From aacc402b1c78cba1e4d20d4ddf08eca696656fca Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Sat, 31 Jan 2015 11:33:47 +0100 Subject: [PATCH] Improved handling of invalid files uploaded --- .../system/package/PackageArchive.class.php | 47 ++++++++++++++++--- .../PackageValidationArchive.class.php | 12 ++--- 2 files changed, 44 insertions(+), 15 deletions(-) diff --git a/wcfsetup/install/files/lib/system/package/PackageArchive.class.php b/wcfsetup/install/files/lib/system/package/PackageArchive.class.php index 3717337355..0cb116d126 100644 --- a/wcfsetup/install/files/lib/system/package/PackageArchive.class.php +++ b/wcfsetup/install/files/lib/system/package/PackageArchive.class.php @@ -27,6 +27,12 @@ class PackageArchive { */ protected $archive = null; + /** + * throw SystemExceptions rather than PackageValidationException + * @var boolean + */ + protected $legacyExceptions = true; + /** * package object of an existing package * @var \wcf\data\package\Package @@ -102,6 +108,13 @@ class PackageArchive { $this->package = $package; } + /** + * Disables legacy exceptions, throwing PackageValidationException instead of SystemException. + */ + public function disableLegacyExceptions() { + $this->legacyExceptions = false; + } + /** * Sets associated package object. * @@ -135,7 +148,12 @@ class PackageArchive { public function openArchive() { // check whether archive exists and is a TAR archive if (!file_exists($this->archive)) { - throw new SystemException("unable to find package file '".$this->archive."'", PackageValidationException::FILE_NOT_FOUND); + if ($this->legacyExceptions) { + throw new SystemException("unable to find package file '".$this->archive."'"); + } + else { + throw new PackageValidationException(PackageValidationException::FILE_NOT_FOUND, array('archive' => $this->archive)); + } } // open archive and read package information @@ -150,7 +168,12 @@ class PackageArchive { // search package.xml in package archive // throw error message if not found if ($this->tar->getIndexByFilename(self::INFO_FILE) === false) { - throw new SystemException("package information file '".(self::INFO_FILE)."' not found in '".$this->archive."'", PackageValidationException::MISSING_PACKAGE_XML); + if ($this->legacyExceptions) { + throw new SystemException("package information file '".(self::INFO_FILE)."' not found in '".$this->archive."'"); + } + else { + throw new PackageValidationException(PackageValidationException::MISSING_PACKAGE_XML, array('archive' => $this->archive)); + } } // extract package.xml, parse XML @@ -171,7 +194,12 @@ class PackageArchive { $packageName = $package->getAttribute('name'); if (!Package::isValidPackageName($packageName)) { // package name is not a valid package identifier - throw new SystemException("'".$packageName."' is not a valid package name."); + if ($this->legacyExceptions) { + throw new SystemException("'".$packageName."' is not a valid package name."); + } + else { + throw new PackageValidationException(PackageValidationException::INVALID_PACKAGE_NAME, array('packageName' => $packageName)); + } } $this->packageInfo['name'] = $packageName; @@ -210,7 +238,12 @@ class PackageArchive { case 'version': if (!Package::isValidVersion($element->nodeValue)) { - throw new SystemException("package version '".$element->nodeValue."' is invalid", PackageValidationException::INVALID_PACKAGE_VERSION); + if ($this->legacyExceptions) { + throw new SystemException("package version '".$element->nodeValue."' is invalid"); + } + else { + throw new PackageValidationException(PackageValidationException::INVALID_PACKAGE_VERSION, array('packageVersion' => $element->nodeValue)); + } } $this->packageInfo['version'] = $element->nodeValue; @@ -236,7 +269,7 @@ class PackageArchive { $elements = $xpath->query('child::ns:requiredpackages/ns:requiredpackage', $package); foreach ($elements as $element) { if (!Package::isValidPackageName($element->nodeValue)) { - throw new SystemException("'".$element->nodeValue."' is not a valid package name.", PackageValidationException::INVALID_PACKAGE_NAME); + throw new SystemException("'".$element->nodeValue."' is not a valid package name."); } // read attributes @@ -253,7 +286,7 @@ class PackageArchive { $elements = $xpath->query('child::ns:optionalpackages/ns:optionalpackage', $package); foreach ($elements as $element) { if (!Package::isValidPackageName($element->nodeValue)) { - throw new SystemException("'".$element->nodeValue."' is not a valid package name.", PackageValidationException::INVALID_PACKAGE_NAME); + throw new SystemException("'".$element->nodeValue."' is not a valid package name."); } // read attributes @@ -270,7 +303,7 @@ class PackageArchive { $elements = $xpath->query('child::ns:excludedpackages/ns:excludedpackage', $package); foreach ($elements as $element) { if (!Package::isValidPackageName($element->nodeValue)) { - throw new SystemException("'".$element->nodeValue."' is not a valid package name.", PackageValidationException::INVALID_PACKAGE_NAME); + throw new SystemException("'".$element->nodeValue."' is not a valid package name."); } // read attributes diff --git a/wcfsetup/install/files/lib/system/package/validation/PackageValidationArchive.class.php b/wcfsetup/install/files/lib/system/package/validation/PackageValidationArchive.class.php index 9672124408..081d38d261 100644 --- a/wcfsetup/install/files/lib/system/package/validation/PackageValidationArchive.class.php +++ b/wcfsetup/install/files/lib/system/package/validation/PackageValidationArchive.class.php @@ -3,7 +3,6 @@ namespace wcf\system\package\validation; use wcf\data\package\Package; use wcf\data\package\PackageCache; use wcf\system\database\util\PreparedStatementConditionBuilder; -use wcf\system\exception\SystemException; use wcf\system\package\PackageArchive; use wcf\system\WCF; @@ -90,19 +89,16 @@ class PackageValidationArchive implements \RecursiveIterator { if ($validationMode !== PackageValidationManager::VALIDATION_EXCLUSION) { try { // try to read archive + $this->archive->disableLegacyExceptions(); $this->archive->openArchive(); // check if package is installable or suitable for an update $this->validateInstructions($requiredVersion); } - catch (SystemException $e) { - if ($e->getCode()) { - $this->exception = new PackageValidationException($e->getCode(), array('legacyMessage' => $e->getMessage())); - - return false; - } + catch (PackageValidationException $e) { + $this->exception = $e; - throw $e; + return false; } } -- 2.20.1