diff options
| -rw-r--r-- | core/FileIntegrity.php | 288 | ||||
| -rw-r--r-- | core/Filechecks.php | 110 | ||||
| -rw-r--r-- | lang/en.json | 7 | ||||
| -rw-r--r-- | plugins/CoreUpdater/Controller.php | 19 | ||||
| -rw-r--r-- | plugins/Diagnostics/Diagnostic/FileIntegrityCheck.php | 16 | ||||
| -rw-r--r-- | plugins/Diagnostics/Diagnostic/RecommendedFunctionsCheck.php | 1 | ||||
| -rw-r--r-- | tests/UI/expected-screenshots/CoreUpdaterDb_main.png | 4 | ||||
| -rw-r--r-- | tests/UI/expected-screenshots/Installation_system_check.png | 4 |
8 files changed, 316 insertions, 133 deletions
diff --git a/core/FileIntegrity.php b/core/FileIntegrity.php new file mode 100644 index 0000000000..b457f1d05f --- /dev/null +++ b/core/FileIntegrity.php @@ -0,0 +1,288 @@ +<?php +/** + * Piwik - free/libre analytics platform + * + * @link http://piwik.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + * + */ + +namespace Piwik; + +use Piwik\Plugins\CustomPiwikJs\Exception\AccessDeniedException; +use Piwik\Plugins\CustomPiwikJs\TrackerUpdater; + +class FileIntegrity +{ + + /** + * Get file integrity information + * + * @return array(bool $success, array $messages) + */ + public static function getFileIntegrityInformation() + { + $messages = array(); + + $manifest = PIWIK_INCLUDE_PATH . '/config/manifest.inc.php'; + + if (file_exists($manifest)) { + require_once $manifest; + } + + if (!class_exists('Piwik\\Manifest')) { + $messages[] = Piwik::translate('General_WarningFileIntegrityNoManifest') + . '<br/>' + . Piwik::translate('General_WarningFileIntegrityNoManifestDeployingFromGit'); + + return array( + $success = false, + $messages + ); + } + + $messages = self::getMessagesFilesFoundButNotExpected($messages); + + $messages = self::getMessagesFilesMismatch($messages); + + return array( + $success = empty($messages), + $messages + ); + } + + protected static function getFilesNotInManifestButExpectedAnyway() + { + return array( + '*/.htaccess', + '*/web.config', + 'bootstrap.php', + 'favicon.ico', + 'robots.txt', + 'config/config.ini.php', + 'config/common.ini.php', + 'config/*.config.ini.php', + 'config/manifest.inc.php', + 'misc/*.dat', + 'misc/*.dat.gz', + 'misc/user/*png', + 'misc/package/WebAppGallery/*.xml', + 'misc/package/WebAppGallery/install.sql', + 'vendor/autoload.php', + 'vendor/composer/autoload_real.php', + 'tmp/*', + ); + } + + + /** + * @param $messages + * @return array + */ + protected static function getMessagesFilesFoundButNotExpected($messages) + { + $filesFoundButNotExpected = self::getFilesFoundButNotExpected(); + if (count($filesFoundButNotExpected) > 0) { + + $messageFilesToDelete = ''; + foreach ($filesFoundButNotExpected as $fileFoundNotExpected) { + $messageFilesToDelete .= Piwik::translate('General_ExceptionFileToDelete', $fileFoundNotExpected) . '<br/>'; + } + $messages[] = Piwik::translate('General_ExceptionUnexpectedFile') + . '<br/>' + . '--> ' . Piwik::translate('General_ExceptionUnexpectedFilePleaseDelete') . ' <--' + . '<br/><br/>' + . $messageFilesToDelete + . '<br/>'; + return $messages; + + } + return $messages; + } + + /** + * Look for files which are in the filesystem, but should not be + * + * @return array + */ + protected static function getFilesFoundButNotExpected() + { + $files = \Piwik\Manifest::$files; + $pluginsInManifest = self::getPluginsFoundInManifest(); + + $filesFoundButNotExpected = array(); + + $filesToInvestigate = array_merge( + // all normal files + Filesystem::globr('.', '*'), + // all hidden files + Filesystem::globr('.', '.*') + ); + foreach ($filesToInvestigate as $file) { + if (is_dir($file)) { + continue; + } + $file = substr($file, 2); // remove starting characters ./ to match format in manifest.inc.php + + if (self::isFileFromPluginNotInManifest($file, $pluginsInManifest)) { + continue; + } + if (self::isFileNotInManifestButExpectedAnyway($file)) { + continue; + } + + if (!isset($files[$file])) { + $filesFoundButNotExpected[] = $file; + } + } + + return $filesFoundButNotExpected; + } + + + protected static function getPluginsFoundInManifest() + { + $files = \Piwik\Manifest::$files; + + $pluginsInManifest = array(); + foreach($files as $file => $manifestIntegrityInfo) { + if(strpos($file, 'plugins/') === 0) { + $pluginName = self::getPluginNameFromFilepath($file); + $pluginsInManifest[] = $pluginName; + } + } + return $pluginsInManifest; + } + + /** + * If a plugin folder is not tracked in the manifest then we don't try to report any files in this folder + * Could be a third party plugin or any plugin from the Marketplace + * + * @param $file + * @param $pluginsInManifest + * @return bool + */ + protected static function isFileFromPluginNotInManifest($file, $pluginsInManifest) + { + if (strpos($file, 'plugins/') !== 0) { + return false; + } + + if (substr_count($file, '/') < 2) { + // must be a file plugins/abc.xyz and not a plugin directory + return false; + } + + $pluginName = self::getPluginNameFromFilepath($file); + if(in_array($pluginName, $pluginsInManifest)) { + return false; + } + + return true; + } + + protected static function isFileNotInManifestButExpectedAnyway($file) + { + $expected = self::getFilesNotInManifestButExpectedAnyway(); + foreach ($expected as $expectedPattern) { + if (fnmatch($expectedPattern, $file)) { + return true; + } + } + return false; + } + + protected static function getMessagesFilesMismatch($messages) + { + $messagesMismatch = array(); + $hasMd5file = function_exists('md5_file'); + $files = \Piwik\Manifest::$files; + $hasMd5 = function_exists('md5'); + foreach ($files as $path => $props) { + $file = PIWIK_INCLUDE_PATH . '/' . $path; + + if (!file_exists($file) || !is_readable($file)) { + $messagesMismatch[] = Piwik::translate('General_ExceptionMissingFile', $file); + } elseif (filesize($file) != $props[0]) { + + if (self::isModifiedPathValid($path)) { + continue; + } + + if (!$hasMd5 || in_array(substr($path, -4), array('.gif', '.ico', '.jpg', '.png', '.swf'))) { + // files that contain binary data (e.g., images) must match the file size + $messagesMismatch[] = Piwik::translate('General_ExceptionFilesizeMismatch', array($file, $props[0], filesize($file))); + } else { + // convert end-of-line characters and re-test text files + $content = @file_get_contents($file); + $content = str_replace("\r\n", "\n", $content); + if ((strlen($content) != $props[0]) + || (@md5($content) !== $props[1]) + ) { + $messagesMismatch[] = Piwik::translate('General_ExceptionFilesizeMismatch', array($file, $props[0], filesize($file))); + } + } + } elseif ($hasMd5file && (@md5_file($file) !== $props[1])) { + if (self::isModifiedPathValid($path)) { + continue; + } + + $messagesMismatch[] = Piwik::translate('General_ExceptionFileIntegrity', $file); + } + } + + if (!$hasMd5file) { + $messages[] = Piwik::translate('General_WarningFileIntegrityNoMd5file'); + } + + if (!empty($messagesMismatch)) { + $messages[] = Piwik::translate('General_FileIntegrityWarningReupload'); + $messages[] = Piwik::translate('General_FileIntegrityWarningReuploadBis') . '<br/>'; + $messages = array_merge($messages, $messagesMismatch); + } + + return $messages; + } + + protected static function isModifiedPathValid($path) + { + if ($path === 'piwik.js') { + // we could have used a postEvent hook to enrich "\Piwik\Manifest::$files;" which would also benefit plugins + // that want to check for file integrity but we do not want to risk to break anything right now. It is not + // as trivial because piwik.js might be already updated, or updated on the next request. We cannot define + // 2 or 3 different filesizes and md5 hashes for one file so we check it here. + + if (Plugin\Manager::getInstance()->isPluginActivated('CustomPiwikJs')) { + $trackerUpdater = new TrackerUpdater(); + + if ($trackerUpdater->getCurrentTrackerFileContent() === $trackerUpdater->getUpdatedTrackerFileContent()) { + // file was already updated, eg manually or via custom piwik.js, this is a valid piwik.js file as + // it was enriched by tracker plugins + return true; + } + + try { + // the piwik.js tracker file was not updated yet, but may be updated just after the update by + // one of the events CustomPiwikJs is listening to or by a scheduled task. + // In this case, we check whether such an update will succeed later and if it will, the file is + // valid as well as it will be updated on the next request + $trackerUpdater->checkWillSucceed(); + return true; + } catch (AccessDeniedException $e) { + return false; + } + + } + } + + return false; + } + + protected static function getPluginNameFromFilepath($file) + { + $pathRelativeToPlugins = substr($file, strlen('plugins/')); + $pluginName = substr($pathRelativeToPlugins, 0, strpos($pathRelativeToPlugins, '/')); + return $pluginName; + } + +}
\ No newline at end of file diff --git a/core/Filechecks.php b/core/Filechecks.php index 33e65c9055..5f98fd228d 100644 --- a/core/Filechecks.php +++ b/core/Filechecks.php @@ -9,8 +9,6 @@ namespace Piwik; use Piwik\Exception\MissingFilePermissionException; -use Piwik\Plugins\CustomPiwikJs\Exception\AccessDeniedException; -use Piwik\Plugins\CustomPiwikJs\TrackerUpdater; class Filechecks { @@ -104,112 +102,6 @@ class Filechecks throw $ex; } - private static function isModifiedPathValid($path) - { - if ($path === 'piwik.js') { - // we could have used a postEvent hook to enrich "\Piwik\Manifest::$files;" which would also benefit plugins - // that want to check for file integrity but we do not want to risk to break anything right now. It is not - // as trivial because piwik.js might be already updated, or updated on the next request. We cannot define - // 2 or 3 different filesizes and md5 hashes for one file so we check it here. - - if (Plugin\Manager::getInstance()->isPluginActivated('CustomPiwikJs')) { - $trackerUpdater = new TrackerUpdater(); - - if ($trackerUpdater->getCurrentTrackerFileContent() === $trackerUpdater->getUpdatedTrackerFileContent()) { - // file was already updated, eg manually or via custom piwik.js, this is a valid piwik.js file as - // it was enriched by tracker plugins - return true; - } - - try { - // the piwik.js tracker file was not updated yet, but may be updated just after the update by - // one of the events CustomPiwikJs is listening to or by a scheduled task. - // In this case, we check whether such an update will succeed later and if it will, the file is - // valid as well as it will be updated on the next request - $trackerUpdater->checkWillSucceed(); - return true; - } catch (AccessDeniedException $e) { - return false; - } - - } - } - - return false; - } - - /** - * Get file integrity information (in PIWIK_INCLUDE_PATH). - * - * @return array(bool, string, ...) Return code (true/false), followed by zero or more error messages - */ - public static function getFileIntegrityInformation() - { - $messages = array(); - $messages[] = true; - - $manifest = PIWIK_INCLUDE_PATH . '/config/manifest.inc.php'; - - if (file_exists($manifest)) { - require_once $manifest; - } - - if (!class_exists('Piwik\\Manifest')) { - $messages[] = Piwik::translate('General_WarningFileIntegrityNoManifest') - . ' ' - . Piwik::translate('General_WarningFileIntegrityNoManifestDeployingFromGit'); - - return $messages; - } - - $files = \Piwik\Manifest::$files; - - $hasMd5file = function_exists('md5_file'); - $hasMd5 = function_exists('md5'); - foreach ($files as $path => $props) { - $file = PIWIK_INCLUDE_PATH . '/' . $path; - - if (!file_exists($file) || !is_readable($file)) { - $messages[] = Piwik::translate('General_ExceptionMissingFile', $file); - } elseif (filesize($file) != $props[0]) { - - if (self::isModifiedPathValid($path)) { - continue; - } - - if (!$hasMd5 || in_array(substr($path, -4), array('.gif', '.ico', '.jpg', '.png', '.swf'))) { - // files that contain binary data (e.g., images) must match the file size - $messages[] = Piwik::translate('General_ExceptionFilesizeMismatch', array($file, $props[0], filesize($file))); - } else { - // convert end-of-line characters and re-test text files - $content = @file_get_contents($file); - $content = str_replace("\r\n", "\n", $content); - if ((strlen($content) != $props[0]) - || (@md5($content) !== $props[1]) - ) { - $messages[] = Piwik::translate('General_ExceptionFilesizeMismatch', array($file, $props[0], filesize($file))); - } - } - } elseif ($hasMd5file && (@md5_file($file) !== $props[1])) { - if (self::isModifiedPathValid($path)) { - continue; - } - - $messages[] = Piwik::translate('General_ExceptionFileIntegrity', $file); - } - } - - if (count($messages) > 1) { - $messages[0] = false; - } - - if (!$hasMd5file) { - $messages[] = Piwik::translate('General_WarningFileIntegrityNoMd5file'); - } - - return $messages; - } - /** * Returns the help message when the auto update can't run because of missing permissions * @@ -326,4 +218,6 @@ class Filechecks return "$user:$group"; } + + } diff --git a/lang/en.json b/lang/en.json index b126480a75..e17ba19b0a 100644 --- a/lang/en.json +++ b/lang/en.json @@ -161,6 +161,9 @@ "ExceptionLanguageFileNotFound": "Language file '%s' not found.", "ExceptionMethodNotFound": "The method '%1$s' does not exist or is not available in the module '%2$s'.", "ExceptionMissingFile": "Missing file: %s", + "ExceptionUnexpectedFile": "Files were found in your Piwik but we didn't expect them.", + "ExceptionUnexpectedFilePleaseDelete": "Please delete these files to prevent errors.", + "ExceptionFileToDelete": "File to delete: %s", "ExceptionNonceMismatch": "Could not verify the security token on this form.", "ExceptionPrivilege": "You can't access this resource as it requires a %s access.", "ExceptionPrivilegeAccessWebsite": "You can't access this resource as it requires an %s access for the website id = %d.", @@ -177,7 +180,9 @@ "ExportAsImage": "Export as Image", "ExportThisReport": "Export this dataset in other formats", "Faq": "FAQ", - "FileIntegrityWarningExplanation": "File integrity check failed and reported some errors. This is most likely due to a partial or failed upload of some of the Piwik files. You should reupload all the Piwik files in BINARY mode and refresh this page until it shows no error.", + "FileIntegrityWarning": "File integrity check failed and reported some errors. You should fix this issue and then refresh this page until it shows no error.", + "FileIntegrityWarningReupload": "Errors below may be due to a partial or failed upload of Piwik files.", + "FileIntegrityWarningReuploadBis": "Try to reupload all the Piwik files in BINARY mode.", "First": "First", "Flatten": "Flatten", "ForExampleShort": "eg.", diff --git a/plugins/CoreUpdater/Controller.php b/plugins/CoreUpdater/Controller.php index 143c9c04b9..cae8ec124c 100644 --- a/plugins/CoreUpdater/Controller.php +++ b/plugins/CoreUpdater/Controller.php @@ -12,22 +12,22 @@ use Exception; use Piwik\AssetManager; use Piwik\Common; use Piwik\Config; -use Piwik\Container\StaticContainer; use Piwik\DbHelper; use Piwik\Filechecks; +use Piwik\FileIntegrity; use Piwik\Filesystem; use Piwik\Http; use Piwik\Option; use Piwik\Piwik; -use Piwik\Plugin\Manager as PluginManager; use Piwik\Plugin; +use Piwik\Plugin\Manager as PluginManager; use Piwik\Plugins\LanguagesManager\LanguagesManager; use Piwik\Plugins\Marketplace\Plugins; use Piwik\SettingsServer; use Piwik\Updater as DbUpdater; use Piwik\Version; -use Piwik\View\OneClickDone; use Piwik\View; +use Piwik\View\OneClickDone; class Controller extends \Piwik\Plugin\Controller { @@ -306,12 +306,13 @@ class Controller extends \Piwik\Plugin\Controller } // check file integrity - $integrityInfo = Filechecks::getFileIntegrityInformation(); - if (isset($integrityInfo[1])) { - if ($integrityInfo[0] == false) { - $this->warningMessages[] = Piwik::translate('General_FileIntegrityWarningExplanation'); - } - $this->warningMessages = array_merge($this->warningMessages, array_slice($integrityInfo, 1)); + list($success, $messages) = FileIntegrity::getFileIntegrityInformation(); + + if (!$success) { + $this->warningMessages[] = Piwik::translate('General_FileIntegrityWarning'); + } + if (count($messages) > 0) { + $this->warningMessages = array_merge($this->warningMessages, $messages); } Filesystem::deleteAllCacheOnUpdate(); diff --git a/plugins/Diagnostics/Diagnostic/FileIntegrityCheck.php b/plugins/Diagnostics/Diagnostic/FileIntegrityCheck.php index 7393877175..e9e58fdd8b 100644 --- a/plugins/Diagnostics/Diagnostic/FileIntegrityCheck.php +++ b/plugins/Diagnostics/Diagnostic/FileIntegrityCheck.php @@ -8,7 +8,7 @@ namespace Piwik\Plugins\Diagnostics\Diagnostic; use Piwik\Development; -use Piwik\Filechecks; +use Piwik\FileIntegrity; use Piwik\Translation\Translator; /** @@ -31,22 +31,16 @@ class FileIntegrityCheck implements Diagnostic $label = $this->translator->translate('Installation_SystemCheckFileIntegrity'); if(Development::isEnabled()) { - return array(DiagnosticResult::singleResult($label, DiagnosticResult::STATUS_OK)); + return array(DiagnosticResult::singleResult($label, DiagnosticResult::STATUS_WARNING, '(Disabled in development mode)')); } - $messages = Filechecks::getFileIntegrityInformation(); - $ok = array_shift($messages); - - if (empty($messages)) { - return array(DiagnosticResult::singleResult($label, DiagnosticResult::STATUS_OK)); - } + list($ok, $messages) = FileIntegrity::getFileIntegrityInformation(); if ($ok) { - $status = DiagnosticResult::STATUS_WARNING; - return array(DiagnosticResult::singleResult($label, $status, $messages[0])); + return array(DiagnosticResult::singleResult($label, DiagnosticResult::STATUS_OK, implode('<br/>', $messages))); } - $comment = $this->translator->translate('General_FileIntegrityWarningExplanation'); + $comment = $this->translator->translate('General_FileIntegrityWarning'); // Keep only the 20 first lines else it becomes unmanageable if (count($messages) > 20) { diff --git a/plugins/Diagnostics/Diagnostic/RecommendedFunctionsCheck.php b/plugins/Diagnostics/Diagnostic/RecommendedFunctionsCheck.php index e89cf2e290..1a454de0d5 100644 --- a/plugins/Diagnostics/Diagnostic/RecommendedFunctionsCheck.php +++ b/plugins/Diagnostics/Diagnostic/RecommendedFunctionsCheck.php @@ -57,6 +57,7 @@ class RecommendedFunctionsCheck implements Diagnostic 'parse_ini_file', 'glob', 'gzopen', + 'md5_file', ); } diff --git a/tests/UI/expected-screenshots/CoreUpdaterDb_main.png b/tests/UI/expected-screenshots/CoreUpdaterDb_main.png index 8e60bc335f..e2330d0dd6 100644 --- a/tests/UI/expected-screenshots/CoreUpdaterDb_main.png +++ b/tests/UI/expected-screenshots/CoreUpdaterDb_main.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6ed9788df6f0f938486e24797ca3422f310085e336391b81e40787ecd8c5553d -size 289862 +oid sha256:8561ee39fc47919209492fa0ff7d19913fddc0c47bcece0c87f956487e1a2e4a +size 289021 diff --git a/tests/UI/expected-screenshots/Installation_system_check.png b/tests/UI/expected-screenshots/Installation_system_check.png index 884cd435fa..0d0af0024b 100644 --- a/tests/UI/expected-screenshots/Installation_system_check.png +++ b/tests/UI/expected-screenshots/Installation_system_check.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9e43c53bd65ee239f533ce0cd442cf9d9df5dcf1d403eaa99d411b6f4274802f -size 156456 +oid sha256:4466e331e9dcdefbd09f68ed8e649c96c867627267a434d79c8cb3bc8ec4b0da +size 168847 |
