From 9e8bcd5f2ba2246ad2dff46d0313cb0c9e9f5579 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Tue, 10 Dec 2013 15:56:06 +0100 Subject: fix possible XSS vulnerability in Plugin Manager The plugin manager echos raw URLs in error messages, this could allow to construct an XSS attack. However the affected form is CSRF protected, so an attacker would require another XSS vulnerability to get the needed token, rendering this attack unneeded. So this should not be exploitable. --- lib/plugins/plugin/classes/ap_download.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/plugins/plugin/classes') diff --git a/lib/plugins/plugin/classes/ap_download.class.php b/lib/plugins/plugin/classes/ap_download.class.php index 3cc455867..b1be11506 100644 --- a/lib/plugins/plugin/classes/ap_download.class.php +++ b/lib/plugins/plugin/classes/ap_download.class.php @@ -24,7 +24,7 @@ class ap_download extends ap_manage { ptln('

'.$this->lang['downloading'].'

'); if ($this->manager->error) { - ptln('
'.str_replace("\n","
",$this->manager->error).'
'); + ptln('
'.str_replace("\n","
",hsc($this->manager->error)).'
'); } else if (count($this->downloaded) == 1) { ptln('

'.sprintf($this->lang['downloaded'],$this->downloaded[0]).'

'); } else if (count($this->downloaded)) { // more than one plugin in the download -- cgit v1.2.3 From 9672d9f3bf51a5b383078874035796c6ac776eb1 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 5 Jan 2014 20:58:48 +0100 Subject: removed the old plugin manager --- lib/plugins/plugin/classes/ap_delete.class.php | 28 --- lib/plugins/plugin/classes/ap_download.class.php | 288 ----------------------- lib/plugins/plugin/classes/ap_enable.class.php | 51 ---- lib/plugins/plugin/classes/ap_info.class.php | 143 ----------- lib/plugins/plugin/classes/ap_manage.class.php | 202 ---------------- lib/plugins/plugin/classes/ap_update.class.php | 36 --- 6 files changed, 748 deletions(-) delete mode 100644 lib/plugins/plugin/classes/ap_delete.class.php delete mode 100644 lib/plugins/plugin/classes/ap_download.class.php delete mode 100644 lib/plugins/plugin/classes/ap_enable.class.php delete mode 100644 lib/plugins/plugin/classes/ap_info.class.php delete mode 100644 lib/plugins/plugin/classes/ap_manage.class.php delete mode 100644 lib/plugins/plugin/classes/ap_update.class.php (limited to 'lib/plugins/plugin/classes') diff --git a/lib/plugins/plugin/classes/ap_delete.class.php b/lib/plugins/plugin/classes/ap_delete.class.php deleted file mode 100644 index 581a6295f..000000000 --- a/lib/plugins/plugin/classes/ap_delete.class.php +++ /dev/null @@ -1,28 +0,0 @@ -dir_delete(DOKU_PLUGIN.plugin_directory($this->manager->plugin))) { - $this->manager->error = sprintf($this->lang['error_delete'],$this->manager->plugin); - } else { - msg(sprintf($this->lang['deleted'],$this->plugin)); - $this->refresh(); - } - } - - function html() { - parent::html(); - - ptln('
'); - ptln('

'.$this->lang['deleting'].'

'); - - if ($this->manager->error) { - ptln('
'.str_replace("\n","
",$this->manager->error).'
'); - } else { - ptln('

'.sprintf($this->lang['deleted'],$this->plugin).'

'); - } - ptln('
'); - } -} - diff --git a/lib/plugins/plugin/classes/ap_download.class.php b/lib/plugins/plugin/classes/ap_download.class.php deleted file mode 100644 index b1be11506..000000000 --- a/lib/plugins/plugin/classes/ap_download.class.php +++ /dev/null @@ -1,288 +0,0 @@ -str('url'); - $this->download($plugin_url, $this->overwrite); - return ''; - } - - /** - * Print results of the download - */ - function html() { - parent::html(); - - ptln('
'); - ptln('

'.$this->lang['downloading'].'

'); - - if ($this->manager->error) { - ptln('
'.str_replace("\n","
",hsc($this->manager->error)).'
'); - } else if (count($this->downloaded) == 1) { - ptln('

'.sprintf($this->lang['downloaded'],$this->downloaded[0]).'

'); - } else if (count($this->downloaded)) { // more than one plugin in the download - ptln('

'.$this->lang['downloads'].'

'); - ptln('
    '); - foreach ($this->downloaded as $plugin) { - ptln('
  • '.$plugin.'
    • ',2); - } - ptln('
'); - } else { // none found in download - ptln('

'.$this->lang['download_none'].'

'); - } - ptln('
'); - } - - /** - * Process the downloaded file - */ - function download($url, $overwrite=false) { - // check the url - $matches = array(); - if (!preg_match("/[^\/]*$/", $url, $matches) || !$matches[0]) { - $this->manager->error = $this->lang['error_badurl']."\n"; - return false; - } - - $file = $matches[0]; - - if (!($tmp = io_mktmpdir())) { - $this->manager->error = $this->lang['error_dircreate']."\n"; - return false; - } - - if (!$file = io_download($url, "$tmp/", true, $file, 0)) { - $this->manager->error = sprintf($this->lang['error_download'],$url)."\n"; - } - - if (!$this->manager->error && !$this->decompress("$tmp/$file", $tmp)) { - $this->manager->error = sprintf($this->lang['error_decompress'],$file)."\n"; - } - - // search $tmp for the folder(s) that has been created - // move the folder(s) to lib/plugins/ - if (!$this->manager->error) { - $result = array('old'=>array(), 'new'=>array()); - if($this->find_folders($result,$tmp)){ - // choose correct result array - if(count($result['new'])){ - $install = $result['new']; - }else{ - $install = $result['old']; - } - - // now install all found items - foreach($install as $item){ - // where to install? - if($item['type'] == 'template'){ - $target = DOKU_INC.'lib/tpl/'.$item['base']; - }else{ - $target = DOKU_INC.'lib/plugins/'.$item['base']; - } - - // check to make sure we aren't overwriting anything - if (!$overwrite && @file_exists($target)) { - // remember our settings, ask the user to confirm overwrite, FIXME - continue; - } - - $instruction = @file_exists($target) ? 'update' : 'install'; - - // copy action - if ($this->dircopy($item['tmp'], $target)) { - $this->downloaded[] = $item['base']; - $this->plugin_writelog($target, $instruction, array($url)); - } else { - $this->manager->error .= sprintf($this->lang['error_copy']."\n", $item['base']); - } - } - - } else { - $this->manager->error = $this->lang['error']."\n"; - } - } - - // cleanup - if ($tmp) $this->dir_delete($tmp); - - if (!$this->manager->error) { - msg(sprintf($this->lang['packageinstalled'], count($this->downloaded), join(',',$this->downloaded)),1); - $this->refresh(); - return true; - } - - return false; - } - - /** - * Find out what was in the extracted directory - * - * Correct folders are searched recursively using the "*.info.txt" configs - * as indicator for a root folder. When such a file is found, it's base - * setting is used (when set). All folders found by this method are stored - * in the 'new' key of the $result array. - * - * For backwards compatibility all found top level folders are stored as - * in the 'old' key of the $result array. - * - * When no items are found in 'new' the copy mechanism should fall back - * the 'old' list. - * - * @author Andreas Gohr - * @param arrayref $result - results are stored here - * @param string $base - the temp directory where the package was unpacked to - * @param string $dir - a subdirectory. do not set. used by recursion - * @return bool - false on error - */ - function find_folders(&$result,$base,$dir=''){ - $dh = @opendir("$base/$dir"); - if(!$dh) return false; - while (false !== ($f = readdir($dh))) { - if ($f == '.' || $f == '..' || $f == 'tmp') continue; - - if(!is_dir("$base/$dir/$f")){ - // it's a file -> check for config - if($f == 'plugin.info.txt'){ - $info = array(); - $info['type'] = 'plugin'; - $info['tmp'] = "$base/$dir"; - $conf = confToHash("$base/$dir/$f"); - $info['base'] = utf8_basename($conf['base']); - if(!$info['base']) $info['base'] = utf8_basename("$base/$dir"); - $result['new'][] = $info; - }elseif($f == 'template.info.txt'){ - $info = array(); - $info['type'] = 'template'; - $info['tmp'] = "$base/$dir"; - $conf = confToHash("$base/$dir/$f"); - $info['base'] = utf8_basename($conf['base']); - if(!$info['base']) $info['base'] = utf8_basename("$base/$dir"); - $result['new'][] = $info; - } - }else{ - // it's a directory -> add to dir list for old method, then recurse - if(!$dir){ - $info = array(); - $info['type'] = 'plugin'; - $info['tmp'] = "$base/$dir/$f"; - $info['base'] = $f; - $result['old'][] = $info; - } - $this->find_folders($result,$base,"$dir/$f"); - } - } - closedir($dh); - return true; - } - - - /** - * Decompress a given file to the given target directory - * - * Determines the compression type from the file extension - */ - function decompress($file, $target) { - global $conf; - - // decompression library doesn't like target folders ending in "/" - if (substr($target, -1) == "/") $target = substr($target, 0, -1); - - $ext = $this->guess_archive($file); - if (in_array($ext, array('tar','bz','gz'))) { - switch($ext){ - case 'bz': - $compress_type = Tar::COMPRESS_BZIP; - break; - case 'gz': - $compress_type = Tar::COMPRESS_GZIP; - break; - default: - $compress_type = Tar::COMPRESS_NONE; - } - - $tar = new Tar(); - try { - $tar->open($file, $compress_type); - $tar->extract($target); - return true; - }catch(Exception $e){ - if($conf['allowdebug']){ - msg('Tar Error: '.$e->getMessage().' ['.$e->getFile().':'.$e->getLine().']',-1); - } - return false; - } - } else if ($ext == 'zip') { - - $zip = new ZipLib(); - $ok = $zip->Extract($file, $target); - - // FIXME sort something out for handling zip error messages meaningfully - return ($ok==-1?false:true); - - } - - // unsupported file type - return false; - } - - /** - * Determine the archive type of the given file - * - * Reads the first magic bytes of the given file for content type guessing, - * if neither bz, gz or zip are recognized, tar is assumed. - * - * @author Andreas Gohr - * @returns boolean|string false if the file can't be read, otherwise an "extension" - */ - function guess_archive($file){ - $fh = fopen($file,'rb'); - if(!$fh) return false; - $magic = fread($fh,5); - fclose($fh); - - if(strpos($magic,"\x42\x5a") === 0) return 'bz'; - if(strpos($magic,"\x1f\x8b") === 0) return 'gz'; - if(strpos($magic,"\x50\x4b\x03\x04") === 0) return 'zip'; - return 'tar'; - } - - /** - * Copy with recursive sub-directory support - */ - function dircopy($src, $dst) { - global $conf; - - if (is_dir($src)) { - if (!$dh = @opendir($src)) return false; - - if ($ok = io_mkdir_p($dst)) { - while ($ok && (false !== ($f = readdir($dh)))) { - if ($f == '..' || $f == '.') continue; - $ok = $this->dircopy("$src/$f", "$dst/$f"); - } - } - - closedir($dh); - return $ok; - - } else { - $exists = @file_exists($dst); - - if (!@copy($src,$dst)) return false; - if (!$exists && !empty($conf['fperm'])) chmod($dst, $conf['fperm']); - @touch($dst,filemtime($src)); - } - - return true; - } - - -} - diff --git a/lib/plugins/plugin/classes/ap_enable.class.php b/lib/plugins/plugin/classes/ap_enable.class.php deleted file mode 100644 index a25c7ede8..000000000 --- a/lib/plugins/plugin/classes/ap_enable.class.php +++ /dev/null @@ -1,51 +0,0 @@ -enabled = $INPUT->arr('enabled'); - - foreach ($this->manager->plugin_list as $plugin) { - if (in_array($plugin, $plugin_protected)) continue; - - $new = in_array($plugin, $this->enabled); - $old = !plugin_isdisabled($plugin); - - if ($new != $old) { - switch ($new) { - // enable plugin - case true : - if(plugin_enable($plugin)){ - msg(sprintf($this->lang['enabled'],$plugin),1); - $count_enabled++; - }else{ - msg(sprintf($this->lang['notenabled'],$plugin),-1); - } - break; - case false: - if(plugin_disable($plugin)){ - msg(sprintf($this->lang['disabled'],$plugin),1); - $count_disabled++; - }else{ - msg(sprintf($this->lang['notdisabled'],$plugin),-1); - } - break; - } - } - } - - // refresh plugins, including expiring any dokuwiki cache(s) - if ($count_enabled || $count_disabled) { - $this->refresh(); - } - } - -} - diff --git a/lib/plugins/plugin/classes/ap_info.class.php b/lib/plugins/plugin/classes/ap_info.class.php deleted file mode 100644 index 89b78fa2d..000000000 --- a/lib/plugins/plugin/classes/ap_info.class.php +++ /dev/null @@ -1,143 +0,0 @@ -manager->plugin) { return; } - - $component_list = $this->get_plugin_components($this->manager->plugin); - usort($component_list, array($this,'component_sort')); - - foreach ($component_list as $component) { - if (($obj = plugin_load($component['type'],$component['name'],false,true)) === null) continue; - - $compname = explode('_',$component['name']); - if($compname[1]){ - $compname = '['.$compname[1].']'; - }else{ - $compname = ''; - } - - $this->details[] = array_merge( - $obj->getInfo(), - array( - 'type' => $component['type'], - 'compname' => $compname - )); - unset($obj); - } - - // review details to simplify things - foreach($this->details as $info) { - foreach($info as $item => $value) { - if (!isset($this->plugin_info[$item])) { $this->plugin_info[$item] = $value; continue; } - if ($this->plugin_info[$item] != $value) $this->plugin_info[$item] = ''; - } - } - } - - function html() { - - // output the standard menu stuff - parent::html(); - - // sanity check - if (!$this->manager->plugin) { return; } - - ptln('
'); - ptln("

".$this->manager->getLang('plugin')." {$this->manager->plugin}

"); - - // collect pertinent information from the log - $installed = $this->plugin_readlog($this->manager->plugin, 'installed'); - $source = $this->plugin_readlog($this->manager->plugin, 'url'); - $updated = $this->plugin_readlog($this->manager->plugin, 'updated'); - if (strrpos($updated, "\n") !== false) $updated = substr($updated, strrpos($updated, "\n")+1); - - ptln("
",2); - ptln("
".$this->manager->getLang('source').'
'.($source ? $source : $this->manager->getLang('unknown'))."
",4); - ptln("
".$this->manager->getLang('installed').'
'.($installed ? $installed : $this->manager->getLang('unknown'))."
",4); - if ($updated) ptln("
".$this->manager->getLang('lastupdate').'
'.$updated."
",4); - ptln("
",2); - - if (count($this->details) == 0) { - ptln("

".$this->manager->getLang('noinfo')."

",2); - } else { - - ptln("
",2); - if ($this->plugin_info['name']) ptln("
".$this->manager->getLang('name')."
".$this->out($this->plugin_info['name'])."
",4); - if ($this->plugin_info['date']) ptln("
".$this->manager->getLang('date')."
".$this->out($this->plugin_info['date'])."
",4); - if ($this->plugin_info['type']) ptln("
".$this->manager->getLang('type')."
".$this->out($this->plugin_info['type'])."
",4); - if ($this->plugin_info['desc']) ptln("
".$this->manager->getLang('desc')."
".$this->out($this->plugin_info['desc'])."
",4); - if ($this->plugin_info['author']) ptln("
".$this->manager->getLang('author')."
".$this->manager->email($this->plugin_info['email'], $this->plugin_info['author'])."
",4); - if ($this->plugin_info['url']) ptln("
".$this->manager->getLang('www')."
".$this->manager->external_link($this->plugin_info['url'], '', 'urlextern')."
",4); - ptln("
",2); - - if (count($this->details) > 1) { - ptln("

".$this->manager->getLang('components')."

",2); - ptln("
",2); - - foreach ($this->details as $info) { - - ptln("
",4); - ptln("
".$this->manager->getLang('name')."
".$this->out($info['name'].' '.$info['compname'])."
",6); - if (!$this->plugin_info['date']) ptln("
".$this->manager->getLang('date')."
".$this->out($info['date'])."
",6); - if (!$this->plugin_info['type']) ptln("
".$this->manager->getLang('type')."
".$this->out($info['type'])."
",6); - if (!$this->plugin_info['desc']) ptln("
".$this->manager->getLang('desc')."
".$this->out($info['desc'])."
",6); - if (!$this->plugin_info['author']) ptln("
".$this->manager->getLang('author')."
".$this->manager->email($info['email'], $info['author'])."
",6); - if (!$this->plugin_info['url']) ptln("
".$this->manager->getLang('www')."
".$this->manager->external_link($info['url'], '', 'urlextern')."
",6); - ptln("
",4); - - } - ptln("
",2); - } - } - ptln("
"); - } - - // simple output filter, make html entities safe and convert new lines to
- function out($text) { - return str_replace("\n",'
',htmlspecialchars($text)); - } - - - /** - * return a list (name & type) of all the component plugins that make up this plugin - * - * @todo can this move to pluginutils? - */ - function get_plugin_components($plugin) { - - global $plugin_types; - - $components = array(); - $path = DOKU_PLUGIN.plugin_directory($plugin).'/'; - - foreach ($plugin_types as $type) { - if (@file_exists($path.$type.'.php')) { $components[] = array('name'=>$plugin, 'type'=>$type); continue; } - - if ($dh = @opendir($path.$type.'/')) { - while (false !== ($cp = readdir($dh))) { - if ($cp == '.' || $cp == '..' || strtolower(substr($cp,-4)) != '.php') continue; - - $components[] = array('name'=>$plugin.'_'.substr($cp, 0, -4), 'type'=>$type); - } - closedir($dh); - } - } - - return $components; - } - - /** - * usort callback to sort plugin components - */ - function component_sort($a, $b) { - if ($a['name'] == $b['name']) return 0; - return ($a['name'] < $b['name']) ? -1 : 1; - } -} diff --git a/lib/plugins/plugin/classes/ap_manage.class.php b/lib/plugins/plugin/classes/ap_manage.class.php deleted file mode 100644 index 48be63050..000000000 --- a/lib/plugins/plugin/classes/ap_manage.class.php +++ /dev/null @@ -1,202 +0,0 @@ -manager = & $manager; - $this->plugin = $plugin; - $this->lang = & $manager->lang; - } - - function process() { - return ''; - } - - function html() { - print $this->manager->locale_xhtml('admin_plugin'); - $this->html_menu(); - } - - // build our standard menu - function html_menu($listPlugins = true) { - global $ID; - - ptln('
'); - - ptln('
'); - ptln('

'.$this->lang['download'].'

'); - ptln('
'); - ptln(' '); - ptln('
'); - ptln(' '.$this->lang['download'].''); - ptln(' '); - ptln(' '); - ptln('
'); - ptln('
'); - ptln('
'); - - if ($listPlugins) { - ptln('

'.$this->lang['manage'].'

'); - - ptln('
'); - - ptln(' '); - - $this->html_pluginlist(); - - ptln('
'); - ptln(' '); - ptln('
'); - - // ptln('
'); - ptln(''); - } - - ptln(''); - } - - function html_pluginlist() { - global $plugin_protected; - - foreach ($this->manager->plugin_list as $plugin) { - - $disabled = plugin_isdisabled($plugin); - $protected = in_array($plugin,$plugin_protected); - - $checked = ($disabled) ? '' : ' checked="checked"'; - $check_disabled = ($protected) ? ' disabled="disabled"' : ''; - - // determine display class(es) - $class = array(); - if (in_array($plugin, $this->downloaded)) $class[] = 'new'; - if ($disabled) $class[] = 'disabled'; - if ($protected) $class[] = 'protected'; - - $class = count($class) ? ' class="'.join(' ', $class).'"' : ''; - - ptln(' '); - ptln(' '.$plugin.''); - ptln(' '); - ptln('

'); - - $this->html_button($plugin, 'info', false, 6); - if (in_array('settings', $this->manager->functions)) { - $this->html_button($plugin, 'settings', !@file_exists(DOKU_PLUGIN.$plugin.'/settings.php'), 6); - } - $this->html_button($plugin, 'update', !$this->plugin_readlog($plugin, 'url'), 6); - $this->html_button($plugin, 'delete', $protected, 6); - - ptln(' '); - } - } - - function html_button($plugin, $btn, $disabled=false, $indent=0) { - $disabled = ($disabled) ? 'disabled="disabled"' : ''; - ptln('',$indent); - } - - /** - * Refresh plugin list - */ - function refresh() { - global $config_cascade; - - // expire dokuwiki caches - // touching local.php expires wiki page, JS and CSS caches - @touch(reset($config_cascade['main']['local'])); - - // update latest plugin date - FIXME - global $ID; - send_redirect(wl($ID,array('do'=>'admin','page'=>'plugin'),true, '&')); - } - - /** - * Write a log entry to the given target directory - */ - function plugin_writelog($target, $cmd, $data) { - - $file = $target.'/manager.dat'; - - switch ($cmd) { - case 'install' : - $url = $data[0]; - $date = date('r'); - if (!$fp = @fopen($file, 'w')) return; - fwrite($fp, "installed=$date\nurl=$url\n"); - fclose($fp); - break; - - case 'update' : - $url = $data[0]; - $date = date('r'); - if (!$fp = @fopen($file, 'r+')) return; - $buffer = ""; - while (($line = fgets($fp)) !== false) { - $urlFound = strpos($line,"url"); - if($urlFound !== false) $line="url=$url\n"; - $buffer .= $line; - } - $buffer .= "updated=$date\n"; - fseek($fp, 0); - fwrite($fp, $buffer); - fclose($fp); - break; - } - } - - function plugin_readlog($plugin, $field) { - static $log = array(); - $file = DOKU_PLUGIN.plugin_directory($plugin).'/manager.dat'; - - if (!isset($log[$plugin])) { - $tmp = @file_get_contents($file); - if (!$tmp) return ''; - $log[$plugin] = & $tmp; - } - - if ($field == 'ALL') { - return $log[$plugin]; - } - - $match = array(); - if (preg_match_all('/'.$field.'=(.*)$/m',$log[$plugin], $match)) - return implode("\n", $match[1]); - - return ''; - } - - /** - * delete, with recursive sub-directory support - */ - function dir_delete($path) { - if (!is_string($path) || $path == "") return false; - - if (is_dir($path) && !is_link($path)) { - if (!$dh = @opendir($path)) return false; - - while ($f = readdir($dh)) { - if ($f == '..' || $f == '.') continue; - $this->dir_delete("$path/$f"); - } - - closedir($dh); - return @rmdir($path); - } - return @unlink($path); - } - - -} diff --git a/lib/plugins/plugin/classes/ap_update.class.php b/lib/plugins/plugin/classes/ap_update.class.php deleted file mode 100644 index 5d7f6cb08..000000000 --- a/lib/plugins/plugin/classes/ap_update.class.php +++ /dev/null @@ -1,36 +0,0 @@ -plugin_readlog($this->plugin, 'url'); - $this->download($plugin_url, $this->overwrite); - return ''; - } - - function html() { - parent::html(); - - ptln('
'); - ptln('

'.$this->lang['updating'].'

'); - - if ($this->manager->error) { - ptln('
'.str_replace("\n","
", $this->manager->error).'
'); - } else if (count($this->downloaded) == 1) { - ptln('

'.sprintf($this->lang['updated'],$this->downloaded[0]).'

'); - } else if (count($this->downloaded)) { // more than one plugin in the download - ptln('

'.$this->lang['updates'].'

'); - ptln('
    '); - foreach ($this->downloaded as $plugin) { - ptln('
  • '.$plugin.'
    • ',2); - } - ptln('
'); - } else { // none found in download - ptln('

'.$this->lang['update_none'].'

'); - } - ptln('
'); - } -} - -- cgit v1.2.3