mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-22 07:53:39 +01:00
removed not used remote administration, use json serialization for new admin_cmd data and (secured) json_php_unserialize for existing data
This commit is contained in:
parent
c27c74e94d
commit
35729b291c
@ -124,7 +124,7 @@ abstract class admin_cmd
|
|||||||
|
|
||||||
foreach($data as $name => $value)
|
foreach($data as $name => $value)
|
||||||
{
|
{
|
||||||
$this->$name = $name == 'data' && !is_array($value) ? unserialize($value) : $value;
|
$this->$name = $name == 'data' && !is_array($value) ? json_php_unserialize($value) : $value;
|
||||||
}
|
}
|
||||||
//_debug_array($this); exit;
|
//_debug_array($this); exit;
|
||||||
}
|
}
|
||||||
@ -243,7 +243,7 @@ abstract class admin_cmd
|
|||||||
}
|
}
|
||||||
//echo "got: $message\n";
|
//echo "got: $message\n";
|
||||||
|
|
||||||
if (($value = unserialize($message)) !== false && $message !== serialize(false))
|
if (($value = json_php_unserialize($message)) !== false && $message !== serialize(false))
|
||||||
{
|
{
|
||||||
$message = $value;
|
$message = $value;
|
||||||
}
|
}
|
||||||
@ -304,7 +304,7 @@ abstract class admin_cmd
|
|||||||
$vars[$name] = $this->$name;
|
$vars[$name] = $this->$name;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$vars['data'] = serialize($this->data); // data is stored serialized
|
$vars['data'] = json_encode($this->data); // data is stored serialized
|
||||||
|
|
||||||
admin_cmd::$sql->init($vars);
|
admin_cmd::$sql->init($vars);
|
||||||
if (admin_cmd::$sql->save() != 0)
|
if (admin_cmd::$sql->save() != 0)
|
||||||
@ -361,7 +361,7 @@ abstract class admin_cmd
|
|||||||
{
|
{
|
||||||
if (isset($data['data']) && !is_array($data['data']))
|
if (isset($data['data']) && !is_array($data['data']))
|
||||||
{
|
{
|
||||||
$data['data'] = unserialize($data['data']);
|
$data['data'] = json_php_unserialize($data['data']);
|
||||||
}
|
}
|
||||||
if (!class_exists($class = $data['type']) || $class == 'admin_cmd')
|
if (!class_exists($class = $data['type']) || $class == 'admin_cmd')
|
||||||
{
|
{
|
||||||
|
126
admin/remote.php
126
admin/remote.php
@ -1,126 +0,0 @@
|
|||||||
<?php
|
|
||||||
/**
|
|
||||||
* eGgroupWare admin - remote admin command execution
|
|
||||||
*
|
|
||||||
* @link http://www.egroupware.org
|
|
||||||
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
|
||||||
* @package admin
|
|
||||||
* @copyright (c) 2007 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
|
||||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
|
||||||
* @version $Id$
|
|
||||||
*/
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var array
|
|
||||||
*/
|
|
||||||
$GLOBALS['egw_info'] = array(
|
|
||||||
'flags' => array(
|
|
||||||
'currentapp' => 'login',
|
|
||||||
'noheader' => true,
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
include('../header.inc.php');
|
|
||||||
|
|
||||||
// install an own exception handler to forward exceptions back to the remote side
|
|
||||||
function remote_exception_handler(Exception $e)
|
|
||||||
{
|
|
||||||
$msg = $e->getMessage();
|
|
||||||
if (is_object($GLOBALS['egw']->translation))
|
|
||||||
{
|
|
||||||
$msg = $GLOBALS['egw']->translation->convert($msg,$GLOBALS['egw']->translation->charset(),'utf-8');
|
|
||||||
}
|
|
||||||
header('HTTP/1.1 200 '.$msg);
|
|
||||||
echo $e->getCode().' '.$msg;
|
|
||||||
$GLOBALS['egw']->common->egw_exit();
|
|
||||||
}
|
|
||||||
set_exception_handler('remote_exception_handler');
|
|
||||||
|
|
||||||
$GLOBALS['egw']->applications->read_installed_apps(); // set $GLOBALS['egw_info']['apps'] (not set for login)
|
|
||||||
|
|
||||||
$instance = isset($_GET['domain']) ? $_GET['domain'] : $_REQUEST['domain']; // use GET before the rest
|
|
||||||
if (!isset($GLOBALS['egw_domain'][$instance]))
|
|
||||||
{
|
|
||||||
$instance = $GLOBALS['egw_info']['server']['default_domain'];
|
|
||||||
}
|
|
||||||
$config_passwd = $GLOBALS['egw_domain'][$instance]['config_passwd'];
|
|
||||||
unset($GLOBALS['egw_domain']);
|
|
||||||
|
|
||||||
require_once(EGW_INCLUDE_ROOT.'/admin/inc/class.admin_cmd.inc.php');
|
|
||||||
|
|
||||||
// check if uid belongs to an existing command --> return it's status
|
|
||||||
// this is also a security meassure, as a captured uid+secret can not be used to send new commands
|
|
||||||
$cmd = admin_cmd::read($_REQUEST['uid']);
|
|
||||||
if (is_object($cmd))
|
|
||||||
{
|
|
||||||
$cmd->check_remote_access($_REQUEST['secret'],$config_passwd);
|
|
||||||
|
|
||||||
$success_msg = 'Successful';
|
|
||||||
// if the comand object has a rerun method, call it
|
|
||||||
if (method_exists($cmd,'rerun'))
|
|
||||||
{
|
|
||||||
$success_msg = $cmd->rerun();
|
|
||||||
}
|
|
||||||
exit_with_status($cmd,$success_msg);
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if requests contains a reasonable looking admin command to be queued
|
|
||||||
if (!$_REQUEST['uid'] || // no uid
|
|
||||||
!$_REQUEST['type'] || // no command class name
|
|
||||||
!preg_match('/^[a-z0-9_]+$/i', $_REQUEST['type']) || // type is a (autoloadable) class name, prevent inclusion of arbitrary files
|
|
||||||
!$_REQUEST['creator_email']) // no creator email
|
|
||||||
{
|
|
||||||
header("HTTP/1.1 200 Bad format!");
|
|
||||||
echo '0 Bad format!';
|
|
||||||
$GLOBALS['egw']->common->egw_exit();
|
|
||||||
}
|
|
||||||
|
|
||||||
// create command from request data
|
|
||||||
$data = isset($_POST['uid']) ? $_POST : $_GET;
|
|
||||||
unset($data['secret']);
|
|
||||||
unset($data['id']); // we are remote
|
|
||||||
unset($data['remote_id']);
|
|
||||||
$data['creator'] = 0; // remote
|
|
||||||
if (isset($data['modifier'])) $data['modifier'] = 0;
|
|
||||||
if (isset($data['requested'])) $data['requested'] = 0;
|
|
||||||
|
|
||||||
if (get_magic_quotes_gpc())
|
|
||||||
{
|
|
||||||
$data = array_stripslashes($data);
|
|
||||||
}
|
|
||||||
|
|
||||||
$cmd = admin_cmd::instanciate($data);
|
|
||||||
|
|
||||||
$cmd->check_remote_access($_REQUEST['secret'],$config_passwd);
|
|
||||||
|
|
||||||
//_debug_array($cmd); exit;
|
|
||||||
$success_msg = $cmd->run();
|
|
||||||
|
|
||||||
$GLOBALS['egw']->translation->convert($success_msg,$GLOBALS['egw']->translation->charset(),'utf-8');
|
|
||||||
|
|
||||||
if (!is_string($success_msg))
|
|
||||||
{
|
|
||||||
$success_msg = serialize($success_msg);
|
|
||||||
}
|
|
||||||
exit_with_status($cmd,$success_msg);
|
|
||||||
|
|
||||||
function exit_with_status($cmd,$success_msg='Successful')
|
|
||||||
{
|
|
||||||
switch($cmd->status)
|
|
||||||
{
|
|
||||||
case admin_cmd::failed: // errors are returned as 400 HTTP status
|
|
||||||
header('HTTP/1.1 200 '.$cmd->error);
|
|
||||||
echo $cmd->errno.' '.$cmd->error;
|
|
||||||
break;
|
|
||||||
|
|
||||||
default: // everything else is returned as 200 HTTP status
|
|
||||||
$success_msg = $cmd->stati[$cmd->status];
|
|
||||||
// fall through
|
|
||||||
case admin_cmd::pending:
|
|
||||||
case admin_cmd::successful:
|
|
||||||
header('HTTP/1.1 200 '.$cmd->stati[$cmd->status]);
|
|
||||||
header('Content-type: text/plain; charset=utf-8');
|
|
||||||
echo $success_msg;
|
|
||||||
}
|
|
||||||
$GLOBALS['egw']->common->egw_exit();
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user