move startup checks to Config, set a bunch of @deprecated annotations

This commit is contained in:
Andrew Dolgov 2021-03-01 10:20:21 +03:00
parent b05d4e3d9f
commit 7ef72fe0dc
15 changed files with 269 additions and 265 deletions

View File

@ -101,7 +101,6 @@
$op = "pluginhandler";
} */
// TODO: figure out if is this still needed
$op = str_replace("-", "_", $op);
$override = PluginHost::getInstance()->lookup_handler($op, $method);

View File

@ -183,4 +183,217 @@ class Config {
return $instance->_get($param);
}
// this returns Config::SELF_URL_PATH sans ending slash
static function get_self_url() {
$self_url_path = self::get(Config::SELF_URL_PATH);
if (substr($self_url_path, -1) === "/") {
return substr($self_url_path, 0, -1);
} else {
return $self_url_path;
}
}
static function is_server_https() {
return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) ||
(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
}
static function make_self_url() {
$proto = self::is_server_https() ? 'https' : 'http';
return $proto . '://' . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
}
/* sanity check stuff */
private static function make_self_url_path() {
if (!isset($_SERVER["HTTP_HOST"])) return false;
$proto = self::is_server_https() ? 'https' : 'http';
$url_path = $proto . '://' . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
return $url_path;
}
private static function check_mysql_tables() {
$pdo = Db::pdo();
$sth = $pdo->prepare("SELECT engine, table_name FROM information_schema.tables WHERE
table_schema = ? AND table_name LIKE 'ttrss_%' AND engine != 'InnoDB'");
$sth->execute([self::get(Config::DB_NAME)]);
$bad_tables = [];
while ($line = $sth->fetch()) {
array_push($bad_tables, $line);
}
return $bad_tables;
}
static function sanity_check() {
$errors = array();
if (strpos(self::get(Config::PLUGINS), "auth_") === false) {
array_push($errors, "Please enable at least one authentication module via PLUGINS");
}
if (function_exists('posix_getuid') && posix_getuid() == 0) {
array_push($errors, "Please don't run this script as root.");
}
if (version_compare(PHP_VERSION, '7.1.0', '<')) {
array_push($errors, "PHP version 7.1.0 or newer required. You're using " . PHP_VERSION . ".");
}
if (!class_exists("UConverter")) {
array_push($errors, "PHP UConverter class is missing, it's provided by the Internationalization (intl) module.");
}
if (!is_writable(self::get(Config::CACHE_DIR) . "/images")) {
array_push($errors, "Image cache is not writable (chmod -R 777 ".self::get(Config::CACHE_DIR)."/images)");
}
if (!is_writable(self::get(Config::CACHE_DIR) . "/upload")) {
array_push($errors, "Upload cache is not writable (chmod -R 777 ".self::get(Config::CACHE_DIR)."/upload)");
}
if (!is_writable(self::get(Config::CACHE_DIR) . "/export")) {
array_push($errors, "Data export cache is not writable (chmod -R 777 ".self::get(Config::CACHE_DIR)."/export)");
}
if (self::get(Config::SINGLE_USER_MODE) && class_exists("PDO")) {
if (UserHelper::get_login_by_id(1) != "admin") {
array_push($errors, "SINGLE_USER_MODE is enabled but default admin account (ID: 1) is not found.");
}
}
if (php_sapi_name() != "cli") {
$ref_self_url_path = self::make_self_url_path();
if ($ref_self_url_path) {
$ref_self_url_path = preg_replace("/\w+\.php$/", "", $ref_self_url_path);
}
if (self::get(Config::SELF_URL_PATH) == "http://example.org/tt-rss/") {
$hint = $ref_self_url_path ? "(possible value: <b>$ref_self_url_path</b>)" : "";
array_push($errors,
"Please set SELF_URL_PATH to the correct value for your server: $hint");
}
if ($ref_self_url_path &&
(!defined('_SKIP_SELF_URL_PATH_CHECKS') || !_SKIP_SELF_URL_PATH_CHECKS) &&
self::get(Config::SELF_URL_PATH) != $ref_self_url_path && self::get(Config::SELF_URL_PATH) != mb_substr($ref_self_url_path, 0, mb_strlen($ref_self_url_path)-1)) {
array_push($errors,
"Please set SELF_URL_PATH to the correct value detected for your server: <b>$ref_self_url_path</b> (you're using: <b>" . self::get(Config::SELF_URL_PATH) . "</b>)");
}
}
if (!is_writable(self::get(Config::ICONS_DIR))) {
array_push($errors, "ICONS_DIR defined in config.php is not writable (chmod -R 777 ".self::get(Config::ICONS_DIR).").\n");
}
if (!is_writable(self::get(Config::LOCK_DIRECTORY))) {
array_push($errors, "LOCK_DIRECTORY is not writable (chmod -R 777 ".self::get(Config::LOCK_DIRECTORY).").\n");
}
if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {
array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL.");
}
if (!function_exists("json_encode")) {
array_push($errors, "PHP support for JSON is required, but was not found.");
}
if (!class_exists("PDO")) {
array_push($errors, "PHP support for PDO is required but was not found.");
}
if (!function_exists("mb_strlen")) {
array_push($errors, "PHP support for mbstring functions is required but was not found.");
}
if (!function_exists("hash")) {
array_push($errors, "PHP support for hash() function is required but was not found.");
}
if (ini_get("safe_mode")) {
array_push($errors, "PHP safe mode setting is obsolete and not supported by tt-rss.");
}
if (!function_exists("mime_content_type")) {
array_push($errors, "PHP function mime_content_type() is missing, try enabling fileinfo module.");
}
if (!class_exists("DOMDocument")) {
array_push($errors, "PHP support for DOMDocument is required, but was not found.");
}
if (self::get(Config::DB_TYPE) == "mysql") {
$bad_tables = self::check_mysql_tables();
if (count($bad_tables) > 0) {
$bad_tables_fmt = [];
foreach ($bad_tables as $bt) {
array_push($bad_tables_fmt, sprintf("%s (%s)", $bt['table_name'], $bt['engine']));
}
$msg = "<p>The following tables use an unsupported MySQL engine: <b>" .
implode(", ", $bad_tables_fmt) . "</b>.</p>";
$msg .= "<p>The only supported engine on MySQL is InnoDB. MyISAM lacks functionality to run
tt-rss.
Please backup your data (via OPML) and re-import the schema before continuing.</p>
<p><b>WARNING: importing the schema would mean LOSS OF ALL YOUR DATA.</b></p>";
array_push($errors, $msg);
}
}
if (count($errors) > 0 && php_sapi_name() != "cli") { ?>
<!DOCTYPE html>
<html>
<head>
<title>Startup failed</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="themes/light.css">
</head>
<body class="sanity_failed flat ttrss_utility">
<div class="content">
<h1>Startup failed</h1>
<p>Please fix errors indicated by the following messages:</p>
<?php foreach ($errors as $error) { echo self::format_error($error); } ?>
<p>You might want to check tt-rss <a target="_blank" href="https://tt-rss.org/wiki.php">wiki</a> or the
<a target="_blank" href="https://community.tt-rss.org/">forums</a> for more information. Please search the forums before creating new topic
for your question.</p>
</div>
</body>
</html>
<?php
die;
} else if (count($errors) > 0) {
echo "Please fix errors indicated by the following messages:\n\n";
foreach ($errors as $error) {
echo " * " . strip_tags($error)."\n";
}
echo "\nYou might want to check tt-rss wiki or the forums for more information.\n";
echo "Please search the forums before creating new topic for your question.\n";
exit(1);
}
}
private static function format_error($msg) {
return "<div class=\"alert alert-danger\">$msg</div>";
}
}

View File

@ -694,7 +694,7 @@ class Pref_Prefs extends Handler_Protected {
print \Controls\input_tag($pref_name, $value, "text", ["readonly" => true], "SSL_CERT_SERIAL");
$cert_serial = htmlspecialchars(get_ssl_certificate_id());
$cert_serial = htmlspecialchars(self::_get_ssl_certificate_id());
$has_serial = ($cert_serial) ? true : false;
print \Controls\button_tag(__('Register'), "", [
@ -1408,4 +1408,20 @@ class Pref_Prefs extends Handler_Protected {
$this->appPasswordList();
}
static function _get_ssl_certificate_id() {
if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] ?? false) {
return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] .
$_SERVER["REDIRECT_SSL_CLIENT_V_START"] .
$_SERVER["REDIRECT_SSL_CLIENT_V_END"] .
$_SERVER["REDIRECT_SSL_CLIENT_S_DN"]);
}
if ($_SERVER["SSL_CLIENT_M_SERIAL"] ?? false) {
return sha1($_SERVER["SSL_CLIENT_M_SERIAL"] .
$_SERVER["SSL_CLIENT_V_START"] .
$_SERVER["SSL_CLIENT_V_END"] .
$_SERVER["SSL_CLIENT_S_DN"]);
}
return "";
}
}

View File

@ -49,6 +49,10 @@ class Sanitizer {
return false;
}
private static function is_prefix_https() {
return parse_url(Config::get(Config::SELF_URL_PATH), PHP_URL_SCHEME) == 'https';
}
public static function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
if (!$owner && isset($_SESSION["uid"]))
@ -125,7 +129,7 @@ class Sanitizer {
if (!self::iframe_whitelisted($entry)) {
$entry->setAttribute('sandbox', 'allow-scripts');
} else {
if (is_prefix_https()) {
if (self::is_prefix_https()) {
$entry->setAttribute("src",
str_replace("http://", "https://",
$entry->getAttribute("src")));

View File

@ -168,67 +168,63 @@
/* compat shims */
/** function is @deprecated */
function get_schema_version() {
return Config::get_schema_version();
}
/** function is @deprecated */
function _debug($msg) {
Debug::log($msg);
}
// @deprecated
/** function is @deprecated */
function getFeedUnread($feed, $is_cat = false) {
return Feeds::_get_counters($feed, $is_cat, true, $_SESSION["uid"]);
}
// @deprecated
/** function is @deprecated */
function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
return Sanitizer::sanitize($str, $force_remove_images, $owner, $site_url, $highlight_words, $article_id);
}
// @deprecated
/** function is @deprecated */
function fetch_file_contents($params) {
return UrlHelper::fetch($params);
}
// @deprecated
/** function is @deprecated */
function rewrite_relative_url($url, $rel_url) {
return UrlHelper::rewrite_relative($url, $rel_url);
}
// @deprecated
/** function is @deprecated */
function validate_url($url) {
return UrlHelper::validate($url);
}
// @deprecated
/** function is @deprecated */
function authenticate_user($login, $password, $check_only = false, $service = false) {
return UserHelper::authenticate($login, $password, $check_only, $service);
}
// @deprecated
/** function is @deprecated */
function smart_date_time($timestamp, $tz_offset = 0, $owner_uid = false, $eta_min = false) {
return TimeHelper::smart_date_time($timestamp, $tz_offset, $owner_uid, $eta_min);
}
// @deprecated
/** function is @deprecated */
function make_local_datetime($timestamp, $long, $owner_uid = false, $no_smart_dt = false, $eta_min = false) {
return TimeHelper::make_local_datetime($timestamp, $long, $owner_uid, $no_smart_dt, $eta_min);
}
/* end compat shims */
// this returns Config::SELF_URL_PATH sans ending slash
/** function is @deprecated */
function get_self_url_prefix() {
return Config::get_self_url();
}
function get_ssl_certificate_id() {
if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] ?? false) {
return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] .
$_SERVER["REDIRECT_SSL_CLIENT_V_START"] .
$_SERVER["REDIRECT_SSL_CLIENT_V_END"] .
$_SERVER["REDIRECT_SSL_CLIENT_S_DN"]);
}
if ($_SERVER["SSL_CLIENT_M_SERIAL"] ?? false) {
return sha1($_SERVER["SSL_CLIENT_M_SERIAL"] .
$_SERVER["SSL_CLIENT_V_START"] .
$_SERVER["SSL_CLIENT_V_END"] .
$_SERVER["SSL_CLIENT_S_DN"]);
}
return "";
}
/* end compat shims */
// this is used for user http parameters unless HTML code is actually needed
function clean($param) {
@ -303,10 +299,6 @@
return $s ? 1 : 0;
}
function get_schema_version() {
return Config::get_schema_version();
}
function file_is_locked($filename) {
if (file_exists(Config::get(Config::LOCK_DIRECTORY) . "/$filename")) {
if (function_exists('flock')) {
@ -371,24 +363,6 @@
return vsprintf(_ngettext(array_shift($args), array_shift($args), array_shift($args)), $args);
}
function is_server_https() {
return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) ||
(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
}
function is_prefix_https() {
return parse_url(Config::get(Config::SELF_URL_PATH), PHP_URL_SCHEME) == 'https';
}
// this returns Config::get(Config::SELF_URL_PATH) sans ending slash
function get_self_url_prefix() {
if (strrpos(Config::get(Config::SELF_URL_PATH), "/") === strlen(Config::get(Config::SELF_URL_PATH))-1) {
return substr(Config::get(Config::SELF_URL_PATH), 0, strlen(Config::get(Config::SELF_URL_PATH))-1);
} else {
return Config::get(Config::SELF_URL_PATH);
}
}
function encrypt_password($pass, $salt = '', $mode2 = false) {
if ($salt && $mode2) {
return "MODE2:" . hash('sha256', $salt . $pass);

View File

@ -85,7 +85,7 @@
</script>
<?php $return = urlencode(make_self_url()) ?>
<?php $return = urlencode(Config::make_self_url()) ?>
<div class="container">

View File

@ -1,206 +0,0 @@
<?php
/* WARNING! If you modify this file, you are ON YOUR OWN! */
function make_self_url() {
$proto = is_server_https() ? 'https' : 'http';
return $proto . '://' . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
}
function make_self_url_path() {
if (!isset($_SERVER["HTTP_HOST"])) return false;
$proto = is_server_https() ? 'https' : 'http';
$url_path = $proto . '://' . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
return $url_path;
}
function check_mysql_tables() {
$pdo = Db::pdo();
$sth = $pdo->prepare("SELECT engine, table_name FROM information_schema.tables WHERE
table_schema = ? AND table_name LIKE 'ttrss_%' AND engine != 'InnoDB'");
$sth->execute([Config::get(Config::DB_NAME)]);
$bad_tables = [];
while ($line = $sth->fetch()) {
array_push($bad_tables, $line);
}
return $bad_tables;
}
function initial_sanity_check() {
$errors = array();
if (strpos(Config::get(Config::PLUGINS), "auth_") === false) {
array_push($errors, "Please enable at least one authentication module via Config::get(Config::PLUGINS) constant in config.php");
}
if (function_exists('posix_getuid') && posix_getuid() == 0) {
array_push($errors, "Please don't run this script as root.");
}
if (version_compare(PHP_VERSION, '7.1.0', '<')) {
array_push($errors, "PHP version 7.1.0 or newer required. You're using " . PHP_VERSION . ".");
}
if (!class_exists("UConverter")) {
array_push($errors, "PHP UConverter class is missing, it's provided by the Internationalization (intl) module.");
}
if (!is_writable(Config::get(Config::CACHE_DIR) . "/images")) {
array_push($errors, "Image cache is not writable (chmod -R 777 ".Config::get(Config::CACHE_DIR)."/images)");
}
if (!is_writable(Config::get(Config::CACHE_DIR) . "/upload")) {
array_push($errors, "Upload cache is not writable (chmod -R 777 ".Config::get(Config::CACHE_DIR)."/upload)");
}
if (!is_writable(Config::get(Config::CACHE_DIR) . "/export")) {
array_push($errors, "Data export cache is not writable (chmod -R 777 ".Config::get(Config::CACHE_DIR)."/export)");
}
if (Config::get(Config::SINGLE_USER_MODE) && class_exists("PDO")) {
$pdo = Db::pdo();
$res = $pdo->query("SELECT id FROM ttrss_users WHERE id = 1");
if (!$res->fetch()) {
array_push($errors, "SINGLE_USER_MODE is enabled but default admin account is not found.");
}
}
if (php_sapi_name() != "cli") {
$ref_self_url_path = make_self_url_path();
if ($ref_self_url_path) {
$ref_self_url_path = preg_replace("/\w+\.php$/", "", $ref_self_url_path);
}
if (Config::get(Config::SELF_URL_PATH) == "http://example.org/tt-rss/") {
$hint = $ref_self_url_path ? "(possible value: <b>$ref_self_url_path</b>)" : "";
array_push($errors,
"Please set SELF_URL_PATH to the correct value for your server: $hint");
}
if ($ref_self_url_path &&
(!defined('_SKIP_SELF_URL_PATH_CHECKS') || !_SKIP_SELF_URL_PATH_CHECKS) &&
Config::get(Config::SELF_URL_PATH) != $ref_self_url_path && Config::get(Config::SELF_URL_PATH) != mb_substr($ref_self_url_path, 0, mb_strlen($ref_self_url_path)-1)) {
array_push($errors,
"Please set SELF_URL_PATH to the correct value detected for your server: <b>$ref_self_url_path</b> (you're using: <b>" . Config::get(Config::SELF_URL_PATH) . "</b>)");
}
}
if (!is_writable(Config::get(Config::ICONS_DIR))) {
array_push($errors, "ICONS_DIR defined in config.php is not writable (chmod -R 777 ".Config::get(Config::ICONS_DIR).").\n");
}
if (!is_writable(Config::get(Config::LOCK_DIRECTORY))) {
array_push($errors, "LOCK_DIRECTORY is not writable (chmod -R 777 ".Config::get(Config::LOCK_DIRECTORY).").\n");
}
if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {
array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL.");
}
if (!function_exists("json_encode")) {
array_push($errors, "PHP support for JSON is required, but was not found.");
}
if (!class_exists("PDO")) {
array_push($errors, "PHP support for PDO is required but was not found.");
}
if (!function_exists("mb_strlen")) {
array_push($errors, "PHP support for mbstring functions is required but was not found.");
}
if (!function_exists("hash")) {
array_push($errors, "PHP support for hash() function is required but was not found.");
}
if (ini_get("safe_mode")) {
array_push($errors, "PHP safe mode setting is obsolete and not supported by tt-rss.");
}
if (!function_exists("mime_content_type")) {
array_push($errors, "PHP function mime_content_type() is missing, try enabling fileinfo module.");
}
if (!class_exists("DOMDocument")) {
array_push($errors, "PHP support for DOMDocument is required, but was not found.");
}
if (Config::get(Config::DB_TYPE) == "mysql") {
$bad_tables = check_mysql_tables();
if (count($bad_tables) > 0) {
$bad_tables_fmt = [];
foreach ($bad_tables as $bt) {
array_push($bad_tables_fmt, sprintf("%s (%s)", $bt['table_name'], $bt['engine']));
}
$msg = "<p>The following tables use an unsupported MySQL engine: <b>" .
implode(", ", $bad_tables_fmt) . "</b>.</p>";
$msg .= "<p>The only supported engine on MySQL is InnoDB. MyISAM lacks functionality to run
tt-rss.
Please backup your data (via OPML) and re-import the schema before continuing.</p>
<p><b>WARNING: importing the schema would mean LOSS OF ALL YOUR DATA.</b></p>";
array_push($errors, $msg);
}
}
if (count($errors) > 0 && php_sapi_name() != "cli") { ?>
<!DOCTYPE html>
<html>
<head>
<title>Startup failed</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="themes/light.css">
</head>
<body class='sanity_failed claro ttrss_utility'>
<div class="content">
<h1>Startup failed</h1>
<p>Tiny Tiny RSS was unable to start properly. This usually means a misconfiguration or an incomplete upgrade. Please fix
errors indicated by the following messages:</p>
<?php foreach ($errors as $error) { echo format_error($error); } ?>
<p>You might want to check tt-rss <a href="https://tt-rss.org/wiki.php">wiki</a> or the
<a href="https://community.tt-rss.org/">forums</a> for more information. Please search the forums before creating new topic
for your question.</p>
</div>
</body>
</html>
<?php
die;
} else if (count($errors) > 0) {
echo "Tiny Tiny RSS was unable to start properly. This usually means a misconfiguration or an incomplete upgrade.\n";
echo "Please fix errors indicated by the following messages:\n\n";
foreach ($errors as $error) {
echo " * " . strip_tags($error)."\n";
}
echo "\nYou might want to check tt-rss wiki or the forums for more information.\n";
echo "Please search the forums before creating new topic for your question.\n";
exit(-1);
}
}
initial_sanity_check();
?>

View File

@ -9,7 +9,7 @@
$session_expire = min(2147483647 - time() - 1, max(\Config::get(\Config::SESSION_COOKIE_LIFETIME), 86400));
$session_name = \Config::get(\Config::SESSION_NAME);
if (is_server_https()) {
if (\Config::is_server_https()) {
ini_set("session.cookie_secure", "true");
}

View File

@ -13,14 +13,14 @@
require_once "autoload.php";
require_once "sessions.php";
require_once "functions.php";
require_once "sanity_check.php";
Config::sanity_check();
if (!init_plugins()) return;
UserHelper::login_sequence();
header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html>
<html>

View File

@ -18,7 +18,7 @@ class Auth_Remote extends Auth_Base {
}
function get_login_by_ssl_certificate() {
$cert_serial = get_ssl_certificate_id();
$cert_serial = Pref_Prefs::_get_ssl_certificate_id();
if ($cert_serial) {
$sth = $this->pdo->prepare("SELECT login FROM ttrss_user_prefs2, ttrss_users

View File

@ -292,7 +292,7 @@ class Bookmarklets extends Plugin {
print_error("Not logged in");
?>
<form action="public.php?return=<?= urlencode(make_self_url()) ?>" method="post">
<form action="public.php?return=<?= urlencode(Config::make_self_url()) ?>" method="post">
<input type="hidden" name="op" value="login">

View File

@ -5,7 +5,8 @@
require_once "autoload.php";
require_once "sessions.php";
require_once "functions.php";
require_once "sanity_check.php";
Config::sanity_check();
if (!init_plugins()) return;

View File

@ -5,7 +5,8 @@
require_once "autoload.php";
require_once "sessions.php";
require_once "functions.php";
require_once "sanity_check.php";
Config::sanity_check();
startup_gettext();

View File

@ -9,7 +9,8 @@
require_once "autoload.php";
require_once "functions.php";
require_once "sanity_check.php";
Config::sanity_check();
function make_stampfile($filename) {
$fp = fopen(Config::get(Config::LOCK_DIRECTORY) . "/$filename", "w");

View File

@ -10,7 +10,8 @@
require_once "autoload.php";
require_once "functions.php";
require_once "sanity_check.php";
Config::sanity_check();
if (!function_exists('pcntl_fork')) {
die("error: This script requires PHP compiled with PCNTL module.\n");