From 3a7097d0fb8c47f2fc7309804333311a2d67b9f7 Mon Sep 17 00:00:00 2001 From: Konrad Rosenbaum Date: Mon, 19 Mar 2012 09:08:42 +0100 Subject: [PATCH] add anti-bot guards (for bots appending malicious code) --- pack | 2 +- www/admin.php | 7 ++++++- www/config.php.template | 3 +++ www/inc/classes/autoload.php | 2 ++ www/inc/classes/basevars.php | 2 ++ www/inc/classes/config_manager.php | 2 ++ www/inc/classes/language_manager.php | 2 ++ www/inc/classes/random.php | 2 ++ www/inc/db/autoload.php | 3 +++ www/inc/db/barcodetable.php | 2 ++ www/inc/db/db_scheme.php | 3 +++ www/inc/db/dbupgrade.php | 2 ++ www/inc/global_functions.php | 3 +++ www/inc/loader.php | 1 + www/inc/loader_nonadmin.php | 3 ++- www/inc/machine/autoload.php | 3 +++ www/inc/machine/muser.php | 2 ++ www/inc/machine/session.php | 2 ++ www/inc/machine/translation.php | 2 ++ www/inc/machine/version.php | 2 ++ www/inc/rendering/autoload.php | 3 +++ www/inc/rendering/cart_listing.php | 3 +++ www/inc/rendering/event_listing.php | 3 +++ www/inc/rendering/order_listing.php | 3 +++ www/inc/rendering/tcompiler.php | 6 +++++- www/inc/rendering/twig_extensions.php | 3 +++ www/inc/wext/artist.php | 3 +++ www/inc/wext/autoload.php | 3 +++ www/inc/wext/cart.php | 3 +++ www/inc/wext/customer.php | 3 +++ www/inc/wext/event.php | 3 +++ www/inc/wext/flag.php | 3 +++ www/inc/wext/format.php | 3 +++ www/inc/wext/order.php | 3 +++ www/inc/wext/price.php | 3 +++ www/inc/wext/role.php | 3 +++ www/inc/wext/room.php | 3 +++ www/inc/wext/shipping.php | 3 +++ www/inc/wext/template.php | 3 +++ www/inc/wext/ticket.php | 3 +++ www/inc/wext/transaction.php | 3 +++ www/inc/wext/voucher.php | 3 +++ www/inc/wext/webcart.php | 3 +++ www/inc/wext/websession.php | 3 +++ www/machine.php | 2 ++ 45 files changed, 123 insertions(+), 4 deletions(-) diff --git a/pack b/pack index 148c47b..e2c33af 160000 --- a/pack +++ b/pack @@ -1 +1 @@ -Subproject commit 148c47b29a616af46ed6690019d32b85ed568fac +Subproject commit e2c33af7744b42cf33e9e40e3a2ab4b93dc09cc2 diff --git a/www/admin.php b/www/admin.php index 7b04564..de726b2 100644 --- a/www/admin.php +++ b/www/admin.php @@ -221,4 +221,9 @@ for($i=0;$i - \ No newline at end of file + + \ No newline at end of file diff --git a/www/config.php.template b/www/config.php.template index 862514d..3b41285 100644 --- a/www/config.php.template +++ b/www/config.php.template @@ -146,4 +146,7 @@ $CustomerResetTime=24 * 60 * 60; //make sure files are interpreted as UTF-8 // mb_language('uni'); +//done +return; + ?> \ No newline at end of file diff --git a/www/inc/classes/autoload.php b/www/inc/classes/autoload.php index 84f0a55..3545faa 100644 --- a/www/inc/classes/autoload.php +++ b/www/inc/classes/autoload.php @@ -7,4 +7,6 @@ wob_autoclass('LanguageManager','./inc/classes/language_manager.php'); wob_autoclass('ConfigManager','./inc/classes/config_manager.php'); wob_autoclass('BaseVars','./inc/classes/basevars.php'); + +return; ?> \ No newline at end of file diff --git a/www/inc/classes/basevars.php b/www/inc/classes/basevars.php index 8ee5014..4afad74 100644 --- a/www/inc/classes/basevars.php +++ b/www/inc/classes/basevars.php @@ -161,4 +161,6 @@ private static function initBaseUrlPriv(){ //end of class } +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/classes/config_manager.php b/www/inc/classes/config_manager.php index 0d65be1..5c8c6b5 100644 --- a/www/inc/classes/config_manager.php +++ b/www/inc/classes/config_manager.php @@ -80,4 +80,6 @@ class ConfigManager } } +//eof +return; ?> diff --git a/www/inc/classes/language_manager.php b/www/inc/classes/language_manager.php index 42eef99..e5870de 100644 --- a/www/inc/classes/language_manager.php +++ b/www/inc/classes/language_manager.php @@ -295,4 +295,6 @@ class LanguageManager //make sure it exists LanguageManager::singleton(); +//eof +return; ?> diff --git a/www/inc/classes/random.php b/www/inc/classes/random.php index 10632af..f9fae28 100644 --- a/www/inc/classes/random.php +++ b/www/inc/classes/random.php @@ -103,4 +103,6 @@ function getCode39ID($length,$range=RND_ANYRANGE) return $ret; } +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/db/autoload.php b/www/inc/db/autoload.php index ff0306c..ff51e48 100644 --- a/www/inc/db/autoload.php +++ b/www/inc/db/autoload.php @@ -7,4 +7,7 @@ wob_autoclass("BarcodeTable",'./inc/db/barcodetable.php'); wob_autoclass("DBUpgrade",'./inc/db/dbupgrade.php'); include('./inc/db/db_scheme.php'); + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/db/barcodetable.php b/www/inc/db/barcodetable.php index 91d6652..9cfd687 100644 --- a/www/inc/db/barcodetable.php +++ b/www/inc/db/barcodetable.php @@ -42,4 +42,6 @@ abstract class BarcodeTable extends WobTable } }; +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/db/db_scheme.php b/www/inc/db/db_scheme.php index 694c767..886a8a2 100644 --- a/www/inc/db/db_scheme.php +++ b/www/inc/db/db_scheme.php @@ -4,4 +4,7 @@ // see COPYING.AGPL $dbScheme=new WobSchema; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/db/dbupgrade.php b/www/inc/db/dbupgrade.php index 7944f77..14451c9 100644 --- a/www/inc/db/dbupgrade.php +++ b/www/inc/db/dbupgrade.php @@ -391,4 +391,6 @@ class DBUpgrade } }; +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/global_functions.php b/www/inc/global_functions.php index 56c253f..367f43c 100644 --- a/www/inc/global_functions.php +++ b/www/inc/global_functions.php @@ -56,4 +56,7 @@ function redirectBack() } } + +//done +return; ?> diff --git a/www/inc/loader.php b/www/inc/loader.php index 9beea96..fa5c434 100644 --- a/www/inc/loader.php +++ b/www/inc/loader.php @@ -16,4 +16,5 @@ $db->tryConnect(); //make machine interface available (also used indirectly by index.php) include("./inc/machine/autoload.php"); //move on in loader_nonadmin.php (or admin.php) +return; ?> \ No newline at end of file diff --git a/www/inc/loader_nonadmin.php b/www/inc/loader_nonadmin.php index 50b95ee..24a0e9b 100644 --- a/www/inc/loader_nonadmin.php +++ b/www/inc/loader_nonadmin.php @@ -18,5 +18,6 @@ include("inc/rendering/autoload.php"); //load globals include('inc/global_functions.php'); - +//done +return; ?> \ No newline at end of file diff --git a/www/inc/machine/autoload.php b/www/inc/machine/autoload.php index 8a3a7ff..935ec2a 100644 --- a/www/inc/machine/autoload.php +++ b/www/inc/machine/autoload.php @@ -8,4 +8,7 @@ wob_autoclass("Session","./inc/machine/session.php"); wob_autoclass("Version","./inc/machine/version.php"); wob_autoclass("Translation","./inc/machine/translation.php"); wob_autoclass("MachineUser","./inc/machine/muser.php"); + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/machine/muser.php b/www/inc/machine/muser.php index 41255ab..1fc9da5 100644 --- a/www/inc/machine/muser.php +++ b/www/inc/machine/muser.php @@ -381,4 +381,6 @@ class MachineUser } }; +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/machine/session.php b/www/inc/machine/session.php index 11480b1..df0798c 100644 --- a/www/inc/machine/session.php +++ b/www/inc/machine/session.php @@ -280,4 +280,6 @@ class DummyWebSession extends Session } } +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/machine/translation.php b/www/inc/machine/translation.php index 5772266..caaeb8b 100644 --- a/www/inc/machine/translation.php +++ b/www/inc/machine/translation.php @@ -40,4 +40,6 @@ class Translation } }; +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/machine/version.php b/www/inc/machine/version.php index 6b91048..02d0ecf 100644 --- a/www/inc/machine/version.php +++ b/www/inc/machine/version.php @@ -13,4 +13,6 @@ public static function serverInfoXml($trans) } }; +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/rendering/autoload.php b/www/inc/rendering/autoload.php index 71c0b08..a6204fe 100644 --- a/www/inc/rendering/autoload.php +++ b/www/inc/rendering/autoload.php @@ -11,4 +11,7 @@ wob_autoclass("TemplateCompiler",$d.'/tcompiler.php'); wob_autoclass("LangFilterExtension",$d.'/twig_extensions.php'); wob_autoclass("SmokeFilterExtension",$d.'/twig_extensions.php'); + +//eof +return; ?> diff --git a/www/inc/rendering/cart_listing.php b/www/inc/rendering/cart_listing.php index f3b58c0..a8c64bd 100644 --- a/www/inc/rendering/cart_listing.php +++ b/www/inc/rendering/cart_listing.php @@ -423,4 +423,7 @@ static public function placeOrder() //end of WebCart }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/rendering/event_listing.php b/www/inc/rendering/event_listing.php index 64122b4..da5bb24 100644 --- a/www/inc/rendering/event_listing.php +++ b/www/inc/rendering/event_listing.php @@ -74,4 +74,7 @@ public static function createEventDetails() //end of class }; + +//eof +return; ?> diff --git a/www/inc/rendering/order_listing.php b/www/inc/rendering/order_listing.php index 3e76215..ec554fc 100644 --- a/www/inc/rendering/order_listing.php +++ b/www/inc/rendering/order_listing.php @@ -250,4 +250,7 @@ function editOrderComments() $parser->setVAR("PAGE", $p->parseFile("editordercomments.html")); } + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/rendering/tcompiler.php b/www/inc/rendering/tcompiler.php index f25ce06..90d5f31 100644 --- a/www/inc/rendering/tcompiler.php +++ b/www/inc/rendering/tcompiler.php @@ -63,4 +63,8 @@ class TemplateCompiler }else echo "Compiling all templates I can find...

\n"; } -} \ No newline at end of file +} + +//eof +return; +?> \ No newline at end of file diff --git a/www/inc/rendering/twig_extensions.php b/www/inc/rendering/twig_extensions.php index 36e9366..872f2d3 100644 --- a/www/inc/rendering/twig_extensions.php +++ b/www/inc/rendering/twig_extensions.php @@ -74,4 +74,7 @@ class SmokeFilterExtension extends Twig_Extension } } + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/artist.php b/www/inc/wext/artist.php index da53060..58349fc 100644 --- a/www/inc/wext/artist.php +++ b/www/inc/wext/artist.php @@ -31,4 +31,7 @@ class WOArtist extends WOArtistAbstract $trans->setartist(WOArtist::fromTableartist($at)); } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/autoload.php b/www/inc/wext/autoload.php index a343947..2779d4c 100644 --- a/www/inc/wext/autoload.php +++ b/www/inc/wext/autoload.php @@ -26,4 +26,7 @@ wob_autoclass("WOWebSession","inc/wext/websession.php"); wob_autoclass("WOCartVoucher","inc/wext/webcart.php"); wob_autoclass("MSmokeTransaction","inc/wext/transaction.php"); + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/cart.php b/www/inc/wext/cart.php index 47562c8..f1f1d25 100644 --- a/www/inc/wext/cart.php +++ b/www/inc/wext/cart.php @@ -398,4 +398,7 @@ class WOCartOrder extends WOCartOrderAbstract } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/customer.php b/www/inc/wext/customer.php index a311e09..cfe08f8 100644 --- a/www/inc/wext/customer.php +++ b/www/inc/wext/customer.php @@ -508,4 +508,7 @@ class WOCustomer extends WOCustomerAbstract die ("not implemented"); } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/event.php b/www/inc/wext/event.php index a822a2a..119e95d 100644 --- a/www/inc/wext/event.php +++ b/www/inc/wext/event.php @@ -267,4 +267,7 @@ class WOEvent extends WOEventAbstract } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/flag.php b/www/inc/wext/flag.php index 1e2da9e..1bd244b 100644 --- a/www/inc/wext/flag.php +++ b/www/inc/wext/flag.php @@ -59,4 +59,7 @@ class WOFlag extends WOFlagAbstract } }; + +//eof +return; ?> diff --git a/www/inc/wext/format.php b/www/inc/wext/format.php index 54ca52d..375bf8e 100644 --- a/www/inc/wext/format.php +++ b/www/inc/wext/format.php @@ -67,4 +67,7 @@ class WOServerFormat extends WOServerFormatAbstract } } + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/order.php b/www/inc/wext/order.php index 338fd72..cff8511 100644 --- a/www/inc/wext/order.php +++ b/www/inc/wext/order.php @@ -940,4 +940,7 @@ class WOOrder extends WOOrderAbstract } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/price.php b/www/inc/wext/price.php index 2e57fb8..8bdcf80 100644 --- a/www/inc/wext/price.php +++ b/www/inc/wext/price.php @@ -45,4 +45,7 @@ class WOPriceCategory extends WOPriceCategoryAbstract } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/role.php b/www/inc/wext/role.php index 99ad617..2c15dcf 100644 --- a/www/inc/wext/role.php +++ b/www/inc/wext/role.php @@ -17,4 +17,7 @@ class WORole extends WORoleAbstract{ } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/room.php b/www/inc/wext/room.php index e4be492..f5594c6 100644 --- a/www/inc/wext/room.php +++ b/www/inc/wext/room.php @@ -26,4 +26,7 @@ class WORoom extends WORoomAbstract } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/shipping.php b/www/inc/wext/shipping.php index c37b13b..f793e2d 100644 --- a/www/inc/wext/shipping.php +++ b/www/inc/wext/shipping.php @@ -37,4 +37,7 @@ class WOShipping extends WOShippingAbstract } }; + +//eof +return; ?> diff --git a/www/inc/wext/template.php b/www/inc/wext/template.php index 46b3dc0..7070c19 100644 --- a/www/inc/wext/template.php +++ b/www/inc/wext/template.php @@ -81,4 +81,7 @@ class WOTemplate extends WOTemplateAbstract } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/ticket.php b/www/inc/wext/ticket.php index 8c972c6..f985f97 100644 --- a/www/inc/wext/ticket.php +++ b/www/inc/wext/ticket.php @@ -111,4 +111,7 @@ class WOTicketAudit extends WOTicketAuditAbstract } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/transaction.php b/www/inc/wext/transaction.php index 75a2b10..889b2c1 100644 --- a/www/inc/wext/transaction.php +++ b/www/inc/wext/transaction.php @@ -54,4 +54,7 @@ class MSmokeTransaction extends WobTransaction } }; + +//eof +return; ?> diff --git a/www/inc/wext/voucher.php b/www/inc/wext/voucher.php index 31c4639..23510de 100644 --- a/www/inc/wext/voucher.php +++ b/www/inc/wext/voucher.php @@ -39,4 +39,7 @@ class WOVoucher extends WOVoucherAbstract } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/webcart.php b/www/inc/wext/webcart.php index a1772e0..6e9a855 100644 --- a/www/inc/wext/webcart.php +++ b/www/inc/wext/webcart.php @@ -137,4 +137,7 @@ class WOCartVoucher extends WOCartVoucherAbstract } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/inc/wext/websession.php b/www/inc/wext/websession.php index a2d34a9..87cfc7f 100644 --- a/www/inc/wext/websession.php +++ b/www/inc/wext/websession.php @@ -61,4 +61,7 @@ class WOWebSession extends WOWebSessionAbstract exit(); } }; + +//eof +return; ?> \ No newline at end of file diff --git a/www/machine.php b/www/machine.php index d99d719..89c3989 100644 --- a/www/machine.php +++ b/www/machine.php @@ -13,4 +13,6 @@ include("inc/loader_nonadmin.php"); //let wob do the rest MSmokeTransaction::handle(); +//done +exit(0); ?> \ No newline at end of file -- 1.7.2.5