mirror of
https://github.com/Combodo/iTop.git
synced 2026-02-13 07:24:13 +01:00
N°3952 - code hardening (merged from support/2.6)
This commit is contained in:
Eric
@@ -186,8 +186,7 @@ try
|
||||
catch(Exception $e)
|
||||
{
|
||||
header("HTTP/1.0 500 Internal server error.");
|
||||
echo "<p>An error happened while processing the installation:</p>\n";
|
||||
echo '<p>'.$e."</p>\n";
|
||||
echo "<p>An error happened while processing the installation</p>\n";
|
||||
SetupPage::log_error("An error happened while processing the installation: ".$e);
|
||||
}
|
||||
|
||||
@@ -195,7 +194,7 @@ if (function_exists('memory_get_peak_usage'))
|
||||
{
|
||||
if ($sOperation == 'file')
|
||||
{
|
||||
SetupPage::log_info("loading file '$sFileName', peak memory usage. ".memory_get_peak_usage());
|
||||
SetupPage::log_info("loading file peak memory usage. ".memory_get_peak_usage());
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -25,6 +25,7 @@ require_once(APPROOT.'/setup/setuppage.class.inc.php');
|
||||
require_once(APPROOT.'/setup/wizardcontroller.class.inc.php');
|
||||
require_once(APPROOT.'/setup/wizardsteps.class.inc.php');
|
||||
|
||||
session_start();
|
||||
clearstatcache(); // Make sure we know what we are doing !
|
||||
// Set a long (at least 4 minutes) execution time for the setup to avoid timeouts during this phase
|
||||
ini_set('max_execution_time', max(240, ini_get('max_execution_time')));
|
||||
@@ -33,21 +34,17 @@ ini_set('display_errors', true);
|
||||
ini_set('display_startup_errors', true);
|
||||
date_default_timezone_set('Europe/Paris'); // Just to avoid a warning if the timezone is not set in php.ini
|
||||
|
||||
SetupUtils::ExitMaintenanceMode(false);
|
||||
|
||||
/////////////////////////////////////////////////////////////////////
|
||||
// Fake functions to protect the first run of the installer
|
||||
// in case the PHP JSON module is not installed...
|
||||
if (!function_exists('json_encode'))
|
||||
{
|
||||
if (!function_exists('json_encode')) {
|
||||
function json_encode($value, $options = null)
|
||||
{
|
||||
return '[]';
|
||||
}
|
||||
}
|
||||
if (!function_exists('json_decode'))
|
||||
{
|
||||
function json_decode($json, $assoc=null)
|
||||
if (!function_exists('json_decode')) {
|
||||
function json_decode($json, $assoc = null)
|
||||
{
|
||||
return array();
|
||||
}
|
||||
@@ -57,4 +54,13 @@ if (!function_exists('json_decode'))
|
||||
//N°3671 setup context: force $bForceTrustProxy to be persisted in next calls
|
||||
utils::GetAbsoluteUrlAppRoot(true);
|
||||
$oWizard = new WizardController('WizStepWelcome');
|
||||
$oWizard->Run();
|
||||
//N°3952
|
||||
if (SetupUtils::IsSessionSetupTokenValid()) {
|
||||
// Normal operation
|
||||
$oWizard->Run();
|
||||
} else {
|
||||
SetupUtils::ExitMaintenanceMode(false);
|
||||
// Force initializing the setup
|
||||
$oWizard->Start();
|
||||
SetupUtils::CreateSetupToken();
|
||||
}
|
||||
|
||||
@@ -2019,6 +2019,7 @@ JS
|
||||
}
|
||||
$sUID = hash('sha256', rand());
|
||||
file_put_contents(APPROOT.'data/setup/authent', $sUID);
|
||||
$_SESSION['setup_token'] = $sUID;
|
||||
return $sUID;
|
||||
}
|
||||
|
||||
@@ -2043,6 +2044,33 @@ JS
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check setup transaction and create a new one if necessary
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public static function IsSessionSetupTokenValid()
|
||||
{
|
||||
if (isset($_SESSION['setup_token'])) {
|
||||
$sAuth = $_SESSION['setup_token'];
|
||||
$sTokenFile = APPROOT.'data/setup/authent';
|
||||
if (file_exists($sTokenFile) && $sAuth === file_get_contents($sTokenFile)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public static function EraseSetupToken()
|
||||
{
|
||||
$sTokenFile = APPROOT.'data/setup/authent';
|
||||
if (is_file($sTokenFile)) {
|
||||
unlink($sTokenFile);
|
||||
}
|
||||
unset($_SESSION['setup_token']);
|
||||
}
|
||||
|
||||
private final static function Log($sText)
|
||||
{
|
||||
if (class_exists('SetupPage'))
|
||||
|
||||
@@ -105,7 +105,7 @@ class WizardController
|
||||
/**
|
||||
* Starts the wizard by displaying it in its initial state
|
||||
*/
|
||||
protected function Start()
|
||||
public function Start()
|
||||
{
|
||||
$sCurrentStepClass = $this->sInitialStepClass;
|
||||
$oStep = new $sCurrentStepClass($this, $this->sInitialState);
|
||||
@@ -121,7 +121,7 @@ class WizardController
|
||||
$sCurrentState = utils::ReadParam('_state', $this->sInitialState);
|
||||
/** @var \WizardStep $oStep */
|
||||
$oStep = new $sCurrentStepClass($this, $sCurrentState);
|
||||
if ($oStep->ValidateParams($sCurrentState))
|
||||
if ($oStep->ValidateParams())
|
||||
{
|
||||
$this->PushStep(array('class' => $sCurrentStepClass, 'state' => $sCurrentState));
|
||||
$aPossibleSteps = $oStep->GetPossibleSteps();
|
||||
@@ -174,7 +174,7 @@ class WizardController
|
||||
if (!is_writable($sConfigFile))
|
||||
{
|
||||
SetupUtils::ExitReadOnlyMode(false); // Reset readonly mode in case of problem
|
||||
|
||||
SetupUtils::EraseSetupToken();
|
||||
$sRelativePath = utils::GetConfigFilePathRelative();
|
||||
$oP = new SetupPage('Installation Cannot Continue');
|
||||
$oP->add("<h2>Fatal error</h2>\n");
|
||||
@@ -182,7 +182,8 @@ class WizardController
|
||||
$oP->p("The wizard cannot modify the configuration file for you. If you want to upgrade ".ITOP_APPLICATION.", make sure that the file '<b>".$sRelativePath."</b>' can be modified by the web server.");
|
||||
$oP->p('<button type="button" onclick="window.location.reload()">Reload</button>');
|
||||
$oP->output();
|
||||
return;
|
||||
// Prevent token creation
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2208,7 +2208,7 @@ CSS
|
||||
$oPage->add('<div class="closed"><span class="title">Database Parameters</span><ul>');
|
||||
$oPage->add('<li>Server Name: '.$aInstallParams['database']['server'].'</li>');
|
||||
$oPage->add('<li>DB User Name: '.$aInstallParams['database']['user'].'</li>');
|
||||
$oPage->add('<li>DB user password: '.$aInstallParams['database']['pwd'].'</li>');
|
||||
$oPage->add('<li>DB user password: ***</li>');
|
||||
if (($sMode == 'install') && ($this->oWizard->GetParameter('create_db') == 'yes'))
|
||||
{
|
||||
$oPage->add('<li>Database Name: '.$aInstallParams['database']['name'].' (will be created)</li>');
|
||||
@@ -2646,18 +2646,16 @@ class WizStepDone extends WizardStep
|
||||
$aAdditionalModules = array();
|
||||
foreach(json_decode($this->oWizard->GetParameter('additional_extensions_modules'), true) as $idx => $aModuleInfo)
|
||||
{
|
||||
if (in_array('_'.$idx, $aParameters[count($aParameters)-1]))
|
||||
{
|
||||
if (in_array('_'.$idx, $aParameters[count($aParameters)-1])) {
|
||||
// Extensions "choices" can now have more than one module
|
||||
foreach($aModuleInfo['modules'] as $sModuleName)
|
||||
{
|
||||
foreach ($aModuleInfo['modules'] as $sModuleName) {
|
||||
$aAdditionalModules[] = $sModuleName;
|
||||
}
|
||||
}
|
||||
}
|
||||
$idx = 0;
|
||||
$aReportedModules = array();
|
||||
while($idx < count($aAdditionalModules) && (strlen($sImgUrl.'&m='.urlencode(implode(' ', $aReportedModules))) < 2000)) // reasonable limit for the URL: 2000 chars
|
||||
while ($idx < count($aAdditionalModules) && (strlen($sImgUrl.'&m='.urlencode(implode(' ', $aReportedModules))) < 2000)) // reasonable limit for the URL: 2000 chars
|
||||
{
|
||||
$aReportedModules[] = $aAdditionalModules[$idx];
|
||||
$idx++;
|
||||
@@ -2667,6 +2665,7 @@ class WizStepDone extends WizardStep
|
||||
$oPage->add('<img style="border:0" src="'.$sImgUrl.'"/>');
|
||||
$sForm = addslashes($sForm);
|
||||
$oPage->add_ready_script("$('#wiz_form').after('$sForm');");
|
||||
SetupUtils::EraseSetupToken();
|
||||
}
|
||||
|
||||
public function CanMoveForward()
|
||||
|
||||
Reference in New Issue
Block a user