tiki-filter-base.php 3.36 KB
Newer Older
1
<?php
2
// (c) Copyright 2002-2015 by authors of the Tiki Wiki CMS Groupware Project
3
//
changi67's avatar
changi67 committed
4 5 6
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id$
7 8

//this script may only be included - so its better to die if called directly.
9
if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !== false) {
10 11
	header("location: index.php");
	exit;
12 13 14 15
}

/* Automatically set params used for absolute URLs - BEGIN */

16
// Note: need to substitute \ for / for windows.
17
$tikipath = str_replace('\\', '/', __DIR__);
arildb's avatar
arildb committed
18
define('TIKI_PATH', $tikipath);
19

20 21
if (getcwd()) {
	$scriptDirectory = getcwd();
22
} else {
23 24 25 26
	// On some systems, SCRIPT_FILENAME contains the full path to the cgi script
	// that calls the script we are looking for. In this case, we have to
	// fallback to PATH_TRANSLATED. This one may be wrong on some systems, this
	// is why SCRIPT_FILENAME is tried first.
27 28 29 30
	
	// I can't make sense of the above paragraph, but SCRIPT_FILENAME appears to always work, as the alternative case was broken for 2 years. Chealer
	 
	if ( substr($_SERVER['SCRIPT_FILENAME'], 0, strlen($tikipath)) != $tikipath ) {
31
		// PATH_TRANSLATED is not always set on PHP5, so try to get first value of get_included_files() in this case
32
		$scriptDirectory = empty($_SERVER['PATH_TRANSLATED']) ? current(get_included_files()) : $_SERVER['PATH_TRANSLATED'];
33
	} else {
34
		$scriptDirectory = $_SERVER['SCRIPT_FILENAME'];
35
	}
36
	$scriptDirectory = dirname(realpath($scriptDirectory));
37
}
38 39
// Note: need to substitute \ for / for Windows.
$scriptDirectory = str_replace('\\', '/', $scriptDirectory);
40

41
$dir_level = substr_count(str_replace($tikipath, '', $scriptDirectory), "/");
42

43 44 45
// If unallowed chars (regarding to RFC1738) have been found in REQUEST_URI, then urlencode them
$unallowed_uri_chars = array("'", '"', '<', '>', '{', '}', '|', '\\', '^', '~', '`');
$unallowed_uri_chars_encoded = array_map('urlencode', $unallowed_uri_chars);
46
if (isset($_SERVER['REQUEST_URI']))
47
	$_SERVER['REQUEST_URI'] = str_replace($unallowed_uri_chars, $unallowed_uri_chars_encoded, $_SERVER['REQUEST_URI']);
48 49 50 51 52

// Same as above, but for PHP_SELF which does not contain URL params
// Usually, PHP_SELF also differs from REQUEST_URI in that PHP_SELF is URL decoded and REQUEST_URI is exactly what the client sent
$unallowed_uri_chars = array_merge($unallowed_uri_chars, array('#', '[', ']'));
$unallowed_uri_chars_encoded = array_merge($unallowed_uri_chars_encoded, array_map('urlencode', array('#', '[', ']')));
53
$_SERVER['SCRIPT_NAME'] = str_replace($unallowed_uri_chars, $unallowed_uri_chars_encoded, $_SERVER['SCRIPT_NAME']);
54

55
// Note: need to substitute \ for / for Windows.
56
$tikiroot = str_replace('\\', '/', dirname($_SERVER['SCRIPT_NAME']));
57 58

if ($dir_level > 0) {
59
	$tikiroot = preg_replace('#(/[^/]+){'.$dir_level.'}$#', '', $tikiroot);
60
	chdir($tikipath);
61 62
}

63 64
if ( substr($tikiroot, -1, 1) != '/' ) $tikiroot .= '/';
if ( substr($tikipath, -1, 1) != '/' ) $tikipath .= '/';
65

66
// Add global filter for xajax and cookie	// AJAX_TODO?
67
global $inputConfiguration;
68 69 70
if ( empty($inputConfiguration) ) {
	$inputConfiguration = array();
}
71
array_unshift(
72 73 74 75 76 77 78 79
	$inputConfiguration, array(
	  'staticKeyFilters' => array(
			'cookietab'	=>	'int',
			'callback'  => 'word',
		),
		'staticKeyFiltersForArrays' => array(
		)
	)
80
);
81

82
require_once('lib/init/initlib.php');
83
TikiInit::appendIncludePath($tikipath);