.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*
*/
G::LoadClass("webResource");
define('GET_PERMISSION_REG_EXP','/(G::\\s*genericForceLogin\\s*\\(\\s*[\'"])(\\w+)([\'"]\\s*,\\s*[\'"].+[\'"],.+\\)\\s*)|(\\$RBAC->userCanAccess\\s*\\(\\s*[\'"])(\\w+)([\'"]\\s*\\))/i');
define('GET_PERMISSION_REG_EXP2','/\\s*if\\s*\\(\\s*\\(\\s*\\$RBAC_Response\\s*=\\s*\\$RBAC->userCanAccess\\s*\\(\\s*[\'"]\\w+[\'"]\\s*\\)\\s*\\)\\s*!=1\\s*\\)\\s*return(?:.*)?;\\s*/i');
class phpFile extends webResource
{
function _get_permissions($filename)
{
$aSource = file( $filename);
$aOutSource = array();
$source = implode( '', $aSource );
$regExp=GET_PERMISSION_REG_EXP;
$permissions=array();
$lines=array();
$len=preg_match_all($regExp,$source,$matches,PREG_OFFSET_CAPTURE);
for($r=0; $r < $len; $r++)
{
$match=$matches[0][$r][0];
$permission=($matches[2][$r][0]!='') ? $matches[2][$r][0]:$matches[5][$r][0];
$toPrint=($matches[2][$r][0]!='') ?
(
htmlentities($matches[1][$r][0],ENT_QUOTES,'utf-8').
''.htmlentities($matches[2][$r][0],ENT_QUOTES,'utf-8').''.
htmlentities($matches[3][$r][0],ENT_QUOTES,'utf-8')
)
:
(
htmlentities($matches[4][$r][0],ENT_QUOTES,'utf-8').
''.htmlentities($matches[5][$r][0],ENT_QUOTES,'utf-8').''.
htmlentities($matches[6][$r][0],ENT_QUOTES,'utf-8')
);
$row = $this->_getLine($aSource,$matches[0][$r][1]);
if (array_search($permission,$permissions)===FALSE)
{
$permissions[]=$permission;
$lines[]=$row;
}
//TODO: Need to htmlencode the rest of the line that is not in match. Ex. < ? php
if ($row>0) $aOutSource[$row-1]=str_replace($match,$toPrint,isset($aOutSource[$row-1])?$aOutSource[$row-1]:$aSource[$row-1]);
$aOutSource[$row]=str_replace($match,$toPrint,isset($aOutSource[$row])?$aOutSource[$row]:$aSource[$row]);
if ($row<(sizeof($aSource)-1)) $aOutSource[$row+1]=str_replace($match,$toPrint,isset($aOutSource[$row+1])?$aOutSource[$row+1]:$aSource[$row+1]);
}
ksort($aOutSource);
$row0=0;$html='';
foreach($aOutSource as $row => $line)
{
if (($row-1) > $row0) $html.=$this->_printLine($row,'...');
$html.=$this->_printLine($row+1,$line,true,$aSource[$row],$filename.'?'.$row);
$row0=$row;
}
return array (
($html==='')?'Dont have RBAC validation!':(''),
$permissions,
$lines
);
}
function get_permissions($filename)
{
$res=$this->_get_permissions($filename);
return $res[0];
}
function modify_line($filename,$row,$value)
{
$aSource = file( $filename);
$line=$aSource[$row];
$nl=(strlen($line)>=2)&&(substr($line,-2,2)=="\r\n")?
"\r\n":
((strlen($line)>=1)&&(substr($line,-1,1)=="\n")?"\n":"");
$aSource[$row]=$value.$nl;
/*Save change*/
$fp=fopen($filename,'w');
fwrite($fp,implode('',$aSource));
fclose($fp);
/*Format line*/
$regExp=GET_PERMISSION_REG_EXP;
$line=$aSource[$row];
$len=preg_match_all($regExp,$line,$matches,PREG_OFFSET_CAPTURE);
for($r=0; $r < $len; $r++)
{
$match=$matches[0][$r][0];
$toPrint=($matches[2][$r][0]!='') ?
(
htmlentities($matches[1][$r][0],ENT_QUOTES,'utf-8').
''.htmlentities($matches[2][$r][0],ENT_QUOTES,'utf-8').''.
htmlentities($matches[3][$r][0],ENT_QUOTES,'utf-8')
)
:
(
htmlentities($matches[4][$r][0],ENT_QUOTES,'utf-8').
''.htmlentities($matches[5][$r][0],ENT_QUOTES,'utf-8').''.
htmlentities($matches[6][$r][0],ENT_QUOTES,'utf-8')
);
$line=str_replace($match,$toPrint,$line);
}
return array($line,$aSource[$row]);
}
function set_header($filename,$value)
{
$aFields=array("_FILENAME_"=>basename( $filename ) );
$value = G::replaceDataField( $value , $aFields );
$aOrigin = file( $filename);
//It suposse that allway start with =2)&&(substr($line,-2,2)=="\r\n")?
"\r\n":
((strlen($line)>=1)&&(substr($line,-1,1)=="\n")?"\n":"");
$codigo = implode('',$aOrigin);
$pattern='/\/\*[\w\W]+\* '.'ProcessMaker Open Source'.'[\w\W]+?\*\//i';
if (preg_match($pattern,$codigo))
{
$codigo=preg_replace( $pattern, $value , $codigo );
}
else
{
$aSource=array();
$aSource[0]=$aOrigin[0];
$aSource[1]=$value.$nl;
for($r=1;$rget_permissions($filename);
}
function add_permission($filename,$value)
{
$aOrigin = file( $filename);
//It suposse that allway start with =2)&&(substr($line,-2,2)=="\r\n")?
"\r\n":
((strlen($line)>=1)&&(substr($line,-1,1)=="\n")?"\n":"");
$aSource[1]=$value.$nl;
for($r=1;$rget_permissions($filename);
}
function _getLine(&$aSource,$pos)
{
$i=1;
while ($pos>sizeof($aSource[$i]))
{
$pos-=strlen($aSource[$i]);
$i++;
}
return $i-1;
}
function _printLine($row,$txt,$editable=false,$editValue='',$name='')
{
if ($editable)
{
return ' | '.
''.$row.' |
'.
$txt.''.
' |
';
}
else
{
return ' | '.
''.$row.' | '.
''.$txt.' |
';
}
}
function set_permission($filename,$permission)
{
list($html,$permissions)=$this->_get_permissions($filename);
if (array_search($permission,$permissions)===FALSE)
{
$this->add_permission
(
$filename,
'if (($RBAC_Response=$RBAC->userCanAccess("'.$permission.'"))!=1) return $RBAC_Response;'
);
}
return $this->get_permissions($filename);
}
function set_path_permission($path,$permission)
{
$files=glob($path.'*.php');
foreach($files as $file)
{
$this->set_permission($file,$permission);
}
}
function set_path_header($path,$header)
{
$files=glob($path.'*.php');
$filesMod=array();
foreach($files as $file)
{
$filesMod[]=$file;
$this->set_header($file,$header);
}
$dirs=glob($path.'*', GLOB_MARK );
foreach($dirs as $dir)
{
if (substr( $dir , -1 , 1 )=='/') $this->set_path_header($dir,$header);
}
return $filesMod;
}
function remove_path_permission($path,$permission)
{
$files=glob($path.'*.php');
foreach($files as $file)
{
$this->remove_permission($file,$permission);
}
}
function remove_line($filename,$line)
{
$aSource = file($filename);
unset($aSource[$line]);
/*Save change*/
$fp=fopen($filename,'w');
fwrite($fp,implode('',$aSource));
fclose($fp);
return $this->get_permissions($filename);
}
function remove_permission($filename,$permission)
{
$aSource = file( $filename);
list($html,$permissions,$lines) = $this->_get_permissions($filename);
if (($row=array_search($permission,$permissions))!==FALSE)
{
$line=$lines[$row];
if (preg_match(GET_PERMISSION_REG_EXP2,$aSource[$line]))
{
unset($aSource[$line]);
$msg="Removed.";
}
else
{
$msg="Can not be removed!";
}
}
/*Save change*/
$fp=fopen($filename,'w');
fwrite($fp,implode('',$aSource));
fclose($fp);
return $this->get_permissions($filename);
}
}
$phpFile=new phpFile('methodsPermissions_Ajax',$_POST);
?>