34,6 → 34,8 |
|
$rev = $params['rev']; |
|
// Download and unzip |
|
if (function_exists('gzdecode')) { |
$url = "https://www.oidplus.com/updates/update_".($rev-1)."_to_".($rev).".txt.gz"; // TODO: in consts.ini |
$cont = @file_get_contents($url); |
43,8 → 45,29 |
$cont = @file_get_contents($url); |
} |
|
if ($cont === false) throw new OIDplusException(_L("Update could not be downloaded from ViaThinkSoft server. Please try again later.")); |
if ($cont === false) throw new OIDplusException(_L("Update %1 could not be downloaded from ViaThinkSoft server. Please try again later.",$rev)); |
|
// Check signature... |
|
if (function_exists('openssl_verify')) { |
|
if (!preg_match('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', $cont, $m)) { |
throw new OIDplusException(_L("Update package file of revision %1 not digitally signed",$rev)); |
} |
$signature = base64_decode($m[1]); |
|
$naked = preg_replace('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', '', $cont); |
$hash = hash("sha256", $naked."update_".($rev-1)."_to_".($rev).".txt"); |
|
$public_key = file_get_contents(__DIR__.'/public.pem'); |
if (!openssl_verify($hash, $signature, $public_key, OPENSSL_ALGO_SHA256)) { |
throw new OIDplusException(_L("Update package file of revision %1: Signature invalid",$rev)); |
} |
|
} |
|
// All OK! Write file |
|
file_put_contents(OIDplus::localpath().'update.tmp.php', $cont); |
|
# TODO: instead use cURL? |