Rev 1278 | Rev 1375 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1278 | Rev 1293 | ||
---|---|---|---|
Line 47... | Line 47... | ||
47 | private function getSvnCommand(): string { |
47 | private function getSvnCommand(): string { |
48 | return 'svn update --accept theirs-full'; |
48 | return 'svn update --accept theirs-full'; |
49 | } |
49 | } |
50 | 50 | ||
51 | /** |
51 | /** |
52 | * @param string $actionID |
- | |
53 | * @param array $params |
52 | * @param array $params |
54 | * @return array |
53 | * @return array |
55 | * @throws OIDplusException |
54 | * @throws OIDplusException |
56 | */ |
55 | */ |
57 | public function action(string $actionID, array $params): array { |
56 | private function action_Update(array $params): array { |
58 | if ($actionID == 'update_now') { |
- | |
59 | @set_time_limit(0); |
57 | @set_time_limit(0); |
60 | - | ||
61 | if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
- | |
62 | throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
- | |
63 | } |
- | |
64 | 58 | ||
65 | if (OIDplus::getInstallType() === 'git-wc') { |
59 | if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
66 | $cmd = $this->getGitCommand().' 2>&1'; |
60 | throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
- | 61 | } |
|
67 | 62 | ||
68 | $ec = -1; |
- | |
69 | $out = array(); |
63 | if (OIDplus::getInstallType() === 'git-wc') { |
70 | exec($cmd, $out, $ec); |
64 | $cmd = $this->getGitCommand().' 2>&1'; |
71 | 65 | ||
- | 66 | $ec = -1; |
|
- | 67 | $out = array(); |
|
- | 68 | exec($cmd, $out, $ec); |
|
- | 69 | ||
72 | $res = _L('Execute command:').' '.$cmd."\n\n".trim(implode("\n",$out)); |
70 | $res = _L('Execute command:').' '.$cmd."\n\n".trim(implode("\n",$out)); |
73 | if ($ec === 0) { |
71 | if ($ec === 0) { |
74 | $rev = 'HEAD'; // do not translate |
72 | $rev = 'HEAD'; // do not translate |
75 | return array("status" => 0, "content" => $res, "rev" => $rev); |
73 | return array("status" => 0, "content" => $res, "rev" => $rev); |
76 | } else { |
74 | } else { |
77 | return array("status" => -1, "error" => $res, "content" => ""); |
75 | return array("status" => -1, "error" => $res, "content" => ""); |
78 | } |
- | |
79 | } |
76 | } |
- | 77 | } |
|
80 | else if (OIDplus::getInstallType() === 'svn-wc') { |
78 | else if (OIDplus::getInstallType() === 'svn-wc') { |
81 | $cmd = $this->getSvnCommand().' 2>&1'; |
79 | $cmd = $this->getSvnCommand().' 2>&1'; |
82 | 80 | ||
83 | $ec = -1; |
81 | $ec = -1; |
84 | $out = array(); |
82 | $out = array(); |
85 | exec($cmd, $out, $ec); |
83 | exec($cmd, $out, $ec); |
86 | 84 | ||
87 | $res = _L('Execute command:').' '.$cmd."\n\n".trim(implode("\n",$out)); |
85 | $res = _L('Execute command:').' '.$cmd."\n\n".trim(implode("\n",$out)); |
88 | if ($ec === 0) { |
86 | if ($ec === 0) { |
89 | $rev = 'HEAD'; // do not translate |
87 | $rev = 'HEAD'; // do not translate |
90 | return array("status" => 0, "content" => $res, "rev" => $rev); |
88 | return array("status" => 0, "content" => $res, "rev" => $rev); |
91 | } else { |
89 | } else { |
92 | return array("status" => -1, "error" => $res, "content" => ""); |
90 | return array("status" => -1, "error" => $res, "content" => ""); |
93 | } |
- | |
94 | } |
91 | } |
- | 92 | } |
|
95 | else if (OIDplus::getInstallType() === 'svn-snapshot') { |
93 | else if (OIDplus::getInstallType() === 'svn-snapshot') { |
96 | 94 | ||
97 | $rev = $params['rev']; |
95 | $rev = $params['rev']; |
98 | 96 | ||
99 | $update_version = $params['update_version'] ?? 1; |
97 | $update_version = $params['update_version'] ?? 1; |
100 | if (($update_version != 1) && ($update_version != 2)) { |
98 | if (($update_version != 1) && ($update_version != 2)) { |
101 | throw new OIDplusException(_L('Unknown update version')); |
99 | throw new OIDplusException(_L('Unknown update version')); |
102 | } |
100 | } |
103 | 101 | ||
104 | // Download and unzip |
102 | // Download and unzip |
105 | 103 | ||
106 | $cont = false; |
104 | $cont = false; |
107 | for ($retry=1; $retry<=3; $retry++) { |
105 | for ($retry=1; $retry<=3; $retry++) { |
108 | if (function_exists('gzdecode')) { |
106 | if (function_exists('gzdecode')) { |
109 | $url = sprintf(OIDplus::getEditionInfo()['update_package_gz'], $rev-1, $rev); |
107 | $url = sprintf(OIDplus::getEditionInfo()['update_package_gz'], $rev-1, $rev); |
110 | $cont = url_get_contents($url); |
108 | $cont = url_get_contents($url); |
111 | if ($cont !== false) $cont = @gzdecode($cont); |
109 | if ($cont !== false) $cont = @gzdecode($cont); |
112 | } else { |
110 | } else { |
113 | $url = sprintf(OIDplus::getEditionInfo()['update_package'], $rev-1, $rev); |
111 | $url = sprintf(OIDplus::getEditionInfo()['update_package'], $rev-1, $rev); |
114 | $cont = url_get_contents($url); |
112 | $cont = url_get_contents($url); |
115 | } |
- | |
116 | if ($cont !== false) { |
- | |
117 | break; |
- | |
118 | } else { |
- | |
119 | sleep(1); |
- | |
120 | } |
- | |
121 | } |
113 | } |
- | 114 | if ($cont !== false) { |
|
- | 115 | break; |
|
- | 116 | } else { |
|
- | 117 | sleep(1); |
|
- | 118 | } |
|
- | 119 | } |
|
122 | if ($cont === false) throw new OIDplusException(_L("Update %1 could not be downloaded from ViaThinkSoft server. Please try again later.",$rev)); |
120 | if ($cont === false) throw new OIDplusException(_L("Update %1 could not be downloaded from ViaThinkSoft server. Please try again later.",$rev)); |
123 | - | ||
124 | // Check signature... |
- | |
125 | 121 | ||
126 | if (function_exists('openssl_verify')) { |
122 | // Check signature... |
127 | 123 | ||
128 | $m = array(); |
- | |
129 | if (!preg_match('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', $cont, $m)) { |
- | |
130 | throw new OIDplusException(_L("Update package file of revision %1 not digitally signed",$rev)); |
- | |
131 | } |
- | |
132 | $signature = base64_decode($m[1]); |
124 | if (function_exists('openssl_verify')) { |
133 | 125 | ||
- | 126 | $m = array(); |
|
134 | $naked = preg_replace('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', '', $cont); |
127 | if (!preg_match('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', $cont, $m)) { |
135 | $hash = hash("sha256", $naked."update_".($rev-1)."_to_".($rev).".txt"); |
128 | throw new OIDplusException(_L("Update package file of revision %1 not digitally signed",$rev)); |
- | 129 | } |
|
- | 130 | $signature = base64_decode($m[1]); |
|
136 | 131 | ||
137 | $public_key = file_get_contents(__DIR__.'/public.pem'); |
- | |
138 | if (!openssl_verify($hash, $signature, $public_key, OPENSSL_ALGO_SHA256)) { |
132 | $naked = preg_replace('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', '', $cont); |
139 | throw new OIDplusException(_L("Update package file of revision %1: Signature invalid",$rev)); |
133 | $hash = hash("sha256", $naked."update_".($rev-1)."_to_".($rev).".txt"); |
140 | } |
- | |
141 | 134 | ||
- | 135 | $public_key = file_get_contents(__DIR__.'/public.pem'); |
|
- | 136 | if (!openssl_verify($hash, $signature, $public_key, OPENSSL_ALGO_SHA256)) { |
|
- | 137 | throw new OIDplusException(_L("Update package file of revision %1: Signature invalid",$rev)); |
|
142 | } |
138 | } |
143 | 139 | ||
144 | // All OK! Now write the file |
140 | } |
145 | 141 | ||
146 | $tmp_filename = 'update_'.generateRandomString(10).'.tmp.php'; |
- | |
147 | $local_file = OIDplus::localpath().$tmp_filename; |
142 | // All OK! Now write the file |
148 | 143 | ||
- | 144 | $tmp_filename = 'update_'.generateRandomString(10).'.tmp.php'; |
|
149 | @file_put_contents($local_file, $cont); |
145 | $local_file = OIDplus::localpath().$tmp_filename; |
150 | 146 | ||
151 | if (!file_exists($local_file) || (@file_get_contents($local_file) !== $cont)) { |
147 | @file_put_contents($local_file, $cont); |
152 | throw new OIDplusException(_L('Update file could not written. Probably there are no write-permissions to the root folder.')); |
- | |
153 | } |
- | |
154 | 148 | ||
155 | if ($update_version == 1) { |
- | |
156 | // Now call the written file |
- | |
157 | // Note: we may not use eval($cont) because the script uses die(), |
- | |
158 | // and things in the script might collide with currently (un)loaded source code files, shutdown procedues, etc. |
- | |
159 | $web_file = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE).$tmp_filename; // NOT canonical URL! This might fail with reverse proxies which can only be executed from outside |
- | |
160 | $res = url_get_contents($web_file); |
149 | if (!file_exists($local_file) || (@file_get_contents($local_file) !== $cont)) { |
161 | if ($res === false) { |
- | |
162 | throw new OIDplusException(_L('Update-script %1 could not be executed',$web_file)); |
150 | throw new OIDplusException(_L('Update file could not written. Probably there are no write-permissions to the root folder.')); |
163 | } |
- | |
164 | return array("status" => 0, "content" => $res, "rev" => $rev); |
- | |
165 | } else if ($update_version == 2) { |
- | |
166 | // In this version, the client will call the web-update file. |
- | |
167 | // This has the advantage that it will also work if the system is htpasswd protected |
- | |
168 | return array("status" => 0, "update_file" => $tmp_filename, "rev" => $rev); |
- | |
169 | } else { |
- | |
170 | throw new OIDplusException(_L("Unexpected update version")); |
- | |
171 | } |
- | |
172 | } |
151 | } |
- | 152 | ||
- | 153 | if ($update_version == 1) { |
|
- | 154 | // Now call the written file |
|
- | 155 | // Note: we may not use eval($cont) because the script uses die(), |
|
- | 156 | // and things in the script might collide with currently (un)loaded source code files, shutdown procedues, etc. |
|
- | 157 | $web_file = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE).$tmp_filename; // NOT canonical URL! This might fail with reverse proxies which can only be executed from outside |
|
- | 158 | $res = url_get_contents($web_file); |
|
- | 159 | if ($res === false) { |
|
- | 160 | throw new OIDplusException(_L('Update-script %1 could not be executed',$web_file)); |
|
- | 161 | } |
|
- | 162 | return array("status" => 0, "content" => $res, "rev" => $rev); |
|
- | 163 | } else if ($update_version == 2) { |
|
- | 164 | // In this version, the client will call the web-update file. |
|
- | 165 | // This has the advantage that it will also work if the system is htpasswd protected |
|
- | 166 | return array("status" => 0, "update_file" => $tmp_filename, "rev" => $rev); |
|
173 | else { |
167 | } else { |
174 | throw new OIDplusException(_L('Multiple version files/directories (oidplus_version.txt, .version.php, .git, or .svn) are existing! Therefore, the version is ambiguous!')); |
168 | throw new OIDplusException(_L("Unexpected update version")); |
175 | } |
169 | } |
- | 170 | } |
|
- | 171 | else { |
|
- | 172 | throw new OIDplusException(_L('Multiple version files/directories (oidplus_version.txt, .version.php, .git, or .svn) are existing! Therefore, the version is ambiguous!')); |
|
- | 173 | } |
|
- | 174 | } |
|
- | 175 | ||
- | 176 | /** |
|
- | 177 | * @param string $actionID |
|
- | 178 | * @param array $params |
|
- | 179 | * @return array |
|
- | 180 | * @throws OIDplusException |
|
- | 181 | */ |
|
- | 182 | public function action(string $actionID, array $params): array { |
|
- | 183 | if ($actionID == 'update_now') { |
|
- | 184 | return $this->action_Update($params); |
|
176 | } else { |
185 | } else { |
177 | return parent::action($actionID, $params); |
186 | return parent::action($actionID, $params); |
178 | } |
187 | } |
179 | } |
188 | } |
180 | 189 |