check if we have a valid template and/or theme on 17.1 update

This commit is contained in:
Ralf Becker 2018-10-02 12:42:41 +02:00
parent 4024db8353
commit 8764b72481
3 changed files with 49 additions and 2 deletions

View File

@ -405,6 +405,37 @@ function api_upgrade16_9_003()
*/
function api_upgrade16_9_004()
{
// check if we have a valid template and/or theme
Api\Preferences::change_preference('common', '/^(template_set|theme)$/', function($attr, $value, $owner, $prefs)
{
static $template_set = null;
switch ($attr)
{
case 'template_set':
if (!Api\Framework::validTemplate($value))
{
$template_set = $owner;
$value = 'pixelegg';
break;
}
$template_set = null;
break;
case 'theme':
if ($template_set == $owner ||
// check template_set, as we can not garanty calling order
!Api\Framework::validTemplate($prefs['template_set']))
{
$value = null;
}
$template_set = null;
break;
}
if ($value !== $prefs[$attr]) error_log(__FUNCTION__."('$attr', '{$prefs[$attr]}', $owner, ...) setting $attr to ".array2string($value));
return $value;
});
return $GLOBALS['setup_info']['api']['currentver'] = '17.1';
}

View File

@ -123,6 +123,22 @@ abstract class Framework extends Framework\Extra
return new $class($GLOBALS['egw_info']['server']['template_set']);
}
/**
* Check if we have a valid and installed EGroupware template
*
* Templates are installed in their own directory and contain a setup/setup.inc.php file
*
* @param string $template
* @return boolean
*/
public static function validTemplate($template)
{
return preg_match('/^[A-Z0-9_-]+$/i', $template) &&
file_exists(EGW_SERVER_ROOT.'/'.$template) &&
file_exists($file=EGW_SERVER_ROOT.'/'.$template.'/setup/setup.inc.php') &&
include_once($file) && !empty($GLOBALS['egw_info']['template'][$template]);
}
/**
* Send HTTP headers: Content-Type and Content-Security-Policy
*/

View File

@ -711,7 +711,7 @@ class Preferences
*
* @param string $app app-name or null for all apps
* @param string $name attribute name or regular expression (enclosed in /) to match attribute-name eg. '/^favorite_/'
* @param string|callable $value new value to set, or null or '' to delete it or callable returning new value: function($attr, $old_value, $owner)
* @param string|callable $value new value to set, or null or '' to delete it or callable returning new value: function($attr, $old_value, $owner, $prefs)
* @param string $old_value if given, only change if that's current value
* @param string $type if given limit to "user", "forced", "default", "group"
*/
@ -759,7 +759,7 @@ class Preferences
{
if (isset($old_value) && $prefs[$attr] != $old_value) continue;
$val = is_callable($value) ? call_user_func($value, $attr, $prefs[$attr], $row['preference_owner']) : $value;
$val = is_callable($value) ? call_user_func($value, $attr, $prefs[$attr], $row['preference_owner'], $prefs) : $value;
if ($val === $prefs[$attr]) continue;
$updated = true;