diff --git a/README.md b/README.md index 0716a10df..28adc7fcc 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,27 @@ Two accessibility features in the system are text alternatives for all visual el ## Installation +### System Requirements + +- **PHP 8.0+** (tested up to PHP 8.3) with the following extensions: + - `mysqli` **(required; the old `mysql` extension was removed in PHP 7)** + - `mbstring` **(required for upgrades and multilingual content)** + - `zlib` + - `gd` (for image processing) + - `openssl` (for HTTPS and mail) +- **MySQL 5.7+** or **MariaDB 10.2+** + - MySQL strict mode (`STRICT_TRANS_TABLES`, `NO_ZERO_DATE`) is supported as of this release. +- A web server such as Apache or Nginx + +To install missing PHP extensions on Debian/Ubuntu: +```bash +sudo apt-get install php-mbstring php-mysqli php-zlib php-gd php-openssl +``` + +> **Note:** This release drops support for PHP 5.x/7.x. If you are upgrading from an older ATutor version, ensure your server is running PHP 8.0 or later. + +### Installing ATutor + To install ATutor, point your web browser to the installation directory where ATutor was extracted, and follow the Installer's instructions. e.g. http://localhost/ATutor @@ -46,6 +67,13 @@ For additional ATutor documentation, see the ATutor Handbook in ATutor, or at th - Users: https://atutor.github.io/atutor/handbook/users.html + +## Compatibility & Known Issues + +- **PHP 8.3:** This release includes extensive PHP 8 compatibility fixes for removed functions (`create_function`, `split`, `eregi`, `each`, `set_magic_quotes_runtime`, etc.), strict typing errors, and MySQL strict mode. +- **MySQL Strict Mode:** Previously caused fatal errors on date columns and null defaults. Resolved by replacing bareword constants, using `NOW()` for timestamps, and guarding `NULL` inserts. +- **Third-party libraries:** Bundled libraries (nusoap, phpmailer, phpseclib, PEAR XML_HTMLSax) have been patched for PHP 8 survival. Some legacy libraries still emit deprecation warnings but are functional. +- **Security hardening:** Recent commits fixed reflected XSS, CSRF bypass, open redirect, path traversal, arbitrary file upload, stored XSS, SSRF/LFI, and missing auth checks. ## Developers diff --git a/admin/config_template.php b/admin/config_template.php deleted file mode 100644 index 5f4aa2316..000000000 --- a/admin/config_template.php +++ /dev/null @@ -1,139 +0,0 @@ - \ No newline at end of file diff --git a/admin/error_logging.php b/admin/error_logging.php index 3e8fba006..88b825c93 100644 --- a/admin/error_logging.php +++ b/admin/error_logging.php @@ -66,7 +66,7 @@ } if (is_dir($dir_ . '/' . $file)) { - $logdirs{$file} = $file; // store the day log dir + $logdirs[$file] = $file; // store the day log dir } } closedir($dir); // clean it up @@ -99,7 +99,7 @@ if (strpos($file, 'profile') !== false) { // found a profile, store its md5 key identifier $tmp_ = substr($file, strpos($file, '_') + 1); $tmp_ = substr($tmp_, 0, strpos($tmp_, '.log.php')); - $log_profiles{$file} = $tmp_; + $log_profiles[$file] = $tmp_; } } @@ -142,7 +142,7 @@ closedir($dir); // store the amount of bugs associated with profile - $log_profiles_bug_count{$val}[$val_] = $count; + $log_profiles_bug_count[$val][$val_] = $count; } $log_profiles = array(); } diff --git a/admin/error_logging_bundle.php b/admin/error_logging_bundle.php index 8868fab49..09b2771fa 100644 --- a/admin/error_logging_bundle.php +++ b/admin/error_logging_bundle.php @@ -38,7 +38,7 @@ $date = substr($work, 0, strpos($work, ':')); $id = substr($work, strpos($work, ':') + 1); /* Parse the variable */ - $profiles{$id} = $date; + $profiles[$id] = $date; } } @@ -71,7 +71,7 @@ // any files mathcing the $elem key correspond to this profile if (strpos($file, $elem) !== false) { - $store_some{$dir_ . '/'. $val . '/' . $file} = $file; + $store_some[$dir_ . '/'. $val . '/' . $file] = $file; } } @@ -173,7 +173,7 @@ } if (is_dir($dir_ . '/' . $file)) { - $logdirs{$file} = $file; // store the day log dir + $logdirs[$file] = $file; // store the day log dir } } closedir($dir); // clean it up @@ -206,7 +206,7 @@ if (strpos($file, 'profile') !== false) { // found a profile, store its md5 key identifier $tmp_ = substr($file, strpos($file, '_') + 1); $tmp_ = substr($tmp_, 0, strpos($tmp_, '.log.php')); - $log_profiles{$file} = $tmp_; + $log_profiles[$file] = $tmp_; } } @@ -249,7 +249,7 @@ closedir($dir); // store the amount of bugs associated with profile - $log_profiles_bug_count{$val}[$val_] = $count; + $log_profiles_bug_count[$val][$val_] = $count; } $log_profiles = array(); } diff --git a/admin/error_logging_details.php b/admin/error_logging_details.php index 9dc49f1f0..dc4ed7528 100644 --- a/admin/error_logging_details.php +++ b/admin/error_logging_details.php @@ -44,7 +44,7 @@ } if (strpos($file, $key) !== false) { // found a bug associated with our profile key - $delete_store{$file} = $file; + $delete_store[$file] = $file; } else { $cnt++; } @@ -115,7 +115,7 @@ } if (strpos($file, $key) !== false) { // found a bug associated with our profile key - $log_profile_bugs{$file} = $file; + $log_profile_bugs[$file] = $file; } } @@ -177,7 +177,7 @@ } if (strpos($file, $key) !== false) { // found a bug associated with our profile key - $delete_store{$file} = $file; + $delete_store[$file] = $file; } } diff --git a/bounce.php b/bounce.php index 066d5b46f..e6be8dc2f 100644 --- a/bounce.php +++ b/bounce.php @@ -162,12 +162,15 @@ function get_groups($course_id) { } } elseif (!empty($_REQUEST['p'])) { //For search - //p is a relative path, check that. #4773 - if (strpos($_REQUEST['p'], 'http') !== false) { - //if not relative, reset it. - $_REQUEST['p'] = ""; - } + //p is a relative path, check that. #4773 + if (preg_match('#^(\/\/|[a-zA-Z][a-zA-Z0-9+.-]*:)#', $_REQUEST['p'])) { + //if not relative, reset it. + $_REQUEST['p'] = ""; + } $page = urldecode($_REQUEST['p']); + if (preg_match('#^(\/\/|[a-zA-Z][a-zA-Z0-9+.-]*:)#', $page)) { + $page = ""; + } } elseif (($_config['pretty_url'] > 0) && preg_match('/bounce.php\?course=([\d]+)$/', $_SERVER['REQUEST_URI'])==1) { //for browse, and my start page url rewrite. $page = url_rewrite($_SERVER['REQUEST_URI'], AT_PRETTY_URL_NOT_HEADER, true).'/index.php'; //force overwrite @@ -292,6 +295,8 @@ function get_groups($course_id) { $owner_id = $row['member_id']; $_SESSION['packaging'] = $row['content_packaging']; +error_log('[ATUTOR-BOUNCE-DIAG] entry course='.$course.' access='.$row['access'].' valid_user='.var_export($_SESSION['valid_user']??null,true).' member_id='.var_export($_SESSION['member_id']??null,true).' owner_id='.$owner_id.' release='.var_export($row['u_release_date'],true).' end='.var_export($row['u_end_date'],true).' pretty_url='.var_export($_config['pretty_url']??null,true)); + $_SESSION['groups'] = array(); unset($_SESSION['fs_owner_type']); unset($_SESSION['fs_owner_id']); @@ -388,6 +393,7 @@ function get_groups($course_id) { $_SESSION['groups'] = get_groups($course); + error_log('[ATUTOR-BOUNCE-DIAG] PUBLIC-final course_id='.var_export($_SESSION['course_id']??null,true).' is_admin='.var_export($_SESSION['is_admin']??null,true).' member_id='.var_export($_SESSION['member_id']??null,true).' dest='.$dest); header('Location: '.$dest, TRUE, 301); exit; @@ -450,6 +456,7 @@ function get_groups($course_id) { header('Location: ./'.$page.'?f='.$addslashes($_GET['f'])); exit; } /* else */ + error_log('[ATUTOR-BOUNCE-DIAG] PROTECTED-final course_id='.var_export($_SESSION['course_id']??null,true).' is_admin='.var_export($_SESSION['is_admin']??null,true).' member_id='.var_export($_SESSION['member_id']??null,true).' dest=./'.$page); header('Location: ./'.$addslashes($page)); exit; diff --git a/content.php b/content.php index b47b86deb..459965ffa 100644 --- a/content.php +++ b/content.php @@ -281,9 +281,17 @@ // Mauro Donadio // -$fp = @file_get_contents($content_row['text']); +$fp = false; +// Restrict file_get_contents to valid paths within AT_CONTENT_DIR to prevent SSRF/LFI +if ($content_row['text'] && file_exists($content_row['text'])) { + $real_text_path = realpath($content_row['text']); + $content_dir_real = realpath(AT_CONTENT_DIR); + if ($real_text_path !== false && $content_dir_real !== false && strpos($real_text_path, $content_dir_real) === 0) { + $fp = @file_get_contents($content_row['text']); + } +} // just for AContent content -if(strstr($fp, 'AContentXX')){ +if($fp && strstr($fp, 'AContentXX')){ //$fp = str_ireplace('
','ATutor is written in the PHP language. The PHP configuration file contains many configuration settings that can be changed. The following are the minimum requirements needed to install and use ATutor.
Additionally, the following php.ini configuration settings are recommended:
display_errors = Off arg_separator.input = ";&" -register_globals = Off -magic_quotes_gpc = Off -magic_quotes_runtime = Off allow_url_fopen = On allow_url_include = Off register_argc_argv = Off zlib.output_compression = On session.use_trans_sid = 0 -+ -
Currently ATutor only supports the MySQL database. MySQL 4.1.10 or higher is required.
+ATutor supports MySQL 5.7+ and MariaDB 10.2+. MySQL strict mode is supported as of this release.
A database user account with database creation privileges is required if your database does not already exist. That same user will then need table creation privileges for the chosen database. See the MySQL chapter How the Privilege System Works for additional information.
ATutor makes use of many new HTML features that are only supported in recent web browsers. Though ATutor is designed to function effectively in older browsers we strongly recommend using the latest version of your favorite browser. We recommend FireFox for either Windows, *nix or Mac OS X.
- \ No newline at end of file + diff --git a/documentation/developer/guidelines.html b/documentation/developer/guidelines.html index 839ea43db..902984c95 100644 --- a/documentation/developer/guidelines.html +++ b/documentation/developer/guidelines.html @@ -381,7 +381,7 @@When writing your PHP code please try to use functions that exist since (the minimum requirement) PHP version 5.0.2. If you have to use a function that only exists in later versions of PHP, provide an alternative for older versions. To check if the function is available use either version_compare(phpversion(), $min_version) or function_exists($function_name).
+When writing your PHP code please try to use functions that exist since (the minimum requirement) PHP version 8.0. The old PHP 5.x/7.x functions such as mysql_*, eregi(), split(), each(), and create_function() have been removed and must not be reintroduced. If you have to use a function that only exists in later versions of PHP, provide an alternative for older versions. To check if the function is available use either version_compare(PHP_VERSION, $min_version) or function_exists($function_name).
Code has to work on both Windows and UNIX. You should never use exec() or system(). In most cases we prefer to write code that works on both systems as is, without the need for if-statements that check for the operating system, since duplicating the functionality twice (once for each operating system) can be a source of bugs. Review the PHP Configuration section for details on how best to set-up your development environment.
diff --git a/get.php b/get.php index 5da3a8b4c..c2c59e376 100644 --- a/get.php +++ b/get.php @@ -88,7 +88,7 @@ //send header mime type $pathinfo = pathinfo($file); -$ext = $pathinfo['extension']; +$ext = $pathinfo['extension'] ?? ''; if ($ext == '') { $ext = 'application/octet-stream'; } else { @@ -125,7 +125,7 @@ header('Content-Type: '.$ext); //a hack for http://atutor.ca/atutor/mantis/view.php?id=4531 //@harris - if ($pathinfo['extension']=='mp3' || $pathinfo['extension']=='mp4') { + if (($pathinfo['extension'] ?? '')=='mp3' || ($pathinfo['extension'] ?? '')=='mp4') { header('Content-length: '.filesize($real)); } diff --git a/get_course_icon.php b/get_course_icon.php index 27ac3f06e..15e129d52 100644 --- a/get_course_icon.php +++ b/get_course_icon.php @@ -47,15 +47,16 @@ } $real = realpath($file); -// How did this ever work when the stock icons are used instead of a custom one, see mantis 5465 -//if (file_exists($real) && (substr($real, 0, strlen(AT_CONTENT_DIR)) == AT_CONTENT_DIR)) { -if (file_exists($real)) { +$custom_dir = realpath(AT_CONTENT_DIR); +$stock_dir = realpath(AT_INCLUDE_PATH . '../images/courses/'); + +if (file_exists($real) && (($stock_dir !== false && substr($real, 0, strlen($stock_dir)) == $stock_dir) || ($custom_dir !== false && substr($real, 0, strlen($custom_dir)) == $custom_dir))) { header('Content-Disposition: inline; filename="'.$filename.'"'); - + /** * although we can check if mod_xsendfile is installed in apache2 * we can't actually check if it's enabled. also, we can't check if - * it's enabled and installed in lighty, so instead we send the + * it's enabled and installed in lighty, so instead we send the * header anyway, if it works then the line after it will not * execute. if it doesn't work, then the line after it will replace * it so that the full server path is not exposed. @@ -63,15 +64,15 @@ * x-sendfile is supported in apache2 and lighttpd 1.5+ (previously * named x-send-file in lighttpd 1.4) */ - $real=preg_replace("/..\/..\/..\//i", "", $real); header('x-Sendfile: '.$real); header('x-Sendfile: ', TRUE); // if we get here then it didn't work - header('Content-Type: '.$ext); - + header('Content-Type: '.$ext); + @readfile($real); exit; } else { + header('HTTP/1.1 404 Not Found', TRUE); exit; } diff --git a/include/classes/AContent_lcl/ims-blti/OAuth.php b/include/classes/AContent_lcl/ims-blti/OAuth.php index 0921f3a85..773acbd25 100644 --- a/include/classes/AContent_lcl/ims-blti/OAuth.php +++ b/include/classes/AContent_lcl/ims-blti/OAuth.php @@ -149,7 +149,7 @@ public function build_signature(&$request, $consumer, $token) { $ok = openssl_sign($base_string, $signature, $privatekeyid); // Release the key resource - openssl_free_key($privatekeyid); + // openssl_free_key removed in PHP 8.0 (automatic) return base64_encode($signature); } @@ -169,7 +169,7 @@ public function check_signature(&$request, $consumer, $token, $signature) { $ok = openssl_verify($base_string, $decoded_sig, $publickeyid); // Release the key resource - openssl_free_key($publickeyid); + // openssl_free_key removed in PHP 8.0 (automatic) return $ok == 1; } @@ -224,13 +224,6 @@ public static function from_request($http_method=NULL, $http_url=NULL, $paramete $ourpost = $_POST; // Deal with magic_quotes // http://www.php.net/manual/en/security.magicquotes.disabling.php - if ( get_magic_quotes_gpc() ) { - $outpost = array(); - foreach ($_POST as $k => $v) { - $v = stripslashes($v); - $ourpost[$k] = $v; - } - } // Add POST Parameters if they exist $parameters = array_merge($parameters, $ourpost); @@ -756,11 +749,11 @@ public static function get_headers() { public static function parse_parameters( $input ) { if (!isset($input) || !$input) return array(); - $pairs = split('&', $input); + $pairs = explode('split('&', $input)', $input); $parsed_parameters = array(); foreach ($pairs as $pair) { - $split = split('=', $pair, 2); + $split = explode('=', $pair, 2); $parameter = OAuthUtil::urldecode_rfc3986($split[0]); $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : ''; diff --git a/include/classes/ContentManager.class.php b/include/classes/ContentManager.class.php index 515bcfce1..1c91af150 100644 --- a/include/classes/ContentManager.class.php +++ b/include/classes/ContentManager.class.php @@ -131,16 +131,24 @@ function initContent( ) { } // generate array of all the content ids in the same order that they appear in "content navigation" - $this->_menu_in_order[] = $next_content_id = $this->getNextContentID(0); - while ($next_content_id > 0) - { - $next_content_id = $this->getNextContentID($next_content_id); - - if (in_array($next_content_id, $this->_menu_in_order)) break; - else $this->_menu_in_order[] = $next_content_id; + // A brand-new (or otherwise empty) course has no content rows, so $_menu is + // empty and $_menu[0] is undefined. Skip the ordering walk in that case — + // count(null) is a fatal TypeError on PHP 8 (was only a notice on PHP 7). + if ($num_sections > 0) { + $this->_menu_in_order[] = $next_content_id = $this->getNextContentID(0); + while ($next_content_id > 0) + { + $next_content_id = $this->getNextContentID($next_content_id); + + if (in_array($next_content_id, $this->_menu_in_order)) break; + else $this->_menu_in_order[] = $next_content_id; + } + + $this->content_length = count($_menu[0]); + } else { + $this->_menu_in_order = array(); + $this->content_length = 0; } - - $this->content_length = count($_menu[0]); } // This function is called by initContent to construct $this->_menu_in_order, an array to @@ -213,16 +221,17 @@ function getContent($parent_id=-1, $length=-1) { } return $my_menu_copy; } - return $this->_menu[$parent_id]; + return isset($this->_menu[$parent_id]) ? $this->_menu[$parent_id] : array(); } function &getContentPath($content_id) { $path = array(); - $path[] = array('content_id' => $content_id, 'title' => $this->_menu_info[$content_id]['title']); - - $this->getContentPathRecursive($content_id, $path); + if (isset($this->_menu_info[$content_id])) { + $path[] = array('content_id' => $content_id, 'title' => $this->_menu_info[$content_id]['title']); + $this->getContentPathRecursive($content_id, $path); + } $path = array_reverse($path); return $path; @@ -230,9 +239,10 @@ function &getContentPath($content_id) { function getContentPathRecursive($content_id, &$path) { + if (!isset($this->_menu_info[$content_id])) { return; } $parent_id = $this->_menu_info[$content_id]['content_parent_id']; - if ($parent_id > 0) { + if ($parent_id > 0 && isset($this->_menu_info[$parent_id])) { $path[] = array('content_id' => $parent_id, 'title' => $this->_menu_info[$parent_id]['title']); $this->getContentPathRecursive($parent_id, $path); } @@ -676,17 +686,23 @@ function getNumbering($content_id) { } function getPreviousContent($content_id) { - if (is_array($this->_menu_in_order)) + if (is_array($this->_menu_in_order) && count($this->_menu_in_order) > 0) { - foreach ($this->_menu_in_order as $content_location => $this_content_id) + $content_location = null; + foreach ($this->_menu_in_order as $loc => $this_content_id) { - if ($this_content_id == $content_id) break; + if ($this_content_id == $content_id) { + $content_location = $loc; + break; + } } - + if ($content_location === null) { return NULL; } + for ($i=$content_location-1; $i >= 0; $i--) { + if (!isset($this->_menu_info[$this->_menu_in_order[$i]])) { continue; } $content_type = $this->_menu_info[$this->_menu_in_order[$i]]['content_type']; - + if ($content_type == CONTENT_TYPE_CONTENT || $content_type == CONTENT_TYPE_WEBLINK) return array('content_id' => $this->_menu_in_order[$i], 'ordering' => $this->_menu_info[$this->_menu_in_order[$i]]['ordering'], @@ -695,23 +711,29 @@ function getPreviousContent($content_id) { } return NULL; } - + function getNextContent($content_id) { - if (is_array($this->_menu_in_order)) + if (is_array($this->_menu_in_order) && count($this->_menu_in_order) > 0) { - foreach ($this->_menu_in_order as $content_location => $this_content_id) + $content_location = null; + foreach ($this->_menu_in_order as $loc => $this_content_id) { - if ($this_content_id == $content_id) break; + if ($this_content_id == $content_id) { + $content_location = $loc; + break; + } } - + if ($content_location === null) { return NULL; } + for ($i=$content_location+1; $i < count($this->_menu_in_order); $i++) { + if (!isset($this->_menu_info[$this->_menu_in_order[$i]])) { continue; } $content_type = $this->_menu_info[$this->_menu_in_order[$i]]['content_type']; - + if ($content_type == CONTENT_TYPE_CONTENT || $content_type == CONTENT_TYPE_WEBLINK) - return(array('content_id' => $this->_menu_in_order[$i], + return array('content_id' => $this->_menu_in_order[$i], 'ordering' => $this->_menu_info[$this->_menu_in_order[$i]]['ordering'], - 'title' => $this->_menu_info[$this->_menu_in_order[$i]]['title'])); + 'title' => $this->_menu_info[$this->_menu_in_order[$i]]['title']); } } return NULL; @@ -743,31 +765,41 @@ function generateSequenceCrumbs($cid) { $sequence_links['resume'] = $resume; } else { + $previous = null; + $next = null; if ($cid) { $previous = $this->getPreviousContent($cid); - $previous['title'] = htmlspecialchars($previous['title']); + if ($previous) { + $previous['title'] = htmlspecialchars($previous['title']); + } } $next = $this->getNextContent($cid ? $cid : 0); - $next['title'] = htmlspecialchars($next['title']); + if ($next) { + $next['title'] = htmlspecialchars($next['title']); + } if ($_SESSION['prefs']['PREF_NUMBERING']) { - $previous['title'] = $this->getNumbering($previous['content_id']).' '.$previous['title']; - $next['title'] = $this->getNumbering($next['content_id']).' '.$next['title']; + if ($previous) { + $previous['title'] = $this->getNumbering($previous['content_id']).' '.$previous['title']; + } + if ($next) { + $next['title'] = $this->getNumbering($next['content_id']).' '.$next['title']; + } } - $next['url'] = $_base_path.url_rewrite('content.php?cid='.$next['content_id']); - if (isset($previous['content_id'])) { + if ($next) { + $next['url'] = $_base_path.url_rewrite('content.php?cid='.$next['content_id']); + } + if ($previous && isset($previous['content_id'])) { $previous['url'] = $_base_path.url_rewrite('content.php?cid='.$previous['content_id']); } - if (isset($previous['content_id'])) { + if ($previous && isset($previous['content_id'])) { $sequence_links['previous'] = $previous; } else if ($cid) { - $previous['url'] = $_base_path . url_rewrite('index.php'); - $previous['title'] = _AT('course_home'); - $sequence_links['previous'] = $previous; + $sequence_links['previous'] = array('url' => $_base_path . url_rewrite('index.php'), 'title' => _AT('course_home')); } - if (!empty($next['content_id'])) { + if ($next && !empty($next['content_id'])) { $sequence_links['next'] = $next; } } diff --git a/include/classes/Message/Message.class.php b/include/classes/Message/Message.class.php index 9964c495b..1de4e3472 100644 --- a/include/classes/Message/Message.class.php +++ b/include/classes/Message/Message.class.php @@ -104,9 +104,19 @@ function printAbstract($type) { $result = '[' . $first . ']'; } - $terms = $item; - - /* replace the tokens with the terms */ + $terms = array_values((array)$item); + + /* replace the tokens with the terms. + * PHP 8's vsprintf throws a ValueError when fewer arguments are + * supplied than the format has placeholders (PHP 7 silently + * substituted empty strings). A translation/caller arg-count + * mismatch is common in this legacy code, so pad the arguments + * to the placeholder count and degrade gracefully instead of + * fataling the page. Extra arguments are ignored by vsprintf. */ + $placeholder_count = preg_match_all('/%(\d+\$)?[-+]?\d*(?:\.\d+)?[bcdeEfFgGosuxX]/', $result); + if (count($terms) < $placeholder_count) { + $terms = array_pad($terms, $placeholder_count, ''); + } $result = vsprintf($result, $terms); } else { @@ -128,8 +138,8 @@ function printAbstract($type) { $this->savant->assign('hide_button_no', $hide_button_no); } else if ($type == 'help') { // special case for help message, we need to check a few conditions - $a = (!isset($_GET['e']) && !$_SESSION['prefs']['PREF_HELP'] && !$_GET['h']); - $b = ($_SESSION['prefs']['PREF_CONTENT_ICONS'] == 2); + $a = (!isset($_GET['e']) && !($_SESSION['prefs']['PREF_HELP'] ?? null) && !($_GET['h'] ?? null)); + $b = (($_SESSION['prefs']['PREF_CONTENT_ICONS'] ?? null) == 2); $c = isset($_GET['e']); $d = $_SESSION['course_id']; diff --git a/include/classes/UrlRewrite/UrlParser.class.php b/include/classes/UrlRewrite/UrlParser.class.php index 4882a6a7b..f92a269d9 100644 --- a/include/classes/UrlRewrite/UrlParser.class.php +++ b/include/classes/UrlRewrite/UrlParser.class.php @@ -93,7 +93,7 @@ function parsePathinfo($pathinfo){ //Check if there are any matches for prettied query string, if not, use the actual query. if (!isset($matches[5]) || $matches[5] == ''){ - $matches[5] = $_SERVER['QUERY_STRING']; + $matches[5] = $_SERVER['QUERY_STRING'] ?? ''; } //Create object based on this path. diff --git a/include/classes/XML/XML_HTMLSax/OS/Guess.php b/include/classes/XML/XML_HTMLSax/OS/Guess.php index c828b016c..62f6dc429 100644 --- a/include/classes/XML/XML_HTMLSax/OS/Guess.php +++ b/include/classes/XML/XML_HTMLSax/OS/Guess.php @@ -128,7 +128,7 @@ function parseSignature($uname = null) if ($uname === null) { $uname = php_uname(); } - $parts = split('[[:space:]]+', trim($uname)); + $parts = preg_split('/\s+/', trim($uname)); $n = count($parts); $release = $machine = $cpu = ''; @@ -246,7 +246,7 @@ function _detectGlibcVersion() $cpp = popen("/usr/bin/cpp $tmpfile", "r"); $major = $minor = 0; while ($line = fgets($cpp, 1024)) { - if ($line{0} == '#' || trim($line) == '') { + if ($line[0] == '#' || trim($line) == '') { continue; } if (list($major, $minor) = explode(' ', trim($line))) { diff --git a/include/classes/XML/XML_HTMLSax/PEAR.php b/include/classes/XML/XML_HTMLSax/PEAR.php index 9749e1a63..4c0ce763b 100644 --- a/include/classes/XML/XML_HTMLSax/PEAR.php +++ b/include/classes/XML/XML_HTMLSax/PEAR.php @@ -760,11 +760,10 @@ function _PEAR_call_destructors() if (is_array($_PEAR_destructor_object_list) && sizeof($_PEAR_destructor_object_list)) { - reset($_PEAR_destructor_object_list); if (@PEAR::getStaticProperty('PEAR', 'destructlifo')) { $_PEAR_destructor_object_list = array_reverse($_PEAR_destructor_object_list); } - while (list($k, $objref) = each($_PEAR_destructor_object_list)) { + foreach ($_PEAR_destructor_object_list as $k => $objref) { $classname = get_class($objref); while ($classname) { $destructor = "_$classname"; diff --git a/include/classes/XML/XML_HTMLSax/PEAR/Autoloader.php b/include/classes/XML/XML_HTMLSax/PEAR/Autoloader.php index d0fb0ac79..1518dd2e4 100644 --- a/include/classes/XML/XML_HTMLSax/PEAR/Autoloader.php +++ b/include/classes/XML/XML_HTMLSax/PEAR/Autoloader.php @@ -99,7 +99,7 @@ class PEAR_Autoloader extends PEAR function addAutoload($method, $classname = null) { if (is_array($method)) { - array_walk($method, create_function('$a,&$b', '$b = strtolower($b);')); + $method = array_combine(array_map('strtolower', array_keys($method)), $method); $this->_autoload_map = array_merge($this->_autoload_map, $method); } else { $this->_autoload_map[strtolower($method)] = $classname; @@ -153,7 +153,7 @@ function addAggregateObject($classname) $methods = get_class_methods($classname); foreach ($methods as $method) { // don't import priviate methods and constructors - if ($method{0} != '_' && $method != $classname) { + if ($method[0] != '_' && $method != $classname) { $this->_method_map[$method] = $obj; } } @@ -175,8 +175,7 @@ function removeAggregateObject($classname) { $ok = false; $classname = strtolower($classname); - reset($this->_method_map); - while (list($method, $obj) = each($this->_method_map)) { + foreach ($this->_method_map as $method => $obj) { if (is_a($obj, $classname)) { unset($this->_method_map[$method]); $ok = true; @@ -202,7 +201,7 @@ function removeAggregateObject($classname) * @return mixed The return value from the aggregated method, or a PEAR * error if the called method was unknown. */ - function __call($method, $args, &$retval) + function __call($method, $args) { $method = strtolower($method); if (empty($this->_method_map[$method]) && isset($this->_autoload_map[$method])) { diff --git a/include/classes/XML/XML_HTMLSax/PEAR/Common.php b/include/classes/XML/XML_HTMLSax/PEAR/Common.php index e9cf093dd..d637a1ffe 100644 --- a/include/classes/XML/XML_HTMLSax/PEAR/Common.php +++ b/include/classes/XML/XML_HTMLSax/PEAR/Common.php @@ -611,7 +611,7 @@ function buildProvidesArray($srcinfo) foreach ($methods as $method) { $function = "$class::$method"; $key = "function;$function"; - if ($method{0} == '_' || !strcasecmp($method, $class) || + if ($method[0] == '_' || !strcasecmp($method, $class) || isset($this->pkginfo['provides'][$key])) { continue; } @@ -622,7 +622,7 @@ function buildProvidesArray($srcinfo) foreach ($srcinfo['declared_functions'] as $function) { $key = "function;$function"; - if ($function{0} == '_' || isset($this->pkginfo['provides'][$key])) { + if ($function[0] == '_' || isset($this->pkginfo['provides'][$key])) { continue; } if (!strstr($function, '::') && strncasecmp($function, $pn, $pnl)) { @@ -717,7 +717,7 @@ function analyzeSourceCode($file) } switch ($token) { case T_WHITESPACE: - continue; + break; case ';': if ($interface) { $current_function = ''; diff --git a/include/classes/XML/XML_HTMLSax/PEAR/Config.php b/include/classes/XML/XML_HTMLSax/PEAR/Config.php index 81865121a..544dd61fd 100644 --- a/include/classes/XML/XML_HTMLSax/PEAR/Config.php +++ b/include/classes/XML/XML_HTMLSax/PEAR/Config.php @@ -938,8 +938,10 @@ function _readConfigDataFrom($file) return $this->raiseError("PEAR_Config::readConfigFile fopen('$file','r') failed"); } $size = filesize($file); - $rt = get_magic_quotes_runtime(); - set_magic_quotes_runtime(0); + $rt = function_exists('get_magic_quotes_runtime') ? get_magic_quotes_runtime() : 0; + if (function_exists('set_magic_quotes_runtime')) { + set_magic_quotes_runtime(0); + } if (function_exists('file_get_contents')) { fclose($fp); $contents = file_get_contents($file); @@ -951,7 +953,9 @@ function _readConfigDataFrom($file) return $this->raiseError('Configuration file "' . $file . '" is empty'); } - set_magic_quotes_runtime($rt); + if (function_exists('set_magic_quotes_runtime')) { + set_magic_quotes_runtime($rt); + } $version = false; if (preg_match('/^#PEAR_Config\s+(\S+)\s+/si', $contents, $matches)) { @@ -2014,7 +2018,7 @@ function _prependPath($path, $prepend) if (OS_WINDOWS && preg_match('/^[a-z]:/i', $path)) { if (preg_match('/^[a-z]:/i', $prepend)) { $prepend = substr($prepend, 2); - } elseif ($prepend{0} != '\\') { + } elseif ($prepend[0] != '\\') { $prepend = "\\$prepend"; } $path = substr($path, 0, 2) . $prepend . substr($path, 2); diff --git a/include/classes/XML/XML_HTMLSax/PEAR/Remote.php b/include/classes/XML/XML_HTMLSax/PEAR/Remote.php index c698f5eb1..12916a357 100644 --- a/include/classes/XML/XML_HTMLSax/PEAR/Remote.php +++ b/include/classes/XML/XML_HTMLSax/PEAR/Remote.php @@ -475,9 +475,8 @@ function _encode($php_val) } } if ($is_continuous) { - reset($php_val); $arr = array(); - while (list($k, $v) = each($php_val)) { + foreach ($php_val as $k => $v) { $arr[$k] = $this->_encode($v); } $xmlrpcval->addArray($arr); @@ -487,7 +486,7 @@ function _encode($php_val) // fall though if not numerical and continuous case "object": $arr = array(); - while (list($k, $v) = each($php_val)) { + foreach ($php_val as $k => $v) { $arr[$k] = $this->_encode($v); } $xmlrpcval->addStruct($arr); diff --git a/include/classes/XML/XML_HTMLSax/System.php b/include/classes/XML/XML_HTMLSax/System.php index b9afccf19..aa13dd06f 100644 --- a/include/classes/XML/XML_HTMLSax/System.php +++ b/include/classes/XML/XML_HTMLSax/System.php @@ -235,7 +235,7 @@ function mkDir($args) } elseif($opt[0] == 'm') { // if the mode is clearly an octal number (starts with 0) // convert it to decimal - if (strlen($opt[1]) && $opt[1]{0} == '0') { + if (strlen($opt[1]) && $opt[1][0] == '0') { $opt[1] = octdec($opt[1]); } else { // convert to int @@ -540,7 +540,7 @@ function find($args) break; case '-name': if (OS_WINDOWS) { - if ($args[$i+1]{0} == '\\') { + if ($args[$i+1][0] == '\\') { // prepend drive $args[$i+1] = addslashes(substr(getcwd(), 0, 2) . $args[$i + 1]); } diff --git a/include/classes/XML/XML_HTMLSax/XML_HTMLSax.php b/include/classes/XML/XML_HTMLSax/XML_HTMLSax.php index 64ab450cb..0b274a98a 100644 --- a/include/classes/XML/XML_HTMLSax/XML_HTMLSax.php +++ b/include/classes/XML/XML_HTMLSax/XML_HTMLSax.php @@ -194,7 +194,7 @@ function ignoreCharacter() { */ function scanCharacter() { if ($this->position < $this->length) { - return $this->rawtext{$this->position++}; + return $this->rawtext[$this->position++]; } } @@ -339,7 +339,7 @@ function XML_HTMLSax_StateParser_Lt430(& $htmlsax) { */ function scanUntilCharacters($string) { $startpos = $this->position; - while ($this->position < $this->length && strpos($string, $this->rawtext{$this->position}) === FALSE) { + while ($this->position < $this->length && strpos($string, $this->rawtext[$this->position]) === FALSE) { $this->position++; } return substr($this->rawtext, $startpos, $this->position - $startpos); @@ -352,7 +352,7 @@ function scanUntilCharacters($string) { */ function ignoreWhitespace() { while ($this->position < $this->length && - strpos(" \n\r\t", $this->rawtext{$this->position}) !== FALSE) { + strpos(" \n\r\t", $this->rawtext[$this->position]) !== FALSE) { $this->position++; } } diff --git a/include/classes/nusoap.php b/include/classes/nusoap.php index 7db799cc8..6c2c73f3b 100644 --- a/include/classes/nusoap.php +++ b/include/classes/nusoap.php @@ -306,7 +306,7 @@ function serialize_val($val,$name=false,$type=false,$name_ns=false,$type_ns=fals case (is_array($val) || $type): // detect if struct or array $valueType = $this->isArraySimpleOrStruct($val); - if($valueType=='arraySimple' || ereg('^ArrayOf',$type)){ + if($valueType=='arraySimple' || strpos($type, 'ArrayOf') === 0){ $i = 0; if(is_array($val) && count($val)> 0){ foreach($val as $v){ @@ -469,7 +469,7 @@ function contractQname($qname){ */ function expandQname($qname){ // get element prefix - if(strpos($qname,':') && !ereg('^http://',$qname)){ + if(strpos($qname,':') && strpos($qname, 'http://') !== 0){ // get unqualified name $name = substr(strstr($qname,':'),1); // get ns prefix @@ -583,7 +583,7 @@ function timestamp_to_iso8601($timestamp,$utc=true){ '([0-9]{2})(\.[0-9]*)?'. // seconds ss.ss... '(Z|[+\-][0-9]{2}:?[0-9]{2})?'; // Z to indicate UTC, -/+HH:MM:SS.SS... for local tz's - if(ereg($eregStr,$datestr,$regs)){ + if(preg_match('/' . $eregStr . '/',$datestr,$regs)){ return sprintf('%04d-%02d-%02dT%02d:%02d:%02dZ',$regs[1],$regs[2],$regs[3],$regs[4],$regs[5],$regs[6]); } return false; @@ -608,7 +608,7 @@ function iso8601_to_timestamp($datestr){ '([0-9]{2}):'. // minutes mm: '([0-9]{2})(\.[0-9]+)?'. // seconds ss.ss... '(Z|[+\-][0-9]{2}:?[0-9]{2})?'; // Z to indicate UTC, -/+HH:MM:SS.SS... for local tz's - if(ereg($eregStr,$datestr,$regs)){ + if(preg_match('/' . $eregStr . '/',$datestr,$regs)){ // not utc if($regs[8] != 'Z'){ $op = substr($regs[8],0,1); @@ -887,7 +887,7 @@ function schemaStartElement($parser, $name, $attrs) { if(count($attrs) > 0){ foreach($attrs as $k => $v){ // if ns declarations, add to class level array of valid namespaces - if(ereg("^xmlns",$k)){ + if(strpos($k, 'xmlns') === 0){ //$this->xdebug("$k: $v"); //$this->xdebug('ns_prefix: '.$this->getPrefix($k)); if($ns_prefix = substr(strrchr($k,':'),1)){ @@ -984,7 +984,7 @@ function schemaStartElement($parser, $name, $attrs) { $this->currentComplexType = $attrs['name']; $this->complexTypes[$this->currentComplexType] = $attrs; $this->complexTypes[$this->currentComplexType]['typeClass'] = 'complexType'; - if(isset($attrs['base']) && ereg(':Array$',$attrs['base'])){ + if(isset($attrs['base']) && substr($attrs['base'], -6) === ':Array'){ $this->complexTypes[$this->currentComplexType]['phpType'] = 'array'; } else { $this->complexTypes[$this->currentComplexType]['phpType'] = 'struct'; @@ -995,7 +995,7 @@ function schemaStartElement($parser, $name, $attrs) { $this->currentElement = false; $this->complexTypes[$this->currentComplexType] = $attrs; $this->complexTypes[$this->currentComplexType]['typeClass'] = 'complexType'; - if(isset($attrs['base']) && ereg(':Array$',$attrs['base'])){ + if(isset($attrs['base']) && substr($attrs['base'], -6) === ':Array'){ $this->complexTypes[$this->currentComplexType]['phpType'] = 'array'; } else { $this->complexTypes[$this->currentComplexType]['phpType'] = 'struct'; @@ -1586,7 +1586,7 @@ function soap_transport_http($url){ $this->uri = $this->path; // build headers - ereg('\$Revisio' . 'n: ([^ ]+)', $this->revision, $rev); + preg_match('/\$Revision: ([^ ]+)/', $this->revision, $rev); $this->outgoing_headers['User-Agent'] = $this->title.'/'.$this->version.' ('.$rev[1].')'; if (!isset($u['port'])) { $this->outgoing_headers['Host'] = $this->host; @@ -1846,7 +1846,9 @@ function setEncoding($enc='gzip, deflate'){ $this->outgoing_headers['Accept-Encoding'] = $enc; $this->outgoing_headers['Connection'] = 'close'; $this->persistentConnection = false; - set_magic_quotes_runtime(0); + if (function_exists('set_magic_quotes_runtime')) { + set_magic_quotes_runtime(0); + } // deprecated $this->encoding = $enc; } @@ -2010,7 +2012,7 @@ function getResponse(){ } } // remove 100 header - if(isset($lb) && ereg('^HTTP/1.1 100',$data)){ + if(isset($lb) && strpos($data, 'HTTP/1.1 100') === 0){ unset($lb); $data = ''; }// @@ -2098,7 +2100,7 @@ function getResponse(){ curl_close($this->ch); // remove 100 header - if (ereg('^HTTP/1.1 100',$data)) { + if (strpos($data, 'HTTP/1.1 100') === 0) { if ($pos = strpos($data,"\r\n\r\n")) { $data = ltrim(substr($data,$pos)); } elseif($pos = strpos($data,"\n\n") ) { @@ -2138,7 +2140,7 @@ function getResponse(){ // parse elements into array $digestElements = explode(', ', $digestString); - while (list($key, $val) = each($digestElements)) { + foreach ($digestElements as $key => $val) { $tempElement = explode('=', $val); $digestRequest[$tempElement[0]] = str_replace("\"", '', $tempElement[1]); } @@ -2313,11 +2315,12 @@ function service($data){ $qs = $QUERY_STRING; } - if(isset($qs) && ereg('wsdl', $qs) ){ + if(isset($qs) && strpos($qs, 'wsdl') !== false ){ // This is a request for WSDL if($this->externalWSDLURL){ if (strpos($this->externalWSDLURL,"://")!==false) { // assume URL header('Location: '.$this->externalWSDLURL); + exit; } else { // assume file header("Content-Type: text/xml\r\n"); $fp = fopen($this->externalWSDLURL, 'r'); @@ -2373,7 +2376,7 @@ function parse_http_headers() { // get the character encoding of the incoming request if(strpos($this->headers['Content-Type'],'=')){ $enc = str_replace('"','',substr(strstr($this->headers["Content-Type"],'='),1)); - if(eregi('^(ISO-8859-1|US-ASCII|UTF-8)$',$enc)){ + if(preg_match('/^(ISO-8859-1|US-ASCII|UTF-8)$/i',$enc)){ $this->xml_encoding = strtoupper($enc); } else { $this->xml_encoding = 'US-ASCII'; @@ -2700,7 +2703,7 @@ function send_response() { $payload .= ""; } $this->outgoing_headers[] = "Server: $this->title Server v$this->version"; - ereg('\$Revisio' . 'n: ([^ ]+)', $this->revision, $rev); + preg_match('/\$Revision: ([^ ]+)/', $this->revision, $rev); $this->outgoing_headers[] = "X-SOAP-Server: $this->title/$this->version (".$rev[1].")"; // Let the Web server decide about this //$this->outgoing_headers[] = "Connection: Close\r\n"; @@ -3301,7 +3304,7 @@ function start_element($parser, $name, $attrs) $this->currentSchema->schemaStartElement($parser, $name, $attrs); $this->debug_str .= $this->currentSchema->debug_str; $this->currentSchema->debug_str = ''; - } elseif (ereg('schema$', $name)) { + } elseif (substr($name, -7) === 'schema') { // $this->debug("startElement for $name ($attrs[name]). status = $this->status (".$this->getLocalPart($name).")"); $this->status = 'schema'; $this->currentSchema = new xmlschema('', '', $this->namespaces); @@ -3316,7 +3319,7 @@ function start_element($parser, $name, $attrs) $this->depth_array[$depth] = $pos; $this->message[$pos] = array('cdata' => ''); // get element prefix - if (ereg(':', $name)) { + if (strpos($name, ':') !== false) { // get ns prefix $prefix = substr($name, 0, strpos($name, ':')); // get ns @@ -3328,7 +3331,7 @@ function start_element($parser, $name, $attrs) if (count($attrs) > 0) { foreach($attrs as $k => $v) { // if ns declarations, add to class level array of valid namespaces - if (ereg("^xmlns", $k)) { + if (strpos($k, 'xmlns') === 0) { if ($ns_prefix = substr(strrchr($k, ':'), 1)) { $this->namespaces[$ns_prefix] = $v; } else { @@ -3505,7 +3508,7 @@ function start_element($parser, $name, $attrs) */ function end_element($parser, $name){ // unset schema status - if (/*ereg('types$', $name) ||*/ ereg('schema$', $name)) { + if (/*preg_match('/types$/', $name) ||*/ substr($name, -7) === 'schema') { $this->status = ""; $this->schemas[$this->currentSchema->schemaTargetNamespace][] = $this->currentSchema; } @@ -4498,7 +4501,7 @@ function start_element($parser, $name, $attrs) { $key_localpart = $this->getLocalPart($key); // if ns declarations, add to class level array of valid namespaces if($key_prefix == 'xmlns'){ - if(ereg('^http://www.w3.org/[0-9]{4}/XMLSchema$',$value)){ + if(preg_match('/^http:\/\/www\.w3\.org\/[0-9]{4}\/XMLSchema$/', $value)){ $this->XMLSchemaVersion = $value; $this->namespaces['xsd'] = $this->XMLSchemaVersion; $this->namespaces['xsi'] = $this->XMLSchemaVersion.'-instance'; @@ -4531,7 +4534,7 @@ function start_element($parser, $name, $attrs) { [6] nextDimension ::= Digit+ ',' */ $expr = '([A-Za-z0-9_]+):([A-Za-z]+[A-Za-z0-9_]+)\[([0-9]+),?([0-9]*)\]'; - if(ereg($expr,$value,$regs)){ + if(preg_match($expr,$value,$regs)){ $this->message[$pos]['typePrefix'] = $regs[1]; $this->message[$pos]['arrayTypePrefix'] = $regs[1]; if (isset($this->namespaces[$regs[1]])) { @@ -5150,7 +5153,7 @@ function send($msg, $soapaction = '', $timeout=0, $response_timeout=30) { // detect transport switch(true){ // http(s) - case ereg('^http',$this->endpoint): + case (strpos($this->endpoint, 'http') === 0): $this->debug('transporting via HTTP'); if($this->persistentConnection == true && is_object($this->persistentConnection)){ $http =& $this->persistentConnection; @@ -5172,10 +5175,10 @@ function send($msg, $soapaction = '', $timeout=0, $response_timeout=30) { $http->setEncoding($this->http_encoding); } $this->debug('sending message, length: '.strlen($msg)); - if(ereg('^http:',$this->endpoint)){ + if(strpos($this->endpoint, 'http:') === 0){ //if(strpos($this->endpoint,'http:')){ $this->responseData = $http->send($msg,$timeout,$response_timeout); - } elseif(ereg('^https',$this->endpoint)){ + } elseif(strpos($this->endpoint, 'https') === 0){ //} elseif(strpos($this->endpoint,'https:')){ //if(phpversion() == '4.3.0-dev'){ //$response = $http->send($msg,$timeout,$response_timeout); diff --git a/include/classes/pclzip.lib.php b/include/classes/pclzip.lib.php index 89e862fbc..e2ea17359 100644 --- a/include/classes/pclzip.lib.php +++ b/include/classes/pclzip.lib.php @@ -3393,7 +3393,7 @@ function privExtractByRule(&$p_file_list, $p_path, $p_remove_path, $p_remove_all else if ( (isset($p_options[PCLZIP_OPT_BY_EREG])) && ($p_options[PCLZIP_OPT_BY_EREG] != "")) { - if (ereg($p_options[PCLZIP_OPT_BY_EREG], $v_header['stored_filename'])) { + if (preg_match('/' . $p_options[PCLZIP_OPT_BY_EREG] . '/', $v_header['stored_filename'])) { $v_extract = true; } } @@ -4774,7 +4774,7 @@ function privDeleteByRule(&$p_result_list, &$p_options) else if ( (isset($p_options[PCLZIP_OPT_BY_EREG])) && ($p_options[PCLZIP_OPT_BY_EREG] != "")) { - if (ereg($p_options[PCLZIP_OPT_BY_EREG], $v_header_list[$v_nb_extracted]['stored_filename'])) { + if (preg_match('/' . $p_options[PCLZIP_OPT_BY_EREG] . '/', $v_header_list[$v_nb_extracted]['stored_filename'])) { $v_found = true; } } diff --git a/include/classes/phpmailer/class.phpmailer.php b/include/classes/phpmailer/class.phpmailer.php index b3ca55fc4..df37bd2c1 100644 --- a/include/classes/phpmailer/class.phpmailer.php +++ b/include/classes/phpmailer/class.phpmailer.php @@ -1087,12 +1087,16 @@ function EncodeFile ($path, $encoding = "base64") { $this->SetError($this->Lang("file_open") . $path); return ""; } - $magic_quotes = get_magic_quotes_runtime(); - set_magic_quotes_runtime(0); + if (function_exists('get_magic_quotes_runtime')) { + $magic_quotes = get_magic_quotes_runtime(); + set_magic_quotes_runtime(0); + } $file_buffer = fread($fd, filesize($path)); $file_buffer = $this->EncodeString($file_buffer, $encoding); fclose($fd); - set_magic_quotes_runtime($magic_quotes); + if (function_exists('set_magic_quotes_runtime')) { + set_magic_quotes_runtime($magic_quotes); + } return $file_buffer; } diff --git a/include/classes/phpmailer/class.smtp.php b/include/classes/phpmailer/class.smtp.php index 28af3b6f8..523d485df 100644 --- a/include/classes/phpmailer/class.smtp.php +++ b/include/classes/phpmailer/class.smtp.php @@ -323,7 +323,7 @@ function Data($msg_data) { $max_line_length = 998; # used below; set here for ease in change - while(list(,$line) = @each($lines)) { + foreach ($lines as $line) { $lines_out = null; if($line == "" && $in_headers) { $in_headers = false; @@ -350,7 +350,7 @@ function Data($msg_data) { $lines_out[] = $line; # now send the lines to the server - while(list(,$line_out) = @each($lines_out)) { + foreach ($lines_out as $line_out) { if(strlen($line_out) > 0) { if(substr($line_out, 0, 1) == ".") { @@ -434,7 +434,7 @@ function Expand($name) { # parse the reply and place in our array to return to user $entries = explode($this->CRLF,$rply); - while(list(,$l) = @each($entries)) { + foreach ($entries as $l) { $list[] = substr($l,4); } diff --git a/include/classes/sqlutility.class.php b/include/classes/sqlutility.class.php index 05623f0be..306095856 100644 --- a/include/classes/sqlutility.class.php +++ b/include/classes/sqlutility.class.php @@ -197,7 +197,7 @@ public static function queryFromFile($sql_file_path, $table_prefix = null, $in_p if($prefixed_query[1] == 'CREATE TABLE' || $prefixed_query[1] == 'CREATE TABLE IF NOT EXISTS') { $result = queryDB($prefixed_query[0], array(), FALSE, FALSE); - if(count($result) > 0){ + if($result !== false){ if ($in_plain_msg) { $progress[] = 'Table '.$table . ' created successfully.'; } else { diff --git a/include/header.inc.php b/include/header.inc.php index 621148ee8..dde907507 100644 --- a/include/header.inc.php +++ b/include/header.inc.php @@ -191,7 +191,7 @@ /**** Toggle to switch between mobile and responsive themes ****/ -if($_GET['mobile'] == '2'){ +if(($_GET['mobile'] ?? '') == '2'){ global $msg; unset($_SESSION['prefs']['PREF_RESPONSIVE'] ); if(isset($_GET['cid'])){ @@ -203,7 +203,7 @@ $msg->addFeedback('MOBILE_ON'); header('Location:'.$_SERVER['PHP_SELF'].$cid); exit; -} else if($_GET['mobile'] == '1') { +} else if(($_GET['mobile'] ?? '') == '1') { global $msg; $_SESSION['prefs']['PREF_RESPONSIVE'] = 1; if(isset($_GET['cid'])){ @@ -243,9 +243,14 @@ if($_SESSION['tool_origin']['url'] == $_base_href.$current_page){ unset($_SESSION['tool_origin']); unset($back_to_page); - }else if($_pages[$mod_path]['parent'] != 'tools/index.php'){ - $back_to_page['title'] = _AT($_pages[$_pages[$mod_path]['parent']]['title_var']); - $back_to_page['url'] = $_base_href.$_pages[$mod_path]['parent']; + }else if(isset($_pages[$mod_path]['parent']) && $_pages[$mod_path]['parent'] != 'tools/index.php'){ + $parent_of_mod = $_pages[$mod_path]['parent']; + if (isset($_pages[$parent_of_mod]['title_var'])) { + $back_to_page['title'] = _AT($_pages[$parent_of_mod]['title_var']); + } else { + $back_to_page['title'] = ''; + } + $back_to_page['url'] = $_base_href.$parent_of_mod; } else{ $back_to_page = $_SESSION['tool_origin']; @@ -307,9 +312,9 @@ if (defined('HOME_URL') && HOME_URL) { $_top_level_pages[] = array('url' => HOME_URL, 'title' => _AT('home')); } -} else if ($_SESSION['course_id'] < 0) { +} else if (isset($_SESSION['course_id']) && $_SESSION['course_id'] < 0) { $section_title = _AT('administration'); -} else if (!$_SESSION['course_id']) { +} else if (!isset($_SESSION['course_id']) || !$_SESSION['course_id']) { $section_title = _AT('my_start_page'); } @@ -346,7 +351,7 @@ $rows_courses = queryDB($sql, array(TABLE_PREFIX, $_SESSION['member_id'])); $nav_courses = array(); /* the list of courses we're enrolled in or own */ - foreach($rows_courses as $row){ + if (is_array($rows_courses)) foreach($rows_courses as $row){ //Truncate course title if it's > 45. $system_courses[$row['course_id']]['title'] = htmlentities($system_courses[$row['course_id']]['title'], ENT_QUOTES, 'UTF-8'); $nav_courses[$row['course_id']] = validate_length($system_courses[$row['course_id']]['title'], 45, VALIDATE_LENGTH_FOR_DISPLAY); @@ -386,9 +391,10 @@ */ } -function admin_switch(){ - if($_SESSION['is_admin'] > 0) {?> -