diff options
| author | Greg Roach <fisharebest@gmail.com> | 2015-01-28 11:01:22 +0000 |
|---|---|---|
| committer | Greg Roach <fisharebest@gmail.com> | 2015-01-28 11:02:44 +0000 |
| commit | 0f70b9be1c1baf38659b9c7b919621ac363777ab (patch) | |
| tree | d91308b22613a6963a3cc46ea85a56baa66ca3f1 /includes | |
| parent | e0d050c57b008e0b7552a5d89593b28b8fb7a355 (diff) | |
| download | webtrees-0f70b9be1c1baf38659b9c7b919621ac363777ab.tar.gz webtrees-0f70b9be1c1baf38659b9c7b919621ac363777ab.tar.bz2 webtrees-0f70b9be1c1baf38659b9c7b919621ac363777ab.zip | |
Use PHP function to set HTTP status
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/hitcount.php | 2 | ||||
| -rw-r--r-- | includes/php_53_compatibility.php | 193 | ||||
| -rw-r--r-- | includes/reportheader.php | 2 | ||||
| -rw-r--r-- | includes/session.php | 64 | ||||
| -rw-r--r-- | includes/specialchars.php | 2 |
5 files changed, 202 insertions, 61 deletions
diff --git a/includes/hitcount.php b/includes/hitcount.php index 597f6aaa24..81eee433ca 100644 --- a/includes/hitcount.php +++ b/includes/hitcount.php @@ -24,7 +24,7 @@ use WT\Auth; if (!defined('WT_WEBTREES')) { - header('HTTP/1.0 403 Forbidden'); + http_response_code(403); exit; } diff --git a/includes/php_53_compatibility.php b/includes/php_53_compatibility.php new file mode 100644 index 0000000000..b4abc6ebea --- /dev/null +++ b/includes/php_53_compatibility.php @@ -0,0 +1,193 @@ +<?php + +// http://php.net/manual/en/security.magicquotes.disabling.php +if (get_magic_quotes_gpc()) { + $_process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); + while (list($key, $val) = each($_process)) { + foreach ($val as $k => $v) { + unset($_process[$key][$k]); + if (is_array($v)) { + $_process[$key][stripslashes($k)] = $v; + $_process[] = &$_process[$key][stripslashes($k)]; + } else { + $_process[$key][stripslashes($k)] = stripslashes($v); + } + } + } + unset($_process); +} + +//////////////////////////////////////////////////////////////////////////////// +// The ircmaxell/password-compat library does not support unpatched versions of +// PHP older than PHP5.3.6. These versions of PHP have no secure crypt library. +//////////////////////////////////////////////////////////////////////////////// +$hash = '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG'; +if (!defined('PASSWORD_BCRYPT') && crypt("password", $hash) !== $hash) { + define('PASSWORD_BCRYPT', 1); + define('PASSWORD_DEFAULT', 1); + /** + * @param string $password + * @param integer $algo + * + * @return string + */ + function password_hash($password, $algo) { + return crypt($password); + } + + /** + * @param string $hash + * @param integer $algo + * + * @return boolean + */ + function password_needs_rehash($hash, $algo) { + return false; + } + + /** + * @param string $password + * @param integer $hash + * + * @return boolean + */ + function password_verify($password, $hash) { + return crypt($password, $hash) === $hash; + } +} + +/** + * This function was added to PHP in 5.4 + * + * @param string|null $code + * + * @link https://php.net/http_response_code + * @return int|null + */ +function http_response_code($code = null) { + if ($code !== null) { + switch ($code) { + case 100: + $text = 'Continue'; + break; + case 101: + $text = 'Switching Protocols'; + break; + case 200: + $text = 'OK'; + break; + case 201: + $text = 'Created'; + break; + case 202: + $text = 'Accepted'; + break; + case 203: + $text = 'Non-Authoritative Information'; + break; + case 204: + $text = 'No Content'; + break; + case 205: + $text = 'Reset Content'; + break; + case 206: + $text = 'Partial Content'; + break; + case 300: + $text = 'Multiple Choices'; + break; + case 301: + $text = 'Moved Permanently'; + break; + case 302: + $text = 'Moved Temporarily'; + break; + case 303: + $text = 'See Other'; + break; + case 304: + $text = 'Not Modified'; + break; + case 305: + $text = 'Use Proxy'; + break; + case 400: + $text = 'Bad Request'; + break; + case 401: + $text = 'Unauthorized'; + break; + case 402: + $text = 'Payment Required'; + break; + case 403: + $text = 'Forbidden'; + break; + case 404: + $text = 'Not Found'; + break; + case 405: + $text = 'Method Not Allowed'; + break; + case 406: + $text = 'Not Acceptable'; + break; + case 407: + $text = 'Proxy Authentication Required'; + break; + case 408: + $text = 'Request Time-out'; + break; + case 409: + $text = 'Conflict'; + break; + case 410: + $text = 'Gone'; + break; + case 411: + $text = 'Length Required'; + break; + case 412: + $text = 'Precondition Failed'; + break; + case 413: + $text = 'Request Entity Too Large'; + break; + case 414: + $text = 'Request-URI Too Large'; + break; + case 415: + $text = 'Unsupported Media Type'; + break; + case 500: + $text = 'Internal Server Error'; + break; + case 501: + $text = 'Not Implemented'; + break; + case 502: + $text = 'Bad Gateway'; + break; + case 503: + $text = 'Service Unavailable'; + break; + case 504: + $text = 'Gateway Time-out'; + break; + case 505: + $text = 'HTTP Version not supported'; + break; + default: + exit('Unknown http status code "' . htmlentities($code) . '"'); + break; + } + $protocol = (isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0'); + header($protocol . ' ' . $code . ' ' . $text); + $GLOBALS['http_response_code'] = $code; + } else { + $code = (isset($GLOBALS['http_response_code']) ? $GLOBALS['http_response_code'] : 200); + } + + return $code; +} diff --git a/includes/reportheader.php b/includes/reportheader.php index 761d36364e..8cea77e55e 100644 --- a/includes/reportheader.php +++ b/includes/reportheader.php @@ -23,7 +23,7 @@ // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA if (!defined('WT_WEBTREES')) { - header('HTTP/1.0 403 Forbidden'); + http_response_code(403); exit; } diff --git a/includes/session.php b/includes/session.php index 008cc14533..29a3f56c11 100644 --- a/includes/session.php +++ b/includes/session.php @@ -27,7 +27,7 @@ use WT\Theme; // WT_SCRIPT_NAME is defined in each script that the user is permitted to load. if (!defined('WT_SCRIPT_NAME')) { - header('HTTP/1.0 403 Forbidden'); + http_response_code(403); exit; } @@ -161,61 +161,9 @@ if (strpos(ini_get('disable_functions'), 'ini_set') === false) { ini_set('display_errors', 'on'); } -// PHP5.3 may be using magic-quotes :-( -if (version_compare(PHP_VERSION, '5.4', '<') && get_magic_quotes_gpc()) { - // http://php.net/manual/en/security.magicquotes.disabling.php - $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); - while (list($key, $val) = each($process)) { - foreach ($val as $k => $v) { - unset($process[$key][$k]); - if (is_array($v)) { - $process[$key][stripslashes($k)] = $v; - $process[] = &$process[$key][stripslashes($k)]; - } else { - $process[$key][stripslashes($k)] = stripslashes($v); - } - } - } - unset($process); -} - -//////////////////////////////////////////////////////////////////////////////// -// The ircmaxell/password-compat library does not support unpatched versions of -// PHP older than PHP5.3.6. These versions of PHP have no secure crypt library. -//////////////////////////////////////////////////////////////////////////////// -$hash = '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG'; -if (!defined('PASSWORD_BCRYPT') && crypt("password", $hash) !== $hash) { - define('PASSWORD_BCRYPT', 1); - define('PASSWORD_DEFAULT', 1); - /** - * @param string $password - * @param integer $algo - * - * @return string - */ - function password_hash($password, $algo) { - return crypt($password); - } - - /** - * @param string $hash - * @param integer $algo - * - * @return boolean - */ - function password_needs_rehash($hash, $algo) { - return false; - } - - /** - * @param string $password - * @param integer $hash - * - * @return boolean - */ - function password_verify($password, $hash) { - return crypt($password, $hash) === $hash; - } +// We use some PHP5.5 features, but need to run on older servers +if (version_compare(PHP_VERSION, '5.4', '<')) { + require WT_ROOT . 'includes/php_53_compatibility.php'; } require WT_ROOT . 'library/autoload.php'; @@ -401,7 +349,7 @@ case 'allow': $SEARCH_SPIDER = false; break; case 'deny': - header('HTTP/1.1 403 Access Denied'); + http_response_code(403); exit; case 'robot': case 'unknown': @@ -663,7 +611,7 @@ if ($SEARCH_SPIDER && !in_array(WT_SCRIPT_NAME, array( 'index.php', 'indilist.php', 'module.php', 'mediafirewall.php', 'individual.php', 'family.php', 'mediaviewer.php', 'note.php', 'repo.php', 'source.php', ))) { - header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); + http_response_code(403); $controller = new WT_Controller_Page; $controller->setPageTitle(WT_I18N::translate('Search engine')); $controller->pageHeader(); diff --git a/includes/specialchars.php b/includes/specialchars.php index 8c80e6aa09..6ab78e6e78 100644 --- a/includes/specialchars.php +++ b/includes/specialchars.php @@ -23,7 +23,7 @@ // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA if (!defined('WT_WEBTREES')) { - header('HTTP/1.0 403 Forbidden'); + http_response_code(403); exit; } |
