]> git.ipfire.org Git - people/stevee/ipfire-2.x.git/blob - html/cgi-bin/pakfire.cgi
projects / people / stevee / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
pakfire.cgi: Check user given package list for invalid characters.
[people/stevee/ipfire-2.x.git] / html / cgi-bin / pakfire.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2011 Michael Tremer & Christian Schmidt #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23
24 # enable only the following on debugging purpose
25 #use warnings;
26 #use CGI::Carp 'fatalsToBrowser';
27
28 require '/var/ipfire/general-functions.pl';
29 require "${General::swroot}/lang.pl";
30 require "${General::swroot}/header.pl";
31 require "/opt/pakfire/lib/functions.pl";
32
33 my %cgiparams=();
34 my $errormessage = '';
35 my %color = ();
36 my %pakfiresettings = ();
37 my %mainsettings = ();
38
39 &Header::showhttpheaders();
40
41 $cgiparams{'ACTION'} = '';
42 $cgiparams{'VALID'} = '';
43
44 $cgiparams{'INSPAKS'} = '';
45 $cgiparams{'DELPAKS'} = '';
46
47 sub refreshpage{&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";&Header::closebox();}
48
49 &Header::getcgihash(\%cgiparams);
50
51 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
52 &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
53
54 &Header::openpage($Lang::tr{'pakfire configuration'}, 1);
55 &Header::openbigbox('100%', 'left', '', $errormessage);
56
57
58 if ($cgiparams{'ACTION'} eq 'install'){
59 $cgiparams{'INSPAKS'} =~ s/\|/\ /g;
60 if ("$cgiparams{'FORCE'}" eq "on") {
61 # Check for invalid package names.
62 if (&check_input($cgiparams{'INSPAKS'})) {
63 # Assign error message.
64 $errormessage = "$Lang::tr{'pakfire invalid characters in package list'}";
65 } else {
66 my $command = "/usr/local/bin/pakfire install --non-interactive --no-colors $cgiparams{'INSPAKS'} &>/dev/null &";
67 system("$command");
68 system("/bin/sleep 1");
69 }
70 } else {
71 &Header::openbox("100%", "center", $Lang::tr{'request'});
72 my @output = `/usr/local/bin/pakfire resolvedeps --no-colors $cgiparams{'INSPAKS'}`;
73 print <<END;
74 <table><tr><td colspan='2'>$Lang::tr{'pakfire install package'}.$cgiparams{'INSPAKS'}.$Lang::tr{'pakfire possible dependency'}
75 <pre>
76 END
77 foreach (@output) {
78 $_ =~ s/\\e\[[0-1]\;[0-9]+m//g;
79 print "$_\n";
80 }
81 print <<END;
82 </pre>
83 <tr><td colspan='2'>$Lang::tr{'pakfire accept all'}
84 <tr><td colspan='2'>&nbsp;
85 <tr><td align='right'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
86 <input type='hidden' name='INSPAKS' value='$cgiparams{'INSPAKS'}' />
87 <input type='hidden' name='FORCE' value='on' />
88 <input type='hidden' name='ACTION' value='install' />
89 <input type='image' alt='$Lang::tr{'install'}' title='$Lang::tr{'install'}' src='/images/go-next.png' />
90 </form>
91 <td align='left'>
92 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
93 <input type='hidden' name='ACTION' value='' />
94 <input type='image' alt='$Lang::tr{'abort'}' title='$Lang::tr{'abort'}' src='/images/dialog-error.png' />
95 </form>
96 </table>
97 END
98 &Header::closebox();
99 &Header::closebigbox();
100 &Header::closepage();
101 exit;
102 }
103 } elsif ($cgiparams{'ACTION'} eq 'remove') {
104 $cgiparams{'DELPAKS'} =~ s/\|/\ /g;
105 if ("$cgiparams{'FORCE'}" eq "on") {
106 # Check for invalid package names.
107 if (&check_input($cgiparams{'DELPAKS'})) {
108 # Assign error message.
109 $errormessage = "$Lang::tr{'pakfire invalid characters in package list'}";
110 } else {
111 my $command = "/usr/local/bin/pakfire remove --non-interactive --no-colors $cgiparams{'DELPAKS'} &>/dev/null &";
112 system("$command");
113 system("/bin/sleep 1");
114 }
115 } else {
116 &Header::openbox("100%", "center", $Lang::tr{'request'});
117 my @output = `/usr/local/bin/pakfire resolvedeps --no-colors $cgiparams{'DELPAKS'}`;
118 print <<END;
119 <table><tr><td colspan='2'>$Lang::tr{'pakfire uninstall package'}.$cgiparams{'DELPAKS'}.$Lang::tr{'pakfire possible dependency'}
120 <pre>
121 END
122 foreach (@output) {
123 $_ =~ s/\\e\[[0-1]\;[0-9]+m//g;
124 print "$_\n";
125 }
126 print <<END;
127 </pre>
128 <tr><td colspan='2'>$Lang::tr{'pakfire uninstall all'}
129 <tr><td colspan='2'>&nbsp;
130 <tr><td align='right'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
131 <input type='hidden' name='DELPAKS' value='$cgiparams{'DELPAKS'}' />
132 <input type='hidden' name='FORCE' value='on' />
133 <input type='hidden' name='ACTION' value='remove' />
134 <input type='image' alt='$Lang::tr{'uninstall'}' title='$Lang::tr{'uninstall'}' src='/images/go-next.png' />
135 </form>
136 <td align='left'>
137 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
138 <input type='hidden' name='ACTION' value='' />
139 <input type='image' alt='$Lang::tr{'abort'}' title='$Lang::tr{'abort'}' src='/images/dialog-error.png' />
140 </form>
141 </table>
142 END
143 &Header::closebox();
144 &Header::closebigbox();
145 &Header::closepage();
146 exit;
147 }
148
149 } elsif ($cgiparams{'ACTION'} eq 'update') {
150
151 system("/usr/local/bin/pakfire update --force --no-colors &>/dev/null &");
152 system("/bin/sleep 1");
153 } elsif ($cgiparams{'ACTION'} eq 'upgrade') {
154 my $command = "/usr/local/bin/pakfire upgrade -y --no-colors &>/dev/null &";
155 system("$command");
156 system("/bin/sleep 1");
157 } elsif ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
158 $pakfiresettings{"TREE"} = $cgiparams{"TREE"};
159
160 # Check for valid input
161 if ($pakfiresettings{"TREE"} !~ m/^(stable|testing|unstable)$/) {
162 $errormessage .= $Lang::tr{'pakfire invalid tree'};
163 }
164
165 unless ($errormessage) {
166 &General::writehash("${General::swroot}/pakfire/settings", \%pakfiresettings);
167
168 # Update lists
169 system("/usr/local/bin/pakfire update --force --no-colors &>/dev/null &");
170 }
171 }
172
173 &General::readhash("${General::swroot}/pakfire/settings", \%pakfiresettings);
174
175 my %selected=();
176 my %checked=();
177
178 $selected{"TREE"} = ();
179 $selected{"TREE"}{"stable"} = "";
180 $selected{"TREE"}{"testing"} = "";
181 $selected{"TREE"}{"unstable"} = "";
182 $selected{"TREE"}{$pakfiresettings{"TREE"}} = "selected";
183
184 # DPC move error message to top so it is seen!
185 if ($errormessage) {
186 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
187 print "<font class='base'>$errormessage&nbsp;</font>\n";
188 &Header::closebox();
189 }
190
191 my $return = `pidof pakfire`;
192 chomp($return);
193 if ($return) {
194 &Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='10;'>" );
195 print <<END;
196 <table>
197 <tr><td>
198 <img src='/images/indicator.gif' alt='$Lang::tr{'active'}' title='$Lang::tr{'active'}' />&nbsp;
199 <td>
200 $Lang::tr{'pakfire working'}
201 <tr><td colspan='2' align='center'>
202 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
203 <input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
204 </form>
205 <tr><td colspan='2' align='left'><code>
206 END
207 my @output = `grep pakfire /var/log/messages | tail -20`;
208 foreach (@output) {
209 print "$_<br>";
210 }
211 print <<END;
212 </code>
213 </table>
214 END
215 &Header::closebox();
216 &Header::closebigbox();
217 &Header::closepage();
218 exit;
219 refreshpage();
220 }
221
222 my $core_release = `cat /opt/pakfire/db/core/mine 2>/dev/null`;
223 chomp($core_release);
224 my $core_update_age = &General::age("/opt/pakfire/db/core/mine");
225 my $corelist_update_age = &General::age("/opt/pakfire/db/lists/core-list.db");
226 my $server_update_age = &General::age("/opt/pakfire/db/lists/server-list.db");
227 my $packages_update_age = &General::age("/opt/pakfire/db/lists/packages_list.db");
228
229 &Header::openbox("100%", "center", "Pakfire");
230
231 print <<END;
232 <table width='95%' cellpadding='5'>
233 END
234 if ( -e "/var/run/need_reboot") {
235 print "<tr><td align='center' colspan='2'><font color='red'>$Lang::tr{'needreboot'}!</font></td></tr>";
236 print "<tr><td colspan='2'>&nbsp;</font></td></tr>"
237 }
238 print <<END;
239 <tr><td width="50%" bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire system state'}:</b>
240
241 <td width="50%" bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'available updates'}:</b></tr>
242
243 <tr><td align="center">$Lang::tr{'pakfire core update level'}: $core_release<hr />
244 $Lang::tr{'pakfire last update'} $core_update_age $Lang::tr{'pakfire ago'}<br />
245 $Lang::tr{'pakfire last serverlist update'} $server_update_age $Lang::tr{'pakfire ago'}<br />
246 $Lang::tr{'pakfire last core list update'} $corelist_update_age $Lang::tr{'pakfire ago'}<br />
247 $Lang::tr{'pakfire last package update'} $packages_update_age $Lang::tr{'pakfire ago'}
248 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
249 <input type='hidden' name='ACTION' value='update' /><br />
250 <input type='submit' value='$Lang::tr{'calamaris refresh list'}' /><br />
251 </form>
252 <br />
253 <td align="center">
254 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
255 <select name="UPDPAKS" size="5" disabled>
256 END
257 &Pakfire::dblist("upgrade", "forweb");
258 print <<END;
259 </select>
260 <br />
261 <input type='hidden' name='ACTION' value='upgrade' />
262 <input type='image' alt='$Lang::tr{'upgrade'}' title='$Lang::tr{'upgrade'}' src='/images/document-save.png' />
263 </form>
264
265 <tr><td colspan="2"><!-- Just an empty line -->&nbsp;
266 <tr><td bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire available addons'}</b>
267 <td bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire installed addons'}</b>
268 <tr><td style="padding:5px 10px 20px 20px" align="center">
269 <p>$Lang::tr{'pakfire install description'}</p>
270 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
271 <select name="INSPAKS" size="10" multiple>
272 END
273 &Pakfire::dblist("notinstalled", "forweb");
274
275 print <<END;
276 </select>
277 <br />
278 <input type='hidden' name='ACTION' value='install' />
279 <input type='image' alt='$Lang::tr{'install'}' title='$Lang::tr{'install'}' src='/images/list-add.png' />
280 </form>
281
282 <td style="padding:5px 10px 20px 20px" align="center">
283 <p>$Lang::tr{'pakfire uninstall description'}</p>
284 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
285 <select name="DELPAKS" size="10" multiple>
286 END
287
288 &Pakfire::dblist("installed", "forweb");
289
290 print <<END;
291 </select>
292 <br />
293 <input type='hidden' name='ACTION' value='remove' />
294 <input type='image' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' src='/images/list-remove.png' />
295 </form>
296 </table>
297 END
298
299 &Header::closebox();
300 &Header::openbox("100%", "center", "$Lang::tr{'settings'}");
301
302 print <<END;
303 <form method='POST' action='$ENV{'SCRIPT_NAME'}'>
304 <table width='95%'>
305 <tr>
306 <td align='left' width='45%'>$Lang::tr{'pakfire tree'}</td>
307 <td width="55%" align="left">
308 <select name="TREE">
309 <option value="stable" $selected{"TREE"}{"stable"}>$Lang::tr{'pakfire tree stable'}</option>
310 <option value="testing" $selected{"TREE"}{"testing"}>$Lang::tr{'pakfire tree testing'}</option>
311 <option value="unstable" $selected{"TREE"}{"unstable"}>$Lang::tr{'pakfire tree unstable'}</option>
312 </select>
313 </td>
314 </tr>
315 <tr>
316 <td colspan="2">&nbsp;</td>
317 </tr>
318 <tr>
319 <td colspan="2" align="center">
320 <input type="submit" name="ACTION" value="$Lang::tr{'save'}" />
321 </td>
322 </tr>
323 </table>
324 </form>
325 END
326
327 &Header::closebox();
328 &Header::closebigbox();
329 &Header::closepage();
330
331 #
332 ## Function to check a given package list for invalid characters.
333 #
334 ## Valid characters are a-z, A-Z, - and and the underscrore.
335 ## In case an invalid character will be detected, the function will return true.
336 #
337 sub check_input (@) {
338 my (@packages) = @_;
339
340 # Loop through the array of given pakages.
341 foreach my $name (@packages) {
342 # Check if it contains any unallowed charackters.
343 unless ($name =~ /^[\w-]+$/) {
344 # An unallowed character has been detected. Return "1" - True.
345 return 1;
346 }
347 }
348 }
Stefan's tree of IPFire 2.x.