secure included webinterface-modules; add settings-functions to Froxlor-ApiCommand

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

lib/classes/api/commands/class.Froxlor.php

@@ -81,6 +81,86 @@ class Froxlor extends ApiCommand
 		throw new Exception("Not allowed to execute given command.", 403);
 	}
 
+	/**
+	 * @TODO import settings
+	 */
+	public function importSettings()
+	{}
+
+	/**
+	 * @TODO export settings to file
+	 */
+	public function exportSettings()
+	{}
+
+	/**
+	 * return a list of all settings
+	 *
+	 * @return array count|list
+	 */
+	public function listSettings()
+	{
+		$sel_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` ORDER BY settinggroup ASC, varname ASC
+		");
+		Database::pexecute($sel_stmt, null, true, true);
+		$result = array();
+		while ($row = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {
+			$result[] = array(
+				'key' => $row['settinggroup'] . '.' . $row['varname'],
+				'value' => $row['value']
+			);
+		}
+		return $this->response(200, "successfull", array(
+			'count' => count($result),
+			'list' => $result
+		));
+	}
+
+	/**
+	 * return a setting by settinggroup.varname couple
+	 *
+	 * @param string $key
+	 *        	settinggroup.varname couple
+	 *
+	 * @throws Exception
+	 * @return string
+	 */
+	public function getSetting()
+	{
+		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
+			$setting = $this->getParam('key');
+			return $this->response(200, "successfull", Settings::Get($setting));
+		}
+		throw new Exception("Not allowed to execute given command.", 403);
+	}
+
+	/**
+	 * updates a setting
+	 *
+	 * @param string $key
+	 *        	settinggroup.varname couple
+	 * @param string $value
+	 *        	optional the new value, default is ''
+	 *
+	 * @throws Exception
+	 * @return string
+	 */
+	public function updateSetting()
+	{
+		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
+			$setting = $this->getParam('key');
+			$value = $this->getParam('value', true, '');
+			$oldvalue = Settings::Get($setting);
+			if (is_null($oldvalue)) {
+				throw new Exception("Setting '" . $setting . "' could not be found");
+			}
+			$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] Changing setting '" . $setting . "' from '" . $oldvalue . "' to '" . $value . "'");
+			return $this->response(200, "successfull", Settings::Set($setting, $value, true));
+		}
+		throw new Exception("Not allowed to execute given command.", 403);
+	}
+
 	/**
 	 * returns a list of all available api functions
 	 *

lib/functions/filedir/function.makeCorrectDir.php

@@ -20,26 +20,23 @@
 /**
  * Function which returns a correct dirname, means to add slashes at the beginning and at the end if there weren't some
  *
- * @param string The dirname
+ * @param string $dir
+ *        	The dirname
+ *
  * @return string The corrected dirname
- * @author Florian Lippert <flo@syscp.org>
  */
-function makeCorrectDir($dir) {
-
-	if (version_compare("5.4.6", PHP_VERSION, ">")) {
-		assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
-	} else {
-		assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
+function makeCorrectDir($dir)
+{
+	if (is_string($dir) && strlen($dir) > 0) {
+		$dir = trim($dir);
+		if (substr($dir, - 1, 1) != '/') {
+			$dir .= '/';
+		}
+		if (substr($dir, 0, 1) != '/') {
+			$dir = '/' . $dir;
+		}
+		$dir = makeSecurePath($dir);
+		return $dir;
 	}
-
-	$dir = trim($dir);
-
-	if (substr($dir, -1, 1) != '/') {
-		$dir.= '/';
-	}
-	if (substr($dir, 0, 1) != '/') {
-		$dir = '/' . $dir;
-	}
-	$dir = makeSecurePath($dir);
-	return $dir;
+	throw new Exception("Cannot validate directory in " . __FUNCTION__ . " which is very dangerous.");
 }