lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NEW Filechecker can include custom dir and report added files.

Browse Source
This commit is contained in:
Laurent Destailleur 2017-02-06 13:37:23 +01:00
parent a673afe601
commit 9220a638b5
4 changed files with 173 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
build/generate_filelist_xml.php
View File

@ -42,35 +42,55 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
if (empty($argv[1]))
{
print "Usage: ".$script_file." release=x.y.z\n";
print "Usage: ".$script_file." release=x.y.z[-...] [includecustom=1]\n";
exit -1;
}
parse_str($argv[1]);
if (! empty($argv[2])) parse_str($argv[2]);
if ($release != DOL_VERSION)
if (empty($includecustom))
{
print 'Error: release is not version declared into filefunc.in.php.'."\n";
exit -1;
$includecustom=0;
if (DOL_VERSION != $release)
{
print 'Error: When parameter "includecustom" is not set, version declared into filefunc.in.php ('.DOL_VERSION.') must be exact same value than "release" parmater.'."\n";
print "Usage: ".$script_file." release=x.y.z[-...] [includecustom=1]\n";
exit -1;
}
}
else
{
if (! preg_match('/'.preg_quote(DOL_VERSION,'/').'-/',$release))
{
print 'Error: When parameter "includecustom" is not set, version declared into ('.DOL_VERSION.') must be used with a suffix into "release" parmater (ex: '.DOL_VERSION.'-mydistrib).'."\n";
print "Usage: ".$script_file." release=x.y.z[-...] [includecustom=1]\n";
exit -1;
}
}
print "Version: ".$release."\n";
print "Include custom: ".$includecustom."\n";
//$outputfile=dirname(__FILE__).'/../htdocs/install/filelist-'.$release.'.xml';
$outputdir=dirname(__FILE__).'/../htdocs/install';
print 'Delete current files '.$outputdir.'/filelist*.xml'."\n";
dol_delete_file($outputdir.'/filelist*.xml',0,1,1);
print 'Delete current files '.$outputdir.'/filelist-'.$release.'.xml'."\n";
dol_delete_file($outputdir.'/filelist-'.$release.'.xml',0,1,1);
$outputfile=$outputdir.'/filelist-'.$release.'.xml';
$fp = fopen($outputfile,'w');
fputs($fp, '<?xml version="1.0" encoding="UTF-8" ?>'."\n");
fputs($fp, '<checksum_list version="'.$release.'">'."\n");
fputs($fp, '<dolibarr_htdocs_dir>'."\n");
fputs($fp, '<dolibarr_htdocs_dir includecustom="'.$includecustom.'">'."\n");
$checksumconcat=array();
// TODO Replace RecursiveDirectoryIterator with dol_dir_list
$dir_iterator1 = new RecursiveDirectoryIterator(dirname(__FILE__).'/../htdocs/');
$iterator1 = new RecursiveIteratorIterator($dir_iterator1);
// need to ignore document custom etc
$files = new RegexIterator($iterator1, '#^(?:[A-Z]:)?(?:/(?!(?:custom|documents|conf|install|nltechno))[^/]+)+/[^/]+\.(?:php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$#i');
// Need to ignore document custom etc. Note: this also ignore natively symbolic links.
$files = new RegexIterator($iterator1, '#^(?:[A-Z]:)?(?:/(?!(?:'.($includecustom?'':'custom\/|').'documents\/|conf\/|install\/))[^/]+)+/[^/]+\.(?:php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$#i');
$dir='';
$needtoclose=0;
foreach ($files as $file) {
@ -102,10 +122,11 @@ $checksumconcat=array();
fputs($fp, '<dolibarr_script_dir version="'.$release.'">'."\n");
// TODO Replace RecursiveDirectoryIterator with dol_dir_list
$dir_iterator2 = new RecursiveDirectoryIterator(dirname(__FILE__).'/../scripts/');
$iterator2 = new RecursiveIteratorIterator($dir_iterator2);
// need to ignore document custom etc
$files = new RegexIterator($iterator2, '#^(?:[A-Z]:)?(?:/(?!(?:custom|documents|conf|install|nltechno))[^/]+)+/[^/]+\.(?:php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$#i');
// Need to ignore document custom etc. Note: this also ignore natively symbolic links.
$files = new RegexIterator($iterator2, '#^(?:[A-Z]:)?(?:/(?!(?:custom|documents|conf|install))[^/]+)+/[^/]+\.(?:php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$#i');
$dir='';
$needtoclose=0;
foreach ($files as $file) {

184
htdocs/admin/system/filecheck.php
View File

@ -90,19 +90,22 @@ print $langs->trans("MakeIntegrityAnalysisFrom").':<br>';
print '<!-- for a local check target=local&xmlshortfile=... -->'."\n";
if (dol_is_file($xmlfile))
{
print '<input type="radio" name="target" value="local"'.((! GETPOST('target') || GETPOST('target') == 'local') ? 'checked="checked"':'').'"> '.$langs->trans("LocalSignature").' = '.$xmlshortfile.'<br>';
print '<input type="radio" name="target" value="local"'.((! GETPOST('target') || GETPOST('target') == 'local') ? 'checked="checked"':'').'"> '.$langs->trans("LocalSignature").' = ';
print '<input name="xmlshortfile" class="flat minwidth200" value="'.dol_escape_htmltag($xmlshortfile).'">';
print '<br>';
}
else
{
print '<input type="radio" name="target" value="local"> '.$langs->trans("LocalSignature").' = '.$xmlshortfile;
if (! GETPOST('xmlshortfile')) print ' <span class="warning">('.$langs->trans("AvailableOnlyOnPackagedVersions").')</span>';
print '<input type="radio" name="target" value="local"> '.$langs->trans("LocalSignature").' = ';
print '<input name="xmlshortfile" class="flat minwidth200" value="'.dol_escape_htmltag($xmlshortfile).'">';
print ' <span class="warning">('.$langs->trans("AvailableOnlyOnPackagedVersions").')</span>';
print '<br>';
}
print '<!-- for a remote target=remote&xmlremote=... -->'."\n";
if ($enableremotecheck)
{
print '<input type="radio" name="target" value="remote"'.(GETPOST('target') == 'remote' ? 'checked="checked"':'').'> '.$langs->trans("RemoteSignature").' = ';
print '<input name="xmlremote" class="flat quatrevingtpercent" value="'.$xmlremote.'"><br>';
print '<input name="xmlremote" class="flat quatrevingtpercent" value="'.dol_escape_htmltag($xmlremote).'"><br>';
}
else
{
@ -150,21 +153,41 @@ if (GETPOST('target') == 'remote')
if ($xml)
{
$checksumconcat = array();
$file_list = array();
$out = '';
// Scan htdocs
if (is_object($xml->dolibarr_htdocs_dir[0]))
{
$file_list = array();
$ret = getFilesUpdated($file_list, $xml->dolibarr_htdocs_dir[0], '', DOL_DOCUMENT_ROOT, $checksumconcat); // Fill array $file_list
print_fiche_titre($langs->trans("FilesMissing"));
//var_dump($xml->dolibarr_htdocs_dir[0]['includecustom']);exit;
$includecustom=(empty($xml->dolibarr_htdocs_dir[0]['includecustom'])?0:$xml->dolibarr_htdocs_dir[0]['includecustom']);
// Defined qualified files (must be same than into generate_filelist_xml.php)
$regextoinclude='\.(php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$';
$regextoexclude='('.($includecustom?'':'custom|').'documents|conf|install)$'; // Exclude dirs
$scanfiles = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, $regextoinclude, $regextoexclude);
// Fill file_list with files in signature, new files, modified files
$ret = getFilesUpdated($file_list, $xml->dolibarr_htdocs_dir[0], '', DOL_DOCUMENT_ROOT, $checksumconcat, $scanfiles); // Fill array $file_list
// Complete with list of new files
foreach ($scanfiles as $keyfile => $valfile)
{
$tmprelativefilename=preg_replace('/^'.preg_quote(DOL_DOCUMENT_ROOT,'/').'/','', $valfile['fullname']);
if (! in_array($tmprelativefilename, $file_list['insignature']))
{
$md5newfile=@md5_file($valfile['fullname']); // Can fails if we don't have permission to open/read file
$file_list['added'][]=array('filename'=>$tmprelativefilename, 'md5'=>$md5newfile);
}
}
print '<table class="noborder">';
print '<tr class="liste_titre">';
print '<td>#</td>';
print '<td>' . $langs->trans("Filename") . '</td>';
print '<td align="center">' . $langs->trans("ExpectedChecksum") . '</td>';
print '</tr>'."\n";
$out.=load_fiche_titre($langs->trans("FilesMissing"));
$out.='<table class="noborder">';
$out.='<tr class="liste_titre">';
$out.='<td>#</td>';
$out.='<td>' . $langs->trans("Filename") . '</td>';
$out.='<td align="center">' . $langs->trans("ExpectedChecksum") . '</td>';
$out.='</tr>'."\n";
$var = true;
$tmpfilelist = dol_sort_array($file_list['missing'], 'filename');
if (is_array($tmpfilelist) && count($tmpfilelist))
@ -174,32 +197,32 @@ if ($xml)
{
$i++;
$var = !$var;
print '<tr ' . $bc[$var] . '>';
print '<td>'.$i.'</td>' . "\n";
print '<td>'.$file['filename'].'</td>' . "\n";
print '<td align="center">'.$file['expectedmd5'].'</td>' . "\n";
print "</tr>\n";
$out.='<tr ' . $bc[$var] . '>';
$out.='<td>'.$i.'</td>' . "\n";
$out.='<td>'.$file['filename'].'</td>' . "\n";
$out.='<td align="center">'.$file['expectedmd5'].'</td>' . "\n";
$out.="</tr>\n";
}
}
else
{
print '<tr ' . $bc[false] . '><td colspan="3" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
$out.='<tr ' . $bc[false] . '><td colspan="3" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
}
print '</table>';
$out.='</table>';
print '<br>';
$out.='<br>';
print_fiche_titre($langs->trans("FilesUpdated"));
$out.=load_fiche_titre($langs->trans("FilesModified"));
print '<table class="noborder">';
print '<tr class="liste_titre">';
print '<td>#</td>';
print '<td>' . $langs->trans("Filename") . '</td>';
print '<td align="center">' . $langs->trans("ExpectedChecksum") . '</td>';
print '<td align="center">' . $langs->trans("CurrentChecksum") . '</td>';
print '<td align="right">' . $langs->trans("Size") . '</td>';
print '<td align="right">' . $langs->trans("DateModification") . '</td>';
print '</tr>'."\n";
$out.='<table class="noborder">';
$out.='<tr class="liste_titre">';
$out.='<td>#</td>';
$out.='<td>' . $langs->trans("Filename") . '</td>';
$out.='<td align="center">' . $langs->trans("ExpectedChecksum") . '</td>';
$out.='<td align="center">' . $langs->trans("CurrentChecksum") . '</td>';
$out.='<td align="right">' . $langs->trans("Size") . '</td>';
$out.='<td align="right">' . $langs->trans("DateModification") . '</td>';
$out.='</tr>'."\n";
$var = true;
$tmpfilelist2 = dol_sort_array($file_list['updated'], 'filename');
if (is_array($tmpfilelist2) && count($tmpfilelist2))
@ -209,30 +232,70 @@ if ($xml)
{
$i++;
$var = !$var;
print '<tr ' . $bc[$var] . '>';
print '<td>'.$i.'</td>' . "\n";
print '<td>'.$file['filename'].'</td>' . "\n";
print '<td align="center">'.$file['expectedmd5'].'</td>' . "\n";
print '<td align="center">'.$file['md5'].'</td>' . "\n";
print '<td align="right">'.dol_print_size(dol_filesize(DOL_DOCUMENT_ROOT.'/'.$file['filename'])).'</td>' . "\n";
print '<td align="right">'.dol_print_date(dol_filemtime(DOL_DOCUMENT_ROOT.'/'.$file['filename']),'dayhour').'</td>' . "\n";
print "</tr>\n";
$out.='<tr ' . $bc[$var] . '>';
$out.='<td>'.$i.'</td>' . "\n";
$out.='<td>'.$file['filename'].'</td>' . "\n";
$out.='<td align="center">'.$file['expectedmd5'].'</td>' . "\n";
$out.='<td align="center">'.$file['md5'].'</td>' . "\n";
$out.='<td align="right">'.dol_print_size(dol_filesize(DOL_DOCUMENT_ROOT.'/'.$file['filename'])).'</td>' . "\n";
$out.='<td align="right">'.dol_print_date(dol_filemtime(DOL_DOCUMENT_ROOT.'/'.$file['filename']),'dayhour').'</td>' . "\n";
$out.="</tr>\n";
}
}
else
{
print '<tr ' . $bc[false] . '><td colspan="5" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
$out.='<tr ' . $bc[false] . '><td colspan="5" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
}
print '</table>';
$out.='</table>';
if (empty($tmpfilelist) && empty($tmpfilelist2))
$out.='<br>';
$out.=load_fiche_titre($langs->trans("FilesAdded"));
$out.='<table class="noborder">';
$out.='<tr class="liste_titre">';
$out.='<td>#</td>';
$out.='<td>' . $langs->trans("Filename") . '</td>';
$out.='<td align="center">' . $langs->trans("ExpectedChecksum") . '</td>';
$out.='<td align="center">' . $langs->trans("CurrentChecksum") . '</td>';
$out.='<td align="right">' . $langs->trans("Size") . '</td>';
$out.='<td align="right">' . $langs->trans("DateModification") . '</td>';
$out.='</tr>'."\n";
$var = true;
$tmpfilelist3 = dol_sort_array($file_list['added'], 'filename');
if (is_array($tmpfilelist3) && count($tmpfilelist3))
{
$i = 0;
foreach ($tmpfilelist3 as $file)
{
$i++;
$var = !$var;
$out.='<tr ' . $bc[$var] . '>';
$out.='<td>'.$i.'</td>' . "\n";
$out.='<td>'.$file['filename'].'</td>' . "\n";
$out.='<td align="center">'.$file['expectedmd5'].'</td>' . "\n";
$out.='<td align="center">'.$file['md5'].'</td>' . "\n";
$out.='<td align="right">'.dol_print_size(dol_filesize(DOL_DOCUMENT_ROOT.'/'.$file['filename'])).'</td>' . "\n";
$out.='<td align="right">'.dol_print_date(dol_filemtime(DOL_DOCUMENT_ROOT.'/'.$file['filename']),'dayhour').'</td>' . "\n";
$out.="</tr>\n";
}
}
else
{
$out.='<tr ' . $bc[false] . '><td colspan="5" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
}
$out.='</table>';
// Show warning
if (empty($tmpfilelist) && empty($tmpfilelist2) && empty($tmpfilelist3))
{
setEventMessage($langs->trans("FileIntegrityIsStrictlyConformedWithReference"));
}
else
{
setEventMessage($langs->trans("FileIntegritySomeFilesWereRemovedOrModified"), 'warnings');
}
}
}
else
{
@ -253,13 +316,30 @@ if ($xml)
asort($checksumconcat); // Sort list of checksum
//var_dump($checksumconcat);
$checksumget = md5(join(',',$checksumconcat));
$checksumtoget = $xml->dolibarr_htdocs_dir_checksum;
print '<br>';
$checksumtoget = trim((string) $xml->dolibarr_htdocs_dir_checksum);
/*var_dump(count($file_list['added']));
var_dump($checksumget);
var_dump($checksumtoget);
var_dump($checksumget == $checksumtoget);*/
print_fiche_titre($langs->trans("GlobalChecksum")).'<br>';
print $langs->trans("ExpectedChecksum").' = '. ($checksumtoget ? $checksumtoget : $langs->trans("Unknown")) .'<br>';
print $langs->trans("CurrentChecksum").' = '.$checksumget;
print $langs->trans("CurrentChecksum").' = ';
if ($checksumget == $checksumtoget)
{
if (count($file_list['added'])) print $checksumget.' - <span class="warning">'.$langs->trans("FileIntegrityIsOkButFilesWereAdded").'</span>';
else print '<span class="ok">'.$checksumget.'</span>';
}
else
{
print '<span class="error">'.$checksumget.'</span>';
}
print '<br>';
print '<br>';
// Output detail
print $out;
}
@ -287,10 +367,11 @@ function getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path = '', $pathre
{
$exclude = 'install';
foreach ($dir->md5file as $file)
foreach ($dir->md5file as $file) // $file is a simpleXMLElement
{
$filename = $path.$file['name'];
$file_list['insignature'][] = $filename;
//if (preg_match('#'.$exclude.'#', $filename)) continue;
if (!file_exists($pathref.'/'.$filename))
@ -309,3 +390,4 @@ function getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path = '', $pathre
return $file_list;
}

8
htdocs/core/lib/files.lib.php
View File

@ -44,8 +44,8 @@ function dol_basename($pathfile)
* @param string $path Starting path from which to search. This is a full path.
* @param string $types Can be "directories", "files", or "all"
* @param int $recursive Determines whether subdirectories are searched
* @param string $filter Regex filter to restrict list. This regex value must be escaped for '/', since this char is used for preg_match function
* @param array $excludefilter Array of Regex for exclude filter (example: array('(\.meta|_preview\.png)$','^\.'))
* @param string $filter Regex filter to restrict list. This regex value must be escaped for '/', since this char is used for preg_match function. Filter is checked into basename only.
* @param array $excludefilter Array of Regex for exclude filter (example: array('(\.meta|_preview\.png)$','^\.')). Exclude is checked into fullpath.
* @param string $sortcriteria Sort criteria ("","fullname","name","date","size")
* @param string $sortorder Sort order (SORT_ASC, SORT_DESC)
* @param int $mode 0=Return array minimum keys loaded (faster), 1=Force all keys like date and size to be loaded (slower), 2=Force load of date only, 3=Force load of size only
@ -104,7 +104,7 @@ function dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefil
$filesize='';
$file_list = array();
while (false !== ($file = readdir($dir)))
while (false !== ($file = readdir($dir))) // $file is always a basename (into directory $newpath)
{
if (! utf8_check($file)) $file=utf8_encode($file); // To be sure data is stored in utf8 in memory
@ -137,7 +137,7 @@ function dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefil
if ($loaddate || $sortcriteria == 'date') $filedate=dol_filemtime($path."/".$file);
if ($loadsize || $sortcriteria == 'size') $filesize=dol_filesize($path."/".$file);
if (! $filter || preg_match('/'.$filter.'/i',$file)) // We do not search key $filter into $path, only into $file
if (! $filter || preg_match('/'.$filter.'/i',$file)) // We do not search key $filter into all $path, only into $file part
{
preg_match('/([^\/]+)\/[^\/]+$/',$path.'/'.$file,$reg);
$level1name=(isset($reg[1])?$reg[1]:'');

5
htdocs/langs/en_US/admin.lang
View File

@ -11,13 +11,16 @@ VersionRecommanded=Recommended
FileCheck=Files integrity checker
FileCheckDesc=This tool allows you to check the integrity of files of your application, comparing each files with the official ones. You can use this tool to detect if some files were modified by a hacker for example.
FileIntegrityIsStrictlyConformedWithReference=Files integrity is strictly conformed with the reference.
FileIntegritySomeFilesWereRemovedOrModified=Files integrity check has failed. Some files were modified of removed.
FileIntegrityIsOkButFilesWereAdded=Files integrity check has passed, however some new files were added.
FileIntegritySomeFilesWereRemovedOrModified=Files integrity check has failed. Some files were modified, removed or added.
GlobalChecksum=Global checksum
MakeIntegrityAnalysisFrom=Make integrity analysis of application files from
LocalSignature=Embedded local signature (less reliable)
RemoteSignature=Remote distant signature (more reliable)
FilesMissing=Missing Files
FilesUpdated=Updated Files
FilesModified=Modified Files
FilesAdded=Added Files
FileCheckDolibarr=Check integrity of application files
AvailableOnlyOnPackagedVersions=The local file for integrity checking is only available when application is installed from a certified package
XmlNotFound=Xml Integrity File of application not found