From 999370646b2086d79dd1d6bbcfb0f6eeafd3659a Mon Sep 17 00:00:00 2001 From: Fred Tempez Date: Fri, 5 Apr 2024 16:49:08 +0200 Subject: [PATCH] 13.2.00 fonction secureFilePutContents --- core/class/router.class.php | 10 +++++----- core/core.php | 8 ++++---- core/include/update.inc.php | 6 +++--- core/module/config/config.php | 14 +++++++------- core/module/install/install.php | 4 ++-- core/module/language/language.php | 8 ++++---- core/module/page/page.php | 2 +- core/module/plugin/plugin.php | 4 ++-- core/module/theme/theme.php | 8 ++++---- 9 files changed, 32 insertions(+), 32 deletions(-) diff --git a/core/class/router.class.php b/core/class/router.class.php index 98e348d1..8256581e 100644 --- a/core/class/router.class.php +++ b/core/class/router.class.php @@ -61,17 +61,17 @@ class core extends common // Crée le fichier de personnalisation avancée if (file_exists(self::DATA_DIR . 'custom.css') === false) { - file_put_contents(self::DATA_DIR . 'custom.css', file_get_contents('core/module/theme/resource/custom.css')); + $this->secureFilePutContents(self::DATA_DIR . 'custom.css', file_get_contents('core/module/theme/resource/custom.css')); chmod(self::DATA_DIR . 'custom.css', 0755); } // Crée le fichier de personnalisation if (file_exists(self::DATA_DIR . 'theme.css') === false) { - file_put_contents(self::DATA_DIR . 'theme.css', ''); + $this->secureFilePutContents(self::DATA_DIR . 'theme.css', ''); chmod(self::DATA_DIR . 'theme.css', 0755); } // Crée le fichier de personnalisation de l'administration if (file_exists(self::DATA_DIR . 'admin.css') === false) { - file_put_contents(self::DATA_DIR . 'admin.css', ''); + $this->secureFilePutContents(self::DATA_DIR . 'admin.css', ''); chmod(self::DATA_DIR . 'admin.css', 0755); } @@ -273,7 +273,7 @@ class core extends common $css .= '#footerCopyright{text-align:' . $this->getData(['theme', 'footer', 'copyrightAlign']) . '}'; // Enregistre la personnalisation - file_put_contents(self::DATA_DIR . 'theme.css', $css); + $this->secureFilePutContents(self::DATA_DIR . 'theme.css', $css); // Effacer le cache pour tenir compte de la couleur de fond TinyMCE header("Expires: Tue, 01 Jan 2000 00:00:00 GMT"); @@ -367,7 +367,7 @@ class core extends common // Bordure du contour TinyMCE $css .= '.mce-tinymce{border: 1px solid ' . $this->getData(['admin', 'borderBlockColor']) . '!important;}'; // Enregistre la personnalisation - file_put_contents(self::DATA_DIR . 'admin.css', $css); + $this->secureFilePutContents(self::DATA_DIR . 'admin.css', $css); } } /** diff --git a/core/core.php b/core/core.php index a7e4f301..644493ff 100644 --- a/core/core.php +++ b/core/core.php @@ -589,7 +589,7 @@ class common public function setPage($page, $value, $lang) { - return file_put_contents(self::DATA_DIR . $lang . '/content/' . $page . '.html', $value); + return $this->secureFilePutContents(self::DATA_DIR . $lang . '/content/' . $page . '.html', $value); } @@ -827,7 +827,7 @@ class common // Enregistrement : 3 tentatives for ($i = 0; $i < 3; $i++) { - if (file_put_contents('core/vendor/tinymce/link_list.json', json_encode($parents, JSON_UNESCAPED_UNICODE), LOCK_EX) !== false) { + if ($this->secureFilePutContents('core/vendor/tinymce/link_list.json',$parents) !== false) { break; } // Pause de 10 millisecondes @@ -1121,7 +1121,7 @@ class common } $sitemap->updateRobots(); } else { - file_put_contents('robots.txt', 'User-agent: *' . PHP_EOL . 'Disallow: /'); + $this->secureFilePutContents('robots.txt', 'User-agent: *' . PHP_EOL . 'Disallow: /'); } // Submit your sitemaps to Google, Yahoo, Bing and Ask.com @@ -1398,7 +1398,7 @@ class common $dataLog .= $message ? $this->getUrl() . ';' . $message : $this->getUrl(); $dataLog .= PHP_EOL; if ($this->getData(['config', 'connect', 'log'])) { - file_put_contents(self::DATA_DIR . 'journal.log', $dataLog, FILE_APPEND); + $this->secureFilePutContents(self::DATA_DIR . 'journal.log', $dataLog, FILE_APPEND); } } diff --git a/core/include/update.inc.php b/core/include/update.inc.php index 484ba131..c10255e2 100644 --- a/core/include/update.inc.php +++ b/core/include/update.inc.php @@ -135,7 +135,7 @@ if ($this->getData(['core', 'dataVersion']) < 10200) { } // Créer les en-têtes du journal $d = 'Date;Heure;IP;Id;Action' . PHP_EOL; - file_put_contents(self::DATA_DIR . 'journal.log', $d); + $this->secureFilePutContents(self::DATA_DIR . 'journal.log', $d); // Init préservation htaccess $this->setData(['config', 'autoUpdateHtaccess', false]); // Options de barre de membre simple @@ -459,7 +459,7 @@ if ($this->getData(['core', 'dataVersion']) < 11000) { } foreach ($hierarchy as $parentKey => $parent) { $content = $this->getData(['page', $parent, 'content']); - //file_put_contents(self::DATA_DIR . self::$siteContent . '/content/' . $parent . '.html', $content); + //$this->secureFilePutContents(self::DATA_DIR . self::$siteContent . '/content/' . $parent . '.html', $content); $this->setPage($parent, $content, 'fr'); $this->setData(['page', $parent, 'content', $parent . '.html']); } @@ -982,7 +982,7 @@ if ($this->getData(['core', 'dataVersion']) < 12309) { $d = json_decode(file_get_contents(self::DATA_DIR . $key . '/locale.json'), true); $d = array_merge($d['locale'], ['poweredPageLabel' => 'Motorisé par']); $t['locale'] = $d; - file_put_contents(self::DATA_DIR . $key . '/locale.json', json_encode($t)); + $this->secureFilePutContents(self::DATA_DIR . $key . '/locale.json', $t); } } diff --git a/core/module/config/config.php b/core/module/config/config.php index cda364e0..e1371b04 100644 --- a/core/module/config/config.php +++ b/core/module/config/config.php @@ -534,7 +534,7 @@ class config extends common '' . PHP_EOL . '# URL rewriting' . PHP_EOL; $fileContent = str_replace('# URL rewriting', $rewriteData, $fileContent); - file_put_contents( + $this->secureFilePutContents( '.htaccess', $fileContent ); @@ -550,7 +550,7 @@ class config extends common $fileContent = file_get_contents('.htaccess'); $fileContent = explode('# URL rewriting', $fileContent); $fileContent = $fileContent[0] . '# URL rewriting' . $fileContent[2]; - file_put_contents( + $this->secureFilePutContents( '.htaccess', $fileContent ); @@ -654,10 +654,10 @@ class config extends common ) { // Ecrire les fichiers de script if ($this->geturl(2) === 'head') { - file_put_contents(self::DATA_DIR . 'head.inc.html', $this->getInput('configScriptHead', null)); + $this->secureFilePutContents(self::DATA_DIR . 'head.inc.html', $this->getInput('configScriptHead', null)); } if ($this->geturl(2) === 'body') { - file_put_contents(self::DATA_DIR . 'body.inc.html', $this->getInput('configScriptBody', null)); + $this->secureFilePutContents(self::DATA_DIR . 'body.inc.html', $this->getInput('configScriptBody', null)); } // Valeurs en sortie $this->addOutput([ @@ -699,7 +699,7 @@ class config extends common unlink(self::DATA_DIR . 'journal.log'); // Créer les en-têtes des journaux $d = 'Date;Heure;IP;Id;Action' . PHP_EOL; - file_put_contents(self::DATA_DIR . 'journal.log', $d); + $this->secureFilePutContents(self::DATA_DIR . 'journal.log', $d); // Valeurs en sortie $this->addOutput([ 'title' => helper::translate('Configuration'), @@ -775,7 +775,7 @@ class config extends common ob_start(); $fileName = self::TEMP_DIR . 'blacklist.log'; $d = 'Date dernière tentative;Heure dernière tentative;Id;Adresse IP;Nombre d\'échecs' . PHP_EOL; - file_put_contents($fileName, $d); + $this->secureFilePutContents($fileName, $d); if (file_exists($fileName)) { $d = $this->getData(['blacklist']); $data = ''; @@ -783,7 +783,7 @@ class config extends common $data .= helper::dateUTF8('%Y %m %d', $item['lastFail'], self::$i18nUI) . ' - ' . helper::dateUTF8('%H:%M', time(), self::$i18nUI); $data .= $key . ';' . $item['ip'] . ';' . $item['connectFail'] . PHP_EOL; } - file_put_contents($fileName, $data, FILE_APPEND); + $this->secureFilePutContents($fileName, $data, FILE_APPEND); header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Transfer-Encoding: binary'); diff --git a/core/module/install/install.php b/core/module/install/install.php index c3622b06..00f370fc 100644 --- a/core/module/install/install.php +++ b/core/module/install/install.php @@ -292,7 +292,7 @@ class install extends common case 2: $success = true; $message = ''; - file_put_contents(self::TEMP_DIR . 'update.tar.gz', helper::getUrlContents(common::ZWII_UPDATE_URL . common::ZWII_UPDATE_CHANNEL . '/update.tar.gz')); + $this->secureFilePutContents(self::TEMP_DIR . 'update.tar.gz', helper::getUrlContents(common::ZWII_UPDATE_URL . common::ZWII_UPDATE_CHANNEL . '/update.tar.gz')); $md5origin = helper::getUrlContents(common::ZWII_UPDATE_URL . common::ZWII_UPDATE_CHANNEL . '/update.md5'); $md5origin = explode(' ', $md5origin); $md5target = md5_file(self::TEMP_DIR . 'update.tar.gz'); @@ -401,7 +401,7 @@ class install extends common '' . PHP_EOL . '# URL rewriting' . PHP_EOL; $fileContent = str_replace('# URL rewriting', $rewriteData, $fileContent); - $success = file_put_contents( + $success = $this->secureFilePutContents( '.htaccess', $fileContent ); diff --git a/core/module/language/language.php b/core/module/language/language.php index a7bdaf08..20977bcf 100644 --- a/core/module/language/language.php +++ b/core/module/language/language.php @@ -99,7 +99,7 @@ class language extends common is_array($descripteur['language'][$lang]) ) { if ($this->setData(['language', $lang, $descripteur['language'][$lang]])) { - $success = file_put_contents(self::I18N_DIR . $lang . '.json', json_encode($languageData, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT)); + $success = $this->secureFilePutContents(self::I18N_DIR . $lang . '.json', $languageData); $success = is_int($success) ? true : false; } } @@ -430,7 +430,7 @@ class language extends common $this->setData(['locale', $data['locale']]); } else { // Sauver sur le disque - file_put_contents(self::DATA_DIR . $lang . '/locale.json', json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT), LOCK_EX); + $this->secureFilePutContents(self::DATA_DIR . $lang . '/locale.json', $data); } // Valeurs en sortie @@ -512,7 +512,7 @@ class language extends common $data[$key] = $target; } } - file_put_contents(self::I18N_DIR . $lang . '.json', json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT), LOCK_EX); + $this->secureFilePutContents(self::I18N_DIR . $lang . '.json', $data); // Mettre à jour le descripteur $this->setData([ @@ -546,7 +546,7 @@ class language extends common $data[$key] = ''; } } - file_put_contents(self::I18N_DIR . $lang . '.json', json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT), LOCK_EX); + $this->secureFilePutContents(self::I18N_DIR . $lang . '.json', $data); // Tableau des chaines à traduire dans la langue sélectionnée foreach ($data as $key => $value) { diff --git a/core/module/page/page.php b/core/module/page/page.php index 2063fd83..b161fa94 100644 --- a/core/module/page/page.php +++ b/core/module/page/page.php @@ -177,7 +177,7 @@ class page extends common if (!is_dir(self::DATA_DIR . self::$siteContent . '/content')) { mkdir(self::DATA_DIR . self::$siteContent . '/content', 0755); } - //file_put_contents(self::DATA_DIR . self::$siteContent . '/content/' . $pageId . '.html', '

Contenu de votre nouvelle page.

'); + //$this->secureFilePutContents(self::DATA_DIR . self::$siteContent . '/content/' . $pageId . '.html', '

Contenu de votre nouvelle page.

'); $this->setPage($pageId, '

Contenu de votre nouvelle page.

', self::$siteContent); // Met à jour le sitemap diff --git a/core/module/plugin/plugin.php b/core/module/plugin/plugin.php index 6ebd3947..4a56d021 100644 --- a/core/module/plugin/plugin.php +++ b/core/module/plugin/plugin.php @@ -314,7 +314,7 @@ class plugin extends common mkdir(self::FILE_DIR . 'source/modules', 0755); } // Sauver les données du fichiers - file_put_contents(self::FILE_DIR . 'source/modules/' . $moduleFile, $moduleData); + $this->secureFilePutContents(self::FILE_DIR . 'source/modules/' . $moduleFile, $moduleData); // Installation directe if (file_exists(self::FILE_DIR . 'source/modules/' . $moduleFile)) { @@ -592,7 +592,7 @@ class plugin extends common $fileName = $moduleId . str_replace('.', '-', $infoModule[$moduleId]['version']) . '.zip'; // Régénération du descripteur du module - file_put_contents(self::MODULE_DIR . $moduleId . '/enum.json', json_encode($infoModule[$moduleId], JSON_UNESCAPED_UNICODE)); + $this->secureFilePutContents(self::MODULE_DIR . $moduleId . '/enum.json', $infoModule[$moduleId]); // Construire l'archive $this->makeZip($tmpFolder . $fileName, self::MODULE_DIR . $moduleId); diff --git a/core/module/theme/theme.php b/core/module/theme/theme.php index 37616ab4..6c8f0824 100644 --- a/core/module/theme/theme.php +++ b/core/module/theme/theme.php @@ -304,7 +304,7 @@ class theme extends common $this->isPost() ) { // Enregistre le CSS - file_put_contents(self::DATA_DIR . 'custom.css', $this->getInput('themeAdvancedCss', null)); + $this->secureFilePutContents(self::DATA_DIR . 'custom.css', $this->getInput('themeAdvancedCss', null)); // Valeurs en sortie $this->addOutput([ 'notification' => helper::translate('Modifications enregistrées'), @@ -1290,7 +1290,7 @@ class theme extends common } // Sauvegarder la chaîne modifiée if ($count > 0) { - file_put_contents($file, $data); + $this->secureFilePutContents($file, $data); } // Retourner le nombre d'occurrences return ($count); @@ -1396,8 +1396,8 @@ class theme extends common } // Enregistre la personnalisation - file_put_contents(self::DATA_DIR . 'font/font.html', $fileContent); + $this->secureFilePutContents(self::DATA_DIR . 'font/font.html', $fileContent); // Enregistre la personnalisation - file_put_contents(self::DATA_DIR . 'font/font.css', $fileContentCss); + $this->secureFilePutContents(self::DATA_DIR . 'font/font.css', $fileContentCss); } } \ No newline at end of file