From a09954855e3252f002991ca04e93fc12ff54ba92 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Sat, 14 Feb 2015 17:06:04 +0000 Subject: [PATCH] removed not used remote administration, use json serialization for new admin_cmd data and (secured) json_php_unserialize for existing data --- admin/inc/class.admin_cmd.inc.php | 8 +- admin/remote.php | 126 ------------------------------ 2 files changed, 4 insertions(+), 130 deletions(-) delete mode 100644 admin/remote.php diff --git a/admin/inc/class.admin_cmd.inc.php b/admin/inc/class.admin_cmd.inc.php index aa027b614a..9f9e531071 100644 --- a/admin/inc/class.admin_cmd.inc.php +++ b/admin/inc/class.admin_cmd.inc.php @@ -124,7 +124,7 @@ abstract class admin_cmd foreach($data as $name => $value) { - $this->$name = $name == 'data' && !is_array($value) ? unserialize($value) : $value; + $this->$name = $name == 'data' && !is_array($value) ? json_php_unserialize($value) : $value; } //_debug_array($this); exit; } @@ -243,7 +243,7 @@ abstract class admin_cmd } //echo "got: $message\n"; - if (($value = unserialize($message)) !== false && $message !== serialize(false)) + if (($value = json_php_unserialize($message)) !== false && $message !== serialize(false)) { $message = $value; } @@ -304,7 +304,7 @@ abstract class admin_cmd $vars[$name] = $this->$name; } } - $vars['data'] = serialize($this->data); // data is stored serialized + $vars['data'] = json_encode($this->data); // data is stored serialized admin_cmd::$sql->init($vars); if (admin_cmd::$sql->save() != 0) @@ -361,7 +361,7 @@ abstract class admin_cmd { if (isset($data['data']) && !is_array($data['data'])) { - $data['data'] = unserialize($data['data']); + $data['data'] = json_php_unserialize($data['data']); } if (!class_exists($class = $data['type']) || $class == 'admin_cmd') { diff --git a/admin/remote.php b/admin/remote.php deleted file mode 100644 index f6333252e3..0000000000 --- a/admin/remote.php +++ /dev/null @@ -1,126 +0,0 @@ - - * @package admin - * @copyright (c) 2007 by Ralf Becker - * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License - * @version $Id$ - */ - -/** - * @var array - */ -$GLOBALS['egw_info'] = array( - 'flags' => array( - 'currentapp' => 'login', - 'noheader' => true, - ) -); - -include('../header.inc.php'); - -// install an own exception handler to forward exceptions back to the remote side -function remote_exception_handler(Exception $e) -{ - $msg = $e->getMessage(); - if (is_object($GLOBALS['egw']->translation)) - { - $msg = $GLOBALS['egw']->translation->convert($msg,$GLOBALS['egw']->translation->charset(),'utf-8'); - } - header('HTTP/1.1 200 '.$msg); - echo $e->getCode().' '.$msg; - $GLOBALS['egw']->common->egw_exit(); -} -set_exception_handler('remote_exception_handler'); - -$GLOBALS['egw']->applications->read_installed_apps(); // set $GLOBALS['egw_info']['apps'] (not set for login) - -$instance = isset($_GET['domain']) ? $_GET['domain'] : $_REQUEST['domain']; // use GET before the rest -if (!isset($GLOBALS['egw_domain'][$instance])) -{ - $instance = $GLOBALS['egw_info']['server']['default_domain']; -} -$config_passwd = $GLOBALS['egw_domain'][$instance]['config_passwd']; -unset($GLOBALS['egw_domain']); - -require_once(EGW_INCLUDE_ROOT.'/admin/inc/class.admin_cmd.inc.php'); - -// check if uid belongs to an existing command --> return it's status -// this is also a security meassure, as a captured uid+secret can not be used to send new commands -$cmd = admin_cmd::read($_REQUEST['uid']); -if (is_object($cmd)) -{ - $cmd->check_remote_access($_REQUEST['secret'],$config_passwd); - - $success_msg = 'Successful'; - // if the comand object has a rerun method, call it - if (method_exists($cmd,'rerun')) - { - $success_msg = $cmd->rerun(); - } - exit_with_status($cmd,$success_msg); -} - -// check if requests contains a reasonable looking admin command to be queued -if (!$_REQUEST['uid'] || // no uid - !$_REQUEST['type'] || // no command class name - !preg_match('/^[a-z0-9_]+$/i', $_REQUEST['type']) || // type is a (autoloadable) class name, prevent inclusion of arbitrary files - !$_REQUEST['creator_email']) // no creator email -{ - header("HTTP/1.1 200 Bad format!"); - echo '0 Bad format!'; - $GLOBALS['egw']->common->egw_exit(); -} - -// create command from request data -$data = isset($_POST['uid']) ? $_POST : $_GET; -unset($data['secret']); -unset($data['id']); // we are remote -unset($data['remote_id']); -$data['creator'] = 0; // remote -if (isset($data['modifier'])) $data['modifier'] = 0; -if (isset($data['requested'])) $data['requested'] = 0; - -if (get_magic_quotes_gpc()) -{ - $data = array_stripslashes($data); -} - -$cmd = admin_cmd::instanciate($data); - -$cmd->check_remote_access($_REQUEST['secret'],$config_passwd); - -//_debug_array($cmd); exit; -$success_msg = $cmd->run(); - -$GLOBALS['egw']->translation->convert($success_msg,$GLOBALS['egw']->translation->charset(),'utf-8'); - -if (!is_string($success_msg)) -{ - $success_msg = serialize($success_msg); -} -exit_with_status($cmd,$success_msg); - -function exit_with_status($cmd,$success_msg='Successful') -{ - switch($cmd->status) - { - case admin_cmd::failed: // errors are returned as 400 HTTP status - header('HTTP/1.1 200 '.$cmd->error); - echo $cmd->errno.' '.$cmd->error; - break; - - default: // everything else is returned as 200 HTTP status - $success_msg = $cmd->stati[$cmd->status]; - // fall through - case admin_cmd::pending: - case admin_cmd::successful: - header('HTTP/1.1 200 '.$cmd->stati[$cmd->status]); - header('Content-type: text/plain; charset=utf-8'); - echo $success_msg; - } - $GLOBALS['egw']->common->egw_exit(); -}