| [ Index ] |
PHP Cross Reference of vtigercrm-6.1.0 |
[Summary view] [Print] [Text view]
1 <?php 2 /*+*********************************************************************************** 3 * The contents of this file are subject to the vtiger CRM Public License Version 1.0 4 * ("License"); You may not use this file except in compliance with the License 5 * The Original Code is: vtiger CRM Open Source 6 * The Initial Developer of the Original Code is vtiger. 7 * Portions created by vtiger are Copyright (C) vtiger. 8 * All Rights Reserved. 9 ************************************************************************************/ 10 include_once ('config.inc.php'); 11 include_once ('include/utils/utils.php'); 12 13 /** 14 * Provides few utility functions 15 * @package vtlib 16 */ 17 class Vtiger_Utils { 18 protected static $logFileName = 'vtigermodule.log'; 19 20 /** 21 * Check if given value is a number or not 22 * @param mixed String or Integer 23 */ 24 static function isNumber($value) { 25 return is_numeric($value)? intval($value) == $value : false; 26 } 27 28 /** 29 * Implode the prefix and suffix as string for given number of times 30 * @param String prefix to use 31 * @param Integer Number of times 32 * @param String suffix to use (optional) 33 */ 34 static function implodestr($prefix, $count, $suffix=false) { 35 $strvalue = ''; 36 for($index = 0; $index < $count; ++$index) { 37 $strvalue .= $prefix; 38 if($suffix && $index != ($count-1)) { 39 $strvalue .= $suffix; 40 } 41 } 42 return $strvalue; 43 } 44 45 /** 46 * Function to check the file access is made within web root directory as well as is safe for php inclusion 47 * @param String File path to check 48 * @param Boolean False to avoid die() if check fails 49 */ 50 static function checkFileAccessForInclusion($filepath, $dieOnFail=true) { 51 global $root_directory; 52 // Set the base directory to compare with 53 $use_root_directory = $root_directory; 54 if(empty($use_root_directory)) { 55 $use_root_directory = realpath(dirname(__FILE__).'/../../.'); 56 } 57 58 $unsafeDirectories = array('storage', 'cache', 'test'); 59 60 $realfilepath = realpath($filepath); 61 62 /** Replace all \\ with \ first */ 63 $realfilepath = str_replace('\\\\', '\\', $realfilepath); 64 $rootdirpath = str_replace('\\\\', '\\', $use_root_directory); 65 66 /** Replace all \ with / now */ 67 $realfilepath = str_replace('\\', '/', $realfilepath); 68 $rootdirpath = str_replace('\\', '/', $rootdirpath); 69 70 $relativeFilePath = str_replace($rootdirpath, '', $realfilepath); 71 $filePathParts = explode('/', $relativeFilePath); 72 73 if(stripos($realfilepath, $rootdirpath) !== 0 || in_array($filePathParts[0], $unsafeDirectories)) { 74 if($dieOnFail) { 75 die("Sorry! Attempt to access restricted file."); 76 } 77 return false; 78 } 79 return true; 80 } 81 82 /** 83 * Function to check the file access is made within web root directory. 84 * @param String File path to check 85 * @param Boolean False to avoid die() if check fails 86 */ 87 static function checkFileAccess($filepath, $dieOnFail=true) { 88 global $root_directory; 89 90 // Set the base directory to compare with 91 $use_root_directory = $root_directory; 92 if(empty($use_root_directory)) { 93 $use_root_directory = realpath(dirname(__FILE__).'/../../.'); 94 } 95 96 $realfilepath = realpath($filepath); 97 98 /** Replace all \\ with \ first */ 99 $realfilepath = str_replace('\\\\', '\\', $realfilepath); 100 $rootdirpath = str_replace('\\\\', '\\', $use_root_directory); 101 102 /** Replace all \ with / now */ 103 $realfilepath = str_replace('\\', '/', $realfilepath); 104 $rootdirpath = str_replace('\\', '/', $rootdirpath); 105 106 if(stripos($realfilepath, $rootdirpath) !== 0) { 107 if($dieOnFail) { 108 die("Sorry! Attempt to access restricted file."); 109 } 110 return false; 111 } 112 return true; 113 } 114 115 /** 116 * Log the debug message 117 * @param String Log message 118 * @param Boolean true to append end-of-line, false otherwise 119 */ 120 static function Log($message, $delimit=true) { 121 global $Vtiger_Utils_Log, $log; 122 123 $log->debug($message); 124 if(!isset($Vtiger_Utils_Log) || $Vtiger_Utils_Log == false) return; 125 126 print_r($message); 127 if($delimit) { 128 if(isset($_REQUEST)) echo "<BR>"; 129 else echo "\n"; 130 } 131 } 132 133 /** 134 * Escape the string to avoid SQL Injection attacks. 135 * @param String Sql statement string 136 */ 137 static function SQLEscape($value) { 138 if($value == null) return $value; 139 global $adb; 140 return $adb->sql_escape_string($value); 141 } 142 143 /** 144 * Check if table is present in database 145 * @param String tablename to check 146 */ 147 static function CheckTable($tablename) { 148 global $adb; 149 $old_dieOnError = $adb->dieOnError; 150 $adb->dieOnError = false; 151 152 $tablename = Vtiger_Utils::SQLEscape($tablename); 153 $tablecheck = $adb->pquery("SHOW TABLES LIKE ?", array($tablename)); 154 155 $tablePresent = true; 156 if(empty($tablecheck) || $adb->num_rows($tablecheck) === 0) 157 $tablePresent = false; 158 159 $adb->dieOnError = $old_dieOnError; 160 return $tablePresent; 161 } 162 163 /** 164 * Create table (supressing failure) 165 * @param String tablename to create 166 * @param String table creation criteria like '(columnname columntype, ....)' 167 * @param String Optional suffix to add during table creation 168 * <br> 169 * will be appended to CREATE TABLE $tablename SQL 170 */ 171 static function CreateTable($tablename, $criteria, $suffixTableMeta=false) { 172 global $adb; 173 174 $org_dieOnError = $adb->dieOnError; 175 $adb->dieOnError = false; 176 $sql = "CREATE TABLE " . $tablename . $criteria; 177 if($suffixTableMeta !== false) { 178 if($suffixTableMeta === true) { 179 if($adb->isMySQL()) { 180 $suffixTableMeta = ' ENGINE=InnoDB DEFAULT CHARSET=utf8'; 181 } else { 182 // TODO Handle other database types. 183 } 184 } 185 $sql .= $suffixTableMeta; 186 } 187 $adb->pquery($sql, array()); 188 $adb->dieOnError = $org_dieOnError; 189 } 190 191 /** 192 * Alter existing table 193 * @param String tablename to alter 194 * @param String alter criteria like ' ADD columnname columntype' <br> 195 * will be appended to ALTER TABLE $tablename SQL 196 */ 197 static function AlterTable($tablename, $criteria) { 198 global $adb; 199 $adb->query("ALTER TABLE " . $tablename . $criteria); 200 } 201 202 /** 203 * Add column to existing table 204 * @param String tablename to alter 205 * @param String columnname to add 206 * @param String columntype (criteria like 'VARCHAR(100)') 207 */ 208 static function AddColumn($tablename, $columnname, $criteria) { 209 global $adb; 210 if(!in_array($columnname, $adb->getColumnNames($tablename))) { 211 self::AlterTable($tablename, " ADD COLUMN $columnname $criteria"); 212 } 213 } 214 215 /** 216 * Get SQL query 217 * @param String SQL query statement 218 */ 219 static function ExecuteQuery($sqlquery, $supressdie=false) { 220 global $adb; 221 $old_dieOnError = $adb->dieOnError; 222 223 if($supressdie) $adb->dieOnError = false; 224 225 $adb->pquery($sqlquery, array()); 226 227 $adb->dieOnError = $old_dieOnError; 228 } 229 230 /** 231 * Get CREATE SQL for given table 232 * @param String tablename for which CREATE SQL is requried 233 */ 234 static function CreateTableSql($tablename) { 235 global $adb; 236 237 $create_table = $adb->pquery("SHOW CREATE TABLE $tablename", array()); 238 $sql = decode_html($adb->query_result($create_table, 0, 1)); 239 return $sql; 240 } 241 242 /** 243 * Check if the given SQL is a CREATE statement 244 * @param String SQL String 245 */ 246 static function IsCreateSql($sql) { 247 if(preg_match('/(CREATE TABLE)/', strtoupper($sql))) { 248 return true; 249 } 250 return false; 251 } 252 253 /** 254 * Check if the given SQL is destructive (DELETE's DATA) 255 * @param String SQL String 256 */ 257 static function IsDestructiveSql($sql) { 258 if(preg_match('/(DROP TABLE)|(DROP COLUMN)|(DELETE FROM)/', 259 strtoupper($sql))) { 260 return true; 261 } 262 return false; 263 } 264 265 /** 266 * funtion to log the exception messge to module.log file 267 * @global type $site_URL 268 * @param <string> $module name of the log file and It should be a alphanumeric string 269 * @param <Exception>/<string> $exception Massage show in the log ,It should be a string or Exception object 270 * @param <array> $extra extra massages need to be displayed 271 * @param <boolean> $backtrace flag to enable or disable backtrace in log 272 * @param <boolean> $request flag to enable or disable request in log 273 */ 274 static function ModuleLog($module, $mixed, $extra = array()) { 275 if (ALLOW_MODULE_LOGGING) { 276 global $site_URL; 277 $date = date('Y-m-d H:i:s'); 278 $log = array($site_URL,$module, $date); 279 if ($mixed instanceof Exception) { 280 array_push($log, $mixed->getMessage()); 281 array_push($log, $mixed->getTraceAsString()); 282 } else { 283 array_push($log, $mixed); 284 array_push($log, ""); 285 } 286 if (isset($_REQUEST)) { 287 array_push($log, json_encode($_REQUEST)); 288 } else { 289 array_push($log, ""); 290 }; 291 292 if ($extra) { 293 if (is_array($extra)) 294 $extra = json_encode($extra); 295 array_push($log, $extra); 296 } else { 297 array_push($log, ""); 298 } 299 $fileName =self::$logFileName; 300 $fp = fopen("logs/$fileName", 'a+'); 301 fputcsv($fp, $log); 302 fclose($fp); 303 } 304 } 305 } 306 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Fri Nov 28 20:08:37 2014 | Cross-referenced by PHPXref 0.7.1 |