/** Get the latest module.xml file for this FreePBX version.
* Caches in the database for 5 mintues.
* If $module is specified, only returns the data for that module.
* If the module is not found (or none are available for whatever reason),
* then null is returned.
*
* Sets the global variable $module_getonlinexml_error to true if an error
* occurred getting the module from the repository, false if no error occurred,
* or null if the repository wasn't checked. Note that this may change in the
* future if we decide we need to return more error codes, but as long as it's
* a php zero-value (false, null, 0, etc) then no error happened.
*/
function module_getonlinexml($module = false, $override_xml = false)
{
// was getModuleXml()
global $amp_conf;
global $db;
global $module_getonlinexml_error;
// okay, yeah, this sucks, but there's no other good way to do it without breaking BC
$module_getonlinexml_error = null;
$got_new = false;
$skip_cache = false;
$result = sql("SELECT * FROM module_xml WHERE id = 'xml'", 'getRow', DB_FETCHMODE_ASSOC);
$data = $result['data'];
// Check if the cached module xml is for the same repo as being requested
// if not, then we get it anyhow
//
$repo_url = $override_xml === false ? "http://mirror.freepbx.org/" : $override_xml;
$result2 = sql("SELECT * FROM module_xml WHERE id = 'module_repo'", 'getRow', DB_FETCHMODE_ASSOC);
$last_repo = $result2['data'];
if ($last_repo !== $repo_url) {
sql("DELETE FROM module_xml WHERE id = 'module_repo'");
$data4sql = $db->escapeSimple($repo_url);
sql("INSERT INTO module_xml (id,time,data) VALUES ('module_repo'," . time() . ",'" . $data4sql . "')");
$skip_cache = true;
}
// if the epoch in the db is more than 2 hours old, or the xml is less than 100 bytes, then regrab xml
// Changed to 5 minutes while not in release. Change back for released version.
//
// used for debug, time set to 0 to always fall through
// if((time() - $result['time']) > 0 || strlen($result['data']) < 100 ) {
if (time() - $result['time'] > 300 || $skip_cache || strlen($data) < 100) {
$version = getversion();
// we need to know the freepbx major version we have running (ie: 2.1.2 is 2.1)
preg_match('/(\\d+\\.\\d+)/', $version, $matches);
//echo "the result is ".$matches[1];
if ($override_xml) {
$fn = $override_xml . "modules-" . $matches[1] . ".xml";
} else {
$fn = "http://mirror.freepbx.org/modules-" . $matches[1] . ".xml";
// echo "(From default)"; //debug
}
//$fn = "/usr/src/freepbx-modules/modules.xml";
if (!$amp_conf['MODULEADMINWGET']) {
ini_set('user_agent', 'Wget/1.10.2 (Red Hat modified)');
$data = @file_get_contents($fn);
} else {
$data = "";
}
if (empty($data)) {
exec("wget -O - {$fn} 2> /dev/null", $data_arr, $retcode);
$data = implode("\n", $data_arr);
$module_getonlinexml_error = $retcode == 0 ? false : true;
}
$old_xml = array();
$got_new = false;
if (!empty($data)) {
// Compare the download to our current XML to see if anything changed for the notification system.
//
$sql = "SELECT data FROM module_xml WHERE id = 'xml'";
$old_xml = sql($sql, "getOne");
$got_new = true;
// remove the old xml
sql("DELETE FROM module_xml WHERE id = 'xml'");
// update the db with the new xml
$data4sql = $db->escapeSimple($data);
sql("INSERT INTO module_xml (id,time,data) VALUES ('xml'," . time() . ",'" . $data4sql . "')");
}
}
if (empty($data)) {
// no data, probably couldn't connect online, and nothing cached
return null;
}
$parser = new xml2ModuleArray($data);
$xmlarray = $parser->parseAdvanced($data);
if ($got_new) {
module_update_notifications($old_xml, $xmlarray, $old_xml == $data4sql);
}
if (isset($xmlarray['xml']['module'])) {
if ($module != false) {
foreach ($xmlarray['xml']['module'] as $mod) {
if ($module == $mod['rawname']) {
return $mod;
}
}
return null;
} else {
$modules = array();
foreach ($xmlarray['xml']['module'] as $mod) {
$modules[$mod['rawname']] = $mod;
}
return $modules;
}
}
return null;
}
/** Get the latest module.xml file for this FreePBX version.
* Caches in the database for 5 mintues.
* If $module is specified, only returns the data for that module.
* If the module is not found (or none are available for whatever reason),
* then null is returned.
*
* Sets the global variable $module_getonlinexml_error to true if an error
* occurred getting the module from the repository, false if no error occurred,
* or null if the repository wasn't checked. Note that this may change in the
* future if we decide we need to return more error codes, but as long as it's
* a php zero-value (false, null, 0, etc) then no error happened.
*/
function module_getonlinexml($module = false, $override_xml = false, &$sec_array = false)
{
// was getModuleXml()
global $amp_conf, $db, $module_getonlinexml_error;
// okay, yeah, this sucks, but there's no other good way to do it without breaking BC
$module_getonlinexml_error = null;
$got_new = false;
$skip_cache = false;
$result = sql("SELECT * FROM module_xml WHERE id = 'xml'", 'getRow', DB_FETCHMODE_ASSOC);
$data = $result['data'];
// Check if the cached module xml is for the same repo as being requested
// if not, then we get it anyhow
//
$repo_url = $override_xml === false ? $amp_conf['MODULE_REPO'] : $override_xml;
$result2 = sql("SELECT * FROM module_xml WHERE id = 'module_repo'", 'getRow', DB_FETCHMODE_ASSOC);
$last_repo = $result2['data'];
if ($last_repo !== $repo_url) {
sql("DELETE FROM module_xml WHERE id = 'module_repo'");
$data4sql = $db->escapeSimple($repo_url);
sql("INSERT INTO module_xml (id,time,data) VALUES ('module_repo'," . time() . ",'" . $data4sql . "')");
$skip_cache = true;
}
// if the epoch in the db is more than 2 hours old, or the xml is less than 100 bytes, then regrab xml
// Changed to 5 minutes while not in release. Change back for released version.
//
// used for debug, time set to 0 to always fall through
// if((time() - $result['time']) > 0 || strlen($result['data']) < 100 ) {
$skip_cache |= $amp_conf['MODULEADMIN_SKIP_CACHE'];
$version = getversion();
// we need to know the freepbx major version we have running (ie: 2.1.2 is 2.1)
preg_match('/(\\d+\\.\\d+)/', $version, $matches);
$base_version = $matches[1];
if (time() - $result['time'] > 300 || $skip_cache || strlen($data) < 100) {
if ($override_xml) {
$fn = $override_xml . "/modules-" . $base_version . ".xml";
} else {
// We pass in true to add options to accomodate future needs of things like php versions to get properly zended
// tarballs of the same version for modules that are zended.
//
$fn = generate_module_repo_url("/modules-" . $base_version . ".xml", true);
// echo "(From default)"; //debug
}
//$fn = "/usr/src/freepbx-modules/modules.xml";
$data = file_get_contents_url($fn);
$module_getonlinexml_error = $data === false ? true : false;
$old_xml = array();
$got_new = false;
if (!empty($data)) {
// Compare the download to our current XML to see if anything changed for the notification system.
//
$sql = "SELECT data FROM module_xml WHERE id = 'xml'";
$old_xml = sql($sql, "getOne");
$got_new = true;
// remove the old xml
sql("DELETE FROM module_xml WHERE id = 'xml'");
// update the db with the new xml
$data4sql = $db->escapeSimple($data);
sql("INSERT INTO module_xml (id,time,data) VALUES ('xml'," . time() . ",'" . $data4sql . "')");
}
}
if (empty($data)) {
// no data, probably couldn't connect online, and nothing cached
return null;
}
$parser = new xml2ModuleArray($data);
$xmlarray = $parser->parseAdvanced($data);
if ($got_new) {
module_update_notifications($old_xml, $xmlarray, $old_xml == $data4sql);
}
if (is_array($sec_array) && !empty($xmlarray['xml']['security'])) {
foreach ($xmlarray['xml']['security']['issue'] as $issue) {
$sec_array[$issue['id']] = $issue;
}
}
$exposures = module_get_security($xmlarray, $base_version);
module_update_security_notifications($exposures);
if (isset($xmlarray['xml']['module'])) {
if ($module != false) {
foreach ($xmlarray['xml']['module'] as $mod) {
if ($module == $mod['rawname']) {
return $mod;
}
}
return null;
} else {
$modules = array();
foreach ($xmlarray['xml']['module'] as $mod) {
$modules[$mod['rawname']] = $mod;
if (isset($exposures[$mod['rawname']])) {
$modules[$mod['rawname']]['vulnerabilities'] = $exposures[$mod['rawname']];
}
}
return $modules;
}
}
return null;
}
