From 2fcbcab80b804cb7a37a53cb56a059b83807447d Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Fri, 30 Jan 2015 13:57:26 +0100 Subject: [PATCH] Fixed handling of invalid files uploaded --- .../form/PackageStartInstallForm.class.php | 3 +-- .../system/package/PackageArchive.class.php | 15 +++++++------- .../PackageValidationArchive.class.php | 13 ++++++++---- .../PackageValidationException.class.php | 20 ++++++++++++------- .../PackageValidationManager.class.php | 4 +--- 5 files changed, 32 insertions(+), 23 deletions(-) diff --git a/wcfsetup/install/files/lib/acp/form/PackageStartInstallForm.class.php b/wcfsetup/install/files/lib/acp/form/PackageStartInstallForm.class.php index 040cf075a2..e451770d5e 100755 --- a/wcfsetup/install/files/lib/acp/form/PackageStartInstallForm.class.php +++ b/wcfsetup/install/files/lib/acp/form/PackageStartInstallForm.class.php @@ -2,7 +2,6 @@ namespace wcf\acp\form; use wcf\data\package\installation\queue\PackageInstallationQueue; use wcf\data\package\installation\queue\PackageInstallationQueueEditor; -use wcf\data\package\Package; use wcf\form\AbstractForm; use wcf\system\exception\PermissionDeniedException; use wcf\system\exception\SystemException; @@ -20,7 +19,7 @@ use wcf\util\StringUtil; * Shows the package install and update form. * * @author Marcel Werk - * @copyright 2001-2014 WoltLab GmbH + * @copyright 2001-2015 WoltLab GmbH * @license GNU Lesser General Public License * @package com.woltlab.wcf * @subpackage acp.form diff --git a/wcfsetup/install/files/lib/system/package/PackageArchive.class.php b/wcfsetup/install/files/lib/system/package/PackageArchive.class.php index 898c7c5d5d..3717337355 100644 --- a/wcfsetup/install/files/lib/system/package/PackageArchive.class.php +++ b/wcfsetup/install/files/lib/system/package/PackageArchive.class.php @@ -3,6 +3,7 @@ namespace wcf\system\package; use wcf\data\package\Package; use wcf\system\database\util\PreparedStatementConditionBuilder; use wcf\system\exception\SystemException; +use wcf\system\package\validation\PackageValidationException; use wcf\system\io\Tar; use wcf\system\WCF; use wcf\util\DateUtil; @@ -13,7 +14,7 @@ use wcf\util\XML; * Represents the archive of a package. * * @author Marcel Werk - * @copyright 2001-2014 WoltLab GmbH + * @copyright 2001-2015 WoltLab GmbH * @license GNU Lesser General Public License * @package com.woltlab.wcf * @subpackage system.package @@ -134,7 +135,7 @@ class PackageArchive { public function openArchive() { // check whether archive exists and is a TAR archive if (!file_exists($this->archive)) { - throw new SystemException("unable to find package file '".$this->archive."'"); + throw new SystemException("unable to find package file '".$this->archive."'", PackageValidationException::FILE_NOT_FOUND); } // open archive and read package information @@ -149,7 +150,7 @@ class PackageArchive { // search package.xml in package archive // throw error message if not found if ($this->tar->getIndexByFilename(self::INFO_FILE) === false) { - throw new SystemException("package information file '".(self::INFO_FILE)."' not found in '".$this->archive."'"); + throw new SystemException("package information file '".(self::INFO_FILE)."' not found in '".$this->archive."'", PackageValidationException::MISSING_PACKAGE_XML); } // extract package.xml, parse XML @@ -209,7 +210,7 @@ class PackageArchive { case 'version': if (!Package::isValidVersion($element->nodeValue)) { - throw new SystemException("package version '".$element->nodeValue."' is invalid"); + throw new SystemException("package version '".$element->nodeValue."' is invalid", PackageValidationException::INVALID_PACKAGE_VERSION); } $this->packageInfo['version'] = $element->nodeValue; @@ -235,7 +236,7 @@ class PackageArchive { $elements = $xpath->query('child::ns:requiredpackages/ns:requiredpackage', $package); foreach ($elements as $element) { if (!Package::isValidPackageName($element->nodeValue)) { - throw new SystemException("'".$element->nodeValue."' is not a valid package name."); + throw new SystemException("'".$element->nodeValue."' is not a valid package name.", PackageValidationException::INVALID_PACKAGE_NAME); } // read attributes @@ -252,7 +253,7 @@ class PackageArchive { $elements = $xpath->query('child::ns:optionalpackages/ns:optionalpackage', $package); foreach ($elements as $element) { if (!Package::isValidPackageName($element->nodeValue)) { - throw new SystemException("'".$element->nodeValue."' is not a valid package name."); + throw new SystemException("'".$element->nodeValue."' is not a valid package name.", PackageValidationException::INVALID_PACKAGE_NAME); } // read attributes @@ -269,7 +270,7 @@ class PackageArchive { $elements = $xpath->query('child::ns:excludedpackages/ns:excludedpackage', $package); foreach ($elements as $element) { if (!Package::isValidPackageName($element->nodeValue)) { - throw new SystemException("'".$element->nodeValue."' is not a valid package name."); + throw new SystemException("'".$element->nodeValue."' is not a valid package name.", PackageValidationException::INVALID_PACKAGE_NAME); } // read attributes diff --git a/wcfsetup/install/files/lib/system/package/validation/PackageValidationArchive.class.php b/wcfsetup/install/files/lib/system/package/validation/PackageValidationArchive.class.php index 2b7186d699..9672124408 100644 --- a/wcfsetup/install/files/lib/system/package/validation/PackageValidationArchive.class.php +++ b/wcfsetup/install/files/lib/system/package/validation/PackageValidationArchive.class.php @@ -3,6 +3,7 @@ namespace wcf\system\package\validation; use wcf\data\package\Package; use wcf\data\package\PackageCache; use wcf\system\database\util\PreparedStatementConditionBuilder; +use wcf\system\exception\SystemException; use wcf\system\package\PackageArchive; use wcf\system\WCF; @@ -10,7 +11,7 @@ use wcf\system\WCF; * Recursively validates the package archive and it's delivered requirements. * * @author Alexander Ebert - * @copyright 2001-2014 WoltLab GmbH + * @copyright 2001-2015 WoltLab GmbH * @license GNU Lesser General Public License * @package com.woltlab.wcf * @subpackage system.package.validation @@ -94,10 +95,14 @@ class PackageValidationArchive implements \RecursiveIterator { // check if package is installable or suitable for an update $this->validateInstructions($requiredVersion); } - catch (\Exception $e) { - $this->exception = $e; + catch (SystemException $e) { + if ($e->getCode()) { + $this->exception = new PackageValidationException($e->getCode(), array('legacyMessage' => $e->getMessage())); + + return false; + } - return false; + throw $e; } } diff --git a/wcfsetup/install/files/lib/system/package/validation/PackageValidationException.class.php b/wcfsetup/install/files/lib/system/package/validation/PackageValidationException.class.php index 8e014a7161..1697e87b4d 100644 --- a/wcfsetup/install/files/lib/system/package/validation/PackageValidationException.class.php +++ b/wcfsetup/install/files/lib/system/package/validation/PackageValidationException.class.php @@ -96,9 +96,9 @@ class PackageValidationException extends SystemException { * @param array $details */ public function __construct($code, array $details = array()) { - parent::__construct($this->getLegacyMessage(), $code); - $this->details = $details; + + parent::__construct($this->getLegacyMessage($code), $code); } /** @@ -113,19 +113,25 @@ class PackageValidationException extends SystemException { /** * Returns the readable error message. * + * @param integer $code * @return string */ - public function getErrorMessage() { - return WCF::getLanguage()->getDynamicVariable('wcf.acp.package.validation.errorCode.' . $this->getCode(), $this->getDetails()); + public function getErrorMessage($code = null) { + if (!empty($this->details['legacyMessage'])) { + return $this->details['legacyMessage']; + } + + return WCF::getLanguage()->getDynamicVariable('wcf.acp.package.validation.errorCode.' . ($code === null ? $this->getCode() : $code), $this->getDetails()); } /** * Returns legacy error messages to mimic WCF 2.0.x PackageArchive's exceptions. * + * @param integer $code * @return string */ - protected function getLegacyMessage() { - switch ($this->getCode()) { + protected function getLegacyMessage($code) { + switch ($code) { case self::FILE_NOT_FOUND: if (isset($this->details['targetArchive'])) { return "tar archive '".$this->details['targetArchive']."' not found in '".$this->details['archive']."'."; @@ -147,7 +153,7 @@ class PackageValidationException extends SystemException { break; default: - return 'Using getMessage() is discouraged, please use getErrorMessage() instead'; + return $this->getErrorMessage($code); break; } } diff --git a/wcfsetup/install/files/lib/system/package/validation/PackageValidationManager.class.php b/wcfsetup/install/files/lib/system/package/validation/PackageValidationManager.class.php index 7804873fb7..f6aa88b170 100644 --- a/wcfsetup/install/files/lib/system/package/validation/PackageValidationManager.class.php +++ b/wcfsetup/install/files/lib/system/package/validation/PackageValidationManager.class.php @@ -1,15 +1,13 @@ * @package com.woltlab.wcf * @subpackage system.package.validation -- 2.20.1