Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-7rpc-9m88-cf9w
* 固定ページプレビュー実行時に入力内容検証を追加

* SimpleZipの利用を停止しZipArchiveの利用に切り替え

* 不要コード除去

* BcZip利用時、ZipArchiveをopenしていない場合エラーログが出力される問題を改善
  • Loading branch information
gondoh committed Nov 25, 2021
1 parent c3295a5 commit 9088b99
Show file tree
Hide file tree
Showing 9 changed files with 198 additions and 543 deletions.
18 changes: 18 additions & 0 deletions app/webroot/theme/admin-third/Installations/admin/step2.php
Expand Up @@ -388,7 +388,25 @@ class="bca-main__text"><?php echo __d('baser', 'セーフモードがOnの場合
</ul>
<?php endif ?>
</div>

<div class="panel-box bca-panel-box corner10">
<h3 class="bca-panel-box__title"><?php echo __d('baser', '拡張モジュール') ?></h3>
<ul class="section">
<li class='<?php if ($zipOk) echo 'check'; else echo 'failed'; ?>'>
<?php echo __d('baser', 'Zip') ?><br/>
<div class="check-result">
<?php if ($zipOk): ?>
<?php echo __d('baser', '利用可') ?>
<?php else: ?>
<?php echo __d('baser', '利用不可') ?><br/>
<small><?php echo __d('baser', 'テーマなどのzipダウンロードが制限されます。') ?></small>
<?php endif ?>
</div>
</li>
</ul>
</div>
</div>


<form action="<?php echo $this->request->base ?>/installations/step2" method="post" id="checkenv">
<?php echo $this->BcForm->hidden('clicked') ?>
Expand Down
2 changes: 2 additions & 0 deletions app/webroot/theme/admin-third/Tools/admin/log.php
Expand Up @@ -16,11 +16,13 @@
?>


<?php if ($zipEnable): ?>
<div class="section bca-main__section">
<h2 class="bca-main__heading" data-bca-heading-size="lg"><?php echo __d('baser', 'ログ(エラーログ)の取得') ?></h2>
<p class="bca-main__text"><?php echo __d('baser', 'ログ(エラーログ)をPCにダウンロードします。') ?></p>
<p class="bca-main__text"><?php $this->BcBaser->link(__d('baser', 'ダウンロード'), ['download'], ['class' => 'button-small bca-btn', 'data-bca-btn-type' => 'download']) ?> </p>
</div>
<?php endif; ?>

<div class="section bca-main__section">
<h2 class="bca-main__heading" data-bca-heading-size="lg"><?php echo __d('baser', 'エラーログの削除') ?></h2>
Expand Down
10 changes: 10 additions & 0 deletions lib/Baser/Config/setting.php
Expand Up @@ -478,6 +478,16 @@
'systemMessageLangFromSiteSetting' => true
];

/**
* Zipモジュールなし
*/
if (!extension_loaded('zip')) {
unset($config['BcApp']['adminNavigation']['Systems']['Theme']['menus']['ThemesDownload']);
unset($config['BcApp']['adminNavigation']['Systems']['Theme']['menus']['ThemesDownloadDefaultDataPattern']);
unset($config['BcApp']['adminNavigation']['Systems']['Tools']['menus']['ToolsMaintenance']);
}


/**
* システム要件
*/
Expand Down
2 changes: 2 additions & 0 deletions lib/Baser/Controller/Component/BcManagerComponent.php
Expand Up @@ -1387,13 +1387,15 @@ public function checkEnv()
'phpGd' => extension_loaded('gd'),
'phpPdo' => extension_loaded('pdo'),
'phpXml' => extension_loaded('xml'),
'phpZip' => extension_loaded('zip'),
'apacheRewrite' => $rewriteInstalled,
];
$check = [
'encodingOk' => (preg_match('/UTF-8/i', $status['encoding'])? true : false),
'gdOk' => $status['phpGd'],
'pdoOk' => $status['phpPdo'],
'xmlOk' => $status['phpXml'],
'zipOk' => $status['phpZip'],
'phpVersionOk' => version_compare(preg_replace('/[a-z-]/', '', $status['phpVersion']), Configure::read('BcRequire.phpVersion'), '>='),
'phpMemoryOk' => ((($status['phpMemory'] >= Configure::read('BcRequire.phpMemory')) || $status['phpMemory'] == -1) === true)
];
Expand Down
15 changes: 15 additions & 0 deletions lib/Baser/Controller/PagesController.php
Expand Up @@ -410,8 +410,16 @@ public function display()
// POSTパラメータのコードに含まれるscriptタグをそのままHTMLに出力するとブラウザによりXSSと判定される
// 一度データをセッションに退避する
if ($this->BcContents->preview === 'default') {
// 入力validation
$check = ['content_tmp' => $this->request->data['Page']['contents_tmp']];
if (!$this->Page->containsScript($check)) {
$this->BcMessage->setError(__d('baser', '本稿欄でスクリプトの入力は許可されていません。'));
$this->notFound();
}

$sessionKey = __CLASS__ . '_preview_default_' . $this->request->data['Content']['entity_id'];
$this->request->data = $this->Content->saveTmpFiles($this->request->data, mt_rand(0, 99999999));

$this->Session->write($sessionKey, $this->request->data);
$query = [];
if ($this->request->query) {
Expand All @@ -431,6 +439,13 @@ public function display()
}

if ($this->BcContents->preview === 'draft') {
// 入力validation
$check = ['content_tmp' => $this->request->data['Page']['contents_tmp']];
if (!$this->Page->containsScript($check)) {
$this->BcMessage->setError(__d('baser', '本稿欄でスクリプトの入力は許可されていません。'));
$this->notFound();
}

$this->request->data = $this->Content->saveTmpFiles($this->request->data, mt_rand(0, 99999999));
$this->request->params['Content']['eyecatch'] = $this->request->data['Content']['eyecatch'];

Expand Down
52 changes: 39 additions & 13 deletions lib/Baser/Controller/ThemesController.php
Expand Up @@ -10,7 +10,7 @@
* @license https://basercms.net/license/index.html
*/

App::uses('Simplezip', 'Vendor');
App::uses('BcZip', 'Lib');

/**
* Class ThemesController
Expand Down Expand Up @@ -95,7 +95,6 @@ public function admin_add()

$name = $this->request->data['Theme']['file']['name'];
move_uploaded_file($this->request->data['Theme']['file']['tmp_name'], TMP . $name);
App::uses('BcZip', 'Lib');
$BcZip = new BcZip();
if (!$BcZip->extract(TMP . $name, BASER_THEMES)) {
$msg = __d('baser', 'アップロードしたZIPファイルの展開に失敗しました。');
Expand Down Expand Up @@ -573,11 +572,17 @@ protected function _applyTheme($theme)
*/
public function admin_download_default_data_pattern()
{
if (!extension_loaded('zip')) {
$this->notFound();
}

$this->autoRender = false;
set_time_limit(0);
ini_set('memory_limit', -1);

/* コアのCSVを生成 */
$tmpDir = TMP . 'csv' . DS;
$distPath = TMP . 'default.zip';
$Folder = new Folder();
$Folder->create($tmpDir);
emptyFolder($tmpDir);
Expand All @@ -604,13 +609,20 @@ public function admin_download_default_data_pattern()
}
ftruncate($fp, 0);
fwrite($fp, implode("\n", $records));

/* ZIPに固めてダウンロード */
$fileName = 'default';
$Simplezip = new Simplezip();
$Simplezip->addFolder($tmpDir);
$Simplezip->download($fileName);
$bcZip = new BcZip();
$bcZip->create($tmpDir, $distPath);

header("Cache-Control: no-store");
header("Content-Type: application/zip");
header("Content-Disposition: attachment; filename=" . basename($distPath) . ";");
header("Content-Length: " . filesize($distPath));
while (ob_get_level()) { ob_end_clean(); }
echo readfile($distPath);

emptyFolder($tmpDir);
exit();
unlink($distPath);
}

/**
Expand Down Expand Up @@ -671,19 +683,33 @@ function _writeCsv($plugin, $path, $exclude = [])
*/
public function admin_download()
{
if (!extension_loaded('zip')) {
$this->notFound();
}

$this->autoRender = false;
$tmpDir = TMP . 'theme' . DS;
$orgPath = BASER_THEMES . $this->siteConfigs['theme'] . DS;
$sourcePath = $tmpDir . $this->siteConfigs['theme'];
$distPath = $sourcePath . '.zip';

$Folder = new Folder();
$Folder->create($tmpDir);
$path = BASER_THEMES . $this->siteConfigs['theme'] . DS;
$Folder->copy([
'from' => $path,
'to' => $tmpDir . $this->siteConfigs['theme'],
'from' => $orgPath,
'to' => $sourcePath,
'chmod' => 0777
]);
$Simplezip = new Simplezip();
$Simplezip->addFolder($tmpDir);
$Simplezip->download($this->siteConfigs['theme']);
$bcZip = new BcZip();
$bcZip->create($sourcePath, $distPath);

header("Cache-Control: no-store");
header("Content-Type: application/zip");
header("Content-Disposition: attachment; filename=" . basename($distPath) . ";");
header("Content-Length: " . filesize($distPath));
while (ob_get_level()) { ob_end_clean(); }
echo readfile($distPath);

$Folder->delete($tmpDir);
}
}
90 changes: 69 additions & 21 deletions lib/Baser/Controller/ToolsController.php
Expand Up @@ -10,7 +10,7 @@
* @license https://basercms.net/license/index.html
*/

App::uses('Simplezip', 'Vendor');
App::uses('BcZip', 'Lib');

/**
* Class ToolsController
Expand Down Expand Up @@ -93,9 +93,13 @@ public function admin_index()
public function admin_maintenance($mode = '')
{
$this->_checkReferer();
$zipEnable = extension_loaded('zip');
if (!$zipEnable) {
$this->notFound();
}

switch($mode) {
case 'backup':
set_time_limit(0);
$this->_backupDb($this->request->query['backup_encoding']);
break;
case 'restore':
Expand Down Expand Up @@ -155,10 +159,10 @@ protected function _restoreDb($data)
if (!move_uploaded_file($data['Tool']['backup']['tmp_name'], $targetPath)) {
return false;
}

/* ZIPファイルを解凍する */
$Simplezip = new Simplezip();
if (!$Simplezip->unzip($targetPath, $tmpPath)) {
$bcZip = new BcZip();
if (!$bcZip->extract($targetPath, $tmpPath)) {
return false;
}
@unlink($targetPath);
Expand Down Expand Up @@ -255,8 +259,12 @@ protected function _loadBackup($path, $encoding)
*/
protected function _backupDb($encoding)
{
$tmpDir = TMP . 'schemas' . DS;
set_time_limit(0);

$version = str_replace(' ', '_', $this->getBaserVersion());
$tmpDir = TMP . 'schemas' . DS;
$distPath = TMP . 'baserbackup_' . $version . '_' . date('Ymd_His') . '.zip';

$this->_resetTmpSchemaFolder();
clearAllCache();
$this->_writeBackup($tmpDir . 'core' . DS, '', $encoding);
Expand All @@ -267,13 +275,21 @@ protected function _backupDb($encoding)
$this->_writeBackup($tmpDir . 'plugin' . DS, $plugin['Plugin']['name'], $encoding);
}
}

// ZIP圧縮して出力
$fileName = 'baserbackup_' . $version . '_' . date('Ymd_His');
$Simplezip = new Simplezip();
$Simplezip->addFolder($tmpDir);
$Simplezip->download($fileName);
$bcZip = new BcZip();
$bcZip->create($tmpDir, $distPath);

header("Cache-Control: no-store");
header("Content-Type: application/zip");
header("Content-Disposition: attachment; filename=" . basename($distPath) . ";");
header("Content-Length: " . filesize($distPath));
while (ob_get_level()) { ob_end_clean(); }
echo readfile($distPath);

unlink($distPath);
$this->_resetTmpSchemaFolder();
exit();
return true;
}

/**
Expand Down Expand Up @@ -312,6 +328,7 @@ protected function _writeBackup($path, $plugin = '', $encoding)
public function admin_write_schema()
{
$path = TMP . 'schemas' . DS;
$distPath = TMP . 'schemas.zip';

/* 表示設定 */
$this->pageTitle = __d('baser', 'スキーマファイル生成');
Expand All @@ -336,10 +353,26 @@ public function admin_write_schema()
return;
}

$Simplezip = new Simplezip();
$Simplezip->addFolder($path);
$Simplezip->download('schemas');
exit();
// ZIP圧縮して出力
set_time_limit(0);
$this->autoRender = false;

// 不要ディレクトリの削除
rmdir($path . 'core');
rmdir($path . 'plugin');

$bcZip = new BcZip();
$bcZip->create($path, $distPath);

header("Cache-Control: no-store");
header("Content-Type: application/zip");
header("Content-Disposition: attachment; filename=" . basename($distPath) . ";");
header("Content-Length: " . filesize($distPath));
while (ob_get_level()) { ob_end_clean(); }
echo readfile($distPath);

unlink($distPath);
return true;
}

/**
Expand Down Expand Up @@ -401,12 +434,16 @@ protected function _resetTmpSchemaFolder()
*/
public function admin_log($mode = '')
{
$zipEnable = extension_loaded('zip');
$errorLogPath = TMP . 'logs' . DS . 'error.log';
switch($mode) {
case 'download':
set_time_limit(0);
if (!$zipEnable) {
$this->notFound();
}
$this->autoRender = false;
if ($this->_downloadErrorLog()) {
exit();
return;
}
$this->BcMessage->setInfo('エラーログが存在しません。');
$this->redirect(['action' => 'log']);
Expand Down Expand Up @@ -441,6 +478,7 @@ public function admin_log($mode = '')

$this->pageTitle = __d('baser', 'データメンテナンス');
$this->help = 'tools_log';
$this->set('zipEnable', $zipEnable);
$this->set('fileSize', $fileSize);
}

Expand All @@ -451,17 +489,27 @@ public function admin_log($mode = '')
*/
protected function _downloadErrorLog()
{
set_time_limit(0);

$tmpDir = TMP . 'logs' . DS;
$distPath = TMP . 'basercms_logs_' . date('Ymd_His') . '.zip';
$Folder = new Folder($tmpDir);
$files = $Folder->read(true, true, false);
if (count($files[0]) === 0 && count($files[1]) === 0) {
return false;
}
// ZIP圧縮して出力
$fileName = 'basercms_logs_' . date('Ymd_His');
$Simplezip = new Simplezip();
$Simplezip->addFolder($tmpDir);
$Simplezip->download($fileName);
$bcZip = new BcZip();
$bcZip->create($tmpDir, $distPath);

header("Cache-Control: no-store");
header("Content-Type: application/zip");
header("Content-Disposition: attachment; filename=" . basename($distPath) . ";");
header("Content-Length: " . filesize($distPath));
while (ob_get_level()) { ob_end_clean(); }
echo readfile($distPath);

unlink($distPath);
return true;
}

Expand Down

0 comments on commit 9088b99

Please sign in to comment.