lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 00:07:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Phalcon 4 migration (#4921)

Browse Source 
phalcon 4 migration  #4012

o replace Phalcon\Session\Adapter\Files with new Phalcon\Session\Adapter\Stream adapter
o replace router->setUriSource() with handle() parameter
o combining sessions between phalcon and legacy php seems to be a bit problematic, first issue seems to be the legacy csrf check. refactor to use phalcon's method and legacy session
o Fix Phalcon Syslog usage in ControllerRoot (wrap in Logger class)
o session seems to miss standard prefix.
o also Gettext seems to like being wrapped...
o Gettext inheritance
o another handle()
o Volt: handle registerEngines / VoltEngine changes
o volt templates - missing session reference, bootstrap in ControllerBase
o router getRewriteUri() deprecated
o another handle() in index.php
o  Phalcon\Dispatcher::EXCEPTION_* moved to  Phalcon\Dispatcher\Exception::EXCEPTION_*
o changes in filter handling.
o fix plist
o Syslog usage changes
o refactor Validation changes
o FILTER_ALNUM - replaced FILTER_ALPHANUM
This commit is contained in:
Franco Fichtner 2021-04-15 11:36:57 +02:00 committed by GitHub
parent cefe1069e4
commit 3a98ebb22f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
43 changed files with 241 additions and 228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -149,7 +149,7 @@ CORE_DEPENDS?= ${CORE_DEPENDS_${CORE_ARCH}} \
php${CORE_PHP}-openssl \
php${CORE_PHP}-pdo \
php${CORE_PHP}-pecl-radius \
php${CORE_PHP}-phalcon \
php${CORE_PHP}-phalcon4 \
php${CORE_PHP}-phpseclib \
php${CORE_PHP}-session \
php${CORE_PHP}-simplexml \

1
plist
View File

@ -394,7 +394,6 @@
/usr/local/opnsense/mvc/app/library/OPNsense/Backup/IBackupProvider.php
/usr/local/opnsense/mvc/app/library/OPNsense/Backup/Local.php
/usr/local/opnsense/mvc/app/library/OPNsense/Backup/Nextcloud.php
/usr/local/opnsense/mvc/app/library/OPNsense/Base/Filters/QueryFilter.php
/usr/local/opnsense/mvc/app/library/OPNsense/Base/UIModelGrid.php
/usr/local/opnsense/mvc/app/library/OPNsense/Base/ViewTranslator.php
/usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php

19
src/etc/inc/authgui.inc
View File

@ -72,17 +72,16 @@ function session_auth(&$Login_Error)
closelog();
}
// Handle HTTPS httponly and secure flags
$currentCookieParams = session_get_cookie_params();
session_set_cookie_params(
$currentCookieParams["lifetime"],
$currentCookieParams["path"],
null,
($config['system']['webgui']['protocol'] == "https"),
true
);
if (session_status() == PHP_SESSION_NONE) {
// Handle HTTPS httponly and secure flags
$currentCookieParams = session_get_cookie_params();
session_set_cookie_params(
$currentCookieParams["lifetime"],
$currentCookieParams["path"],
null,
($config['system']['webgui']['protocol'] == "https"),
true
);
session_start();
}

20
src/opnsense/mvc/app/config/services.php
View File

@ -5,7 +5,8 @@ use Phalcon\Mvc\View;
use Phalcon\Mvc\Url as UrlResolver;
use Phalcon\Mvc\View\Engine\Volt as VoltEngine;
use Phalcon\Mvc\Model\Metadata\Memory as MetaDataAdapter;
use Phalcon\Session\Adapter\Files as SessionAdapter;
use Phalcon\Session\Manager;
use Phalcon\Session\Adapter\Stream;
use OPNsense\Core\Config;
use OPNsense\Core\Routing;
@ -43,13 +44,13 @@ $di->set('view', function () use ($config) {
$view->setViewsDir($viewDirs);
}
$view->registerEngines(array(
'.volt' => function ($view, $di) use ($config) {
'.volt' => function ($view) use ($config) {
$volt = new VoltEngine($view, $di);
$volt = new VoltEngine($view, $this);
$volt->setOptions(array(
'compiledPath' => $config->application->cacheDir,
'compiledSeparator' => '_'
'path' => $config->application->cacheDir,
'separator' => '_'
));
// register additional volt template functions
$volt->getCompiler()->addFunction('theme_file_or_default', 'view_fetch_themed_filename');
@ -75,7 +76,12 @@ $di->set('modelsMetadata', function () {
* Start the session the first time some component request the session service
*/
$di->setShared('session', function () {
$session = new SessionAdapter();
$session = new Manager();
$files = new Stream([
'savePath' => session_save_path(),
'prefix' => 'sess_',
]);
$session->setAdapter($files);
$session->start();
// Set session response cookie, unfortunalty we need to read the config here to determine if secure option is
// a valid choice.
@ -97,6 +103,6 @@ $di->setShared('session', function () {
*/
$di->set('router', function () use ($config) {
$routing = new Routing($config->application->controllersDir, "ui");
$routing->getRouter()->handle();
$routing->getRouter()->handle($_SERVER['REQUEST_URI']);
return $routing->getRouter();
});

16
src/opnsense/mvc/app/config/services_api.php
View File

@ -31,7 +31,8 @@ use Phalcon\DI\FactoryDefault;
use Phalcon\Mvc\Url as UrlResolver;
use Phalcon\Mvc\View;
use Phalcon\Mvc\Model\Metadata\Memory as MetaDataAdapter;
use Phalcon\Session\Adapter\Files as SessionAdapter;
use Phalcon\Session\Manager;
use Phalcon\Session\Adapter\Stream;
use OPNsense\Core\Config;
use OPNsense\Core\Routing;
@ -63,7 +64,12 @@ $di->set('url', function () use ($config) {
* Start the session the first time some component request the session service
*/
$di->setShared('session', function () {
$session = new SessionAdapter();
$session = new Manager();
$files = new Stream([
'savePath' => session_save_path(),
'prefix' => 'sess_',
]);
$session->setAdapter($files);
$session->start();
// Set session response cookie, unfortunalty we need to read the config here to determine if secure option is
// a valid choice.
@ -84,14 +90,14 @@ $di->setShared('session', function () {
*/
$di->set('router', function () use ($config) {
$routing = new Routing($config->application->controllersDir, "api");
$routing->getRouter()->handle();
$routing->getRouter()->handle($_SERVER['REQUEST_URI']);
return $routing->getRouter();
});
// exception handling
$di->get('eventsManager')->attach("dispatch:beforeException", function ($event, $dispatcher, $exception) {
switch ($exception->getCode()) {
case Phalcon\Dispatcher::EXCEPTION_HANDLER_NOT_FOUND:
case Phalcon\Dispatcher\Exception::EXCEPTION_HANDLER_NOT_FOUND:
// send to error action on default index controller
$dispatcher->forward(array(
'controller' => 'index',
@ -103,7 +109,7 @@ $di->get('eventsManager')->attach("dispatch:beforeException", function ($event,
)
));
return false;
case Phalcon\Dispatcher::EXCEPTION_ACTION_NOT_FOUND:
case Phalcon\Dispatcher\Exception::EXCEPTION_ACTION_NOT_FOUND:
// send to error action on default index controller
$dispatcher->forward(array(
'controller' => 'index',

4
src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
View File

@ -120,6 +120,7 @@ class ControllerBase extends ControllerRoot
{
// set base template
$this->view->setTemplateBefore('default');
$this->view->session = $this->session;
}
/**
@ -178,7 +179,8 @@ class ControllerBase extends ControllerRoot
$cnf = Config::getInstance();
$this->view->setVar('lang', $this->translator);
$this->view->menuSystem = $menu->getItems($this->router->getRewriteUri());
$rewrite_uri = explode("?", $_SERVER["REQUEST_URI"])[0];
$this->view->menuSystem = $menu->getItems($rewrite_uri);
/* XXX generating breadcrumbs requires getItems() call */
$this->view->menuBreadcrumbs = $menu->getBreadcrumbs();

29
src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php
View File

@ -30,7 +30,9 @@ namespace OPNsense\Base;
use OPNsense\Core\Config;
use Phalcon\Mvc\Controller;
use Phalcon\Logger;
use Phalcon\Logger\Adapter\Syslog;
use Phalcon\Translate\InterpolatorFactory;
use OPNsense\Core\ACL;
/**
@ -44,6 +46,12 @@ class ControllerRoot extends Controller
*/
public $translator;
/**
* log handle
*/
protected $logger = null;
/**
* @var null|string logged in username, populated during authentication
*/
@ -84,7 +92,8 @@ class ControllerRoot extends Controller
$locale = $lang . '.UTF-8';
bind_textdomain_codeset('OPNsense', $locale);
$this->translator = new ViewTranslator(array(
$interpolator = new InterpolatorFactory();
$this->translator = new ViewTranslator($interpolator, array(
'directory' => '/usr/local/share/locale',
'defaultDomain' => 'OPNsense',
'locale' => $locale,
@ -98,12 +107,18 @@ class ControllerRoot extends Controller
*/
protected function getLogger($ident = "api")
{
$logger = new Syslog($ident, array(
'option' => LOG_PID,
'facility' => LOG_LOCAL4
));
return $logger;
if ($this->logger == null) {
$this->logger = new Logger(
'messages',
[
'main' => new Syslog($ident, array(
'option' => LOG_PID,
'facility' => LOG_LOCAL4
))
]
);
}
return $this->logger;
}
/**

6
src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/ServiceController.php
View File

@ -35,7 +35,7 @@ use OPNsense\Core\Backend;
use OPNsense\CaptivePortal\CaptivePortal;
use OPNsense\Core\Config;
use OPNsense\Base\UIModelGrid;
use Phalcon\Filter;
use Phalcon\Filter\FilterFactory;
/**
* Class ServiceController
@ -94,9 +94,9 @@ class ServiceController extends ApiControllerBase
public function getTemplateAction($fileid = null)
{
// get template name
$paramfilter = new Filter();
$paramfilter = (new FilterFactory())->newInstance();
if ($fileid != null) {
$templateFileId = $paramfilter->sanitize($fileid, 'alphanum');
$templateFileId = $paramfilter->sanitize($fileid, 'alnum');
} else {
$templateFileId = 'default';
}

72
src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
View File

@ -328,10 +328,11 @@ class FirmwareController extends ApiControllerBase
$this->sessionClose(); // long running action, close session
$filter = new \Phalcon\Filter();
$filter->add('version', function ($value) {
return preg_replace('/[^0-9a-zA-Z\.]/', '', $value);
});
$filter = new \Phalcon\Filter([
'version' => function ($value) {
return preg_replace('/[^0-9a-zA-Z\.]/', '', $value);
}
]);
$version = $filter->sanitize($version, 'version');
$backend = new Backend();
@ -359,10 +360,11 @@ class FirmwareController extends ApiControllerBase
if ($this->request->isPost()) {
// sanitize package name
$filter = new \Phalcon\Filter();
$filter->add('scrub', function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
});
$filter = new \Phalcon\Filter([
'scrub' => function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
}
]);
$package = $filter->sanitize($package, 'scrub');
$text = trim($backend->configdRun(sprintf('firmware license %s', $package)));
if (!empty($text)) {
@ -527,10 +529,11 @@ class FirmwareController extends ApiControllerBase
if ($this->request->isPost()) {
$response['status'] = 'ok';
// sanitize package name
$filter = new \Phalcon\Filter();
$filter->add('pkgname', function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
});
$filter = new \Phalcon\Filter([
'pkgname' => function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
}
]);
$pkg_name = $filter->sanitize($pkg_name, "pkgname");
// execute action
$response['msg_uuid'] = trim($backend->configdpRun("firmware reinstall", array($pkg_name), true));
@ -596,10 +599,11 @@ class FirmwareController extends ApiControllerBase
if ($this->request->isPost()) {
$response['status'] = 'ok';
// sanitize package name
$filter = new \Phalcon\Filter();
$filter->add('pkgname', function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
});
$filter = new \Phalcon\Filter([
'pkgname' => function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
}
]);
$pkg_name = $filter->sanitize($pkg_name, "pkgname");
// execute action
$response['msg_uuid'] = trim($backend->configdpRun("firmware install", array($pkg_name), true));
@ -625,10 +629,11 @@ class FirmwareController extends ApiControllerBase
if ($this->request->isPost()) {
$response['status'] = 'ok';
// sanitize package name
$filter = new \Phalcon\Filter();
$filter->add('pkgname', function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
});
$filter = new \Phalcon\Filter([
'pkgname' => function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
}
]);
$pkg_name = $filter->sanitize($pkg_name, "pkgname");
// execute action
$response['msg_uuid'] = trim($backend->configdpRun("firmware remove", array($pkg_name), true));
@ -652,10 +657,11 @@ class FirmwareController extends ApiControllerBase
$response = array();
if ($this->request->isPost()) {
$filter = new \Phalcon\Filter();
$filter->add('pkgname', function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
});
$filter = new \Phalcon\Filter([
'pkgname' => function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
}
]);
$pkg_name = $filter->sanitize($pkg_name, "pkgname");
} else {
$pkg_name = null;
@ -684,10 +690,11 @@ class FirmwareController extends ApiControllerBase
$response = array();
if ($this->request->isPost()) {
$filter = new \Phalcon\Filter();
$filter->add('pkgname', function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
});
$filter = new \Phalcon\Filter([
'pkgname' => function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
}
]);
$pkg_name = $filter->sanitize($pkg_name, "pkgname");
} else {
$pkg_name = null;
@ -754,10 +761,11 @@ class FirmwareController extends ApiControllerBase
if ($this->request->isPost()) {
// sanitize package name
$filter = new \Phalcon\Filter();
$filter->add('scrub', function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
});
$filter = new \Phalcon\Filter([
'scrub' => function ($value) {
return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
}
]);
$package = $filter->sanitize($package, 'scrub');
$text = trim($backend->configdRun(sprintf('firmware details %s', $package)));
if (!empty($text)) {

9
src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/LogController.php
View File

@ -30,7 +30,6 @@ namespace OPNsense\Diagnostics\Api;
use OPNsense\Base\ApiControllerBase;
use OPNsense\Core\Backend;
use OPNsense\Base\Filters\QueryFilter;
use Phalcon\Filter;
/**
@ -45,8 +44,12 @@ class LogController extends ApiControllerBase
$action = count($arguments) > 1 ? $arguments[1] : "";
$searchPhrase = '';
// create filter to sanitize input data
$filter = new Filter();
$filter->add('query', new QueryFilter());
$filter = new Filter([
'query' => function($value){
return preg_replace("/[^0-9,a-z,A-Z, ,*,\-,_,.,\#]/", "", $value);
}
]);
$backend = new Backend();
if ($this->request->isPost() && substr($name, -6) == 'Action') {
$this->sessionClose();

10
src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/NetworkinsightController.php
View File

@ -34,7 +34,7 @@ use OPNsense\Base\ApiControllerBase;
use OPNsense\Diagnostics\Netflow;
use OPNsense\Core\Config;
use OPNsense\Core\Backend;
use Phalcon\Filter;
use Phalcon\Filter\FilterFactory;
/**
* Class NetworkinsightController
@ -62,8 +62,8 @@ class NetworkinsightController extends ApiControllerBase
$emulation = null
) {
// cleanse input
$filter = new Filter();
$provider = $filter->sanitize($provider, "alphanum");
$filter = (new FilterFactory())->newInstance();
$provider = $filter->sanitize($provider, "alnum");
$measure = $filter->sanitize($measure, "string");
$from_date = $filter->sanitize($from_date, "int");
$to_date = $filter->sanitize($to_date, "int");
@ -135,8 +135,8 @@ class NetworkinsightController extends ApiControllerBase
$max_hits = null
) {
// cleanse input
$filter = new Filter();
$provider = $filter->sanitize($provider, "alphanum");
$filter = (new FilterFactory())->newInstance();
$provider = $filter->sanitize($provider, "alnum");
$from_date = $filter->sanitize($from_date, "int");
$to_date = $filter->sanitize($to_date, "int");
$field = $filter->sanitize($field, "string");

11
src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php
View File

@ -29,12 +29,12 @@
namespace OPNsense\IDS\Api;
use OPNsense\Base\ApiMutableServiceControllerBase;
use OPNsense\Base\Filters\QueryFilter;
use OPNsense\Core\Backend;
use OPNsense\Core\Config;
use OPNsense\Cron\Cron;
use OPNsense\IDS\IDS;
use Phalcon\Filter;
use Phalcon\Filter\FilterFactory;
/**
* Class ServiceController
@ -173,8 +173,11 @@ class ServiceController extends ApiMutableServiceControllerBase
if ($this->request->isPost()) {
$this->sessionClose();
// create filter to sanitize input data
$filter = new Filter();
$filter->add('query', new QueryFilter());
$filter = new Filter([
'query' => function($value){
return preg_replace("/[^0-9,a-z,A-Z, ,*,\-,_,.,\#]/", "", $value);
}
]);
// fetch query parameters (limit results to prevent out of memory issues)
$itemsPerPage = $this->request->getPost('rowCount', 'int', 9999);
@ -219,7 +222,7 @@ class ServiceController extends ApiMutableServiceControllerBase
{
$this->sessionClose();
$backend = new Backend();
$filter = new Filter();
$filter = (new FilterFactory())->newInstance();
$id = $filter->sanitize($alertId, "int");
$response = $backend->configdpRun("ids query alerts", array(1, 0, "filepos/" . $id, $fileid));
$result = json_decode($response, true);

9
src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
View File

@ -28,9 +28,8 @@
namespace OPNsense\IDS\Api;
use Phalcon\Filter;
use Phalcon\Filter\FilterFactory;
use OPNsense\Base\ApiMutableModelControllerBase;
use OPNsense\Base\Filters\QueryFilter;
use OPNsense\Core\Backend;
use OPNsense\Core\Config;
use OPNsense\Base\UIModelGrid;
@ -71,8 +70,10 @@ class SettingsController extends ApiMutableModelControllerBase
if ($this->request->isPost()) {
$this->sessionClose();
// create filter to sanitize input data
$filter = new Filter();
$filter->add('query', new QueryFilter());
$filter = (new FilterFactory())->newInstance();
$filter->set('query', function($value){
return preg_replace("/[^0-9,a-z,A-Z, ,*,\-,_,.,\#]/", "", $value);
});
// fetch query parameters (limit results to prevent out of memory issues)
$itemsPerPage = $this->request->getPost('rowCount', 'int', 9999);

1
src/opnsense/mvc/app/controllers/OPNsense/Syslog/Api/SettingsController.php
View File

@ -30,7 +30,6 @@ namespace OPNsense\Syslog\Api;
use Phalcon\Filter;
use OPNsense\Base\ApiMutableModelControllerBase;
use OPNsense\Base\Filters\QueryFilter;
use OPNsense\Core\Backend;
use OPNsense\Core\Config;
use OPNsense\Base\UIModelGrid;

50
src/opnsense/mvc/app/library/OPNsense/Base/Filters/QueryFilter.php
View File

@ -1,50 +0,0 @@
<?php
/**
* Copyright (C) 2015 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Base\Filters;
use Phalcon\Filter;
/**
* Class queryFilter sanitize query expressions (normal text + wildcard)
* @package OPNsense\Base\Filters
*/
class QueryFilter
{
/**
* sanitize query string
* @param $value sanitize input
* @return mixed sanitize output
*/
public function filter($value)
{
return preg_replace("/[^0-9,a-z,A-Z, ,*,\-,_,.,\#]/", "", $value);
}
}

4
src/opnsense/mvc/app/library/OPNsense/Base/ViewTranslator.php
View File

@ -36,9 +36,9 @@ use Phalcon\Translate\Adapter\Gettext;
*/
class ViewTranslator extends Gettext
{
public function _($translateKey, $placeholders = null)
public function query(string $translateKey, array $placeholders = []): string
{
$translateValue = parent::_($translateKey, $placeholders);
$translateValue = parent::query($translateKey, $placeholders);
/* gettext() embedded in JavaScript can cause syntax errors */
return htmlspecialchars($translateValue, ENT_QUOTES | ENT_HTML401);
}

14
src/opnsense/mvc/app/library/OPNsense/Core/Backend.php
View File

@ -28,6 +28,7 @@
namespace OPNsense\Core;
use Phalcon\Logger;
use Phalcon\Logger\Adapter\Syslog;
/**
@ -55,10 +56,15 @@ class Backend
*/
protected function getLogger($ident = 'configd')
{
$logger = new Syslog($ident, array(
'facility' => LOG_LOCAL4,
'option' => LOG_PID,
));
$logger = new Logger(
'messages',
[
'main' => new Syslog($ident, array(
'option' => LOG_PID,
'facility' => LOG_LOCAL4
))
]
);
return $logger;
}

21
src/opnsense/mvc/app/library/OPNsense/Core/Config.php
View File

@ -29,6 +29,7 @@
namespace OPNsense\Core;
use Phalcon\DI\FactoryDefault;
use Phalcon\Logger;
use Phalcon\Logger\Adapter\Syslog;
/**
@ -285,7 +286,15 @@ class Config extends Singleton
$this->simplexml = null;
// there was an issue with loading the config, try to restore the last backup
$backups = $this->getBackups();
$logger = new Syslog("config", array('option' => LOG_PID, 'facility' => LOG_LOCAL4));
$logger = new Logger(
'messages',
[
'main' => new Syslog("config", array(
'option' => LOG_PID,
'facility' => LOG_LOCAL4
))
]
);
if (count($backups) > 0) {
// load last backup
$logger->error(gettext('No valid config.xml found, attempting last known config restore.'));
@ -620,7 +629,15 @@ class Config extends Singleton
// use syslog to trigger a new configd event, which should signal a syshook config (in batch).
// Althought we include the backup filename, the event handler is responsible to determine the
// last processed event itself. (it's merely added for debug purposes)
$logger = new Syslog("config", array('option' => LOG_PID, 'facility' => LOG_LOCAL5));
$logger = new Logger(
'messages',
[
'main' => new Syslog("config", array(
'option' => LOG_PID,
'facility' => LOG_LOCAL5
))
]
);
$logger->info("config-event: new_config " . $backup_filename);
}
flock($this->config_file_handle, LOCK_UN);

3
src/opnsense/mvc/app/library/OPNsense/Core/Routing.php
View File

@ -173,9 +173,6 @@ class Routing
}
}
}
$this->router->setUriSource(
Router::URI_SOURCE_SERVER_REQUEST_URI
);
$this->router->removeExtraSlashes(true);
}
}

4
src/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php
View File

@ -33,7 +33,7 @@ use OPNsense\Base\FieldTypes\ContainerField;
use OPNsense\Core\Config;
use Phalcon\Logger\Adapter\Syslog;
use Phalcon\Validation;
use Phalcon\Validation\Message\Group;
use Phalcon\Messages\Messages;
use ReflectionClass;
use ReflectionException;
use SimpleXMLElement;
@ -439,7 +439,7 @@ abstract class BaseModel
if (count($validation_data) > 0) {
$messages = $validation->validate($validation_data);
} else {
$messages = new Group();
$messages = new Messages();
}
return $messages;

2
src/opnsense/mvc/app/models/OPNsense/Base/Constraints/AllOrNoneConstraint.php
View File

@ -43,7 +43,7 @@ class AllOrNoneConstraint extends BaseConstraint
* @param string $attribute
* @return boolean
*/
public function validate(\Phalcon\Validation $validator, $attribute)
public function validate(\Phalcon\Validation $validator, $attribute): bool
{
$node = $this->getOption('node');
if ($node) {

7
src/opnsense/mvc/app/models/OPNsense/Base/Constraints/BaseConstraint.php
View File

@ -30,13 +30,12 @@
namespace OPNsense\Base\Constraints;
use Phalcon\Validation\Validator;
use Phalcon\Validation\AbstractValidator;
use Phalcon\Validation\ValidatorInterface;
use Phalcon\Validation\Message;
use Phalcon\Messages\Message;
abstract class BaseConstraint extends Validator implements ValidatorInterface
abstract class BaseConstraint extends AbstractValidator implements ValidatorInterface
{
/**
* check if field is empty (either boolean field as false or an empty field)
* @param $node

2
src/opnsense/mvc/app/models/OPNsense/Base/Constraints/ComparedToFieldConstraint.php
View File

@ -49,7 +49,7 @@ class ComparedToFieldConstraint extends BaseConstraint
* @param string $attribute
* @return boolean
*/
public function validate(\Phalcon\Validation $validator, $attribute)
public function validate(\Phalcon\Validation $validator, $attribute): bool
{
$node = $this->getOption('node');
$field_name = $this->getOption('field');

2
src/opnsense/mvc/app/models/OPNsense/Base/Constraints/DependConstraint.php
View File

@ -46,7 +46,7 @@ class DependConstraint extends BaseConstraint
* @param string $attribute
* @return boolean
*/
public function validate(\Phalcon\Validation $validator, $attribute)
public function validate(\Phalcon\Validation $validator, $attribute): bool
{
$node = $this->getOption('node');
if ($node) {

2
src/opnsense/mvc/app/models/OPNsense/Base/Constraints/SetIfConstraint.php
View File

@ -49,7 +49,7 @@ class SetIfConstraint extends BaseConstraint
* @param string $attribute
* @return boolean
*/
public function validate(\Phalcon\Validation $validator, $attribute)
public function validate(\Phalcon\Validation $validator, $attribute): bool
{
$node = $this->getOption('node');
$field_name = $this->getOption('field');

2
src/opnsense/mvc/app/models/OPNsense/Base/Constraints/SingleSelectConstraint.php
View File

@ -44,7 +44,7 @@ class SingleSelectConstraint extends BaseConstraint
* @param string $attribute
* @return boolean
*/
public function validate(\Phalcon\Validation $validator, $attribute)
public function validate(\Phalcon\Validation $validator, $attribute): bool
{
$node = $this->getOption('node');
if ($node) {

2
src/opnsense/mvc/app/models/OPNsense/Base/Constraints/UniqueConstraint.php
View File

@ -43,7 +43,7 @@ class UniqueConstraint extends BaseConstraint
* @param string $attribute
* @return boolean
*/
public function validate(\Phalcon\Validation $validator, $attribute)
public function validate(\Phalcon\Validation $validator, $attribute): bool
{
$node = $this->getOption('node');
$fieldSeparator = chr(10) . chr(0);

8
src/opnsense/mvc/app/models/OPNsense/Base/Validators/CallbackValidator.php
View File

@ -30,16 +30,16 @@
namespace OPNsense\Base\Validators;
use Phalcon\Validation\Validator;
use Phalcon\Validation\AbstractValidator;
use Phalcon\Validation\ValidatorInterface;
use Phalcon\Validation;
use Phalcon\Validation\Message;
use Phalcon\Messages\Message;
/**
* Class CallbackValidator
* @package OPNsense\Base\Validators
*/
class CallbackValidator extends Validator implements ValidatorInterface
class CallbackValidator extends AbstractValidator implements ValidatorInterface
{
/**
@ -49,7 +49,7 @@ class CallbackValidator extends Validator implements ValidatorInterface
* @param string $attribute
* @return boolean
*/
public function validate(Validation $validator, $attribute)
public function validate(Validation $validator, $attribute): bool
{
$callback = $this->getOption('callback');
if ($callback) {

8
src/opnsense/mvc/app/models/OPNsense/Base/Validators/CsvListValidator.php
View File

@ -30,15 +30,15 @@
namespace OPNsense\Base\Validators;
use Phalcon\Validation\Validator;
use Phalcon\Validation\AbstractValidator;
use Phalcon\Validation\ValidatorInterface;
use Phalcon\Validation\Message;
use Phalcon\Messages\Message;
/**
* Class CsvListValidator validate a string list against a list of options
* @package OPNsense\Base\Validators
*/
class CsvListValidator extends Validator implements ValidatorInterface
class CsvListValidator extends AbstractValidator implements ValidatorInterface
{
/**
@ -48,7 +48,7 @@ class CsvListValidator extends Validator implements ValidatorInterface
* @param string $attribute
* @return boolean
*/
public function validate(\Phalcon\Validation $validator, $attribute)
public function validate(\Phalcon\Validation $validator, $attribute): bool
{
$value = $validator->getValue($attribute);
$domain = $this->getOption('domain');

8
src/opnsense/mvc/app/models/OPNsense/Base/Validators/HostValidator.php
View File

@ -30,15 +30,15 @@
namespace OPNsense\Base\Validators;
use Phalcon\Validation\Validator;
use Phalcon\Validation\AbstractValidator;
use Phalcon\Validation\ValidatorInterface;
use Phalcon\Validation\Message;
use Phalcon\Messages\Message;
/**
* Class NetworkValidator validate domain and hostnames
* @package OPNsense\Base\Validators
*/
class HostValidator extends Validator implements ValidatorInterface
class HostValidator extends AbstractValidator implements ValidatorInterface
{
/**
*
@ -46,7 +46,7 @@ class HostValidator extends Validator implements ValidatorInterface
* @param string $attribute
* @return boolean
*/
public function validate(\Phalcon\Validation $validator, $attribute)
public function validate(\Phalcon\Validation $validator, $attribute): bool
{
$result = true;
$msg = $this->getOption('message');

8
src/opnsense/mvc/app/models/OPNsense/Base/Validators/IntegerValidator.php
View File

@ -30,15 +30,15 @@
namespace OPNsense\Base\Validators;
use Phalcon\Validation\Validator;
use Phalcon\Validation\AbstractValidator;
use Phalcon\Validation\ValidatorInterface;
use Phalcon\Validation\Message;
use Phalcon\Messages\Message;
/**
* Class IntegerValidator
* @package OPNsense\Base\Validators
*/
class IntegerValidator extends Validator implements ValidatorInterface
class IntegerValidator extends AbstractValidator implements ValidatorInterface
{
/**
@ -48,7 +48,7 @@ class IntegerValidator extends Validator implements ValidatorInterface
* @param string $attribute
* @return boolean
*/
public function validate(\Phalcon\Validation $validator, $attribute)
public function validate(\Phalcon\Validation $validator, $attribute): bool
{
$value = $validator->getValue($attribute);
$msg = $this->getOption('message');

8
src/opnsense/mvc/app/models/OPNsense/Base/Validators/MinMaxValidator.php
View File

@ -30,15 +30,15 @@
namespace OPNsense\Base\Validators;
use Phalcon\Validation\Validator;
use Phalcon\Validation\AbstractValidator;
use Phalcon\Validation\ValidatorInterface;
use Phalcon\Validation\Message;
use Phalcon\Messages\Message;
/**
* Class MinMaxValidator
* @package OPNsense\Base\Validators
*/
class MinMaxValidator extends Validator implements ValidatorInterface
class MinMaxValidator extends AbstractValidator implements ValidatorInterface
{
/**
* Executes MinMax validation
@ -47,7 +47,7 @@ class MinMaxValidator extends Validator implements ValidatorInterface
* @param string $attribute
* @return boolean
*/
public function validate(\Phalcon\Validation $validator, $attribute)
public function validate(\Phalcon\Validation $validator, $attribute): bool
{
$value = $validator->getValue($attribute);

8
src/opnsense/mvc/app/models/OPNsense/Base/Validators/NetworkValidator.php
View File

@ -30,15 +30,15 @@
namespace OPNsense\Base\Validators;
use Phalcon\Validation\Validator;
use Phalcon\Validation\AbstractValidator;
use Phalcon\Validation\ValidatorInterface;
use Phalcon\Validation\Message;
use Phalcon\Messages\Message;
/**
* Class NetworkValidator validate networks and ip addresses
* @package OPNsense\Base\Validators
*/
class NetworkValidator extends Validator implements ValidatorInterface
class NetworkValidator extends AbstractValidator implements ValidatorInterface
{
/**
* Executes network / ip validation, accepts the following parameters as attributes:
@ -53,7 +53,7 @@ class NetworkValidator extends Validator implements ValidatorInterface
* @param string $attribute
* @return boolean
*/
public function validate(\Phalcon\Validation $validator, $attribute)
public function validate(\Phalcon\Validation $validator, $attribute): bool
{
$result = true;
$msg = $this->getOption('message');

3
src/opnsense/mvc/app/models/OPNsense/Diagnostics/Netflow.php
View File

@ -28,6 +28,7 @@
namespace OPNsense\Diagnostics;
use Phalcon\Messages\Message;
use OPNsense\Base\BaseModel;
/**
@ -66,7 +67,7 @@ class Netflow extends BaseModel
}
if (count($missing)) {
$messages->appendMessage(new \Phalcon\Validation\Message(
$messages->appendMessage(new Message(
sprintf(
gettext('WAN interfaces missing in listening interfaces: %s'),
implode(', ', $missing)

2
src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php
View File

@ -34,7 +34,7 @@ use OPNsense\Base\FieldTypes\BaseField;
use OPNsense\Base\Validators\CallbackValidator;
use Phalcon\Validation\Validator\Regex;
use Phalcon\Validation\Validator\ExclusionIn;
use Phalcon\Validation\Message;
use Phalcon\Messages\Message;
use OPNsense\Firewall\Util;
/**

9
src/opnsense/mvc/app/models/OPNsense/IPsec/IPsec.php
View File

@ -28,6 +28,7 @@
namespace OPNsense\IPsec;
use Phalcon\Messages\Message;
use OPNsense\Base\BaseModel;
/**
@ -69,7 +70,7 @@ class IPsec extends BaseModel
* and private key contents with a sanitized representation as well as storing the key size and fingerprint.
* @param $nodeKey string Fully-qualified key of the keyPair instance within a model
* @param $keyPair \OPNsense\Base\FieldTypes\BaseField Field instance of a keyPair
* @param $messages \Phalcon\Validation\Message\Group Validation message group
* @param $messages \Phalcon\Messages\Messages Validation message group
*/
private function validateKeyPair($nodeKey, $keyPair, $messages)
{
@ -86,7 +87,7 @@ class IPsec extends BaseModel
(string)$keyPair->keyType . '-public'
);
} catch (\Exception $e) {
$messages->appendMessage(new \Phalcon\Validation\Message($e->getMessage(), $nodeKey . '.publicKey'));
$messages->appendMessage(new Message($e->getMessage(), $nodeKey . '.publicKey'));
}
}
@ -98,14 +99,14 @@ class IPsec extends BaseModel
(string)$keyPair->keyType . '-private'
);
} catch (\Exception $e) {
$messages->appendMessage(new \Phalcon\Validation\Message($e->getMessage(), $nodeKey . '.privateKey'));
$messages->appendMessage(new Message($e->getMessage(), $nodeKey . '.privateKey'));
}
}
// Compare SHA1 fingerprint of public and private keys to check if they belong to each other
if ($publicKey && $privateKey) {
if ($publicKey['fingerprint'] !== $privateKey['fingerprint']) {
$messages->appendMessage(new \Phalcon\Validation\Message(
$messages->appendMessage(new Message(
gettext('This private key does not belong to the given public key.'),
$nodeKey . '.privateKey'
));

21
src/opnsense/mvc/app/models/OPNsense/Monit/Monit.php
View File

@ -29,6 +29,7 @@
namespace OPNsense\Monit;
use Phalcon\Messages\Message;
use OPNsense\Base\BaseModel;
/**
@ -149,7 +150,7 @@ class Monit extends BaseModel
/**
* validate full model using all fields and data in a single (1 deep) array
* @param bool $validateFullModel validate full model or only changed fields
* @return \Phalcon\Validation\Message\Group
* @return \Phalcon\Messages\Messages
*/
public function performValidation($validateFullModel = false)
{
@ -172,7 +173,7 @@ class Monit extends BaseModel
$node->isFieldChanged() &&
$this->isTestServiceRelated($testUuid)
) {
$messages->appendMessage(new \Phalcon\Validation\Message(
$messages->appendMessage(new Message(
sprintf(
gettext("Cannot change the test type to '%s'. Test '%s' is linked to a service."),
(string)$node,
@ -191,7 +192,7 @@ class Monit extends BaseModel
strcmp((string)$parentNode->type, $type) != 0 &&
$this->isTestServiceRelated($parentNode->getAttribute('uuid'))
) {
$messages->appendMessage(new \Phalcon\Validation\Message(
$messages->appendMessage(new Message(
sprintf(
gettext("Condition '%s' would change the type of the test '%s' but it is linked to a service."),
(string)$node,
@ -223,7 +224,7 @@ class Monit extends BaseModel
$test->type->getNodeData()[(string)$test->type]['value']
);
$messages->appendMessage(
new \Phalcon\Validation\Message($validationMsg, $key)
new Message($validationMsg, $key)
);
}
}
@ -235,7 +236,7 @@ class Monit extends BaseModel
empty((string)$node) && (string)$parentNode->type == 'process'
&& empty((string)$parentNode->match)
) {
$messages->appendMessage(new \Phalcon\Validation\Message(
$messages->appendMessage(new Message(
gettext("Please set at least one of Pidfile or Match."),
$key
));
@ -246,7 +247,7 @@ class Monit extends BaseModel
empty((string)$node) && (string)$parentNode->type == 'process'
&& empty((string)$parentNode->pidfile)
) {
$messages->appendMessage(new \Phalcon\Validation\Message(
$messages->appendMessage(new Message(
gettext("Please set at least one of Pidfile or Match."),
$key
));
@ -254,7 +255,7 @@ class Monit extends BaseModel
break;
case 'address':
if (empty((string)$node) && (string)$parentNode->type == 'host') {
$messages->appendMessage(new \Phalcon\Validation\Message(
$messages->appendMessage(new Message(
gettext("Address is mandatory for 'Remote Host' checks."),
$key
));
@ -262,7 +263,7 @@ class Monit extends BaseModel
empty((string)$node) && (string)$parentNode->type == 'network'
&& empty((string)$parentNode->interface)
) {
$messages->appendMessage(new \Phalcon\Validation\Message(
$messages->appendMessage(new Message(
gettext("Please set at least one of Address or Interface."),
$key
));
@ -273,7 +274,7 @@ class Monit extends BaseModel
empty((string)$node) && (string)$parentNode->type == 'network'
&& empty((string)$parentNode->address)
) {
$messages->appendMessage(new \Phalcon\Validation\Message(
$messages->appendMessage(new Message(
gettext("Please set at least one of Address or Interface."),
$key
));
@ -286,7 +287,7 @@ class Monit extends BaseModel
['file', 'fifo', 'filesystem', 'directory']
)
) {
$messages->appendMessage(new \Phalcon\Validation\Message(
$messages->appendMessage(new Message(
gettext("Path is mandatory."),
$key
));

6
src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.php
View File

@ -51,7 +51,7 @@ class Proxy extends BaseModel
switch ($match_type) {
case 'url_matches':
if (strlen((string)$match->url) == 0) {
$result->appendMessage(new \Phalcon\Validation\Message(
$result->appendMessage(new \Phalcon\Messages\Message(
gettext('URL must be set.'),
'pac.match.url'
));
@ -61,7 +61,7 @@ class Proxy extends BaseModel
case 'dns_domain_is':
case 'is_resolvable':
if (strlen((string)$match->hostname) == 0) {
$result->appendMessage(new \Phalcon\Validation\Message(
$result->appendMessage(new \Phalcon\Messages\Message(
gettext('Hostname must be set.'),
'pac.match.hostname'
));
@ -70,7 +70,7 @@ class Proxy extends BaseModel
case 'destination_in_net':
case 'my_ip_in_net':
if (strlen((string)$match->network) == 0) {
$result->appendMessage(new \Phalcon\Validation\Message(
$result->appendMessage(new \Phalcon\Messages\Message(
gettext('Network must be set.'),
'pac.match.network'
));

5
src/opnsense/mvc/app/models/OPNsense/Routes/Route.php
View File

@ -31,6 +31,7 @@
namespace OPNsense\Routes;
use Phalcon\Messages\Message;
use OPNsense\Base\BaseModel;
/**
@ -42,7 +43,7 @@ class Route extends BaseModel
/**
* extended validations
* @param bool $validateFullModel validate full model or only changed fields
* @return \Phalcon\Validation\Message\Group
* @return \Phalcon\Messages\Messages
*/
public function performValidation($validateFullModel = false)
{
@ -71,7 +72,7 @@ class Route extends BaseModel
// When protocols don't match, add a message for this field to the validation result.
if (empty($gateway_ip) || $gateway_proto != $proto_net) {
$node_validators = $node->getValidators();
$result->appendMessage(new \Phalcon\Validation\Message(
$result->appendMessage(new Message(
$node_validators[0]->getOption("message"),
$key
));

3
src/opnsense/mvc/app/models/OPNsense/Syslog/Syslog.php
View File

@ -28,6 +28,7 @@
namespace OPNsense\Syslog;
use Phalcon\Messages\Message;
use OPNsense\Base\BaseModel;
use OPNsense\Firewall\Util;
@ -56,7 +57,7 @@ class Syslog extends BaseModel
$ipproto = ((string)$parentNode->transport)[3];
$hostproto = strpos((string)$parentNode->hostname, ":") === false ? "4" : "6";
if (Util::isIpAddress((string)$parentNode->hostname) && $ipproto != $hostproto) {
$messages->appendMessage(new \Phalcon\Validation\Message(
$messages->appendMessage(new Message(
gettext("Transport protocol does not match address in hostname"),
$key
));

2
src/opnsense/www/api.php
View File

@ -23,7 +23,7 @@ try {
*/
$application = new \Phalcon\Mvc\Application($di);
echo $application->handle()->getContent();
echo $application->handle($_SERVER['REQUEST_URI'])->getContent();
} catch (Exception $e) {
$response = array();
$response['errorMessage'] = $e->getMessage();

2
src/opnsense/www/index.php
View File

@ -69,7 +69,7 @@ try {
*/
$application = new \Phalcon\Mvc\Application($di);
echo $application->handle()->getContent();
echo $application->handle($_SERVER['REQUEST_URI'])->getContent();
} catch (\Exception $e) {
if (
isset($application) || (

44
src/www/csrf.inc
View File

@ -33,37 +33,36 @@ class LegacyCSRF
private $session = null;
private $is_html_output = false;
public function __construct()
{
$this->di = new \Phalcon\DI\FactoryDefault();
$this->security = new Phalcon\Security();
$this->security->setDi($this->di);
// register rewrite handler
ob_start(array($this,'csrfRewriteHandler'), 5242880);
}
private function Session()
{
global $config;
if ($this->session == null) {
$this->session = new Phalcon\Session\Adapter\Files();
$this->session->start();
// register rewrite handler
if (session_status() == PHP_SESSION_NONE) {
// Handle HTTPS httponly and secure flags
$currentCookieParams = session_get_cookie_params();
session_set_cookie_params(
$currentCookieParams["lifetime"],
$currentCookieParams["path"],
null,
($config['system']['webgui']['protocol'] == "https"),
true
);
session_start();
$secure = $config['system']['webgui']['protocol'] == 'https';
setcookie(session_name(), session_id(), null, '/', null, $secure, true);
$this->di->setShared('session', $this->session);
}
ob_start(array($this,'csrfRewriteHandler'), 5242880);
}
public function checkToken()
{
$result = false; // default, not valid
$this->Session();
$securityTokenKey = $_SESSION['$PHALCON/CSRF/KEY$'];
if (empty($_POST[$securityTokenKey])) {
if (!empty($_SERVER['HTTP_X_CSRFTOKEN'])) {
$result = $this->security->checkToken(null, $_SERVER['HTTP_X_CSRFTOKEN'], false);
$result = $_SERVER['HTTP_X_CSRFTOKEN'] == $_SESSION['$PHALCON/CSRF$'];
}
} else {
$result = $this->security->checkToken($securityTokenKey, $_POST[$securityTokenKey], false);
$result = $_POST[$securityTokenKey] == $_SESSION['$PHALCON/CSRF$'];
}
// close session after validation
session_write_close();
@ -72,15 +71,13 @@ class LegacyCSRF
private function newToken()
{
$this->Session();
$random = new \Phalcon\Security\Random();
// only request new token when session has none
$securityTokenKey = $_SESSION['$PHALCON/CSRF/KEY$'];
$securityToken = $_SESSION['$PHALCON/CSRF$'];
if (empty($securityToken) || empty($securityTokenKey)) {
$securityToken = $this->security->getToken();
$securityTokenKey = $this->security->getTokenKey();
if (empty($_SESSION['$PHALCON/CSRF/KEY$']) || empty($_SESSION['$PHALCON/CSRF$'])) {
$_SESSION['$PHALCON/CSRF$'] = $random->base64Safe(16);
$_SESSION['$PHALCON/CSRF/KEY$'] = $random->base64Safe(16);
}
return array('token'=>$securityToken, 'key' => $securityTokenKey);
return array('token' => $_SESSION['$PHALCON/CSRF$'], 'key' => $_SESSION['$PHALCON/CSRF/KEY$']);
}
public function csrfRewriteHandler($buffer)
@ -113,6 +110,7 @@ class LegacyCSRF
$LegacyCSRFObject = new LegacyCSRF();
if ($_SERVER['REQUEST_METHOD'] !== 'GET' && !$LegacyCSRFObject->checkToken()) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
echo sprintf("<html><head><title>%s</title></head>