From 8764b72481fbabdd5bd3d2bc21aa0b4c966ba940 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Tue, 2 Oct 2018 12:42:41 +0200 Subject: [PATCH] check if we have a valid template and/or theme on 17.1 update --- api/setup/tables_update.inc.php | 31 +++++++++++++++++++++++++++++++ api/src/Framework.php | 16 ++++++++++++++++ api/src/Preferences.php | 4 ++-- 3 files changed, 49 insertions(+), 2 deletions(-) diff --git a/api/setup/tables_update.inc.php b/api/setup/tables_update.inc.php index eeb7639a89..8513561fa3 100644 --- a/api/setup/tables_update.inc.php +++ b/api/setup/tables_update.inc.php @@ -405,6 +405,37 @@ function api_upgrade16_9_003() */ function api_upgrade16_9_004() { + // check if we have a valid template and/or theme + Api\Preferences::change_preference('common', '/^(template_set|theme)$/', function($attr, $value, $owner, $prefs) + { + static $template_set = null; + + switch ($attr) + { + case 'template_set': + if (!Api\Framework::validTemplate($value)) + { + $template_set = $owner; + $value = 'pixelegg'; + break; + } + $template_set = null; + break; + + case 'theme': + if ($template_set == $owner || + // check template_set, as we can not garanty calling order + !Api\Framework::validTemplate($prefs['template_set'])) + { + $value = null; + } + $template_set = null; + break; + } + if ($value !== $prefs[$attr]) error_log(__FUNCTION__."('$attr', '{$prefs[$attr]}', $owner, ...) setting $attr to ".array2string($value)); + return $value; + }); + return $GLOBALS['setup_info']['api']['currentver'] = '17.1'; } diff --git a/api/src/Framework.php b/api/src/Framework.php index 1a3672c3a5..5d270d075c 100644 --- a/api/src/Framework.php +++ b/api/src/Framework.php @@ -123,6 +123,22 @@ abstract class Framework extends Framework\Extra return new $class($GLOBALS['egw_info']['server']['template_set']); } + /** + * Check if we have a valid and installed EGroupware template + * + * Templates are installed in their own directory and contain a setup/setup.inc.php file + * + * @param string $template + * @return boolean + */ + public static function validTemplate($template) + { + return preg_match('/^[A-Z0-9_-]+$/i', $template) && + file_exists(EGW_SERVER_ROOT.'/'.$template) && + file_exists($file=EGW_SERVER_ROOT.'/'.$template.'/setup/setup.inc.php') && + include_once($file) && !empty($GLOBALS['egw_info']['template'][$template]); + } + /** * Send HTTP headers: Content-Type and Content-Security-Policy */ diff --git a/api/src/Preferences.php b/api/src/Preferences.php index 7dfaac0447..b86810bc33 100644 --- a/api/src/Preferences.php +++ b/api/src/Preferences.php @@ -711,7 +711,7 @@ class Preferences * * @param string $app app-name or null for all apps * @param string $name attribute name or regular expression (enclosed in /) to match attribute-name eg. '/^favorite_/' - * @param string|callable $value new value to set, or null or '' to delete it or callable returning new value: function($attr, $old_value, $owner) + * @param string|callable $value new value to set, or null or '' to delete it or callable returning new value: function($attr, $old_value, $owner, $prefs) * @param string $old_value if given, only change if that's current value * @param string $type if given limit to "user", "forced", "default", "group" */ @@ -759,7 +759,7 @@ class Preferences { if (isset($old_value) && $prefs[$attr] != $old_value) continue; - $val = is_callable($value) ? call_user_func($value, $attr, $prefs[$attr], $row['preference_owner']) : $value; + $val = is_callable($value) ? call_user_func($value, $attr, $prefs[$attr], $row['preference_owner'], $prefs) : $value; if ($val === $prefs[$attr]) continue; $updated = true;