Changeset 7101

Show
Ignore:
Timestamp:
11/29/08 16:17:58 (6 weeks ago)
Author:
inureyes
Message:

refs #1156

  • '친절한' preprocessor
  • 기본 변수가 제대로 validate되지 않던 버그 수정 (지금까지 죽- 동작 안했던듯!)
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/library/preprocessor.php

    r7093 r7101  
    44/// See the GNU General Public License for more details. (/doc/LICENSE, /doc/COPYRIGHT) 
    55 
    6 /** Pre-processor - This file  
    7     ---------- 
    8      
    9 */ 
    10 /** Loading Basic Components */ 
     6/** Pre-processor  
     7    ------------- 
     8    * Performs Variable validation  
     9    * Loads components and models 
     10    * Initialization 
     11    * Checks privilege  
     12*/ 
     13/** LOAD : Basic Components  
     14    ----------------------- 
     15    Loads mandatory components to perform 'Input Validation.'  
     16    $IV is set before preprocessing, at interface code. 
     17*/ 
    1118require_once (ROOT.'/library/components/Needlworks.PHP.UnifiedEnvironment.php'); 
    1219require_once (ROOT.'/library/components/Needlworks.PHP.Core.php'); 
    13 require_once (ROOT.'/library/components/Needlworks.PHP.BaseClasses.php'); 
    14 require_once (ROOT.'/library/components/Needlworks.PHP.Loader.php'); 
    15  
    16 /** Basic POST/GET variable validation. */ 
    17 if (isset($IV)) { 
    18     if (!Validator::validate($IV)) { 
    19         header('HTTP/1.1 404 Not Found'); 
    20         exit; 
    21     } 
    22 } 
    23 /** Basic SERVER variable validation. */ 
     20 
     21/** CHECK : Basic POST/GET variable validation.  
     22    ------------------------------------------- 
     23    Drops not allowed variables.  
     24*/ 
     25$valid = true; 
     26if (isset($IV)) $valid = $valid && Validator::validate($IV); 
     27 
     28/// Basic SERVER variable validation to prevent hijacking possibility. 
    2429$basicIV = array( 
    2530    'SCRIPT_NAME' => array('string'), 
     
    2732    'REDIRECT_URL' => array('string', 'mandatory' => false) 
    2833); 
    29 Validator::validateArray($_SERVER, $basicIV); 
    30 /** Basic URI information validation. */ 
     34$valid = $valid && Validator::validateArray($_SERVER, $basicIV); 
     35 
     36/// Basic URI information validation. (you can skip this part.) 
    3137if(isset($URLInfo)) { 
     38    $URLInfo['fullpath'] = urldecode($URLInfo['fullpath']); 
    3239    $basicIV = array( 
    3340        'fullpath' => array('string'), 
     
    3744        'input'    => array('string', 'mandatory' => false) 
    3845    ); 
    39     $URLInfo['fullpath'] = urldecode($URLInfo['fullpath']); 
    40     Validator::validateArray($URLInfo, $basicIV); 
    41 } 
    42  
    43 /** Loading Configuration */ 
     46    $valid = $valid && Validator::validateArray($URLInfo, $basicIV); 
     47} 
     48 
     49/// Basic URI information validation. 
     50if (!$valid) { 
     51    header('HTTP/1.1 404 Not Found'); 
     52    exit; 
     53} 
     54 
     55/** LOAD : Basic Components 
     56    -------------------- 
     57    Loads singleton base class and autoloader. 
     58*/ 
     59require_once (ROOT.'/library/components/Needlworks.PHP.BaseClasses.php'); 
     60require_once (ROOT.'/library/components/Needlworks.PHP.Loader.php'); 
     61 
     62/** LOAD : Configuration and Debug module (if necessary) 
     63    -------------------- 
     64*/ 
    4465global $config, $context; 
    45          
     66 
     67/// Loading configuration    
    4668$config = Config::getInstance(); 
    4769$context = Context::getInstance(); // automatic initialization via first instanciation 
    4870 
    49 /** Loading debug module */ 
     71/// Loading debug module 
    5072if($config->service['debugmode'] == true) { 
    5173    if(isset($config->service['dbms'])) { 
     
    5779} 
    5880     
    59 /** Loading components / models / views */ 
     81/** LOAD : Required components / models / views  
     82    ------------------------------------------- 
     83    include.XXXX contains necessary file list. (XXXX : blog, owner, reader, feeder, icon) 
     84    Loading files from the file list. 
     85*/ 
     86 
     87/// Reading necessary file list 
    6088require_once (ROOT.'/library/include.'.$context->URLInfo['interfaceType'].'.php'); 
     89/// Loading files. 
    6190require_once (ROOT.'/library/include.php'); 
    6291 
    63 /** Sending header */ 
     92/** INITIALIZE : Sending header  
     93    --------------------------- 
     94*/ 
    6495header('Content-Type: text/html; charset=utf-8'); 
    65 /** Database I/O initialization. */ 
     96 
     97/** INITIALIZE : Database I/O 
     98    ------------------------- 
     99    Performs database connection. 
     100*/ 
    66101if(!empty($config->database) && !empty($config->database["database"])) { 
    67102    if(POD::bind($config->database) === false) { 
     
    71106} 
    72107$database['utf8'] = (POD::charset() == 'utf8') ? true : false; 
    73 /** Memcache module bind (if possible) */ 
     108/// Memcache module bind (if possible) 
     109global $memcache; 
    74110$memcache = null; 
    75111if(!empty($config->database) && !empty($config->service['memcached']) && $config->service['memcached'] == true):  
     
    78114endif; 
    79115 
    80 /** Parse URI and gather blogID and URI parameters */ 
     116/** INITIALIZE : URI Parsing and specify parameters 
     117    ----------------------------------------------- 
     118    Textcube judges blogid from its URI. 
     119    After parsing URI-specific variables, fetch global variables (legacy support till Textcube 2) 
     120*/ 
    81121$context->URIParser(); 
    82 /** Setting global variables */ 
     122/// Setting global variables 
    83123$context->globalVariableParser(); 
    84124 
    85 /** Initializing Session */ 
     125/** INITIALIZE : Session (if necessary) 
     126    ----------------------------------- 
     127*/ 
    86128if (!defined('NO_SESSION')) { 
    87129    session_name(Session::getName()); 
     
    89131    session_set_save_handler( array('Session','open'), array('Session','close'), array('Session','read'), array('Session','write'), array('Session','destroy'), array('Session','gc') ); 
    90132    session_cache_expire(1); 
    91     session_set_cookie_params(0, '/', $service['domain']); 
     133    session_set_cookie_params(0, '/', $config->service['domain']); 
    92134    if (session_start() !== true) { 
    93135        header('HTTP/1.1 503 Service Unavailable'); 
     
    95137} 
    96138 
     139/** INITIALIZE 
     140    ---------- 
     141*/ 
    97142if (!defined('NO_INITIALIZAION')) { 
    98     /* Get User information */ 
     143/** User information  
     144    ---------------- 
     145    If connection is authenticated, load user information. 
     146*/ 
    99147    if (doesHaveMembership()) { 
    100148        $user = array('id' => getUserId()); 
     
    103151    } else { 
    104152        $user = null; 
    105     }    
    106  
    107  
    108     /** Initializing Locale Resources */ 
     153    } 
     154     
     155/** Timezone 
     156    -------- 
     157    Blog-specific Timezone setting. 
     158*/ 
     159    if(isset($config->database) && !empty($config->database['database'])) { 
     160        $timezone = new Timezone; 
     161        $timezone->set(isset($blog['timezone']) ? $blog['timezone'] : $config->service['timezone']); 
     162        POD::query('SET time_zone = \'' . $timezone->getCanonical() . '\''); 
     163    } 
     164/** Locale Resources 
     165    ---------------- 
     166    Loads necessary locale resource.  
     167    (TODO : Reduce the capacity of i18n resource by dividing blog / adminpanel setting. 
     168*/ 
    109169    $__locale = array( 
    110170        'locale' => null, 
     
    113173        ); 
    114174     
    115     // Set timezone. 
    116     if(isset($config->database) && !empty($config->database['database'])) { 
    117         $timezone = new Timezone; 
    118         $timezone->set(isset($blog['timezone']) ? $blog['timezone'] : $config->service['timezone']); 
    119         POD::query('SET time_zone = \'' . $timezone->getCanonical() . '\''); 
    120     } 
    121      
    122     // Load administration panel locale. 
     175/// Load administration panel locale. 
    123176    if(!defined('NO_LOCALE')) { 
    124177        Locale::setDirectory(ROOT . '/resources/language'); 
     
    132185    } 
    133186     
    134     /** Administration panel skin / editor template initialization */ 
     187/** Administration panel skin / editor template 
     188    ------------------------------------------- 
     189    When necessary, loads admin panel skin information. 
     190*/ 
    135191    if(in_array($context->URLInfo['interfaceType'], array('owner','reader')) || defined('__TEXTCUBE_ADMINPANEL__')) { 
    136192        $adminSkinSetting = array(); 
     
    153209} 
    154210     
    155 /** Plugin module initialization (if necessary) */  
     211/** INITIALIZE : Plugin module (if necessary) 
     212    ------------------------------------------- 
     213    Load and bind specific plugin codes and initialze them. 
     214*/  
    156215if(in_array($context->URLInfo['interfaceType'], array('blog','owner','reader'))) { 
    157216    require_once(ROOT.'/library/plugins.php'); 
    158217} 
    159218 
    160 /** Access privilege Check */ 
    161 header('Content-Type: text/html; charset=utf-8'); 
     219/** INITIALIZE : Access privilege Check  
     220    ----------------------------------- 
     221    Checks privilege setting and block user (or connection). 
     222*/ 
    162223 
    163224if($context->URLInfo['interfaceType'] == 'blog' && !defined('__TEXTCUBE_LOGIN__')) {