diff --git a/lib/common/functions.sh b/lib/common/functions.sh index 563a04e027..cc537a8f9a 100755 --- a/lib/common/functions.sh +++ b/lib/common/functions.sh @@ -1355,6 +1355,29 @@ configureFOGService() { startInitScript } configureNFS() { + dots "Setting up NFS configuration file" + if [[ -f "/etc/nfs.conf" ]]; then + # Fix all set port=20048 back to default values + sed -i '/^port=20048/ {s/^port=20048/# port=0/}' /etc/nfs.conf >>$error_log 2>&1 + fi + # set port in nfs.conf.d directory + if [[ -f "/etc/nfs.conf" && ! -d "/etc/nfs.conf.d/" ]]; then + mkdir /etc/nfs.conf.d + elif [[ -f "/usr/etc/nfs.conf" && ! -d "/usr/etc/nfs.conf.d/" ]]; then + mkdir /usr/etc/nfs.conf.d + fi + if [[ -f "/etc/nfs.conf" && ! -f "/etc/nfs.conf.d/fog-nfs.conf" ]]; then + cat > /etc/nfs.conf.d/fog-nfs.conf < /usr/etc/nfs.conf.d/fog-nfs.conf <key($key); - $result = isset($this->isLoaded[$key]) ? $this->isLoaded[$key] : 0; + $result = isset($this->isLoaded[$key]) ? true : false; $this->isLoaded[$key] = true; - ++$this->isLoaded[$key]; return $result ? $result : false; } @@ -2578,4 +2577,22 @@ public static function is_array_of_assoc_arrays($arr) { } return true; } + /** + * Is Authorized to perform action simplified + * + * @param $return_bool Defaults to false, but can return bool + * + * @return void|bool + */ + public static function is_authorized($return_bool = false) + { $authorized = self::$FOGUser->isValid() || + strtolower(($_SERVER['HTTP_X_REQUESTED_WITH'] ?? '')) == 'xmlhttprequest'; + if ($return_bool) { + return $authorized; + } + if (!$authorized) { + echo _('Unauthorized'); + exit; + } + } } diff --git a/packages/web/lib/fog/system.class.php b/packages/web/lib/fog/system.class.php index 8360f93a22..502ffa251b 100644 --- a/packages/web/lib/fog/system.class.php +++ b/packages/web/lib/fog/system.class.php @@ -53,7 +53,7 @@ private static function _versionCompare() public function __construct() { self::_versionCompare(); - define('FOG_VERSION', '1.5.10.1566'); + define('FOG_VERSION', '1.5.10.1584'); define('FOG_SCHEMA', 271); define('FOG_BCACHE_VER', 141); define('FOG_CLIENT_VERSION', '0.13.0'); diff --git a/packages/web/lib/pages/fogconfigurationpage.class.php b/packages/web/lib/pages/fogconfigurationpage.class.php index cf9bb036c3..5b4647c277 100644 --- a/packages/web/lib/pages/fogconfigurationpage.class.php +++ b/packages/web/lib/pages/fogconfigurationpage.class.php @@ -3061,16 +3061,10 @@ public function settingsPost() 'jpeg', 'png', ]; - $extensionCheck = strtolower(pathinfo($src, PATHINFO_EXTENSION)); - if (!in_array($extensionCheck, $validExtensions)) { - throw new Exception( - _('Upload file extension must be, jpg, jpeg, or png') - ); - } $extensionCheck = strtolower(pathinfo($set, PATHINFO_EXTENSION)); if (!in_array($extensionCheck, $validExtensions)) { throw new Exception( - _('Created file extension must be, jpg, jpeg, or png') + _('Upload file extension must be, jpg, jpeg, or png') ); } if ($width != 650) { diff --git a/packages/web/management/export.php b/packages/web/management/export.php index fbd052fbf8..98c80417a9 100644 --- a/packages/web/management/export.php +++ b/packages/web/management/export.php @@ -20,13 +20,7 @@ * @link https://fogproject.org */ require '../commons/base.inc.php'; -$unauthorized = !(isset($currentUser) && $currentUser->isValid()) || empty($_SERVER['HTTP_X_REQUESTED_WITH']) - || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest'; - -if ($unauthorized) { - echo _('Unauthorized'); - exit; -} +FOGCore::is_authorized(); $report = unserialize($_SESSION['foglastreport']); if (!($report instanceof ReportMaker)) { diff --git a/packages/web/service/getversion.php b/packages/web/service/getversion.php index 321b9f1334..bd436e69e1 100644 --- a/packages/web/service/getversion.php +++ b/packages/web/service/getversion.php @@ -44,13 +44,7 @@ } elseif (isset($_REQUEST['url'])) { // Prevent an unauthenticated user from making arbitrary requests. - $unauthorized = !$currentUser->isValid() || empty($_SERVER['HTTP_X_REQUESTED_WITH']) - || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest'; - - if ($unauthorized) { - echo _('Unauthorized'); - exit; - } + FOGCore::is_authorized(); $url = $_REQUEST['url']; $res = $FOGURLRequests diff --git a/packages/web/status/getfiles.php b/packages/web/status/getfiles.php index 80d4c3a9d2..213dea266f 100644 --- a/packages/web/status/getfiles.php +++ b/packages/web/status/getfiles.php @@ -24,13 +24,7 @@ require '../commons/base.inc.php'; // Prevent file enumeration by an unauthenticated user -$unauthorized = !(isset($currentUser) && $currentUser->isValid()) || empty($_SERVER['HTTP_X_REQUESTED_WITH']) - || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest'; - -if ($unauthorized) { - echo _('Unauthorized'); - exit; -} +FOGCore::is_authorized(); if (!is_string($_GET['path'])) { echo json_encode( diff --git a/packages/web/status/kernelvers.php b/packages/web/status/kernelvers.php index 6ad607f381..3131612585 100644 --- a/packages/web/status/kernelvers.php +++ b/packages/web/status/kernelvers.php @@ -28,13 +28,7 @@ if (isset($_POST['url'])) { // Prevent an unauthenticated user from making arbitrary requests. - $unauthorized = !$currentUser->isValid() || empty($_SERVER['HTTP_X_REQUESTED_WITH']) - || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest'; - - if ($unauthorized) { - echo _('Unauthorized'); - exit; - } + FOGCore::is_authorized(); $res = $FOGURLRequests ->process(filter_input(INPUT_POST, 'url'));