X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fpackages.inc;h=54d16abf5b4bf31cd15ff29f8b048a6acd0b9c94;hb=13fae1ba1d78cff66e326a006be2f538dd404248;hp=aa6304228e0d354ee786860c5db4942b76678278;hpb=2ae4762cbcd0479ecdf8f13317a7d76da08f114f;p=fa-stable.git diff --git a/includes/packages.inc b/includes/packages.inc index aa630422..54d16abf 100644 --- a/includes/packages.inc +++ b/includes/packages.inc @@ -11,15 +11,16 @@ ***********************************************************************/ include_once($path_to_root. "/includes/archive.inc"); include_once($path_to_root. "/includes/remote_url.inc"); +include_once($path_to_root. "/includes/hooks.inc"); define('PKG_CACHE_PATH', $path_to_root.'/modules/_cache'); define('PUBKEY_PATH', $path_to_root); -define('REPO_URL', 'http://'.$repo_auth['login'].':'.$repo_auth['pass'].'@'.$repo_auth['host'].'/'.$repo_auth['branch']); // // FrontAccounting package class // class package extends gzip_file { - function package($filename, $basedir=null) + + function __construct($filename, $basedir=null) { global $path_to_root; @@ -30,7 +31,7 @@ class package extends gzip_file { } else mkdir($basedir); } - $this->archive($filename); + parent::__construct($filename); $this->set_options(array('basedir'=> $basedir)); $this->options['type'] = "pkg"; } @@ -186,7 +187,7 @@ function get_control_file($file, $index = false) { if ($index !== true) { if ($index === false) break; if (!isset($pkg[$index])) { - display_error(_("No key field '$index' in file '$file'")); + display_error(sprintf(_("No key field '%s' in file '%s'"), $index, $file)); return null; } $repo[$pkg[$index]] = $pkg; @@ -270,32 +271,53 @@ function get_pkg_or_list($type = null, $pkgname = null, $filter=array(), $outkey global $path_to_root, $repo_auth; + $repo = (isset($repo_auth['scheme']) ? $repo_auth['scheme'] : 'http://') + .(isset($repo_auth['login']) ? $repo_auth['login'].':' : '') + .(isset($repo_auth['pass']) ? $repo_auth['pass'].'@' : '') + .(isset($repo_auth['host']) ? $repo_auth['host'].'/' : '') + .(isset($repo_auth['path']) ? $repo_auth['path'].'/' : '') + .$repo_auth['branch']; + // first download local copy of repo release file // and check remote signature with local copy of public key // $loclist = PKG_CACHE_PATH.'/Release.gz'; - + $target_dir = $download==true ? VARLIB_PATH."/" : $download; + if (isset($type) && !is_array($type)) { $type = array($type); } $refresh = true; do{ if (!file_exists($loclist)) { - url_copy(REPO_URL.'/Release.gz', $loclist); + if (!url_copy($repo.'/Release.gz', $loclist)) + { + display_error(_("Cannot download repo index file." )); + return null; + } $refresh = false; } - $sig = url_get_contents(REPO_URL.'/Release.sig'); + $sig = url_get_contents($repo.'/Release.sig'); $data = file_get_contents($loclist); $cert = file_get_contents(PUBKEY_PATH.'/FA.pem'); - if (!openssl_verify($data, $sig, $cert)) { - if ($refresh) - @unlink($loclist); - else { + if (!function_exists('openssl_verify')) { + display_error(_("OpenSSL have to be available on your server to use extension repository system.")); + return null; + } + if (openssl_verify($data, $sig, $cert) <= 0) { + if ($refresh) { + if (!@unlink($loclist)) + { + display_error(sprintf(_("Cannot delete outdated '%s' file."), $loclist)); + return null; + } + } else { display_error(_('Release file in repository is invalid, or public key is outdated.')); return null; } } else $refresh = false; + } while($refresh); $Release = get_control_file($loclist, 'Filename'); @@ -309,18 +331,24 @@ function get_pkg_or_list($type = null, $pkgname = null, $filter=array(), $outkey if ($Release[$fname]['Version'] != $repo_auth['branch']) { display_warning(_('Repository version does not match application version.')); // ? } - $remoteindex = REPO_URL.'/'.$fname; + $remoteindex = $repo.'/'.$fname; $locindex = PKG_CACHE_PATH.'/'.$fname; $refresh = true; do{ if (!file_exists($locindex)) { - url_copy($remoteindex, $locindex); + if (!url_copy($remoteindex, $locindex)) { + display_error(sprintf(_("Cannot download '%s' file." ), $fname)); + return null; + } $refresh = false; } if ($parms['SHA1sum'] != sha1_file($locindex)) { // check subdir index consistency - if ($refresh) - @unlink($locindex); - else { + if ($refresh) { + if (!@unlink($locindex)) { + display_error(sprintf(_("Cannot delete outdated '%s' file."), $locindex)); + return null; + } + } else { display_error(sprintf( _("Security alert: broken index file in repository '%s'. Please inform repository administrator about this issue."), $fname)); return null; @@ -332,7 +360,7 @@ function get_pkg_or_list($type = null, $pkgname = null, $filter=array(), $outkey // scan subdir list and select packages of given type $pkglist = get_control_file($locindex, 'Package'); foreach($pkglist as $name => $pkg) { - $pkgfullname = REPO_URL.'/'.$parms['Path']."/".$pkg['Filename'].'.pkg'; + $pkgfullname = $repo.'/'.$parms['Path']."/".$pkg['Filename'].'.pkg'; if (!isset($type) || in_array($pkg['Type'], $type)) { if (empty($filter)) $p = $pkg; @@ -349,8 +377,11 @@ function get_pkg_or_list($type = null, $pkgname = null, $filter=array(), $outkey } elseif ($pkgname == $pkg['Package']) { //download package to temp directory if ($download) { - $locname = "$path_to_root/tmp/".$pkg['Filename'].'.pkg'; - url_copy($pkgfullname, $locname); + $locname = $target_dir.$pkg['Filename'].'.pkg'; + if (!url_copy($pkgfullname, $locname)) { + display_error(sprintf(_("Cannot download '%s' file." ), $pkgfullname)); + return null; + } // checking sha1 hash is expensive proces, so chekc the package // consistency just before downloading if ($pkg['SHA1sum'] != sha1_file($locname)) { @@ -442,7 +473,8 @@ function get_languages_list() else $pkgs[$l['package']] = array_merge($pkgs[$l['package']], $l); } - ksort($pkgs); + if ($pkgs) + ksort($pkgs); return $pkgs; } //--------------------------------------------------------------------------------------- @@ -464,7 +496,7 @@ function get_extensions_list($type = null) 'Name' => 'name', 'Description' => 'Descr', 'Type' => 'type', - 'DefaultStatus'=> 'active', + 'DefaultStatus' => 'active', // 'MenuTabs' => 'tabs', // 'MenuEntries' => 'entries', 'Encoding' => 'encoding', @@ -505,7 +537,8 @@ function get_extensions_list($type = null) // else $pkgs[$ext['package']] = array_merge($pkgs[$ext['package']], $ext); } - ksort($pkgs); + if ($pkgs) + ksort($pkgs); return $pkgs; } // @@ -532,8 +565,8 @@ function get_themes_list() } } // TODO: Add other themes from themes directory - - ksort($pkgs); + if ($pkgs) + ksort($pkgs); return $pkgs; } //--------------------------------------------------------------------------------------- @@ -566,7 +599,8 @@ function get_charts_list() else $pkgs[$ext['package']] = array_merge($pkgs[$ext['package']], $ext); } - ksort($pkgs); + if ($pkgs) + ksort($pkgs); return $pkgs; } //--------------------------------------------------------------------------------------------- @@ -588,7 +622,7 @@ function install_language($pkg_name) uninstall_package($old_pkg); } - $package = new package("$path_to_root/tmp/".$pkg['Filename'].'.pkg'); + $package = new package(VARLIB_PATH."/".$pkg['Filename'].'.pkg'); if ($package->install()) { $lang = array( 'name' => $pkg['Name'], @@ -602,7 +636,7 @@ function install_language($pkg_name) $lang['rtl'] = true; $installed_languages[$i] = $lang; write_lang($installed_languages); - unlink("$path_to_root/tmp/".$pkg['Filename'].'.pkg'); + unlink(VARLIB_PATH."/".$pkg['Filename'].'.pkg'); $Ajax->activate('lang_tbl'); } else { display_error(implode('
', $package->error)); @@ -619,11 +653,11 @@ function install_language($pkg_name) // function install_extension($pkg_name) { - global $path_to_root, $installed_extensions, $next_extension_id, $Ajax; + global $path_to_root, $installed_extensions, $next_extension_id, $Ajax, $db_connections; $pkg = get_pkg_or_list(array('extension', 'theme', 'chart'), $pkg_name); if ($pkg) { - $package = new package("$path_to_root/tmp/".$pkg['Filename'].'.pkg'); + $package = new package(VARLIB_PATH."/".$pkg['Filename'].'.pkg'); $local_exts = get_company_extensions(); if ($package->install()) { $ext_id = array_search_key($pkg['Package'], $local_exts, 'package'); @@ -639,20 +673,24 @@ function install_extension($pkg_name) 'package' => $pkg['Package'], 'version' => $pkg['Version'], 'type' => $pkg['Type'], - 'active' => true, + 'active' => @$pkg['DefaultStatus'] == 'active' ? true : false, 'path' => $pkg['InstallPath'], ); -// if (isset($pkg['MenuTabs'])) -// $ext['tabs'] = $pkg['MenuTabs']; -// if (isset($pkg['MenuEntries'])) -// $ext['entries'] = $pkg['MenuEntries']; -// if (isset($pkg['AccessExtensions'])) -// $ext['acc_file'] = $pkg['AccessExtensions']; if (isset($pkg['SqlScript'])) $ext['sql'] = $pkg['SqlScript']; + $local_exts[$ext_id] = $ext; $ret = update_extensions($local_exts); - unlink("$path_to_root/tmp/".$pkg['Filename'].'.pkg'); + + if (($ext['active'] == true) && file_exists($path_to_root.'/'.$ext['path'].'/hooks.php')) + { + // we need to include the new hooks file to activate extension + include_once($path_to_root.'/'.$ext['path'].'/hooks.php'); + foreach($db_connections as $comp => $db) + activate_hooks($ext['package'], $comp); + } + + unlink(VARLIB_PATH."/".$pkg['Filename'].'.pkg'); $Ajax->activate('ext_tbl'); return $ret; } else { @@ -689,4 +727,20 @@ function get_package_info($pkg, $type=null, $filter=array(), $outkey=null, $down return get_pkg_or_list($type, $pkg, $filter, null, false); } -?> \ No newline at end of file +/* + Check basic extension source compatibility. +*/ +function check_src_ext_version($ext_v) +{ + global $src_version; + if ($ext_v != '-') { + $compat_levels = 2; // current policy is keeping compatibility on major version level. + $app = explode('.', substr($src_version, 0, strspn($src_version, "0123456789."))); + $pkg = explode('.', substr($ext_v, 0, strspn($ext_v, "0123456789."))); + + for ($i=0; $i < min($compat_levels, count($app)); $i++) + if ($pkg[$i] < $app[$i]) + return false; + } + return true; +}