From bb853ec32133da0147618382c031cd09e4512c50 Mon Sep 17 00:00:00 2001 From: Anika Henke Date: Sun, 8 Jul 2012 13:10:08 +0100 Subject: added farms to the core * extracted most farm code into inc/farm.php * by default farm.php is nowhere included * added preload.php.dist as an example farm setup * farm.php can be included in preload.php to activate farming --- inc/farm.php | 141 +++++++++++++++++++++++++++++++++++++++++++++++++++ inc/preload.php.dist | 17 +++++++ 2 files changed, 158 insertions(+) create mode 100644 inc/farm.php create mode 100644 inc/preload.php.dist diff --git a/inc/farm.php b/inc/farm.php new file mode 100644 index 000000000..05a5d6466 --- /dev/null +++ b/inc/farm.php @@ -0,0 +1,141 @@ +/subdir/ will need the subdirectory '$farm/subdir/'. + * * A virtual host based setup needs animal directory names which have to reflect + * the domain name: If an animal resides in http://www.example.org:8080/mysite/test/, + * directories that will match range from '$farm/8080.www.example.org.mysite.test/' + * to a simple '$farm/domain/'. + * + * @author Anika Henke + * @author Michael Klier + * @author Christopher Smith + * @author virtual host part of conf_path() based on conf_path() from Drupal.org's /includes/bootstrap.inc + * (see http://cvs.drupal.org/viewvc/drupal/drupal/includes/bootstrap.inc?view=markup) + * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) +*/ + +// DOKU_FARMDIR needs to be set in preload.php, here the fallback is the same as DOKU_INC (which isn't set yet) +if(!defined('DOKU_FARMDIR')) define('DOKU_FARMDIR', fullpath(dirname(__FILE__).'/../').'/'); +if(!defined('DOKU_CONF')) define('DOKU_CONF', conf_path(DOKU_FARMDIR)); +if(!defined('DOKU_FARM')) define('DOKU_FARM', false); + + +/** + * Find the appropriate configuration directory. + * + * If the .htaccess based setup is used, the configuration directory can be + * any subdirectory of the farm directory. + * + * Otherwise try finding a matching configuration directory by stripping the + * website's hostname from left to right and pathname from right to left. The + * first configuration file found will be used; the remaining will ignored. + * If no configuration file is found, return the default confdir './conf'. + */ +function conf_path($farm) { + + // htaccess based + if(isset($_REQUEST['animal'])) { + if(!is_dir($farm.'/'.$_REQUEST['animal'])) + nice_die("Sorry! This Wiki doesn't exist!"); + if(!defined('DOKU_FARM')) define('DOKU_FARM', 'htaccess'); + return $farm.'/'.$_REQUEST['animal'].'/conf/'; + } + + // virtual host based + $uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']); + $server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.'))))); + for ($i = count($uri) - 1; $i > 0; $i--) { + for ($j = count($server); $j > 0; $j--) { + $dir = implode('.', array_slice($server, -$j)) . implode('.', array_slice($uri, 0, $i)); + if(is_dir("$farm/$dir/conf/")) { + if(!defined('DOKU_FARM')) define('DOKU_FARM', 'virtual'); + return "$farm/$dir/conf/"; + } + } + } + + // default conf directory in farm + if(is_dir("$farm/default/conf/")) { + if(!defined('DOKU_FARM')) define('DOKU_FARM', 'default'); + return "$farm/default/conf/"; + } + // farmer + return DOKU_INC.'conf/'; +} + +/* Use default config files and local animal config files */ +$config_cascade = array( + 'main' => array( + 'default' => array(DOKU_INC.'conf/dokuwiki.php'), + 'local' => array(DOKU_CONF.'local.php'), + 'protected' => array(DOKU_CONF.'local.protected.php'), + ), + 'acronyms' => array( + 'default' => array(DOKU_INC.'conf/acronyms.conf'), + 'local' => array(DOKU_CONF.'acronyms.local.conf'), + ), + 'entities' => array( + 'default' => array(DOKU_INC.'conf/entities.conf'), + 'local' => array(DOKU_CONF.'entities.local.conf'), + ), + 'interwiki' => array( + 'default' => array(DOKU_INC.'conf/interwiki.conf'), + 'local' => array(DOKU_CONF.'interwiki.local.conf'), + ), + 'license' => array( + 'default' => array(DOKU_INC.'conf/license.php'), + 'local' => array(DOKU_CONF.'license.local.php'), + ), + 'mediameta' => array( + 'default' => array(DOKU_INC.'conf/mediameta.php'), + 'local' => array(DOKU_CONF.'mediameta.local.php'), + ), + 'mime' => array( + 'default' => array(DOKU_INC.'conf/mime.conf'), + 'local' => array(DOKU_CONF.'mime.local.conf'), + ), + 'scheme' => array( + 'default' => array(DOKU_INC.'conf/scheme.conf'), + 'local' => array(DOKU_CONF.'scheme.local.conf'), + ), + 'smileys' => array( + 'default' => array(DOKU_INC.'conf/smileys.conf'), + 'local' => array(DOKU_CONF.'smileys.local.conf'), + ), + 'wordblock' => array( + 'default' => array(DOKU_INC.'conf/wordblock.conf'), + 'local' => array(DOKU_CONF.'wordblock.local.conf'), + ), + 'acl' => array( + 'default' => DOKU_CONF.'acl.auth.php', + ), + 'plainauth.users' => array( + 'default' => DOKU_CONF.'users.auth.php', + ), + 'plugins' => array( // needed since Angua + 'default' => array(DOKU_CONF.'plugins.php'), + 'local' => array(DOKU_CONF.'plugins.local.php'), + 'protected' => array( + DOKU_INC.'conf/plugins.required.php', + DOKU_CONF.'plugins.protected.php', + ), + ), + 'userstyle' => array( + 'default' => DOKU_CONF.'userstyle.css', // 'default' was renamed to 'screen' on 2011-02-26, so will be deprecated in the next version + 'screen' => DOKU_CONF.'userstyle.css', + 'rtl' => DOKU_CONF.'userrtl.css', // deprecated since version after 2012-04-09 + 'print' => DOKU_CONF.'userprint.css', + 'feed' => DOKU_CONF.'userfeed.css', + 'all' => DOKU_CONF.'userall.css', + ), + 'userscript' => array( + 'default' => DOKU_CONF.'userscript.js' + ), +); diff --git a/inc/preload.php.dist b/inc/preload.php.dist new file mode 100644 index 000000000..f4eab2dae --- /dev/null +++ b/inc/preload.php.dist @@ -0,0 +1,17 @@ + Date: Sun, 8 Jul 2012 15:14:53 +0100 Subject: improved comments, added link to farm.php --- inc/farm.php | 5 +++-- inc/preload.php.dist | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/inc/farm.php b/inc/farm.php index 05a5d6466..11b33efe7 100644 --- a/inc/farm.php +++ b/inc/farm.php @@ -2,8 +2,9 @@ /** * This overwrites DOKU_CONF. Each animal gets its own configuration and data directory. * This can be used together with preload.php. See preload.php.dist for an example setup. + * For more information see http://www.dokuwiki.org/farms. * - * The farm ($farm) can be any directory and needs to be set. + * The farm directory (constant DOKU_FARMDIR) can be any directory and needs to be set. * Animals are direct subdirectories of the farm directory. * There are two different approaches: * * An .htaccess based setup can use any animal directory name: @@ -21,7 +22,7 @@ * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) */ -// DOKU_FARMDIR needs to be set in preload.php, here the fallback is the same as DOKU_INC (which isn't set yet) +// DOKU_FARMDIR needs to be set in preload.php, here the fallback is the same as DOKU_INC would be (if it was set already) if(!defined('DOKU_FARMDIR')) define('DOKU_FARMDIR', fullpath(dirname(__FILE__).'/../').'/'); if(!defined('DOKU_CONF')) define('DOKU_CONF', conf_path(DOKU_FARMDIR)); if(!defined('DOKU_FARM')) define('DOKU_FARM', false); diff --git a/inc/preload.php.dist b/inc/preload.php.dist index f4eab2dae..7acda0e3d 100644 --- a/inc/preload.php.dist +++ b/inc/preload.php.dist @@ -1,7 +1,7 @@ Date: Sun, 8 Jul 2012 16:12:38 +0100 Subject: plugins.php should belong to the farmer --- inc/farm.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/farm.php b/inc/farm.php index 11b33efe7..4cbffc99f 100644 --- a/inc/farm.php +++ b/inc/farm.php @@ -121,7 +121,7 @@ $config_cascade = array( 'default' => DOKU_CONF.'users.auth.php', ), 'plugins' => array( // needed since Angua - 'default' => array(DOKU_CONF.'plugins.php'), + 'default' => array(DOKU_INC.'conf/plugins.php'), 'local' => array(DOKU_CONF.'plugins.local.php'), 'protected' => array( DOKU_INC.'conf/plugins.required.php', -- cgit v1.2.3 From 0990161c720c6b5202a59a91e3b7aa172374f277 Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Sun, 8 Jul 2012 19:20:48 +0200 Subject: Add cli support to farm implementation Now the animal can be specified in the animal environment variable. --- inc/farm.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/inc/farm.php b/inc/farm.php index 4cbffc99f..8434e3067 100644 --- a/inc/farm.php +++ b/inc/farm.php @@ -41,12 +41,15 @@ if(!defined('DOKU_FARM')) define('DOKU_FARM', false); */ function conf_path($farm) { - // htaccess based - if(isset($_REQUEST['animal'])) { - if(!is_dir($farm.'/'.$_REQUEST['animal'])) + // htaccess based or cli + // cli usage example: animal=your_animal bin/indexer.php + if(isset($_REQUEST['animal']) || ('cli' == php_sapi_name() && isset($_SERVER['animal']))) { + $mode = isset($_REQUEST['animal']) ? 'htaccess' : 'cli'; + $animal = $mode == 'htaccess' ? $_REQUEST['animal'] : $_SERVER['animal']; + if(!is_dir($farm.'/'.$animal)) nice_die("Sorry! This Wiki doesn't exist!"); - if(!defined('DOKU_FARM')) define('DOKU_FARM', 'htaccess'); - return $farm.'/'.$_REQUEST['animal'].'/conf/'; + if(!defined('DOKU_FARM')) define('DOKU_FARM', $mode); + return $farm.'/'.$animal.'/conf/'; } // virtual host based -- cgit v1.2.3 From d867cca366d1a7aa106bec98db52a2b416b10c26 Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Sun, 8 Jul 2012 19:21:37 +0200 Subject: Check that the animal is actually inside the farm This makes sure that the animal that is specified in the URL is actually a subdirectory inside the farm and not somewhere else in the system. This allows that the animals are organized in different subdirectories for more complicated farm setups. --- inc/farm.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/inc/farm.php b/inc/farm.php index 8434e3067..51b0c0f78 100644 --- a/inc/farm.php +++ b/inc/farm.php @@ -46,6 +46,9 @@ function conf_path($farm) { if(isset($_REQUEST['animal']) || ('cli' == php_sapi_name() && isset($_SERVER['animal']))) { $mode = isset($_REQUEST['animal']) ? 'htaccess' : 'cli'; $animal = $mode == 'htaccess' ? $_REQUEST['animal'] : $_SERVER['animal']; + // check that $animal specifies a subdirectory of $farm + if (strpos(fullpath($farm.'/'.$animal), fullpath($farm).'/') !== 0) + nice_die('Sorry! Invalid Wiki name!'); if(!is_dir($farm.'/'.$animal)) nice_die("Sorry! This Wiki doesn't exist!"); if(!defined('DOKU_FARM')) define('DOKU_FARM', $mode); -- cgit v1.2.3 From 0cbe4a256be369c144a04d6a968bc66c18c4e0ac Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Sun, 8 Jul 2012 19:54:35 +0200 Subject: Check that animal name is a string, better error message if not --- inc/farm.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/inc/farm.php b/inc/farm.php index 51b0c0f78..37ae24c16 100644 --- a/inc/farm.php +++ b/inc/farm.php @@ -46,9 +46,9 @@ function conf_path($farm) { if(isset($_REQUEST['animal']) || ('cli' == php_sapi_name() && isset($_SERVER['animal']))) { $mode = isset($_REQUEST['animal']) ? 'htaccess' : 'cli'; $animal = $mode == 'htaccess' ? $_REQUEST['animal'] : $_SERVER['animal']; - // check that $animal specifies a subdirectory of $farm - if (strpos(fullpath($farm.'/'.$animal), fullpath($farm).'/') !== 0) - nice_die('Sorry! Invalid Wiki name!'); + // check that $animal is a string and specifies a subdirectory of $farm + if (!is_string($animal) || strpos(fullpath($farm.'/'.$animal), fullpath($farm).'/') !== 0) + nice_die('Sorry! Invalid animal name!'); if(!is_dir($farm.'/'.$animal)) nice_die("Sorry! This Wiki doesn't exist!"); if(!defined('DOKU_FARM')) define('DOKU_FARM', $mode); -- cgit v1.2.3 From af619c5afc1c9daa04d50f4e245ef5a8ef01d8d1 Mon Sep 17 00:00:00 2001 From: Anika Henke Date: Sun, 8 Jul 2012 20:38:56 +0100 Subject: renamed conf_path() to farm_confpath() --- inc/farm.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/inc/farm.php b/inc/farm.php index 37ae24c16..a998eaab6 100644 --- a/inc/farm.php +++ b/inc/farm.php @@ -17,14 +17,14 @@ * @author Anika Henke * @author Michael Klier * @author Christopher Smith - * @author virtual host part of conf_path() based on conf_path() from Drupal.org's /includes/bootstrap.inc + * @author virtual host part of farm_confpath() based on conf_path() from Drupal.org's /includes/bootstrap.inc * (see http://cvs.drupal.org/viewvc/drupal/drupal/includes/bootstrap.inc?view=markup) * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) */ // DOKU_FARMDIR needs to be set in preload.php, here the fallback is the same as DOKU_INC would be (if it was set already) if(!defined('DOKU_FARMDIR')) define('DOKU_FARMDIR', fullpath(dirname(__FILE__).'/../').'/'); -if(!defined('DOKU_CONF')) define('DOKU_CONF', conf_path(DOKU_FARMDIR)); +if(!defined('DOKU_CONF')) define('DOKU_CONF', farm_confpath(DOKU_FARMDIR)); if(!defined('DOKU_FARM')) define('DOKU_FARM', false); @@ -39,7 +39,7 @@ if(!defined('DOKU_FARM')) define('DOKU_FARM', false); * first configuration file found will be used; the remaining will ignored. * If no configuration file is found, return the default confdir './conf'. */ -function conf_path($farm) { +function farm_confpath($farm) { // htaccess based or cli // cli usage example: animal=your_animal bin/indexer.php -- cgit v1.2.3 From d4b0843fe48991272f1c1c64898e8a44dc949ad0 Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Sun, 8 Jul 2012 22:15:53 +0200 Subject: Prevent information disclosure in farms by disallowing subdirectories --- inc/farm.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/farm.php b/inc/farm.php index a998eaab6..af1035707 100644 --- a/inc/farm.php +++ b/inc/farm.php @@ -46,8 +46,8 @@ function farm_confpath($farm) { if(isset($_REQUEST['animal']) || ('cli' == php_sapi_name() && isset($_SERVER['animal']))) { $mode = isset($_REQUEST['animal']) ? 'htaccess' : 'cli'; $animal = $mode == 'htaccess' ? $_REQUEST['animal'] : $_SERVER['animal']; - // check that $animal is a string and specifies a subdirectory of $farm - if (!is_string($animal) || strpos(fullpath($farm.'/'.$animal), fullpath($farm).'/') !== 0) + // check that $animal is a string and just a directory name and not a path + if (!is_string($animal) || strpbrk($animal, '\\/') !== false) nice_die('Sorry! Invalid animal name!'); if(!is_dir($farm.'/'.$animal)) nice_die("Sorry! This Wiki doesn't exist!"); -- cgit v1.2.3