From b2e259671cf2f33e518b42fd075aa7b4881daedc Mon Sep 17 00:00:00 2001 From: rurban Date: Wed, 7 Jan 2009 08:56:46 +0000 Subject: [PATCH] Protect against "Cannot create references to/from string offsets nor overloaded objects" git-svn-id: svn://svn.code.sf.net/p/phpwiki/code/trunk@6373 96ab9672-09ca-45d6-a79d-3d69d39ca109 --- lib/WikiDB.php | 481 +------------------------------------------------ 1 file changed, 7 insertions(+), 474 deletions(-) diff --git a/lib/WikiDB.php b/lib/WikiDB.php index 22a273419..2662c6d2a 100644 --- a/lib/WikiDB.php +++ b/lib/WikiDB.php @@ -1251,8 +1251,8 @@ class WikiDB_Page * E.g. "owner.users" *
'perm'
Permission flag to authorize read/write/execution of * page-headers and content. - +
'moderation'
ModeratedPage data - *
'score'
Page score (not yet implement, do we need?) + +
'moderation'
ModeratedPage data. Handled by plugin/ModeratedPage + *
'rating'
Page rating. Handled by plugin/RateIt * * * @return scalar The requested value, or false if the requested data @@ -2174,8 +2174,11 @@ class WikiDB_cache $vdata = $this->_backend->get_versiondata($pagename, $version, $need_content); $readdata = true; } - if ($readdata && $vdata && !empty($vdata['%pagedata'])) { - $this->_pagedata_cache[$pagename] =& $vdata['%pagedata']; + if ($readdata && is_array($vdata) && !empty($vdata['%pagedata'])) { + if (empty($this->_pagedata_cache)) + $this->_pagedata_cache = array(); + /* PHP Fatal error: Cannot create references to/from string offsets nor overloaded objects in /var/www/html/phpwiki/lib/WikiDB.php on line 2180, referer: wiki/TitleSearch?s=and&auto_redirect=1 */ + $this->_pagedata_cache[$pagename] = $vdata['%pagedata']; } return $vdata; } @@ -2245,476 +2248,6 @@ function _sql_debuglog_shutdown_function() { _sql_debuglog('',false,true); } -// $Log: not supported by cvs2svn $ -// Revision 1.159 2008/03/22 21:51:11 rurban -// check for ENABLE_MAILNOTIFY -// -// Revision 1.158 2008/01/30 19:29:52 vargenau -// Disabled to avoid recursive modification when renaming a page like 'PageFoo to 'PageFooTwo' -// -// Revision 1.157 2007/09/15 12:35:50 rurban -// basic array reset support - unclear if needed, iteration is usually one-time only -// -// Revision 1.156 2007/09/12 19:38:05 rurban -// fix wrong ref ¤t -// -// Revision 1.155 2007/07/15 17:39:33 rurban -// stabilize rename updateWikiLinks to check only words -// -// Revision 1.154 2007/07/14 12:03:58 rurban -// support score -// -// Revision 1.153 2007/06/07 16:54:29 rurban -// enable $MailNotify->onChangePage. support other formatters (MediaWiki, Creole, ...) -// -// Revision 1.152 2007/05/28 20:13:46 rurban -// Overwrite all attributes at once at page->save to delete dangling meta -// -// Revision 1.151 2007/05/01 16:20:12 rurban -// MailNotify->onChangePage only on DEBUG (still broken) -// -// Revision 1.150 2007/03/18 17:35:27 rurban -// Improve comments -// -// Revision 1.149 2007/02/17 14:16:37 rurban -// isWikiPage no error on empty pagenames. MailNotify->onChangePage fix by ?? -// -// Revision 1.148 2007/01/27 21:53:03 rurban -// Use TEMP_DIR for debug sql.log -// -// Revision 1.147 2007/01/04 16:41:41 rurban -// Some pageiterators also set ['pagedata']['linkrelation'], hmm -// -// Revision 1.146 2007/01/02 13:20:00 rurban -// rewrote listRelations. added linkSearch. force new date in renamePage. fix fortune error handling. added page->setAttributes. use translated initial owner. Clarify API: sortby,limit and exclude are strings. Enhance documentation. -// -// Revision 1.145 2006/12/22 17:59:55 rurban -// Move mailer functions into seperate MailNotify.php -// -// Revision 1.144 2006/10/12 06:36:09 rurban -// Guard against unwanted DEBUG="DEBUG" logic. In detail (WikiDB), -// and generally by forcing all int constants to be defined as int. -// -// Revision 1.143 2006/09/06 05:46:40 rurban -// do db backend check on _DEBUG_SQL -// -// Revision 1.142 2006/06/10 11:55:58 rurban -// print optimize only when DEBUG -// -// Revision 1.141 2006/04/17 17:28:21 rurban -// honor getWikiPageLinks change linkto=>relation -// -// Revision 1.140 2006/03/19 14:23:51 rurban -// sf.net patch #1377011 by Matt Brown: add DATABASE_OPTIMISE_FREQUENCY -// -// Revision 1.139 2006/01/12 16:38:07 rurban -// add page method listRelations() -// fix bug #1327912 numeric pagenames can break plugins (Joachim Lous) -// -// Revision 1.138 2005/11/14 22:27:07 rurban -// add linkrelation support -// getPageLinks returns now an array of hashes -// pass stoplist through iterator -// -// Revision 1.137 2005/10/12 06:16:18 rurban -// better From header -// -// Revision 1.136 2005/10/03 16:14:57 rurban -// improve description -// -// Revision 1.135 2005/09/11 14:19:44 rurban -// enable LIMIT support for fulltext search -// -// Revision 1.134 2005/09/10 21:28:10 rurban -// applyFilters hack to use filters after methods, which do not support them (titleSearch) -// -// Revision 1.133 2005/08/27 09:39:10 rurban -// dumphtml when not at admin page: dump the current or given page -// -// Revision 1.132 2005/08/07 10:10:07 rurban -// clean whole version cache -// -// Revision 1.131 2005/04/23 11:30:12 rurban -// allow emtpy WikiDB::getRevisionBefore(), for simplier templates (revert) -// -// Revision 1.130 2005/04/06 06:19:30 rurban -// Revert the previous wrong bugfix #1175761: USECACHE was mixed with WIKIDB_NOCACHE_MARKUP. -// Fix WIKIDB_NOCACHE_MARKUP in main (always set it) and clarify it in WikiDB -// -// Revision 1.129 2005/04/06 05:50:29 rurban -// honor !USECACHE for _cached_html, fixes #1175761 -// -// Revision 1.128 2005/04/01 16:11:42 rurban -// just whitespace -// -// Revision 1.127 2005/02/18 20:43:40 uckelman -// WikiDB::genericWarnings() is no longer used. -// -// Revision 1.126 2005/02/04 17:58:06 rurban -// minor versioncache improvement. part 2/3 of Charles Corrigan cache patch. not sure about the 0/1 issue -// -// Revision 1.125 2005/02/03 05:08:39 rurban -// ref fix by Charles Corrigan -// -// Revision 1.124 2005/01/29 20:43:32 rurban -// protect against empty request: on some occasion this happens -// -// Revision 1.123 2005/01/25 06:58:21 rurban -// reformatting -// -// Revision 1.122 2005/01/20 10:18:17 rurban -// reformatting -// -// Revision 1.121 2005/01/04 20:25:01 rurban -// remove old [%pagedata][_cached_html] code -// -// Revision 1.120 2004/12/23 14:12:31 rurban -// dont email on unittest -// -// Revision 1.119 2004/12/20 16:05:00 rurban -// gettext msg unification -// -// Revision 1.118 2004/12/13 13:22:57 rurban -// new BlogArchives plugin for the new blog theme. enable default box method -// for all plugins. Minor search improvement. -// -// Revision 1.117 2004/12/13 08:15:09 rurban -// false is wrong. null might be better but lets play safe. -// -// Revision 1.116 2004/12/10 22:15:00 rurban -// fix $page->get('_cached_html) -// refactor upgrade db helper _convert_cached_html() to be able to call them from WikiAdminUtils also. -// support 2nd genericSqlQuery param (bind huge arg) -// -// Revision 1.115 2004/12/10 02:45:27 rurban -// SQL optimization: -// put _cached_html from pagedata into a new seperate blob, not huge serialized string. -// it is only rarelely needed: for current page only, if-not-modified -// but was extracted for every simple page iteration. -// -// Revision 1.114 2004/12/09 22:24:44 rurban -// optimize on _DEBUG_SQL only. but now again on every 50th request, not just save. -// -// Revision 1.113 2004/12/06 19:49:55 rurban -// enable action=remove which is undoable and seeable in RecentChanges: ADODB ony for now. -// renamed delete_page to purge_page. -// enable action=edit&version=-1 to force creation of a new version. -// added BABYCART_PATH config -// fixed magiqc in adodb.inc.php -// and some more docs -// -// Revision 1.112 2004/11/30 17:45:53 rurban -// exists_links backend implementation -// -// Revision 1.111 2004/11/28 20:39:43 rurban -// deactivate pagecache overwrite: it is wrong -// -// Revision 1.110 2004/11/26 18:39:01 rurban -// new regex search parser and SQL backends (90% complete, glob and pcre backends missing) -// -// Revision 1.109 2004/11/25 17:20:50 rurban -// and again a couple of more native db args: backlinks -// -// Revision 1.108 2004/11/23 13:35:31 rurban -// add case_exact search -// -// Revision 1.107 2004/11/21 11:59:16 rurban -// remove final \n to be ob_cache independent -// -// Revision 1.106 2004/11/20 17:35:56 rurban -// improved WantedPages SQL backends -// PageList::sortby new 3rd arg valid_fields (override db fields) -// WantedPages sql pager inexact for performance reasons: -// assume 3 wantedfrom per page, to be correct, no getTotal() -// support exclude argument for get_all_pages, new _sql_set() -// -// Revision 1.105 2004/11/20 09:16:27 rurban -// Fix bad-style Cut&Paste programming errors, detected by Charles Corrigan. -// -// Revision 1.104 2004/11/19 19:22:03 rurban -// ModeratePage part1: change status -// -// Revision 1.103 2004/11/16 17:29:04 rurban -// fix remove notification error -// fix creation + update id_cache update -// -// Revision 1.102 2004/11/11 18:31:26 rurban -// add simple backtrace on such general failures to get at least an idea where -// -// Revision 1.101 2004/11/10 19:32:22 rurban -// * optimize increaseHitCount, esp. for mysql. -// * prepend dirs to the include_path (phpwiki_dir for faster searches) -// * Pear_DB version logic (awful but needed) -// * fix broken ADODB quote -// * _extract_page_data simplification -// -// Revision 1.100 2004/11/10 15:29:20 rurban -// * requires newer Pear_DB (as the internal one): quote() uses now escapeSimple for strings -// * ACCESS_LOG_SQL: fix cause request not yet initialized -// * WikiDB: moved SQL specific methods upwards -// * new Pear_DB quoting: same as ADODB and as newer Pear_DB. -// fixes all around: WikiGroup, WikiUserNew SQL methods, SQL logging -// -// Revision 1.99 2004/11/09 17:11:05 rurban -// * revert to the wikidb ref passing. there's no memory abuse there. -// * use new wikidb->_cache->_id_cache[] instead of wikidb->_iwpcache, to effectively -// store page ids with getPageLinks (GleanDescription) of all existing pages, which -// are also needed at the rendering for linkExistingWikiWord(). -// pass options to pageiterator. -// use this cache also for _get_pageid() -// This saves about 8 SELECT count per page (num all pagelinks). -// * fix passing of all page fields to the pageiterator. -// * fix overlarge session data which got broken with the latest ACCESS_LOG_SQL changes -// -// Revision 1.98 2004/11/07 18:34:29 rurban -// more logging fixes -// -// Revision 1.97 2004/11/07 16:02:51 rurban -// new sql access log (for spam prevention), and restructured access log class -// dbh->quote (generic) -// pear_db: mysql specific parts seperated (using replace) -// -// Revision 1.96 2004/11/05 22:32:15 rurban -// encode the subject to be 7-bit safe -// -// Revision 1.95 2004/11/05 20:53:35 rurban -// login cleanup: better debug msg on failing login, -// checked password less immediate login (bogo or anon), -// checked olduser pref session error, -// better PersonalPage without password warning on minimal password length=0 -// (which is default now) -// -// Revision 1.94 2004/11/01 10:43:56 rurban -// seperate PassUser methods into seperate dir (memory usage) -// fix WikiUser (old) overlarge data session -// remove wikidb arg from various page class methods, use global ->_dbi instead -// ... -// -// Revision 1.93 2004/10/14 17:17:57 rurban -// remove dbi WikiDB_Page param: use global request object instead. (memory) -// allow most_popular sortby arguments -// -// Revision 1.92 2004/10/05 17:00:04 rurban -// support paging for simple lists -// fix RatingDb sql backend. -// remove pages from AllPages (this is ListPages then) -// -// Revision 1.91 2004/10/04 23:41:19 rurban -// delete notify: fix, @unset syntax error -// -// Revision 1.90 2004/09/28 12:50:22 rurban -// https://sourceforge.net/forum/forum.php?thread_id=1150924&forum_id=18929 -// -// Revision 1.89 2004/09/26 10:54:42 rurban -// silence deferred check -// -// Revision 1.88 2004/09/25 18:16:40 rurban -// unset more unneeded _cached_html. (Guess this should fix sf.net now) -// -// Revision 1.87 2004/09/25 16:25:40 rurban -// notify on rename and remove (to be improved) -// -// Revision 1.86 2004/09/23 18:52:06 rurban -// only fortune at create -// -// Revision 1.85 2004/09/16 08:00:51 rurban -// just some comments -// -// Revision 1.84 2004/09/14 10:34:30 rurban -// fix TransformedText call to use refs -// -// Revision 1.83 2004/09/08 13:38:00 rurban -// improve loadfile stability by using markup=2 as default for undefined markup-style. -// use more refs for huge objects. -// fix debug=static issue in WikiPluginCached -// -// Revision 1.82 2004/09/06 12:08:49 rurban -// memory_limit on unix workaround -// VisualWiki: default autosize image -// -// Revision 1.81 2004/09/06 08:28:00 rurban -// rename genericQuery to genericSqlQuery -// -// Revision 1.80 2004/07/09 13:05:34 rurban -// just aesthetics -// -// Revision 1.79 2004/07/09 10:06:49 rurban -// Use backend specific sortby and sortable_columns method, to be able to -// select between native (Db backend) and custom (PageList) sorting. -// Fixed PageList::AddPageList (missed the first) -// Added the author/creator.. name to AllPagesBy... -// display no pages if none matched. -// Improved dba and file sortby(). -// Use &$request reference -// -// Revision 1.78 2004/07/08 21:32:35 rurban -// Prevent from more warnings, minor db and sort optimizations -// -// Revision 1.77 2004/07/08 19:04:42 rurban -// more unittest fixes (file backend, metadata RatingsDb) -// -// Revision 1.76 2004/07/08 17:31:43 rurban -// improve numPages for file (fixing AllPagesTest) -// -// Revision 1.75 2004/07/05 13:56:22 rurban -// sqlite autoincrement fix -// -// Revision 1.74 2004/07/03 16:51:05 rurban -// optional DBADMIN_USER:DBADMIN_PASSWD for action=upgrade (if no ALTER permission) -// added atomic mysql REPLACE for PearDB as in ADODB -// fixed _lock_tables typo links => link -// fixes unserialize ADODB bug in line 180 -// -// Revision 1.73 2004/06/29 08:52:22 rurban -// Use ...version() $need_content argument in WikiDB also: -// To reduce the memory footprint for larger sets of pagelists, -// we don't cache the content (only true or false) and -// we purge the pagedata (_cached_html) also. -// _cached_html is only cached for the current pagename. -// => Vastly improved page existance check, ACL check, ... -// -// Now only PagedList info=content or size needs the whole content, esp. if sortable. -// -// Revision 1.72 2004/06/25 14:15:08 rurban -// reduce memory footprint by caching only requested pagedate content (improving most page iterators) -// -// Revision 1.71 2004/06/21 16:22:30 rurban -// add DEFAULT_DUMP_DIR and HTML_DUMP_DIR constants, for easier cmdline dumps, -// fixed dumping buttons locally (images/buttons/), -// support pages arg for dumphtml, -// optional directory arg for dumpserial + dumphtml, -// fix a AllPages warning, -// show dump warnings/errors on DEBUG, -// don't warn just ignore on wikilens pagelist columns, if not loaded. -// RateIt pagelist column is called "rating", not "ratingwidget" (Dan?) -// -// Revision 1.70 2004/06/18 14:39:31 rurban -// actually check USECACHE -// -// Revision 1.69 2004/06/13 15:33:20 rurban -// new support for arguments owner, author, creator in most relevant -// PageList plugins. in WikiAdmin* via preSelectS() -// -// Revision 1.68 2004/06/08 21:03:20 rurban -// updated RssParser for XmlParser quirks (store parser object params in globals) -// -// Revision 1.67 2004/06/07 19:12:49 rurban -// fixed rename version=0, bug #966284 -// -// Revision 1.66 2004/06/07 18:57:27 rurban -// fix rename: Change pagename in all linked pages -// -// Revision 1.65 2004/06/04 20:32:53 rurban -// Several locale related improvements suggested by Pierrick Meignen -// LDAP fix by John Cole -// reanable admin check without ENABLE_PAGEPERM in the admin plugins -// -// Revision 1.64 2004/06/04 16:50:00 rurban -// add random quotes to empty pages -// -// Revision 1.63 2004/06/04 11:58:38 rurban -// added USE_TAGLINES -// -// Revision 1.62 2004/06/03 22:24:41 rurban -// reenable admin check on !ENABLE_PAGEPERM, honor s=Wildcard arg, fix warning after Remove -// -// Revision 1.61 2004/06/02 17:13:48 rurban -// fix getRevisionBefore assertion -// -// Revision 1.60 2004/05/28 10:09:58 rurban -// fix bug #962117, incorrect init of auth_dsn -// -// Revision 1.59 2004/05/27 17:49:05 rurban -// renamed DB_Session to DbSession (in CVS also) -// added WikiDB->getParam and WikiDB->getAuthParam method to get rid of globals -// remove leading slash in error message -// added force_unlock parameter to File_Passwd (no return on stale locks) -// fixed adodb session AffectedRows -// added FileFinder helpers to unify local filenames and DATA_PATH names -// editpage.php: new edit toolbar javascript on ENABLE_EDIT_TOOLBAR -// -// Revision 1.58 2004/05/18 13:59:14 rurban -// rename simpleQuery to genericQuery -// -// Revision 1.57 2004/05/16 22:07:35 rurban -// check more config-default and predefined constants -// various PagePerm fixes: -// fix default PagePerms, esp. edit and view for Bogo and Password users -// implemented Creator and Owner -// BOGOUSERS renamed to BOGOUSER -// fixed syntax errors in signin.tmpl -// -// Revision 1.56 2004/05/15 22:54:49 rurban -// fixed important WikiDB bug with DEBUG > 0: wrong assertion -// improved SetAcl (works) and PagePerms, some WikiGroup helpers. -// -// Revision 1.55 2004/05/12 19:27:47 rurban -// revert wrong inline optimization. -// -// Revision 1.54 2004/05/12 10:49:55 rurban -// require_once fix for those libs which are loaded before FileFinder and -// its automatic include_path fix, and where require_once doesn't grok -// dirname(__FILE__) != './lib' -// upgrade fix with PearDB -// navbar.tmpl: remove spaces for IE   button alignment -// -// Revision 1.53 2004/05/08 14:06:12 rurban -// new support for inlined image attributes: [image.jpg size=50x30 align=right] -// minor stability and portability fixes -// -// Revision 1.52 2004/05/06 19:26:16 rurban -// improve stability, trying to find the InlineParser endless loop on sf.net -// -// remove end-of-zip comments to fix sf.net bug #777278 and probably #859628 -// -// Revision 1.51 2004/05/06 17:30:37 rurban -// CategoryGroup: oops, dos2unix eol -// improved phpwiki_version: -// pre -= .0001 (1.3.10pre: 1030.099) -// -p1 += .001 (1.3.9-p1: 1030.091) -// improved InstallTable for mysql and generic SQL versions and all newer tables so far. -// abstracted more ADODB/PearDB methods for action=upgrade stuff: -// backend->backendType(), backend->database(), -// backend->listOfFields(), -// backend->listOfTables(), -// -// Revision 1.50 2004/05/04 22:34:25 rurban -// more pdf support -// -// Revision 1.49 2004/05/03 11:16:40 rurban -// fixed sendPageChangeNotification -// subject rewording -// -// Revision 1.48 2004/04/29 23:03:54 rurban -// fixed sf.net bug #940996 -// -// Revision 1.47 2004/04/29 19:39:44 rurban -// special support for formatted plugins (one-liners) -// like -// iter->asArray() helper for PopularNearby -// db_session for older php's (no &func() allowed) -// -// Revision 1.46 2004/04/26 20:44:34 rurban -// locking table specific for better databases -// -// Revision 1.45 2004/04/20 00:06:03 rurban -// themable paging support -// -// Revision 1.44 2004/04/19 18:27:45 rurban -// Prevent from some PHP5 warnings (ref args, no :: object init) -// php5 runs now through, just one wrong XmlElement object init missing -// Removed unneccesary UpgradeUser lines -// Changed WikiLink to omit version if current (RecentChanges) -// -// Revision 1.43 2004/04/18 01:34:20 rurban -// protect most_popular from sortby=mtime -// -// Revision 1.42 2004/04/18 01:11:51 rurban -// more numeric pagename fixes. -// fixed action=upload with merge conflict warnings. -// charset changed from constant to global (dynamic utf-8 switching) -// - // Local Variables: // mode: php // tab-width: 8 -- 2.45.0