From f51cd65b1f867023b168cf87a155f000395307ae Mon Sep 17 00:00:00 2001
From: Eric <eric.espie@combodo.com>
Date: Mon, 7 Oct 2019 17:44:17 +0200
Subject: [PATCH] =?UTF-8?q?N=C2=B02249=20-=20Supportability=20-=20Updater?=
 =?UTF-8?q?=20module?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 setup/ajax.dataloader.php                |  7 +----
 setup/applicationinstaller.class.inc.php | 33 +++++++++++++++++------
 setup/moduleinstaller.class.inc.php      |  2 +-
 setup/setuputils.class.inc.php           | 34 ++++++++++++++++++++++++
 setup/wizardsteps.class.inc.php          | 11 +-------
 5 files changed, 62 insertions(+), 25 deletions(-)

diff --git a/setup/ajax.dataloader.php b/setup/ajax.dataloader.php
index 7ede187a9..8862d0302 100644
--- a/setup/ajax.dataloader.php
+++ b/setup/ajax.dataloader.php
@@ -141,12 +141,7 @@ header("Expires: Fri, 17 Jul 1970 05:00:00 GMT");    // Date in the past
 $sOperation = Utils::ReadParam('operation', '');
 try
 {
-	$sAuthent = utils::ReadParam('authent', '', false, 'raw_data');
-	if (!file_exists(APPROOT.'data/setup/authent') || $sAuthent !== file_get_contents(APPROOT.'data/setup/authent'))
-	{
-		throw new SecurityException('Setup operations are not allowed outside of the setup');
-		SetupPage::log_error("Setup operations are not allowed outside of the setup");
-	}
+	SetupUtils::CheckSetupToken();
 
 	switch($sOperation)
 	{
diff --git a/setup/applicationinstaller.class.inc.php b/setup/applicationinstaller.class.inc.php
index bbdcd9f1c..d34b07ce6 100644
--- a/setup/applicationinstaller.class.inc.php
+++ b/setup/applicationinstaller.class.inc.php
@@ -91,11 +91,13 @@ class ApplicationInstaller
 	 *
 	 * @param bool $bSwitchToMaintenance
 	 *
-	 * @param bool $bSilent
+	 * @param bool $bVerbose
+	 * @param string|null $sMessage
+	 * @param string|null $sInstallComment
 	 *
 	 * @return boolean True if the installation was successful, false otherwise
 	 */
-	public function ExecuteAllSteps($bSwitchToMaintenance = true, $bVerbose = true)
+	public function ExecuteAllSteps($bSwitchToMaintenance = true, $bVerbose = true, &$sMessage = null, $sInstallComment = null)
 	{
 		$sStep = '';
 		$sStepLabel = '';
@@ -114,10 +116,10 @@ class ApplicationInstaller
 					echo "Starting the installation...\n";
 				}
 			}
-			$aRes = $this->ExecuteStep($sStep, $bSwitchToMaintenance);
+			$aRes = $this->ExecuteStep($sStep, $bSwitchToMaintenance, $sInstallComment);
 			$sStep = $aRes['next-step'];
 			$sStepLabel = $aRes['next-step-label'];
-
+			$sMessage = $aRes['message'];
 			if ($bVerbose)
 			{
 				switch ($aRes['status'])
@@ -143,6 +145,18 @@ class ApplicationInstaller
 						break;
 				}
 			}
+			else
+			{
+				switch ($aRes['status'])
+				{
+					case self::ERROR:
+						$iOverallStatus = self::ERROR;
+						break;
+					case self::WARNING:
+						$iOverallStatus = self::WARNING;
+						break;
+				}
+			}
 		}
 		while(($aRes['status'] != self::ERROR) && ($aRes['next-step'] != ''));
 		
@@ -169,10 +183,11 @@ class ApplicationInstaller
 	 *
 	 * @param string $sStep The identifier of the step to execute
 	 * @param bool $bSwitchToMaintenance
+	 * @param string|null $sInstallComment
 	 *
 	 * @return array (status => , message => , percentage-completed => , next-step => , next-step-label => )
 	 */
-	public function ExecuteStep($sStep = '', $bSwitchToMaintenance= true)
+	public function ExecuteStep($sStep = '', $bSwitchToMaintenance= true, $sInstallComment = null)
 	{
 		try
 		{
@@ -365,7 +380,7 @@ class ApplicationInstaller
 					$aParamValues = $this->oParams->GetParamForConfigArray();
 
 					self::DoCreateConfig($sTargetDir, $sPreviousConfigFile, $sTargetEnvironment, $sDataModelVersion,
-						$bOldAddon, $aSelectedModuleCodes, $aSelectedExtensionCodes, $aParamValues);
+						$bOldAddon, $aSelectedModuleCodes, $aSelectedExtensionCodes, $aParamValues, $sInstallComment);
 
 					$aResult = array(
 						'status' => self::INFO,
@@ -906,13 +921,15 @@ class ApplicationInstaller
 	 * @param array $aSelectedExtensionCodes
 	 * @param array $aParamValues parameters array used to create config file using {@see Config::UpdateFromParams}
 	 *
+	 * @param null $sInstallComment
+	 *
 	 * @throws \ConfigException
 	 * @throws \CoreException
 	 * @throws \Exception
 	 */
 	protected static function DoCreateConfig(
 		$sModulesDir, $sPreviousConfigFile, $sTargetEnvironment, $sDataModelVersion, $bOldAddon, $aSelectedModuleCodes,
-		$aSelectedExtensionCodes, $aParamValues
+		$aSelectedExtensionCodes, $aParamValues, $sInstallComment = null
 	) {
 		$aParamValues['selected_modules'] = implode(',', $aSelectedModuleCodes);
 		$sMode = $aParamValues['mode'];
@@ -953,7 +970,7 @@ class ApplicationInstaller
 		// Record which modules are installed...
 		$oProductionEnv = new RunTimeEnvironment($sTargetEnvironment);
 		$oProductionEnv->InitDataModel($oConfig, true);  // load data model and connect to the database
-		if (!$oProductionEnv->RecordInstallation($oConfig, $sDataModelVersion, $aSelectedModuleCodes, $aSelectedExtensionCodes))
+		if (!$oProductionEnv->RecordInstallation($oConfig, $sDataModelVersion, $aSelectedModuleCodes, $aSelectedExtensionCodes, $sInstallComment))
 		{
 			throw new Exception("Failed to record the installation information");
 		}
diff --git a/setup/moduleinstaller.class.inc.php b/setup/moduleinstaller.class.inc.php
index 596905963..27b790987 100644
--- a/setup/moduleinstaller.class.inc.php
+++ b/setup/moduleinstaller.class.inc.php
@@ -143,7 +143,7 @@ abstract class ModuleInstallerAPI
 						{
 							$sColType = $aFields[0]['Type'];
 							// Note: the parsing should rely on str_getcsv (requires PHP 5.3) to cope with escaped string
-							if (preg_match("/^enum\(\'(.*)\'\)$/", $sColType, $aMatches))
+							if (preg_match("/^enum\('(.*)'\)$/", $sColType, $aMatches))
 							{
 								$aCurrentValues = explode("','", $aMatches[1]);
 							}
diff --git a/setup/setuputils.class.inc.php b/setup/setuputils.class.inc.php
index de13f18ea..a9596ce81 100644
--- a/setup/setuputils.class.inc.php
+++ b/setup/setuputils.class.inc.php
@@ -1886,6 +1886,40 @@ EOF
 		}
 	}
 
+	/**
+	 * Create and store Setup authentication token
+	 *
+	 * @return string token
+	 */
+	public final static function CreateSetupToken()
+	{
+		if (!is_dir(APPROOT.'data'))
+		{
+			mkdir(APPROOT.'data');
+		}
+		if (!is_dir(APPROOT.'data/setup'))
+		{
+			mkdir(APPROOT.'data/setup');
+		}
+		$sUID = hash('sha256', rand());
+		file_put_contents(APPROOT.'data/setup/authent', $sUID);
+		return $sUID;
+	}
+
+	/**
+	 * Verify Setup authentication token (from the request parameter 'authent')
+	 *
+	 * @throws \SecurityException
+	 */
+	public final static function CheckSetupToken()
+	{
+		$sAuthent = utils::ReadParam('authent', '', false, 'raw_data');
+		if (!file_exists(APPROOT.'data/setup/authent') || $sAuthent !== file_get_contents(APPROOT.'data/setup/authent'))
+		{
+			throw new SecurityException('Setup operations are not allowed outside of the setup');
+		}
+	}
+
 	private final static function Log($sText)
 	{
 		if (class_exists('SetupPage'))
diff --git a/setup/wizardsteps.class.inc.php b/setup/wizardsteps.class.inc.php
index 3ebd1a768..79a4e8266 100644
--- a/setup/wizardsteps.class.inc.php
+++ b/setup/wizardsteps.class.inc.php
@@ -57,16 +57,7 @@ class WizStepWelcome extends WizardStep
 
 	public function ProcessParams($bMoveForward = true)
 	{
-		if (!is_dir(APPROOT.'data'))
-		{
-			mkdir(APPROOT.'data');
-		}
-		if (!is_dir(APPROOT.'data/setup'))
-		{
-			mkdir(APPROOT.'data/setup');
-		}
-		$sUID = hash('sha256', rand());
-		file_put_contents(APPROOT.'data/setup/authent', $sUID);
+		$sUID = SetupUtils::CreateSetupToken();
 		$this->oWizard->SetParameter('authent', $sUID);
 		return array('class' => 'WizStepInstallOrUpgrade', 'state' => '');
 	}