Tweaks (#886)

* check on var before use

* avoid php notice

* change bugreport link to github issues

* link to the subscribe page area

* find config correctly

* avoid notices

* test on value

* check on var

* avoid error when the DB is not on the same host

* #883 - make defaults more common

* remove outdated JS code

* pass a potential documentation URL on to commandline

* expand on a plugin failing to initialise and add a URL for docs

* fix path to config

* simplify

* use __DIR__

* remove unneeded configs

* deal with 0 values

* #888 - initialise website and domain

(cherry picked from commit 6510973)

Author: michield

public_html/lists/admin/admin.php

@@ -285,7 +285,11 @@
     if ($id) {
         $val_req = Sql_Fetch_Row_Query("select value from {$tables['admin_attribute']}
       where adminid = $id and adminattributeid = $row[id]");
-        $row['value'] = $val_req[0];
+        if (isset($val_req[0])) {
+          $row['value'] = $val_req[0];
+        } else {
+          $row['value'] = '';
+        }
     } else {
         $row['value'] = '';
     }

public_html/lists/admin/connect.php

@@ -460,10 +460,13 @@ function ClineSignature()
     return 'phpList version '.VERSION.' (c) 2000-'.date('Y')." phpList Ltd, https://www.phplist.com";
 }
 
-function ClineError($msg)
+function ClineError($msg, $documentationURL = '')
 {
     ob_end_clean();
-    echo "\nError: $msg\n";
+    echo PHP.EOL."Error: $msg\n";
+    if (!empty($documentationURL)) {
+      echo PHP_EOL.s("For more information: "). $documentationURL;
+    }
     exit;
 }
 
@@ -475,11 +478,11 @@ function clineUsage($line = '')
 function Error($msg, $documentationURL = '')
 {
     if ($GLOBALS['commandline']) {
-        clineError($msg);
+        clineError($msg, $documentationURL);
 
         return;
     }
-    echo '<div class="error">'.$GLOBALS['I18N']->get('error').": $msg ";
+    echo '<div class="error">'.s('error').": $msg ";
     if (!empty($documentationURL)) {
         echo resourceLink($documentationURL);
     }

public_html/lists/admin/defaultsystemtemplate.php

@@ -404,7 +404,7 @@
         , $title
     ));
 
-    if ($exists[0]) {
+    if (!empty($exists[0])) {
         $messages = '<div class="actionresult alert alert-warning">';
         $messages .= s('This default template already exists');
         $messages .= '</div>';

public_html/lists/admin/index.php

@@ -64,8 +64,8 @@ function mb_strtolower($string)
     $configfile = $_SERVER['ConfigFile'];
 } elseif (isset($cline['c']) && is_file($cline['c'])) {
     $configfile = $cline['c'];
-} elseif (is_file(dirname(__FILE__).'/../config/config.php')) {
-    $configfile = '../config/config.php';
+} elseif (is_file(__DIR__.'/../config/config.php')) {
+    $configfile = __DIR__.'/../config/config.php';
 } else {
     $configfile = '../config/config.php';
 }
@@ -734,7 +734,7 @@ function mb_strtolower($string)
 
         if (!$parses_ok) {
             echo Error("cannot parse $include");
-            echo '<p class="error">Sorry, an error occurred. This is a bug. Please <a href="http://mantis.phplist.com">report the bug to the Bug Tracker</a><br/>Sorry for the inconvenience</a></p>';
+            echo '<p class="error">Sorry, an error occurred. This is a bug. Please <a href="https://github.com/phpList/phplist3/issues">report the bug to the Bug Tracker</a><br/>Sorry for the inconvenience</a></p>';
         } else {
             if (!empty($_SESSION['action_result'])) {
                 echo '<div class="actionresult">'.$_SESSION['action_result'].'</div>';

public_html/lists/admin/init.php

@@ -75,8 +75,7 @@
 ## avoid the screen being blank, due to the FOUC system
 ini_set("error_append_string",'<script>document.body.classList.remove("invisible");</script>'); ## remove the FOUC
 ini_set("error_prepend_string",'<div style="{font-size: 24px;color:red;}">Sorry a software error occurred:</div><br/>
-  Please <a href="http://mantis.phplist.org">report a bug</a> when reporting the bug, please include URL and the entire content of this page.<br/>');
-
+  Please <a href="https://github.com/phpList/phplist3/issues">report a bug</a> when reporting the bug, please include URL and the entire content of this page.<br/>');
 
 if (function_exists('mb_internal_encoding')) {
     mb_internal_encoding('UTF-8');
@@ -97,10 +96,6 @@
 // @@@ needs more work
 $GLOBALS['compression_used'] = $zlib_compression || $gzhandler;
 
-// make sure these are set correctly, so they cannot be injected due to the PHP Globals Problem,
-// http://www.hardened-php.net/globals-problem
-$GLOBALS['language_module'] = $language_module;
-$GLOBALS['database_module'] = $database_module;
 
 //# this is mostly useful when using commandline, and the language is not detected
 //# with the browser
@@ -122,6 +117,8 @@
 //  $GLOBALS['design'] = basename($GLOBALS['design']);
 }
 
+$website = $domain = '';
+
 if (!isset($GLOBALS['ui']) || !is_dir(dirname(__FILE__).'/ui/'.$GLOBALS['ui'])) {
     if (is_dir(dirname(__FILE__).'/ui/phplist-ui-bootlist')) {
         $GLOBALS['ui'] = 'phplist-ui-bootlist';
@@ -158,9 +155,15 @@
 
 if (empty($GLOBALS['language_module'])) {
     $GLOBALS['language_module'] = 'english.inc';
+    if (isset($language_module)) {
+      $GLOBALS['language_module'] = $language_module;
+    }
 }
 if (empty($GLOBALS['database_module']) || !is_file(dirname(__FILE__).'/'.$GLOBALS['database_module'])) {
     $GLOBALS['database_module'] = 'mysqli.inc';
+    if (isset($database_module)) {
+        $GLOBALS['database_module'] = $database_module;
+    }
 }
 if (!isset($database_port)) {
     $database_port = null;
@@ -672,7 +675,7 @@
 if (!isset($allowed_referrers) || !is_array($allowed_referrers)) {
     $allowed_referrers = array();
 }
-if (defined('ACCESS_CONTROL_ALLOW_ORIGINS') && in_array($_SERVER['HTTP_ORIGIN'], ACCESS_CONTROL_ALLOW_ORIGINS)) {
+if (isset($_SERVER['HTTP_ORIGIN']) && defined('ACCESS_CONTROL_ALLOW_ORIGINS') && in_array($_SERVER['HTTP_ORIGIN'], ACCESS_CONTROL_ALLOW_ORIGINS)) {
     define('ACCESS_CONTROL_ALLOW_ORIGIN', $_SERVER['HTTP_ORIGIN']);
 } elseif (!defined('ACCESS_CONTROL_ALLOW_ORIGIN')) {
     define('ACCESS_CONTROL_ALLOW_ORIGIN', $GLOBALS['scheme'].'://'.$_SERVER['HTTP_HOST']);

public_html/lists/admin/lib.php

@@ -36,7 +36,7 @@
 if (!isset($GLOBALS['developer_email'])) {
     ini_set('error_append_string', 'phpList version '.VERSION);
     ini_set('error_prepend_string', '<p class="error">Sorry a software error occurred:<br/>
-    Please <a href="http://mantis.phplist.com">report a bug</a> when reporting the bug, please include URL and the entire content of this page.<br/>');
+    Please <a href="https://github.com/phpList/phplist3/issues">report a bug</a> when reporting the bug, please include URL and the entire content of this page.<br/>');
 }
 
 function cleanListName($name) { ## we allow certain tags in a listname

public_html/lists/admin/pluginlib.php

@@ -133,7 +133,7 @@
                     dbg($className.' disabled');
                 }
             } else {
-                Error('initialisation of plugin '.$className.' failed');
+                Error('initialisation of plugin '.$className.' failed. Remove the plugin and try again.','https://resources.phplist.com/documentation/errors/pluginfailed');
             }
             //print "$className = ".$pluginInstance->name."<br/>";
         }

public_html/lists/admin/send_core.php

@@ -606,43 +606,7 @@
         ++$counttabs;
 
         // print $tabs->display();
-    } ?>
-
-    <script language="Javascript" type="text/javascript">
-        // some debugging stuff to see what happens
-        function checkForm() {
-            //  return true;
-            for (var i = 0; i < document.sendmessageform.elements.length; i++) {
-                alert(document.sendmessageform.elements[i].name + " " + document.sendmessageform.elements[i].value);
-            }
-            return true;
-        }
-
-        // detection of unsaved changes,
-        var browser = navigator.appName.substring(0, 9);
-        var changed = 1;
-        function haschanged() {
-            changed = 1;
-        }
-        function savechanges() {
-        }
-        var event_number = 0;
-        if (browser == "Microsoft") {
-            document.onkeydown = haschanged;
-            document.onchange = haschanged;
-        } else if (browser == "Netscape") {
-            document.captureEvents(Event.KEYDOWN);
-            document.captureEvents(Event.CHANGE);
-            document.onkeydown = haschanged;
-            document.onchange = haschanged;
-        }
-        function submitform() {
-            document.sendmessageform.submit()
-        }
-    </script>
-    <?php
-    //print '<form method="post" enctype="multipart/form-data" name="sendmessageform" onSubmit="return checkForm()">';
-    echo '<input type="hidden" name="workaround_fck_bug" value="1" />';
+    } 
     echo '<input type="hidden" name="followupto" value="" />';
 
     if ($_GET['page'] == 'preparemessage') {

public_html/lists/admin/upgrade.php

@@ -246,9 +246,15 @@ function output($message)
             }
         }
         $maxsize = (int) ($maxsize * 1.2); //# add another 20%
-        $row = Sql_Fetch_Row_Query('select @@datadir');
-        $dataDir = $row[0];
-        $avail = disk_free_space($dataDir);
+        #this is only valid when the DB is on the same host
+        if ($GLOBALS['database_host'] == 'localhost') {
+          $row = Sql_Fetch_Row_Query('select @@datadir');
+          $dataDir = $row[0];
+          $avail = disk_free_space($dataDir);
+        } else {
+          # let's assume the DB host has sufficient space
+          $avail = $maxsize + 1;
+        }
 
         //# convert to UTF8
         $dbname = $GLOBALS['database_name'];

public_html/lists/config/config.php

@@ -32,16 +32,13 @@
 //#
 //#     define("PHPMAILERHOST",'smtp.mydomain.com');
 
-define('PHPMAILERHOST', 'localhost');
-define('PHPMAILERPORT',2500);
-define('PHPMAILER_SECURE',false);
-
+define('PHPMAILERHOST', '');
 
 // if TEST is set to 1 (not 0) it will not actually send ANY messages, but display what it would have sent
 // this is here, to make sure you edited the config file and mails are not sent "accidentally"
 // on unmanaged systems
 
-define('TEST', 0);
+define('TEST', 1);
 /*
 
 ==============================================================================================================

public_html/lists/index.php

@@ -99,7 +99,9 @@
 }
 // make sure the subscribe page still exists
 $req = Sql_fetch_row_query(sprintf('select id from %s where id = %d', $tables['subscribepage'], $id));
-$id = $req[0];
+if (!$req) {
+  $id = 0;
+}
 $msg = '';
 
 if (!empty($_POST['sendpersonallocation'])) {
@@ -663,7 +665,7 @@ function checkGroup(name,value)
         $html .= '<div class="adminmessage"><p><b>'.s('You are logged in as administrator (%s) of this phpList system',
                 $_SESSION['logindetails']['adminname']).'</b></p>';
         $html .= '<p>'.s('You are therefore offered the following choice, which your subscribers will not see when they load this page.').'</p>';
-        $html .= '<p><a href="'.$GLOBALS['adminpages'].'" class="button">'.s('Go back to admin area').'</a></p>';
+        $html .= '<p><a href="'.$GLOBALS['adminpages'].'?page=spage" class="button">'.s('Go back to admin area').'</a></p>';
         $html .= '<p><b>'.s('Please choose').'</b>: <br/><input type=radio name="makeconfirmed" value="1"> '.s('Make this subscriber confirmed immediately').'
       <br/><input type=radio name="makeconfirmed" value="0" checked> ' .s('Send this subscriber a request for confirmation email').' </p></div>';
     }