diff options
author | jim-p <jimp@pfsense.org> | 2014-07-02 12:07:33 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2014-07-02 12:07:33 -0400 |
commit | 7c8f3711075d9671eda430b86ac59d6013d12cae (patch) | |
tree | 7a4f6c4e9c01728a68a7bed6bfe7890823d0b40a | |
parent | 38c7d42e4b47e9c8d968ebf2c7a5b75806d87203 (diff) | |
download | pfsense-7c8f3711075d9671eda430b86ac59d6013d12cae.zip pfsense-7c8f3711075d9671eda430b86ac59d6013d12cae.tar.gz |
More refinements to the unofficial package repository warning ( Issue #484 ) -- Now also shows on Dashboard and installed package list. Cleaned up some code and shuffled things around to avoid unnecessary repetition.
-rw-r--r-- | etc/inc/pfsense-utils.inc | 15 | ||||
-rw-r--r-- | etc/inc/pkg-utils.inc | 25 | ||||
-rw-r--r-- | etc/phpshellsessions/gitsync | 2 | ||||
-rw-r--r-- | etc/phpshellsessions/installpkg | 2 | ||||
-rw-r--r-- | usr/local/www/index.php | 5 | ||||
-rw-r--r-- | usr/local/www/pkg_mgr.php | 10 | ||||
-rw-r--r-- | usr/local/www/pkg_mgr_installed.php | 7 | ||||
-rw-r--r-- | usr/local/www/pkg_mgr_settings.php | 17 |
8 files changed, 60 insertions, 23 deletions
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index a1b26b9..d16a2f0 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -670,7 +670,7 @@ function rmdir_recursive($path,$follow_links=false) { function call_pfsense_method($method, $params, $timeout = 0) { global $g, $config; - $xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; + $xmlrpc_base_url = get_active_xml_rpc_base_url(); $xmlrpc_path = $g['xmlrpcpath']; $xmlrpcfqdn = preg_replace("(https?://)", "", $xmlrpc_base_url); @@ -718,7 +718,7 @@ function call_pfsense_method($method, $params, $timeout = 0) { function check_firmware_version($tocheck = "all", $return_php = true) { global $g, $config; - $xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; + $xmlrpc_base_url = get_active_xml_rpc_base_url(); $xmlrpcfqdn = preg_replace("(https?://)", "", $xmlrpc_base_url); $ip = gethostbyname($xmlrpcfqdn); if($ip == $xmlrpcfqdn) @@ -2897,4 +2897,15 @@ function pkg_call_plugins($plugin_type, $plugin_params) { return $results; } +/* Function to find and return the active XML RPC base URL to avoid code duplication */ +function get_active_xml_rpc_base_url() { + global $config, $g; + /* If the user has activated the option to enable an alternate xmlrpcbaseurl, and it's not empty, then use it */ + if (isset($config['system']['altpkgrepo']['enable']) && !empty($config['system']['altpkgrepo']['xmlrpcbaseurl'])) { + return $config['system']['altpkgrepo']['xmlrpcbaseurl']; + } else { + return $g['xmlrpcbaseurl']; + } +} + ?> diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 016f027..96bdf5f 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -196,7 +196,7 @@ function get_pkg_sizes($pkgs = 'all') { "freebsd_machine" => $freebsd_machine ); $msg = new XML_RPC_Message('pfsense.get_pkg_sizes', array(php_value_to_xmlrpc($params))); - $xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; + $xmlrpc_base_url = get_active_xml_rpc_base_url(); $cli = new XML_RPC_Client($g['xmlrpcpath'], $xmlrpc_base_url); $resp = $cli->send($msg, 10); if(!is_object($resp)) @@ -1282,7 +1282,7 @@ function pkg_reinstall_all() { if ($pkg_info) { echo " Done.\n"; } else { - $xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; + $xmlrpc_base_url = get_active_xml_rpc_base_url(); $error = sprintf(gettext(' >>> Unable to communicate with %1$s. Please verify DNS and interface configuration, and that %2$s has functional Internet connectivity.'), $xmlrpc_base_url, $g['product_name']); echo "\n{$error}\n"; log_error(gettext("Cannot reinstall packages: ") . $error); @@ -1413,14 +1413,7 @@ function get_pkg_interfaces_select_source($include_localhost=false) { } function verify_all_package_servers() { - global $config, $g; - /* If an alternate package repository is defined, check it before - checking the default. */ - if (isset($config['system']['altpkgrepo']['enable']) && !empty($config['system']['altpkgrepo']['xmlrpcbaseurl'])) { - return verify_package_server($config['system']['altpkgrepo']['xmlrpcbaseurl']); - } else { - return verify_package_server($g['xmlrpcbaseurl']); - } + return verify_package_server(get_active_xml_rpc_base_url()); } /* Check if the active package server is a valid default or if it has been @@ -1441,4 +1434,16 @@ function verify_package_server($server) { return false; } +/* Keep this message centrally since it will be used several times on pages + in the GUI. */ +function package_server_mismatch_message() { + return sprintf(gettext("The package server currently configured on " + . "this firewall (%s) is NOT an official package server. The contents " + . "of such servers cannot be verified and may contain malicious files. " + . "Return the package server settings to their default values to " + . "ensure that verifiable and trusted packages are received."), + htmlspecialchars(get_active_xml_rpc_base_url())) . '<br/><br/>' + . '<a href="/pkg_mgr_settings.php">' . gettext("Package Manager Settings") . '</a>'; +} + ?> diff --git a/etc/phpshellsessions/gitsync b/etc/phpshellsessions/gitsync index 6c39006..e943ffa 100644 --- a/etc/phpshellsessions/gitsync +++ b/etc/phpshellsessions/gitsync @@ -83,7 +83,7 @@ if(!file_exists($GIT_BIN)) { if ($pkg_info) { echo " Done.\n"; } else { - $xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; + $xmlrpc_base_url = get_active_xml_rpc_base_url(); echo "\n" . sprintf(gettext(' >>> Unable to communicate with %1$s. Please verify DNS and interface configuration, and that %2$s has functional Internet connectivity.'), $xmlrpc_base_url, $g['product_name']) . "\n"; return; } diff --git a/etc/phpshellsessions/installpkg b/etc/phpshellsessions/installpkg index 15343df..30228ab 100644 --- a/etc/phpshellsessions/installpkg +++ b/etc/phpshellsessions/installpkg @@ -19,7 +19,7 @@ $pkg_info = get_pkg_info(); if ($pkg_info) { echo " Done.\n"; } else { - $xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; + $xmlrpc_base_url = get_active_xml_rpc_base_url(); echo "\n" . sprintf(gettext(' >>> Unable to communicate with %1$s. Please verify DNS and interface configuration, and that %2$s has functional Internet connectivity.'), $xmlrpc_base_url, $g['product_name']) . "\n"; return; } diff --git a/usr/local/www/index.php b/usr/local/www/index.php index 6e9e178..4fdcca6 100644 --- a/usr/local/www/index.php +++ b/usr/local/www/index.php @@ -53,6 +53,7 @@ ob_start(null, "1000"); require_once('functions.inc'); require_once('guiconfig.inc'); require_once('notices.inc'); +require_once("pkg-utils.inc"); if(isset($_REQUEST['closenotice'])){ close_notice($_REQUEST['closenotice']); @@ -481,6 +482,10 @@ echo $jscriptstr; if(!file_exists("/usr/local/www/themes/{$g['theme']}/no_big_logo")) echo "<center><img src=\"./themes/".$g['theme']."/images/logobig.jpg\" alt=\"big logo\" /></center><br />"; +/* Print package server mismatch warning. See https://redmine.pfsense.org/issues/484 */ +if (!verify_all_package_servers()) + print_info_box(package_server_mismatch_message()); + if ($savemsg) print_info_box($savemsg); diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php index 454cedd..79e6961 100644 --- a/usr/local/www/pkg_mgr.php +++ b/usr/local/www/pkg_mgr.php @@ -74,7 +74,7 @@ function domTT_title($title_msg) { //get_pkg_info only if cache file has more then $g[min_pkg_cache_file_time] seconds $pkg_cache_file_time=($g['min_pkg_cache_file_time'] ? $g['min_pkg_cache_file_time'] : 120); -$xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; +$xmlrpc_base_url = get_active_xml_rpc_base_url(); if (!file_exists("{$g['tmp_path']}/pkg_info.cache") || (time() - filemtime("{$g['tmp_path']}/pkg_info.cache")) > $pkg_cache_file_time) { $pkg_info = get_pkg_info('all', array("noembedded", "name", "category", "website", "version", "status", "descr", "maintainer", "required_version", "maximum_version", "pkginfolink", "config_file")); //create cache file after get_pkg_info @@ -116,13 +116,9 @@ include("head.inc"); <?php include("fbegin.inc"); + /* Print package server mismatch warning. See https://redmine.pfsense.org/issues/484 */ if (!verify_all_package_servers()) - print_info_box(sprintf(gettext("The package server currently " - . "configured on this firewall (%s) is NOT an official package " - . "server. The contents of such servers cannot be verified and " - . "may contain malicious files. To ensure that you receive " - . "verifiable and trusted packages, return the package server " - . "settings to their default values."), htmlspecialchars($xmlrpc_base_url))); + print_info_box(package_server_mismatch_message()); if ($savemsg) print_info_box($savemsg); diff --git a/usr/local/www/pkg_mgr_installed.php b/usr/local/www/pkg_mgr_installed.php index 01f3089..19b5950 100644 --- a/usr/local/www/pkg_mgr_installed.php +++ b/usr/local/www/pkg_mgr_installed.php @@ -89,7 +89,12 @@ include("head.inc"); </head> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - <?php include("fbegin.inc"); ?> + <?php include("fbegin.inc"); + + /* Print package server mismatch warning. See https://redmine.pfsense.org/issues/484 */ + if (!verify_all_package_servers()) + print_info_box(package_server_mismatch_message()); ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="packages installed"> <tr> <td> diff --git a/usr/local/www/pkg_mgr_settings.php b/usr/local/www/pkg_mgr_settings.php index ef655b5..5a8f4ca 100644 --- a/usr/local/www/pkg_mgr_settings.php +++ b/usr/local/www/pkg_mgr_settings.php @@ -77,7 +77,12 @@ function enable_altpkgrepourl(enable_over) { </script> </head> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc");?> +<?php include("fbegin.inc"); + + /* Print package server mismatch warning. See https://redmine.pfsense.org/issues/484 */ + if (!verify_all_package_servers()) + print_info_box(package_server_mismatch_message()); ?> + <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="pkg_mgr_settings.php" method="post" name="iform" id="iform"> @@ -98,6 +103,16 @@ function enable_altpkgrepourl(enable_over) { <tr><td><div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> <tr> + <td colspan="2" valign="top" class="vncell"> + <?PHP echo gettext("This page allows an alternate package repository to be configured, primarily for temporary use as a testing mechanism."); ?> + <?PHP echo gettext("The contents of unofficial packages servers cannot be verified and may contain malicious files."); ?> + <?PHP echo gettext("The package server settings should remain at their default values to ensure that verifiable and trusted packages are recevied."); ?> + <br/><br/> + <?PHP echo gettext("A warning is printed on the Dashboard and in the package manager when an unofficial package server is in use."); ?> + <br/><br/> + </td> + </tr> + <tr> <td colspan="2" valign="top" class="listtopic"><?=gettext("Package Repository URL");?></td> </tr> <tr> |