.cookie_secure"): session_name_ += "SSL" # Strip leading periods, www., and port numbers from cookie domain. settings.cookie_domain = php.ltrim(settings.cookie_domain, ".") if php.strpos(settings.cookie_domain, "www.") == 0: settings.cookie_domain = php.substr(settings.cookie_domain, 4) settings.cookie_domain = php.explode(":", settings.cookie_domain) settings.cookie_domain = "." + settings.cookie_domain[0] # Per RFC 2109, cookie domains must contain at least one dot other than the # first. For hosts such as 'localhost' or IP Addresses we don't set a # cookie domain. if php.count(php.explode(".", settings.cookie_domain)) > 2 and not php.is_numeric( php.str_replace(".", "", settings.cookie_domain) ): php.ini_set("session.cookie_domain", settings.cookie_domain) # print session_name; lib_session.name("SESS" + php.md5(session_name_))
def hook_init(template): file = php.dirname(template.filename) + '/template.py' if (php.file_exists(file)): lib_theme.processors['template'] = DrupyImport.import_file(file)