diff options
| author | Matthieu Aubry <mattab@users.noreply.github.com> | 2016-12-27 12:05:21 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-12-27 12:05:21 +0300 |
| commit | 3ce6d87aa1e8d772fb727413346f8e7426c38706 (patch) | |
| tree | 6c482bcf80ca998a695345397b0710e696bc1c9c /core/Filechecks.php | |
| parent | d1e80dc071780dda8ad7a79e82a4c874d3523d93 (diff) | |
File integrity checker now reports files found in the filesystem but not expected to be there (#11096)
* File integrity checker now reports files found in the filesystem but not expected to be there
fixes #11087
* Move file integrity logic to own class
* Fix bug in logic so that third party plugins are not listed
* fix up some comments
* Also report any hidden files not expected to be there
* Issue a warning when file integrity didn't run for any reason. Safer choice
* Ui tests
Diffstat (limited to 'core/Filechecks.php')
| -rw-r--r-- | core/Filechecks.php | 110 |
1 files changed, 2 insertions, 108 deletions
diff --git a/core/Filechecks.php b/core/Filechecks.php index 33e65c9055..5f98fd228d 100644 --- a/core/Filechecks.php +++ b/core/Filechecks.php @@ -9,8 +9,6 @@ namespace Piwik; use Piwik\Exception\MissingFilePermissionException; -use Piwik\Plugins\CustomPiwikJs\Exception\AccessDeniedException; -use Piwik\Plugins\CustomPiwikJs\TrackerUpdater; class Filechecks { @@ -104,112 +102,6 @@ class Filechecks throw $ex; } - private static function isModifiedPathValid($path) - { - if ($path === 'piwik.js') { - // we could have used a postEvent hook to enrich "\Piwik\Manifest::$files;" which would also benefit plugins - // that want to check for file integrity but we do not want to risk to break anything right now. It is not - // as trivial because piwik.js might be already updated, or updated on the next request. We cannot define - // 2 or 3 different filesizes and md5 hashes for one file so we check it here. - - if (Plugin\Manager::getInstance()->isPluginActivated('CustomPiwikJs')) { - $trackerUpdater = new TrackerUpdater(); - - if ($trackerUpdater->getCurrentTrackerFileContent() === $trackerUpdater->getUpdatedTrackerFileContent()) { - // file was already updated, eg manually or via custom piwik.js, this is a valid piwik.js file as - // it was enriched by tracker plugins - return true; - } - - try { - // the piwik.js tracker file was not updated yet, but may be updated just after the update by - // one of the events CustomPiwikJs is listening to or by a scheduled task. - // In this case, we check whether such an update will succeed later and if it will, the file is - // valid as well as it will be updated on the next request - $trackerUpdater->checkWillSucceed(); - return true; - } catch (AccessDeniedException $e) { - return false; - } - - } - } - - return false; - } - - /** - * Get file integrity information (in PIWIK_INCLUDE_PATH). - * - * @return array(bool, string, ...) Return code (true/false), followed by zero or more error messages - */ - public static function getFileIntegrityInformation() - { - $messages = array(); - $messages[] = true; - - $manifest = PIWIK_INCLUDE_PATH . '/config/manifest.inc.php'; - - if (file_exists($manifest)) { - require_once $manifest; - } - - if (!class_exists('Piwik\\Manifest')) { - $messages[] = Piwik::translate('General_WarningFileIntegrityNoManifest') - . ' ' - . Piwik::translate('General_WarningFileIntegrityNoManifestDeployingFromGit'); - - return $messages; - } - - $files = \Piwik\Manifest::$files; - - $hasMd5file = function_exists('md5_file'); - $hasMd5 = function_exists('md5'); - foreach ($files as $path => $props) { - $file = PIWIK_INCLUDE_PATH . '/' . $path; - - if (!file_exists($file) || !is_readable($file)) { - $messages[] = Piwik::translate('General_ExceptionMissingFile', $file); - } elseif (filesize($file) != $props[0]) { - - if (self::isModifiedPathValid($path)) { - continue; - } - - if (!$hasMd5 || in_array(substr($path, -4), array('.gif', '.ico', '.jpg', '.png', '.swf'))) { - // files that contain binary data (e.g., images) must match the file size - $messages[] = Piwik::translate('General_ExceptionFilesizeMismatch', array($file, $props[0], filesize($file))); - } else { - // convert end-of-line characters and re-test text files - $content = @file_get_contents($file); - $content = str_replace("\r\n", "\n", $content); - if ((strlen($content) != $props[0]) - || (@md5($content) !== $props[1]) - ) { - $messages[] = Piwik::translate('General_ExceptionFilesizeMismatch', array($file, $props[0], filesize($file))); - } - } - } elseif ($hasMd5file && (@md5_file($file) !== $props[1])) { - if (self::isModifiedPathValid($path)) { - continue; - } - - $messages[] = Piwik::translate('General_ExceptionFileIntegrity', $file); - } - } - - if (count($messages) > 1) { - $messages[0] = false; - } - - if (!$hasMd5file) { - $messages[] = Piwik::translate('General_WarningFileIntegrityNoMd5file'); - } - - return $messages; - } - /** * Returns the help message when the auto update can't run because of missing permissions * @@ -326,4 +218,6 @@ class Filechecks return "$user:$group"; } + + } |