From 256a566edafa1cff0c8eafb7f744d8b612fd0862 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Fri, 8 Jan 2016 17:34:07 +0900 Subject: [PATCH 1/5] Miscellaneous optimization of function library --- classes/context/Context.class.php | 1 + config/func.inc.php | 219 +++++++++++++----------------- 2 files changed, 99 insertions(+), 121 deletions(-) diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php index 5307814bf..42e4531f0 100644 --- a/classes/context/Context.class.php +++ b/classes/context/Context.class.php @@ -577,6 +577,7 @@ class Context if(!$db_info->time_zone) $db_info->time_zone = date('O'); $GLOBALS['_time_zone'] = $db_info->time_zone; + $GLOBALS['_time_zone_offset'] = get_time_zone_offset($db_info->time_zone); if($db_info->qmail_compatibility != 'Y') $db_info->qmail_compatibility = 'N'; diff --git a/config/func.inc.php b/config/func.inc.php index a89485fa4..b8c3b477e 100644 --- a/config/func.inc.php +++ b/config/func.inc.php @@ -122,17 +122,6 @@ function getView($module_name) return getModule($module_name, 'view'); } -/** - * Create a mobile instance of the module - * - * @param string $module_name The module name to get a mobile instance - * @return mixed Module mobile instance - */ -function &getMobile($module_name) -{ - return getModule($module_name, 'mobile'); -} - /** * Create a admin view instance of the module * @@ -177,6 +166,17 @@ function getAPI($module_name) return getModule($module_name, 'api'); } +/** + * Create a mobile instance of the module + * + * @param string $module_name The module name to get a mobile instance + * @return mixed Module mobile instance + */ +function getMobile($module_name) +{ + return getModule($module_name, 'mobile'); +} + /** * Create a wap instance of the module * @@ -257,13 +257,11 @@ function getNextSequence() */ function setUserSequence($seq) { - $arr_seq = array(); - if(isset($_SESSION['seq'])) + if(!isset($_SESSION['seq'])) { - $arr_seq = $_SESSION['seq']; + $_SESSION['seq'] = array(); } - $arr_seq[] = $seq; - $_SESSION['seq'] = $arr_seq; + $_SESSION['seq'][] = $seq; } /** @@ -274,16 +272,7 @@ function setUserSequence($seq) */ function checkUserSequence($seq) { - if(!isset($_SESSION['seq'])) - { - return false; - } - if(!in_array($seq, $_SESSION['seq'])) - { - return false; - } - - return true; + return isset($_SESSION['seq']) && in_array($seq, $_SESSION['seq']); } /** @@ -305,9 +294,13 @@ function getUrl() $args_list = func_get_args(); if($num_args) + { $url = Context::getUrl($num_args, $args_list); + } else + { $url = Context::getRequestUri(); + } return preg_replace('@\berror_return_url=[^&]*|\w+=(?:&|$)@', '', $url); } @@ -561,6 +554,20 @@ function cut_str($string, $cut_size = 0, $tail = '...') return $output; } +/** + * Get integer offset of time zone + * + * @param string $time_zone Time zone in +0900 format + * @return int + */ +function get_time_zone_offset($time_zone) +{ + $multiplier = ($time_zone[0] === '-') ? -60 : 60; + $time_zone = preg_replace('/[^0-9]/', '', $time_zone); + list($hours, $minutes) = str_split($time_zone, 2); + return (((int)$hours * 60) + (int)$minutes) * $multiplier; +} + /** * Get a time gap between server's timezone and XE's timezone * @@ -568,37 +575,9 @@ function cut_str($string, $cut_size = 0, $tail = '...') */ function zgap() { - $time_zone = $GLOBALS['_time_zone']; - if($time_zone < 0) - { - $to = -1; - } - else - { - $to = 1; - } - - $t_hour = substr($time_zone, 1, 2) * $to; - $t_min = substr($time_zone, 3, 2) * $to; - - $server_time_zone = date("O"); - if($server_time_zone < 0) - { - $so = -1; - } - else - { - $so = 1; - } - - $c_hour = substr($server_time_zone, 1, 2) * $so; - $c_min = substr($server_time_zone, 3, 2) * $so; - - $g_min = $t_min - $c_min; - $g_hour = $t_hour - $c_hour; - - $gap = $g_min * 60 + $g_hour * 60 * 60; - return $gap; + $time_zone_offset = $GLOBALS['_time_zone_offset']; + $server_offset = date('Z'); + return $time_zone_offset - $server_offset; } /** @@ -611,75 +590,23 @@ function ztime($str) { if(!$str) { - return; + return null; } - - $hour = (int) substr($str, 8, 2); - $min = (int) substr($str, 10, 2); - $sec = (int) substr($str, 12, 2); - $year = (int) substr($str, 0, 4); - $month = (int) substr($str, 4, 2); - $day = (int) substr($str, 6, 2); - if(strlen($str) <= 8) + $year = (int)substr($str, 0, 4); + $month = (int)substr($str, 4, 2) ?: 1; + $day = (int)substr($str, 6, 2) ?: 1; + if(strlen($str) >= 8) { - $gap = 0; + $hour = (int)substr($str, 8, 2); + $min = (int)substr($str, 10, 2); + $sec = (int)substr($str, 12, 2); + $offset = zgap(); } else { - $gap = zgap(); + $hour = $min = $sec = $offset = 0; } - - return mktime($hour, $min, $sec, $month ? $month : 1, $day ? $day : 1, $year) + $gap; -} - -/** - * If the recent post within a day, output format of YmdHis is "min/hours ago from now". If not within a day, it return format string. - * - * @param string $date Time value in format of YYYYMMDDHHIISS - * @param string $format If gap is within a day, returns this format. - * @return string - */ -function getTimeGap($date, $format = 'Y.m.d') -{ - $gap = $_SERVER['REQUEST_TIME'] + zgap() - ztime($date); - - $lang_time_gap = Context::getLang('time_gap'); - if($gap < 60) - { - $buff = sprintf($lang_time_gap['min'], (int) ($gap / 60) + 1); - } - elseif($gap < 60 * 60) - { - $buff = sprintf($lang_time_gap['mins'], (int) ($gap / 60) + 1); - } - elseif($gap < 60 * 60 * 2) - { - $buff = sprintf($lang_time_gap['hour'], (int) ($gap / 60 / 60) + 1); - } - elseif($gap < 60 * 60 * 24) - { - $buff = sprintf($lang_time_gap['hours'], (int) ($gap / 60 / 60) + 1); - } - else - { - $buff = zdate($date, $format); - } - - return $buff; -} - -/** - * Name of the month return - * - * @param int $month Month - * @param boot $short If set, returns short string - * @return string - */ -function getMonthName($month, $short = TRUE) -{ - $short_month = array('', 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); - $long_month = array('', 'January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December'); - return !$short ? $long_month[$month] : $short_month[$month]; + return mktime($hour, $min, $sec, $month, $day, $year) - $offset; } /** @@ -692,11 +619,11 @@ function getMonthName($month, $short = TRUE) */ function zdate($str, $format = 'Y-m-d H:i:s', $conversion = TRUE) { - // return null if no target time is specified if(!$str) { return; } + // convert the date format according to the language if($conversion == TRUE) { @@ -776,6 +703,56 @@ function zdate($str, $format = 'Y-m-d H:i:s', $conversion = TRUE) return $string; } +/** + * If the recent post within a day, output format of YmdHis is "min/hours ago from now". If not within a day, it return format string. + * + * @param string $date Time value in format of YYYYMMDDHHIISS + * @param string $format If gap is within a day, returns this format. + * @return string + */ +function getTimeGap($date, $format = 'Y.m.d') +{ + $gap = $_SERVER['REQUEST_TIME'] + zgap() - ztime($date); + + $lang_time_gap = Context::getLang('time_gap'); + if($gap < 60) + { + $buff = sprintf($lang_time_gap['min'], (int) ($gap / 60) + 1); + } + elseif($gap < 60 * 60) + { + $buff = sprintf($lang_time_gap['mins'], (int) ($gap / 60) + 1); + } + elseif($gap < 60 * 60 * 2) + { + $buff = sprintf($lang_time_gap['hour'], (int) ($gap / 60 / 60) + 1); + } + elseif($gap < 60 * 60 * 24) + { + $buff = sprintf($lang_time_gap['hours'], (int) ($gap / 60 / 60) + 1); + } + else + { + $buff = zdate($date, $format); + } + + return $buff; +} + +/** + * Name of the month return + * + * @param int $month Month + * @param boot $short If set, returns short string + * @return string + */ +function getMonthName($month, $short = TRUE) +{ + $short_month = array('', 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); + $long_month = array('', 'January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December'); + return !$short ? $long_month[$month] : $short_month[$month]; +} + /** * Returns encoded value of given email address for email scraping * From a74ed519e0322561a6614264d8b0e487babde6d7 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Fri, 8 Jan 2016 20:38:07 +0900 Subject: [PATCH 2/5] More fixes to the functions library --- config/func.inc.php | 334 +++++++++++++------------------------------- 1 file changed, 97 insertions(+), 237 deletions(-) diff --git a/config/func.inc.php b/config/func.inc.php index b8c3b477e..8cc0f2c95 100644 --- a/config/func.inc.php +++ b/config/func.inc.php @@ -228,7 +228,7 @@ function executeQueryArray($query_id, $args = NULL, $arg_columns = NULL) { $oDB = DB::getInstance(); $output = $oDB->executeQuery($query_id, $args, $arg_columns); - if(!is_array($output->data) && count($output->data) > 0) + if(isset($output->data) && !is_array($output->data) && count($output->data) > 0) { $output->data = array($output->data); } @@ -530,7 +530,7 @@ function cut_str($string, $cut_size = 0, $tail = '...') $char_count++; if($c < 128) { - $char_width += (int) $chars[$c - 32]; + $char_width += (int)($chars[$c - 32]); $idx++; } else if(191 < $c && $c < 224) @@ -606,7 +606,7 @@ function ztime($str) { $hour = $min = $sec = $offset = 0; } - return mktime($hour, $min, $sec, $month, $day, $year) - $offset; + return mktime($hour, $min, $sec, $month, $day, $year) + $offset; } /** @@ -621,85 +621,57 @@ function zdate($str, $format = 'Y-m-d H:i:s', $conversion = TRUE) { if(!$str) { - return; + return null; } // convert the date format according to the language if($conversion == TRUE) { - switch(Context::getLangType()) + static $convtable = array( + 'en' => array( + 'Y-m-d' => 'M j, Y', + 'Y-m-d H:i:s' => 'M j, Y H:i:s', + 'Y-m-d H:i' => 'M j, Y H:i', + ), + 'es' => array( + 'Y-m-d' => 'j M Y', + 'Y-m-d H:i:s' => 'j M Y H:i:s', + 'Y-m-d H:i' => 'j M Y H:i', + ), + 'de' => 'es', + 'fr' => 'es', + 'vi' => array( + 'Y-m-d' => 'd-m-Y', + 'Y-m-d H:i:s' => 'H:i:s d-m-Y', + 'Y-m-d H:i' => 'H:i d-m-Y', + ), + ); + + $lang_type = Context::getLangType(); + if(isset($convtable[$lang_type])) { - case 'en' : - case 'es' : - if($format == 'Y-m-d') - { - $format = 'M d, Y'; - } - elseif($format == 'Y-m-d H:i:s') - { - $format = 'M d, Y H:i:s'; - } - elseif($format == 'Y-m-d H:i') - { - $format = 'M d, Y H:i'; - } - break; - case 'vi' : - if($format == 'Y-m-d') - { - $format = 'd-m-Y'; - } - elseif($format == 'Y-m-d H:i:s') - { - $format = 'H:i:s d-m-Y'; - } - elseif($format == 'Y-m-d H:i') - { - $format = 'H:i d-m-Y'; - } - break; + if(isset($convtable[$lang_type][$format])) + { + $format = $convtable[$lang_type][$format]; + } + elseif(isset($convtable[$convtable[$lang_type]][$format])) + { + $format = $convtable[$convtable[$lang_type]][$format]; + } } } - - // If year value is less than 1970, handle it separately. - if((int) substr($str, 0, 4) < 1970) - { - $hour = (int) substr($str, 8, 2); - $min = (int) substr($str, 10, 2); - $sec = (int) substr($str, 12, 2); - $year = (int) substr($str, 0, 4); - $month = (int) substr($str, 4, 2); - $day = (int) substr($str, 6, 2); - - $trans = array( - 'Y' => $year, - 'y' => sprintf('%02d', $year % 100), - 'm' => sprintf('%02d', $month), - 'n' => $month, - 'd' => sprintf('%02d', $day), - 'j' => $day, - 'G' => $hour, - 'H' => sprintf('%02d', $hour), - 'g' => $hour % 12, - 'h' => sprintf('%02d', $hour % 12), - 'i' => sprintf('%02d', $min), - 's' => sprintf('%02d', $sec), - 'M' => getMonthName($month), - 'F' => getMonthName($month, FALSE) - ); - - $string = strtr($format, $trans); - } - else - { - // if year value is greater than 1970, get unixtime by using ztime() for date() function's argument. - $string = date($format, ztime($str)); - } + + // get unixtime by using ztime() for date() function's argument. + $string = date($format, ztime($str)); + // change day and am/pm for each language - $unit_week = Context::getLang('unit_week'); - $unit_meridiem = Context::getLang('unit_meridiem'); - $string = str_replace(array('Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday', 'Sunday'), $unit_week, $string); - $string = str_replace(array('am', 'pm', 'AM', 'PM'), $unit_meridiem, $string); + if(preg_match('/[MFAa]/', $format)) + { + $unit_week = Context::getLang('unit_week'); + $unit_meridiem = Context::getLang('unit_meridiem'); + $string = str_replace(array('Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday', 'Sunday'), $unit_week, $string); + $string = str_replace(array('am', 'pm', 'AM', 'PM'), $unit_meridiem, $string); + } return $string; } @@ -717,19 +689,19 @@ function getTimeGap($date, $format = 'Y.m.d') $lang_time_gap = Context::getLang('time_gap'); if($gap < 60) { - $buff = sprintf($lang_time_gap['min'], (int) ($gap / 60) + 1); + $buff = sprintf($lang_time_gap['min'], (int)($gap / 60) + 1); } elseif($gap < 60 * 60) { - $buff = sprintf($lang_time_gap['mins'], (int) ($gap / 60) + 1); + $buff = sprintf($lang_time_gap['mins'], (int)($gap / 60) + 1); } elseif($gap < 60 * 60 * 2) { - $buff = sprintf($lang_time_gap['hour'], (int) ($gap / 60 / 60) + 1); + $buff = sprintf($lang_time_gap['hour'], (int)($gap / 60 / 60) + 1); } elseif($gap < 60 * 60 * 24) { - $buff = sprintf($lang_time_gap['hours'], (int) ($gap / 60 / 60) + 1); + $buff = sprintf($lang_time_gap['hours'], (int)($gap / 60 / 60) + 1); } else { @@ -748,9 +720,9 @@ function getTimeGap($date, $format = 'Y.m.d') */ function getMonthName($month, $short = TRUE) { - $short_month = array('', 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); - $long_month = array('', 'January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December'); - return !$short ? $long_month[$month] : $short_month[$month]; + $short_month = array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); + $long_month = array('January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December'); + return $short ? $short_month[$month - 1] : $long_month[$month - 1]; } /** @@ -962,50 +934,32 @@ function getMicroTime() */ function delObjectVars($target_obj, $del_obj) { - if(!is_object($target_obj)) + if(!is_object($target_obj) || !is_object($del_obj)) { - return; + return new stdClass; } - if(!is_object($del_obj)) - { - return; - } - $target_vars = get_object_vars($target_obj); $del_vars = get_object_vars($del_obj); - - $target = array_keys($target_vars); - $del = array_keys($del_vars); - if(!count($target) || !count($del)) + foreach($del_vars as $key => $val) { - return $target_obj; + unset($target_vars[$key]); } - - $return_obj = new stdClass(); - - $target_count = count($target); - for($i = 0; $i < $target_count; $i++) - { - $target_key = $target[$i]; - if(!in_array($target_key, $del)) - { - $return_obj->{$target_key} = $target_obj->{$target_key}; - } - } - - return $return_obj; + return (object)$target_vars; } -function getDestroyXeVars(&$vars) +function getDestroyXeVars($vars) { - $del_vars = array('error_return_url', 'success_return_url', 'ruleset', 'xe_validator_id'); - - foreach($del_vars as $var) + foreach(array('error_return_url', 'success_return_url', 'ruleset', 'xe_validator_id') as $var) { - if(is_array($vars)) unset($vars[$var]); - else if(is_object($vars)) unset($vars->$var); + if(is_array($vars)) + { + unset($vars[$var]); + } + elseif(is_object($vars)) + { + unset($vars->$var); + } } - return $vars; } @@ -1048,7 +1002,7 @@ function getNumberingPath($no, $size = 3) $output = sprintf('%0' . $size . 'd/', $no % $mod); if($no >= $mod) { - $output .= getNumberingPath((int) $no / $mod, $size); + $output .= getNumberingPath((int)$no / $mod, $size); } return $output; } @@ -1066,7 +1020,6 @@ function url_decode($str) function purifierHtml(&$content) { - require_once(_XE_PATH_ . 'classes/security/Purifier.class.php'); $oPurifier = Purifier::getInstance(); $oPurifier->purify($content); } @@ -1079,7 +1032,6 @@ function purifierHtml(&$content) */ function removeHackTag($content) { - require_once(_XE_PATH_ . 'classes/security/EmbedFilter.class.php'); $oEmbedFilter = EmbedFilter::getInstance(); $oEmbedFilter->check($content); @@ -1121,7 +1073,6 @@ function blockWidgetCode($content) */ function checkUploadedFile($file) { - require_once(_XE_PATH_ . 'classes/security/UploadFileFilter.class.php'); return UploadFileFilter::check($file); } @@ -1253,7 +1204,6 @@ function removeSrcHack($match) // convert hexa value to RGB if(!function_exists('hexrgb')) { - /** * Convert hexa value to RGB * @@ -1263,10 +1213,11 @@ if(!function_exists('hexrgb')) function hexrgb($hexstr) { $int = hexdec($hexstr); - - return array('red' => 0xFF & ($int >> 0x10), - 'green' => 0xFF & ($int >> 0x8), - 'blue' => 0xFF & $int); + return array( + 'red' => 0xFF & ($int >> 16), + 'green' => 0xFF & ($int >> 8), + 'blue' => 0xFF & $int + ); } } @@ -1392,23 +1343,7 @@ function utf8RawUrlDecode($source) */ function _code2utf($num) { - if($num < 128) - { - return chr($num); - } - if($num < 2048) - { - return chr(($num >> 6) + 192) . chr(($num & 63) + 128); - } - if($num < 65536) - { - return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128); - } - if($num < 2097152) - { - return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128); - } - return ''; + return html_entity_decode('&#' . $num . ';'); } /** @@ -1425,21 +1360,17 @@ function detectUTF8($string, $return_convert = FALSE, $urldecode = TRUE) { $string = urldecode($string); } - - $sample = iconv('utf-8', 'utf-8', $string); - $is_utf8 = (md5($sample) == md5($string)); - - if(!$urldecode) + + if(function_exists('mb_check_encoding')) { - $string = urldecode($string); + $is_utf8 = mb_check_encoding($string, 'UTF-8'); + return $return_convert ? mb_convert_encoding($string, 'UTF-8', 'CP949') : $is_utf8; } - - if($return_convert) + else { - return ($is_utf8) ? $string : iconv('euc-kr', 'utf-8', $string); + $is_utf8 = ($string === @iconv('UTF-8', 'UTF-8', $string)); + return $return_convert ? iconv('CP949', 'UTF-8', $string) : $is_utf8; } - - return $is_utf8; } /** @@ -1450,39 +1381,7 @@ function detectUTF8($string, $return_convert = FALSE, $urldecode = TRUE) */ function json_encode2($data) { - switch(gettype($data)) - { - case 'boolean': - return $data ? 'true' : 'false'; - case 'integer': - case 'double': - return $data; - case 'string': - return '"' . strtr($data, array('\\' => '\\\\', '"' => '\\"')) . '"'; - case 'object': - $data = get_object_vars($data); - case 'array': - $rel = FALSE; // relative array? - $key = array_keys($data); - foreach($key as $v) - { - if(!is_int($v)) - { - $rel = TRUE; - break; - } - } - - $arr = array(); - foreach($data as $k => $v) - { - $arr[] = ($rel ? '"' . strtr($k, array('\\' => '\\\\', '"' => '\\"')) . '":' : '') . json_encode2($v); - } - - return $rel ? '{' . join(',', $arr) . '}' : '[' . join(',', $arr) . ']'; - default: - return '""'; - } + return json_encode($data); } /** @@ -1493,25 +1392,8 @@ function json_encode2($data) */ function isCrawler($agent = NULL) { - if(!$agent) - { - $agent = $_SERVER['HTTP_USER_AGENT']; - } - - $check_agent = array('bot', 'spider', 'spyder', 'crawl', 'http://', 'google', 'yahoo', 'slurp', 'yeti', 'daum', 'teoma', 'fish', 'hanrss', 'facebook', 'yandex', 'infoseek', 'askjeeves', 'stackrambler'); - $check_ip = array( - /*'211.245.21.110-211.245.21.119' mixsh is closed */ - ); - - foreach($check_agent as $str) - { - if(stristr($agent, $str) != FALSE) - { - return TRUE; - } - } - - return IpFilter::filter($check_ip); + $agent = $agent ?: $_SERVER['HTTP_USER_AGENT']; + return (bool)preg_match('@bot|crawl|sp[iy]der|https?://|google|yahoo|slurp|yeti|daum|teoma|fish|hanrss|facebook|yandex|infoseek|askjeeves|stackrambler@i', $agent); } /** @@ -1558,16 +1440,14 @@ function stripEmbedTagForAdmin(&$content, $writer_member_srl) */ function requirePear() { - if(version_compare(PHP_VERSION, "5.3.0") < 0) - { - set_include_path(_XE_PATH_ . "libs/PEAR" . PATH_SEPARATOR . get_include_path()); - } - else - { - set_include_path(_XE_PATH_ . "libs/PEAR.1.9.5" . PATH_SEPARATOR . get_include_path()); - } + set_include_path(_XE_PATH_ . "libs/PEAR.1.9.5" . PATH_SEPARATOR . get_include_path()); } +/** + * Check for CSRF attacks + * + * @return bool + */ function checkCSRF() { if($_SERVER['REQUEST_METHOD'] != 'POST') @@ -1659,12 +1539,7 @@ function changeValueInUrl($key, $requestKey, $dbKey, $urlName = 'success_return_ */ function htmlHeader() { - echo ' - - - - -'; + echo implode("\n", array('', '', '', '', '', '', '')); } /** @@ -1674,7 +1549,7 @@ function htmlHeader() */ function htmlFooter() { - echo ''; + echo implode("\n", array('', '', '', '')); } /** @@ -1685,16 +1560,10 @@ function htmlFooter() */ function alertScript($msg) { - if(!$msg) + if($msg) { - return; + echo sprintf('', json_encode(@strval($msg))); } - - echo ''; } /** @@ -1704,11 +1573,7 @@ alert("' . $msg . '"); */ function closePopupScript() { - echo ''; + echo ''; } /** @@ -1719,13 +1584,8 @@ window.close(); */ function reload($isOpener = FALSE) { - $reloadScript = $isOpener ? 'window.opener.location.reload()' : 'document.location.reload()'; - - echo ''; + $reloadScript = $isOpener ? 'window.opener.location.reload();' : 'window.location.reload();'; + echo sprintf('', $raloadScript); } /* End of file func.inc.php */ From 6c5f9aadd1b4df3ec083c232638b6526e83e4263 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Fri, 8 Jan 2016 20:38:35 +0900 Subject: [PATCH 3/5] Don't use home-made JSON encoder in display handlers --- classes/display/JSCallbackDisplayHandler.php | 4 +--- classes/display/JSONDisplayHandler.php | 3 +-- classes/template/TemplateHandler.class.php | 4 ++-- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/classes/display/JSCallbackDisplayHandler.php b/classes/display/JSCallbackDisplayHandler.php index 314a205b2..2926a5066 100644 --- a/classes/display/JSCallbackDisplayHandler.php +++ b/classes/display/JSCallbackDisplayHandler.php @@ -14,14 +14,12 @@ class JSCallbackDisplayHandler $variables = $oModule->getVariables(); $variables['error'] = $oModule->getError(); $variables['message'] = $oModule->getMessage(); - $json = str_replace(array("\r\n", "\n", "\t"), array('\n', '\n', '\t'), json_encode2($variables)); return sprintf('', Context::getJSCallbackFunc(), $json); +', Context::getJSCallbackFunc(), json_encode($variables)); } - } /* End of file JSCallback.class.php */ /* Location: ./classes/display/JSCallback.class.php */ diff --git a/classes/display/JSONDisplayHandler.php b/classes/display/JSONDisplayHandler.php index 4befddc58..7ed3bf2fd 100644 --- a/classes/display/JSONDisplayHandler.php +++ b/classes/display/JSONDisplayHandler.php @@ -14,8 +14,7 @@ class JSONDisplayHandler $variables = $oModule->getVariables(); $variables['error'] = $oModule->getError(); $variables['message'] = $oModule->getMessage(); - $json = str_replace(array("\r\n", "\n", "\t"), array('\n', '\n', '\t'), json_encode2($variables)); - return $json; + return json_encode($variables); } } diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index 515713c9e..6eb65d6d7 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -73,11 +73,11 @@ class TemplateHandler protected function init($tpl_path, $tpl_filename, $tpl_file = '') { // verify arguments - if(substr($tpl_path, -1) != '/') + if(!$tpl_path || substr($tpl_path, -1) != '/') { $tpl_path .= '/'; } - if(!is_dir($tpl_path)) + if($tpl_path === '/' || !is_dir($tpl_path)) { return; } From c37ae01923db35996e5fafcac0f897b9d28f2c53 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Fri, 8 Jan 2016 20:57:48 +0900 Subject: [PATCH 4/5] Additional optimization of the functions library --- config/func.inc.php | 92 ++++++++++++++++++++++++--------------------- 1 file changed, 50 insertions(+), 42 deletions(-) diff --git a/config/func.inc.php b/config/func.inc.php index 8cc0f2c95..33b5b923d 100644 --- a/config/func.inc.php +++ b/config/func.inc.php @@ -1015,7 +1015,7 @@ function getNumberingPath($no, $size = 3) */ function url_decode($str) { - return preg_replace('/%u([[:alnum:]]{4})/', '&#x\\1;', $str); + return htmlspecialchars(utf8RawUrlDecode($str), null, 'UTF-8'); } function purifierHtml(&$content) @@ -1210,16 +1210,55 @@ if(!function_exists('hexrgb')) * @param string $hexstr * @return array */ - function hexrgb($hexstr) + function hexrgb($hex) { - $int = hexdec($hexstr); - return array( - 'red' => 0xFF & ($int >> 16), - 'green' => 0xFF & ($int >> 8), - 'blue' => 0xFF & $int - ); + $hex = ltrim($hex, '#'); + if(strlen($hex) == 3) + { + $r = hexdec(substr($hex, 0, 1) . substr($hex, 0, 1)); + $g = hexdec(substr($hex, 1, 1) . substr($hex, 1, 1)); + $b = hexdec(substr($hex, 2, 1) . substr($hex, 2, 1)); + } + elseif(strlen($hex) == 6) + { + $r = hexdec(substr($hex, 0, 2)); + $g = hexdec(substr($hex, 2, 2)); + $b = hexdec(substr($hex, 4, 2)); + } + else + { + $r = $g = $b = null; + } + return array('red' => $r, 'green' => $g, 'blue' => $b, 'r' => $r, 'g' => $g, 'b' => $b); } +} +// convert RGB value to hexa +if(!function_exists('rgbhex')) +{ + /** + * convert RGB value to hexa + * + * @param array $rgb + * @param bool $hash_prefix + * @return string + */ + function rgbhex(array $rgb, $hash_prefix = true) + { + if(!isset($rgb['r']) && !isset($rgb['g']) && !isset($rgb['b']) && count($rgb) >= 3) + { + list($rgb['r'], $rgb['g'], $rgb['b']) = $rgb; + } + if(!isset($rgb['r']) || !isset($rgb['g']) || !isset($rgb['b']) || $rgb['r'] > 255 || $rgb['g'] > 255 || $rgb['b'] > 255) + { + return '#000000'; + } + $hex = $hash_prefix ? '#' : ''; + $hex .= str_pad(dechex(max(0, $rgb['r'])), 2, '0', STR_PAD_LEFT); + $hex .= str_pad(dechex(max(0, $rgb['g'])), 2, '0', STR_PAD_LEFT); + $hex .= str_pad(dechex(max(0, $rgb['b'])), 2, '0', STR_PAD_LEFT); + return $hex; + } } /** @@ -1299,40 +1338,9 @@ function getRequestUriByServerEnviroment() */ function utf8RawUrlDecode($source) { - $decodedStr = ''; - $pos = 0; - $len = strlen($source); - while($pos < $len) - { - $charAt = substr($source, $pos, 1); - if($charAt == '%') - { - $pos++; - $charAt = substr($source, $pos, 1); - if($charAt == 'u') - { - // we got a unicode character - $pos++; - $unicodeHexVal = substr($source, $pos, 4); - $unicode = hexdec($unicodeHexVal); - $decodedStr .= _code2utf($unicode); - $pos += 4; - } - else - { - // we have an escaped ascii character - $hexVal = substr($source, $pos, 2); - $decodedStr .= chr(hexdec($hexVal)); - $pos += 2; - } - } - else - { - $decodedStr .= $charAt; - $pos++; - } - } - return $decodedStr; + return preg_replace_callback('/%u([0-9a-f]+)/i', function($m) { + return html_entity_decode('&#x' . $m[1] . ';'); + }, rawurldecode($source)); } /** From 7d5c37f1f96290837697710051d140b45af58152 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 9 Jan 2016 13:15:38 +0900 Subject: [PATCH 5/5] Remove unnecessary script type attribute --- config/func.inc.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/func.inc.php b/config/func.inc.php index 33b5b923d..89a3a8e25 100644 --- a/config/func.inc.php +++ b/config/func.inc.php @@ -1570,7 +1570,7 @@ function alertScript($msg) { if($msg) { - echo sprintf('', json_encode(@strval($msg))); + echo sprintf('', json_encode(@strval($msg))); } } @@ -1581,7 +1581,7 @@ function alertScript($msg) */ function closePopupScript() { - echo ''; + echo ''; } /** @@ -1593,7 +1593,7 @@ function closePopupScript() function reload($isOpener = FALSE) { $reloadScript = $isOpener ? 'window.opener.location.reload();' : 'window.location.reload();'; - echo sprintf('', $raloadScript); + echo sprintf('', $raloadScript); } /* End of file func.inc.php */