public function isPHPFile($contents) { return parent::isPHPFile($contents); }
//if LICENSE file not found, try LICENSE.txt if (!file_exists($license_file)) { $license_file = $unzip_dir . '/LICENSE.txt'; } if (file_exists($license_file)) { // Add this to the autoloader so that it gets picked up when needed SugarAutoLoader::addToMap($license_file, true); $require_license = true; } else { $GLOBALS['log']->error("License File {$license_file} does not exist"); } } //Scan the unzip dir for unsafe files if ((defined('MODULE_INSTALLER_PACKAGE_SCAN') && MODULE_INSTALLER_PACKAGE_SCAN || !empty($GLOBALS['sugar_config']['moduleInstaller']['packageScan'])) && $install_type != 'patch') { require_once 'ModuleInstall/ModuleScanner.php'; $ms = new ModuleScanner(); $ms->scanPackage($unzip_dir); if ($ms->hasIssues()) { rmdir_recursive($unzip_dir); $ms->displayIssues(); sugar_cleanup(true); } } // assumption -- already validated manifest.php at time of upload require "{$unzip_dir}/manifest.php"; if (isset($manifest['copy_files']['from_dir']) && $manifest['copy_files']['from_dir'] != "") { $zip_from_dir = $manifest['copy_files']['from_dir']; } if (isset($manifest['copy_files']['to_dir']) && $manifest['copy_files']['to_dir'] != "") { $zip_to_dir = $manifest['copy_files']['to_dir']; }
$upload = new UploadFile('upgrade_zip'); if (!$upload->confirm_upload() || strtolower(pathinfo($upload->get_stored_file_name(), PATHINFO_EXTENSION)) != 'zip' || !$upload->final_move($upload->get_stored_file_name())) { unlinkTempFiles(); sugar_die("Invalid Package"); } else { $tempFile = "upload://" . $upload->get_stored_file_name(); $perform = true; $base_filename = urldecode($_REQUEST['upgrade_zip_escaped']); } } } if ($perform) { $manifest_file = extractManifest($tempFile); if (is_file($manifest_file)) { //SCAN THE MANIFEST FILE TO MAKE SURE NO COPIES OR ANYTHING ARE HAPPENING IN IT $ms = new ModuleScanner(); $ms->lockConfig(); $fileIssues = $ms->scanFile($manifest_file); if (!empty($fileIssues)) { echo '<h2>' . $mod_strings['ML_MANIFEST_ISSUE'] . '</h2><br>'; $ms->displayIssues(); die; } list($manifest, $installdefs) = MSLoadManifest($manifest_file); if ($ms->checkConfig($manifest_file)) { echo '<h2>' . $mod_strings['ML_MANIFEST_ISSUE'] . '</h2><br>'; $ms->displayIssues(); die; } validate_manifest($manifest); $upgrade_zip_type = $manifest['type'];
$upload = new UploadFile('upgrade_zip'); if (!$upload->confirm_upload() || strtolower(pathinfo($upload->get_stored_file_name(), PATHINFO_EXTENSION)) != 'zip' || !$upload->final_move($upload->get_stored_file_name())) { unlinkTempFiles(); sugar_die("Invalid Package"); } else { $tempFile = "upload://" . $upload->get_stored_file_name(); $perform = true; $base_filename = urldecode($_REQUEST['upgrade_zip_escaped']); } } } if ($perform) { $manifest_file = extractManifest($tempFile); if (is_file($manifest_file)) { //SCAN THE MANIFEST FILE TO MAKE SURE NO COPIES OR ANYTHING ARE HAPPENING IN IT $ms = new ModuleScanner(); $fileIssues = $ms->scanFile($manifest_file); if (!empty($fileIssues)) { echo '<h2>' . $mod_strings['ML_MANIFEST_ISSUE'] . '</h2><br>'; $ms->displayIssues(); die; } require_once $manifest_file; validate_manifest($manifest); $upgrade_zip_type = $manifest['type']; // exclude the bad permutations if ($view == "module") { if ($upgrade_zip_type != "module" && $upgrade_zip_type != "theme" && $upgrade_zip_type != "langpack") { unlinkTempFiles(); die($mod_strings['ERR_UW_NOT_ACCEPTIBLE_TYPE']); }
public function testCallUserFunctionFail() { $fileModContents = <<<EOQ <?PHP \tcall_user_func("sugar_file_put_contents", "test2.php", "test"); ?> EOQ; file_put_contents($this->fileLoc, $fileModContents); $ms = new ModuleScanner(); $errors = $ms->scanFile($this->fileLoc); $this->assertTrue(!empty($errors)); }