2012-06-18 11:26:00 +00:00
|
|
|
<?php
|
|
|
|
/**
|
2019-03-09 19:44:14 +00:00
|
|
|
* @package Joomla.JEDChecker
|
|
|
|
*
|
2019-03-10 16:09:42 +00:00
|
|
|
* @copyright Copyright (C) 2017 - 2019 Open Source Matters, Inc. All rights reserved.
|
|
|
|
* Copyright (C) 2008 - 2016 compojoom.com . All rights reserved.
|
2019-03-10 08:49:52 +00:00
|
|
|
* @author Daniel Dimitrov <daniel@compojoom.com>
|
|
|
|
* eaxs <support@projectfork.net>
|
|
|
|
*
|
2019-03-09 19:44:14 +00:00
|
|
|
* @license GNU General Public License version 2 or later; see LICENSE.txt
|
2012-06-18 11:26:00 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
defined('_JEXEC') or die('Restricted access');
|
|
|
|
|
2012-07-06 23:45:06 +00:00
|
|
|
// Include the rule base class
|
2013-11-05 20:17:39 +00:00
|
|
|
require_once JPATH_COMPONENT_ADMINISTRATOR . '/models/rule.php';
|
2012-07-06 23:45:06 +00:00
|
|
|
|
2012-06-18 11:26:00 +00:00
|
|
|
/**
|
2013-11-05 20:17:39 +00:00
|
|
|
* class JedcheckerRulesJexec
|
|
|
|
*
|
2012-06-18 11:26:00 +00:00
|
|
|
* This class searches all files for the _JEXEC check
|
|
|
|
* which prevents direct file access.
|
|
|
|
*
|
2013-11-05 20:17:39 +00:00
|
|
|
* @since 1.0
|
2012-06-18 11:26:00 +00:00
|
|
|
*/
|
2013-11-05 20:17:39 +00:00
|
|
|
class JedcheckerRulesJexec extends JEDcheckerRule
|
2012-06-18 11:26:00 +00:00
|
|
|
{
|
2013-11-05 20:17:39 +00:00
|
|
|
/**
|
|
|
|
* The formal ID of this rule. For example: SE1.
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $id = 'PH2';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The title or caption of this rule.
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $title = 'COM_JEDCHECKER_RULE_PH2';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The description of this rule.
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $description = 'COM_JEDCHECKER_RULE_PH2_DESC';
|
|
|
|
|
2021-02-23 19:22:29 +00:00
|
|
|
/**
|
|
|
|
* Regexp to match _JEXEC-like guard
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $regex;
|
|
|
|
|
2013-11-05 20:17:39 +00:00
|
|
|
/**
|
|
|
|
* Initiates the file search and check
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function check()
|
|
|
|
{
|
2021-02-23 19:22:29 +00:00
|
|
|
$this->init_jexec();
|
|
|
|
|
2013-11-05 20:17:39 +00:00
|
|
|
// Find all php files of the extension
|
2021-02-13 20:12:08 +00:00
|
|
|
$files = JFolder::files($this->basedir, '\.php$', true, true);
|
2013-11-05 20:17:39 +00:00
|
|
|
|
|
|
|
// Iterate through all files
|
|
|
|
foreach ($files as $file)
|
|
|
|
{
|
|
|
|
// Try to find the _JEXEC check in the file
|
|
|
|
if (!$this->find($file))
|
|
|
|
{
|
|
|
|
// Add as error to the report if it was not found
|
|
|
|
$this->report->addError($file, JText::_('COM_JEDCHECKER_ERROR_JEXEC_NOT_FOUND'));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Reads a file and searches for the _JEXEC statement
|
|
|
|
*
|
|
|
|
* @param string $file - The path to the file
|
|
|
|
*
|
|
|
|
* @return boolean True if the statement was found, otherwise False.
|
|
|
|
*/
|
|
|
|
protected function find($file)
|
|
|
|
{
|
2021-02-23 19:20:25 +00:00
|
|
|
// load file and strip comments
|
|
|
|
$content = php_strip_whitespace($file);
|
|
|
|
|
|
|
|
// skip empty files
|
|
|
|
if ($content === '' || preg_match('#^<\?php\s+$#', $content))
|
|
|
|
{
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2021-02-23 19:22:29 +00:00
|
|
|
// check guards
|
|
|
|
if (preg_match($this->regex, $content))
|
|
|
|
{
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
2013-11-05 20:17:39 +00:00
|
|
|
|
2021-02-23 19:22:29 +00:00
|
|
|
/**
|
|
|
|
* Prepare regexp aforehand
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
protected function init_jexec()
|
|
|
|
{
|
2013-11-05 20:17:39 +00:00
|
|
|
$defines = $this->params->get('constants');
|
|
|
|
$defines = explode(',', $defines);
|
2012-06-27 13:53:50 +00:00
|
|
|
|
2021-02-23 19:22:29 +00:00
|
|
|
foreach ($defines as $i => $define)
|
2013-11-05 20:17:39 +00:00
|
|
|
{
|
2021-02-23 19:22:29 +00:00
|
|
|
$defines[$i] = preg_quote(trim($define), '#');
|
2013-11-05 20:17:39 +00:00
|
|
|
}
|
|
|
|
|
2021-02-23 19:22:29 +00:00
|
|
|
$this->regex
|
|
|
|
= '#^' // at the beginning of the file
|
|
|
|
. '<\?php\s+' // there is an opening php tag
|
|
|
|
. 'defined ?\( ?' // followed by defined test
|
|
|
|
. '([\'"])(?:' . implode('|', $defines) . ')\1' // of any of given constant
|
|
|
|
. ' ?\) ?(?:or |\|\| ?)(?:die|exit)\b' // or exit
|
|
|
|
. '#i'; // (case insensitive)
|
2013-11-05 20:17:39 +00:00
|
|
|
}
|
2012-06-18 11:26:00 +00:00
|
|
|
}
|