| 0,0 → 1,209 |
|---|
| <?php |
| // WebSVN - Subversion repository viewing via the web using PHP |
| // Copyright (C) 2004-2006 Tim Armes |
| // |
| // This program is free software; you can redistribute it and/or modify |
| // it under the terms of the GNU General Public License as published by |
| // the Free Software Foundation; either version 2 of the License, or |
| // (at your option) any later version. |
| // |
| // This program is distributed in the hope that it will be useful, |
| // but WITHOUT ANY WARRANTY; without even the implied warranty of |
| // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| // GNU General Public License for more details. |
| // |
| // You should have received a copy of the GNU General Public License |
| // along with this program; if not, write to the Free Software |
| // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
| // |
| // -- |
| // |
| // command.php |
| // |
| // External command handling |
| |
| function detectCharacterEncoding($str) { |
| $list = array('UTF-8', 'ISO-8859-1', 'windows-1252'); |
| if (function_exists('mb_detect_encoding')) { |
| foreach ($list as $item) { |
| if (mb_check_encoding($str, $item)) return $item; |
| } |
| |
| } else if (function_exists('iconv')) { |
| foreach ($list as $item) { |
| $encstr = iconv($item, $item.'//TRANSLIT//IGNORE', $str); |
| if (md5($encstr) == md5($str)) return $item; |
| } |
| } |
| |
| return null; |
| } |
| |
| // {{{ toOutputEncoding |
| |
| function toOutputEncoding($str) { |
| $enc = detectCharacterEncoding($str); |
| |
| if ($enc !== null && function_exists('mb_convert_encoding')) { |
| $str = mb_convert_encoding($str, 'UTF-8', $enc); |
| |
| } else if ($enc !== null && function_exists('iconv')) { |
| $str = iconv($enc, 'UTF-8//TRANSLIT//IGNORE', $str); |
| |
| } else { |
| // @see http://w3.org/International/questions/qa-forms-utf-8.html |
| $isUtf8 = preg_match('%^(?: |
| [\x09\x0A\x0D\x20-\x7E] # ASCII |
| | [\xC2-\xDF][\x80-\xBF] # non-overlong 2-byte |
| | \xE0[\xA0-\xBF][\x80-\xBF] # excluding overlongs |
| | [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2} # straight 3-byte |
| | \xED[\x80-\x9F][\x80-\xBF] # excluding surrogates |
| | \xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3 |
| | [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15 |
| | \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16 |
| )*$%xs', $str |
| ); |
| if (!$isUtf8) $str = utf8_encode($str); |
| } |
| |
| return $str; |
| } |
| |
| // }}} |
| |
| // {{{ escape |
| // |
| // Escape a string to output |
| |
| function escape($str) { |
| $entities = array(); |
| $entities['&'] = '&'; |
| $entities['<'] = '<'; |
| $entities['>'] = '>'; |
| $entities['"'] = '"'; |
| $entities['\''] = '''; |
| return str_replace(array_keys($entities), array_values($entities), $str ?? ''); |
| } |
| |
| // }}} |
| |
| // {{{ execCommand |
| |
| function execCommand($cmd, &$retcode) { |
| return @exec($cmd, $tmp, $retcode); |
| } |
| |
| // }}} |
| |
| // {{{ popenCommand |
| |
| function popenCommand($cmd, $mode) { |
| return popen($cmd, $mode); |
| } |
| |
| // }}} |
| |
| // {{{ passthruCommand |
| |
| function passthruCommand($cmd) { |
| return passthru($cmd); |
| } |
| |
| // }}} |
| |
| // {{{ runCommand |
| |
| function runCommand($cmd, $mayReturnNothing = false, &$errorIf = 'NOT_USED') { |
| global $config, $lang; |
| |
| $output = array(); |
| $error = ''; |
| $opts = null; |
| |
| // https://github.com/websvnphp/websvn/issues/75 |
| // https://github.com/websvnphp/websvn/issues/78 |
| if ($config->serverIsWindows) { |
| if (!strpos($cmd, '>') && !strpos($cmd, '|')) { |
| $opts = array('bypass_shell' => true); |
| } else { |
| $cmd = '"'.$cmd.'"'; |
| } |
| } |
| |
| $descriptorspec = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w')); |
| $resource = proc_open($cmd, $descriptorspec, $pipes, null, null, $opts); |
| |
| if (!is_resource($resource)) { |
| echo '<p>'.$lang['BADCMD'].': <code>'.stripCredentialsFromCommand($cmd).'</code></p>'; |
| exit; |
| } |
| |
| $handle = $pipes[1]; |
| $firstline = true; |
| |
| while (!feof($handle)) { |
| $line = rtrim(fgets($handle), "\n\r"); |
| if ($firstline && empty($line) && !$mayReturnNothing) { |
| $error = 'No output on STDOUT.'; |
| break; |
| } |
| |
| $firstline = false; |
| $output[] = toOutputEncoding($line); |
| } |
| |
| while (!feof($pipes[2])) { |
| $error .= fgets($pipes[2]); |
| } |
| $error = toOutputEncoding(trim($error)); |
| |
| fclose($pipes[0]); |
| fclose($pipes[1]); |
| fclose($pipes[2]); |
| |
| proc_close($resource); |
| |
| # Some commands are expected to return no output, but warnings on STDERR. |
| if ((count($output) > 0) || $mayReturnNothing) { |
| return $output; |
| } |
| |
| if ($errorIf != 'NOT_USED') { |
| $errorIf = $error; |
| return $output; |
| } |
| |
| echo '<p>'.$lang['BADCMD'].': <code>'.stripCredentialsFromCommand($cmd).'</code></p>'; |
| echo '<p>'.nl2br($error).'</p>'; |
| exit; |
| } |
| |
| // }}} |
| |
| function stripCredentialsFromCommand($cmd) { |
| global $config; |
| |
| $quotingChar = ($config->serverIsWindows ? '"' : "'"); |
| $quotedString = $quotingChar.'([^'.$quotingChar.'\\\\]*(\\\\.[^'.$quotingChar.'\\\\]*)*)'.$quotingChar; |
| $patterns = array('|--username '.$quotedString.' |U', '|--password '.$quotedString.' |U'); |
| $replacements = array('--username '.quote('***').' ', '--password '.quote('***').' '); |
| $cmd = preg_replace($patterns, $replacements, $cmd, 1); |
| |
| return $cmd; |
| } |
| |
| // {{{ quote |
| // |
| // Quote a string to send to the command line |
| |
| function quote($str) { |
| global $config; |
| |
| if ($config->serverIsWindows) { |
| return '"'.$str.'"'; |
| } else { |
| return escapeshellarg($str); |
| } |
| } |
| |
| // }}} |