security update

author: Daniel Ahlberg <aliz@gentoo.org> 2003-09-01 15:13:21 +0000
committer: Daniel Ahlberg <aliz@gentoo.org> 2003-09-01 15:13:21 +0000
commit: c89f7e4a32124b85fa87a838445c03e325be9983 (patch)
tree: d389db9928a9480ad562f22909a7c3c4ab807e63 /net-www/phpwebsite
parent: security update (diff)
download: gentoo-2-c89f7e4a32124b85fa87a838445c03e325be9983.tar.gz
gentoo-2-c89f7e4a32124b85fa87a838445c03e325be9983.tar.bz2
gentoo-2-c89f7e4a32124b85fa87a838445c03e325be9983.zip
5 files changed, 326 insertions, 3 deletions
diff --git a/net-www/phpwebsite/ChangeLog b/net-www/phpwebsite/ChangeLog
index d38e2de6d7f1..5f6fc1f01e36 100644
--- a/net-www/phpwebsite/ChangeLog
+++ b/net-www/phpwebsite/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for net-www/phpwebsite
 # Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/phpwebsite/ChangeLog,v 1.3 2003/07/18 17:15:50 rizzo Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-www/phpwebsite/ChangeLog,v 1.4 2003/09/01 15:13:08 aliz Exp $
+
+*phpwebsite-0.9.3 (01 Sep 2003)
+
+  01 Sep 2003; Daniel Ahlberg <aliz@gentoo.org> phpwebsite-0.9.3_p1.ebuild :
+  Security update.
 
   18 Jul 2003; Don Seiler <rizzo@gentoo.org>; phpwebsite-0.9.3.ebuild:
   Changing instructions for pre- and post-install scripts
diff --git a/net-www/phpwebsite/Manifest b/net-www/phpwebsite/Manifest
index 5d30ccc98cd1..12a864c02d70 100644
--- a/net-www/phpwebsite/Manifest
+++ b/net-www/phpwebsite/Manifest
@@ -1,7 +1,8 @@
-MD5 c9521b3548263b055286016cadaa39c4 ChangeLog 594
+MD5 d61ae05e30538eafe2cb75e404378af7 ChangeLog 723
 MD5 d6224574a4b4b23d9b826bc54ca43050 phpwebsite-0.9.2_p1.ebuild 1587
 MD5 f78ce500c486eddf324b46c9c6f02aa1 phpwebsite-0.9.3.ebuild 1720
-MD5 f78ce500c486eddf324b46c9c6f02aa1 phpwebsite-0.9.3_p1.ebuild 1720
+MD5 fde7b154e72c957aa19f194caf666668 phpwebsite-0.9.3_p1.ebuild 1743
 MD5 f0ab7279c69a8f1522e8a4eb3ac7cc18 files/digest-phpwebsite-0.9.2_p1 76
 MD5 48b9aff37ab682ee582b5bc49d0f8af3 files/digest-phpwebsite-0.9.3 74
 MD5 cfee6010162e807cab7db166192cc4d0 files/digest-phpwebsite-0.9.3_p1 76
+MD5 a7257ff9063723778a81865e8ff9aba2 files/update.php-0.9.3_p1 7892
diff --git a/net-www/phpwebsite/files/digest-phpwebsite-0.9.3_p1 b/net-www/phpwebsite/files/digest-phpwebsite-0.9.3_p1
new file mode 100644
index 000000000000..836436e68bbd
--- /dev/null
+++ b/net-www/phpwebsite/files/digest-phpwebsite-0.9.3_p1
@@ -0,0 +1 @@
+MD5 6932620b038ccaf837e9a798488fedb4 phpwebsite-0.9.3-1-full.tar.gz 2854621
diff --git a/net-www/phpwebsite/files/update.php-0.9.3_p1 b/net-www/phpwebsite/files/update.php-0.9.3_p1
new file mode 100644
index 000000000000..45a1c943b016
--- /dev/null
+++ b/net-www/phpwebsite/files/update.php-0.9.3_p1
@@ -0,0 +1,261 @@
+<?php
+define("UPDATE_BRANCHES", TRUE);
+
+if(is_file("../conf/pear_path.php"))
+  include("../conf/pear_path.php");
+
+define("PHPWS_SOURCE_DIR", "../");
+require_once ("../core/Core.php");
+
+$core = new PHPWS_Core(NULL, "../", TRUE);
+
+require_once("../mod/language/class/Language.php");
+require_once("../mod/boost/class/Boost.php");
+require_once("../mod/users/class/Users.php");
+require_once("../mod/layout/class/Layout.php");
+require_once("../mod/help/class/CLS_help.php");
+
+$coreVersion = PHPWS_Boost::getVersionInfo("core");
+$currentVersion = $coreVersion['version'];
+$match = "(\d)\.(\d)(\d)";
+$currentVersion = preg_replace("/$match/", "\\1.\\2.\\3", $currentVersion);
+
+session_start();
+
+include("allow_setup.php");
+
+if ($GLOBALS['core']->sqlTableExists("branch_sites", TRUE)) $GLOBALS['branchExists'] = TRUE;
+else $GLOBALS['branchExists'] = FALSE;
+
+if (!isset($_SESSION["translate"]))
+     $_SESSION["translate"] = new PHPWS_Language;
+
+if (!isset($_SESSION["OBJ_user"]))
+     $_SESSION["OBJ_user"] = new PHPWS_User;
+
+if (!isset($_SESSION["OBJ_layout"]))
+     $_SESSION["OBJ_layout"] = new PHPWS_Layout(FALSE);
+
+$body[] = startpage($currentVersion);
+
+if (isset($_POST['checkPass'])){
+  $_SESSION['OBJ_user']->setDeity(checkPassword($_POST['updatePass']));
+}
+
+if (!$_SESSION['OBJ_user']->isDeity()){
+  $body[] = loginAdmin();
+} elseif (isset($_POST['updateModules'])){
+  $body[] = "<h2>" . $_SESSION["translate"]->it("Updating modules") . "...</h2>";
+  
+  if (isset($_POST['addModules'])){
+    if ($updateMessage = updateModules($_POST['addModules'])){
+      $body[] = $updateMessage;
+      
+      if ($GLOBALS['branchExists'] && UPDATE_BRANCHES)
+	$body[] = updateBranchModules($_POST['addModules']);
+
+      $body[] = "<br />All Modules Updated!";
+    } else
+      $body[] = "<br />No modules selected...";
+  }
+  $body[] = "<br /><br /><a href=\"update.php\">Return to Update</a>";
+} else {
+  $body[] = updateCore($currentVersion);
+  $body[] = updateForm();
+}
+
+$body[] = "</body>
+</html>";
+
+echo implode("", $body);
+
+
+/************************************************************************
+* Functions
+*************************************************************************/
+function startpage($currentVersion){
+  $content = "<html>
+<head>
+<meta name=\"robots\" content=\"noindex, nofollow\" />
+<script language=\"JavaScript\" type=\"text/javascript\">
+<!-- 
+function CheckAll() {
+   for (var i = 0; i < document.modules.elements.length; i++) {
+       if( document.modules.elements[i].type == 'checkbox' ) {
+           document.modules.elements[i].checked = !(document.modules.elements[i].checked);
+       }
+   }
+}
+//-->
+</script>
+<title>".$_SESSION["translate"]->it("phpWebSite Updater")."</title>
+</head>
+<body>
+<img src=\"poweredby.jpg\" /><br />
+<h1>" . $_SESSION["translate"]->it("phpWebSite Updater");
+  $coreVersion = $GLOBALS['core']->version;
+
+  if ($currentVersion < $coreVersion)
+    $content .= ": " . $_SESSION["translate"]->it("Version [var1] to [var2]", $currentVersion, $GLOBALS['core']->version);
+
+ $content .= "</h1>";
+
+ return $content;
+}
+
+
+function loginAdmin(){
+  $content[] = "<h2>" . $_SESSION["translate"]->it("Welcome to the phpWebSite Updater") . "!</h2><b>" . $_SESSION["translate"]->it("Enter your Installation Password below") . "</b><br /><br />";
+  $form = new EZForm;
+  $form->setAction("update.php");
+  $form->add("checkPass", "hidden", 1);
+  $form->add("updatePass", "password");
+  $template = $form->getTemplate();
+  $content[] =  implode("", $template);
+  return implode("", $content);
+}
+
+function checkPassword($password){
+   include("../conf/config.php");
+   if ($install_pw == $password)
+     return TRUE;
+   else
+     return FALSE;
+ } 
+
+function updateBranchCore($currentVersion){
+  if ($GLOBALS['branchExists'] && $sql = $GLOBALS["core"]->sqlSelect("branch_sites")){
+     foreach ($sql as $branch){
+      if(!($GLOBALS["core"]->loadDatabase(PHPWS_SOURCE_DIR . "conf/branch/". $branch["configFile"], TRUE))){
+	$content[] = "<b>" . $_SESSION["translate"]->it("Unable to connect to branch database for [var1]", $branch["branchName"]) . "</b><br /><br />";
+	continue;
+      }
+
+      $content [] = "<b>".$_SESSION["translate"]->it("Updating branch").": ".$branch["branchName"]."</b><br /><br />";
+      updateCore($currentVersion, FALSE);
+    }
+    
+    $GLOBALS["core"]->loadDatabase();
+    return implode("", $content);
+  } else
+    return NULL;
+}
+
+function updateBranchModules($moduleList){
+  if ($GLOBALS['branchExists'] && $sql = $GLOBALS["core"]->sqlSelect("branch_sites")){
+    foreach ($sql as $branch){
+      $branchConfig = PHPWS_SOURCE_DIR . "conf/branch/". $branch["configFile"];
+      if (!is_file($branchConfig)){
+	$content[] = "<b>" . $_SESSION["translate"]->it("Unable to load file [var1] for branch [var2]", $branchConfig, $branch['branchName']) . "</b><br /><br />";
+	continue;
+      }
+
+      if (!$GLOBALS["core"]->loadDatabase($branchConfig, TRUE)){
+	$content[] = "<b>" . $_SESSION["translate"]->it("Unable to connect to branch database for [var1]", $branch["branchName"]) . "</b><br /><br />";
+	continue;
+      }
+
+      $content [] = "<b>".$_SESSION["translate"]->it("Updating branch modules").": " . $branch["branchName"] . "</b><br /><br />";
+      updateModules($moduleList);
+    }
+    
+    $GLOBALS["core"]->loadDatabase();
+    return implode("", $content);
+  } else
+    return NULL;
+}
+
+function updateCore($currentVersion, $isHub=TRUE){
+  include("defaultMods.php");
+  $update = FALSE;
+
+  if ($currentVersion < "0.9.1"){
+    include ("core_updates/update_091.php");
+    $update = TRUE;
+  }
+  
+  if ($currentVersion < "0.9.2"){
+    include ("core_updates/update_092.php");
+    $update = TRUE;
+  }
+
+  if ($currentVersion < "0.9.3-1"){
+    $update = TRUE;
+  }
+
+  if ($update){
+    phpws_boost::setVersionInfo(PHPWS_SOURCE_DIR . "conf/core_info.php", "update");
+    $content[] = "<h2>Core Updated!</h2>";
+    if ($isHub && $GLOBALS['branchExists'] && UPDATE_BRANCHES)
+      $content[] = updateBranchCore($currentVersion);
+  }
+  else
+    $content[] = "<h2>Core update not required</h2>";
+
+  foreach ($defaultMods as $mod_title){
+    if (phpws_boost::needsUpdate($mod_title))
+      $coreModList[] = $mod_title;
+  }
+
+  if (isset($coreModList))
+    $content[] = updateModules($coreModList);
+
+  return implode("", $content);
+}
+
+
+function updateForm(){
+  include("defaultMods.php");
+
+  $modules = $GLOBALS['core']->sqlSelect("modules");
+
+  foreach ($modules as $modInfo){
+    if (phpws_boost::needsUpdate($modInfo['mod_title']))
+      $mods[$modInfo['mod_title']] = $modInfo['mod_pname'];
+  }
+
+  if (!isset($mods) || !count($mods))
+    return "No mods currently require updating.<br />";
+  
+  foreach ($defaultMods as $modRemove)
+    unset($mods[$modRemove]);
+
+
+  $content[] = "<b>You may update the following modules:</b>";
+  $form = new EZForm("modules");
+  $form->add("updateModules", "hidden", 1);
+  $form->setAction("update.php");
+  $content[] = $form->getStart();
+  $content[] = $form->get("updateModules");
+  foreach($mods as $modDir=>$modpname){
+    $form->add("addModules[" . $modDir . "]", "checkbox", $modDir);
+    $content[] = $form->get("addModules[" . $modDir . "]") . " " . $modpname . "<br />\n";
+  }
+  $form->add("button", "submit", "Update Modules");
+  $content[] = "<br />" . $form->get("button");
+  $content[] = $GLOBALS['core']->formButton($_SESSION["translate"]->it("Check All"), "toggle", "CheckAll();");
+  $content[] = "</form>";
+
+  return implode("", $content);
+}
+
+function updateModules($moduleList){
+  if (!isset($moduleList)){
+    $content[] = "No modules selected<br />";
+    return NULL;
+  } else {
+    foreach ($moduleList as $mod_title){
+      if (PHPWS_Boost::updateModule($mod_title, NULL, TRUE)){
+	$content[] = $GLOBALS["CNT_boost"]["content"] . "<hr />";
+	unset($GLOBALS["CNT_boost"]["content"]);
+      }
+    }
+  }
+
+  if (isset($content))
+    return implode("", $content);
+  else
+    return NULL;
+}
+
+?>
+\ No newline at end of file
diff --git a/net-www/phpwebsite/phpwebsite-0.9.3_p1.ebuild b/net-www/phpwebsite/phpwebsite-0.9.3_p1.ebuild
new file mode 100644
index 000000000000..9f02a3973d05
--- /dev/null
+++ b/net-www/phpwebsite/phpwebsite-0.9.3_p1.ebuild
@@ -0,0 +1,55 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or later
+# Maintainer: Don Seiler <rizzo@gentoo.org>
+# $Header: /var/cvsroot/gentoo-x86/net-www/phpwebsite/phpwebsite-0.9.3_p1.ebuild,v 1.1 2003/09/01 15:13:08 aliz Exp $
+
+
+HOSTNAME=`hostname`
+DESCRIPTION="phpWebSite provides a complete web site content management system. Web-based administration allows for easy maintenance of interactive, community-driven web sites."
+HOMEPAGE="http://phpwebsite.appstate.edu"
+MY_PV="${PV/_p/-}"
+S="${WORKDIR}/${PN}-${MY_PV}-full"
+SRC_URI="mirror://sourceforge/phpwebsite/${PN}-${MY_PV}-full.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~x86 ~ppc ~sparc ~alpha"
+
+DEPEND="virtual/php"
+
+HTTPD_ROOT="`grep '^DocumentRoot' /etc/apache/conf/apache.conf | cut -d\  -f2`"
+[ -z "${HTTPD_ROOT}" ] && HTTPD_ROOT="`grep '^DocumentRoot' /etc/apache2/conf/apache.conf | cut -d\  -f2`"
+[ -z "${HTTPD_ROOT}" ] && HTTPD_ROOT="/home/httpd/htdocs"
+HTTPD_USER="apache"
+HTTPD_GROUP="apache"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}/setup
+	cp ${FILESDIR}/update.php-${PV} .
+}
+
+src_install() {
+	cd ${S}
+	dodir ${HTTPD_ROOT}/phpwebsite
+	cp -r * ${D}/${HTTPD_ROOT}/phpwebsite
+}
+
+pkg_postinst() {
+	einfo
+	einfo "You will need to create a database for phpWebSite"
+	einfo "on your own before starting setup.  You will also need"
+	einfo "to run:"
+	einfo
+	einfo "cd ${HTTPD_ROOT}/phpwebsite/setup"
+	einfo "./secure_setup.sh setup"
+	einfo
+	einfo "Once you have a database ready proceed to"
+	einfo "http://$HOSTNAME/phpwebsite to continue installation."
+	einfo
+	einfo "Once you are done with installation you need to run"
+	einfo
+	einfo "cd ${HTTPD_ROOT}/phpwebsite/setup"
+	einfo "./secure_phpws.sh run apache users"
+	einfo
+}
author	Daniel Ahlberg <aliz@gentoo.org>	2003-09-01 15:13:21 +0000
committer	Daniel Ahlberg <aliz@gentoo.org>	2003-09-01 15:13:21 +0000
commit	c89f7e4a32124b85fa87a838445c03e325be9983 (patch)
tree	d389db9928a9480ad562f22909a7c3c4ab807e63 /net-www/phpwebsite
parent	security update (diff)
download	gentoo-2-c89f7e4a32124b85fa87a838445c03e325be9983.tar.gz gentoo-2-c89f7e4a32124b85fa87a838445c03e325be9983.tar.bz2 gentoo-2-c89f7e4a32124b85fa87a838445c03e325be9983.zip