.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
G::LoadClass( "webResource" );
define( 'GET_PERMISSION_REG_EXP', '/(G::\\s*genericForceLogin\\s*\\(\\s*[\'"])(\\w+)([\'"]\\s*,\\s*[\'"].+[\'"],.+\\)\\s*)|(\\$RBAC->userCanAccess\\s*\\(\\s*[\'"])(\\w+)([\'"]\\s*\\))/i' );
define( 'GET_PERMISSION_REG_EXP2', '/\\s*if\\s*\\(\\s*\\(\\s*\\$RBAC_Response\\s*=\\s*\\$RBAC->userCanAccess\\s*\\(\\s*[\'"]\\w+[\'"]\\s*\\)\\s*\\)\\s*!=1\\s*\\)\\s*return(?:.*)?;\\s*/i' );
class phpFile extends webResource
{
function _get_permissions ($filename)
{
$aSource = file( $filename );
$aOutSource = array ();
$source = implode( '', $aSource );
$regExp = GET_PERMISSION_REG_EXP;
$permissions = array ();
$lines = array ();
$len = preg_match_all( $regExp, $source, $matches, PREG_OFFSET_CAPTURE );
for ($r = 0; $r < $len; $r ++) {
$match = $matches[0][$r][0];
$permission = ($matches[2][$r][0] != '') ? $matches[2][$r][0] : $matches[5][$r][0];
$toPrint = ($matches[2][$r][0] != '') ? (htmlentities( $matches[1][$r][0], ENT_QUOTES, 'utf-8' ) . '' . htmlentities( $matches[2][$r][0], ENT_QUOTES, 'utf-8' ) . '' . htmlentities( $matches[3][$r][0], ENT_QUOTES, 'utf-8' )) : (htmlentities( $matches[4][$r][0], ENT_QUOTES, 'utf-8' ) . '' . htmlentities( $matches[5][$r][0], ENT_QUOTES, 'utf-8' ) . '' . htmlentities( $matches[6][$r][0], ENT_QUOTES, 'utf-8' ));
$row = $this->_getLine( $aSource, $matches[0][$r][1] );
if (array_search( $permission, $permissions ) === false) {
$permissions[] = $permission;
$lines[] = $row;
}
//TODO: Need to htmlencode the rest of the line that is not in match. Ex. < ? php
if ($row > 0)
$aOutSource[$row - 1] = str_replace( $match, $toPrint, isset( $aOutSource[$row - 1] ) ? $aOutSource[$row - 1] : $aSource[$row - 1] );
$aOutSource[$row] = str_replace( $match, $toPrint, isset( $aOutSource[$row] ) ? $aOutSource[$row] : $aSource[$row] );
if ($row < (sizeof( $aSource ) - 1))
$aOutSource[$row + 1] = str_replace( $match, $toPrint, isset( $aOutSource[$row + 1] ) ? $aOutSource[$row + 1] : $aSource[$row + 1] );
}
ksort( $aOutSource );
$row0 = 0;
$html = '';
foreach ($aOutSource as $row => $line) {
if (($row - 1) > $row0)
$html .= $this->_printLine( $row, '...' );
$html .= $this->_printLine( $row + 1, $line, true, $aSource[$row], $filename . '?' . $row );
$row0 = $row;
}
return array (($html === '') ? 'Dont have RBAC validation!' : (''),$permissions,$lines
);
}
function get_permissions ($filename)
{
$res = $this->_get_permissions( $filename );
return $res[0];
}
function modify_line ($filename, $row, $value)
{
$aSource = file( $filename );
$line = $aSource[$row];
$nl = (strlen( $line ) >= 2) && (substr( $line, - 2, 2 ) == "\r\n") ? "\r\n" : ((strlen( $line ) >= 1) && (substr( $line, - 1, 1 ) == "\n") ? "\n" : "");
$aSource[$row] = $value . $nl;
/*Save change*/
$fp = fopen( $filename, 'w' );
fwrite( $fp, implode( '', $aSource ) );
fclose( $fp );
/*Format line*/
$regExp = GET_PERMISSION_REG_EXP;
$line = $aSource[$row];
$len = preg_match_all( $regExp, $line, $matches, PREG_OFFSET_CAPTURE );
for ($r = 0; $r < $len; $r ++) {
$match = $matches[0][$r][0];
$toPrint = ($matches[2][$r][0] != '') ? (htmlentities( $matches[1][$r][0], ENT_QUOTES, 'utf-8' ) . '' . htmlentities( $matches[2][$r][0], ENT_QUOTES, 'utf-8' ) . '' . htmlentities( $matches[3][$r][0], ENT_QUOTES, 'utf-8' )) : (htmlentities( $matches[4][$r][0], ENT_QUOTES, 'utf-8' ) . '' . htmlentities( $matches[5][$r][0], ENT_QUOTES, 'utf-8' ) . '' . htmlentities( $matches[6][$r][0], ENT_QUOTES, 'utf-8' ));
$line = str_replace( $match, $toPrint, $line );
}
return array ($line,$aSource[$row]
);
}
function set_header ($filename, $value)
{
$aFields = array ("_FILENAME_" => basename( $filename )
);
$value = G::replaceDataField( $value, $aFields );
$aOrigin = file( $filename );
//It suposse that allway start with = 2) && (substr( $line, - 2, 2 ) == "\r\n") ? "\r\n" : ((strlen( $line ) >= 1) && (substr( $line, - 1, 1 ) == "\n") ? "\n" : "");
$codigo = implode( '', $aOrigin );
$pattern = '/\/\*[\w\W]+\* ' . 'ProcessMaker Open Source' . '[\w\W]+?\*\//i';
if (preg_match( $pattern, $codigo )) {
$codigo = preg_replace( $pattern, $value, $codigo );
} else {
$aSource = array ();
$aSource[0] = $aOrigin[0];
$aSource[1] = $value . $nl;
for ($r = 1; $r < sizeof( $aOrigin ); $r ++) {
$aSource[] = $aOrigin[$r];
}
$codigo = implode( '', $aSource );
}
/*Save change*/
$fp = fopen( $filename, 'w' );
fwrite( $fp, $codigo );
fclose( $fp );
return $this->get_permissions( $filename );
}
function add_permission ($filename, $value)
{
$aOrigin = file( $filename );
//It suposse that allway start with = 2) && (substr( $line, - 2, 2 ) == "\r\n") ? "\r\n" : ((strlen( $line ) >= 1) && (substr( $line, - 1, 1 ) == "\n") ? "\n" : "");
$aSource[1] = $value . $nl;
for ($r = 1; $r < sizeof( $aOrigin ); $r ++) {
$aSource[] = $aOrigin[$r];
}
/*Save change*/
$fp = fopen( $filename, 'w' );
fwrite( $fp, implode( '', $aSource ) );
fclose( $fp );
return $this->get_permissions( $filename );
}
function _getLine (&$aSource, $pos)
{
$i = 1;
while ($pos > sizeof( $aSource[$i] )) {
$pos -= strlen( $aSource[$i] );
$i ++;
}
return $i - 1;
}
function _printLine ($row, $txt, $editable = false, $editValue = '', $name = '')
{
if ($editable) {
return ' | ' . '' . $row . ' |
' . $txt . '' . ' |
';
} else {
return ' | ' . '' . $row . ' | ' . '' . $txt . ' |
';
}
}
function set_permission ($filename, $permission)
{
list ($html, $permissions) = $this->_get_permissions( $filename );
if (array_search( $permission, $permissions ) === false) {
$this->add_permission( $filename, 'if (($RBAC_Response=$RBAC->userCanAccess("' . $permission . '"))!=1) return $RBAC_Response;' );
}
return $this->get_permissions( $filename );
}
function set_path_permission ($path, $permission)
{
$files = glob( $path . '*.php' );
foreach ($files as $file) {
$this->set_permission( $file, $permission );
}
}
function set_path_header ($path, $header)
{
$files = glob( $path . '*.php' );
$filesMod = array ();
foreach ($files as $file) {
$filesMod[] = $file;
$this->set_header( $file, $header );
}
$dirs = glob( $path . '*', GLOB_MARK );
foreach ($dirs as $dir) {
if (substr( $dir, - 1, 1 ) == '/')
$this->set_path_header( $dir, $header );
}
return $filesMod;
}
function remove_path_permission ($path, $permission)
{
$files = glob( $path . '*.php' );
foreach ($files as $file) {
$this->remove_permission( $file, $permission );
}
}
function remove_line ($filename, $line)
{
$aSource = file( $filename );
unset( $aSource[$line] );
/*Save change*/
$fp = fopen( $filename, 'w' );
fwrite( $fp, implode( '', $aSource ) );
fclose( $fp );
return $this->get_permissions( $filename );
}
function remove_permission ($filename, $permission)
{
$aSource = file( $filename );
list ($html, $permissions, $lines) = $this->_get_permissions( $filename );
if (($row = array_search( $permission, $permissions )) !== false) {
$line = $lines[$row];
if (preg_match( GET_PERMISSION_REG_EXP2, $aSource[$line] )) {
unset( $aSource[$line] );
$msg = "Removed.";
} else {
$msg = "Can not be removed!";
}
}
/*Save change*/
$fp = fopen( $filename, 'w' );
fwrite( $fp, implode( '', $aSource ) );
fclose( $fp );
return $this->get_permissions( $filename );
}
}
$phpFile = new phpFile( 'methodsPermissions_Ajax', $_POST );