Move and use serializedFileData from class, remove dormant functions, code tidy

Author: mattpass

classes/Settings.php

@@ -78,14 +78,7 @@ public function getConfigGlobalSettings()
         $settings['docRoot'] = $this->docRoot;
         // Get global config file details
         $fullPath = $this->getConfigGlobalFileDetails()['fullPath'];
-        // Load serialized data from the global config and convert to an array
-        if (function_exists('opcache_invalidate')) {
-            opcache_invalidate($fullPath, true);
-        }
-        $settingsFromFile = file_get_contents($fullPath);
-        $settingsFromFile = str_replace("<?php\n/*\n\n", "", $settingsFromFile);
-        $settingsFromFile = str_replace("\n\n*/\n?>", "", $settingsFromFile);
-        $settingsFromFile = unserialize($settingsFromFile);
+        $settingsFromFile = $this->serializedFileData("get", $fullPath);
         // Merge that with the array we started with and return
         $settings = array_merge($settings, $settingsFromFile);
         return $settings;
@@ -101,12 +94,8 @@ public function setConfigGlobalSettings($settings)
             if (is_array($settings)) {
                 unset($settings['versionNo']);
                 unset($settings['docRoot']);
-                $settings = "<?php\n/*\n\n" . serialize($settings) . "\n\n*/\n?" . ">";
             }
-            // Now we have a serialized string, save it in the global config file
-            fwrite($fConfigSettings, $settings);
-            fclose($fConfigSettings);
-            return true;
+            return $this->serializedFileData("set", $fullPath, $settings);
         } else {
             return false;
         }
@@ -158,14 +147,7 @@ public function getConfigUsersSettings($fileName)
     {
         // Get users config file details
         $fullPath = $this->getConfigUsersFileDetails($fileName)['fullPath'];
-        // Load serialized data from the users config and convert to an array
-        if (function_exists('opcache_invalidate')) {
-            opcache_invalidate($fullPath, true);
-        }
-        $settingsFromFile = file_get_contents($fullPath);
-        $settingsFromFile = str_replace("<?php\n/*\n\n", "", $settingsFromFile);
-        $settingsFromFile = str_replace("\n\n*/\n?>", "", $settingsFromFile);
-        $settingsFromFile = unserialize($settingsFromFile);
+        $settingsFromFile = $this->serializedFileData("get", $fullPath);
         // Now return
         return $settingsFromFile;
     }
@@ -175,15 +157,7 @@ public function setConfigUsersSettings($fileName, $settings)
         // Get the users config file details
         $fullPath = $this->getConfigUsersFileDetails($fileName)['fullPath'];
         if ($fConfigSettings = fopen($fullPath, 'w')) {
-            // If the settings we've received aren't in serialized format yet, do that now
-            // As $settings could be a serialized string or array
-            if (is_array($settings)) {
-                $settings = "<?php\n/*\n\n" . serialize($settings) . "\n\n*/\n?" . ">";
-            }
-            // Now we have a serialized string, save it in the users config file
-            fwrite($fConfigSettings, $settings);
-            fclose($fConfigSettings);
-            return true;
+            return $this->serializedFileData("set", $fullPath, $settings);
         } else {
             return false;
         }
@@ -234,4 +208,24 @@ public function createIPSettingsFileIfNotExist(): void
             }
         }
     }
+
+    public function serializedFileData($do, $fullPath, $output=null)
+    {
+        if ("get" === $do) {
+            if (function_exists('opcache_invalidate')) {
+                opcache_invalidate($fullPath, true);
+            }
+            $data = file_get_contents($fullPath);
+            $data = str_replace("<"."?php\n/*\n\n", "", $data);
+            $data = str_replace("\n\n*/\n?".">", "", $data);
+            $data = unserialize($data);
+            return $data;
+        }
+        if ("set" === $do) {
+            if (true === is_array($output)) {
+                $output = serialize($output);
+            }
+            return file_put_contents($fullPath, "<"."?php\n/*\n\n" . $output . "\n\n*/\n?" . ">");
+        }
+    }
 }

lib/ftp-manager.php

@@ -1,4 +1,6 @@
 <?php
+die("FTP Manager now offline");
+
 include "headers.php";
 include "settings.php";
 $t = $text['ftp-manager'];

lib/indexer.php

@@ -14,9 +14,7 @@
     $systemClass->invalidateOPCache($docRoot . $ICEcoderDir . "/data/index.php");
     $prevIndexData = file_get_contents($docRoot . $ICEcoderDir . "/data/index.php");
     if (false !== strpos($prevIndexData, "<?php")) {
-        $prevIndexData = str_replace("<?php\n/*\n\n", "", $prevIndexData);
-        $prevIndexData = str_replace("\n\n*/\n?>", "", $prevIndexData);
-        $prevIndexData = unserialize($prevIndexData);
+        $prevIndexData = $settingsClass->serializedFileData("get", $docRoot . $ICEcoderDir . "/data/index.php");
     }
 }
 
@@ -212,10 +210,7 @@ function phpGrep($path, $base) {
 			$systemClass->invalidateOPCache($docRoot . $ICEcoderDir . "/data/git-diff.php");
 			$gitDiffData = file_get_contents($docRoot . $ICEcoderDir . "/data/git-diff.php");
 			if (strpos($gitDiffData, "<?php") !== false) {
-				$gitDiffData = str_replace("<?php\n/*\n\n", "", $gitDiffData);
-				$gitDiffData = str_replace("\n\n*/\n?>", "", $gitDiffData);
-				$gitDiffData = unserialize($gitDiffData);
-				$output["gitDiff"] = $gitDiffData;
+                $output["gitDiff"] = $settingsClass->serializedFileData("get", $docRoot . $ICEcoderDir . "/data/git-diff.php");
 			}
 		}
 
@@ -225,15 +220,12 @@ function phpGrep($path, $base) {
 			$systemClass->invalidateOPCache($docRoot . $ICEcoderDir . "/data/git-content.php");
 			$gitContent = file_get_contents($docRoot . $ICEcoderDir . "/data/git-content.php");
 			if (strpos($gitContent, "<?php") !== false) {
-				$gitContent = str_replace("<?php\n/*\n\n", "", $gitContent);
-				$gitContent = str_replace("\n\n*/\n?>", "", $gitContent);
-				$gitContent = unserialize($gitContent);
-				$output["gitContent"] = $gitContent;
+                $output["gitContent"] = $settingsClass->serializedFileData("get", $docRoot . $ICEcoderDir . "/data/git-content.php");
 			}
 		}
 
 		// Store the serialized array in PHP comment block for next time
-		file_put_contents($docRoot . $ICEcoderDir . "/data/index.php", "<?php\n/*\n\n" . serialize($output) . "\n\n*/\n?" . ">");
+        $settingsClass->serializedFileData("set", $docRoot . $ICEcoderDir . "/data/index.php", $output);
 	// Output what we have in our index...
 	} else {
 		$output = $prevIndexData;

lib/settings-common.php

@@ -129,20 +129,16 @@ function getData($url, $type='fopen', $dieMessage = false, $timeout = 60) {
 // Require a re-index dir/file data next time we index
 function requireReIndexNextTime() {
 	// If we have a data/index.php file
-	global $docRoot, $ICEcoderDir, $systemClass;
+	global $docRoot, $ICEcoderDir, $settingsClass, $systemClass;
 	if (true === file_exists($docRoot . $ICEcoderDir . "/data/index.php")) {
 		// Get serialized array back out of PHP file inside a comment block as prevIndexData
 		$systemClass->invalidateOPCache($docRoot . $ICEcoderDir . "/data/index.php");
 		$prevIndexData = file_get_contents($docRoot . $ICEcoderDir . "/data/index.php");
 		if (strpos($prevIndexData, "<?php") !== false) {
-			$prevIndexData = str_replace("<?php\n/*\n\n", "", $prevIndexData);
-			$prevIndexData = str_replace("\n\n*/\n?>", "", $prevIndexData);
-			$prevIndexData = unserialize($prevIndexData);
-
+			$prevIndexData = $settingsClass->serializedFileData("get", $docRoot . $ICEcoderDir . "/data/index.php");
 			// Set timestamp back to epoch to force a re-index next time
 			$prevIndexData['timestamps']['indexed'] = 0;
-
-			file_put_contents($docRoot . $ICEcoderDir . "/data/index.php", "<?php\n/*\n\n".serialize($prevIndexData)."\n\n*/\n?" . ">");
+            $settingsClass->serializedFileData("set", $docRoot . $ICEcoderDir . "/data/index.php", $prevIndexData);
 		}
 	}
 }
@@ -184,34 +180,34 @@ function numClean($var) {
 }
 
 // Clean XSS attempts using different contexts
-function xssClean($data,$type) {
+function xssClean($data, $type) {
 
 	// === html ===
-	if ($type == "html") {
+	if ("html" === $type) {
 		$bad  = array("<",    ">");
 		$good = array("&lt;", "&gt;");
 	}
 
 	// === style ===
-	if ($type == "style") {
+	if ("style" === $type) {
 		$bad  = array("<",    ">",    "\"",     "'",      "``",      "(",      ")",      "&",     "\\\\");
 		$good = array("&lt;", "&gt;", "&quot;", "&apos;", "&grave;", "&lpar;", "&rpar;", "&amp;", "&bsol;");
 	}
 
 	// === attribute ===
-	if ($type == "attribute") {
+	if ("attribute" === $type) {
 		$bad  = array("\"",     "'",      "``");
 		$good = array("&quot;", "&apos;", "&grave;");
 	}
 
 	// === script ===
-	if ($type == "script") {
+	if ("script" === $type) {
 		$bad  = array("<",    ">",    "\"",     "'",      "\\\\",   "%",        "&");
 		$good = array("&lt;", "&gt;", "&quot;", "&apos;", "&bsol;", "&percnt;", "&amp;");
 	}
 
 	// === url ===
-	if ($type == "url") {
+	if ("url" === $type) {
 		if(preg_match("#^(?:(?:https?|ftp):{1})\/\/[^\"\s\\\\]*.[^\"\s\\\\]*$#iu", (string)$data, $match)) {
 			return $match[0];
 		} else {
@@ -223,13 +219,6 @@ function xssClean($data,$type) {
 	return $output;
 }
 
-
-// Clean PHP code injection attempts
-function injClean($data) {
-	$output = str_replace("(", "", str_replace(")", "", str_replace(";", "", $data)));
-	return $output;
-}
-
 // returns a UTF8 based string with any UFT8 BOM removed
 function toUTF8noBOM($string, $message = false) {
 	global $text;
@@ -269,48 +258,18 @@ function toUTF8noBOM($string, $message = false) {
 	return $string;
 }
 
-// Polyfill for array_replace_recursive, which is in PHP 5.3+
-if (!function_exists('array_replace_recursive')) {
-	function array_replace_recursive($base, $replacements) {
-		foreach (array_slice(func_get_args(), 1) as $replacements) {
-			$bref_stack = array(&$base);
-			$head_stack = array($replacements);
-
-			do {
-				end($bref_stack);
-
-				$bref = &$bref_stack[key($bref_stack)];
-				$head = array_pop($head_stack);
-
-				unset($bref_stack[key($bref_stack)]);
-
-				foreach (array_keys($head) as $key) {
-					if (isset($key, $bref) && is_array($bref[$key]) && is_array($head[$key])) {
-						$bref_stack[] = &$bref[$key];
-						$head_stack[] = $head[$key];
-					} else {
-						$bref[$key] = $head[$key];
-					}
-				}
-			} while(count($head_stack));
-		}
-
-		return $base;
-	}
-}
-
 // Get number of versions total for a file
 function getVersionsCount($fileLoc, $fileName) {
 	global $context;
 	$count = 0;
-	$dateCounts = array();
-	$backupDateDirs = array();
+	$dateCounts = [];
+	$backupDateDirs = [];
 	// Establish the base, host and date dirs within...
 	$backupDirBase = str_replace("\\", "/", dirname(__FILE__)) . "/../data/backups/";
 	$backupDirHost = isset($ftpSite) ? parse_url($ftpSite, PHP_URL_HOST) : "localhost";
         // check if folder exists if local before enumerating contents
-        if(!isset($ftpSite)) {
-                if(is_dir($backupDirBase . $backupDirHost)) {
+        if (false === isset($ftpSite)) {
+                if (true === is_dir($backupDirBase . $backupDirHost)) {
                         $backupDateDirs = scandir($backupDirBase . $backupDirHost, 1);
                 }
         } else {
@@ -352,19 +311,3 @@ function getVersionsCount($fileLoc, $fileName) {
 		"dateCounts" => $dateCounts
 	);
 }
-
-function serializedFileData($do, $path, $output=null) {
-    global $systemClass;
-
-	if ($do === "get") {
-		$systemClass->invalidateOPCache($path);
-		$data = file_get_contents($path);
-		$data = str_replace("<"."?php\n/*\n\n", "", $data);
-		$data = str_replace("\n\n*/\n?".">", "", $data);
-		$data = unserialize($data);
-		return $data;
-	}
-	if ($do === "set") {
-		file_put_contents($path, "<"."?php\n/*\n\n" . serialize($output) . "\n\n*/\n?" . ">");
-	}
-}