config system, security fix for shared hosting

storage/config/country.ini.php

@@ -1,3 +1,6 @@
+<?php
+return <<<EOF
 [country]
 timezone=Asia/Seoul
 timeformat=Y-m-d H:i:s
+EOF;

storage/config/database.ini.php

@@ -1,7 +1,10 @@
+<?php
+return <<<EOF
 [database]
 db_driver = mysql
 db_host = localhost
 db_name = dbname
 db_username = dbusername
 db_password = dbpassword
-filedb_storage = ./storage
+storage_dir = storage
+EOF;

storage/config/security.ini.php

@@ -1,3 +1,5 @@
+<?php
+return <<<EOF
 [security]
 masterkey=ZVScK4o3DTQsQjyr
 masteriv=qcLHsW6g11E1JEAF
@@ -5,3 +7,4 @@ salt=H6hclwzFplRQw39C
 adjectives=warty,hoary,breezy,dapper,edgy,feisty,gutsy,hardy,intrepid,jaunty,karmic,lucid,maverick,natty,oneiric,precise,quantal,raring,saucy,trusty,utopic,vivid,wliy,xeniel,yakkety,zesty
 animals=warthog,hedgehog,badger,drake,eft,fawn,gibbon,heron,ibex,jackalope,koala,lynx,meerkat,narwhal,ocelot,pangolin,quetzal,ringtail,salamander,tahr,unicorn,vervet,werewolf,xerus,yak,zapus
 httpencrypt=auto
+EOF;

storage/config/system.ini.php

@@ -1,5 +1,8 @@
+<?php
+return <<<EOF
 [system]
 max_execution_time=0
 session_dir=session
 enable_autoload=0
 default_route=welcome
+EOF;

storage/config/uri.ini

@@ -1,2 +0,0 @@
-[uri]
-base_url = /

storage/config/uri.ini.php

@@ -0,0 +1,5 @@
+<?php
+return <<<EOF
+[uri]
+base_url = /
+EOF;

storage/config/vworld.ini

@@ -1,3 +0,0 @@
-[vworld]
-vworld_api_key=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
-vworld_api_domain=example.org

storage/config/vworld.ini.php

@@ -0,0 +1,6 @@
+<?php
+return <<<EOF
+[vworld]
+vworld_api_key=
+vworld_api_domain=
+EOF;

system/config.php

@@ -7,21 +7,21 @@
  */
 
 if(!function_exists("read_config")) {
-        function read_config() {
+	function read_config() {
-                $config = array();
+		$config = array();
 
-                $files = retrieve_storage_files("config");
+		$files = retrieve_storage_files("config");
-                foreach($files as $file) {
+		foreach($files as $file) {
-                        if(check_file_extension($file, "ini")) {
+			if(check_file_extension($file, "ini.php", array("multiple" => true))) {
-                                $ini = parse_ini_file($file);
+				$ini = parse_ini_file(include($file));
-                                foreach($ini as $k=>$v) {
+				foreach($ini as $k=>$v) {
-                                        $config[$k] = $v;
+					$config[$k] = $v;
-                                }
+				}
-                        }
+			}
-                }
+		}
 
-                return $config;
+		return $config;
-        }
+	}
 }
 
 if(!function_exists("get_config")) {

system/storage.php

@@ -299,14 +299,25 @@ if(!function_exists("retrieve_storage_files")) {
 }
 
 if(!function_exists("get_file_extension")) {
-	function get_file_extension($file) {
+	function get_file_extension($file, $options=array()) {
-		return pathinfo($file, PATHINFO_EXTENSION);
+		$result = false;
+
+		// option 'multiple': extension a.b.c.d.f...z
+		if(array_key_equals("multiple", $options, true)) {
+			$name = basename($file);
+			$pos = strpos($name, '.');
+			$result = substr($name, $pos + 1);
+		} else {
+			$result = pathinfo($file, PATHINFO_EXTENSION);
+		}
+
+		return $result;
 	}
 }
 
 if(!function_exists("check_file_extension")) {
-	function check_file_extension($file, $extension) {
+	function check_file_extension($file, $extension, $options=array()) {
-		return (get_file_extension($file) === $extension);
+		return (get_file_extension($file, $options) === $extension);
 	}
 }