From d090e485447145f0642601561fd70f32cf24ce8d Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Mon, 23 Jan 2023 08:58:42 +0100 Subject: [PATCH 1/3] validate result of Net_DNS2_Resolver::query (CNAME's are being resolved to their corresponding target A/AAAA addresses); fixes #1089 Signed-off-by: Michael Kaufmann --- lib/Froxlor/PhpHelper.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/Froxlor/PhpHelper.php b/lib/Froxlor/PhpHelper.php index 820f14a7..c81f50bd 100644 --- a/lib/Froxlor/PhpHelper.php +++ b/lib/Froxlor/PhpHelper.php @@ -263,7 +263,9 @@ class PhpHelper try { $answer = $resolver->query($host, 'A')->answer; foreach ($answer as $rr) { - $ips[] = inet_ntop(inet_pton($rr->address)); + if ($rr instanceof Net_DNS2_RR_A) { + $ips[] = inet_ntop(inet_pton($rr->address)); + } } } catch (Net_DNS2_Exception $e) { // we can't do anything here, just continue @@ -274,7 +276,9 @@ class PhpHelper try { $answer = $resolver->query($host, 'AAAA')->answer; foreach ($answer as $rr) { - $ips[] = inet_ntop(inet_pton($rr->address)); + if ($rr instanceof Net_DNS2_RR_AAAA) { + $ips[] = inet_ntop(inet_pton($rr->address)); + } } } catch (Net_DNS2_Exception $e) { // we can't do anything here, just continue From 47938c50820ef4f33e1ba99789ae3bc751e3ca5b Mon Sep 17 00:00:00 2001 From: Marvin Stark Date: Tue, 24 Jan 2023 18:56:29 +0100 Subject: [PATCH 2/3] Update README.md (#1090) Fixed typo. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c89156ad..f9aa527b 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ May be found in [COPYING](COPYING) ### Tarball https://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](https://files.froxlor.org/releases/froxlor-latest.tar.gz.md5) [SHA1](https://files.froxlor.org/releases/froxlor-latest.tar.gz.sha1) -### Debian / Ubutnu repository +### Debian / Ubuntu repository [HowTo](https://docs.froxlor.org/latest/general/installation/apt-package.html) From 492cd288bc9eb9fe3ff31fdcda3c8e07f6c721da Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Wed, 25 Jan 2023 13:09:06 +0100 Subject: [PATCH 3/3] enhanced themefile validation for non-default themes Signed-off-by: Michael Kaufmann --- lib/Froxlor/Ajax/Ajax.php | 4 ++-- lib/Froxlor/Api/Api.php | 2 +- lib/Froxlor/Config/ConfigDisplay.php | 12 ++++++------ lib/Froxlor/UI/Callbacks/Text.php | 2 +- lib/Froxlor/UI/Panel/UI.php | 18 +++++++++++++----- 5 files changed, 23 insertions(+), 15 deletions(-) diff --git a/lib/Froxlor/Ajax/Ajax.php b/lib/Froxlor/Ajax/Ajax.php index 1f7f49a3..6e54a9e1 100644 --- a/lib/Froxlor/Ajax/Ajax.php +++ b/lib/Froxlor/Ajax/Ajax.php @@ -162,7 +162,7 @@ class Ajax $content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description)); $content = substr($content, 0, 150) . "..."; - $items .= UI::twig()->render($this->theme . '/user/newsfeeditem.html.twig', [ + $items .= UI::twig()->render(UI::validateThemeTemplate('/user/newsfeeditem.html.twig', $this->theme), [ 'link' => $link, 'title' => $title, 'date' => $date, @@ -201,7 +201,7 @@ class Ajax $result['last_update_check'] = $uc_data['ts']; $result['channel'] = Settings::Get('system.update_channel'); - $result_rendered = UI::twig()->render($this->theme . '/misc/version_top.html.twig', $result); + $result_rendered = UI::twig()->render(UI::validateThemeTemplate('/misc/version_top.html.twig', $this->theme), $result); return $this->jsonResponse($result_rendered); } catch (Exception $e) { // don't display anything if just not allowed due to permissions diff --git a/lib/Froxlor/Api/Api.php b/lib/Froxlor/Api/Api.php index 404ef735..7cde0c2c 100644 --- a/lib/Froxlor/Api/Api.php +++ b/lib/Froxlor/Api/Api.php @@ -117,6 +117,6 @@ class Api private function stripcslashesDeep($value) { - return is_array($value) ? array_map([$this, 'stripcslashesDeep'], $value) : stripcslashes($value); + return is_array($value) ? array_map([$this, 'stripcslashesDeep'], $value) : (!empty($value) ? stripcslashes($value) : null); } } diff --git a/lib/Froxlor/Config/ConfigDisplay.php b/lib/Froxlor/Config/ConfigDisplay.php index 558ad409..cfaceb46 100644 --- a/lib/Froxlor/Config/ConfigDisplay.php +++ b/lib/Froxlor/Config/ConfigDisplay.php @@ -148,7 +148,7 @@ class ConfigDisplay if ($lasttype != '' && $lasttype != $_action['type']) { $commands = trim($commands); $numbrows = count(explode("\n", $commands)); - $configpage .= UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [ + $configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [ 'commands' => $commands, 'numbrows' => $numbrows ]); @@ -182,7 +182,7 @@ class ConfigDisplay $commands = trim($commands_pre); if ($commands != "") { $numbrows = count(explode("\n", $commands)); - $commands_pre = UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [ + $commands_pre = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [ 'commands' => $commands, 'numbrows' => $numbrows ]); @@ -190,12 +190,12 @@ class ConfigDisplay $commands = trim($commands_post); if ($commands != "") { $numbrows = count(explode("\n", $commands)); - $commands_post = UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [ + $commands_post = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [ 'commands' => $commands, 'numbrows' => $numbrows ]); } - $configpage .= UI::twig()->render(self::$theme . '/settings/conf/fileblock.html.twig', [ + $configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/fileblock.html.twig', self::$theme), [ 'realname' => $realname, 'commands_pre' => $commands_pre, 'commands_file' => $commands_file, @@ -210,7 +210,7 @@ class ConfigDisplay $commands = trim($commands); if ($commands != '') { $numbrows = count(explode("\n", $commands)); - $configpage .= UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [ + $configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [ 'commands' => $commands, 'numbrows' => $numbrows ]); @@ -233,7 +233,7 @@ class ConfigDisplay $file_content = htmlspecialchars($file_content); $numbrows = count(explode("\n", $file_content)); //eval("\$files=\"" . \Froxlor\UI\Template::getTemplate("configfiles/configfiles_file") . "\";"); - $files = UI::twig()->render(self::$theme . '/settings/conf/file.html.twig', [ + $files = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/file.html.twig', self::$theme), [ 'distro_editor' => self::$editor, 'realname' => $realname, 'numbrows' => $numbrows, diff --git a/lib/Froxlor/UI/Callbacks/Text.php b/lib/Froxlor/UI/Callbacks/Text.php index a1439558..3edfb72e 100644 --- a/lib/Froxlor/UI/Callbacks/Text.php +++ b/lib/Froxlor/UI/Callbacks/Text.php @@ -92,7 +92,7 @@ class Text $result = $attributes['fields']; $apikey_data = include Froxlor::getInstallDir() . '/lib/formfields/formfield.api_key.php'; - $body = UI::twig()->render(UI::getTheme() . '/user/inline-form.html.twig', [ + $body = UI::twig()->render(UI::validateThemeTemplate('/user/inline-form.html.twig'), [ 'formaction' => $linker->getLink(['section' => 'index', 'page' => 'apikeys']), 'formdata' => $apikey_data['apikey'], 'editid' => $attributes['fields']['id'] diff --git a/lib/Froxlor/UI/Panel/UI.php b/lib/Froxlor/UI/Panel/UI.php index bf6ace51..10ee15e9 100644 --- a/lib/Froxlor/UI/Panel/UI.php +++ b/lib/Froxlor/UI/Panel/UI.php @@ -260,7 +260,18 @@ class UI */ public static function twigBuffer($name, array $context = []) { - $template_file = self::getTheme() . '/' . $name; + $template_file = self::validateThemeTemplate($name); + + self::$twigbuf[] = [ + $template_file => $context + ]; + } + + public static function validateThemeTemplate(string $name, string $theme = "") { + if (empty(trim($theme))) { + $theme = self::getTheme(); + } + $template_file = $theme . '/' . $name; if (!file_exists(Froxlor::getInstallDir() . '/templates/' . $template_file)) { PhpHelper::phpErrHandler(E_USER_WARNING, "Template '" . $template_file . "' could not be found, trying fallback theme", __FILE__, __LINE__); $template_file = self::$default_theme . '/'. $name; @@ -268,10 +279,7 @@ class UI PhpHelper::phpErrHandler(E_USER_ERROR, "Unknown template '" . $template_file . "'", __FILE__, __LINE__); } } - - self::$twigbuf[] = [ - $template_file => $context - ]; + return $template_file; } public static function getTheme()