20230504 Closes #190

Code Cleanup. File(s): base_common.php Issue(s): #190 File(s): base_denied.php : includes/base_capabilities.php : includes/base_include.inc.php : includes/base_output_html.inc.php : includes/base_output_query.inc.php : index.php Code Cleanup. File(s): includes/base_krnl.php Issue(s): #190 Bumped Kernel Version to 0.0.2 Detects nonexistent translation data files. Log message improvements
NathanGibbs3 · May 5, 2023 · 1e27b63 · 1e27b63
1 parent 42a8ea9
commit 1e27b63
Show file tree

Hide file tree

Showing 12 changed files with 251 additions and 199 deletions.
diff --git a/base_common.php b/base_common.php
@@ -1261,9 +1261,13 @@ function BCS( $Name, $Value = '' ){
 					KML($EMPfx . "Sec: $Stat", 3);
 					$msg .= ' Secure';
 				}
+				$path = $BASE_urlpath;
+				if( !LoadedString($BASE_urlpath) ){
+					$path = '/';
+				}
 				$BCO = array(
 					'expires' => $expire,
-					'path' => $BASE_urlpath,
+					'path' => $path,
 					//leading dot for compatibility or use subdomain
 					// '.example.com',
 					'domain' => '',

diff --git a/base_denied.php b/base_denied.php
@@ -17,8 +17,6 @@
 
 $sc = DIRECTORY_SEPARATOR;
 require_once("includes$sc" . 'base_krnl.php');
-include_once("$BASE_path/base_common.php");
-include_once("$BASE_path/includes/base_auth.inc.php");
 include_once("$BASE_path/includes/base_log_error.inc.php");
 include_once("$BASE_path/includes/base_output_html.inc.php");
 

diff --git a/docs/BASE-Coding-Standards.md b/docs/BASE-Coding-Standards.md
@@ -358,4 +358,4 @@ In a for loop declaration, there should be no space inside the brackets and ther
 </td>
    </tr>
   </table>
-Documentation generated on Tue, 02 May 2023 23:03:02 +0000 by [PHP_CodeSniffer 3.7.2](https://github.com/squizlabs/PHP_CodeSniffer)
+Documentation generated on Fri, 05 May 2023 01:13:01 +0000 by [PHP_CodeSniffer 3.7.2](https://github.com/squizlabs/PHP_CodeSniffer)
diff --git a/includes/base_capabilities.php b/includes/base_capabilities.php
@@ -97,15 +97,16 @@ function BaseCapsRegistry(){ // PHP 4x constructor.
 		if( intval($Use_Auth_System) != 0 ){ // Auth system On.
 			$this->AddCap('BASE_Auth');
 		}
-		if( LoadedString($BASE_Language) ){ // UI Lang.
-			$this->AddCap('BASE_Lang', $BASE_Language);
-		}
-		if( $archive_exists != 0 ){ // Archive DB On.
+		if( intval($archive_exists) != 0 ){ // Archive DB On.
 			$this->AddCap('BASE_ADB');
 		}
 		if( $event_cache_auto_update != 0 ){ // Event Cache Update.
 			$this->AddCap('BASE_ECU');
 		}
+		// BASE UI Settings
+		if( LoadedString($BASE_Language) ){ // UI Lang.
+			$this->AddCap('BASE_UILang', $BASE_Language);
+		}
 		if( $colored_alerts != 0 ){ // Colored Alerts
 			$this->AddCap('BASE_UICA');
 		}

diff --git a/includes/base_include.inc.php b/includes/base_include.inc.php
@@ -20,6 +20,7 @@
 */
 // Ensure the conf file has been loaded. Prevent direct access to this file.
 defined('_BASE_INC') or die('Accessing this file directly is not allowed.');
+$sc = DIRECTORY_SEPARATOR;
 include_once("$BASE_path$sc" . "includes$sc" . "base_constants.inc.php");
 include_once("$BASE_path$sc" . "includes$sc" . "base_db.inc.php");
 include_once("$BASE_path/includes/base_output_html.inc.php");
@@ -29,7 +30,6 @@
 include_once("$BASE_path/includes/base_state_criteria.inc.php");
 include_once("$BASE_path/includes/base_output_query.inc.php");
 include_once("$BASE_path/includes/base_log_error.inc.php");
-include_once("$BASE_path/includes/base_log_timing.inc.php");
 include_once("$BASE_path/includes/base_action.inc.php");
 include_once("$BASE_path/includes/base_cache.inc.php");
 include_once("$BASE_path/includes/base_net.inc.php");

diff --git a/includes/base_krnl.php b/includes/base_krnl.php
@@ -17,7 +17,7 @@
 //
 //          Author(s): Nathan Gibbs
 
-$BK_Ver = '0.0.1';
+$BK_Ver = '0.0.2';
 $BASE_path = dirname(__FILE__);
 $sc = DIRECTORY_SEPARATOR;
 $ReqRE =  "\\".$sc.'includes.*';
@@ -26,7 +26,7 @@
 $file = "$BASE_path$sc" . 'base_conf.php'; // BASE Conf File.
 
 if ( ChkAccess($file) == 1 && filesize($file) > 10 ){
-	KML("Loading Conf from: $file");
+	KML("BASE Conf Set: $file");
 	require_once($file);
 	SetConst('BASE_Conf', $file);
 	SetConst('_BASE_INC', 1); // Include Load Flag.
@@ -68,8 +68,45 @@
 	$et = new EventTiming($BCR->GetCap('BASE_UIDiagTime'));
 	$et->Mark('Starting BASE: ' . $BCR->GetCap('BASE_Ver'));
 	KML("Load: Telemetry", 2);
+	$Lang = $BCR->GetCap('BASE_UILang');
+	$Act = 'Set';
+	if( !LoadedString($Lang) ){
+		$Act = 'Default';
+		$Lang = 'english';
+		$BCR->AddCap('BASE_UILang', $Lang);
+	}
+	KML("BASE Lang $Act: $Lang", 2);
+	$LA = '';
+	if( ChkAccess("$BASE_path$sc" . "languages$sc$Lang" . '.lang.php') != 1 ){
+		$LA = 'not ';
+	}
+	$tmp = $LA . 'accessible';
+	KML("BASE Lang File: $tmp", 2);
+	if( LoadedString($LA) ){ // Display error to user.
+		$BCR->AddCap('UIMode', 'Web');
+		ErrorMessage("BASE Lang File: $tmp");
+		exit;
+	}
+	$tmp = $BASE_urlpath; // Issue #190
+	if( LoadedString($tmp) ){
+		$ReqRE = 'http(s)?' . preg_quote('://','/')
+		. '[0-9A-Za-z\.\-]+(\:[0-9]+)?';
+		$tmp1 = $tmp;
+		$tmp = preg_replace('/^' . $ReqRE . '/', '', $tmp);
+		if( $tmp1 != $tmp ){
+			KML('BASE Security Alert Krnl(): Issue #190 attack blocked.');
+		}
+		if( $tmp == '/' ){
+			$tmp = '';
+		}
+		$BASE_urlpath = $tmp;
+	}
+	if( is_key('SCRIPT_NAME', $_SERVER) ){
+		$tmp = $_SERVER['SCRIPT_NAME'];
+		KML("Start: $tmp");
+	}
 }else{
-	KML("Can't open Conf from: $file.");
+	KML("BASE Conf access error: $file.");
 	HTTP_header('Location: setup/index.php');
 }