Rev 1143 | Rev 1180 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1143 | Rev 1175 | ||
---|---|---|---|
Line 28... | Line 28... | ||
28 | INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_3, /* beforeObject*, afterObject* */ |
28 | INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_3, /* beforeObject*, afterObject* */ |
29 | INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_4 /* whois*Attributes */ |
29 | INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_4 /* whois*Attributes */ |
30 | { |
30 | { |
31 | 31 | ||
32 | /** |
32 | /** |
33 | * |
- | |
34 | */ |
- | |
35 | const DIR_UNLOCK_FILE = 'oidplus_upload.dir'; |
- | |
36 | - | ||
37 | /** |
- | |
38 | * @param string $dir |
33 | * @param string $dir |
39 | * @return void |
34 | * @return void |
40 | * @throws OIDplusException |
35 | * @throws OIDplusException |
41 | */ |
36 | */ |
42 | private static function checkUploadDir(string $dir) { |
37 | private static function checkUploadDir(string $dir) { |
Line 47... | Line 42... | ||
47 | $realdir = realpath($dir); |
42 | $realdir = realpath($dir); |
48 | if ($realdir === false) { |
43 | if ($realdir === false) { |
49 | throw new OIDplusException(_L('The attachment directory "%1" cannot be resolved (realpath).', $dir)); |
44 | throw new OIDplusException(_L('The attachment directory "%1" cannot be resolved (realpath).', $dir)); |
50 | } |
45 | } |
51 | 46 | ||
52 | $unlock_file = $realdir . DIRECTORY_SEPARATOR . self::DIR_UNLOCK_FILE; |
- | |
53 | if (!file_exists($unlock_file)) { |
47 | // Check for critical directories |
54 | throw new OIDplusException(_L('Unlock file "%1" is not existing in attachment directory "%2".', self::DIR_UNLOCK_FILE, $dir)); |
- | |
55 | } |
- | |
56 | - | ||
57 | if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { |
48 | if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { |
58 | // Linux check 1: Check for critical directories |
- | |
59 | if (self::isCriticalLinuxDirectory($realdir)) { |
49 | if (self::isCriticalLinuxDirectory($realdir)) { |
60 | throw new OIDplusException(_L('The attachment directory must not be inside a critical system directory!')); |
50 | throw new OIDplusException(_L('The attachment directory must not be inside a critical system directory!')); |
61 | } |
51 | } |
62 | - | ||
63 | // Linux check 2: Check file owner |
- | |
64 | $file_owner_a = fileowner(OIDplus::localpath().'index.php'); |
- | |
65 | if ($file_owner_a === false) { |
- | |
66 | $file_owner_a = -1; |
- | |
67 | $file_owner_a_name = '???'; |
- | |
68 | } else { |
- | |
69 | $tmp = function_exists('posix_getpwuid') ? posix_getpwuid($file_owner_a) : false; |
- | |
70 | $file_owner_a_name = $tmp !== false ? $tmp['name'] : 'UID '.$file_owner_a; |
- | |
71 | } |
- | |
72 | - | ||
73 | $file_owner_b = fileowner($unlock_file); |
- | |
74 | if ($file_owner_b === false) { |
- | |
75 | $file_owner_b = -1; |
- | |
76 | $file_owner_b_name = '???'; |
- | |
77 | } else { |
- | |
78 | $tmp = function_exists('posix_getpwuid') ? posix_getpwuid($file_owner_b) : false; |
- | |
79 | $file_owner_b_name = $tmp !== false ? $tmp['name'] : 'UID '.$file_owner_b; |
- | |
80 | } |
- | |
81 | - | ||
82 | if ($file_owner_a != $file_owner_b) { |
- | |
83 | throw new OIDplusException(_L('Owner of unlock file "%1" is wrong. It is "%2", but it should be "%3".', $unlock_file, $file_owner_b_name, $file_owner_a_name)); |
- | |
84 | } |
- | |
85 | } else { |
52 | } else { |
86 | // Windows check 1: Check for critical directories |
- | |
87 | if (self::isCriticalWindowsDirectory($realdir)) { |
53 | if (self::isCriticalWindowsDirectory($realdir)) { |
88 | throw new OIDplusException(_L('The attachment directory must not be inside a critical system directory!')); |
54 | throw new OIDplusException(_L('The attachment directory must not be inside a critical system directory!')); |
89 | } |
55 | } |
90 | - | ||
91 | // Note: We will not query the file owner in Windows systems. |
- | |
92 | // It would be possible, however, on Windows systems, the file |
- | |
93 | // ownership is rather hidden to the user and the user needs |
- | |
94 | // to go into several menus and windows in order to see/change |
- | |
95 | // the owner. We don't want to over-complicate it to the Windows admin. |
- | |
96 | } |
56 | } |
97 | } |
57 | } |
98 | 58 | ||
99 | /** |
59 | /** |
100 | * @param string $dir |
60 | * @param string $dir |
101 | * @return bool |
61 | * @return bool |
102 | */ |
62 | */ |
103 | private static function isCriticalWindowsDirectory(string $dir): bool { |
63 | private static function isCriticalWindowsDirectory(string $dir): bool { |
104 | $dir .= '\\'; |
64 | $dir = rtrim(str_replace('/', '\\', $dir),'\\').'\\'; |
105 | $windir = isset($_SERVER['SystemRoot']) ? $_SERVER['SystemRoot'].'\\' : 'C:\\Windows\\'; |
65 | $windir = isset($_SERVER['SystemRoot']) ? rtrim($_SERVER['SystemRoot'],'\\').'\\' : 'C:\\Windows\\'; |
106 | if (stripos($dir,$windir) === 0) return true; |
66 | if (stripos($dir,$windir) === 0) return true; |
107 | return false; |
67 | return false; |
108 | } |
68 | } |
109 | 69 | ||
110 | /** |
70 | /** |
111 | * @param string $dir |
71 | * @param string $dir |
112 | * @return bool |
72 | * @return bool |
113 | */ |
73 | */ |
114 | private static function isCriticalLinuxDirectory(string $dir): bool { |
74 | private static function isCriticalLinuxDirectory(string $dir): bool { |
115 | if ($dir == '/') return true; |
75 | if ($dir == '/') return true; |
116 | $dir .= '/'; |
76 | $dir = rtrim($dir,'/').'/'; |
117 | if (strpos($dir,'/bin/') === 0) return true; |
77 | if (strpos($dir,'/bin/') === 0) return true; |
118 | if (strpos($dir,'/boot/') === 0) return true; |
78 | if (strpos($dir,'/boot/') === 0) return true; |
119 | if (strpos($dir,'/dev/') === 0) return true; |
79 | if (strpos($dir,'/dev/') === 0) return true; |
120 | if (strpos($dir,'/etc/') === 0) return true; |
80 | if (strpos($dir,'/etc/') === 0) return true; |
121 | if (strpos($dir,'/lib') === 0) return true; |
81 | if (strpos($dir,'/lib') === 0) return true; |
Line 367... | Line 327... | ||
367 | OIDplus::config()->prepareConfigKey('attachments_allow_ra_upload', 'Allow that RAs upload file attachments? (0=no, 1=yes)', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
327 | OIDplus::config()->prepareConfigKey('attachments_allow_ra_upload', 'Allow that RAs upload file attachments? (0=no, 1=yes)', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
368 | if (!is_numeric($value) || ($value < 0) || ($value > 1)) { |
328 | if (!is_numeric($value) || ($value < 0) || ($value > 1)) { |
369 | throw new OIDplusException(_L('Please enter a valid value (0=no, 1=yes).')); |
329 | throw new OIDplusException(_L('Please enter a valid value (0=no, 1=yes).')); |
370 | } |
330 | } |
371 | }); |
331 | }); |
372 | - | ||
373 | $info_txt = 'Alternative directory for attachments. It must contain a file named "'; |
- | |
374 | $info_txt .= self::DIR_UNLOCK_FILE; |
- | |
375 | $info_txt .= '"'; |
- | |
376 | if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { |
- | |
377 | $info_txt .= ' with the same owner as index.php'; |
- | |
378 | } |
- | |
379 | $info_txt .= '. If this setting is empty, then the userdata directory is used.'; |
- | |
380 | OIDplus::config()->prepareConfigKey('attachment_upload_dir', $info_txt, '', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
332 | OIDplus::config()->prepareConfigKey('attachment_upload_dir', 'Alternative directory for attachments. If this setting is empty, then the userdata directory is used.', '', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
381 | if (trim($value) !== '') { |
333 | if (trim($value) !== '') { |
382 | self::checkUploadDir($value); |
334 | self::checkUploadDir($value); |
383 | } |
335 | } |
384 | }); |
336 | }); |
385 | } |
337 | } |
Line 413... | Line 365... | ||
413 | return false; |
365 | return false; |
414 | } |
366 | } |
415 | 367 | ||
416 | /** |
368 | /** |
417 | * Convert amount of bytes to human-friendly name |
369 | * Convert amount of bytes to human-friendly name |
- | 370 | * |
|
418 | * @param int $bytes |
371 | * @param int $bytes |
419 | * @param int $decimals |
372 | * @param int $decimals |
420 | * @return string |
373 | * @return string |
- | 374 | * @throws OIDplusConfigInitializationException |
|
- | 375 | * @throws OIDplusException |
|
421 | */ |
376 | */ |
422 | private static function convert_filesize(int $bytes, int $decimals = 2): string { |
377 | private static function convert_filesize(int $bytes, int $decimals = 2): string { |
423 | $size = array(_L('Bytes'),_L('KiB'),_L('MiB'),_L('GiB'),_L('TiB'),_L('PiB'),_L('EiB'),_L('ZiB'),_L('YiB')); |
378 | $size = array(_L('Bytes'),_L('KiB'),_L('MiB'),_L('GiB'),_L('TiB'),_L('PiB'),_L('EiB'),_L('ZiB'),_L('YiB')); |
424 | $factor = floor((strlen("$bytes") - 1) / 3); |
379 | $factor = floor((strlen("$bytes") - 1) / 3); |
425 | return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . ' ' . @$size[$factor]; |
380 | return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . ' ' . @$size[$factor]; |
426 | } |
381 | } |
427 | 382 | ||
428 | /** |
383 | /** |
429 | * Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_2 |
384 | * Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_2 |
- | 385 | * |
|
430 | * @param string $id |
386 | * @param string $id |
431 | * @param string $title |
387 | * @param string $title |
432 | * @param string $icon |
388 | * @param string $icon |
433 | * @param string $text |
389 | * @param string $text |
434 | * @return void |
390 | * @return void |
- | 391 | * @throws OIDplusConfigInitializationException |
|
- | 392 | * @throws OIDplusException |
|
435 | */ |
393 | */ |
436 | public function modifyContent(string $id, string &$title, string &$icon, string &$text) { |
394 | public function modifyContent(string $id, string &$title, string &$icon, string &$text) { |
437 | $output = ''; |
395 | $output = ''; |
438 | $doshow = false; |
396 | $doshow = false; |
439 | 397 |