diff --git a/backend.php b/backend.php index b6377c48f..4184e87c8 100644 --- a/backend.php +++ b/backend.php @@ -101,7 +101,6 @@ $op = "pluginhandler"; } */ - // TODO: figure out if is this still needed $op = str_replace("-", "_", $op); $override = PluginHost::getInstance()->lookup_handler($op, $method); diff --git a/classes/config.php b/classes/config.php index ee1d3cb4a..cc8710f5b 100644 --- a/classes/config.php +++ b/classes/config.php @@ -183,4 +183,217 @@ class Config { return $instance->_get($param); } + // this returns Config::SELF_URL_PATH sans ending slash + static function get_self_url() { + $self_url_path = self::get(Config::SELF_URL_PATH); + + if (substr($self_url_path, -1) === "/") { + return substr($self_url_path, 0, -1); + } else { + return $self_url_path; + } + } + + static function is_server_https() { + return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || + (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'); + } + + static function make_self_url() { + $proto = self::is_server_https() ? 'https' : 'http'; + + return $proto . '://' . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; + } + + /* sanity check stuff */ + + private static function make_self_url_path() { + if (!isset($_SERVER["HTTP_HOST"])) return false; + + $proto = self::is_server_https() ? 'https' : 'http'; + $url_path = $proto . '://' . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH); + + return $url_path; + } + + private static function check_mysql_tables() { + $pdo = Db::pdo(); + + $sth = $pdo->prepare("SELECT engine, table_name FROM information_schema.tables WHERE + table_schema = ? AND table_name LIKE 'ttrss_%' AND engine != 'InnoDB'"); + $sth->execute([self::get(Config::DB_NAME)]); + + $bad_tables = []; + + while ($line = $sth->fetch()) { + array_push($bad_tables, $line); + } + + return $bad_tables; + } + + static function sanity_check() { + + $errors = array(); + + if (strpos(self::get(Config::PLUGINS), "auth_") === false) { + array_push($errors, "Please enable at least one authentication module via PLUGINS"); + } + + if (function_exists('posix_getuid') && posix_getuid() == 0) { + array_push($errors, "Please don't run this script as root."); + } + + if (version_compare(PHP_VERSION, '7.1.0', '<')) { + array_push($errors, "PHP version 7.1.0 or newer required. You're using " . PHP_VERSION . "."); + } + + if (!class_exists("UConverter")) { + array_push($errors, "PHP UConverter class is missing, it's provided by the Internationalization (intl) module."); + } + + if (!is_writable(self::get(Config::CACHE_DIR) . "/images")) { + array_push($errors, "Image cache is not writable (chmod -R 777 ".self::get(Config::CACHE_DIR)."/images)"); + } + + if (!is_writable(self::get(Config::CACHE_DIR) . "/upload")) { + array_push($errors, "Upload cache is not writable (chmod -R 777 ".self::get(Config::CACHE_DIR)."/upload)"); + } + + if (!is_writable(self::get(Config::CACHE_DIR) . "/export")) { + array_push($errors, "Data export cache is not writable (chmod -R 777 ".self::get(Config::CACHE_DIR)."/export)"); + } + + if (self::get(Config::SINGLE_USER_MODE) && class_exists("PDO")) { + if (UserHelper::get_login_by_id(1) != "admin") { + array_push($errors, "SINGLE_USER_MODE is enabled but default admin account (ID: 1) is not found."); + } + } + + if (php_sapi_name() != "cli") { + $ref_self_url_path = self::make_self_url_path(); + + if ($ref_self_url_path) { + $ref_self_url_path = preg_replace("/\w+\.php$/", "", $ref_self_url_path); + } + + if (self::get(Config::SELF_URL_PATH) == "http://example.org/tt-rss/") { + $hint = $ref_self_url_path ? "(possible value: $ref_self_url_path)" : ""; + array_push($errors, + "Please set SELF_URL_PATH to the correct value for your server: $hint"); + } + + if ($ref_self_url_path && + (!defined('_SKIP_SELF_URL_PATH_CHECKS') || !_SKIP_SELF_URL_PATH_CHECKS) && + self::get(Config::SELF_URL_PATH) != $ref_self_url_path && self::get(Config::SELF_URL_PATH) != mb_substr($ref_self_url_path, 0, mb_strlen($ref_self_url_path)-1)) { + array_push($errors, + "Please set SELF_URL_PATH to the correct value detected for your server: $ref_self_url_path (you're using: " . self::get(Config::SELF_URL_PATH) . ")"); + } + } + + if (!is_writable(self::get(Config::ICONS_DIR))) { + array_push($errors, "ICONS_DIR defined in config.php is not writable (chmod -R 777 ".self::get(Config::ICONS_DIR).").\n"); + } + + if (!is_writable(self::get(Config::LOCK_DIRECTORY))) { + array_push($errors, "LOCK_DIRECTORY is not writable (chmod -R 777 ".self::get(Config::LOCK_DIRECTORY).").\n"); + } + + if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) { + array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL."); + } + + if (!function_exists("json_encode")) { + array_push($errors, "PHP support for JSON is required, but was not found."); + } + + if (!class_exists("PDO")) { + array_push($errors, "PHP support for PDO is required but was not found."); + } + + if (!function_exists("mb_strlen")) { + array_push($errors, "PHP support for mbstring functions is required but was not found."); + } + + if (!function_exists("hash")) { + array_push($errors, "PHP support for hash() function is required but was not found."); + } + + if (ini_get("safe_mode")) { + array_push($errors, "PHP safe mode setting is obsolete and not supported by tt-rss."); + } + + if (!function_exists("mime_content_type")) { + array_push($errors, "PHP function mime_content_type() is missing, try enabling fileinfo module."); + } + + if (!class_exists("DOMDocument")) { + array_push($errors, "PHP support for DOMDocument is required, but was not found."); + } + + if (self::get(Config::DB_TYPE) == "mysql") { + $bad_tables = self::check_mysql_tables(); + + if (count($bad_tables) > 0) { + $bad_tables_fmt = []; + + foreach ($bad_tables as $bt) { + array_push($bad_tables_fmt, sprintf("%s (%s)", $bt['table_name'], $bt['engine'])); + } + + $msg = "

The following tables use an unsupported MySQL engine: " . + implode(", ", $bad_tables_fmt) . ".

"; + + $msg .= "

The only supported engine on MySQL is InnoDB. MyISAM lacks functionality to run + tt-rss. + Please backup your data (via OPML) and re-import the schema before continuing.

+

WARNING: importing the schema would mean LOSS OF ALL YOUR DATA.

"; + + + array_push($errors, $msg); + } + } + + if (count($errors) > 0 && php_sapi_name() != "cli") { ?> + + + + Startup failed + + + + +
+

Startup failed

+ +

Please fix errors indicated by the following messages:

+ + + +

You might want to check tt-rss wiki or the + forums for more information. Please search the forums before creating new topic + for your question.

+
+ + + + 0) { + echo "Please fix errors indicated by the following messages:\n\n"; + + foreach ($errors as $error) { + echo " * " . strip_tags($error)."\n"; + } + + echo "\nYou might want to check tt-rss wiki or the forums for more information.\n"; + echo "Please search the forums before creating new topic for your question.\n"; + + exit(1); + } + } + + private static function format_error($msg) { + return "
$msg
"; + } } diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index de03b34dc..3436e4f60 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -694,7 +694,7 @@ class Pref_Prefs extends Handler_Protected { print \Controls\input_tag($pref_name, $value, "text", ["readonly" => true], "SSL_CERT_SERIAL"); - $cert_serial = htmlspecialchars(get_ssl_certificate_id()); + $cert_serial = htmlspecialchars(self::_get_ssl_certificate_id()); $has_serial = ($cert_serial) ? true : false; print \Controls\button_tag(__('Register'), "", [ @@ -1408,4 +1408,20 @@ class Pref_Prefs extends Handler_Protected { $this->appPasswordList(); } + + static function _get_ssl_certificate_id() { + if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] ?? false) { + return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] . + $_SERVER["REDIRECT_SSL_CLIENT_V_START"] . + $_SERVER["REDIRECT_SSL_CLIENT_V_END"] . + $_SERVER["REDIRECT_SSL_CLIENT_S_DN"]); + } + if ($_SERVER["SSL_CLIENT_M_SERIAL"] ?? false) { + return sha1($_SERVER["SSL_CLIENT_M_SERIAL"] . + $_SERVER["SSL_CLIENT_V_START"] . + $_SERVER["SSL_CLIENT_V_END"] . + $_SERVER["SSL_CLIENT_S_DN"]); + } + return ""; + } } diff --git a/classes/sanitizer.php b/classes/sanitizer.php index 52feb5e28..5bb5f2efc 100644 --- a/classes/sanitizer.php +++ b/classes/sanitizer.php @@ -49,6 +49,10 @@ class Sanitizer { return false; } + private static function is_prefix_https() { + return parse_url(Config::get(Config::SELF_URL_PATH), PHP_URL_SCHEME) == 'https'; + } + public static function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) { if (!$owner && isset($_SESSION["uid"])) @@ -125,7 +129,7 @@ class Sanitizer { if (!self::iframe_whitelisted($entry)) { $entry->setAttribute('sandbox', 'allow-scripts'); } else { - if (is_prefix_https()) { + if (self::is_prefix_https()) { $entry->setAttribute("src", str_replace("http://", "https://", $entry->getAttribute("src"))); diff --git a/include/functions.php b/include/functions.php index d4505ac24..92db41ad8 100644 --- a/include/functions.php +++ b/include/functions.php @@ -168,68 +168,64 @@ /* compat shims */ + /** function is @deprecated */ + function get_schema_version() { + return Config::get_schema_version(); + } + + /** function is @deprecated */ function _debug($msg) { Debug::log($msg); } - // @deprecated + /** function is @deprecated */ function getFeedUnread($feed, $is_cat = false) { return Feeds::_get_counters($feed, $is_cat, true, $_SESSION["uid"]); } - // @deprecated + /** function is @deprecated */ function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) { return Sanitizer::sanitize($str, $force_remove_images, $owner, $site_url, $highlight_words, $article_id); } - // @deprecated + /** function is @deprecated */ function fetch_file_contents($params) { return UrlHelper::fetch($params); } - // @deprecated + /** function is @deprecated */ function rewrite_relative_url($url, $rel_url) { return UrlHelper::rewrite_relative($url, $rel_url); } - // @deprecated + /** function is @deprecated */ function validate_url($url) { return UrlHelper::validate($url); } - // @deprecated + /** function is @deprecated */ function authenticate_user($login, $password, $check_only = false, $service = false) { return UserHelper::authenticate($login, $password, $check_only, $service); } - // @deprecated + /** function is @deprecated */ function smart_date_time($timestamp, $tz_offset = 0, $owner_uid = false, $eta_min = false) { return TimeHelper::smart_date_time($timestamp, $tz_offset, $owner_uid, $eta_min); } - // @deprecated + /** function is @deprecated */ function make_local_datetime($timestamp, $long, $owner_uid = false, $no_smart_dt = false, $eta_min = false) { return TimeHelper::make_local_datetime($timestamp, $long, $owner_uid, $no_smart_dt, $eta_min); } - /* end compat shims */ - - function get_ssl_certificate_id() { - if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] ?? false) { - return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] . - $_SERVER["REDIRECT_SSL_CLIENT_V_START"] . - $_SERVER["REDIRECT_SSL_CLIENT_V_END"] . - $_SERVER["REDIRECT_SSL_CLIENT_S_DN"]); - } - if ($_SERVER["SSL_CLIENT_M_SERIAL"] ?? false) { - return sha1($_SERVER["SSL_CLIENT_M_SERIAL"] . - $_SERVER["SSL_CLIENT_V_START"] . - $_SERVER["SSL_CLIENT_V_END"] . - $_SERVER["SSL_CLIENT_S_DN"]); - } - return ""; + // this returns Config::SELF_URL_PATH sans ending slash + /** function is @deprecated */ + function get_self_url_prefix() { + return Config::get_self_url(); } + /* end compat shims */ + // this is used for user http parameters unless HTML code is actually needed function clean($param) { if (is_array($param)) { @@ -303,10 +299,6 @@ return $s ? 1 : 0; } - function get_schema_version() { - return Config::get_schema_version(); - } - function file_is_locked($filename) { if (file_exists(Config::get(Config::LOCK_DIRECTORY) . "/$filename")) { if (function_exists('flock')) { @@ -371,24 +363,6 @@ return vsprintf(_ngettext(array_shift($args), array_shift($args), array_shift($args)), $args); } - function is_server_https() { - return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || - (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'); - } - - function is_prefix_https() { - return parse_url(Config::get(Config::SELF_URL_PATH), PHP_URL_SCHEME) == 'https'; - } - - // this returns Config::get(Config::SELF_URL_PATH) sans ending slash - function get_self_url_prefix() { - if (strrpos(Config::get(Config::SELF_URL_PATH), "/") === strlen(Config::get(Config::SELF_URL_PATH))-1) { - return substr(Config::get(Config::SELF_URL_PATH), 0, strlen(Config::get(Config::SELF_URL_PATH))-1); - } else { - return Config::get(Config::SELF_URL_PATH); - } - } - function encrypt_password($pass, $salt = '', $mode2 = false) { if ($salt && $mode2) { return "MODE2:" . hash('sha256', $salt . $pass); diff --git a/include/login_form.php b/include/login_form.php index 06bf57470..91850b768 100755 --- a/include/login_form.php +++ b/include/login_form.php @@ -85,7 +85,7 @@ - +
diff --git a/include/sanity_check.php b/include/sanity_check.php deleted file mode 100755 index 3d6a496b5..000000000 --- a/include/sanity_check.php +++ /dev/null @@ -1,206 +0,0 @@ -prepare("SELECT engine, table_name FROM information_schema.tables WHERE - table_schema = ? AND table_name LIKE 'ttrss_%' AND engine != 'InnoDB'"); - $sth->execute([Config::get(Config::DB_NAME)]); - - $bad_tables = []; - - while ($line = $sth->fetch()) { - array_push($bad_tables, $line); - } - - return $bad_tables; - } - - function initial_sanity_check() { - - $errors = array(); - - if (strpos(Config::get(Config::PLUGINS), "auth_") === false) { - array_push($errors, "Please enable at least one authentication module via Config::get(Config::PLUGINS) constant in config.php"); - } - - if (function_exists('posix_getuid') && posix_getuid() == 0) { - array_push($errors, "Please don't run this script as root."); - } - - if (version_compare(PHP_VERSION, '7.1.0', '<')) { - array_push($errors, "PHP version 7.1.0 or newer required. You're using " . PHP_VERSION . "."); - } - - if (!class_exists("UConverter")) { - array_push($errors, "PHP UConverter class is missing, it's provided by the Internationalization (intl) module."); - } - - if (!is_writable(Config::get(Config::CACHE_DIR) . "/images")) { - array_push($errors, "Image cache is not writable (chmod -R 777 ".Config::get(Config::CACHE_DIR)."/images)"); - } - - if (!is_writable(Config::get(Config::CACHE_DIR) . "/upload")) { - array_push($errors, "Upload cache is not writable (chmod -R 777 ".Config::get(Config::CACHE_DIR)."/upload)"); - } - - if (!is_writable(Config::get(Config::CACHE_DIR) . "/export")) { - array_push($errors, "Data export cache is not writable (chmod -R 777 ".Config::get(Config::CACHE_DIR)."/export)"); - } - - if (Config::get(Config::SINGLE_USER_MODE) && class_exists("PDO")) { - $pdo = Db::pdo(); - - $res = $pdo->query("SELECT id FROM ttrss_users WHERE id = 1"); - - if (!$res->fetch()) { - array_push($errors, "SINGLE_USER_MODE is enabled but default admin account is not found."); - } - } - - if (php_sapi_name() != "cli") { - $ref_self_url_path = make_self_url_path(); - - if ($ref_self_url_path) { - $ref_self_url_path = preg_replace("/\w+\.php$/", "", $ref_self_url_path); - } - - if (Config::get(Config::SELF_URL_PATH) == "http://example.org/tt-rss/") { - $hint = $ref_self_url_path ? "(possible value: $ref_self_url_path)" : ""; - array_push($errors, - "Please set SELF_URL_PATH to the correct value for your server: $hint"); - } - - if ($ref_self_url_path && - (!defined('_SKIP_SELF_URL_PATH_CHECKS') || !_SKIP_SELF_URL_PATH_CHECKS) && - Config::get(Config::SELF_URL_PATH) != $ref_self_url_path && Config::get(Config::SELF_URL_PATH) != mb_substr($ref_self_url_path, 0, mb_strlen($ref_self_url_path)-1)) { - array_push($errors, - "Please set SELF_URL_PATH to the correct value detected for your server: $ref_self_url_path (you're using: " . Config::get(Config::SELF_URL_PATH) . ")"); - } - } - - if (!is_writable(Config::get(Config::ICONS_DIR))) { - array_push($errors, "ICONS_DIR defined in config.php is not writable (chmod -R 777 ".Config::get(Config::ICONS_DIR).").\n"); - } - - if (!is_writable(Config::get(Config::LOCK_DIRECTORY))) { - array_push($errors, "LOCK_DIRECTORY is not writable (chmod -R 777 ".Config::get(Config::LOCK_DIRECTORY).").\n"); - } - - if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) { - array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL."); - } - - if (!function_exists("json_encode")) { - array_push($errors, "PHP support for JSON is required, but was not found."); - } - - if (!class_exists("PDO")) { - array_push($errors, "PHP support for PDO is required but was not found."); - } - - if (!function_exists("mb_strlen")) { - array_push($errors, "PHP support for mbstring functions is required but was not found."); - } - - if (!function_exists("hash")) { - array_push($errors, "PHP support for hash() function is required but was not found."); - } - - if (ini_get("safe_mode")) { - array_push($errors, "PHP safe mode setting is obsolete and not supported by tt-rss."); - } - - if (!function_exists("mime_content_type")) { - array_push($errors, "PHP function mime_content_type() is missing, try enabling fileinfo module."); - } - - if (!class_exists("DOMDocument")) { - array_push($errors, "PHP support for DOMDocument is required, but was not found."); - } - - if (Config::get(Config::DB_TYPE) == "mysql") { - $bad_tables = check_mysql_tables(); - - if (count($bad_tables) > 0) { - $bad_tables_fmt = []; - - foreach ($bad_tables as $bt) { - array_push($bad_tables_fmt, sprintf("%s (%s)", $bt['table_name'], $bt['engine'])); - } - - $msg = "

The following tables use an unsupported MySQL engine: " . - implode(", ", $bad_tables_fmt) . ".

"; - - $msg .= "

The only supported engine on MySQL is InnoDB. MyISAM lacks functionality to run - tt-rss. - Please backup your data (via OPML) and re-import the schema before continuing.

-

WARNING: importing the schema would mean LOSS OF ALL YOUR DATA.

"; - - - array_push($errors, $msg); - } - } - - if (count($errors) > 0 && php_sapi_name() != "cli") { ?> - - - - Startup failed - - - - -
- -

Startup failed

- -

Tiny Tiny RSS was unable to start properly. This usually means a misconfiguration or an incomplete upgrade. Please fix - errors indicated by the following messages:

- - - -

You might want to check tt-rss wiki or the - forums for more information. Please search the forums before creating new topic - for your question.

- -
- - - - 0) { - echo "Tiny Tiny RSS was unable to start properly. This usually means a misconfiguration or an incomplete upgrade.\n"; - echo "Please fix errors indicated by the following messages:\n\n"; - - foreach ($errors as $error) { - echo " * " . strip_tags($error)."\n"; - } - - echo "\nYou might want to check tt-rss wiki or the forums for more information.\n"; - echo "Please search the forums before creating new topic for your question.\n"; - - exit(-1); - } - } - - initial_sanity_check(); - -?> diff --git a/include/sessions.php b/include/sessions.php index 891a6b3fa..04c24cf72 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -9,7 +9,7 @@ $session_expire = min(2147483647 - time() - 1, max(\Config::get(\Config::SESSION_COOKIE_LIFETIME), 86400)); $session_name = \Config::get(\Config::SESSION_NAME); - if (is_server_https()) { + if (\Config::is_server_https()) { ini_set("session.cookie_secure", "true"); } diff --git a/index.php b/index.php index 0218db5e1..51bd99e5e 100644 --- a/index.php +++ b/index.php @@ -13,14 +13,14 @@ require_once "autoload.php"; require_once "sessions.php"; require_once "functions.php"; - require_once "sanity_check.php"; + + Config::sanity_check(); if (!init_plugins()) return; UserHelper::login_sequence(); header('Content-Type: text/html; charset=utf-8'); - ?> diff --git a/plugins/auth_remote/init.php b/plugins/auth_remote/init.php index f24364ffd..0ac51ce4e 100644 --- a/plugins/auth_remote/init.php +++ b/plugins/auth_remote/init.php @@ -18,7 +18,7 @@ class Auth_Remote extends Auth_Base { } function get_login_by_ssl_certificate() { - $cert_serial = get_ssl_certificate_id(); + $cert_serial = Pref_Prefs::_get_ssl_certificate_id(); if ($cert_serial) { $sth = $this->pdo->prepare("SELECT login FROM ttrss_user_prefs2, ttrss_users diff --git a/plugins/bookmarklets/init.php b/plugins/bookmarklets/init.php index 967918823..82ed6c97f 100644 --- a/plugins/bookmarklets/init.php +++ b/plugins/bookmarklets/init.php @@ -292,7 +292,7 @@ class Bookmarklets extends Plugin { print_error("Not logged in"); ?> -
+ diff --git a/prefs.php b/prefs.php index 5762375a5..52f564a76 100644 --- a/prefs.php +++ b/prefs.php @@ -5,7 +5,8 @@ require_once "autoload.php"; require_once "sessions.php"; require_once "functions.php"; - require_once "sanity_check.php"; + + Config::sanity_check(); if (!init_plugins()) return; diff --git a/public.php b/public.php index 28f95d0a9..f44a94c01 100644 --- a/public.php +++ b/public.php @@ -5,7 +5,8 @@ require_once "autoload.php"; require_once "sessions.php"; require_once "functions.php"; - require_once "sanity_check.php"; + + Config::sanity_check(); startup_gettext(); diff --git a/update.php b/update.php index 41b052f6e..63700cc0c 100755 --- a/update.php +++ b/update.php @@ -9,7 +9,8 @@ require_once "autoload.php"; require_once "functions.php"; - require_once "sanity_check.php"; + + Config::sanity_check(); function make_stampfile($filename) { $fp = fopen(Config::get(Config::LOCK_DIRECTORY) . "/$filename", "w"); diff --git a/update_daemon2.php b/update_daemon2.php index 1e8b1d072..8168c576e 100755 --- a/update_daemon2.php +++ b/update_daemon2.php @@ -10,7 +10,8 @@ require_once "autoload.php"; require_once "functions.php"; - require_once "sanity_check.php"; + + Config::sanity_check(); if (!function_exists('pcntl_fork')) { die("error: This script requires PHP compiled with PCNTL module.\n");