예제 #1
0
파일: chmod.php 프로젝트: justinlyon/scc
/**
 * Prints the whole page including form but without the footer.
 * Call this function, then call chmodRecursively() which will output some HTML,
 * and finally call printFooter();
 */
function printPageWithoutFooter($plugins, $path, $filePermissions, $folderPermissions, $permissionBitSets)
{
    global $baseUrl;
    ?>
<html>
  <head>
    <title>Gallery Support - Change Filesystem Permissions</title>
    <link rel="stylesheet" type="text/css" href="<?php 
    print $baseUrl;
    ?>
support.css"/>
    <style type="text/css">
    </style>
    <script type="text/javascript">
      var plugins = new Array();
      <?php 
    foreach ($plugins as $pluginId => $isOpenForEdit) {
        print "plugins['{$pluginId}'] = {$isOpenForEdit};\n        ";
    }
    ?>

      function setEditOrSecure(pluginId, formObj) {
        if (pluginId == -1) {
	  formObj.mode.value='';
	  formObj.open.disabled = true;
	  formObj.secure.disabled = true;
        } else if (plugins[pluginId]) {
	  formObj.mode.value='secure';
	  formObj.open.disabled = true;
	  formObj.secure.disabled = false;
        } else {
	  formObj.mode.value='open';
	  formObj.open.disabled = false;
	  formObj.secure.disabled = true;
        }
      }

      function printStatusMessage(message) {
        var statusElement = document.getElementById('status');
        statusElement.innerHTML = message + "<a href=\"#details\">[details]</a>";
        statusElement.style.display = 'block';
      }

      function printErrorMessage(message) {
        var errorElement = document.getElementById('error');
        errorElement.innerHTML = message +
          "<br/>Note: Please look at the <a href=\"#details\">[details]</a>. " +
          "You might be able to change the filesystem permissions of the failed directories " +
          "successfully yourself with an FTP program or a command line shell."
        errorElement.style.display = 'block';
      }
    </script>
  </head>

  <body>
    <div id="content">
      <div id="title">
	<a href="../../">Gallery</a> &raquo;
	<a href="<?php 
    generateUrl('index.php');
    ?>
">Support</a> &raquo;
	Change Filesystem Permissions
      </div>
      <h2>
        This tool lets you change the filesystem permissions of files and folders owned
        by the webserver.
      </h2>
      <p>
        All files and folders in your Gallery storage folder are owned by the
        webserver. If you installed Gallery2 by unpacking a .zip or .tar.gz file, then the
        gallery2 folder is probably owned by you which means that you can edit the files
        directly.  However, if you used the preinstaller then your gallery2 directory is
        also owned by the webserver. For more information, see the <b><a
        href="http://codex.gallery2.org/Gallery2:Security">Gallery Security Guide</a>.</b>
      </p>

      <!-- Identifyable placeholders such that we can insert our messages during runtime via JS. -->
      <div id="error" class="error" style="display: none;">
        &nbsp;
      </div>

      <div id="status" class="success" style="display: none;">
        &nbsp;
      </div>

      <hr class="faint"/>

      <?php 
    if (!isModulesOrThemesDirWriteable()) {
        ?>
      <h2>
	<a href="<?php 
        generateUrl('index.php?chmod&amp;command=' . CMD_CHMOD_MODULES_AND_THEMES_DIR . '&amp;mode=open');
        ?>
">Make modules &amp; themes directories writeable</a>
      </h2>
      <p class="description">
	Useful when adding a new module or theme.  This makes your modules and
	themes folders writeable. It only works if you have installed Gallery with the
	pre-installer. Usually you can change the filesystem permissions with your FTP
	program or command line shell.
      </p>
      <?php 
    } else {
        ?>
      <h2>
	<a href="<?php 
        generateUrl('index.php?chmod&amp;command=' . CMD_CHMOD_MODULES_AND_THEMES_DIR . '&amp;mode=secure');
        ?>
">Make modules &amp; themes directories read-only</a>
      </h2>
      <p class="description">
	Useful when you're not going to be making changes by hand. This makes your
	modules and themes folders writeable. Only works if you have installed Gallery
	with the pre-installer. Usually you can change the filesystem permissions with
	your FTP program or command line shell.
      </p>
      <?php 
    }
    ?>

      <hr class="faint"/>

      <?php 
    startForm('index.php?chmod&amp;command=' . CMD_CHMOD_PLUGIN_DIR, 'pluginForm');
    ?>
	<h2 id="themeOrModule">
	  Make a specific theme or module editable
	</h2>
	<p class="description">
	  If you want to edit a page template file of a specific module or theme and your
	  Gallery was originally installed with the pre-installer, you might have to make
	  the corresponding plugin folder writeable first.
	</p>
	<p class="description">
	  <select name="pluginId"
	    onchange="setEditOrSecure(this.options[this.selectedIndex].value, this.form)">
	    <option value="-1">&laquo; select a module or theme &raquo;</option>
	    <?php 
    foreach ($plugins as $pluginId => $writeable) {
        ?>
	    <option value="<?php 
        print $pluginId;
        ?>
"> <?php 
        print $pluginId;
        ?>
 </option>
	    <?php 
    }
    ?>
	  </select>
	  &nbsp;&nbsp;
	  <input type="hidden" name="mode" value="open"/>
	  <input type="submit" disabled="disabled" name="open" value="Make it open (read/write)"/> |
	  <input type="submit" disabled="disabled" name="secure" value="Make it secure (read-only)"/>
	</p>
      </form>

      <hr class="faint"/>

      <h2><a href="<?php 
    generateUrl('index.php?chmod&amp;command=' . CMD_CHMOD_STORAGE_DIR);
    ?>
">Make the data folder read/write</a></h2>
      <p class="description">
        For some reason, your Gallery data folder might no longer be writeable by Gallery itself
        and if that happens, Gallery will usually show a ERROR_PLATFORM_FAILURE. In that case the
        problem might be solved by the above action. If the problem persists, you will have to talk
        to your webhost to get data folder writeable again.
      </p>

      <hr class="faint"/>

      <h2><a href="<?php 
    generateUrl('index.php?chmod&amp;command=' . CMD_CHMOD_LOCALE_DIR);
    ?>
">Make the locale folder read/write</a></h2>
      <p class="description">
        If you're localizing Gallery, you may see warnings when you compile up your localization
        since you may not have permissions to copy the the new localized version into your
        g2data/locale folder.  Making the locale folder read/write should solve this problem.
      </p>

      <hr class="faint"/>

      <?php 
    if (isGalleryDirWriteable()) {
        ?>
      <h2><a href="<?php 
        generateUrl('index.php?chmod&amp;command=' . CMD_CHMOD_GALLERY_DIR);
        ?>
&amp;mode=open">Make everything read/write</a></h2>
      <p class="description">
        If your Gallery has been installed with the pre-installer, you might have to make the
        whole Gallery directory structure read/write before you can upgrade or delete your
        installation.
      </p>
      <?php 
    } else {
        ?>
      <h2><a href="<?php 
        generateUrl('index.php?chmod&amp;command=' . CMD_CHMOD_GALLERY_DIR);
        ?>
&amp;mode=secure">Make everything read-only</a></h2>
      <p class="description">
        If your Gallery has been installed with the pre-installer you may want to change
        all your files back to read-only for a small amount of additional security.
      </p>
      <?php 
    }
    ?>

      <hr class="faint"/>

      <h2>Advanced: Choose the path and the permissions manually</h2>
      <?php 
    startForm('index.php?chmod&amp;command=' . CMD_ADVANCED);
    ?>
	<p class="description">
	  <b> Path to change: </b>
	  <input type="text" name="path" size="50" value="<?php 
    print $path;
    ?>
"/>
          <br/>
	  <span class="subtext">
	    Gallery folder: <i><?php 
    print GallerySetupUtilities::getConfigDir();
    ?>
</i> <br/>
            Gallery data folder: <i><?php 
    print getGalleryStoragePath();
    ?>
</i> <br/>
	  </span>
          <br/>
          <b> New permissions: </b>
	  <?php 
    foreach ($permissionBitSets as $permissionBitSet) {
        $checked = $permissionBitSet[1]->equals($filePermissions) ? 'checked="checked"' : '';
        $value = $permissionBitSet[0]->getAsString() . $permissionBitSet[1]->getAsString();
        ?>
	  <br/>
	  <input id="set_<?php 
        print $value;
        ?>
" type="radio" name="permissions" value="<?php 
        print $value;
        ?>
" <?php 
        print $checked;
        ?>
>
	    <label for="set_<?php 
        print $value;
        ?>
">
	      <span class="hasToolTip" title="Files: <?php 
        print $permissionBitSet[1]->getAsString();
        ?>
, Folders: <?php 
        print $permissionBitSet[0]->getAsString();
        ?>
"> <?php 
        print $permissionBitSet[1]->getDescription();
        ?>
</span>
	    </label>
	  </input>
	  <?php 
    }
    ?>
	  <br/><br/>

          <input type="submit" value="Change the Permissions now!"/>
        </p>
      </form>
<?php 
}
예제 #2
0
파일: chmod.php 프로젝트: noikiy/owaspbwa
/**
 * Prints the whole page including form but without the footer.
 * Call this function, then call chmodRecursively() which will output some HTML,
 * and finally call printFooter();
 */
function printPageWithoutFooter($plugins, $path, $filePermissions, $folderPermissions, $permissionBitSets)
{
    global $baseUrl;
    ?>
<html>
  <head>
    <title>Gallery Support - Change Filesystem Permissions</title>
    <link rel="stylesheet" type="text/css" href="<?php 
    print $baseUrl;
    ?>
support.css"/>
    <style type="text/css">
	.highlightedLink {
	    font-weight: bold;
	    color: blue;
	}

	.disabledLink{
	    font-weight: lighter;
	    color: #888888;
	}
	
	div.success {
            border: solid green 1px;
            margin: 20px;
            padding: 10px;
        }
    </style>
    <script type="text/javascript">
      var plugins = new Array();
      <?php 
    foreach ($plugins as $pluginId => $isOpenForEdit) {
        print "plugins['{$pluginId}'] = {$isOpenForEdit};\n        ";
    }
    ?>

      function setEditOrSecure(pluginId, formObj) {
        if (pluginId == -1) {
	  formObj.open.disabled = true;
	  formObj.secure.disabled = true;    	
        } else if (plugins[pluginId]) {
	  formObj.open.disabled = false;
	  formObj.secure.disabled = true;
        } else {
	  formObj.open.disabled = true;
	  formObj.secure.disabled = false;	
        }
      }
      
      function printStatusMessage(message) {
        var statusElement = document.getElementById('status');
        statusElement.innerHTML = message + "<a href=\"#details\">[details]</a>";
        statusElement.style.display = 'block';
      }
      
      function printErrorMessage(message) {
        var errorElement = document.getElementById('error');
        errorElement.innerHTML = message + 
          "<br/>Note: Please look at the <a href=\"#details\">[details]</a>. " +
          "You might be able to change the filesystem permissions of the failed directories " +
          "successfully yourself with an FTP program."
        errorElement.style.display = 'block';
      }
    </script>
  </head>

  <body>
      <H1>Change Filesystem Permissions</H1>
      <a href="index.php"> Back to Support Page </a>
      <h2>
        This tool lets you change the filesystem permissions of files and folders owned 
        by the webserver.
      </h2>
      <p>
        All files and folders in your Gallery storage folder are owned by the webserver. 
        Also, if you have used the &quot;pre-installer&quot;
        to get Gallery onto the webserver, your whole Gallery folder is owned by the 
        webserver as well. But usually the Gallery folder was created by yourself.
      </p>
      <p>
        See: <b><a href="http://codex.gallery2.org/index.php/Gallery2:Security">
        Gallery Security Guide</a></b>
      </p>

      <!-- Identifyable placeholders such that we can insert our messages during runtime via JS. -->
      <div id="error" class="error" style="display: none;">
        &nbsp;
      </div>

      <div id="status" class="success" style="display: none;">
        &nbsp;
      </div>
      
      <h3>Please choose an action:</h3>
      
      <div class="box">
      <?php 
    if (isModulesOrThemesDirWriteable()) {
        ?>
      <h3><a href="index.php?chmod&amp;command=<?php 
        print CMD_CHMOD_MODULES_AND_THEMES_DIR;
        ?>
&amp;mode=open">Add a new module or theme 
        (make modules/ &amp; themes/ writeable)</a></h3>
      <?php 
    } else {
        ?>
      <h3><a href="index.php?chmod&amp;command=<?php 
        print CMD_CHMOD_MODULES_AND_THEMES_DIR;
        ?>
&amp;mode=secure">Secure the modules/ and 
        themes/ folder (make modules/ &amp; themes/ read-only)</a></h3>
      <?php 
    }
    ?>
      <p>
        When adding a new module or theme you must first make your modules/ or themes/ folder 
        writeable.<br/>
        Only useful if you have installed Gallery with the pre-installer. Usually you can 
        change the filesystem permissions with your FTP program.
      </p>
      </div>

      <div class="box">
      <form name="pluginForm" method="POST" action="index.php?chmod&amp;command=<?php 
    print CMD_CHMOD_PLUGIN_DIR;
    ?>
">
      <h3 id="themeOrModule">
        Edit or remove a specific module / theme (make themes/xxx/ or modules/xxx writeable)
      </h3>
      &nbsp;
      <select name="pluginId" 
      onchange="setEditOrSecure(this.options[this.selectedIndex].value, this.form)">
      <option value="-1">Please select a module or theme:</option>
      <?php 
    foreach ($plugins as $pluginId => $writeable) {
        print '<option value="' . $pluginId . '">' . $pluginId . "</option>\n";
    }
    ?>
      </select>
      &nbsp;&nbsp;
      <input type="hidden" name="mode" value="open"/>
      <input type="submit" disabled name="open" value="Open for edit (writeable)"/> | 
      <input type="submit" disabled name="secure" value="Make it read-only (secure)"/> 
      <p>
        If you want to edit a page template file of a specific module or theme and your 
        Gallery was originally installed with the pre-installer, you might have to make 
        the corresponding plugin folder writeable first.
      </p>
      </form> 
      </div>

      <div class="box">
      <h3><a href="index.php?chmod&amp;command=<?php 
    print CMD_CHMOD_STORAGE_DIR;
    ?>
">Fix the storage folder 
      (make it writeable)</a></h3>
      <p>
        For some reason, your Gallery storage folder might no longer be writeable by Gallery itself
        and if that happens, Gallery will usually show a ERROR_STORAGE_FAILURE. In that case the 
        problem might be solved by the above action. If the problem persists, you will have to talk
        to your webhost to get the storage folder writeable again.
      </p>
      </div>

      <div class="box">
      <?php 
    if (isGalleryDirWriteable()) {
        ?>
      <h3><a href="index.php?chmod&amp;command=<?php 
        print CMD_CHMOD_GALLERY_DIR;
        ?>
&amp;mode=open">Prepare for Upgrade: Make everything writeable (deleteable)</a></h3>
      <?php 
    } else {
        ?>
      <h3><a href="index.php?chmod&amp;command=<?php 
        print CMD_CHMOD_GALLERY_DIR;
        ?>
&amp;mode=secure">Secure the installation after upgrade</a></h3>
      <?php 
    }
    ?>
      <p>
        If your Gallery has been installed with the pre-installer, you might have to make the 
        whole Gallery directory structure writeable before you can upgrade your installation.<br/>
        Similarely, if you want to remove Gallery altogether from your website and if it was installed
        with the pre-installer, you need to do the same.
      </p>
      </div>
      
      <div class="box">
        <h3>Advanced: Choose the path and the permissions manually</h3>
        <form method="POST" action="index.php?chmod&amp;command=<?php 
    print CMD_ADVANCED;
    ?>
">
	  <h4>Please enter the filesystem path of the folder / file:</h3>
	  <p style="size=-1">
	    (e.g. the path to your Gallery folder is <i><?php 
    print getGalleryBasePath();
    ?>
            </i> and the path to your Gallery storage folder is 
            <i><?php 
    print getGalleryStoragePath();
    ?>
</i>.
          </p>
          <input type="text" name="path" size="50" value="<?php 
    print $path;
    ?>
"/>
	  <h4>Please select the new file / folder permissions:</h3>
          <table>
            <?php 
    $first = true;
    foreach ($permissionBitSets as $permissionBitSet) {
        $checked = $permissionBitSet[1]->equals($filePermissions) ? 'checked' : '';
        $value = $permissionBitSet[0]->getAsString() . $permissionBitSet[1]->getAsString();
        $longDescription = '<font size=-2>[Files: ' . $permissionBitSet[1]->getDescription() . ' (' . $permissionBitSet[1]->getAsString() . ') / Folders: ' . $permissionBitSet[0]->getDescription() . ' (' . $permissionBitSet[0]->getAsString() . ')]</font>';
        printf('<tr><td><input type="radio" name="permissions" value="%s" %s/></td><td>%s</td><td>&nbsp;</td><td>%s</td></tr>', $value, $checked, $permissionBitSet[1]->getDescription(), $longDescription);
    }
    ?>
          </table>
          <p>
            Note: Execute permission on a folder means that you can list the files and sub-folders
            in that folder. Usually, you always want to give execute and read permissions on 
            folders to everyone and read permissions on files to everyone.  
          </p>
	  <input type="submit" value="Change the Permissions now!"/>
	</form>
      </div>
      
      <a name="details"></a>
      <div class="box">
        <h3>Results:</h3>
        
<?php 
}