/** Get the latest module.xml file for this FreePBX version. * Caches in the database for 5 mintues. * If $module is specified, only returns the data for that module. * If the module is not found (or none are available for whatever reason), * then null is returned. * * Sets the global variable $module_getonlinexml_error to true if an error * occurred getting the module from the repository, false if no error occurred, * or null if the repository wasn't checked. Note that this may change in the * future if we decide we need to return more error codes, but as long as it's * a php zero-value (false, null, 0, etc) then no error happened. */ function module_getonlinexml($module = false, $override_xml = false) { // was getModuleXml() global $amp_conf; global $db; global $module_getonlinexml_error; // okay, yeah, this sucks, but there's no other good way to do it without breaking BC $module_getonlinexml_error = null; $got_new = false; $skip_cache = false; $result = sql("SELECT * FROM module_xml WHERE id = 'xml'", 'getRow', DB_FETCHMODE_ASSOC); $data = $result['data']; // Check if the cached module xml is for the same repo as being requested // if not, then we get it anyhow // $repo_url = $override_xml === false ? "http://mirror.freepbx.org/" : $override_xml; $result2 = sql("SELECT * FROM module_xml WHERE id = 'module_repo'", 'getRow', DB_FETCHMODE_ASSOC); $last_repo = $result2['data']; if ($last_repo !== $repo_url) { sql("DELETE FROM module_xml WHERE id = 'module_repo'"); $data4sql = $db->escapeSimple($repo_url); sql("INSERT INTO module_xml (id,time,data) VALUES ('module_repo'," . time() . ",'" . $data4sql . "')"); $skip_cache = true; } // if the epoch in the db is more than 2 hours old, or the xml is less than 100 bytes, then regrab xml // Changed to 5 minutes while not in release. Change back for released version. // // used for debug, time set to 0 to always fall through // if((time() - $result['time']) > 0 || strlen($result['data']) < 100 ) { if (time() - $result['time'] > 300 || $skip_cache || strlen($data) < 100) { $version = getversion(); // we need to know the freepbx major version we have running (ie: 2.1.2 is 2.1) preg_match('/(\\d+\\.\\d+)/', $version, $matches); //echo "the result is ".$matches[1]; if ($override_xml) { $fn = $override_xml . "modules-" . $matches[1] . ".xml"; } else { $fn = "http://mirror.freepbx.org/modules-" . $matches[1] . ".xml"; // echo "(From default)"; //debug } //$fn = "/usr/src/freepbx-modules/modules.xml"; if (!$amp_conf['MODULEADMINWGET']) { ini_set('user_agent', 'Wget/1.10.2 (Red Hat modified)'); $data = @file_get_contents($fn); } else { $data = ""; } if (empty($data)) { exec("wget -O - {$fn} 2> /dev/null", $data_arr, $retcode); $data = implode("\n", $data_arr); $module_getonlinexml_error = $retcode == 0 ? false : true; } $old_xml = array(); $got_new = false; if (!empty($data)) { // Compare the download to our current XML to see if anything changed for the notification system. // $sql = "SELECT data FROM module_xml WHERE id = 'xml'"; $old_xml = sql($sql, "getOne"); $got_new = true; // remove the old xml sql("DELETE FROM module_xml WHERE id = 'xml'"); // update the db with the new xml $data4sql = $db->escapeSimple($data); sql("INSERT INTO module_xml (id,time,data) VALUES ('xml'," . time() . ",'" . $data4sql . "')"); } } if (empty($data)) { // no data, probably couldn't connect online, and nothing cached return null; } $parser = new xml2ModuleArray($data); $xmlarray = $parser->parseAdvanced($data); if ($got_new) { module_update_notifications($old_xml, $xmlarray, $old_xml == $data4sql); } if (isset($xmlarray['xml']['module'])) { if ($module != false) { foreach ($xmlarray['xml']['module'] as $mod) { if ($module == $mod['rawname']) { return $mod; } } return null; } else { $modules = array(); foreach ($xmlarray['xml']['module'] as $mod) { $modules[$mod['rawname']] = $mod; } return $modules; } } return null; }
/** Get the latest module.xml file for this FreePBX version. * Caches in the database for 5 mintues. * If $module is specified, only returns the data for that module. * If the module is not found (or none are available for whatever reason), * then null is returned. * * Sets the global variable $module_getonlinexml_error to true if an error * occurred getting the module from the repository, false if no error occurred, * or null if the repository wasn't checked. Note that this may change in the * future if we decide we need to return more error codes, but as long as it's * a php zero-value (false, null, 0, etc) then no error happened. */ function module_getonlinexml($module = false, $override_xml = false, &$sec_array = false) { // was getModuleXml() global $amp_conf, $db, $module_getonlinexml_error; // okay, yeah, this sucks, but there's no other good way to do it without breaking BC $module_getonlinexml_error = null; $got_new = false; $skip_cache = false; $result = sql("SELECT * FROM module_xml WHERE id = 'xml'", 'getRow', DB_FETCHMODE_ASSOC); $data = $result['data']; // Check if the cached module xml is for the same repo as being requested // if not, then we get it anyhow // $repo_url = $override_xml === false ? $amp_conf['MODULE_REPO'] : $override_xml; $result2 = sql("SELECT * FROM module_xml WHERE id = 'module_repo'", 'getRow', DB_FETCHMODE_ASSOC); $last_repo = $result2['data']; if ($last_repo !== $repo_url) { sql("DELETE FROM module_xml WHERE id = 'module_repo'"); $data4sql = $db->escapeSimple($repo_url); sql("INSERT INTO module_xml (id,time,data) VALUES ('module_repo'," . time() . ",'" . $data4sql . "')"); $skip_cache = true; } // if the epoch in the db is more than 2 hours old, or the xml is less than 100 bytes, then regrab xml // Changed to 5 minutes while not in release. Change back for released version. // // used for debug, time set to 0 to always fall through // if((time() - $result['time']) > 0 || strlen($result['data']) < 100 ) { $skip_cache |= $amp_conf['MODULEADMIN_SKIP_CACHE']; $version = getversion(); // we need to know the freepbx major version we have running (ie: 2.1.2 is 2.1) preg_match('/(\\d+\\.\\d+)/', $version, $matches); $base_version = $matches[1]; if (time() - $result['time'] > 300 || $skip_cache || strlen($data) < 100) { if ($override_xml) { $fn = $override_xml . "/modules-" . $base_version . ".xml"; } else { // We pass in true to add options to accomodate future needs of things like php versions to get properly zended // tarballs of the same version for modules that are zended. // $fn = generate_module_repo_url("/modules-" . $base_version . ".xml", true); // echo "(From default)"; //debug } //$fn = "/usr/src/freepbx-modules/modules.xml"; $data = file_get_contents_url($fn); $module_getonlinexml_error = $data === false ? true : false; $old_xml = array(); $got_new = false; if (!empty($data)) { // Compare the download to our current XML to see if anything changed for the notification system. // $sql = "SELECT data FROM module_xml WHERE id = 'xml'"; $old_xml = sql($sql, "getOne"); $got_new = true; // remove the old xml sql("DELETE FROM module_xml WHERE id = 'xml'"); // update the db with the new xml $data4sql = $db->escapeSimple($data); sql("INSERT INTO module_xml (id,time,data) VALUES ('xml'," . time() . ",'" . $data4sql . "')"); } } if (empty($data)) { // no data, probably couldn't connect online, and nothing cached return null; } $parser = new xml2ModuleArray($data); $xmlarray = $parser->parseAdvanced($data); if ($got_new) { module_update_notifications($old_xml, $xmlarray, $old_xml == $data4sql); } if (is_array($sec_array) && !empty($xmlarray['xml']['security'])) { foreach ($xmlarray['xml']['security']['issue'] as $issue) { $sec_array[$issue['id']] = $issue; } } $exposures = module_get_security($xmlarray, $base_version); module_update_security_notifications($exposures); if (isset($xmlarray['xml']['module'])) { if ($module != false) { foreach ($xmlarray['xml']['module'] as $mod) { if ($module == $mod['rawname']) { return $mod; } } return null; } else { $modules = array(); foreach ($xmlarray['xml']['module'] as $mod) { $modules[$mod['rawname']] = $mod; if (isset($exposures[$mod['rawname']])) { $modules[$mod['rawname']]['vulnerabilities'] = $exposures[$mod['rawname']]; } } return $modules; } } return null; }