From 8929ea15a8208577697f68e58bb159cca0e2bba5 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Wed, 17 Feb 2021 09:37:18 +0100 Subject: [PATCH 1/3] Disable UI when web updater is disabled in config.php Signed-off-by: Vincent Petry --- index.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/index.php b/index.php index 4ff85f48..cf8b818c 100644 --- a/index.php +++ b/index.php @@ -153,6 +153,8 @@ class Updater { private $updateAvailable = false; /** @var string */ private $requestID = null; + /** @var bool */ + private $disabled = false; /** * Updater constructor @@ -175,6 +177,12 @@ public function __construct($baseDir) { require_once $configFileName; $this->configValues = $CONFIG; + if ($this->configValues['upgrade.disable-web'] ?? false) { + // updater disabled + $this->disabled = true; + return; + } + $dataDir = $this->getDataDirectoryLocation(); if(empty($dataDir) || !is_string($dataDir)) { throw new \Exception('Could not read data directory from config.php.'); @@ -210,6 +218,15 @@ public function __construct($baseDir) { $this->buildTime = $buildTime; } + /** + * Returns whether the web updater is disabled + * + * @return bool + */ + public function isDisabled() { + return $this->disabled; + } + /** * Returns current version or "unknown" if this could not be determined. * @@ -1279,8 +1296,13 @@ public function logVersion() { // Check if the config.php is at the expected place try { $updater = new Updater(__DIR__); + if ($updater->isDisabled()) { + http_response_code(403); + die('Updater is disabled, please use the command line'); + } } catch (\Exception $e) { // logging here is not possible because we don't know the data directory + http_response_code(500); die($e->getMessage()); } From 4a5035b39692998e3cb2d728425530c9f5a863d4 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Wed, 17 Feb 2021 10:52:43 +0100 Subject: [PATCH 2/3] Add CLI check in index.php Signed-off-by: Vincent Petry --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.php b/index.php index cf8b818c..11cbf1c3 100644 --- a/index.php +++ b/index.php @@ -177,7 +177,7 @@ public function __construct($baseDir) { require_once $configFileName; $this->configValues = $CONFIG; - if ($this->configValues['upgrade.disable-web'] ?? false) { + if (php_sapi_name() !== 'cli' && $this->configValues['upgrade.disable-web'] ?? false) { // updater disabled $this->disabled = true; return; From b53b4e389e5ae880af99a8727ebeefc1bcfb2691 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Wed, 17 Feb 2021 12:47:58 +0100 Subject: [PATCH 3/3] Align updater class with index.php Signed-off-by: Vincent Petry --- index.php | 2 +- lib/Updater.php | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/index.php b/index.php index 11cbf1c3..1fdb2b5f 100644 --- a/index.php +++ b/index.php @@ -177,7 +177,7 @@ public function __construct($baseDir) { require_once $configFileName; $this->configValues = $CONFIG; - if (php_sapi_name() !== 'cli' && $this->configValues['upgrade.disable-web'] ?? false) { + if (php_sapi_name() !== 'cli' && ($this->configValues['upgrade.disable-web'] ?? false)) { // updater disabled $this->disabled = true; return; diff --git a/lib/Updater.php b/lib/Updater.php index e62b79f8..63082953 100644 --- a/lib/Updater.php +++ b/lib/Updater.php @@ -36,6 +36,8 @@ class Updater { private $updateAvailable = false; /** @var string */ private $requestID = null; + /** @var bool */ + private $disabled = false; /** * Updater constructor @@ -58,6 +60,12 @@ public function __construct($baseDir) { require_once $configFileName; $this->configValues = $CONFIG; + if (php_sapi_name() !== 'cli' && ($this->configValues['upgrade.disable-web'] ?? false)) { + // updater disabled + $this->disabled = true; + return; + } + $dataDir = $this->getDataDirectoryLocation(); if(empty($dataDir) || !is_string($dataDir)) { throw new \Exception('Could not read data directory from config.php.'); @@ -93,6 +101,15 @@ public function __construct($baseDir) { $this->buildTime = $buildTime; } + /** + * Returns whether the web updater is disabled + * + * @return bool + */ + public function isDisabled() { + return $this->disabled; + } + /** * Returns current version or "unknown" if this could not be determined. *