From 9da993b284e0aba30d6ae3644264f6ac4720cc4a Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Wed, 3 Aug 2011 07:19:49 +0000 Subject: [PATCH] fix problem reported by Fabio Ciuffani / John Leitch --- admin/remote.php | 126 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) create mode 100644 admin/remote.php diff --git a/admin/remote.php b/admin/remote.php new file mode 100644 index 0000000000..f6333252e3 --- /dev/null +++ b/admin/remote.php @@ -0,0 +1,126 @@ + + * @package admin + * @copyright (c) 2007 by Ralf Becker + * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License + * @version $Id$ + */ + +/** + * @var array + */ +$GLOBALS['egw_info'] = array( + 'flags' => array( + 'currentapp' => 'login', + 'noheader' => true, + ) +); + +include('../header.inc.php'); + +// install an own exception handler to forward exceptions back to the remote side +function remote_exception_handler(Exception $e) +{ + $msg = $e->getMessage(); + if (is_object($GLOBALS['egw']->translation)) + { + $msg = $GLOBALS['egw']->translation->convert($msg,$GLOBALS['egw']->translation->charset(),'utf-8'); + } + header('HTTP/1.1 200 '.$msg); + echo $e->getCode().' '.$msg; + $GLOBALS['egw']->common->egw_exit(); +} +set_exception_handler('remote_exception_handler'); + +$GLOBALS['egw']->applications->read_installed_apps(); // set $GLOBALS['egw_info']['apps'] (not set for login) + +$instance = isset($_GET['domain']) ? $_GET['domain'] : $_REQUEST['domain']; // use GET before the rest +if (!isset($GLOBALS['egw_domain'][$instance])) +{ + $instance = $GLOBALS['egw_info']['server']['default_domain']; +} +$config_passwd = $GLOBALS['egw_domain'][$instance]['config_passwd']; +unset($GLOBALS['egw_domain']); + +require_once(EGW_INCLUDE_ROOT.'/admin/inc/class.admin_cmd.inc.php'); + +// check if uid belongs to an existing command --> return it's status +// this is also a security meassure, as a captured uid+secret can not be used to send new commands +$cmd = admin_cmd::read($_REQUEST['uid']); +if (is_object($cmd)) +{ + $cmd->check_remote_access($_REQUEST['secret'],$config_passwd); + + $success_msg = 'Successful'; + // if the comand object has a rerun method, call it + if (method_exists($cmd,'rerun')) + { + $success_msg = $cmd->rerun(); + } + exit_with_status($cmd,$success_msg); +} + +// check if requests contains a reasonable looking admin command to be queued +if (!$_REQUEST['uid'] || // no uid + !$_REQUEST['type'] || // no command class name + !preg_match('/^[a-z0-9_]+$/i', $_REQUEST['type']) || // type is a (autoloadable) class name, prevent inclusion of arbitrary files + !$_REQUEST['creator_email']) // no creator email +{ + header("HTTP/1.1 200 Bad format!"); + echo '0 Bad format!'; + $GLOBALS['egw']->common->egw_exit(); +} + +// create command from request data +$data = isset($_POST['uid']) ? $_POST : $_GET; +unset($data['secret']); +unset($data['id']); // we are remote +unset($data['remote_id']); +$data['creator'] = 0; // remote +if (isset($data['modifier'])) $data['modifier'] = 0; +if (isset($data['requested'])) $data['requested'] = 0; + +if (get_magic_quotes_gpc()) +{ + $data = array_stripslashes($data); +} + +$cmd = admin_cmd::instanciate($data); + +$cmd->check_remote_access($_REQUEST['secret'],$config_passwd); + +//_debug_array($cmd); exit; +$success_msg = $cmd->run(); + +$GLOBALS['egw']->translation->convert($success_msg,$GLOBALS['egw']->translation->charset(),'utf-8'); + +if (!is_string($success_msg)) +{ + $success_msg = serialize($success_msg); +} +exit_with_status($cmd,$success_msg); + +function exit_with_status($cmd,$success_msg='Successful') +{ + switch($cmd->status) + { + case admin_cmd::failed: // errors are returned as 400 HTTP status + header('HTTP/1.1 200 '.$cmd->error); + echo $cmd->errno.' '.$cmd->error; + break; + + default: // everything else is returned as 200 HTTP status + $success_msg = $cmd->stati[$cmd->status]; + // fall through + case admin_cmd::pending: + case admin_cmd::successful: + header('HTTP/1.1 200 '.$cmd->stati[$cmd->status]); + header('Content-type: text/plain; charset=utf-8'); + echo $success_msg; + } + $GLOBALS['egw']->common->egw_exit(); +}