maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

get rid of the need for allow_url_fopen

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-09 10:50:14 +01:00
parent 05b4c58aa8
commit 4d3fa6eca5
6 changed files with 254 additions and 192 deletions
Download Patch File Download Diff File Expand all files Collapse all files

238
admin_autoupdate.php
View File

@@ -17,7 +17,6 @@
* @since 0.9.35
*
*/
define('AREA', 'admin');
require './lib/init.php';
@@ -26,177 +25,188 @@ define('UPDATE_URI', "https://version.froxlor.org/Froxlor/legacy/" . $version);
define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip");
define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256");
// check for allow_url_fopen
if (ini_get('allow_url_fopen') === false) {
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 1));
}
// check for archive-stuff
if (! extension_loaded('zip')) {
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 2));
redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 2
));
}
// display initial version check
if ($page == 'overview') {
// log our actions
$log->logAction(ADM_ACTION, LOG_NOTICE, "checking auto-update");
// check for new version
$latestversion = @file(UPDATE_URI);
if (isset($latestversion[0])) {
$latestversion = explode('|', $latestversion[0]);
if (is_array($latestversion)
&& count($latestversion) >= 1
) {
$_version = $latestversion[0];
$_message = isset($latestversion[1]) ? $latestversion[1] : '';
$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
// add the branding so debian guys are not gettings confused
// about their version-number
$version_label = $_version.$branding;
$version_link = $_link;
$message_addinfo = $_message;
// not numeric -> error-message
if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
// check for customized version to not output
// "There is a newer version of froxlor" besides the error-message
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 3));
} elseif (version_compare2($version, $_version) == -1) {
// there is a newer version - yay
$isnewerversion = 1;
} else {
// nothing new
$isnewerversion = 0;
}
// anzeige über version-status mit ggfls. formular
// zum update schritt #1 -> download
if ($isnewerversion == 1) {
$text = 'There is a newer version available. Update to version <b>'.$_version.'</b> now?<br/>(Your current version is: '.$version.')';
$hiddenparams = '<input type="hidden" name="newversion" value="'.$_version.'" />';
$yesfile = $filename.'?s='.$s.'&amp;page=getdownload';
eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
exit;
}
elseif ($isnewerversion == 0) {
// all good
standard_success ('noupdatesavail');
} else {
standard_error ('customized_version');
}
$latestversion = HttpClient::urlGet(UPDATE_URI);
$latestversion = explode('|', $latestversion);
if (is_array($latestversion) && count($latestversion) >= 1) {
$_version = $latestversion[0];
$_message = isset($latestversion[1]) ? $latestversion[1] : '';
$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
// add the branding so debian guys are not gettings confused
// about their version-number
$version_label = $_version . $branding;
$version_link = $_link;
$message_addinfo = $_message;
// not numeric -> error-message
if (! preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
// check for customized version to not output
// "There is a newer version of froxlor" besides the error-message
redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 3
));
} elseif (version_compare2($version, $_version) == - 1) {
// there is a newer version - yay
$isnewerversion = 1;
} else {
// nothing new
$isnewerversion = 0;
}
// anzeige über version-status mit ggfls. formular
// zum update schritt #1 -> download
if ($isnewerversion == 1) {
$text = 'There is a newer version available. Update to version <b>' . $_version . '</b> now?<br/>(Your current version is: ' . $version . ')';
$hiddenparams = '<input type="hidden" name="newversion" value="' . $_version . '" />';
$yesfile = $filename . '?s=' . $s . '&amp;page=getdownload';
eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
exit();
} elseif ($isnewerversion == 0) {
// all good
standard_success('noupdatesavail');
} else {
standard_error('customized_version');
}
}
// error (something weird came from version.froxlor.org)
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 5));
}
// download the new archive
}// download the new archive
elseif ($page == 'getdownload') {
// retrieve the new version from the form
$newversion = isset($_POST['newversion']) ? $_POST['newversion'] : null;
// valid?
if ($newversion !== null) {
// define files to get
$toLoad = str_replace('{version}', $newversion, RELEASE_URI);
$toCheck = str_replace('{version}', $newversion, CHECKSUM_URI);
// get archive data
$newArchive = @file_get_contents($toLoad);
// check for local destination folder
if (!is_dir(FROXLOR_INSTALL_DIR.'/updates/')) {
mkdir(FROXLOR_INSTALL_DIR.'/updates/');
if (! is_dir(FROXLOR_INSTALL_DIR . '/updates/')) {
mkdir(FROXLOR_INSTALL_DIR . '/updates/');
}
// name archive
$localArchive = FROXLOR_INSTALL_DIR.'/updates/'.basename($toLoad);
$log->logAction(ADM_ACTION, LOG_NOTICE, "Downloading ".$toLoad." to ".$localArchive);
$localArchive = FROXLOR_INSTALL_DIR . '/updates/' . basename($toLoad);
$log->logAction(ADM_ACTION, LOG_NOTICE, "Downloading " . $toLoad . " to " . $localArchive);
// remove old archive
if (file_exists($localArchive)) {
@unlink($localArchive);
}
// store archive
$fh = fopen($localArchive, 'w');
if (!fwrite($fh, $newArchive)) {
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 4));
// get archive data
try {
HttpClient::fileGet($toLoad, $localArchive);
} catch (Exception $e) {
redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 4
));
}
// close file-handle
fclose($fh);
// validate the integrity of the downloaded file
$_shouldsum = @file_get_contents($toCheck);
if (!empty($_shouldsum)) {
$_shouldsum = HttpClient::urlGet($toCheck);
if (! empty($_shouldsum)) {
$_t = explode(" ", $_shouldsum);
$shouldsum = $_t[0];
} else {
$shouldsum = null;
}
$filesum = hash_file('sha256', $localArchive);
if ($filesum != $shouldsum) {
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 9));
redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 9
));
}
// to the next step
redirectTo($filename, array('s' => $s, 'page' => 'extract', 'archive' => basename($localArchive)));
redirectTo($filename, array(
's' => $s,
'page' => 'extract',
'archive' => basename($localArchive)
));
}
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 6));
}
// extract and install new version
redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 6
));
}// extract and install new version
elseif ($page == 'extract') {
$toExtract = isset($_GET['archive']) ? $_GET['archive'] : null;
$localArchive = FROXLOR_INSTALL_DIR.'/updates/'.$toExtract;
if (isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
$localArchive = FROXLOR_INSTALL_DIR . '/updates/' . $toExtract;
if (isset($_POST['send']) && $_POST['send'] == 'send') {
// decompress from zip
$zip = new ZipArchive;
$zip = new ZipArchive();
$res = $zip->open($localArchive);
if ($res === true) {
$log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting ".$localArchive." to ".FROXLOR_INSTALL_DIR);
$log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting " . $localArchive . " to " . FROXLOR_INSTALL_DIR);
$zip->extractTo(FROXLOR_INSTALL_DIR);
$zip->close();
// success - remove unused archive
@unlink($localArchive);
} else {
// error
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 8));
redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 8
));
}
// redirect to update-page?
redirectTo('admin_updates.php', array('s' => $s));
redirectTo('admin_updates.php', array(
's' => $s
));
}
if (!file_exists($localArchive)) {
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 7));
if (! file_exists($localArchive)) {
redirectTo($filename, array(
's' => $s,
'page' => 'error',
'errno' => 7
));
}
$text = 'Extract downloaded archive "'.$toExtract.'"?';
$text = 'Extract downloaded archive "' . $toExtract . '"?';
$hiddenparams = '';
$yesfile = $filename.'?s='.$s.'&amp;page=extract&amp;archive='.$toExtract;
$yesfile = $filename . '?s=' . $s . '&amp;page=extract&amp;archive=' . $toExtract;
eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
}
// display error
elseif ($page == 'error') {
// retrieve error-number via url-parameter
$errno = isset($_GET['errno']) ? (int)$_GET['errno'] : 0;
// 1 = no allow_url_fopen
$errno = isset($_GET['errno']) ? (int) $_GET['errno'] : 0;
// 2 = no Zlib
// 3 = custom version detected
// 4 = could not store archive to local hdd
@@ -205,5 +215,5 @@ elseif ($page == 'error') {
// 7 = local archive does not exist
// 8 = could not extract archive
// 9 = checksum mismatch
standard_error ('autoupdate_'.$errno);
standard_error('autoupdate_' . $errno);
}

52
admin_index.php
View File

@@ -86,41 +86,31 @@ if ($page == 'overview') {
|| (isset($lookfornewversion) && $lookfornewversion == 'yes')
) {
$update_check_uri = 'http://version.froxlor.org/Froxlor/legacy/' . $version;
$latestversion = HttpClient::urlGet($update_check_uri);
$latestversion = explode('|', $latestversion);
if (ini_get('allow_url_fopen')) {
$latestversion = @file($update_check_uri);
if (is_array($latestversion)
&& count($latestversion) >= 1
) {
$_version = $latestversion[0];
$_message = isset($latestversion[1]) ? $latestversion[1] : '';
$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
if (isset($latestversion[0])) {
$latestversion = explode('|', $latestversion[0]);
// add the branding so debian guys are not gettings confused
// about their version-number
$lookfornewversion_lable = $_version.$branding;
$lookfornewversion_link = $_link;
$lookfornewversion_addinfo = $_message;
if (is_array($latestversion)
&& count($latestversion) >= 1
) {
$_version = $latestversion[0];
$_message = isset($latestversion[1]) ? $latestversion[1] : '';
$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
// add the branding so debian guys are not gettings confused
// about their version-number
$lookfornewversion_lable = $_version.$branding;
$lookfornewversion_link = $_link;
$lookfornewversion_addinfo = $_message;
// not numeric -> error-message
if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
// check for customized version to not output
// "There is a newer version of froxlor" besides the error-message
$isnewerversion = 2;
} elseif (version_compare2($version, $_version) == -1) {
$isnewerversion = 1;
} else {
$isnewerversion = 0;
}
} else {
redirectTo($update_check_uri.'/pretty', NULL, false);
}
// not numeric -> error-message
if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
// check for customized version to not output
// "There is a newer version of froxlor" besides the error-message
$isnewerversion = 2;
} elseif (version_compare2($version, $_version) == -1) {
$isnewerversion = 1;
} else {
redirectTo($update_check_uri.'/pretty', NULL, false);
$isnewerversion = 0;
}
} else {
redirectTo($update_check_uri.'/pretty', NULL, false);

82
lib/ajax.php
View File

@@ -18,7 +18,7 @@
// Load the user settings
define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__)));
if (!file_exists('./userdata.inc.php')) {
if (! file_exists('./userdata.inc.php')) {
die();
}
require './userdata.inc.php';
@@ -27,10 +27,11 @@ require './classes/database/class.Database.php';
require './classes/settings/class.Settings.php';
require './functions/validate/function.validate_ip.php';
require './functions/validate/function.validateDomain.php';
require './lib/classes/cURL/class.HttpClient.php';
if(isset($_POST['action'])) {
if (isset($_POST['action'])) {
$action = $_POST['action'];
} elseif(isset($_GET['action'])) {
} elseif (isset($_GET['action'])) {
$action = $_GET['action'];
} else {
$action = "";
@@ -42,51 +43,31 @@ if ($action == "newsfeed") {
} else {
$feed = "https://inside.froxlor.org/news/";
}
if (function_exists("simplexml_load_file") == false) {
die();
outputItem("Newsfeed not available due to missing php-simplexml extension", "Please install the php-simplexml extension in order to view our newsfeed.");
exit();
}
if (function_exists('curl_version')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $feed);
curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/'.$version);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$output = curl_exec($ch);
curl_close($ch);
$output = HttpClient::urlGet($feed);
$news = simplexml_load_string(trim($output));
} else {
if (ini_get('allow_url_fopen')) {
ini_set('user_agent', 'Froxlor/'.$version);
$news = simplexml_load_file($feed, null, LIBXML_NOCDATA);
} else {
$news = false;
}
outputItem("Newsfeed not available due to missing php-curl extension", "Please install the php-curl extension in order to view our newsfeed.");
exit();
}
if ($news !== false) {
for ($i = 0; $i < 3; $i++) {
for ($i = 0; $i < 3; $i ++) {
$item = $news->channel->item[$i];
$title = (string)$item->title;
$link = (string)$item->link;
$title = (string) $item->title;
$link = (string) $item->link;
$date = date("Y-m-d G:i", strtotime($item->pubDate));
$content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description));
$content = substr($content, 0, 150) . "...";
echo "<li class=\"clearfix\">
<div class=\"newsfeed-body clearfix\">
<div class=\"header\">
<strong class=\"primary-font\"><a href=\"{$link}\" target=\"_blank\">{$title}</a></strong>
<small class=\"pull-right text-muted\">
<i class=\"fa fa-clock-o fa-fw\"></i> {$date}
</small>
</div>
<p>
{$content}
</p>
</div>
</li>";
outputItem($title, $content, $link, $date);
}
} else {
echo "";
@@ -94,3 +75,30 @@ if ($action == "newsfeed") {
} else {
echo "No action set.";
}
function outputItem($title, $content, $link = null, $date = null)
{
echo "<li class=\"clearfix\">
<div class=\"newsfeed-body clearfix\">
<div class=\"header\">
<strong class=\"primary-font\">";
if (! empty($link)) {
echo "<a href=\"{$link}\" target=\"_blank\">";
}
echo $title;
if (! empty($link)) {
echo "</a>";
}
echo "</strong>";
if (! empty($date)) {
echo "<small class=\"pull-right text-muted\">
<i class=\"fa fa-clock-o fa-fw\"></i> {$date}
</small>";
}
echo "</div>
<p>
{$content}
</p>
</div>
</li>";
}

60
lib/classes/cURL/class.HttpClient.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
class HttpClient
{
/**
* Executes simple GET request
*
* @param string $url
*
* @return array
*/
public static function urlGet($url)
{
include FROXLOR_INSTALL_DIR . '/lib/version.inc.php';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/' . $version);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$output = curl_exec($ch);
if ($output === false) {
$e = curl_error($ch);
curl_close($ch);
throw new \Exception("Curl error: " . $e);
}
curl_close($ch);
return $output;
}
/**
* Downloads and stores a file from an url
*
* @param string $url
* @param string $target
*
* @return array
*/
public static function fileGet($url, $target)
{
include FROXLOR_INSTALL_DIR . '/lib/version.inc.php';
$fh = fopen($target, 'w');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/' . $version);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 50);
//give curl the file pointer so that it can write to it
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FILE, $fh);
$output = curl_exec($ch);
if ($output === false) {
$e = curl_error($ch);
curl_close($ch);
throw new \Exception("Curl error: " . $e);
}
curl_close($ch);
return $output;
}
}

5
lib/classes/ssl/class.lescript.php
View File

@@ -216,9 +216,8 @@ class lescript
// simple self check
if (Settings::Get('system.disable_le_selfcheck') == '0')
{
$selfcheckContextOptions = array('http' => array('header' => "User-Agent: Froxlor/".$this->version));
$selfcheckContext = stream_context_create($selfcheckContextOptions);
if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
$selfcheckpayload = HttpClient::urlGet($uri);
if ($payload !== trim($selfcheckpayload)) {
$errmsg = json_encode(error_get_last());
if ($errmsg != "null") {
$errmsg = "; PHP error: " . $errmsg;

9
lib/classes/ssl/class.lescript_v2.php
View File

@@ -233,13 +233,8 @@ class lescript_v2
// simple self check
if (Settings::Get('system.disable_le_selfcheck') == '0') {
$selfcheckContextOptions = array(
'http' => array(
'header' => "User-Agent: Froxlor/" . $this->version
)
);
$selfcheckContext = stream_context_create($selfcheckContextOptions);
if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
$selfcheckpayload = HttpClient::urlGet($uri);
if ($payload !== trim($selfcheckpayload)) {
$errmsg = json_encode(error_get_last());
if ($errmsg != "null") {
$errmsg = "; PHP error: " . $errmsg;