From 446a2e1de84e5ad52cfb14d7228744ea5f6ec002 Mon Sep 17 00:00:00 2001 From: Pierre-Henry Soria Date: Sun, 5 Jun 2022 15:49:10 +0930 Subject: [PATCH 01/12] GH-1004 Add strict types --- .../core/assets/file/UpgradeCoreFile.php | 161 ++++++++---------- 1 file changed, 69 insertions(+), 92 deletions(-) diff --git a/_protected/app/system/core/assets/file/UpgradeCoreFile.php b/_protected/app/system/core/assets/file/UpgradeCoreFile.php index b4f6bd1f81..528c922731 100755 --- a/_protected/app/system/core/assets/file/UpgradeCoreFile.php +++ b/_protected/app/system/core/assets/file/UpgradeCoreFile.php @@ -1,15 +1,16 @@ - * @copyright (c) 2012-2019, Pierre-Henry Soria. All Rights Reserved. + * @copyright (c) 2012-2022, Pierre-Henry Soria. All Rights Reserved. * @license MIT License; See PH7.LICENSE.txt and PH7.COPYRIGHT.txt in the root directory. * @package PH7 / App / System / Core / Asset / File * @version 1.8 */ +declare(strict_types=1); + namespace PH7; defined('PH7') or exit('Restricted access'); @@ -33,64 +34,54 @@ class UpgradeCore /** * Remote update URL. */ - const REMOTE_URL = 'https://update.ph7builder.com/'; - const ARCHIVE_EXT = '.zip'; - const MIN_SQL_FILE_SIZE = 12; // Size in bytes + private const REMOTE_URL = 'https://update.ph7builder.com/'; + private const ARCHIVE_EXT = '.zip'; + private const MIN_SQL_FILE_SIZE = 12; // Size in bytes /** * Internal update folders. * * @internal For better compatibility with Windows, we didn't put a slash at the end of the directory constants. */ - const DIR = 'upgrade'; - const FILE_DIR = 'file'; - const DATA_DIR = 'data'; - const SQL_DIR = 'sql'; - const INFO_DIR = 'info'; - - const INST_INTRO_FILE = 'introduction'; - const INST_CONCL_FILE = 'conclusion'; - const UPGRADE_FILE = 'upgrade.sql'; - const VERSION_LIST_FILE = 'all_versions.txt'; - const VERSION_FILE = 'Version.class.php'; + private const DIR = 'upgrade'; + private const FILE_DIR = 'file'; + private const DATA_DIR = 'data'; + private const SQL_DIR = 'sql'; + private const INFO_DIR = 'info'; + + private const INST_INTRO_FILE = 'introduction'; + private const INST_CONCL_FILE = 'conclusion'; + private const UPGRADE_FILE = 'upgrade.sql'; + private const VERSION_LIST_FILE = 'all_versions.txt'; + private const VERSION_FILE = 'Version.class.php'; // Use UNIX wildcard to be able to select only the sub-directories present in "public/" - const PUBLIC_DIR = 'public/*'; + private const PUBLIC_DIR = 'public/*'; // Use UNIX wildcard to be able to select only the sub-directories present in "protected/" - const PROTECTED_DIR = 'protected/*'; + private const PROTECTED_DIR = 'protected/*'; - /** @var Http */ - private $oHttpRequest; + private Http $oHttpRequest; - /** @var F\File */ - private $oFile; + private F\File $oFile; - /** @var Config */ - private $oConfig; + private Config $oConfig; - /** @var string */ - private $sHtml; + private string $sHtml; - private $sUpgradesDirUpgradeFolder; + private string $sUpgradesDirUpgradeFolder; - /** @var string */ - private $sVerName; + private string $sVerName; - /** @var string */ - private $sVerNumber; + private string $sVerNumber; - /** @var int */ - private $iVerBuild; + private int $sVerBuild; - /** @var bool */ - private $bAutoRemoveUpgradeDir = false; + private bool $bAutoRemoveUpgradeDir = false; - /** @var bool */ - private $bUpgradePatchAvailable = false; + private bool $bUpgradePatchAvailable = false; - /** @var array */ - private $aErrors = []; + private array $aErrors = []; public function __construct() { @@ -106,10 +97,8 @@ public function __construct() /** * Output the HTML layout of the upgrade wizard. - * - * @return void */ - public function display() + public function display(): void { echo '', t('Upgrade %software_name% | Version %0%', $this->sVerNumber), '
'; echo $this->sHtml; @@ -120,7 +109,7 @@ public function display() /** * @return array Returns all version numbers. */ - public function getVersions() + public function getVersions(): array { return (array)file(static::REMOTE_URL . static::VERSION_LIST_FILE); } @@ -128,21 +117,21 @@ public function getVersions() /** * Checks and returns the correct needed version for the current pH7Builder installation. * - * @return string|bool The version needed number for the current pH7Builder installation. + * @return string The version needed number for the current pH7Builder installation. */ - public function getNextVersion() + public function getNextVersion(): string { $aVersions = $this->getVersions(); if ($iKey = array_search(Kernel::SOFTWARE_VERSION, $aVersions, true)) { - return $aVersions[$iKey + 1]; + return (string)$aVersions[$iKey + 1]; } // If no next version is found, just returns the current one. return Kernel::SOFTWARE_VERSION; } - private function prepare() + private function prepare(): void { if (!AdminCore::auth()) { // Checking if the administrator is logged in @@ -166,19 +155,19 @@ private function prepare() $this->readConfig(); - $sVerName = $this->oConfig->values['upgrade.version']['name']; - $sVerNumber = $this->oConfig->values['upgrade.version']['number']; - $iVerBuild = $this->oConfig->values['upgrade.version']['build']; + $sVerName = (string)$this->oConfig->values['upgrade.version']['name']; + $sVerNumber = (string)$this->oConfig->values['upgrade.version']['number']; + $sVerBuild = (string)$this->oConfig->values['upgrade.version']['build']; $sDesc = $this->oConfig->values['upgrade.information']['description']; if ($this->isValidUpgradeFolder($this->sUpgradesDirUpgradeFolder)) { - $bIsValidVer = $this->isValidVersion($sVerName, $sVerNumber, $iVerBuild); + $bIsValidVer = $this->isValidVersion($sVerName, $sVerNumber, $sVerBuild); if ($bIsValidVer) { $this->bUpgradePatchAvailable = true; - $this->sHtml .= '

' . t('Version Name: %0%, Version Number: %1%, Version Build: %2%', $sVerName, $sVerNumber, $iVerBuild) . '

'; + $this->sHtml .= '

' . t('Version Name: %0%, Version Number: %1%, Version Build: %2%', $sVerName, $sVerNumber, $sVerBuild) . '

'; - $sMsg = t('Upgrade %software_version_name% %software_version% Build %software_build% to version %0%', '' . $sVerName . ' ' . $sVerNumber . ' Build ' . $iVerBuild . ''); + $sMsg = t('Upgrade %software_version_name% %software_version% Build %software_build% to version %0%', '' . $sVerName . ' ' . $sVerNumber . ' Build ' . $sVerBuild . ''); $this->sHtml .= ''; $this->sHtml .= '

' . t('Description of the upgrade patch:') . '

'; @@ -257,7 +246,7 @@ private function prepare() } } - private function run() + private function run(): void { $this->file(); $this->sql(); @@ -265,31 +254,33 @@ private function run() $this->clearAllCacheFolders(); } - private function file() + private function file(): void { $this->copyPublicPathToRoot(); $this->copyProtectedPathToRoot(); } - private function copyPublicPathToRoot() + private function copyPublicPathToRoot(): void { $sPathPublicDir = PH7_PATH_REPOSITORY . static::DIR . PH7_DS . $this->sUpgradesDirUpgradeFolder . static::DATA_DIR . PH7_DS . static::FILE_DIR . PH7_DS . static::PUBLIC_DIR; + if (is_dir($this->oFile->removeWildcards($sPathPublicDir))) { $this->oFile->systemCopy($sPathPublicDir, PH7_PATH_ROOT); $this->oFile->chmod(PH7_PATH_ROOT, Chmod::MODE_ALL_EXEC); } } - private function copyProtectedPathToRoot() + private function copyProtectedPathToRoot(): void { $sPathProtectedDir = PH7_PATH_REPOSITORY . static::DIR . PH7_DS . $this->sUpgradesDirUpgradeFolder . static::DATA_DIR . PH7_DS . static::FILE_DIR . PH7_DS . static::PROTECTED_DIR; + if (is_dir($this->oFile->removeWildcards($sPathProtectedDir))) { $this->oFile->systemCopy($sPathProtectedDir, PH7_PATH_PROTECTED); $this->oFile->chmod(PH7_PATH_PROTECTED, Chmod::MODE_ALL_EXEC); } } - private function sql() + private function sql(): void { $sFullPath = PH7_PATH_REPOSITORY . static::DIR . PH7_DS . $this->sUpgradesDirUpgradeFolder . static::DATA_DIR . PH7_DS . static::SQL_DIR . PH7_DS . $this->oConfig->values['database']['type_name'] . PH7_DS . static::UPGRADE_FILE; @@ -302,7 +293,7 @@ private function sql() } } - private function check() + private function check(): void { if (!AdminCore::auth()) { // Recheck if the administrator is still logged in @@ -332,10 +323,8 @@ private function check() * Download the new version patches from pH7Builder remote server to the client server. * Then, extract the file to "_repository/upgrade/" directory to set it as available for the next update. * Then, remove zip archive file, as we don't need it anymore. - * - * @param string $sNewVersion Version number (e.g. "1.3.6") */ - private function download($sNewVersion) + private function download(string $sNewVersion): void { $sZipFileName = $sNewVersion . self::ARCHIVE_EXT; $sDestinationPath = PH7_PATH_REPOSITORY . static::DIR . PH7_DS; @@ -348,20 +337,16 @@ private function download($sNewVersion) /** * Check if error is found. - * - * @return bool */ - private function hasErrors() + private function hasErrors(): bool { return !empty($this->aErrors); } /** * Assign the error messages to the current HTML code. - * - * @return void */ - private function addErrorMessagesToLayout() + private function addErrorMessagesToLayout(): void { $iErrors = count($this->aErrors); @@ -379,7 +364,7 @@ private function addErrorMessagesToLayout() * * @return bool Returns TRUE if it is correct, FALSE otherwise. */ - private function isValidUpgradeFolder($sFolder) + private function isValidUpgradeFolder(string $sFolder): bool { $sFullPath = PH7_PATH_REPOSITORY . static::DIR . PH7_DS . $sFolder; @@ -391,9 +376,9 @@ private function isValidUpgradeFolder($sFolder) * * @return array Returns the upgrade folders. */ - private function readUpgrades() + private function readUpgrades(): array { - return $this->oFile->readDirs(PH7_PATH_REPOSITORY . static::DIR . PH7_DS); + return (array)$this->oFile->readDirs(PH7_PATH_REPOSITORY . static::DIR . PH7_DS); } /** @@ -401,15 +386,12 @@ private function readUpgrades() * * @return bool Returns TRUE If the folder has been deleted, FALSE otherwise. */ - private function removeUpgradeDir() + private function removeUpgradeDir(): bool { return $this->oFile->deleteDir(PH7_PATH_REPOSITORY . static::DIR . PH7_DS . $this->sUpgradesDirUpgradeFolder); } - /** - * @return array - */ - private function getAvailableUpgrades() + private function getAvailableUpgrades(): array { $aFolders = []; @@ -422,10 +404,8 @@ private function getAvailableUpgrades() /** * Set new version to the Version, kernel constants. - * - * @return void */ - private function setNewVersionToKernel() + private function setNewVersionToKernel(): void { $sVersionPathFile = PH7_PATH_FRAMEWORK . 'Security/' . self::VERSION_FILE; $sContents = $this->oFile->getFile($sVersionPathFile); @@ -450,11 +430,11 @@ private function setNewVersionToKernel() * * @param string $sName Name of the version. e.g., pOH * @param string $sNumber Number of the version. e.g., 2.1.4 - * @param int $iBuild Number of the version build. e.g., 1 + * @param string $sBuild Number of the version build. e.g., 1 * * @return bool Returns TRUE if the version name is correct, FALSE otherwise. */ - private function isValidVersion($sName, $sNumber, $iBuild) + private function isValidVersion(string $sName, string $sNumber, string $sBuild): bool { if (!is_string($sName) || !preg_match('#^' . Version::VERSION_PATTERN . '$#', $sNumber)) { return false; @@ -465,7 +445,7 @@ private function isValidVersion($sName, $sNumber, $iBuild) } if (version_compare($sNumber, Kernel::SOFTWARE_VERSION, '==')) { - return version_compare($iBuild, Kernel::SOFTWARE_BUILD, '>'); + return version_compare($sBuild, Kernel::SOFTWARE_BUILD, '>'); } else { if (version_compare($sNumber, Kernel::SOFTWARE_VERSION, '>')) { return true; @@ -477,10 +457,8 @@ private function isValidVersion($sName, $sNumber, $iBuild) /** * Get the version upgrade in the config.ini file. - * - * @return bool */ - private function readConfig() + private function readConfig(): bool { return $this->oConfig->load(PH7_PATH_REPOSITORY . static::DIR . PH7_DS . $this->sUpgradesDirUpgradeFolder . static::INFO_DIR . PH7_DS . PH7_CONFIG_FILE); } @@ -492,10 +470,12 @@ private function readConfig() * * @return string|bool Returns "false" if the file does not exist or if it fails, otherwise returns the "file contents" */ - private function readInstruction($sInstFile) + private function readInstruction(string $sInstFile) { try { - return F\Import::file(PH7_PATH_REPOSITORY . static::DIR . PH7_DS . $this->sUpgradesDirUpgradeFolder . static::INFO_DIR . PH7_DS . $sInstFile); + return F\Import::file( + PH7_PATH_REPOSITORY . static::DIR . PH7_DS . $this->sUpgradesDirUpgradeFolder . static::INFO_DIR . PH7_DS . $sInstFile + ); } catch (F\IOException $oExcept) { return '

' . t('Instruction file not found!') . '

'; } @@ -506,7 +486,7 @@ private function readInstruction($sInstFile) * * Quite often, the changes from newer versions can break the website if older data are still saved in cache. */ - private function clearAllCacheFolders() + private function clearAllCacheFolders(): void { $aCacheFolders = [ PH7_PATH_CACHE . Cache::CACHE_DIR, @@ -520,10 +500,7 @@ private function clearAllCacheFolders() } } - /** - * @return bool - */ - private function isUpgradeRequested() + private function isUpgradeRequested(): bool { return $this->oHttpRequest->postExists('submit_upgrade'); } From fd2e24a68e34d96b931b6d449930188f46ce06d4 Mon Sep 17 00:00:00 2001 From: Pierre-Henry Soria Date: Sun, 5 Jun 2022 21:48:21 +0930 Subject: [PATCH 02/12] Make the Upgrade Wizard directly available For when a new release is available :) --- _protected/app/langs/en_US/LC_MESSAGES/global.po | 4 ++-- .../system/modules/admin123/controllers/MainController.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/_protected/app/langs/en_US/LC_MESSAGES/global.po b/_protected/app/langs/en_US/LC_MESSAGES/global.po index b9f26fdb16..555c6d9f6c 100644 --- a/_protected/app/langs/en_US/LC_MESSAGES/global.po +++ b/_protected/app/langs/en_US/LC_MESSAGES/global.po @@ -1864,11 +1864,11 @@ msgid "🍰 A New Release msgstr "" #: _protected/app/system/modules/admin123/controllers/MainController.php:334 -msgid "%software_name% %0% is available! Please update it today to keep your site safe and stable." +msgid "%software_name% %0% is available! Update it today to keep your site safe and stable." msgstr "" #: _protected/app/system/modules/admin123/controllers/MainController.php:336 -msgid "Read this to learn how to upgrade your site, step-by-step. Once you follow the steps, run the upgrade wizard here." +msgid "👉 Run the upgrade wizard." msgstr "" #: _protected/app/system/modules/admin123/controllers/ModeratorController.php:54 diff --git a/_protected/app/system/modules/admin123/controllers/MainController.php b/_protected/app/system/modules/admin123/controllers/MainController.php index c227a8893b..11c60e9fd9 100755 --- a/_protected/app/system/modules/admin123/controllers/MainController.php +++ b/_protected/app/system/modules/admin123/controllers/MainController.php @@ -322,9 +322,9 @@ protected function checkUpdates(): void $sLatestVer = t('%0%, build %1%', $aLatestVerInfo['version'], $aLatestVerInfo['build']); $sMsg = '

' . t('🍰 A New Release 🎁 just for YOU! 😍', Kernel::SOFTWARE_RELEASE_URL) . '

'; - $sMsg .= t('%software_name% %0% is available! Please update it today to keep your site safe and stable.', $sLatestVer); + $sMsg .= t('%software_name% %0% is available! Update it today to keep your site safe and stable.', $sLatestVer); $sMsg .= '

'; - $sMsg .= t('Read this to learn how to upgrade your site, step-by-step. Once you follow the steps, run the upgrade wizard here.', Version::UPGRADE_DOC_URL, PH7_URL_ROOT . 'asset/file/Upgrade'); + $sMsg .= t('👉 Run the upgrade wizard.', PH7_URL_ROOT . 'asset/file/Upgrade'); $this->design->setMessage($sMsg); } From d4d2809bd579211426854e90dca68612ff7b8b21 Mon Sep 17 00:00:00 2001 From: Pierre-Henry Soria Date: Sun, 5 Jun 2022 22:03:28 +0930 Subject: [PATCH 03/12] Fix invalid URL anchor --- _protected/app/langs/en_US/LC_MESSAGES/global.po | 2 +- .../app/system/modules/admin123/controllers/MainController.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/_protected/app/langs/en_US/LC_MESSAGES/global.po b/_protected/app/langs/en_US/LC_MESSAGES/global.po index 555c6d9f6c..b60347e36e 100644 --- a/_protected/app/langs/en_US/LC_MESSAGES/global.po +++ b/_protected/app/langs/en_US/LC_MESSAGES/global.po @@ -1868,7 +1868,7 @@ msgid "%software_name% %0% is available! Update it today to kee msgstr "" #: _protected/app/system/modules/admin123/controllers/MainController.php:336 -msgid "👉 Run the upgrade wizard." +msgid "👉 Run the upgrade wizard 👈" msgstr "" #: _protected/app/system/modules/admin123/controllers/ModeratorController.php:54 diff --git a/_protected/app/system/modules/admin123/controllers/MainController.php b/_protected/app/system/modules/admin123/controllers/MainController.php index 11c60e9fd9..e0099e542f 100755 --- a/_protected/app/system/modules/admin123/controllers/MainController.php +++ b/_protected/app/system/modules/admin123/controllers/MainController.php @@ -324,7 +324,7 @@ protected function checkUpdates(): void $sMsg = '

' . t('🍰 A New Release 🎁 just for YOU! 😍', Kernel::SOFTWARE_RELEASE_URL) . '

'; $sMsg .= t('%software_name% %0% is available! Update it today to keep your site safe and stable.', $sLatestVer); $sMsg .= '

'; - $sMsg .= t('👉 Run the upgrade wizard.', PH7_URL_ROOT . 'asset/file/Upgrade'); + $sMsg .= t('👉 Run the upgrade wizard 👈', PH7_URL_ROOT . 'asset/file/Upgrade'); $this->design->setMessage($sMsg); } From 252269287676052c3f3cc52733813c30d1712b5c Mon Sep 17 00:00:00 2001 From: Pierre-Henry Soria Date: Sun, 5 Jun 2022 22:07:43 +0930 Subject: [PATCH 04/12] Fix typos in commments --- _protected/app/system/core/assets/file/UpgradeCoreFile.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/_protected/app/system/core/assets/file/UpgradeCoreFile.php b/_protected/app/system/core/assets/file/UpgradeCoreFile.php index 528c922731..2f1d88ba02 100755 --- a/_protected/app/system/core/assets/file/UpgradeCoreFile.php +++ b/_protected/app/system/core/assets/file/UpgradeCoreFile.php @@ -116,8 +116,9 @@ public function getVersions(): array /** * Checks and returns the correct needed version for the current pH7Builder installation. + * It will look at the next release version after the one currently installed. * - * @return string The version needed number for the current pH7Builder installation. + * @return string The needed version number for the current pH7Builder installation. */ public function getNextVersion(): string { @@ -127,7 +128,7 @@ public function getNextVersion(): string return (string)$aVersions[$iKey + 1]; } - // If no next version is found, just returns the current one. + // If no next version is found, just returns the current one return Kernel::SOFTWARE_VERSION; } From 832908082fbf7d1f68f4aa595d240deb55e413c3 Mon Sep 17 00:00:00 2001 From: Pierre-Henry Soria Date: Sun, 5 Jun 2022 22:08:34 +0930 Subject: [PATCH 05/12] UpgradeCoreFile got changes (it deserves a v2.0 :)) --- _protected/app/system/core/assets/file/UpgradeCoreFile.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_protected/app/system/core/assets/file/UpgradeCoreFile.php b/_protected/app/system/core/assets/file/UpgradeCoreFile.php index 2f1d88ba02..2d1984ba04 100755 --- a/_protected/app/system/core/assets/file/UpgradeCoreFile.php +++ b/_protected/app/system/core/assets/file/UpgradeCoreFile.php @@ -6,7 +6,7 @@ * @copyright (c) 2012-2022, Pierre-Henry Soria. All Rights Reserved. * @license MIT License; See PH7.LICENSE.txt and PH7.COPYRIGHT.txt in the root directory. * @package PH7 / App / System / Core / Asset / File - * @version 1.8 + * @version 2.0 */ declare(strict_types=1); From 89416598b0ae9894cffae7229ed37ddc259ad918 Mon Sep 17 00:00:00 2001 From: Pierre-Henry Soria Date: Sun, 5 Jun 2022 22:19:28 +0930 Subject: [PATCH 06/12] Disable max script execution time So, we now allow infinite time of execution (can still be disabled later :-)) --- _protected/app/system/core/assets/file/UpgradeCoreFile.php | 1 + 1 file changed, 1 insertion(+) diff --git a/_protected/app/system/core/assets/file/UpgradeCoreFile.php b/_protected/app/system/core/assets/file/UpgradeCoreFile.php index 2d1984ba04..8a1c6834fa 100755 --- a/_protected/app/system/core/assets/file/UpgradeCoreFile.php +++ b/_protected/app/system/core/assets/file/UpgradeCoreFile.php @@ -27,6 +27,7 @@ use PH7\Framework\Security\Version; @set_time_limit(0); +@ini_set('max_execution_time','0'); // Infinite time of execution @ini_set('memory_limit', '528M'); class UpgradeCore From 07a3e17ee7cd41bf9ee07cbecce81e8dda3155d6 Mon Sep 17 00:00:00 2001 From: Pierre-Henry Soria Date: Sun, 5 Jun 2022 22:44:01 +0930 Subject: [PATCH 07/12] FIX: GitHub URL with `-` was causing issue with `Design::message()` --- _protected/framework/Core/Kernel.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_protected/framework/Core/Kernel.class.php b/_protected/framework/Core/Kernel.class.php index dceaac1d0d..f9fed89c5d 100644 --- a/_protected/framework/Core/Kernel.class.php +++ b/_protected/framework/Core/Kernel.class.php @@ -28,7 +28,7 @@ abstract class Kernel const SOFTWARE_GIT_REPO_URL = 'https://github.com/pH7Software/pH7-Social-Dating-CMS'; const SOFTWARE_ISSUE_URL = self::SOFTWARE_GIT_REPO_URL . '/issues'; const SOFTWARE_DISCUSSION_URL = self::SOFTWARE_GIT_REPO_URL . '/discussions'; - const SOFTWARE_RELEASE_URL = self::SOFTWARE_GIT_REPO_URL . '/releases'; + const SOFTWARE_RELEASE_URL = self::SOFTWARE_WEBSITE . '/releases'; const SOFTWARE_REVIEW_URL = 'https://sourceforge.net/projects/ph7socialdating/reviews/'; const PATREON_URL = 'https://www.patreon.com/bePatron?u=3534366'; const BUYMEACOFFEE_URL = 'https://www.buymeacoffee.com/ph7cms'; From 5f2bc215075b0ebb94eb3b8b74c898710bbe0d7d Mon Sep 17 00:00:00 2001 From: Pierre-Henry Soria Date: Mon, 6 Jun 2022 14:14:34 +0930 Subject: [PATCH 08/12] Add docBlock with further info --- _protected/framework/Config/Config.class.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/_protected/framework/Config/Config.class.php b/_protected/framework/Config/Config.class.php index d9b4c415fd..739ca59fa1 100755 --- a/_protected/framework/Config/Config.class.php +++ b/_protected/framework/Config/Config.class.php @@ -159,6 +159,11 @@ private function read(): void define('PH7_DEFAULT_LANG', $this->values['application']['default_lang']); } + /** + * @param string $sFile The ini config file to parse. + * + * @return array|bool The file settings as associative array on success, FALSE otherwise. + */ private function parseIniFile(string $sFile) { return parse_ini_file($sFile, true, INI_SCANNER_TYPED); From b870fc3debfa148ab635160d21f72f11c92a6463 Mon Sep 17 00:00:00 2001 From: Pierre-Henry Soria Date: Tue, 7 Jun 2022 14:44:02 +0930 Subject: [PATCH 09/12] Update email address to ph7builder.com domain --- _tests/Unit/requirements_check.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_tests/Unit/requirements_check.inc.php b/_tests/Unit/requirements_check.inc.php index 9b93e896b6..543629f285 100644 --- a/_tests/Unit/requirements_check.inc.php +++ b/_tests/Unit/requirements_check.inc.php @@ -1,6 +1,6 @@ + * @author Pierre-Henry Soria * @copyright (c) 2021-2022, Pierre-Henry Soria. All Rights Reserved. * @license MIT License; See PH7.LICENSE.txt and PH7.COPYRIGHT.txt in the root directory. * @package PH7 / Test / Unit From 8f6e84a424d613ae8fc9de5f3c302ba6a53c1a94 Mon Sep 17 00:00:00 2001 From: Pierre-Henry Soria Date: Tue, 7 Jun 2022 14:45:21 +0930 Subject: [PATCH 10/12] Implement checksum feature when downloading upgrade patch --- .../core/assets/file/UpgradeCoreFile.php | 39 +++++++++++++++---- _protected/framework/File/File.class.php | 7 +--- 2 files changed, 34 insertions(+), 12 deletions(-) diff --git a/_protected/app/system/core/assets/file/UpgradeCoreFile.php b/_protected/app/system/core/assets/file/UpgradeCoreFile.php index 72d21a1c5b..cddb598b47 100755 --- a/_protected/app/system/core/assets/file/UpgradeCoreFile.php +++ b/_protected/app/system/core/assets/file/UpgradeCoreFile.php @@ -135,15 +135,19 @@ public function getNextVersion(): string private function prepare(): void { - if (!AdminCore::auth()) { - // Checking if the administrator is logged in + // Checking if the administrator is logged in + if (AdminCore::auth()) { + // Download the next upgrade patch to "~/_repository/" folder + $sNextVersion = $this->getNextVersion(); + + if (!$this->download($sNextVersion)) { + $this->aErrors[] = t("Couldn't properly download the patch zip archive. Please try again later on."); + } + } else { $this->aErrors[] = t('You must be logged in as administrator to upgrade your site.'); } if (!$this->hasErrors()) { - // Download the next upgrade patch to "~/_repository/" folder - $this->download($this->getNextVersion()); - $aAvailableUpgrades = $this->getAvailableUpgrades(); if (empty($aAvailableUpgrades)) { $this->sHtml .= '

' . t('No upgrade patches available for %software_name%.') . '

'; @@ -326,15 +330,28 @@ private function check(): void * Then, extract the file to "_repository/upgrade/" directory to set it as available for the next update. * Then, remove zip archive file, as we don't need it anymore. */ - private function download(string $sNewVersion): void + private function download(string $sNewVersion): bool { $sZipFileName = $sNewVersion . self::ARCHIVE_EXT; $sDestinationPath = PH7_PATH_REPOSITORY . static::DIR . PH7_DS; $rFile = $this->oFile->getUrlContents(self::REMOTE_URL . $sZipFileName); $this->oFile->putFile(PH7_PATH_REPOSITORY . PH7_TMP . $sZipFileName, $rFile); - $this->oFile->zipExtract(PH7_PATH_REPOSITORY . PH7_TMP . $sZipFileName, $sDestinationPath); + + // TODO Need to retrieve the valid checksum of each release from the remote server, where it gives these details + $sRemoveChecksumPatch = md5_file(PH7_PATH_REPOSITORY . PH7_TMP . $sZipFileName); + + if (!$this->isPatchChecksumLegit(PH7_PATH_REPOSITORY . PH7_TMP . $sZipFileName, $sRemoveChecksumPatch)) { + $bStatus = false; + } else { + // Extract zip archive + $bStatus = $this->oFile->zipExtract(PH7_PATH_REPOSITORY . PH7_TMP . $sZipFileName, $sDestinationPath); + } + + // Delete zip archive $this->oFile->deleteFile(PH7_PATH_REPOSITORY . PH7_TMP . $sZipFileName); + + return $bStatus; } /** @@ -506,6 +523,14 @@ private function isUpgradeRequested(): bool { return $this->oHttpRequest->postExists('submit_upgrade'); } + + /** + * Checks the checksum of the downloaded zip archive to be sure of its integrity and authenticity before proceeding to the upgrade with the patch file. + */ + private function isPatchChecksumLegit(string $sZipFilePath, string $sValidChecksum): bool + { + return md5_file($sZipFilePath) === $sValidChecksum; + } } (new UpgradeCore)->display(); diff --git a/_protected/framework/File/File.class.php b/_protected/framework/File/File.class.php index 98965c060f..ec40297152 100755 --- a/_protected/framework/File/File.class.php +++ b/_protected/framework/File/File.class.php @@ -1,10 +1,9 @@ - * @copyright (c) 2012-2020, Pierre-Henry Soria. All Rights Reserved. + * @copyright (c) 2012-2022, Pierre-Henry Soria. All Rights Reserved. * @license MIT License; See PH7.LICENSE.txt and PH7.COPYRIGHT.txt in the root directory. * @package PH7 / Framework / File */ @@ -766,10 +765,8 @@ public function getUrlContents($sUrl) * * @param string $sFile Zip file. * @param string $sDir Destination to extract the file. - * - * @return bool */ - public function zipExtract($sFile, $sDir) + public function zipExtract($sFile, $sDir): bool { $oZip = new ZipArchive; $mRes = $oZip->open($sFile); From da10deb2437a3dd6b7e2f198c2788082d446422c Mon Sep 17 00:00:00 2001 From: Pierre-Henry Soria Date: Wed, 8 Jun 2022 06:59:24 +0930 Subject: [PATCH 11/12] Cleanup #1004 Simplify conditions Follow the guard clauses approach https://github.com/pH-7/GoodJsCode#guard-clauses-approach --- .../app/system/core/assets/file/UpgradeCoreFile.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/_protected/app/system/core/assets/file/UpgradeCoreFile.php b/_protected/app/system/core/assets/file/UpgradeCoreFile.php index cddb598b47..6e4c7316d3 100755 --- a/_protected/app/system/core/assets/file/UpgradeCoreFile.php +++ b/_protected/app/system/core/assets/file/UpgradeCoreFile.php @@ -465,10 +465,10 @@ private function isValidVersion(string $sName, string $sNumber, string $sBuild): if (version_compare($sNumber, Kernel::SOFTWARE_VERSION, '==')) { return version_compare($sBuild, Kernel::SOFTWARE_BUILD, '>'); - } else { - if (version_compare($sNumber, Kernel::SOFTWARE_VERSION, '>')) { - return true; - } + } + + if (version_compare($sNumber, Kernel::SOFTWARE_VERSION, '>')) { + return true; } return false; From ac31e0f8be76c65f9ad45ff502ad7bc3c6257242 Mon Sep 17 00:00:00 2001 From: Pierre-Henry Soria Date: Sat, 11 Jun 2022 12:30:32 +0930 Subject: [PATCH 12/12] PSR-2; Needs space after comma in function call --- _protected/app/system/core/assets/file/UpgradeCoreFile.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_protected/app/system/core/assets/file/UpgradeCoreFile.php b/_protected/app/system/core/assets/file/UpgradeCoreFile.php index 6e4c7316d3..da970393b6 100755 --- a/_protected/app/system/core/assets/file/UpgradeCoreFile.php +++ b/_protected/app/system/core/assets/file/UpgradeCoreFile.php @@ -27,7 +27,7 @@ use PH7\Framework\Security\Version; @set_time_limit(0); -@ini_set('max_execution_time','0'); // Infinite time of execution +@ini_set('max_execution_time', '0'); // Infinite time of execution @ini_set('memory_limit', '528M'); class UpgradeCore