config.php 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245
  1. <?php
  2. // Copyright (C) 2014-2016 Combodo SARL
  3. //
  4. // This file is part of iTop.
  5. //
  6. // iTop is free software; you can redistribute it and/or modify
  7. // it under the terms of the GNU Affero General Public License as published by
  8. // the Free Software Foundation, either version 3 of the License, or
  9. // (at your option) any later version.
  10. //
  11. // iTop is distributed in the hope that it will be useful,
  12. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. // GNU Affero General Public License for more details.
  15. //
  16. // You should have received a copy of the GNU Affero General Public License
  17. // along with iTop. If not, see <http://www.gnu.org/licenses/>
  18. /**
  19. * Monitor the backup
  20. *
  21. * @copyright Copyright (C) 2013 Combodo SARL
  22. * @license http://opensource.org/licenses/AGPL-3.0
  23. */
  24. require_once('../../approot.inc.php');
  25. require_once(APPROOT.'application/application.inc.php');
  26. require_once(APPROOT.'application/itopwebpage.class.inc.php');
  27. require_once(APPROOT.'application/startup.inc.php');
  28. require_once(APPROOT.'application/loginwebpage.class.inc.php');
  29. function TestConfig($sContents, $oP)
  30. {
  31. try
  32. {
  33. ini_set('display_errors', 1);
  34. ob_start();
  35. // in PHP < 7.0.0 syntax errors are in output
  36. // in PHP >= 7.0.0 syntax errors are thrown as Error
  37. $sSafeContent = preg_replace(array('#^\s*<\?php#', '#\?>\s*$#'), '', $sContents);
  38. eval('if(0){'.trim($sSafeContent).'}');
  39. $sNoise = trim(ob_get_contents());
  40. ob_end_clean();
  41. }
  42. catch (Error $e)
  43. {
  44. // ParseError only thrown in PHP7
  45. throw new Exception('Error in configuration: '.$e->getMessage());
  46. }
  47. if (strlen($sNoise) > 0)
  48. {
  49. if (preg_match("/(Error|Parse error|Notice|Warning): (.+) in \S+ : eval\(\)'d code on line (\d+)/i", strip_tags($sNoise), $aMatches))
  50. {
  51. $sMessage = $aMatches[2];
  52. $sLine = $aMatches[3];
  53. $iLine = (int) $sLine;
  54. // Highlight the line
  55. $aLines = explode("\n", $sContents);
  56. $iStart = 0;
  57. for ($i = 0 ; $i < $iLine - 1; $i++) $iStart += strlen($aLines[$i]);
  58. $iEnd = $iStart + strlen($aLines[$iLine - 1]);
  59. $iTotalLines = count($aLines);
  60. $sMessage = Dict::Format('config-parse-error', $sMessage, $sLine);
  61. throw new Exception($sMessage);
  62. }
  63. else
  64. {
  65. // Note: sNoise is an html output, but so far it was ok for me (e.g. showing the entire call stack)
  66. throw new Exception('Syntax error in configuration file: <tt>'.$sNoise.'</tt>');
  67. }
  68. }
  69. }
  70. /////////////////////////////////////////////////////////////////////
  71. // Main program
  72. //
  73. LoginWebPage::DoLogin(true); // Check user rights and prompt if needed (must be admin)
  74. //$sOperation = utils::ReadParam('operation', 'menu');
  75. //$oAppContext = new ApplicationContext();
  76. $oP = new iTopWebPage(Dict::S('config-edit-title'));
  77. $oP->set_base(utils::GetAbsoluteUrlAppRoot().'pages/');
  78. $oP->add_linked_script(utils::GetCurrentModuleUrl().'/js/ace.js');
  79. $oP->add_linked_script(utils::GetCurrentModuleUrl().'/js/mode-php.js');
  80. $oP->add_linked_script(utils::GetCurrentModuleUrl().'/js/theme-eclipse.js');
  81. $oP->add_linked_script(utils::GetCurrentModuleUrl().'/js/ext-searchbox.js');
  82. //$oP->add_linked_script(utils::GetCurrentModuleUrl().'/js/ext-textarea.js');
  83. try
  84. {
  85. $sOperation = utils::ReadParam('operation', '');
  86. $oP->add("<h1>".Dict::S('config-edit-title')."</h1>");
  87. if (MetaModel::GetConfig()->Get('demo_mode'))
  88. {
  89. $oP->add("<div class=\"header_message message_info\">Sorry, iTop is in <b>demonstration mode</b>: the configuration file cannot be edited.</div>");
  90. }
  91. else if (MetaModel::GetModuleSetting('itop-config', 'config_editor', '') == 'disabled')
  92. {
  93. $oP->add("<div class=\"header_message message_info\">iTop interactive edition of the configuration as been disabled. See <tt>'config_editor' => 'disabled'</tt> in the configuration file.</div>");
  94. }
  95. else
  96. {
  97. $sConfigFile = APPROOT.'conf/'.utils::GetCurrentEnvironment().'/config-itop.php';
  98. $iEditorTopMargin = 9;
  99. $sConfig = str_replace("\r\n", "\n", file_get_contents($sConfigFile));
  100. $sOrginalConfig = $sConfig;
  101. if (!empty($sOperation))
  102. {
  103. $iEditorTopMargin = 14;
  104. $sConfig = utils::ReadParam('new_config', '', false, 'raw_data');
  105. $sOrginalConfig = utils::ReadParam('prev_config', '', false, 'raw_data');
  106. }
  107. if ($sOperation == 'revert')
  108. {
  109. $oP->add('<div id="save_result" class="header_message message_info">'.Dict::S('config-reverted').'</div>');
  110. }
  111. if ($sOperation == 'save')
  112. {
  113. $sTransactionId = utils::ReadParam('transaction_id', '');
  114. if (!utils::IsTransactionValid($sTransactionId, true))
  115. {
  116. $oP->add("<div class=\"header_message message_info\">Error: invalid Transaction ID. The configuration was <b>NOT</b> modified.</div>");
  117. }
  118. else
  119. {
  120. if ($sConfig == $sOrginalConfig)
  121. {
  122. $oP->add('<div id="save_result" class="header_message">'.Dict::S('config-no-change').'</div>');
  123. }
  124. else
  125. {
  126. try
  127. {
  128. TestConfig($sConfig, $oP); // throws exceptions
  129. @chmod($sConfigFile, 0770); // Allow overwriting the file
  130. $sTmpFile = tempnam(SetupUtils::GetTmpDir(), 'itop-cfg-');
  131. // Don't write the file as-is since it would allow to inject any kind of PHP code.
  132. // Instead write the interpreted version of the file
  133. // Note:
  134. // The actual raw PHP code will anyhow be interpreted exactly twice: once in TestConfig() above
  135. // and a second time during the load of the Config object below.
  136. // If you are really concerned about an iTop administrator crafting some malicious
  137. // PHP code inside the config file, then turn off the interactive configuration
  138. // editor by adding the configuration parameter:
  139. // 'itop-config' => array(
  140. // 'config_editor' => 'disabled',
  141. // )
  142. file_put_contents($sTmpFile, $sConfig);
  143. $oTempConfig = new Config($sTmpFile, true);
  144. $oTempConfig->WriteToFile($sConfigFile);
  145. @unlink($sTmpFile);
  146. @chmod($sConfigFile, 0444); // Read-only
  147. $oP->p('<div id="save_result" class="header_message message_ok">'.Dict::S('config-saved').'</div>');
  148. $sOrginalConfig = str_replace("\r\n", "\n", file_get_contents($sConfigFile));
  149. }
  150. catch (Exception $e)
  151. {
  152. $oP->p('<div id="save_result" class="header_message message_error">'.$e->getMessage().'</div>');
  153. }
  154. }
  155. }
  156. }
  157. $sConfigEscaped = htmlentities($sConfig, ENT_QUOTES, 'UTF-8');
  158. $sOriginalConfigEscaped = htmlentities($sOrginalConfig, ENT_QUOTES, 'UTF-8');
  159. $oP->p(Dict::S('config-edit-intro'));
  160. $oP->add("<form method=\"POST\">");
  161. $oP->add("<input id=\"operation\" type=\"hidden\" name=\"operation\" value=\"save\">");
  162. $oP->add("<input type=\"hidden\" name=\"transaction_id\" value=\"".utils::GetNewTransactionId()."\">");
  163. $oP->add("<input id=\"submit_button\" type=\"submit\" value=\"".Dict::S('config-apply')."\"><button id=\"cancel_button\" disabled=\"disabled\" onclick=\"return ResetConfig();\">".Dict::S('config-cancel')."</button>");
  164. $oP->add("<input type=\"hidden\" id=\"prev_config\" name=\"prev_config\" value=\"$sOriginalConfigEscaped\">");
  165. $oP->add("<input type=\"hidden\" name=\"new_config\" value=\"$sConfigEscaped\">");
  166. $oP->add("<div id =\"new_config\" style=\"position: absolute; top: ".$iEditorTopMargin."em; bottom: 0; left: 5px; right: 5px;\"></div>");
  167. $oP->add("</form>");
  168. $sConfirmCancel = addslashes(Dict::S('config-confirm-cancel'));
  169. $oP->add_ready_script(
  170. <<<EOF
  171. var editor = ace.edit("new_config");
  172. var textarea = $('input[name="new_config"]');
  173. editor.getSession().setValue(textarea.val());
  174. editor.getSession().on('change', function()
  175. {
  176. textarea.val(editor.getSession().getValue());
  177. UpdateConfigEditorButtonState();
  178. });
  179. editor.getSession().on("changeAnnotation", function()
  180. {
  181. UpdateConfigEditorButtonState();
  182. });
  183. editor.setTheme("ace/theme/eclipse");
  184. editor.getSession().setMode("ace/mode/php");
  185. function UpdateConfigEditorButtonState()
  186. {
  187. var editor = ace.edit("new_config");
  188. var isSameContent = editor.getValue() == $('#prev_config').val();
  189. var hasNoError = $.isEmptyObject(editor.getSession().getAnnotations());
  190. $('#cancel_button').attr('disabled', isSameContent);
  191. $('#submit_button').attr('disabled', isSameContent || !hasNoError);
  192. }
  193. EOF
  194. );
  195. $oP->add_script(
  196. <<<EOF
  197. function ResetConfig()
  198. {
  199. var editor = ace.edit("new_config");
  200. $("#operation").attr('value', 'revert');
  201. if (editor.getValue() != $('#prev_config').val())
  202. {
  203. if (confirm('$sConfirmCancel'))
  204. {
  205. $('input[name="new_config"]').val($('#prev_config').val());
  206. return true;
  207. }
  208. }
  209. return false;
  210. }
  211. EOF
  212. );
  213. }
  214. }
  215. catch(Exception $e)
  216. {
  217. $oP->p('<b>'.$e->getMessage().'</b>');
  218. }
  219. $oP->output();