From 5310b3e79ba3a9d5978a7e6afaa627e596839e9c Mon Sep 17 00:00:00 2001 From: Cyril MAGUIRE Date: Tue, 30 Aug 2016 01:20:17 +0200 Subject: [PATCH] =?UTF-8?q?Corrections=20pour=20fonctionner=20sur=20un=20h?= =?UTF-8?q?=C3=A9bergement=20mutualis=C3=A9=20(et=20=C3=A7a=20fonctionne?= =?UTF-8?q?=20=C3=A9galement=20sur=20un=20h=C3=A9bergement=20"normal")?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/Config/bootstrap.php | 2 +- app/Config/core.php | 11 ++++++--- app/Console/cake | 0 app/Controller/AppController.php | 15 ++++++++++++ app/Controller/Component/ImageComponent.php | 7 +++++- app/Controller/InstallersController.php | 26 ++++++++++++++------- app/Controller/SongsController.php | 8 +++---- app/Model/User.php | 2 +- app/webroot/index.php | 6 ++--- lib/Cake/Cache/Engine/FileEngine.php | 4 ++-- lib/Cake/Console/cake | 0 lib/Cake/I18n/I18n.php | 2 +- lib/Cake/Model/Datasource/CakeSession.php | 7 +++--- 13 files changed, 63 insertions(+), 27 deletions(-) mode change 100755 => 100644 app/Console/cake mode change 100755 => 100644 lib/Cake/Console/cake diff --git a/app/Config/bootstrap.php b/app/Config/bootstrap.php index cf4f325..6e9dc24 100644 --- a/app/Config/bootstrap.php +++ b/app/Config/bootstrap.php @@ -110,7 +110,7 @@ * Default application language */ Configure::write('Config.language', 'eng'); - +Configure::write('Session.save', 'cake'); /** * Sonerezh constants declarations */ diff --git a/app/Config/core.php b/app/Config/core.php index aea12fe..b8b3d14 100644 --- a/app/Config/core.php +++ b/app/Config/core.php @@ -222,18 +222,23 @@ Configure::write('Session', array( 'defaults' => 'php', 'cookie' => 'Sonerezh', - 'timeout' => 4320 + 'timeout' => 4320, + 'ini' => array( + 'session.save_handler' => 'files', + 'session.cookie_lifetime' => 0, + 'session.cookie_httponly' => 0 + ) )); /** * A random string used in security hashing methods. */ - Configure::write('Security.salt', 'AUZCf9nyl8MvKoeElb2elVOPzCxny7TZRIrWHFlS'); + Configure::write('Security.salt', 'LKoCJQ0LKeN6gXzCNfsEtzyhBH803OEDoS6Yz6ya'); /** * A random numeric string (digits only) used to encrypt/decrypt strings. */ - Configure::write('Security.cipherSeed', '8584443986453549548448780006040768989077'); + Configure::write('Security.cipherSeed', '1603162903989056101141254979932991296475'); /** * Apply timestamps with the last modified time to static assets (js, css, images). diff --git a/app/Console/cake b/app/Console/cake old mode 100755 new mode 100644 diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 3ce4679..32b33e6 100644 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -183,4 +183,19 @@ private function __setLanguage() { $this->Cookie->write('lang', $locale); Configure::write('Config.language', $locale); } + + public function func_enabled($func) { + $disabled = explode(',', ini_get('disable_functions')); + foreach ($disabled as $disableFunction) { + $is_disabled[] = trim($disableFunction); + } + if (in_array($func,$is_disabled)) { + $it_is_disabled["m"] = $func.'() has been disabled for security reasons in php.ini'; + $it_is_disabled["s"] = 0; + } else { + $it_is_disabled["m"] = $func.'() is allow to use'; + $it_is_disabled["s"] = 1; + } + return $it_is_disabled; + } } diff --git a/app/Controller/Component/ImageComponent.php b/app/Controller/Component/ImageComponent.php index fec40b7..3b29d08 100644 --- a/app/Controller/Component/ImageComponent.php +++ b/app/Controller/Component/ImageComponent.php @@ -12,7 +12,12 @@ public function resize($img, $to, $width = 0, $height = 0) { $dimensions = getimagesize($img); $ratio = $dimensions[0] / $dimensions[1]; - $exif = exif_read_data($img); + $extension = strtolower(end(explode(".", $img))); + if (in_array($extention,array('jpg','jpeg','gif'))) { + $exif = exif_read_data($img); + } else { + $exif = array(); + } $rotation = 0; if (isset($exif['Orientation'])) { diff --git a/app/Controller/InstallersController.php b/app/Controller/InstallersController.php index 081435a..8f5509c 100644 --- a/app/Controller/InstallersController.php +++ b/app/Controller/InstallersController.php @@ -27,6 +27,7 @@ public function beforeFilter() { * The first users is also created here, with the administrator role, and the default settings are applied. */ public function index() { + clearstatcache(); $this->view = "index"; $requirements = array(); $missing_requirements = false; @@ -40,11 +41,15 @@ public function index() { $missing_requirements = true; } - if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { - $libavtools = shell_exec("where avconv") || shell_exec("where ffmpeg");//WIN - } else { - $libavtools = shell_exec("which avconv") || shell_exec("which ffmpeg");//NO WIN - } + if ($this->func_enabled('shell_exec')['s'] == 1) { + if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { + $libavtools = shell_exec("where avconv") || shell_exec("where ffmpeg");//WIN + } else { + $libavtools = shell_exec("which avconv") || shell_exec("which ffmpeg");//NO WIN + } + } else { + $libavtools = false; + } if ($libavtools) { $requirements['libavtools'] = array('label' => 'success', 'message' => __('libav-tools (avconv) is installed!')); @@ -135,12 +140,17 @@ public function index() { // Write app/Config/database.php $db_config_file = new File(APP.'Config'.DS.'database.php'); - if ($db_config_file->create()) { + if ($db_config_file->create() === true) { $db_config_data = "write($db_config_data); + // $db_config_file->write($db_config_data,'w',false); + file_put_contents(APP.'Config'.DS.'database.php', $db_config_data); + if (!file_exists($db_config_file->path)) { + $this->Flash->error(__('Unable to write configuration file.')); + return; + } } else { $this->Flash->error(__('Unable to write configuration file.')); return; @@ -169,7 +179,7 @@ public function index() { $db_connection = ConnectionManager::getDataSource('default'); $db_connection->connect(); } catch (Exception $e) { - $db_config_file->delete(); + // $db_config_file->delete(); $this->Flash->error(__('Could not connect to database')); return; } diff --git a/app/Controller/SongsController.php b/app/Controller/SongsController.php index ce23773..8cf4f4f 100644 --- a/app/Controller/SongsController.php +++ b/app/Controller/SongsController.php @@ -211,7 +211,7 @@ public function albums() { } if (empty($songs)) { - $this->Flash->info(''.__('Oops!').' '.__('The database is empty...')); + $this->Flash->info(__('Oops!').__('The database is empty...')); } $this->set(compact('songs', 'playlists', 'latests')); @@ -321,7 +321,7 @@ public function artists() { } if (empty($parsed)) { - $this->Flash->info("".__('Oops!')." ".__('The database is empty...')); + $this->Flash->info(__('Oops!').__('The database is empty...')); } $this->set(array('songs' => $parsed, 'playlists' => $playlists)); } @@ -364,7 +364,7 @@ public function index() { $songs = $this->SortComponent->sortByBand($songs); if (empty($songs)) { - $this->Flash->info("".__('Oops!')." ".__('The database is empty...')); + $this->Flash->info(__('Oops!').__('The database is empty...')); } $this->set(compact('songs', 'playlists')); @@ -450,7 +450,7 @@ public function search() { } if (empty($parsed)) { - $this->Flash->error("".__('Oops!')." ".__('No results.')); + $this->Flash->error(__('Oops!').__('No results.')); } $this->set('songs', $parsed); } diff --git a/app/Model/User.php b/app/Model/User.php index a0f7382..be26d16 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -145,7 +145,7 @@ public function beforeValidate($options = array()) { } public function isThereAnAdmin() { - if (AuthComponent::user('id') == $this->data[$this->alias]['id'] && isset($this->data[$this->alias]['role'])) { + if (isset($this->data[$this->alias]['id']) && AuthComponent::user('id') == $this->data[$this->alias]['id'] && isset($this->data[$this->alias]['role'])) { $users = $this->find('count'); diff --git a/app/webroot/index.php b/app/webroot/index.php index e291043..e427a2e 100644 --- a/app/webroot/index.php +++ b/app/webroot/index.php @@ -61,7 +61,7 @@ * The following line differs from its sibling * /lib/Cake/Console/Templates/skel/webroot/index.php */ -//define('CAKE_CORE_INCLUDE_PATH', ROOT . DS . 'lib'); +define('CAKE_CORE_INCLUDE_PATH', ROOT . DS . 'lib'); /** * Editing below this line should NOT be necessary. @@ -87,11 +87,11 @@ if (function_exists('ini_set')) { ini_set('include_path', ROOT . DS . 'lib' . PATH_SEPARATOR . ini_get('include_path')); } - if (!include 'Cake' . DS . 'bootstrap.php') { + if (!include('Cake' . DS . 'bootstrap.php')) { $failed = true; } } else { - if (!include CAKE_CORE_INCLUDE_PATH . DS . 'Cake' . DS . 'bootstrap.php') { + if (!include(CAKE_CORE_INCLUDE_PATH . DS . 'Cake' . DS . 'bootstrap.php')) { $failed = true; } } diff --git a/lib/Cake/Cache/Engine/FileEngine.php b/lib/Cake/Cache/Engine/FileEngine.php index d650e60..e10f21c 100644 --- a/lib/Cake/Cache/Engine/FileEngine.php +++ b/lib/Cake/Cache/Engine/FileEngine.php @@ -349,7 +349,7 @@ protected function _setKey($key, $createKey = false) { return false; } if (empty($this->_File) || $this->_File->getBaseName() !== $key) { - $exists = file_exists($path->getPathname()); + $exists = file_exists(trim($path->getPathname())); try { $this->_File = $path->openFile('c+'); } catch (Exception $e) { @@ -358,7 +358,7 @@ protected function _setKey($key, $createKey = false) { } unset($path); - if (!$exists && !chmod($this->_File->getPathname(), (int)$this->settings['mask'])) { + if (!$exists && !chmod(trim($this->_File->getPathname()), (int)$this->settings['mask'])) { trigger_error(__d( 'cake_dev', 'Could not apply permission mask "%s" on cache file "%s"', array($this->_File->getPathname(), $this->settings['mask'])), E_USER_WARNING); diff --git a/lib/Cake/Console/cake b/lib/Cake/Console/cake old mode 100755 new mode 100644 diff --git a/lib/Cake/I18n/I18n.php b/lib/Cake/I18n/I18n.php index 1b79fa2..726765e 100644 --- a/lib/Cake/I18n/I18n.php +++ b/lib/Cake/I18n/I18n.php @@ -432,7 +432,7 @@ protected function _bindTextDomain($domain) { if (is_file($file . '.mo')) { $translations = static::loadMo($file . '.mo'); } - if ($translations === false && is_file($file . '.po')) { + if ($translations === false && is_file(trim($file) . '.po')) { $translations = static::loadPo($file . '.po'); } diff --git a/lib/Cake/Model/Datasource/CakeSession.php b/lib/Cake/Model/Datasource/CakeSession.php index 4a25f67..91d88b8 100644 --- a/lib/Cake/Model/Datasource/CakeSession.php +++ b/lib/Cake/Model/Datasource/CakeSession.php @@ -546,12 +546,13 @@ protected static function _configureSession() { if (!isset($sessionConfig['cacheLimiter'])) { $sessionConfig['cacheLimiter'] = 'must-revalidate'; } - if (empty($_SESSION)) { if (!empty($sessionConfig['ini']) && is_array($sessionConfig['ini'])) { foreach ($sessionConfig['ini'] as $setting => $value) { - if (ini_set($setting, $value) === false) { - throw new CakeSessionException(__d('cake_dev', 'Unable to configure the session, setting %s failed.', $setting)); + if (ini_get($setting) != $value) { + if (ini_set($setting, $value) === false) { + throw new CakeSessionException(__d('cake_dev', 'Unable to configure the session, setting %s failed.', $setting)); + } } } }