diff -r bed9d04fa144 -r e1a22031b5bd includes/template.php --- a/includes/template.php Thu Oct 04 08:22:25 2007 -0400 +++ b/includes/template.php Fri Oct 05 01:57:00 2007 -0400 @@ -871,78 +871,232 @@ else return ''; } - function process_template($file) { + /** + * Compiles and executes a template based on the current variables and booleans. Loads + * the theme and initializes variables if needed. This mostly just calls child functions. + * @param string File to process + * @return string + */ + + function process_template($file) + { global $db, $session, $paths, $template, $plugins; // Common objects if(!defined('ENANO_TEMPLATE_LOADED')) { $this->load_theme(); $this->init_vars(); } - eval($this->compile_template($file)); - return $tpl_code; + + $compiled = $this->compile_template($file); + return eval($compiled); } - function extract_vars($file) { + /** + * Loads variables from the specified template file. Returns an associative array containing the variables. + * @param string Template file to process (elements.tpl) + * @return array + */ + + function extract_vars($file) + { global $db, $session, $paths, $template, $plugins; // Common objects - if(!$this->theme) + + // Sometimes this function gets called before the theme is loaded + // This is a bad coding practice so this function will always be picky. + if ( !$this->theme ) { die('$template->extract_vars(): theme not yet loaded, so we can\'t open template files yet...this is a bug and should be reported.

Backtrace, most recent call first:

'.enano_debug_print_backtrace(true).'

'); } - if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file)) die('Cannot find '.$file.' file for style "'.$this->theme.'", exiting'); - $text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file); + + // Full pathname of template file + $tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $file; + + // Make sure the template even exists + if ( !is_file($tpl_file_fullpath) ) + { + die_semicritical('Cannot find template file', + '

The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for + the current theme.

Additional debugging information:
+ Theme currently in use: ' . $this->theme . '
+ Requested file: ' . $file . ' +

'); + } + // Retrieve file contents + $text = file_get_contents($tpl_file_fullpath); + if ( !$text ) + { + return false; + } + + // Get variables, regular expressions FTW preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches); + + // Initialize return values $tplvars = Array(); - for($i=0;$i/is', $text, $php_matches); + + foreach ( $php_matches[0] as $i => $match ) + { + // Substitute the PHP section with a random tag + $tag = "{PHP:$i:$seed}"; + $text = str_replace_once($match, $tag, $text); + } + + // Escape slashes and single quotes in template code + $text = str_replace('\\', '\\\\', $text); + $text = str_replace('\'', '\\\'', $text); + + // Initialize the PHP compiled code + $text = 'ob_start(); echo \''.$text.'\'; $tpl_code = ob_get_contents(); ob_end_clean(); return $tpl_code;'; + + ## + ## Main rules + ## + + // + // Conditionals + // + + // If-else-end + $text = preg_replace('/(.*?)(.*?)/is', '\'; if ( $this->tpl_bool[\'\\1\'] ) { echo \'\\2\'; } else { echo \'\\3\'; } echo \'', $text); + + // If-end + $text = preg_replace('/(.*?)/is', '\'; if ( $this->tpl_bool[\'\\1\'] ) { echo \'\\2\'; } echo \'', $text); + + // If not-else-end + $text = preg_replace('/(.*?)(.*?)/is', '\'; if ( !$this->tpl_bool[\'\\1\'] ) { echo \'\\2\'; } else { echo \'\\3\'; } echo \'', $text); + + // If not-end + $text = preg_replace('/(.*?)/is', '\'; if ( !$this->tpl_bool[\'\\1\'] ) { echo \'\\2\'; } echo \'', $text); + + // If set-else-end + $text = preg_replace('/(.*?)(.*?)/is', '\'; if ( isset($this->tpl_strings[\'\\1\']) ) { echo \'\\2\'; } else { echo \'\\3\'; } echo \'', $text); + + // If set-end + $text = preg_replace('/(.*?)/is', '\'; if ( isset($this->tpl_strings[\'\\1\']) ) { echo \'\\2\'; } echo \'', $text); + + // If plugin loaded-else-end + $text = preg_replace('/(.*?)(.*?)/is', '\'; if ( getConfig(\'plugin_\\1\') == \'1\' ) { echo \'\\2\'; } else { echo \'\\3\'; } echo \'', $text); + + // If plugin loaded-end + $text = preg_replace('/(.*?)/is', '\'; if ( getConfig(\'plugin_\\1\') == \'1\' ) { echo \'\\2\'; } echo \'', $text); + + // + // Data substitution/variables + // + + // System messages + $text = preg_replace('//is', '\' . $this->tplWikiFormat($pages->sysMsg(\'\\1\')) . \'', $text); + + // Template variables + $text = preg_replace('/\{([A-z0-9_-]+?)\}/is', '\' . $this->tpl_strings[\'\\1\'] . \'', $text); + + // Reinsert PHP + + foreach ( $php_matches[1] as $i => $match ) + { + // Substitute the random tag with the "real" PHP code + $tag = "{PHP:$i:$seed}"; + $text = str_replace_once($tag, "'; $match echo '", $text); + } + + return $text; + + } + + /** + * Compiles the contents of a given template file, possibly using a cached copy, and returns the compiled code. + * @param string Filename of template (header.tpl) + * @return string + */ + + function compile_template($filename) + { global $db, $session, $paths, $template, $plugins; // Common objects - if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text)) die('Cannot find '.$text.' file for style, exiting'); - $n = $text; - $tpl_filename = ENANO_ROOT . '/cache/' . $this->theme . '-' . str_replace('/', '-', $n) . '.php'; - if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text)) die('Cannot find '.$text.' file for style, exiting'); - if(file_exists($tpl_filename) && getConfig('cache_thumbs')=='1') + + // Full path to template file + $tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $filename; + + // Make sure the file exists + if ( !is_file($tpl_file_fullpath) ) { - include($tpl_filename); - $text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text); - if(isset($md5) && $md5 == md5($text)) { + die_semicritical('Cannot find template file', + '

The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for + the current theme.

Additional debugging information:
+ Theme currently in use: ' . $this->theme . '
+ Requested file: ' . $file . ' +

'); + } + + // Check for cached copy + // This will make filenames in the pattern of theme-file.tpl.php + $cache_file = ENANO_ROOT . '/cache/' . $this->theme . '-' . str_replace('/', '-', $filename) . '.php'; + + // Only use cached copy if caching is enabled + // (it is enabled by default I think) + if ( file_exists($cache_file) && getConfig('cache_thumbs') == '1' ) + { + // Cache files are auto-generated, but otherwise are normal PHP files + include($cache_file); + + // Fetch content of the ORIGINAL + $text = file_get_contents($tpl_file_fullpath); + + // $md5 will be set by the cached file + // This makes sure that a cached copy of the template is used only if its MD5 + // matches the MD5 of the file that the compiled file was compiled from. + if ( isset($md5) && $md5 == md5($text) ) + { return str_replace('\\"', '"', $tpl_text); } } - $text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$n); + // We won't use the cached copy here + $text = file_get_contents($tpl_file_fullpath); + + // This will be used later when writing the cached file $md5 = md5($text); - $seed = md5 ( microtime() . mt_rand() ); - preg_match_all("/<\?php(.*?)\?>/is", $text, $m); - //die('

'.htmlspecialchars(print_r($m, true)).'

'); - for($i = 0; $i < sizeof($m[1]); $i++) + // Preprocessing and checks complete - compile the code + $text = $this->compile_tpl_code($text); + + // Perhaps caching is enabled and the admin has changed the template? + if ( is_writable( ENANO_ROOT . '/cache/' ) && getConfig('cache_thumbs') == '1' ) { - $text = str_replace("", "{PHPCODE:{$i}:{$seed}}", $text); - } - //die('

'.htmlspecialchars($text).'

'); - $text = 'ob_start(); echo \''.str_replace('\'', '\\\'', $text).'\'; $tpl_code = ob_get_contents(); ob_end_clean();'; - $text = preg_replace('##is', '\'; if(isset($this->tpl_bool[\'\\1\']) && $this->tpl_bool[\'\\1\']) { echo \'', $text); - $text = preg_replace('##is', '\'; if(isset($this->tpl_strings[\'\\1\'])) { echo \'', $text); - $text = preg_replace('##is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { echo \'', $text); - $text = preg_replace('##is', '\'; echo $template->tplWikiFormat($paths->sysMsg(\'\\1\')); echo \'', $text); - $text = preg_replace('##is', '\'; if(!$this->tpl_bool[\'\\1\']) { echo \'', $text); - $text = preg_replace('##is', '\'; } else { echo \'', $text); - $text = preg_replace('##is', '\'; } echo \'', $text); - $text = preg_replace('#\{([A-z0-9]*)\}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text); - for($i = 0; $i < sizeof($m[1]); $i++) - { - $text = str_replace("{PHPCODE:{$i}:{$seed}}", "'; {$m[1][$i]} echo '", $text); - } - if(is_writable(ENANO_ROOT.'/cache/') && getConfig('cache_thumbs')=='1') - { - //die($tpl_filename); - $h = fopen($tpl_filename, 'w'); - if(!$h) return $text; - $t = addslashes($text); + $h = fopen($cache_file, 'w'); + if ( !$h ) + { + // Couldn't open the file - silently ignore and return + return $text; + } + + // Escape the compiled code so it can be eval'ed + $text_escaped = addslashes($text); $notice = <<'); + // This is really just a normal PHP file that sets a variable or two and exits. + // $tpl_text actually will contain the compiled code + fwrite($h, ''); fclose($h); } + return $text; //('

'.htmlspecialchars($text).'

'); } - function compile_template_text($text) { - $seed = md5 ( microtime() . mt_rand() ); - preg_match_all("/<\?php(.*?)\?>/is", $text, $m); - //die('

'.htmlspecialchars(print_r($m, true)).'

'); - for($i = 0; $i < sizeof($m[1]); $i++) - { - $text = str_replace("", "{PHPCODE:{$i}:{$seed}}", $text); - } - //die('

'.htmlspecialchars($text).'

'); - $text = 'ob_start(); echo \''.str_replace('\'', '\\\'', $text).'\'; $tpl_code = ob_get_contents(); ob_end_clean(); return $tpl_code;'; - $text = preg_replace('##is', '\'; if(isset($this->tpl_bool[\'\\1\']) && $this->tpl_bool[\'\\1\']) { echo \'', $text); - $text = preg_replace('##is', '\'; if(isset($this->tpl_strings[\'\\1\'])) { echo \'', $text); - $text = preg_replace('##is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { echo \'', $text); - $text = preg_replace('##is', '\'; echo $template->tplWikiFormat($paths->sysMsg(\'\\1\')); echo \'', $text); - $text = preg_replace('##is', '\'; if(!$this->tpl_bool[\'\\1\']) { echo \'', $text); - $text = preg_replace('##is', '\'; } else { echo \'', $text); - $text = preg_replace('##is', '\'; } echo \'', $text); - $text = preg_replace('#\{([A-z0-9]*)\}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text); - for($i = 0; $i < sizeof($m[1]); $i++) - { - $text = str_replace("{PHPCODE:{$i}:{$seed}}", "'; {$m[1][$i]} echo '", $text); - } - return $text; //('

'.htmlspecialchars($text).'

'); + + /** + * Compiles (parses) some template code with the current master set of variables and booleans. + * @param string Text to process + * @return string + */ + + function compile_template_text($text) + { + // this might do something else in the future, possibly cache large templates + return $this->compile_tpl_code($text); } + /** + * For convenience - compiles AND parses some template code. + * @param string Text to process + * @return string + */ + function parse($text) { $text = $this->compile_template_text($text); @@ -1004,7 +1155,18 @@ // So you can implement custom logic into your sidebar if you wish. // "Real" PHP support coming soon :-D - function tplWikiFormat($message, $filter_links = false, $filename = 'elements.tpl') { + /** + * Takes a blob of HTML with the specially formatted template-oriented wikitext and formats it. Does not use eval(). + * This function butchers every coding standard in Enano and should eventually be rewritten. The fact is that the + * code _works_ and does a good job of checking for errors and cleanly complaining about them. + * @param string Text to process + * @param bool Ignored for backwards compatibility + * @param string File to get variables for sidebar data from + * @return string + */ + + function tplWikiFormat($message, $filter_links = false, $filename = 'elements.tpl') + { global $db, $session, $paths, $template, $plugins; // Common objects $filter_links = false; $tplvars = $this->extract_vars($filename); @@ -1029,83 +1191,93 @@ // Conditionals - preg_match_all('#\{if ([A-Za-z0-9_ &\|\!-]*)\}(.*?)\{\/if\}#is', $message, $links); + preg_match_all('#\{if ([A-Za-z0-9_ &\|\!-]*)\}(.*?)\{\/if\}#is', $message, $links); - for($i=0;$itpl_bool['that']) && $this->tpl_bool['that'] ) && ... - // Method of attack: escape all variables, ignore all else. Non-valid code is filtered out by a regex above. - $in_var_now = true; - $in_var_last = false; - $current_var = ''; - $current_var_start_pos = 0; - $current_var_end_pos = 0; - $j = -1; - $links[1][$i] = $links[1][$i] . ' '; - $d = strlen($links[1][$i]); - while($j < $d) - { - $j++; - $in_var_last = $in_var_now; + $condition =& $links[1][$i]; + $message = str_replace('{if '.$condition.'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message); - $char = substr($links[1][$i], $j, 1); - $in_var_now = ( preg_match('#^([A-z0-9_]*){1}$#', $char) ) ? true : false; - if(!$in_var_last && $in_var_now) - { - $current_var_start_pos = $j; - } - if($in_var_last && !$in_var_now) - { - $current_var_end_pos = $j; - } - if($in_var_now) + // Time for some manual parsing... + $chk = false; + $current_id = ''; + $prn_level = 0; + // Used to keep track of where we are in the conditional + // Object of the game: turn {if this && ( that OR !something_else )} ... {/if} into if( ( isset($this->tpl_bool['that']) && $this->tpl_bool['that'] ) && ... + // Method of attack: escape all variables, ignore all else. Non-valid code is filtered out by a regex above. + $in_var_now = true; + $in_var_last = false; + $current_var = ''; + $current_var_start_pos = 0; + $current_var_end_pos = 0; + $j = -1; + $condition = $condition . ' '; + $d = strlen($condition); + while($j < $d) { - $current_var .= $char; - continue; + $j++; + $in_var_last = $in_var_now; + + $char = substr($condition, $j, 1); + $in_var_now = ( preg_match('#^([A-z0-9_]*){1}$#', $char) ) ? true : false; + if(!$in_var_last && $in_var_now) + { + $current_var_start_pos = $j; + } + if($in_var_last && !$in_var_now) + { + $current_var_end_pos = $j; + } + if($in_var_now) + { + $current_var .= $char; + continue; + } + // OK we are not inside of a variable. That means that we JUST hit the end because the counter ($j) will be advanced to the beginning of the next variable once processing here is complete. + if($char != ' ' && $char != '(' && $char != ')' && $char != 'A' && $char != 'N' && $char != 'D' && $char != 'O' && $char != 'R' && $char != '&' && $char != '|' && $char != '!' && $char != '<' && $char != '>' && $char != '0' && $char != '1' && $char != '2' && $char != '3' && $char != '4' && $char != '5' && $char != '6' && $char != '7' && $char != '8' && $char != '9') + { + // XSS attack! Bail out + $errmsg = '

Error: Syntax error (possibly XSS attack) caught in template code:

'; + $errmsg .= '

';
+                $errmsg .= '{if '.htmlspecialchars($condition).'}';
+                $errmsg .= "\n    ";
+                for ( $k = 0; $k < $j; $k++ )
+                {
+                    $errmsg .= " ";
+                }
+                // Show position of error
+                $errmsg .= '^';
+                $errmsg .= '

'; + $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $errmsg, $message); + continue 2; + } + if($current_var != '') + { + $cd = '( isset($this->tpl_bool[\''.$current_var.'\']) && $this->tpl_bool[\''.$current_var.'\'] )'; + $cvt = substr($condition, 0, $current_var_start_pos) . $cd . substr($condition, $current_var_end_pos, strlen($condition)); + $j = $j + strlen($cd) - strlen($current_var); + $current_var = ''; + $condition = $cvt; + $d = strlen($condition); + } } - // OK we are not inside of a variable. That means that we JUST hit the end because the counter ($j) will be advanced to the beginning of the next variable once processing here is complete. - if($char != ' ' && $char != '(' && $char != ')' && $char != 'A' && $char != 'N' && $char != 'D' && $char != 'O' && $char != 'R' && $char != '&' && $char != '|' && $char != '!' && $char != '<' && $char != '>' && $char != '0' && $char != '1' && $char != '2' && $char != '3' && $char != '4' && $char != '5' && $char != '6' && $char != '7' && $char != '8' && $char != '9') - { - // XSS attack! Bail out - echo '

Error: Syntax error (possibly XSS attack) caught in template code:

'; - echo '

';
-          echo '{if '.$links[1][$i].'}';
-          echo "\n    ";
-          for($k=0;$k<$j;$k++) echo " ";
-          echo '^';
-          echo '

'; - continue 2; - } - if($current_var != '') + $condition = substr($condition, 0, strlen($condition)-1); + $condition = '$chk = ( '.$condition.' ) ? true : false;'; + eval($condition); + + if($chk) { - $cd = '( isset($this->tpl_bool[\''.$current_var.'\']) && $this->tpl_bool[\''.$current_var.'\'] )'; - $cvt = substr($links[1][$i], 0, $current_var_start_pos) . $cd . substr($links[1][$i], $current_var_end_pos, strlen($links[1][$i])); - $j = $j + strlen($cd) - strlen($current_var); - $current_var = ''; - $links[1][$i] = $cvt; - $d = strlen($links[1][$i]); + if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}')); + else $c = $links[2][$i]; + $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); } - } - $links[1][$i] = substr($links[1][$i], 0, strlen($links[1][$i])-1); - $links[1][$i] = '$chk = ( '.$links[1][$i].' ) ? true : false;'; - eval($links[1][$i]); - - if($chk) { // isset($this->tpl_bool[$links[1][$i]]) && $this->tpl_bool[$links[1][$i]] - if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}')); - else $c = $links[2][$i]; - $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); - } else { - if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i])); - else $c = ''; - $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); - } + else + { + if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i])); + else $c = ''; + $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); + } } preg_match_all('#\{!if ([A-Za-z_-]*)\}(.*?)\{\/if\}#is', $message, $links);