echo 'Magento not found!' . "\n";
    exit;
}
// SECURITY PATCHES and APPSECS
//
$_securityPatches = array('SUPEE-6788' => array('APPSEC-1034' => array('text' => 'addressing bypassing custom admin URL', 'exec' => array('path' => array($_magentoPath . 'app/code/*'), 'cmd' => 'grep -irl ', 'query' => array('"<use>admin</use>"')), 'magentopath' => $_magentoPath), 'APPSEC-1063' => array('text' => 'addressing possible SQL injection', 'exec' => array('path' => array($_magentoPath . 'app/code/community/*', $_magentoPath . 'app/code/local/*'), 'cmd' => 'grep -irl ', 'query' => array('"collection->addFieldToFilter(\'"', '"collection->addFieldToFilter(\'\\`"')), 'magentopath' => $_magentoPath), 'APPSEC-1057' => array('text' => 'template processing method allows access to private information', 'exec' => array('path' => array($_magentoPath . 'app/code/community/*', $_magentoPath . 'app/code/local/*', $_magentoPath . 'app/locale/*', $_magentoPath . 'app/design/frontend/*'), 'cmd' => 'grep -irl ', 'query' => array('"{{config path="', '"{{block type="')), 'magentopath' => $_magentoPath)));
// EXEC
//
echo '*** ' . "" . 'Magento security file check' . "" . ' ***' . "\n";
$_count = 1;
foreach ($_securityPatches as $_patchName => $_securityNotices) {
    echo $_patchName . "\n";
    $_total = 0;
    foreach ($_securityNotices as $_appsec => $_securityNotice) {
        echo '[' . $_count++ . '] ' . $_appsec . ', ' . $_securityNotice['text'] . "\n";
        $_result = doExec($_securityNotice, $_appsec);
        $_total = $_total + $_result['total'];
        echo $_result['text'] . "\n";
    }
    echo $_patchName . ' ' . ($_total > 0 ? "" . $_total . "" . ' affected files.' : $_total . ' affected files.') . "\n";
}
echo '***********************************' . "\n";
exit;
function doExec($_securityNotice, $_appsec)
{
    $_text = '';
    $_exec = $_securityNotice['exec']['cmd'];
    $_total = 0;
    foreach ($_securityNotice['exec']['path'] as $_searchPath) {
        $_text = $_text . 'looking in ' . $_searchPath . "\n";
        $_count = 0;
    return $result;
}
function locale_to_dialing($locale)
{
    static $map = array('ru_RU' => 'Russian', 'en_EN' => 'English', 'de_DE' => 'German');
    if (isset($map[$locale])) {
        return $map[$locale];
    }
    return false;
}
if (false === ($locale = get_locale($argv[1]))) {
    doError("Can`t retrieve locale name from '" . $argv[1] . "' file");
}
$out_dir = $argv[2];
$morph_data_file = $out_dir . '/morph_data.' . strtolower($locale) . '.bin';
echo "Found '{$locale}' locale in {$argv['1']}" . PHP_EOL;
$args = array('--xml' => $argv[1], '--out-dir' => $argv[2], '--out-encoding' => $argv[3], '--force-encoding-single-byte' => null, '--verbose' => null, '--case' => 'upper');
if (@$argv[4]) {
    $args['--with-form-no'] = 'yes';
}
doExec('Build dictionary', MORPHY_BUILDER, $args);
doExec('Extract gramtab', BIN_DIR . '/extract-gramtab.php', array($morph_data_file, $out_dir));
doExec('Extract graminfo header', BIN_DIR . '/extract-graminfo-header.php', array($morph_data_file, $out_dir));
doExec('Create ancodes cache', BIN_DIR . '/extract-ancodes.php', array($morph_data_file, $out_dir));
if (@$argv[5]) {
    if (false !== ($language = locale_to_dialing($locale))) {
        doExec('Create dialing ancodes map', BIN_DIR . '/extract-ancodes-map.php', array($morph_data_file, $language, $out_dir));
    } else {
        echo "Locale '{$locale}' unsupported for dialing dictionaries. Skip ancodes map." . PHP_EOL;
    }
}
Beispiel #3
0
        doError("\n\nCommand '" . $cmd . '\' exit with code = ' . $errorcode . ', error = \'' . $stderr . '\'');
    }
    echo "OK.\n";
}
function get_locale($xml)
{
    $reader = new XMLReader();
    if (false === $reader->open($xml)) {
        return false;
    }
    while ($reader->read()) {
        if ($reader->nodeType == XMLReader::ELEMENT) {
            if ($reader->localName === 'locale') {
                $result = $reader->getAttribute('name');
                $result = strlen($result) ? $result : false;
                break;
            }
        }
    }
    $reader->close();
    return $result;
}
if (false === ($locale = get_locale($argv[1]))) {
    doError("Can`t retrieve locale name from '" . $argv[1] . "' file");
}
$morph_data_file = $argv[2] . '/morph_data.' . strtolower($locale) . '.bin';
echo "Found '{$locale}' locale in {$argv['1']}\n";
doExec('Build dictionary', MORPHY_BUILDER, array('--xml' => $argv[1], '--out-dir' => $argv[2], '--out-encoding' => $argv[3], '--force-encoding-single-byte' => null, '--verbose' => null, '--case' => 'upper'));
doExec('Extract gramtab', BIN_DIR . '/extract_gramtab.php', array($morph_data_file, $argv[2]));
doExec('Extract graminfo header', BIN_DIR . '/extract_graminfo_header.php', array($morph_data_file, $argv[2]));