From 4d3fa6eca510329542ec4518c4bc029533051d01 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Fri, 9 Feb 2018 10:50:14 +0100 Subject: [PATCH] get rid of the need for allow_url_fopen Signed-off-by: Michael Kaufmann (d00p) --- admin_autoupdate.php | 238 ++++++++++++++------------ admin_index.php | 52 +++--- lib/ajax.php | 82 +++++---- lib/classes/cURL/class.HttpClient.php | 60 +++++++ lib/classes/ssl/class.lescript.php | 5 +- lib/classes/ssl/class.lescript_v2.php | 9 +- 6 files changed, 254 insertions(+), 192 deletions(-) create mode 100644 lib/classes/cURL/class.HttpClient.php diff --git a/admin_autoupdate.php b/admin_autoupdate.php index da4da2ae..701e8011 100644 --- a/admin_autoupdate.php +++ b/admin_autoupdate.php @@ -17,7 +17,6 @@ * @since 0.9.35 * */ - define('AREA', 'admin'); require './lib/init.php'; @@ -26,177 +25,188 @@ define('UPDATE_URI', "https://version.froxlor.org/Froxlor/legacy/" . $version); define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip"); define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256"); -// check for allow_url_fopen -if (ini_get('allow_url_fopen') === false) { - redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 1)); -} - // check for archive-stuff if (! extension_loaded('zip')) { - redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 2)); + redirectTo($filename, array( + 's' => $s, + 'page' => 'error', + 'errno' => 2 + )); } // display initial version check if ($page == 'overview') { - + // log our actions $log->logAction(ADM_ACTION, LOG_NOTICE, "checking auto-update"); - + // check for new version - $latestversion = @file(UPDATE_URI); - - if (isset($latestversion[0])) { - $latestversion = explode('|', $latestversion[0]); - - if (is_array($latestversion) - && count($latestversion) >= 1 - ) { - $_version = $latestversion[0]; - $_message = isset($latestversion[1]) ? $latestversion[1] : ''; - $_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes'); - - // add the branding so debian guys are not gettings confused - // about their version-number - $version_label = $_version.$branding; - $version_link = $_link; - $message_addinfo = $_message; - - // not numeric -> error-message - if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) { - // check for customized version to not output - // "There is a newer version of froxlor" besides the error-message - redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 3)); - } elseif (version_compare2($version, $_version) == -1) { - // there is a newer version - yay - $isnewerversion = 1; - } else { - // nothing new - $isnewerversion = 0; - } - - // anzeige über version-status mit ggfls. formular - // zum update schritt #1 -> download - if ($isnewerversion == 1) { - $text = 'There is a newer version available. Update to version '.$_version.' now?
(Your current version is: '.$version.')'; - $hiddenparams = ''; - $yesfile = $filename.'?s='.$s.'&page=getdownload'; - eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";"); - exit; - } - elseif ($isnewerversion == 0) { - // all good - standard_success ('noupdatesavail'); - } else { - standard_error ('customized_version'); - } + $latestversion = HttpClient::urlGet(UPDATE_URI); + + $latestversion = explode('|', $latestversion); + + if (is_array($latestversion) && count($latestversion) >= 1) { + $_version = $latestversion[0]; + $_message = isset($latestversion[1]) ? $latestversion[1] : ''; + $_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes'); + + // add the branding so debian guys are not gettings confused + // about their version-number + $version_label = $_version . $branding; + $version_link = $_link; + $message_addinfo = $_message; + + // not numeric -> error-message + if (! preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) { + // check for customized version to not output + // "There is a newer version of froxlor" besides the error-message + redirectTo($filename, array( + 's' => $s, + 'page' => 'error', + 'errno' => 3 + )); + } elseif (version_compare2($version, $_version) == - 1) { + // there is a newer version - yay + $isnewerversion = 1; + } else { + // nothing new + $isnewerversion = 0; + } + + // anzeige über version-status mit ggfls. formular + // zum update schritt #1 -> download + if ($isnewerversion == 1) { + $text = 'There is a newer version available. Update to version ' . $_version . ' now?
(Your current version is: ' . $version . ')'; + $hiddenparams = ''; + $yesfile = $filename . '?s=' . $s . '&page=getdownload'; + eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";"); + exit(); + } elseif ($isnewerversion == 0) { + // all good + standard_success('noupdatesavail'); + } else { + standard_error('customized_version'); } } - // error (something weird came from version.froxlor.org) - redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 5)); -} -// download the new archive +}// download the new archive elseif ($page == 'getdownload') { - + // retrieve the new version from the form $newversion = isset($_POST['newversion']) ? $_POST['newversion'] : null; - + // valid? if ($newversion !== null) { - + // define files to get $toLoad = str_replace('{version}', $newversion, RELEASE_URI); $toCheck = str_replace('{version}', $newversion, CHECKSUM_URI); - - // get archive data - $newArchive = @file_get_contents($toLoad); - + // check for local destination folder - if (!is_dir(FROXLOR_INSTALL_DIR.'/updates/')) { - mkdir(FROXLOR_INSTALL_DIR.'/updates/'); + if (! is_dir(FROXLOR_INSTALL_DIR . '/updates/')) { + mkdir(FROXLOR_INSTALL_DIR . '/updates/'); } - + // name archive - $localArchive = FROXLOR_INSTALL_DIR.'/updates/'.basename($toLoad); - - $log->logAction(ADM_ACTION, LOG_NOTICE, "Downloading ".$toLoad." to ".$localArchive); - + $localArchive = FROXLOR_INSTALL_DIR . '/updates/' . basename($toLoad); + + $log->logAction(ADM_ACTION, LOG_NOTICE, "Downloading " . $toLoad . " to " . $localArchive); + // remove old archive if (file_exists($localArchive)) { @unlink($localArchive); } - - // store archive - $fh = fopen($localArchive, 'w'); - if (!fwrite($fh, $newArchive)) { - redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 4)); + + // get archive data + try { + HttpClient::fileGet($toLoad, $localArchive); + } catch (Exception $e) { + redirectTo($filename, array( + 's' => $s, + 'page' => 'error', + 'errno' => 4 + )); } - - // close file-handle - fclose($fh); - + // validate the integrity of the downloaded file - $_shouldsum = @file_get_contents($toCheck); - if (!empty($_shouldsum)) { + $_shouldsum = HttpClient::urlGet($toCheck); + if (! empty($_shouldsum)) { $_t = explode(" ", $_shouldsum); $shouldsum = $_t[0]; } else { $shouldsum = null; } $filesum = hash_file('sha256', $localArchive); - + if ($filesum != $shouldsum) { - redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 9)); + redirectTo($filename, array( + 's' => $s, + 'page' => 'error', + 'errno' => 9 + )); } - + // to the next step - redirectTo($filename, array('s' => $s, 'page' => 'extract', 'archive' => basename($localArchive))); + redirectTo($filename, array( + 's' => $s, + 'page' => 'extract', + 'archive' => basename($localArchive) + )); } - redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 6)); -} -// extract and install new version + redirectTo($filename, array( + 's' => $s, + 'page' => 'error', + 'errno' => 6 + )); +}// extract and install new version elseif ($page == 'extract') { - + $toExtract = isset($_GET['archive']) ? $_GET['archive'] : null; - $localArchive = FROXLOR_INSTALL_DIR.'/updates/'.$toExtract; - - if (isset($_POST['send']) - && $_POST['send'] == 'send' - ) { + $localArchive = FROXLOR_INSTALL_DIR . '/updates/' . $toExtract; + + if (isset($_POST['send']) && $_POST['send'] == 'send') { // decompress from zip - $zip = new ZipArchive; + $zip = new ZipArchive(); $res = $zip->open($localArchive); if ($res === true) { - $log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting ".$localArchive." to ".FROXLOR_INSTALL_DIR); + $log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting " . $localArchive . " to " . FROXLOR_INSTALL_DIR); $zip->extractTo(FROXLOR_INSTALL_DIR); $zip->close(); // success - remove unused archive @unlink($localArchive); } else { // error - redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 8)); + redirectTo($filename, array( + 's' => $s, + 'page' => 'error', + 'errno' => 8 + )); } - + // redirect to update-page? - redirectTo('admin_updates.php', array('s' => $s)); + redirectTo('admin_updates.php', array( + 's' => $s + )); } - - if (!file_exists($localArchive)) { - redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 7)); + + if (! file_exists($localArchive)) { + redirectTo($filename, array( + 's' => $s, + 'page' => 'error', + 'errno' => 7 + )); } - - $text = 'Extract downloaded archive "'.$toExtract.'"?'; + + $text = 'Extract downloaded archive "' . $toExtract . '"?'; $hiddenparams = ''; - $yesfile = $filename.'?s='.$s.'&page=extract&archive='.$toExtract; + $yesfile = $filename . '?s=' . $s . '&page=extract&archive=' . $toExtract; eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";"); } - // display error elseif ($page == 'error') { - + // retrieve error-number via url-parameter - $errno = isset($_GET['errno']) ? (int)$_GET['errno'] : 0; - - // 1 = no allow_url_fopen + $errno = isset($_GET['errno']) ? (int) $_GET['errno'] : 0; + // 2 = no Zlib // 3 = custom version detected // 4 = could not store archive to local hdd @@ -205,5 +215,5 @@ elseif ($page == 'error') { // 7 = local archive does not exist // 8 = could not extract archive // 9 = checksum mismatch - standard_error ('autoupdate_'.$errno); + standard_error('autoupdate_' . $errno); } diff --git a/admin_index.php b/admin_index.php index dae69d6d..4650a24e 100644 --- a/admin_index.php +++ b/admin_index.php @@ -86,41 +86,31 @@ if ($page == 'overview') { || (isset($lookfornewversion) && $lookfornewversion == 'yes') ) { $update_check_uri = 'http://version.froxlor.org/Froxlor/legacy/' . $version; + $latestversion = HttpClient::urlGet($update_check_uri); + $latestversion = explode('|', $latestversion); - if (ini_get('allow_url_fopen')) { - $latestversion = @file($update_check_uri); + if (is_array($latestversion) + && count($latestversion) >= 1 + ) { + $_version = $latestversion[0]; + $_message = isset($latestversion[1]) ? $latestversion[1] : ''; + $_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes'); - if (isset($latestversion[0])) { - $latestversion = explode('|', $latestversion[0]); + // add the branding so debian guys are not gettings confused + // about their version-number + $lookfornewversion_lable = $_version.$branding; + $lookfornewversion_link = $_link; + $lookfornewversion_addinfo = $_message; - if (is_array($latestversion) - && count($latestversion) >= 1 - ) { - $_version = $latestversion[0]; - $_message = isset($latestversion[1]) ? $latestversion[1] : ''; - $_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes'); - - // add the branding so debian guys are not gettings confused - // about their version-number - $lookfornewversion_lable = $_version.$branding; - $lookfornewversion_link = $_link; - $lookfornewversion_addinfo = $_message; - - // not numeric -> error-message - if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) { - // check for customized version to not output - // "There is a newer version of froxlor" besides the error-message - $isnewerversion = 2; - } elseif (version_compare2($version, $_version) == -1) { - $isnewerversion = 1; - } else { - $isnewerversion = 0; - } - } else { - redirectTo($update_check_uri.'/pretty', NULL, false); - } + // not numeric -> error-message + if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) { + // check for customized version to not output + // "There is a newer version of froxlor" besides the error-message + $isnewerversion = 2; + } elseif (version_compare2($version, $_version) == -1) { + $isnewerversion = 1; } else { - redirectTo($update_check_uri.'/pretty', NULL, false); + $isnewerversion = 0; } } else { redirectTo($update_check_uri.'/pretty', NULL, false); diff --git a/lib/ajax.php b/lib/ajax.php index 23370663..4765f91d 100644 --- a/lib/ajax.php +++ b/lib/ajax.php @@ -18,7 +18,7 @@ // Load the user settings define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__))); -if (!file_exists('./userdata.inc.php')) { +if (! file_exists('./userdata.inc.php')) { die(); } require './userdata.inc.php'; @@ -27,10 +27,11 @@ require './classes/database/class.Database.php'; require './classes/settings/class.Settings.php'; require './functions/validate/function.validate_ip.php'; require './functions/validate/function.validateDomain.php'; +require './lib/classes/cURL/class.HttpClient.php'; -if(isset($_POST['action'])) { +if (isset($_POST['action'])) { $action = $_POST['action']; -} elseif(isset($_GET['action'])) { +} elseif (isset($_GET['action'])) { $action = $_GET['action']; } else { $action = ""; @@ -42,51 +43,31 @@ if ($action == "newsfeed") { } else { $feed = "https://inside.froxlor.org/news/"; } - + if (function_exists("simplexml_load_file") == false) { - die(); + outputItem("Newsfeed not available due to missing php-simplexml extension", "Please install the php-simplexml extension in order to view our newsfeed."); + exit(); } - + if (function_exists('curl_version')) { - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $feed); - curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/'.$version); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); - $output = curl_exec($ch); - curl_close($ch); + $output = HttpClient::urlGet($feed); $news = simplexml_load_string(trim($output)); } else { - if (ini_get('allow_url_fopen')) { - ini_set('user_agent', 'Froxlor/'.$version); - $news = simplexml_load_file($feed, null, LIBXML_NOCDATA); - } else { - $news = false; - } + outputItem("Newsfeed not available due to missing php-curl extension", "Please install the php-curl extension in order to view our newsfeed."); + exit(); } - + if ($news !== false) { - for ($i = 0; $i < 3; $i++) { + for ($i = 0; $i < 3; $i ++) { $item = $news->channel->item[$i]; - - $title = (string)$item->title; - $link = (string)$item->link; + + $title = (string) $item->title; + $link = (string) $item->link; $date = date("Y-m-d G:i", strtotime($item->pubDate)); $content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description)); $content = substr($content, 0, 150) . "..."; - - echo "
  • -
    -
    - {$title} - - {$date} - -
    -

    - {$content} -

    -
    -
    • "; + + outputItem($title, $content, $link, $date); } } else { echo ""; @@ -94,3 +75,30 @@ if ($action == "newsfeed") { } else { echo "No action set."; } + +function outputItem($title, $content, $link = null, $date = null) +{ + echo "
  • +
    +
    + "; + if (! empty($link)) { + echo ""; + } + echo $title; + if (! empty($link)) { + echo ""; + } + echo ""; + if (! empty($date)) { + echo " + {$date} + "; + } + echo "
    +

    + {$content} +

    +
    +
    • "; +} diff --git a/lib/classes/cURL/class.HttpClient.php b/lib/classes/cURL/class.HttpClient.php new file mode 100644 index 00000000..53a52114 --- /dev/null +++ b/lib/classes/cURL/class.HttpClient.php @@ -0,0 +1,60 @@ + array('header' => "User-Agent: Froxlor/".$this->version)); - $selfcheckContext = stream_context_create($selfcheckContextOptions); - if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) { + $selfcheckpayload = HttpClient::urlGet($uri); + if ($payload !== trim($selfcheckpayload)) { $errmsg = json_encode(error_get_last()); if ($errmsg != "null") { $errmsg = "; PHP error: " . $errmsg; diff --git a/lib/classes/ssl/class.lescript_v2.php b/lib/classes/ssl/class.lescript_v2.php index 074def62..448222eb 100644 --- a/lib/classes/ssl/class.lescript_v2.php +++ b/lib/classes/ssl/class.lescript_v2.php @@ -233,13 +233,8 @@ class lescript_v2 // simple self check if (Settings::Get('system.disable_le_selfcheck') == '0') { - $selfcheckContextOptions = array( - 'http' => array( - 'header' => "User-Agent: Froxlor/" . $this->version - ) - ); - $selfcheckContext = stream_context_create($selfcheckContextOptions); - if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) { + $selfcheckpayload = HttpClient::urlGet($uri); + if ($payload !== trim($selfcheckpayload)) { $errmsg = json_encode(error_get_last()); if ($errmsg != "null") { $errmsg = "; PHP error: " . $errmsg;