public function doGet(WebAppRequest $req, WebAppResponse $res)
{
$resource = substr(\Innomatic\Webapp\WebAppContainer::instance('\\Innomatic\\Webapp\\WebAppContainer')->getCurrentWebApp()->getHome(), 0, -1) . $req->getPathInfo();
// If this is a directory, check that a welcome file exists
if (is_dir($resource)) {
$this->welcomeFiles = \Innomatic\Webapp\WebAppContainer::instance('\\Innomatic\\Webapp\\WebAppContainer')->getCurrentWebApp()->getWelcomeFiles();
$path = $this->getRelativePath($req);
$welcomeFile = $this->findWelcomeFile($path);
if ($welcomeFile != null) {
$resource = $resource . $welcomeFile;
} else {
$res->sendError(WebAppResponse::SC_FORBIDDEN, $req->getRequestURI());
return;
}
}
// Make sure that this path exists on disk
if ($req->getPathInfo() == '/index' or !file_exists($resource . '.php')) {
$res->sendError(WebAppResponse::SC_NOT_FOUND, $req->getRequestURI());
return;
}
// Core directory is private
if (substr($req->getPathInfo(), 0, 6) == '/core/') {
$res->sendError(WebAppResponse::SC_FORBIDDEN, $req->getRequestURI());
return;
}
// Resource must reside inside the webapp
if (\Innomatic\Security\SecurityManager::isAboveBasePath($resource, \Innomatic\Webapp\WebAppContainer::instance('\\Innomatic\\Webapp\\WebAppContainer')->getCurrentWebApp()->getHome())) {
$res->sendError(WebAppResponse::SC_FORBIDDEN, $req->getRequestURI());
return;
}
include $resource . '.php';
}
public function doUninstallAction($params)
{
// Checks if the name is valid.
if (!strlen($params['name'])) {
$this->mLog->logEvent('ScriptComponent::doUninstallAction', 'In application ' . $this->appname . ', component ' . $params['name'] . ': Empty script file name', \Innomatic\Logging\Logger::ERROR);
return false;
}
// Cheks that the script file name does not contain malicious code.
if (\Innomatic\Security\SecurityManager::isAboveBasePath($this->container->getHome() . 'core/scripts/' . $params['name'], $this->container->getHome() . 'core/scripts/')) {
$this->mLog->logEvent('ScriptComponent::doUninstallAction', 'In application ' . $this->appname . ', component ' . $params['name'] . ': Malicious script file name', \Innomatic\Logging\Logger::ERROR);
return false;
}
// Checks if the script file exists.
if (!file_exists($this->container->getHome() . '/core/scripts/' . $params['name'])) {
$this->mLog->logEvent('ScriptComponent::doUninstallAction', 'In application ' . $this->appname . ', component ' . $params['name'] . ': Missing script file', \Innomatic\Logging\Logger::ERROR);
return false;
}
if (!@unlink($this->container->getHome() . 'core/scripts/' . $params['name'])) {
$this->mLog->logEvent('ScriptComponent::doUninstallAction', 'In application ' . $this->appname . ', component ' . $params['name'] . ': Unable to remove script file', \Innomatic\Logging\Logger::ERROR);
return false;
}
return true;
}
/**
* Overwrites webapp skeleton with a new one.
* The previous skeleton is not deleted, it is only overwritten.
*
* @param string $webappName
* @param string $skeletonName
* @return bool
*/
public static function applyNewSkeleton($webappName, $skeletonName)
{
$home = \Innomatic\Webapp\WebAppContainer::instance('\\Innomatic\\Webapp\\WebAppContainer')->getHome();
// Checks that the webapp name doesn't contain a malicious path.
if (\Innomatic\Security\SecurityManager::isAboveBasePath($home . $webappName, $home)) {
return false;
}
// Strips any path info from the skeleton name.
$skeletonName = basename($skeletonName);
// Checks if the given skeleton exits, otherwise uses default one.
if (!is_dir($home . 'innomatic/core/conf/skel/webapps/' . $skeletonName . '-skel/')) {
return false;
}
// Copies the skeleton to the webapp directory, overwriting previos skeleton.
return \Innomatic\Io\Filesystem\DirectoryUtils::dirCopy($home . 'innomatic/core/conf/skel/webapps/' . $skeletonName . '-skel/', $home . $webappName . '/');
}
public function remove()
{
$result = false;
$hook = new \Innomatic\Process\Hook($this->rootda, 'innomatic', 'domain.remove');
if ($hook->callHooks('calltime', $this, '') == \Innomatic\Process\Hook::RESULT_OK) {
$query = $this->rootda->execute('SELECT * FROM domains WHERE id=' . (int) $this->domainserial);
$data = $query->getFields();
// Set the current domain object so that any component relying on
// the InnomaticContainer current domain does not fail
$this->container->setCurrentDomain($this);
// Removes domain users.
// They must be removed before disabling applications
// and dropping the database.
$this->removeAllUsers();
// Disables all applications.
$this->disableAllApplications($this->domainserial);
if ($this->container->getEdition() == \Innomatic\Core\InnomaticContainer::EDITION_MULTITENANT) {
$args['dbname'] = $data['domaindaname'];
$args['dbhost'] = $data['dataaccesshost'];
$args['dbport'] = $data['dataaccessport'];
$args['dbuser'] = $data['dataaccessuser'];
$args['dbpass'] = $data['domaindapass'];
$args['dbtype'] = $data['dataaccesstype'];
$args['dblog'] = $this->container->getHome() . 'core/domains/' . $data['domainid'] . '/log/dataaccess.log';
$this->dataAccess->close();
$this->dataAccess->dropDB($args);
}
// Removes cached items.
$cache_gc = new \Innomatic\Datatransfer\Cache\CacheGarbageCollector();
$cache_gc->removeDomainItems((int) $data['id']);
// Removes domain from root database.
$this->rootda->execute('DELETE FROM domains WHERE id=' . (int) $data['id']);
$this->rootda->execute('DELETE FROM applications_options_disabled WHERE domainid=' . $this->domainserial);
$log = $this->container->getLogger();
$log->logEvent($data['domainid'], 'Removed domain ' . $data['domainid'], \Innomatic\Logging\Logger::NOTICE);
if (!empty($data['domainid']) and !in_array($data['domainid'], $this->reservedNames)) {
if (!\Innomatic\Security\SecurityManager::isAboveBasePath($this->container->getHome() . 'core/domains/' . $data['domainid'], $this->container->getHome() . 'core/domains/')) {
// Removes domain directory inside Innomatic webapp
\Innomatic\Io\Filesystem\DirectoryUtils::unlinkTree($this->container->getHome() . 'core/domains/' . $data['domainid']);
}
// Removes domain webapp
\Innomatic\Webapp\WebAppContainer::eraseWebApp($data['domainid']);
}
if ($hook->callHooks('domainremoved', $this, '') == \Innomatic\Process\Hook::RESULT_OK) {
$result = true;
}
// Tells the security manager that the domain has been removed.
if ($this->container->getConfig()->Value('SecurityAlertOnDomainOperation') == '1') {
$innomatic_security = new \Innomatic\Security\SecurityManager();
$innomatic_security->sendAlert('Domain ' . $data['domainid'] . ' has been removed');
unset($innomatic_security);
}
}
return $result;
}
