diff options
| author | Ermal <eri@pfsense.org> | 2014-02-18 16:38:23 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2014-02-18 16:39:59 +0000 |
| commit | 133f8b33472b9bca9e8f788820233cafbd674fcb (patch) | |
| tree | 6ede8a9321d14d0e0ff213ada3061312a6fffe3c | |
| parent | 0635519b6e359383233a508c8498e5f9443e672a (diff) | |
| download | pfsense-133f8b33472b9bca9e8f788820233cafbd674fcb.zip pfsense-133f8b33472b9bca9e8f788820233cafbd674fcb.tar.gz | |
Fixes #3460. Ask for validation when real operation will be done and ask for the operation with POST to get protection from CRSF.
| -rwxr-xr-x | usr/local/www/pkg_mgr_install.php | 257 |
1 files changed, 163 insertions, 94 deletions
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 72ced9c..8bf431b 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -48,6 +48,8 @@ require_once("filter.inc"); require_once("shaper.inc"); require_once("pkg-utils.inc"); +global $static_output; + $static_output = ""; $static_status = ""; $sendto = "output"; @@ -55,6 +57,33 @@ $sendto = "output"; $pgtitle = array(gettext("System"),gettext("Package Manager"),gettext("Install Package")); include("head.inc"); +if ($_POST) { + if (isset($_POST['pkgcancel']) || (empty($_POST['id']) && $_POST['mode'] != 'reinstallall')) { + header("Location: pkg_mgr_installed.php"); + return; + } +} else if ($_GET) { + switch ($_GET['mode']) { + case 'showlog': + break; + case 'installedinfo': + case 'reinstallxml': + case 'reinstallpkg': + case 'delete': + if (empty($_GET['pkg'])) { + header("Location: pkg_mgr_installed.php"); + return; + } + break; + default: + if (empty($_GET['id'])) { + header("Location: pkg_mgr_installed.php"); + return; + } + break; + } +} + ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -73,6 +102,45 @@ include("head.inc"); ?> </td> </tr> +<?php if ((empty($_GET['mode']) && $_GET['id']) || (!empty($_GET['mode']) && (!empty($_GET['pkg']) || $_GET['mode'] == 'reinstallall') && ($_GET['mode'] != 'installedinfo' && $_GET['mode'] != 'showlog'))): + if (empty($_GET['mode']) && $_GET['id']) { + $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401)); + $pkgmode = 'installed'; + } else if (!empty($_GET['mode']) && !empty($_GET['pkg'])) { + $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); + $pkgmode = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401)); + } + switch ($pkgmode) { + case 'reinstallxml': + case 'reinstallpkg': + $pkgtxt = 'reinstalled'; + break; + case 'delete': + $pkgtxt = 'deleted'; + break; + default: + $pkgtxt = $pkgmode; + break; + } +?> + <tr> + <td class="tabcont" align="center"> + <table style="height:15;colspacing:0" width="420" border="0" cellpadding="0" cellspacing="0" summary="images"> + <tr> + <td class="tabcont" align="center">Package:<b><?=$pkgname;?></b> will be <?=$pkgtxt;?>.<br/> + Please confirm the action on this package.<br/> + </td> + <td class="tabcont" align="center"> + <input type="hidden" name="id" value="<?=$pkgname;?>" /> + <input type="hidden" name="mode" value="<?=$pkgmode;?>" /> + <input type="submit" name="pkgconfirm" id="pkgconfirm" value="Confirm"/> + <input type="submit" name="pkgcancel" id="pkgcancel" value="Cancel"/> + </td> + </tr> + </table> + </td> + </tr> +<?php endif; if (!empty($_POST['id']) || $_GET['mode'] == 'showlog' || ($_GET['mode'] == 'installedinfo' && !empty($_GET['pkg']))): ?> <tr> <td class="tabcont" align="center"> <table style="height:15;colspacing:0" width="420" border="0" cellpadding="0" cellspacing="0" summary="images"> @@ -96,6 +164,7 @@ include("head.inc"); <textarea cols="80" rows="35" name="output" id="output" wrap="hard"></textarea> </td> </tr> +<?php endif; ?> </table> </div> </form> @@ -111,112 +180,112 @@ Rounded("div#mainareapkg","bl br","#FFF","#eeeeee","smooth"); ob_flush(); -$pkgname = str_replace(array("<", ">", ";", "&", "'"), "", htmlspecialchars_decode($_GET['pkg'])); -switch($_GET['mode']) { - case "showlog": - case "installedinfo": - /* These cases do not make changes. */ - $fs_mounted_rw = false; - break; - default: - /* All other cases make changes, so mount rw fs */ - conf_mount_rw(); - $fs_mounted_rw = true; - /* Write out configuration to create a backup prior to pkg install. */ - write_config(gettext("Creating restore point before package installation.")); +if ($_GET) { + $pkgname = str_replace(array("<", ">", ";", "&", "'"), "", htmlspecialchars_decode($_GET['pkg'])); + switch($_GET['mode']) { + case 'showlog': + if (strpos($pkgname, ".")) { + update_output_window(gettext("Something is wrong on the request.")); + } else if (file_exists("/tmp/pkg_mgr_{$pkgname}.log")) + update_output_window(@file_get_contents("/tmp/pkg_mgr_{$pkgname}.log")); + else + update_output_window(gettext("Log was not retrievable.")); break; -} - -switch($_GET['mode']) { - case "delete": - uninstall_package($pkgname); - update_status(gettext("Package deleted.")); - $static_output .= "\n" . gettext("Package deleted."); - update_output_window($static_output); - filter_configure(); - break; - case "showlog": - $id = htmlspecialchars($pkgname); - if(strpos($id, ".")) - exit; - update_output_window(file_get_contents("/tmp/pkg_mgr_{$id}.log")); - break; - case "reinstallxml": - case "reinstallpkg": - delete_package_xml($pkgname); - if (install_package($pkgname) < 0) { - update_status(gettext("Package reinstallation failed.")); - $static_output .= "\n" . gettext("Package reinstallation failed."); - update_output_window($static_output); - } else { - update_status(gettext("Package reinstalled.")); - $static_output .= "\n" . gettext("Package reinstalled."); - update_output_window($static_output); - filter_configure(); - } - file_put_contents("/tmp/{$pkgname}.info", $static_output); - echo "<script type='text/javascript'>document.location=\"pkg_mgr_install.php?mode=installedinfo&pkg={$pkgname}\";</script>"; - break; - case "installedinfo": - if(file_exists("/tmp/{$pkgname}.info")) { - $filename = escapeshellcmd("/tmp/{$pkgname}.info"); - $status = file_get_contents($filename); + case 'installedinfo': + if (file_exists("/tmp/{$pkgname}.info")) { + $status = @file_get_contents("/tmp/{$pkgname}.info"); update_status("{$pkgname} " . gettext("installation completed.")); update_output_window($status); } else update_output_window(sprintf(gettext("Could not find %s."), $pkgname)); break; - case "reinstallall": - if (is_array($config['installedpackages']['package'])) { - $todo = array(); - foreach($config['installedpackages']['package'] as $package) - $todo[] = array('name' => $package['name'], 'version' => $package['version']); - foreach($todo as $pkgtodo) { - $static_output = ""; - if($pkgtodo['name']) { - update_output_window($static_output); - uninstall_package($pkgtodo['name']); - install_package($pkgtodo['name']); + default: + break; + } +} else if ($_POST) { + $pkgid = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401)); + + /* All other cases make changes, so mount rw fs */ + conf_mount_rw(); + /* Write out configuration to create a backup prior to pkg install. */ + write_config(gettext("Creating restore point before package installation.")); + + switch ($_POST['mode']) { + case 'delete': + uninstall_package($pkgid); + update_status(gettext("Package deleted.")); + $static_output .= "\n" . gettext("Package deleted."); + update_output_window($static_output); + filter_configure(); + break; + case 'reinstallxml': + case 'reinstallpkg': + delete_package_xml($pkgid); + if (install_package($pkgid) < 0) { + update_status(gettext("Package reinstallation failed.")); + $static_output .= "\n" . gettext("Package reinstallation failed."); + update_output_window($static_output); + } else { + update_status(gettext("Package reinstalled.")); + $static_output .= "\n" . gettext("Package reinstalled."); + update_output_window($static_output); + filter_configure(); + } + @file_put_contents("/tmp/{$pkgid}.info", $static_output); + $pkgid = htmlspecialchars($pkgid); + echo "<script type='text/javascript'>document.location=\"pkg_mgr_install.php?mode=installedinfo&pkg={$pkgid}\";</script>"; + break; + case 'reinstallall': + if (is_array($config['installedpackages']) && is_array($config['installedpackages']['package'])) { + $todo = array(); + foreach($config['installedpackages']['package'] as $package) + $todo[] = array('name' => $package['name'], 'version' => $package['version']); + foreach($todo as $pkgtodo) { + $static_output = ""; + if($pkgtodo['name']) { + update_output_window($static_output); + uninstall_package($pkgtodo['name']); + install_package($pkgtodo['name']); + } } + update_status(gettext("All packages reinstalled.")); + $static_output .= "\n" . gettext("All packages reinstalled."); + update_output_window($static_output); + filter_configure(); + } else + update_output_window(gettext("No packages are installed.")); + break; + case 'installed': + default: + $status = install_package($pkgid); + if($status == -1) { + update_status(gettext("Installation of") . " {$pkgid} " . gettext("FAILED!")); + $static_output .= "\n" . gettext("Installation halted."); + update_output_window($static_output); + } else { + $status_a = gettext(sprintf("Installation of %s completed.", $pkgid)); + update_status($status_a); + $status = get_after_install_info($pkgid); + if($status) + $static_output .= "\n" . gettext("Installation completed.") . "\n{$pkgid} " . gettext("setup instructions") . ":\n{$status}"; + else + $static_output .= "\n" . gettext("Installation completed. Please check to make sure that the package is configured from the respective menu then start the package."); + + @file_put_contents("/tmp/{$pkgid}.info", $static_output); + echo "<script type='text/javascript'>document.location=\"pkg_mgr_install.php?mode=installedinfo&pkg={$pkgid}\";</script>"; } - update_status(gettext("All packages reinstalled.")); - $static_output .= "\n" . gettext("All packages reinstalled."); - update_output_window($static_output); filter_configure(); - } else - update_output_window(gettext("No packages are installed.")); - break; - default: - $pkgid = htmlspecialchars($_GET['id']); - $status = install_package($pkgid); - if($status == -1) { - update_status(gettext("Installation of") . " {$pkgid} " . gettext("FAILED!")); - $static_output .= "\n" . gettext("Installation halted."); - update_output_window($static_output); - } else { - $status_a = gettext("Installation of") . " {$pkgid} " . gettext("completed."); - update_status($status_a); - $status = get_after_install_info($pkgid); - if($status) - $static_output .= "\n" . gettext("Installation completed.") . "\n{$pkgid} " . gettext("setup instructions") . ":\n{$status}"; - else - $static_output .= "\n" . gettext("Installation completed. Please check to make sure that the package is configured from the respective menu then start the package."); - file_put_contents("/tmp/{$pkgid}.info", $static_output); - echo "<script type='text/javascript'>document.location=\"pkg_mgr_install.php?mode=installedinfo&pkg={$pkgid}\";</script>"; - } - filter_configure(); - break; -} + break; + } -// Delete all temporary package tarballs and staging areas. -unlink_if_exists("/tmp/apkg_*"); -rmdir_recursive("/var/tmp/instmp*"); + // Delete all temporary package tarballs and staging areas. + unlink_if_exists("/tmp/apkg_*"); + rmdir_recursive("/var/tmp/instmp*"); -// close log -if($fd_log) - fclose($fd_log); + // close log + if($fd_log) + fclose($fd_log); -if($fs_mounted_rw) { /* Restore to read only fs */ conf_mount_ro(); } |
