removed not used remote administration, use json serialization for new admin_cmd data and (secured) json_php_unserialize for existing data

This commit is contained in:
Ralf Becker 2015-02-14 17:07:33 +00:00
parent 92ac6bb039
commit f25eb6c0df
2 changed files with 1027 additions and 126 deletions

File diff suppressed because it is too large Load Diff

View File

@ -1,126 +0,0 @@
<?php
/**
* eGgroupWare admin - remote admin command execution
*
* @link http://www.egroupware.org
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @package admin
* @copyright (c) 2007 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$
*/
/**
* @var array
*/
$GLOBALS['egw_info'] = array(
'flags' => array(
'currentapp' => 'login',
'noheader' => true,
)
);
include('../header.inc.php');
// install an own exception handler to forward exceptions back to the remote side
function remote_exception_handler(Exception $e)
{
$msg = $e->getMessage();
if (is_object($GLOBALS['egw']->translation))
{
$msg = $GLOBALS['egw']->translation->convert($msg,$GLOBALS['egw']->translation->charset(),'utf-8');
}
header('HTTP/1.1 200 '.$msg);
echo $e->getCode().' '.$msg;
$GLOBALS['egw']->common->egw_exit();
}
set_exception_handler('remote_exception_handler');
$GLOBALS['egw']->applications->read_installed_apps(); // set $GLOBALS['egw_info']['apps'] (not set for login)
$instance = isset($_GET['domain']) ? $_GET['domain'] : $_REQUEST['domain']; // use GET before the rest
if (!isset($GLOBALS['egw_domain'][$instance]))
{
$instance = $GLOBALS['egw_info']['server']['default_domain'];
}
$config_passwd = $GLOBALS['egw_domain'][$instance]['config_passwd'];
unset($GLOBALS['egw_domain']);
require_once(EGW_INCLUDE_ROOT.'/admin/inc/class.admin_cmd.inc.php');
// check if uid belongs to an existing command --> return it's status
// this is also a security meassure, as a captured uid+secret can not be used to send new commands
$cmd = admin_cmd::read($_REQUEST['uid']);
if (is_object($cmd))
{
$cmd->check_remote_access($_REQUEST['secret'],$config_passwd);
$success_msg = 'Successful';
// if the comand object has a rerun method, call it
if (method_exists($cmd,'rerun'))
{
$success_msg = $cmd->rerun();
}
exit_with_status($cmd,$success_msg);
}
// check if requests contains a reasonable looking admin command to be queued
if (!$_REQUEST['uid'] || // no uid
!$_REQUEST['type'] || // no command class name
!preg_match('/^[a-z0-9_]+$/i', $_REQUEST['type']) || // type is a (autoloadable) class name, prevent inclusion of arbitrary files
!$_REQUEST['creator_email']) // no creator email
{
header("HTTP/1.1 200 Bad format!");
echo '0 Bad format!';
$GLOBALS['egw']->common->egw_exit();
}
// create command from request data
$data = isset($_POST['uid']) ? $_POST : $_GET;
unset($data['secret']);
unset($data['id']); // we are remote
unset($data['remote_id']);
$data['creator'] = 0; // remote
if (isset($data['modifier'])) $data['modifier'] = 0;
if (isset($data['requested'])) $data['requested'] = 0;
if (get_magic_quotes_gpc())
{
$data = array_stripslashes($data);
}
$cmd = admin_cmd::instanciate($data);
$cmd->check_remote_access($_REQUEST['secret'],$config_passwd);
//_debug_array($cmd); exit;
$success_msg = $cmd->run();
$GLOBALS['egw']->translation->convert($success_msg,$GLOBALS['egw']->translation->charset(),'utf-8');
if (!is_string($success_msg))
{
$success_msg = serialize($success_msg);
}
exit_with_status($cmd,$success_msg);
function exit_with_status($cmd,$success_msg='Successful')
{
switch($cmd->status)
{
case admin_cmd::failed: // errors are returned as 400 HTTP status
header('HTTP/1.1 200 '.$cmd->error);
echo $cmd->errno.' '.$cmd->error;
break;
default: // everything else is returned as 200 HTTP status
$success_msg = $cmd->stati[$cmd->status];
// fall through
case admin_cmd::pending:
case admin_cmd::successful:
header('HTTP/1.1 200 '.$cmd->stati[$cmd->status]);
header('Content-type: text/plain; charset=utf-8');
echo $success_msg;
}
$GLOBALS['egw']->common->egw_exit();
}