maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

get rid of the need for allow_url_fopen

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-09 10:50:14 +01:00
parent 05b4c58aa8
commit 4d3fa6eca5
6 changed files with 254 additions and 192 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
admin_autoupdate.php
View File

@@ -17,7 +17,6 @@
* @since 0.9.35 * @since 0.9.35
* *
*/ */
define('AREA', 'admin'); define('AREA', 'admin');
require './lib/init.php'; require './lib/init.php';
@@ -26,14 +25,13 @@ define('UPDATE_URI', "https://version.froxlor.org/Froxlor/legacy/" . $version);
define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip"); define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip");
define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256"); define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256");
// check for allow_url_fopen
if (ini_get('allow_url_fopen') === false) {
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 1));
}
// check for archive-stuff // check for archive-stuff
if (! extension_loaded('zip')) { if (! extension_loaded('zip')) {
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 2)); redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 2
));
} }
// display initial version check // display initial version check
@@ -43,14 +41,11 @@ if ($page == 'overview') {
$log->logAction(ADM_ACTION, LOG_NOTICE, "checking auto-update"); $log->logAction(ADM_ACTION, LOG_NOTICE, "checking auto-update");
// check for new version // check for new version
$latestversion = @file(UPDATE_URI); $latestversion = HttpClient::urlGet(UPDATE_URI);
if (isset($latestversion[0])) { $latestversion = explode('|', $latestversion);
$latestversion = explode('|', $latestversion[0]);
if (is_array($latestversion) if (is_array($latestversion) && count($latestversion) >= 1) {
&& count($latestversion) >= 1
) {
$_version = $latestversion[0]; $_version = $latestversion[0];
$_message = isset($latestversion[1]) ? $latestversion[1] : ''; $_message = isset($latestversion[1]) ? $latestversion[1] : '';
$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes'); $_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
@@ -65,7 +60,11 @@ if ($page == 'overview') {
if (! preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) { if (! preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
// check for customized version to not output // check for customized version to not output
// "There is a newer version of froxlor" besides the error-message // "There is a newer version of froxlor" besides the error-message
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 3)); redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 3
));
} elseif (version_compare2($version, $_version) == - 1) { } elseif (version_compare2($version, $_version) == - 1) {
// there is a newer version - yay // there is a newer version - yay
$isnewerversion = 1; $isnewerversion = 1;
@@ -81,20 +80,15 @@ if ($page == 'overview') {
$hiddenparams = '<input type="hidden" name="newversion" value="' . $_version . '" />'; $hiddenparams = '<input type="hidden" name="newversion" value="' . $_version . '" />';
$yesfile = $filename . '?s=' . $s . '&amp;page=getdownload'; $yesfile = $filename . '?s=' . $s . '&amp;page=getdownload';
eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";"); eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
exit; exit();
} } elseif ($isnewerversion == 0) {
elseif ($isnewerversion == 0) {
// all good // all good
standard_success('noupdatesavail'); standard_success('noupdatesavail');
} else { } else {
standard_error('customized_version'); standard_error('customized_version');
} }
} }
} }// download the new archive
// error (something weird came from version.froxlor.org)
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 5));
}
// download the new archive
elseif ($page == 'getdownload') { elseif ($page == 'getdownload') {
// retrieve the new version from the form // retrieve the new version from the form
@@ -107,9 +101,6 @@ elseif ($page == 'getdownload') {
$toLoad = str_replace('{version}', $newversion, RELEASE_URI); $toLoad = str_replace('{version}', $newversion, RELEASE_URI);
$toCheck = str_replace('{version}', $newversion, CHECKSUM_URI); $toCheck = str_replace('{version}', $newversion, CHECKSUM_URI);
// get archive data
$newArchive = @file_get_contents($toLoad);
// check for local destination folder // check for local destination folder
if (! is_dir(FROXLOR_INSTALL_DIR . '/updates/')) { if (! is_dir(FROXLOR_INSTALL_DIR . '/updates/')) {
mkdir(FROXLOR_INSTALL_DIR . '/updates/'); mkdir(FROXLOR_INSTALL_DIR . '/updates/');
@@ -125,17 +116,19 @@ elseif ($page == 'getdownload') {
@unlink($localArchive); @unlink($localArchive);
} }
// store archive // get archive data
$fh = fopen($localArchive, 'w'); try {
if (!fwrite($fh, $newArchive)) { HttpClient::fileGet($toLoad, $localArchive);
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 4)); } catch (Exception $e) {
redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 4
));
} }
// close file-handle
fclose($fh);
// validate the integrity of the downloaded file // validate the integrity of the downloaded file
$_shouldsum = @file_get_contents($toCheck); $_shouldsum = HttpClient::urlGet($toCheck);
if (! empty($_shouldsum)) { if (! empty($_shouldsum)) {
$_t = explode(" ", $_shouldsum); $_t = explode(" ", $_shouldsum);
$shouldsum = $_t[0]; $shouldsum = $_t[0];
@@ -145,25 +138,34 @@ elseif ($page == 'getdownload') {
$filesum = hash_file('sha256', $localArchive); $filesum = hash_file('sha256', $localArchive);
if ($filesum != $shouldsum) { if ($filesum != $shouldsum) {
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 9)); redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 9
));
} }
// to the next step // to the next step
redirectTo($filename, array('s' => $s, 'page' => 'extract', 'archive' => basename($localArchive))); redirectTo($filename, array(
's' => $s,
'page' => 'extract',
'archive' => basename($localArchive)
));
} }
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 6)); redirectTo($filename, array(
} 's' => $s,
// extract and install new version 'page' => 'error',
'errno' => 6
));
}// extract and install new version
elseif ($page == 'extract') { elseif ($page == 'extract') {
$toExtract = isset($_GET['archive']) ? $_GET['archive'] : null; $toExtract = isset($_GET['archive']) ? $_GET['archive'] : null;
$localArchive = FROXLOR_INSTALL_DIR . '/updates/' . $toExtract; $localArchive = FROXLOR_INSTALL_DIR . '/updates/' . $toExtract;
if (isset($_POST['send']) if (isset($_POST['send']) && $_POST['send'] == 'send') {
&& $_POST['send'] == 'send'
) {
// decompress from zip // decompress from zip
$zip = new ZipArchive; $zip = new ZipArchive();
$res = $zip->open($localArchive); $res = $zip->open($localArchive);
if ($res === true) { if ($res === true) {
$log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting " . $localArchive . " to " . FROXLOR_INSTALL_DIR); $log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting " . $localArchive . " to " . FROXLOR_INSTALL_DIR);
@@ -173,15 +175,25 @@ elseif ($page == 'extract') {
@unlink($localArchive); @unlink($localArchive);
} else { } else {
// error // error
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 8)); redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 8
));
} }
// redirect to update-page? // redirect to update-page?
redirectTo('admin_updates.php', array('s' => $s)); redirectTo('admin_updates.php', array(
's' => $s
));
} }
if (! file_exists($localArchive)) { if (! file_exists($localArchive)) {
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 7)); redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 7
));
} }
$text = 'Extract downloaded archive "' . $toExtract . '"?'; $text = 'Extract downloaded archive "' . $toExtract . '"?';
@@ -189,14 +201,12 @@ elseif ($page == 'extract') {
$yesfile = $filename . '?s=' . $s . '&amp;page=extract&amp;archive=' . $toExtract; $yesfile = $filename . '?s=' . $s . '&amp;page=extract&amp;archive=' . $toExtract;
eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";"); eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
} }
// display error // display error
elseif ($page == 'error') { elseif ($page == 'error') {
// retrieve error-number via url-parameter // retrieve error-number via url-parameter
$errno = isset($_GET['errno']) ? (int) $_GET['errno'] : 0; $errno = isset($_GET['errno']) ? (int) $_GET['errno'] : 0;
// 1 = no allow_url_fopen
// 2 = no Zlib // 2 = no Zlib
// 3 = custom version detected // 3 = custom version detected
// 4 = could not store archive to local hdd // 4 = could not store archive to local hdd

14
admin_index.php
View File

@@ -86,12 +86,8 @@ if ($page == 'overview') {
|| (isset($lookfornewversion) && $lookfornewversion == 'yes') || (isset($lookfornewversion) && $lookfornewversion == 'yes')
) { ) {
$update_check_uri = 'http://version.froxlor.org/Froxlor/legacy/' . $version; $update_check_uri = 'http://version.froxlor.org/Froxlor/legacy/' . $version;
$latestversion = HttpClient::urlGet($update_check_uri);
if (ini_get('allow_url_fopen')) { $latestversion = explode('|', $latestversion);
$latestversion = @file($update_check_uri);
if (isset($latestversion[0])) {
$latestversion = explode('|', $latestversion[0]);
if (is_array($latestversion) if (is_array($latestversion)
&& count($latestversion) >= 1 && count($latestversion) >= 1
@@ -119,12 +115,6 @@ if ($page == 'overview') {
} else { } else {
redirectTo($update_check_uri.'/pretty', NULL, false); redirectTo($update_check_uri.'/pretty', NULL, false);
} }
} else {
redirectTo($update_check_uri.'/pretty', NULL, false);
}
} else {
redirectTo($update_check_uri.'/pretty', NULL, false);
}
} else { } else {
$lookfornewversion_lable = $lng['admin']['lookfornewversion']['clickhere']; $lookfornewversion_lable = $lng['admin']['lookfornewversion']['clickhere'];
$lookfornewversion_link = htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes'); $lookfornewversion_link = htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');

60
lib/ajax.php
View File

@@ -27,6 +27,7 @@ require './classes/database/class.Database.php';
require './classes/settings/class.Settings.php'; require './classes/settings/class.Settings.php';
require './functions/validate/function.validate_ip.php'; require './functions/validate/function.validate_ip.php';
require './functions/validate/function.validateDomain.php'; require './functions/validate/function.validateDomain.php';
require './lib/classes/cURL/class.HttpClient.php';
if (isset($_POST['action'])) { if (isset($_POST['action'])) {
$action = $_POST['action']; $action = $_POST['action'];
@@ -44,24 +45,16 @@ if ($action == "newsfeed") {
} }
if (function_exists("simplexml_load_file") == false) { if (function_exists("simplexml_load_file") == false) {
die(); outputItem("Newsfeed not available due to missing php-simplexml extension", "Please install the php-simplexml extension in order to view our newsfeed.");
exit();
} }
if (function_exists('curl_version')) { if (function_exists('curl_version')) {
$ch = curl_init(); $output = HttpClient::urlGet($feed);
curl_setopt($ch, CURLOPT_URL, $feed);
curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/'.$version);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$output = curl_exec($ch);
curl_close($ch);
$news = simplexml_load_string(trim($output)); $news = simplexml_load_string(trim($output));
} else { } else {
if (ini_get('allow_url_fopen')) { outputItem("Newsfeed not available due to missing php-curl extension", "Please install the php-curl extension in order to view our newsfeed.");
ini_set('user_agent', 'Froxlor/'.$version); exit();
$news = simplexml_load_file($feed, null, LIBXML_NOCDATA);
} else {
$news = false;
}
} }
if ($news !== false) { if ($news !== false) {
@@ -74,19 +67,7 @@ if ($action == "newsfeed") {
$content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description)); $content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description));
$content = substr($content, 0, 150) . "..."; $content = substr($content, 0, 150) . "...";
echo "<li class=\"clearfix\"> outputItem($title, $content, $link, $date);
<div class=\"newsfeed-body clearfix\">
<div class=\"header\">
<strong class=\"primary-font\"><a href=\"{$link}\" target=\"_blank\">{$title}</a></strong>
<small class=\"pull-right text-muted\">
<i class=\"fa fa-clock-o fa-fw\"></i> {$date}
</small>
</div>
<p>
{$content}
</p>
</div>
</li>";
} }
} else { } else {
echo ""; echo "";
@@ -94,3 +75,30 @@ if ($action == "newsfeed") {
} else { } else {
echo "No action set."; echo "No action set.";
} }
function outputItem($title, $content, $link = null, $date = null)
{
echo "<li class=\"clearfix\">
<div class=\"newsfeed-body clearfix\">
<div class=\"header\">
<strong class=\"primary-font\">";
if (! empty($link)) {
echo "<a href=\"{$link}\" target=\"_blank\">";
}
echo $title;
if (! empty($link)) {
echo "</a>";
}
echo "</strong>";
if (! empty($date)) {
echo "<small class=\"pull-right text-muted\">
<i class=\"fa fa-clock-o fa-fw\"></i> {$date}
</small>";
}
echo "</div>
<p>
{$content}
</p>
</div>
</li>";
}

60
lib/classes/cURL/class.HttpClient.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
class HttpClient
{
/**
* Executes simple GET request
*
* @param string $url
*
* @return array
*/
public static function urlGet($url)
{
include FROXLOR_INSTALL_DIR . '/lib/version.inc.php';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/' . $version);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$output = curl_exec($ch);
if ($output === false) {
$e = curl_error($ch);
curl_close($ch);
throw new \Exception("Curl error: " . $e);
}
curl_close($ch);
return $output;
}
/**
* Downloads and stores a file from an url
*
* @param string $url
* @param string $target
*
* @return array
*/
public static function fileGet($url, $target)
{
include FROXLOR_INSTALL_DIR . '/lib/version.inc.php';
$fh = fopen($target, 'w');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/' . $version);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 50);
//give curl the file pointer so that it can write to it
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FILE, $fh);
$output = curl_exec($ch);
if ($output === false) {
$e = curl_error($ch);
curl_close($ch);
throw new \Exception("Curl error: " . $e);
}
curl_close($ch);
return $output;
}
}

5
lib/classes/ssl/class.lescript.php
View File

@@ -216,9 +216,8 @@ class lescript
// simple self check // simple self check
if (Settings::Get('system.disable_le_selfcheck') == '0') if (Settings::Get('system.disable_le_selfcheck') == '0')
{ {
$selfcheckContextOptions = array('http' => array('header' => "User-Agent: Froxlor/".$this->version)); $selfcheckpayload = HttpClient::urlGet($uri);
$selfcheckContext = stream_context_create($selfcheckContextOptions); if ($payload !== trim($selfcheckpayload)) {
if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
$errmsg = json_encode(error_get_last()); $errmsg = json_encode(error_get_last());
if ($errmsg != "null") { if ($errmsg != "null") {
$errmsg = "; PHP error: " . $errmsg; $errmsg = "; PHP error: " . $errmsg;

9
lib/classes/ssl/class.lescript_v2.php
View File

@@ -233,13 +233,8 @@ class lescript_v2
// simple self check // simple self check
if (Settings::Get('system.disable_le_selfcheck') == '0') { if (Settings::Get('system.disable_le_selfcheck') == '0') {
$selfcheckContextOptions = array( $selfcheckpayload = HttpClient::urlGet($uri);
'http' => array( if ($payload !== trim($selfcheckpayload)) {
'header' => "User-Agent: Froxlor/" . $this->version
)
);
$selfcheckContext = stream_context_create($selfcheckContextOptions);
if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
$errmsg = json_encode(error_get_last()); $errmsg = json_encode(error_get_last());
if ($errmsg != "null") { if ($errmsg != "null") {
$errmsg = "; PHP error: " . $errmsg; $errmsg = "; PHP error: " . $errmsg;