mirror of
https://github.com/e107inc/e107.git
synced 2025-01-17 20:58:30 +01:00
Began work on the core_image.php reader
This commit is contained in:
parent
6aeee58ac2
commit
20dbdefb77
File diff suppressed because it is too large
Load Diff
@ -193,6 +193,7 @@ class e107
|
|||||||
'e_bb_base' => '{e_HANDLER}bbcode_handler.php',
|
'e_bb_base' => '{e_HANDLER}bbcode_handler.php',
|
||||||
'e_customfields' => '{e_HANDLER}e_customfields_class.php',
|
'e_customfields' => '{e_HANDLER}e_customfields_class.php',
|
||||||
'e_file' => '{e_HANDLER}file_class.php',
|
'e_file' => '{e_HANDLER}file_class.php',
|
||||||
|
'e_file_inspector' => '{e_HANDLER}e_file_inspector_json.php',
|
||||||
'e_form' => '{e_HANDLER}form_handler.php',
|
'e_form' => '{e_HANDLER}form_handler.php',
|
||||||
'e_jshelper' => '{e_HANDLER}js_helper.php',
|
'e_jshelper' => '{e_HANDLER}js_helper.php',
|
||||||
'e_media' => '{e_HANDLER}media_class.php',
|
'e_media' => '{e_HANDLER}media_class.php',
|
||||||
@ -1601,6 +1602,18 @@ class e107
|
|||||||
return self::getObject('e_file', null, true);
|
return self::getObject('e_file', null, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create a new file inspector object
|
||||||
|
*
|
||||||
|
* Note: Only the core file inspector is supported right now.
|
||||||
|
*
|
||||||
|
* @return e_file_inspector
|
||||||
|
*/
|
||||||
|
public static function getFileInspector()
|
||||||
|
{
|
||||||
|
return self::getSingleton('e_file_inspector');
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieve form handler singleton or new fresh object
|
* Retrieve form handler singleton or new fresh object
|
||||||
*
|
*
|
||||||
|
101
e107_handlers/e_file_inspector.php
Normal file
101
e107_handlers/e_file_inspector.php
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* e107 website system
|
||||||
|
*
|
||||||
|
* Copyright (C) 2008-2020 e107 Inc (e107.org)
|
||||||
|
* Released under the terms and conditions of the
|
||||||
|
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
|
||||||
|
*/
|
||||||
|
|
||||||
|
require_once("e_file_inspector_interface.php");
|
||||||
|
|
||||||
|
abstract class e_file_inspector implements e_file_inspector_interface
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Check the integrity of the provided path
|
||||||
|
*
|
||||||
|
* @param $path string Relative path of the file to look up
|
||||||
|
* @param $version string The desired software release to match.
|
||||||
|
* Leave blank for the latest version.
|
||||||
|
* Do not prepend the version number with "v".
|
||||||
|
* @return int Validation code (see the constants of this class)
|
||||||
|
*/
|
||||||
|
public function validate($path, $version = null)
|
||||||
|
{
|
||||||
|
$absolutePath = realpath($path);
|
||||||
|
$actualChecksum = $this->checksumPath($absolutePath);
|
||||||
|
$dbChecksum = $this->getChecksum($path, $version);
|
||||||
|
|
||||||
|
if ($dbChecksum === false) return self::VALIDATION_IGNORE;
|
||||||
|
if (!file_exists($absolutePath)) return self::VALIDATION_MISSING;
|
||||||
|
if ($this->isInsecure($path)) return self::VALIDATION_INSECURE;
|
||||||
|
if ($actualChecksum === false) return self::VALIDATION_INCALCULABLE;
|
||||||
|
if ($actualChecksum === $dbChecksum) return self::VALIDATION_PASS;
|
||||||
|
|
||||||
|
foreach ($this->getChecksums($path) as $dbVersion => $dbChecksum)
|
||||||
|
{
|
||||||
|
if (version_compare($dbVersion, $version, ">=")) continue;
|
||||||
|
|
||||||
|
if ($dbChecksum === $actualChecksum) return self::VALIDATION_OLD;
|
||||||
|
}
|
||||||
|
|
||||||
|
return self::VALIDATION_FAIL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the file integrity hash for the provided path and version
|
||||||
|
*
|
||||||
|
* @param $path string Relative path of the file to look up
|
||||||
|
* @param $version string The software release version corresponding to the file hash.
|
||||||
|
* Leave blank for the latest version.
|
||||||
|
* Do not prepend the version number with "v".
|
||||||
|
* @return string|bool The database hash for the path and version specified. FALSE if the record does not exist.
|
||||||
|
*/
|
||||||
|
public function getChecksum($path, $version = null)
|
||||||
|
{
|
||||||
|
$checksums = $this->getChecksums($path);
|
||||||
|
return isset($checksums[$version]) ? $checksums[$version] : false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Calculate the hash of a path to compare with the hash database
|
||||||
|
*
|
||||||
|
* @param $absolutePath string Absolute path of the file to hash
|
||||||
|
* @return string|bool The actual hash for the path. FALSE if the hash was incalculable.
|
||||||
|
*/
|
||||||
|
public function checksumPath($absolutePath)
|
||||||
|
{
|
||||||
|
if (!is_file($absolutePath) || !is_readable($absolutePath)) return false;
|
||||||
|
|
||||||
|
return $this->checksum(file_get_contents($absolutePath));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Calculate the hash of a string, which would be used to compare with the hash database
|
||||||
|
*
|
||||||
|
* @param $content string Full content to hash
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function checksum($content)
|
||||||
|
{
|
||||||
|
return md5(str_replace(array(chr(13),chr(10)), "", $content));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the matching version of the provided path
|
||||||
|
*
|
||||||
|
* Useful for looking up the versions of old files that no longer exist in the latest image
|
||||||
|
*
|
||||||
|
* @param $path string Relative path of the file to look up
|
||||||
|
* @return string|bool PHP-standardized version of the file. FALSE if there is no match.
|
||||||
|
*/
|
||||||
|
public function getVersion($path)
|
||||||
|
{
|
||||||
|
$actualChecksum = $this->checksumPath($path);
|
||||||
|
foreach ($this->getChecksums($path) as $dbVersion => $dbChecksum)
|
||||||
|
{
|
||||||
|
if ($actualChecksum === $dbChecksum) return $dbVersion;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
65
e107_handlers/e_file_inspector_interface.php
Normal file
65
e107_handlers/e_file_inspector_interface.php
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* e107 website system
|
||||||
|
*
|
||||||
|
* Copyright (C) 2008-2020 e107 Inc (e107.org)
|
||||||
|
* Released under the terms and conditions of the
|
||||||
|
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
|
||||||
|
*/
|
||||||
|
|
||||||
|
interface e_file_inspector_interface
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* The file is present, and its hash matches the specified version.
|
||||||
|
*/
|
||||||
|
const VALIDATION_PASS = 1;
|
||||||
|
/**
|
||||||
|
* The file is present, but the hash does not match the specified version. VALIDATION_OLD takes precedence.
|
||||||
|
*/
|
||||||
|
const VALIDATION_FAIL = 2;
|
||||||
|
/**
|
||||||
|
* The file is absent, but a hash exists for the specified version.
|
||||||
|
*/
|
||||||
|
const VALIDATION_MISSING = 3;
|
||||||
|
/**
|
||||||
|
* The file is present, and its hash matches a version older than the specified version.
|
||||||
|
*/
|
||||||
|
const VALIDATION_OLD = 4;
|
||||||
|
/**
|
||||||
|
* A hash cannot be determined for the provided file.
|
||||||
|
*/
|
||||||
|
const VALIDATION_INCALCULABLE = 5;
|
||||||
|
/**
|
||||||
|
* The file is present, but it should be deleted due to security concerns
|
||||||
|
*/
|
||||||
|
const VALIDATION_INSECURE = 6;
|
||||||
|
/**
|
||||||
|
* The file, present or absent, is not in this database.
|
||||||
|
*/
|
||||||
|
const VALIDATION_IGNORE = 7;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get all the known file integrity hashes for the provided path
|
||||||
|
*
|
||||||
|
* @param $path string Relative path of the file to look up
|
||||||
|
* @return array Associative array where the keys are the PHP-standardized versions and the values are the checksums
|
||||||
|
* for those versions.
|
||||||
|
*/
|
||||||
|
public function getChecksums($path);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* List of versions of the provided path for which the database has hashes
|
||||||
|
*
|
||||||
|
* @param $path string Relative path of the file to look up
|
||||||
|
* @return array PHP-standardized versions. Empty if there are none.
|
||||||
|
*/
|
||||||
|
public function getVersions($path);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if the file is insecure
|
||||||
|
*
|
||||||
|
* @param $path string Relative path of the file to look up
|
||||||
|
* @return bool TRUE if the file should be deleted due to known security flaws; FALSE otherwise
|
||||||
|
*/
|
||||||
|
public function isInsecure($path);
|
||||||
|
}
|
89
e107_handlers/e_file_inspector_json.php
Normal file
89
e107_handlers/e_file_inspector_json.php
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* e107 website system
|
||||||
|
*
|
||||||
|
* Copyright (C) 2008-2020 e107 Inc (e107.org)
|
||||||
|
* Released under the terms and conditions of the
|
||||||
|
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
|
||||||
|
*/
|
||||||
|
|
||||||
|
require_once("e_file_inspector.php");
|
||||||
|
|
||||||
|
class e_file_inspector_json extends e_file_inspector
|
||||||
|
{
|
||||||
|
private $coreImage;
|
||||||
|
|
||||||
|
public function __construct()
|
||||||
|
{
|
||||||
|
global $core_image;
|
||||||
|
require(e_ADMIN . "core_image.php");
|
||||||
|
$this->coreImage = json_decode($core_image, true);
|
||||||
|
unset($core_image);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @inheritDoc
|
||||||
|
*/
|
||||||
|
public function getChecksums($path)
|
||||||
|
{
|
||||||
|
$path = $this->pathToDefaultPath($path);
|
||||||
|
return self::array_get($this->coreImage, $path, []);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @inheritDoc
|
||||||
|
*/
|
||||||
|
public function getVersions($path)
|
||||||
|
{
|
||||||
|
$path = $this->pathToDefaultPath($path);
|
||||||
|
return array_keys(self::array_get($this->coreImage, $path, []));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @inheritDoc
|
||||||
|
*/
|
||||||
|
public function isInsecure($path)
|
||||||
|
{
|
||||||
|
# TODO
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get an item from an array using "slash" notation.
|
||||||
|
*
|
||||||
|
* Based on Illuminate\Support\Arr::get()
|
||||||
|
*
|
||||||
|
* @param array $array
|
||||||
|
* @param string $key
|
||||||
|
* @param mixed $default
|
||||||
|
* @return mixed
|
||||||
|
* @copyright Copyright (c) Taylor Otwell
|
||||||
|
* @license https://github.com/illuminate/support/blob/master/LICENSE.md MIT License
|
||||||
|
*/
|
||||||
|
private static function array_get($array, $key, $default = null)
|
||||||
|
{
|
||||||
|
if (is_null($key)) return $array;
|
||||||
|
|
||||||
|
if (isset($array[$key])) return $array[$key];
|
||||||
|
|
||||||
|
foreach (explode('/', $key) as $segment) {
|
||||||
|
if (!is_array($array) || !array_key_exists($segment, $array)) {
|
||||||
|
return $default;
|
||||||
|
}
|
||||||
|
|
||||||
|
$array = $array[$segment];
|
||||||
|
}
|
||||||
|
|
||||||
|
return $array;
|
||||||
|
}
|
||||||
|
|
||||||
|
private function pathToDefaultPath($path)
|
||||||
|
{
|
||||||
|
$defaultDirs = e107::getInstance()->defaultDirs();
|
||||||
|
foreach ($defaultDirs as $dirType => $defaultDir) {
|
||||||
|
$customDir = e107::getFolder(preg_replace("/_DIRECTORY$/i", "", $dirType));
|
||||||
|
$path = preg_replace("/^" . preg_quote($customDir, "/") . "/", $defaultDir, $path);
|
||||||
|
}
|
||||||
|
return $path;
|
||||||
|
}
|
||||||
|
}
|
33
e107_tests/tests/unit/e_file_inspectorTest.php
Normal file
33
e107_tests/tests/unit/e_file_inspectorTest.php
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* e107 website system
|
||||||
|
*
|
||||||
|
* Copyright (C) 2008-2020 e107 Inc (e107.org)
|
||||||
|
* Released under the terms and conditions of the
|
||||||
|
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
|
||||||
|
*/
|
||||||
|
|
||||||
|
class e_file_inspectorTest extends \Codeception\Test\Unit
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* @var e_file_inspector_json
|
||||||
|
*/
|
||||||
|
private $e_integrity;
|
||||||
|
|
||||||
|
public function _before()
|
||||||
|
{
|
||||||
|
require_once(e_HANDLER."e_file_inspector_json.php");
|
||||||
|
$this->e_integrity = new e_file_inspector_json();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testGetChecksums()
|
||||||
|
{
|
||||||
|
$checksums = $this->e_integrity->getChecksums("e107_admin/e107_update.php");
|
||||||
|
$this->assertIsArray($checksums);
|
||||||
|
$this->assertNotEmpty($checksums);
|
||||||
|
|
||||||
|
$checksums = $this->e_integrity->getChecksums("e107_handlers/nonexistent.php");
|
||||||
|
$this->assertIsArray($checksums);
|
||||||
|
$this->assertEmpty($checksums);
|
||||||
|
}
|
||||||
|
}
|
Loading…
x
Reference in New Issue
Block a user