LEPTON CMS 7.4.0
feel free to keep it strictly simple...
Loading...
Searching...
No Matches
lepton_secure.php
Go to the documentation of this file.
1<?php
2
3declare(strict_types=1);
4
20class LEPTON_secure extends LEPTON_abstract
21{
22 // 0.0 Basics
23 private $admin_dir = "";
24 public static $instance;
25
26 // 0.1 Boolean for the "state"
27 public $bCalledByModule = false;
28
29 // 0.2 For the filepaths
30 private $direct_access_allowed = array();
31
32 // 0.3 List of allowed fils by default
33 private $files_access_allowed = array(
34 'backend' => array(
35 '/access/index.php',
36 '/addons/index.php',
37 '/addons/reload.php',
38 '/admintools/index.php',
39 '/admintools/tool.php',
40 '/groups/add.php',
41 '/groups/groups.php',
42 '/groups/index.php',
43 '/groups/save.php',
44 '/languages/details.php',
45 '/languages/index.php',
46 '/languages/install.php',
47 '/languages/uninstall.php',
48 '/login/index.php',
49 '/login/tfa.php',
50 '/login/forgot/index.php',
51 '/logout/index.php',
52 '/media/thumb.php',
53 '/modules/details.php',
54 '/modules/index.php',
55 '/modules/install.php',
56 '/modules/manual_install.php',
57 '/modules/uninstall.php',
58 '/modules/save_permissions.php',
59 '/pages/add.php',
60 '/pages/ajax.toggle_open_tree',
61 '/pages/delete.php',
62 '/pages/empty_trash.php',
63 '/pages/index.php',
64 '/pages/modify.php',
65 '/pages/move_down.php',
66 '/pages/move_up.php',
67 '/pages/restore.php',
68 '/pages/save.php',
69 '/pages/sections_save.php',
70 '/pages/sections.php',
71 '/pages/settings.php',
72 '/pages/settings2.php',
73 '/preferences/save.php',
74 '/settings/ajax_testmail.php',
75 '/settings/index.php',
76 '/settings/save.php',
77 '/start/index.php',
78 '/templates/details.php',
79 '/templates/index.php',
80 '/templates/install.php',
81 '/templates/uninstall.php',
82 '/users/add.php',
83 '/users/index.php',
84 '/users/save.php',
85 '/users/users.php'
86 ),
87 'account' => array(
88 '/forgot.php',
89 '/login.php',
90 '/logout.php',
91 '/tfa.php',
92 '/new_password.php',
93 '/save_new_password.php',
94 '/preferences.php',
95 '/signup.php'
96 ),
97 'modules' => array(
98 '/cronjob.php', // @ADD_cronjob 20230727, include cronjob file for external call
99 '/edit_module_files.php',
100 '/menu_link/save.php',
101 '/wrapper/save.php',
102 '/jsadmin/move_to.php',
103 '/lib_search/frontend_result.php'
104 )
105 );
106
111 protected function initialize()
112 {
113 $fp = fopen( dirname(dirname(__DIR__))."/config/config.php", "r");
114 $source = fread($fp, 1024);
115 fclose($fp);
116 $pattern = "/ADMIN_PATH', LEPTON_PATH\.'(.*?)'\‍);/i";
117 $founds = array();
118
119 preg_match_all( $pattern, $source, $founds , PREG_SET_ORDER);
120
121 if(isset($founds[0][1]))
122 {
123 self::$instance->admin_dir = $founds[0][1];
124 }
125
126 foreach( self::$instance->files_access_allowed as $key => $value)
127 {
128 $dirname = ($key == 'backend')
129 ? self::$instance->admin_dir
130 : "/".$key
131 ;
132
133 foreach($value as $filename)
134 {
135 static::$instance->direct_access_allowed[] = $dirname.$filename;
136 }
137 }
138 }
139
151 public function accessFiles( $newFileNames = array())
152 {
153 // to avoid unexpected results on local windows installations we coerce the backslashes to slashes:
154 $sServerFileName = str_replace("\\", "/",$_SERVER['SCRIPT_FILENAME']);
155 if( false !== strpos( $sServerFileName, "modules") )
156 {
157 $aTerms = explode("/", $sServerFileName);
158 $sFolder = array_pop($aTerms);
159 $sPrefix = "";
160 $iCounter = 0; // temp. counter var
161 $iMaxCounts = 16; // maximum repeats ...
162 while ($sFolder != "modules")
163 {
164
165 $sFolder = array_pop($aTerms); // get the last array element
166 $sPrefix = "/".$sFolder.$sPrefix; // put the element before the existing one
167
173 if( ++$iCounter > $iMaxCounts )
174 {
175 $sPrefix = "/";
176 break;
177 }
178 }
179
180 foreach($newFileNames as &$ref)
181 {
182 if($ref[0] != "/")
183 {
184 $ref = "/".$ref;
185 }
186
187 if( false === strpos($ref, $sPrefix))
188 {
189 $ref = $sPrefix.$ref;
190 }
191 }
192 }
193
194 static::$instance->direct_access_allowed = $newFileNames;
195 static::$instance->bCalledByModule = true;
196 }
197
204 public function getAllowedFiles() {
205 return static::$instance->direct_access_allowed;
206 }
207
215 public function getAdminDir()
216 {
217 return self::$instance->admin_dir;
218 }
219
227 public function testFile( string $sFilename = "" ) : bool
228 {
229 if(!is_string($sFilename))
230 {
231 return false;
232 }
233
234 if( "" === $sFilename)
235 {
236 return false;
237 }
238
239 foreach( static::$instance->direct_access_allowed as $allowed_file)
240 {
241 if (strpos( $sFilename, $allowed_file) !== false)
242 {
243 return true;
244 }
245 }
246 return false;
247 }
248}
LEPTON_abstract
Definition lepton_abstract.php:25
LEPTON_secure
Definition lepton_secure.php:21
LEPTON_secure\$bCalledByModule
$bCalledByModule
Definition lepton_secure.php:27
LEPTON_secure\getAdminDir
getAdminDir()
Definition lepton_secure.php:215
LEPTON_secure\initialize
initialize()
Definition lepton_secure.php:111
LEPTON_secure\testFile
testFile(string $sFilename="")
Definition lepton_secure.php:227
LEPTON_secure\accessFiles
accessFiles( $newFileNames=array())
Definition lepton_secure.php:151
LEPTON_secure\$instance
static $instance
Definition lepton_secure.php:24
LEPTON_secure\getAllowedFiles
getAllowedFiles()
Definition lepton_secure.php:204