mirror of
https://github.com/YunoHost-Apps/spip_ynh.git
synced 2024-09-03 20:25:59 +02:00
commit
0997504dd6
24 changed files with 902 additions and 1373 deletions
130
.github/workflows/updater.sh
vendored
130
.github/workflows/updater.sh
vendored
|
@ -1,130 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# PACKAGE UPDATING HELPER
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# This script is meant to be run by GitHub Actions
|
|
||||||
# The YunoHost-Apps organisation offers a template Action to run this script periodically
|
|
||||||
# Since each app is different, maintainers can adapt its contents so as to perform
|
|
||||||
# automatic actions when a new upstream release is detected.
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# FETCHING LATEST RELEASE AND ITS ASSETS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Fetching information
|
|
||||||
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
|
|
||||||
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://git.spip.net/")[1]')
|
|
||||||
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
|
|
||||||
version=$(curl --silent "https://git.spip.net/api/v1/repos/spip/spip/tags" | jq -r '.[] | .name' | grep -v "alpha" | grep -v "beta" | grep -v "rc" | sort -V | tail -1)
|
|
||||||
assets=("https://files.spip.net/spip/archives/spip-$version.zip")
|
|
||||||
|
|
||||||
# Later down the script, we assume the version has only digits and dots
|
|
||||||
# Sometimes the release name starts with a "v", so let's filter it out.
|
|
||||||
# You may need more tweaks here if the upstream repository has different naming conventions.
|
|
||||||
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
|
|
||||||
version=${version:1}
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Setting up the environment variables
|
|
||||||
echo "Current version: $current_version"
|
|
||||||
echo "Latest release from upstream: $version"
|
|
||||||
echo "VERSION=$version" >> $GITHUB_ENV
|
|
||||||
# For the time being, let's assume the script will fail
|
|
||||||
echo "PROCEED=false" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
# Proceed only if the retrieved version is greater than the current one
|
|
||||||
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
|
|
||||||
echo "::warning ::No new version available"
|
|
||||||
exit 0
|
|
||||||
# Proceed only if a PR for this new version does not already exist
|
|
||||||
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
|
|
||||||
echo "::warning ::A branch already exists for this update"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
|
|
||||||
echo "${#assets[@]} available asset(s)"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# UPDATE SOURCE FILES
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Here we use the $assets variable to get the resources published in the upstream release.
|
|
||||||
# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
|
|
||||||
|
|
||||||
# Let's loop over the array of assets URLs
|
|
||||||
for asset_url in "${assets[@]}"; do
|
|
||||||
|
|
||||||
echo "Handling asset at $asset_url"
|
|
||||||
|
|
||||||
# Assign the asset to a source file in conf/ directory
|
|
||||||
# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
|
|
||||||
# Leave $src empty to ignore the asset
|
|
||||||
case $asset_url in
|
|
||||||
*"v$version.zip"*)
|
|
||||||
src="app"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
src=""
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# If $src is not empty, let's process the asset
|
|
||||||
if [ ! -z "$src" ]; then
|
|
||||||
|
|
||||||
# Create the temporary directory
|
|
||||||
tempdir="$(mktemp -d)"
|
|
||||||
|
|
||||||
# Download sources and calculate checksum
|
|
||||||
filename=${asset_url##*/}
|
|
||||||
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
|
|
||||||
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
|
|
||||||
|
|
||||||
# Delete temporary directory
|
|
||||||
rm -rf $tempdir
|
|
||||||
|
|
||||||
# Get extension
|
|
||||||
if [[ $filename == *.tar.gz ]]; then
|
|
||||||
extension=tar.gz
|
|
||||||
else
|
|
||||||
extension=${filename##*.}
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Rewrite source file
|
|
||||||
cat <<EOT > conf/$src.src
|
|
||||||
SOURCE_URL=$asset_url
|
|
||||||
SOURCE_SUM=$checksum
|
|
||||||
SOURCE_SUM_PRG=sha256sum
|
|
||||||
SOURCE_FORMAT=$extension
|
|
||||||
SOURCE_IN_SUBDIR=false
|
|
||||||
SOURCE_EXTRACT=true
|
|
||||||
EOT
|
|
||||||
echo "... conf/$src.src updated"
|
|
||||||
|
|
||||||
else
|
|
||||||
echo "... asset ignored"
|
|
||||||
fi
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SPECIFIC UPDATE STEPS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Any action on the app's source code can be done.
|
|
||||||
# The GitHub Action workflow takes care of committing all changes after this script ends.
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# GENERIC FINALIZATION
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Replace new version in manifest
|
|
||||||
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
|
|
||||||
|
|
||||||
# No need to update the README, yunohost-bot takes care of it
|
|
||||||
|
|
||||||
# The Action will proceed only if the PROCEED environment variable is set to true
|
|
||||||
echo "PROCEED=true" >> $GITHUB_ENV
|
|
||||||
exit 0
|
|
49
.github/workflows/updater.yml
vendored
49
.github/workflows/updater.yml
vendored
|
@ -1,49 +0,0 @@
|
||||||
# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
|
|
||||||
# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
|
|
||||||
# This file should be enough by itself, but feel free to tune it to your needs.
|
|
||||||
# It calls updater.sh, which is where you should put the app-specific update steps.
|
|
||||||
name: Check for new upstream releases
|
|
||||||
on:
|
|
||||||
# Allow to manually trigger the workflow
|
|
||||||
workflow_dispatch:
|
|
||||||
# Run it every day at 6:00 UTC
|
|
||||||
schedule:
|
|
||||||
- cron: '0 6 * * *'
|
|
||||||
jobs:
|
|
||||||
updater:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Fetch the source code
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
- name: Run the updater script
|
|
||||||
id: run_updater
|
|
||||||
run: |
|
|
||||||
# Setting up Git user
|
|
||||||
git config --global user.name 'yunohost-bot'
|
|
||||||
git config --global user.email 'yunohost-bot@users.noreply.github.com'
|
|
||||||
# Run the updater script
|
|
||||||
/bin/bash .github/workflows/updater.sh
|
|
||||||
- name: Commit changes
|
|
||||||
id: commit
|
|
||||||
if: ${{ env.PROCEED == 'true' }}
|
|
||||||
run: |
|
|
||||||
git commit -am "Upgrade to v$VERSION"
|
|
||||||
- name: Create Pull Request
|
|
||||||
id: cpr
|
|
||||||
if: ${{ env.PROCEED == 'true' }}
|
|
||||||
uses: peter-evans/create-pull-request@v4
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
commit-message: Update to version ${{ env.VERSION }}
|
|
||||||
committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
|
|
||||||
author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
|
|
||||||
signoff: false
|
|
||||||
base: testing
|
|
||||||
branch: ci-auto-update-v${{ env.VERSION }}
|
|
||||||
delete-branch: true
|
|
||||||
title: 'Upgrade to version ${{ env.VERSION }}'
|
|
||||||
body: |
|
|
||||||
Upgrade to v${{ env.VERSION }}
|
|
||||||
draft: false
|
|
35
README.md
35
README.md
|
@ -26,41 +26,6 @@ CMS with a focus on collaborative edition and multilingualism
|
||||||
|
|
||||||
![Screenshot of SPIP](./doc/screenshots/220px-Logo_SPIP.png)
|
![Screenshot of SPIP](./doc/screenshots/220px-Logo_SPIP.png)
|
||||||
|
|
||||||
## Disclaimers / important information
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
How to configure this app: by an admin panel.
|
|
||||||
|
|
||||||
#### Multi-users support
|
|
||||||
|
|
||||||
* Are LDAP and HTTP auth supported? **Yes**
|
|
||||||
* Can the app be used by multiple users? **Yes**
|
|
||||||
|
|
||||||
## Migrate from SPIP2
|
|
||||||
|
|
||||||
**This is not considered as stable yet, please do it with care and only for testing!**
|
|
||||||
|
|
||||||
This package handle the migration from SPIP2 to SPIP. For that, your
|
|
||||||
SPIP2 application must be **up-to-date** in YunoHost. To ensure that, execute:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/spip2_ynh spip2 --debug
|
|
||||||
```
|
|
||||||
|
|
||||||
You will then have to upgrade your SPIP2 application with this repository.
|
|
||||||
This can only be done from the command-line interface - e.g. through SSH. Once you're connected, you simply have to execute the following:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/spip_ynh spip2 --debug
|
|
||||||
```
|
|
||||||
|
|
||||||
The `--debug` option will let you see the full output. If you encounter any issue, please paste it.
|
|
||||||
|
|
||||||
Note that a cron job will be executed at some time after the end of this
|
|
||||||
command. You must wait that before doing any other application operations!
|
|
||||||
You should see that SPIP is installed after that.
|
|
||||||
|
|
||||||
## Documentation and resources
|
## Documentation and resources
|
||||||
|
|
||||||
* Official app website: <http://www.spip.net/>
|
* Official app website: <http://www.spip.net/>
|
||||||
|
|
34
README_fr.md
34
README_fr.md
|
@ -16,7 +16,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
|
||||||
|
|
||||||
## Vue d’ensemble
|
## Vue d’ensemble
|
||||||
|
|
||||||
CMS conçu pour l'édition collaborative et le multilinguisme
|
CMS with a focus on collaborative edition and multilingualism
|
||||||
|
|
||||||
**Version incluse :** 4.2.2~ynh1
|
**Version incluse :** 4.2.2~ynh1
|
||||||
|
|
||||||
|
@ -26,38 +26,6 @@ CMS conçu pour l'édition collaborative et le multilinguisme
|
||||||
|
|
||||||
![Capture d’écran de SPIP](./doc/screenshots/220px-Logo_SPIP.png)
|
![Capture d’écran de SPIP](./doc/screenshots/220px-Logo_SPIP.png)
|
||||||
|
|
||||||
## Avertissements / informations importantes
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
Comment configurer cette application: via le panneau d'administration.
|
|
||||||
|
|
||||||
#### Support multi-utilisateurs
|
|
||||||
|
|
||||||
* L'authentification LDAP et HTTP est-elle prise en charge? **Oui**
|
|
||||||
* L'application peut-elle être utilisée par plusieurs utilisateurs? **Oui**
|
|
||||||
|
|
||||||
## Migration depuis SPIP2
|
|
||||||
|
|
||||||
**Ceci n'est pas encore considéré comme stable, veuillez le faire avec soin et uniquement pour test!**
|
|
||||||
|
|
||||||
Ce paquet gère la migration de SPIP2 vers SPIP. Pour cela, votre application SPIP2 doit être **à jour** dans YunoHost. Pour s'en assurer :
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/spip2_ynh spip2 --debug
|
|
||||||
```
|
|
||||||
|
|
||||||
Vous devrez ensuite mettre à jour votre application SPIP2 avec ce dépôt.
|
|
||||||
Cela ne peut se faire qu'à partir de l'interface en ligne de commande - par exemple via SSH. Une fois connecté, il vous suffit d'exécuter ce qui suit :
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/spip_ynh spip2 --debug
|
|
||||||
```
|
|
||||||
|
|
||||||
L'option `--debug` vous permettra de voir la sortie complète. Si vous rencontrez un problème, veuillez ouvrir une issue.
|
|
||||||
|
|
||||||
Notez qu'une tâche cron sera exécutée après la fin de cette commande. Vous devez attendre cela avant de faire toute autre opération d'application ! Vous devriez voir que SPIP est installé après cela.
|
|
||||||
|
|
||||||
## Documentations et ressources
|
## Documentations et ressources
|
||||||
|
|
||||||
* Site officiel de l’app : <http://www.spip.net/>
|
* Site officiel de l’app : <http://www.spip.net/>
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
SOURCE_URL=https://files.spip.net/spip/archives/spip-v4.2.2.zip
|
|
||||||
SOURCE_SUM=47ab43b1ac8014b70e60867ecd9474a2afeaff471852eab0f41b94cb077d18d1
|
|
||||||
SOURCE_SUM_PRG=sha256sum
|
|
||||||
SOURCE_FORMAT=zip
|
|
||||||
SOURCE_IN_SUBDIR=false
|
|
||||||
SOURCE_EXTRACT=true
|
|
758
conf/ecran_securite.php
Normal file
758
conf/ecran_securite.php
Normal file
|
@ -0,0 +1,758 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* ecran_securite.php
|
||||||
|
* ------------------
|
||||||
|
*/
|
||||||
|
|
||||||
|
define('_ECRAN_SECURITE', '1.5.3'); // 2023-05-31
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Documentation : https://www.spip.net/fr_article4200.html
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Test utilisateur
|
||||||
|
*/
|
||||||
|
if (isset($_GET['test_ecran_securite'])) {
|
||||||
|
$ecran_securite_raison = 'test ' . _ECRAN_SECURITE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (file_exists($f = __DIR__ . DIRECTORY_SEPARATOR . 'ecran_securite_options.php')) {
|
||||||
|
include ($f);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Monitoring
|
||||||
|
* var_isbot=0 peut etre utilise par un bot de monitoring pour surveiller la disponibilite d'un site vu par les users
|
||||||
|
* var_isbot=1 peut etre utilise pour monitorer la disponibilite pour les bots (sujets a 503 de delestage si
|
||||||
|
* le load depasse ECRAN_SECURITE_LOAD)
|
||||||
|
*/
|
||||||
|
if (!defined('_IS_BOT') and isset($_GET['var_isbot'])) {
|
||||||
|
define('_IS_BOT', $_GET['var_isbot'] ? true : false);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Détecteur de robot d'indexation
|
||||||
|
*/
|
||||||
|
if (!defined('_IS_BOT')) {
|
||||||
|
define(
|
||||||
|
'_IS_BOT',
|
||||||
|
isset($_SERVER['HTTP_USER_AGENT'])
|
||||||
|
and preg_match(
|
||||||
|
','
|
||||||
|
. implode('|', array(
|
||||||
|
// mots generiques
|
||||||
|
'bot',
|
||||||
|
'slurp',
|
||||||
|
'crawler',
|
||||||
|
'crwlr',
|
||||||
|
'java',
|
||||||
|
'monitoring',
|
||||||
|
'spider',
|
||||||
|
'webvac',
|
||||||
|
'yandex',
|
||||||
|
'MSIE 6\.0', // botnet 99,9% du temps
|
||||||
|
// UA plus cibles
|
||||||
|
'200please',
|
||||||
|
'80legs',
|
||||||
|
'a6-indexer',
|
||||||
|
'aboundex',
|
||||||
|
'accoona',
|
||||||
|
'acrylicapps',
|
||||||
|
'addthis',
|
||||||
|
'adressendeutschland',
|
||||||
|
'alexa',
|
||||||
|
'altavista',
|
||||||
|
'analyticsseo',
|
||||||
|
'antennapod',
|
||||||
|
'arachnys',
|
||||||
|
'archive',
|
||||||
|
'argclrint',
|
||||||
|
'aspseek',
|
||||||
|
'baidu',
|
||||||
|
'begunadvertising',
|
||||||
|
'bing',
|
||||||
|
'bloglines',
|
||||||
|
'buck',
|
||||||
|
'browsershots',
|
||||||
|
'bubing',
|
||||||
|
'butterfly',
|
||||||
|
'changedetection',
|
||||||
|
'charlotte',
|
||||||
|
'chilkat',
|
||||||
|
'china',
|
||||||
|
'coccoc',
|
||||||
|
'crowsnest',
|
||||||
|
'dataminr',
|
||||||
|
'daumoa',
|
||||||
|
'dlvr\.it',
|
||||||
|
'dlweb',
|
||||||
|
'drupal',
|
||||||
|
'ec2linkfinder',
|
||||||
|
'eset\.com',
|
||||||
|
'estyle',
|
||||||
|
'exalead',
|
||||||
|
'ezooms',
|
||||||
|
'facebookexternalhit',
|
||||||
|
'facebookplatform',
|
||||||
|
'fairshare',
|
||||||
|
'feedfetcher',
|
||||||
|
'feedfetcher-google',
|
||||||
|
'feedly',
|
||||||
|
'fetch',
|
||||||
|
'flipboardproxy',
|
||||||
|
'genieo',
|
||||||
|
'google',
|
||||||
|
'go-http-client',
|
||||||
|
'grapeshot',
|
||||||
|
'hatena-useragent',
|
||||||
|
'head',
|
||||||
|
'hosttracker',
|
||||||
|
'hubspot',
|
||||||
|
'ia_archiver',
|
||||||
|
'ichiro',
|
||||||
|
'iltrovatore-setaccio',
|
||||||
|
'immediatenet',
|
||||||
|
'ina',
|
||||||
|
'inoreader',
|
||||||
|
'infegyatlas',
|
||||||
|
'infohelfer',
|
||||||
|
'instapaper',
|
||||||
|
'jabse',
|
||||||
|
'james',
|
||||||
|
'jersey',
|
||||||
|
'kumkie',
|
||||||
|
'linkdex',
|
||||||
|
'linkfluence',
|
||||||
|
'linkwalker',
|
||||||
|
'litefinder',
|
||||||
|
'loadimpactpageanalyzer',
|
||||||
|
'ltx71',
|
||||||
|
'luminate',
|
||||||
|
'lycos',
|
||||||
|
'lycosa',
|
||||||
|
'mediapartners-google',
|
||||||
|
'msai',
|
||||||
|
'myapp',
|
||||||
|
'nativehost',
|
||||||
|
'najdi',
|
||||||
|
'netcraftsurveyagent',
|
||||||
|
'netestate',
|
||||||
|
'netseer',
|
||||||
|
'netnewswire',
|
||||||
|
'newspaper',
|
||||||
|
'newsblur',
|
||||||
|
'nuhk',
|
||||||
|
'nuzzel',
|
||||||
|
'okhttp',
|
||||||
|
'otmedia',
|
||||||
|
'owlin',
|
||||||
|
'owncloud',
|
||||||
|
'panscient',
|
||||||
|
'paper\.li',
|
||||||
|
'parsijoo',
|
||||||
|
'protopage',
|
||||||
|
'plukkie',
|
||||||
|
'proximic',
|
||||||
|
'pubsub',
|
||||||
|
'python',
|
||||||
|
'qirina',
|
||||||
|
'qoshe',
|
||||||
|
'qualidator',
|
||||||
|
'qwantify',
|
||||||
|
'rambler',
|
||||||
|
'readability',
|
||||||
|
'ruby',
|
||||||
|
'sbsearch',
|
||||||
|
'scoop\.it',
|
||||||
|
'scooter',
|
||||||
|
'scoutjet',
|
||||||
|
'scrapy',
|
||||||
|
'scrubby',
|
||||||
|
'scrubbybloglines',
|
||||||
|
'shareaholic',
|
||||||
|
'shopwiki',
|
||||||
|
'simplepie',
|
||||||
|
'sistrix',
|
||||||
|
'sitechecker',
|
||||||
|
'siteexplorer',
|
||||||
|
'snapshot',
|
||||||
|
'sogou',
|
||||||
|
'special_archiver',
|
||||||
|
'speedy',
|
||||||
|
'spinn3r',
|
||||||
|
'spreadtrum',
|
||||||
|
'steeler',
|
||||||
|
'subscriber',
|
||||||
|
'suma',
|
||||||
|
'superdownloads',
|
||||||
|
'svenska-webbsido',
|
||||||
|
'teoma',
|
||||||
|
'the knowledge AI',
|
||||||
|
'thumbshots',
|
||||||
|
'tineye',
|
||||||
|
'traackr',
|
||||||
|
'trendiction',
|
||||||
|
'trendsmap',
|
||||||
|
'tweetedtimes',
|
||||||
|
'tweetmeme',
|
||||||
|
'universalfeedparser',
|
||||||
|
'uaslinkchecker',
|
||||||
|
'undrip',
|
||||||
|
'unwindfetchor',
|
||||||
|
'upday',
|
||||||
|
'vedma',
|
||||||
|
'vkshare',
|
||||||
|
'vm',
|
||||||
|
'wch',
|
||||||
|
'webalta',
|
||||||
|
'webcookies',
|
||||||
|
'webparser',
|
||||||
|
'webthumbnail',
|
||||||
|
'wesee',
|
||||||
|
'wise-guys',
|
||||||
|
'woko',
|
||||||
|
'wordpress',
|
||||||
|
'wotbox',
|
||||||
|
'y!j-bri',
|
||||||
|
'y!j-bro',
|
||||||
|
'y!j-brw',
|
||||||
|
'y!j-bsc',
|
||||||
|
'yahoo',
|
||||||
|
'yahoo!',
|
||||||
|
'yahooysmcm',
|
||||||
|
'ymobactus',
|
||||||
|
'yats',
|
||||||
|
'yeti',
|
||||||
|
'zeerch'
|
||||||
|
)) . ',i',
|
||||||
|
(string)$_SERVER['HTTP_USER_AGENT']
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
if (!defined('_IS_BOT_FRIEND')) {
|
||||||
|
define(
|
||||||
|
'_IS_BOT_FRIEND',
|
||||||
|
isset($_SERVER['HTTP_USER_AGENT'])
|
||||||
|
and preg_match(
|
||||||
|
',' . implode('|', array(
|
||||||
|
'facebookexternalhit',
|
||||||
|
'twitterbot',
|
||||||
|
'flipboardproxy',
|
||||||
|
'wordpress'
|
||||||
|
)) . ',i',
|
||||||
|
(string)$_SERVER['HTTP_USER_AGENT']
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Interdit de passer une variable id_article (ou id_xxx) qui ne
|
||||||
|
* soit pas numérique (ce qui bloque l'exploitation de divers trous
|
||||||
|
* de sécurité, dont celui de toutes les versions < 1.8.2f)
|
||||||
|
* (sauf pour id_table, qui n'est pas numérique jusqu'à [5743])
|
||||||
|
* (id_base est une variable de la config des widgets de WordPress)
|
||||||
|
*/
|
||||||
|
$_exceptions = array('id_table', 'id_base', 'id_parent', 'id_article_pdf');
|
||||||
|
foreach ($_GET as $var => $val) {
|
||||||
|
if (
|
||||||
|
$_GET[$var] and strncmp($var, "id_", 3) == 0
|
||||||
|
and !in_array($var, $_exceptions)
|
||||||
|
) {
|
||||||
|
$_GET[$var] = is_array($_GET[$var]) ? @array_map('intval', $_GET[$var]) : intval($_GET[$var]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
foreach ($_POST as $var => $val) {
|
||||||
|
if (
|
||||||
|
$_POST[$var] and strncmp($var, "id_", 3) == 0
|
||||||
|
and !in_array($var, $_exceptions)
|
||||||
|
) {
|
||||||
|
$_POST[$var] = is_array($_POST[$var]) ? @array_map('intval', $_POST[$var]) : intval($_POST[$var]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
foreach ($GLOBALS as $var => $val) {
|
||||||
|
if (
|
||||||
|
$GLOBALS[$var] and strncmp($var, "id_", 3) == 0
|
||||||
|
and !in_array($var, $_exceptions)
|
||||||
|
) {
|
||||||
|
$GLOBALS[$var] = is_array($GLOBALS[$var]) ? @array_map('intval', $GLOBALS[$var]) : intval($GLOBALS[$var]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Interdit la variable $cjpeg_command, qui était utilisée sans
|
||||||
|
* précaution dans certaines versions de dev (1.8b2 -> 1.8b5)
|
||||||
|
*/
|
||||||
|
$cjpeg_command = '';
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Contrôle de quelques variables (XSS)
|
||||||
|
*/
|
||||||
|
foreach (array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) {
|
||||||
|
if (isset($_GET[$var])) {
|
||||||
|
$_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]);
|
||||||
|
}
|
||||||
|
if (isset($_POST[$var])) {
|
||||||
|
$_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Filtre l'accès à spip_acces_doc (injection SQL en 1.8.2x)
|
||||||
|
*/
|
||||||
|
if (isset($_SERVER['REQUEST_URI'])) {
|
||||||
|
if (preg_match(',^(.*/)?spip_acces_doc\.,', (string)$_SERVER['REQUEST_URI'])) {
|
||||||
|
$file = addslashes((string)$_GET['file']);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Pas d'inscription abusive
|
||||||
|
*/
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['mode']) and isset($_REQUEST['page'])
|
||||||
|
and !in_array($_REQUEST['mode'], array("6forum", "1comite"))
|
||||||
|
and $_REQUEST['page'] == "identifiants"
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "identifiants";
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Agenda joue à l'injection php
|
||||||
|
*/
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['partie_cal'])
|
||||||
|
and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal'])
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "partie_cal";
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['echelle'])
|
||||||
|
and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle'])
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "echelle";
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Espace privé
|
||||||
|
*/
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['exec'])
|
||||||
|
and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec'])
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "exec";
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['cherche_auteur'])
|
||||||
|
and preg_match(',[<],', (string)$_REQUEST['cherche_auteur'])
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "cherche_auteur";
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['exec'])
|
||||||
|
and $_REQUEST['exec'] == 'auteurs'
|
||||||
|
and isset($_REQUEST['recherche'])
|
||||||
|
and preg_match(',[<],', (string)$_REQUEST['recherche'])
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "recherche";
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['exec'])
|
||||||
|
and $_REQUEST['exec'] == 'info_plugin'
|
||||||
|
and isset($_REQUEST['plugin'])
|
||||||
|
and preg_match(',[<],', (string)$_REQUEST['plugin'])
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "plugin";
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['exec'])
|
||||||
|
and $_REQUEST['exec'] == 'puce_statut'
|
||||||
|
and isset($_REQUEST['id'])
|
||||||
|
and !intval($_REQUEST['id'])
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "puce_statut";
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['action'])
|
||||||
|
and $_REQUEST['action'] == 'configurer'
|
||||||
|
) {
|
||||||
|
if (
|
||||||
|
@file_exists('inc_version.php')
|
||||||
|
or @file_exists('ecrire/inc_version.php')
|
||||||
|
) {
|
||||||
|
function action_configurer() {
|
||||||
|
include_spip('inc/autoriser');
|
||||||
|
if (!autoriser('configurer', _request('configuration'))) {
|
||||||
|
include_spip('inc/minipres');
|
||||||
|
echo minipres(_T('info_acces_interdit'));
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
require _DIR_RESTREINT . 'action/configurer.php';
|
||||||
|
action_configurer_dist();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['action'])
|
||||||
|
and $_REQUEST['action'] == 'ordonner_liens_documents'
|
||||||
|
and isset($_REQUEST['ordre'])
|
||||||
|
and is_string($_REQUEST['ordre'])
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "ordre a la chaine";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Bloque les requêtes contenant %00 (manipulation d'include)
|
||||||
|
*/
|
||||||
|
if (strpos(
|
||||||
|
(function_exists('get_magic_quotes_gpc') and @get_magic_quotes_gpc())
|
||||||
|
? stripslashes(serialize($_REQUEST))
|
||||||
|
: serialize($_REQUEST),
|
||||||
|
chr(0)
|
||||||
|
) !== false) {
|
||||||
|
$ecran_securite_raison = "%00";
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Bloque les requêtes fond=formulaire_
|
||||||
|
*/
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['fond'])
|
||||||
|
and preg_match(',^formulaire_,i', $_REQUEST['fond'])
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "fond=formulaire_";
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Bloque les requêtes du type ?GLOBALS[type_urls]=toto (bug vieux php)
|
||||||
|
*/
|
||||||
|
if (isset($_REQUEST['GLOBALS'])) {
|
||||||
|
$ecran_securite_raison = "GLOBALS[GLOBALS]";
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Bloque les requêtes des bots sur:
|
||||||
|
* les agenda
|
||||||
|
* les paginations entremélées
|
||||||
|
*/
|
||||||
|
if (_IS_BOT) {
|
||||||
|
if (
|
||||||
|
(isset($_REQUEST['echelle']) and isset($_REQUEST['partie_cal']) and isset($_REQUEST['type']))
|
||||||
|
or (strpos((string)$_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string)$_SERVER['REQUEST_URI']))
|
||||||
|
or (isset($_REQUEST['calendrier_annee']) and strpos((string)$_SERVER['REQUEST_URI'], 'debut_'))
|
||||||
|
or (isset($_REQUEST['calendrier_annee']) and preg_match(',[?&]calendrier_annee=.*&calendrier_annee=,', (string)$_SERVER['REQUEST_URI']))
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "robot agenda/double pagination";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Bloque une vieille page de tests de CFG (<1.11)
|
||||||
|
* Bloque un XSS sur une page inexistante
|
||||||
|
*/
|
||||||
|
if (isset($_REQUEST['page'])) {
|
||||||
|
if ($_REQUEST['page'] == 'test_cfg') {
|
||||||
|
$ecran_securite_raison = "test_cfg";
|
||||||
|
}
|
||||||
|
if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) {
|
||||||
|
$ecran_securite_raison = "xsspage";
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
$_REQUEST['page'] == '404'
|
||||||
|
and isset($_REQUEST['erreur'])
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "xss404";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* XSS par array
|
||||||
|
*/
|
||||||
|
foreach (array('var_login') as $var) {
|
||||||
|
if (isset($_REQUEST[$var]) and is_array($_REQUEST[$var])) {
|
||||||
|
$ecran_securite_raison = "xss " . $var;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Parade antivirale contre un cheval de troie
|
||||||
|
*/
|
||||||
|
if (!function_exists('tmp_lkojfghx')) {
|
||||||
|
function tmp_lkojfghx() {}
|
||||||
|
function tmp_lkojfghx2($a = 0, $b = 0, $c = 0, $d = 0) {
|
||||||
|
// si jamais on est arrivé ici sur une erreur php
|
||||||
|
// et qu'un autre gestionnaire d'erreur est défini, l'appeller
|
||||||
|
if ($b && $GLOBALS['tmp_xhgfjokl']) {
|
||||||
|
call_user_func($GLOBALS['tmp_xhgfjokl'], $a, $b, $c, $d);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (isset($_POST['tmp_lkojfghx3'])) {
|
||||||
|
$ecran_securite_raison = "gumblar";
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Outils XML mal sécurisés < 2.0.9
|
||||||
|
*/
|
||||||
|
if (isset($_REQUEST['transformer_xml'])) {
|
||||||
|
$ecran_securite_raison = "transformer_xml";
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Outils XML mal sécurisés again
|
||||||
|
*/
|
||||||
|
if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'valider_xml') {
|
||||||
|
$url = trim($_REQUEST['var_url']);
|
||||||
|
if (
|
||||||
|
strncmp($url, '/', 1) == 0
|
||||||
|
or (($p = strpos($url, '..')) !== false and strpos($url, '..', $p + 3) !== false)
|
||||||
|
or (($p = strpos($url, '..')) !== false and strpos($url, 'IMG', $p + 3) !== false)
|
||||||
|
or (strpos($url, '://') !== false or strpos($url, ':\\') !== false)
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = 'URL interdite pour var_url';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Sauvegarde mal securisée < 2.0.9
|
||||||
|
*/
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['nom_sauvegarde'])
|
||||||
|
and strstr((string)$_REQUEST['nom_sauvegarde'], '/')
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = 'nom_sauvegarde manipulee';
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['znom_sauvegarde'])
|
||||||
|
and strstr((string)$_REQUEST['znom_sauvegarde'], '/')
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = 'znom_sauvegarde manipulee';
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* op permet des inclusions arbitraires ;
|
||||||
|
* on vérifie 'page' pour ne pas bloquer ... drupal
|
||||||
|
*/
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['op']) and isset($_REQUEST['page'])
|
||||||
|
and $_REQUEST['op'] !== preg_replace('/[^\\-\w]/', '', $_REQUEST['op'])
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = 'op';
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Forms & Table ne se méfiait pas assez des uploads de fichiers
|
||||||
|
*/
|
||||||
|
if (count($_FILES)) {
|
||||||
|
foreach ($_FILES as $k => $v) {
|
||||||
|
if (
|
||||||
|
preg_match(',^fichier_\d+$,', $k)
|
||||||
|
and preg_match(',\.php,i', $v['name'])
|
||||||
|
) {
|
||||||
|
unset($_FILES[$k]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
* et Contact trop laxiste avec une variable externe
|
||||||
|
* on bloque pas le post pour eviter de perdre des donnees mais on unset la variable et c'est tout
|
||||||
|
*/
|
||||||
|
if (isset($_REQUEST['pj_enregistrees_nom']) and $_REQUEST['pj_enregistrees_nom']) {
|
||||||
|
unset($_REQUEST['pj_enregistrees_nom']);
|
||||||
|
unset($_GET['pj_enregistrees_nom']);
|
||||||
|
unset($_POST['pj_enregistrees_nom']);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* reinstall=oui un peu trop permissif
|
||||||
|
*/
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['reinstall'])
|
||||||
|
and $_REQUEST['reinstall'] == 'oui'
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = 'reinstall=oui';
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Pas d'action pendant l'install
|
||||||
|
*/
|
||||||
|
if (isset($_REQUEST['exec']) and $_REQUEST['exec'] === 'install' and isset($_REQUEST['action'])) {
|
||||||
|
$ecran_securite_raison = 'install&action impossibles';
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Échappement xss referer
|
||||||
|
*/
|
||||||
|
if (isset($_SERVER['HTTP_REFERER'])) {
|
||||||
|
$_SERVER['HTTP_REFERER'] = strtr($_SERVER['HTTP_REFERER'], '<>"\'', '[]##');
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Echappement HTTP_X_FORWARDED_HOST
|
||||||
|
*/
|
||||||
|
if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
|
||||||
|
$_SERVER['HTTP_X_FORWARDED_HOST'] = strtr($_SERVER['HTTP_X_FORWARDED_HOST'], "<>?\"\{\}\$'` \r\n", '____________');
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Pas d'erreur dans l'erreur
|
||||||
|
*/
|
||||||
|
if (isset($_REQUEST['var_erreur']) and isset($_REQUEST['page']) and $_REQUEST['page'] === 'login') {
|
||||||
|
if (strlen($_REQUEST['var_erreur']) !== strcspn($_REQUEST['var_erreur'], '<>')) {
|
||||||
|
$ecran_securite_raison = 'var_erreur incorrecte';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Réinjection des clés en html dans l'admin r19561
|
||||||
|
*/
|
||||||
|
if (
|
||||||
|
(isset($_SERVER['REQUEST_URI']) and strpos($_SERVER['REQUEST_URI'], "ecrire/") !== false)
|
||||||
|
or isset($_REQUEST['var_memotri'])
|
||||||
|
) {
|
||||||
|
$zzzz = implode("", array_keys($_REQUEST));
|
||||||
|
if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) {
|
||||||
|
$ecran_securite_raison = 'Cle incorrecte en $_REQUEST';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Injection par connect
|
||||||
|
*/
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['connect'])
|
||||||
|
// cas qui permettent de sortir d'un commentaire PHP
|
||||||
|
and (
|
||||||
|
strpos($_REQUEST['connect'], "?") !== false
|
||||||
|
or strpos($_REQUEST['connect'], "<") !== false
|
||||||
|
or strpos($_REQUEST['connect'], ">") !== false
|
||||||
|
or strpos($_REQUEST['connect'], "\n") !== false
|
||||||
|
or strpos($_REQUEST['connect'], "\r") !== false
|
||||||
|
)
|
||||||
|
) {
|
||||||
|
$ecran_securite_raison = "malformed connect argument";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* _oups donc
|
||||||
|
*/
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['_oups'])
|
||||||
|
and base64_decode($_REQUEST['_oups'], true) === false) {
|
||||||
|
$ecran_securite_raison = "malformed _oups argument";
|
||||||
|
}
|
||||||
|
|
||||||
|
if (
|
||||||
|
isset($_REQUEST['formulaire_action_args']) || isset($_REQUEST['var_login'])
|
||||||
|
) {
|
||||||
|
foreach ($_REQUEST as $k => $v) {
|
||||||
|
if (is_string($v)
|
||||||
|
and strpbrk($v, "&\"'<>") !== false
|
||||||
|
and preg_match(',^[abis]:\d+[:;],', $v)
|
||||||
|
and __ecran_test_if_serialized($v)
|
||||||
|
) {
|
||||||
|
$_REQUEST[$k] = htmlspecialchars($v, ENT_QUOTES);
|
||||||
|
if (isset($_POST[$k])) $_POST[$k] = $_REQUEST[$k];
|
||||||
|
if (isset($_GET[$k])) $_GET[$k] = $_REQUEST[$k];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
* Version simplifiée de https://developer.wordpress.org/reference/functions/is_serialized/
|
||||||
|
*/
|
||||||
|
function __ecran_test_if_serialized($data) {
|
||||||
|
$data = trim($data);
|
||||||
|
if ('N;' === $data) {return true;}
|
||||||
|
if (strlen($data) < 4) {return false;}
|
||||||
|
if (':' !== $data[1]) {return false;}
|
||||||
|
$semicolon = strpos($data, ';');
|
||||||
|
$brace = strpos($data, '}');
|
||||||
|
// Either ; or } must exist.
|
||||||
|
if (false === $semicolon && false === $brace) {return false;}
|
||||||
|
// But neither must be in the first X characters.
|
||||||
|
if (false !== $semicolon && $semicolon < 3) {return false;}
|
||||||
|
if (false !== $brace && $brace < 4) {return false;}
|
||||||
|
$token = $data[0];
|
||||||
|
if (in_array($token, array('s', 'S', 'a', 'O', 'C', 'o', 'E'))) {
|
||||||
|
if (in_array($token, array('s', 'S')) and false === strpos($data, '"')) {return false;}
|
||||||
|
return (bool)preg_match("/^{$token}:[0-9]+:/s", $data);
|
||||||
|
} elseif (in_array($token, array('b', 'i', 'd'))) {
|
||||||
|
return (bool)preg_match("/^{$token}:[0-9.E+-]+;/", $data);
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* S'il y a une raison de mourir, mourons
|
||||||
|
*/
|
||||||
|
if (isset($ecran_securite_raison)) {
|
||||||
|
header("HTTP/1.0 403 Forbidden");
|
||||||
|
header("Expires: Wed, 11 Jan 1984 05:00:00 GMT");
|
||||||
|
header("Cache-Control: no-cache, must-revalidate");
|
||||||
|
header("Pragma: no-cache");
|
||||||
|
header("Content-Type: text/html");
|
||||||
|
header("Connection: close");
|
||||||
|
die("<html><title>Error 403: Forbidden</title><body><h1>Error 403</h1><p>You are not authorized to view this page ($ecran_securite_raison)</p></body></html>");
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Un filtre filtrer_entites securise
|
||||||
|
*/
|
||||||
|
if (!function_exists('filtre_filtrer_entites_dist')) {
|
||||||
|
function filtre_filtrer_entites_dist($t) {
|
||||||
|
include_spip('inc/texte');
|
||||||
|
return interdire_scripts(filtrer_entites($t));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Fin sécurité
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Bloque les bots quand le load déborde
|
||||||
|
*/
|
||||||
|
if (!defined('_ECRAN_SECURITE_LOAD')) {
|
||||||
|
define('_ECRAN_SECURITE_LOAD', 4);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (
|
||||||
|
defined('_ECRAN_SECURITE_LOAD')
|
||||||
|
and _ECRAN_SECURITE_LOAD > 0
|
||||||
|
and _IS_BOT
|
||||||
|
and !_IS_BOT_FRIEND
|
||||||
|
and $_SERVER['REQUEST_METHOD'] === 'GET'
|
||||||
|
and (
|
||||||
|
(function_exists('sys_getloadavg')
|
||||||
|
and $load = sys_getloadavg()
|
||||||
|
and is_array($load)
|
||||||
|
and $load = array_shift($load))
|
||||||
|
or
|
||||||
|
(@is_readable('/proc/loadavg')
|
||||||
|
and $load = file_get_contents('/proc/loadavg')
|
||||||
|
and $load = floatval($load))
|
||||||
|
)
|
||||||
|
and $load > _ECRAN_SECURITE_LOAD // eviter l'evaluation suivante si de toute facon le load est inferieur a la limite
|
||||||
|
and rand(0, (int) ($load * $load)) > _ECRAN_SECURITE_LOAD * _ECRAN_SECURITE_LOAD
|
||||||
|
) {
|
||||||
|
//https://webmasters.stackexchange.com/questions/65674/should-i-return-a-429-or-503-status-code-to-a-bot
|
||||||
|
header("HTTP/1.0 429 Too Many Requests");
|
||||||
|
header("Retry-After: 300");
|
||||||
|
header("Expires: Wed, 11 Jan 1984 05:00:00 GMT");
|
||||||
|
header("Cache-Control: no-cache, must-revalidate");
|
||||||
|
header("Pragma: no-cache");
|
||||||
|
header("Content-Type: text/html");
|
||||||
|
header("Connection: close");
|
||||||
|
die("<html><title>Status 429: Too Many Requests</title><body><h1>Status 429</h1><p>Too Many Requests (try again soon)</p></body></html>");
|
||||||
|
}
|
4
conf/extra_php-fpm.conf
Normal file
4
conf/extra_php-fpm.conf
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
; Additional php.ini defines, specific to this pool of workers.
|
||||||
|
|
||||||
|
php_admin_value[upload_max_filesize] = 50M
|
||||||
|
php_admin_value[post_max_size] = 50M
|
|
@ -2,11 +2,11 @@
|
||||||
location __PATH__/ {
|
location __PATH__/ {
|
||||||
|
|
||||||
# Path to source
|
# Path to source
|
||||||
alias __FINALPATH__/;
|
alias __INSTALL_DIR__/;
|
||||||
|
|
||||||
index index.php;
|
index index.php;
|
||||||
|
|
||||||
client_max_body_size 30M;
|
client_max_body_size 50M;
|
||||||
|
|
||||||
try_files $uri $uri/ index.php;
|
try_files $uri $uri/ index.php;
|
||||||
|
|
||||||
|
|
|
@ -1,430 +0,0 @@
|
||||||
; Start a new pool named 'www'.
|
|
||||||
; the variable $pool can be used in any directive and will be replaced by the
|
|
||||||
; pool name ('www' here)
|
|
||||||
[__NAMETOCHANGE__]
|
|
||||||
|
|
||||||
; Per pool prefix
|
|
||||||
; It only applies on the following directives:
|
|
||||||
; - 'access.log'
|
|
||||||
; - 'slowlog'
|
|
||||||
; - 'listen' (unixsocket)
|
|
||||||
; - 'chroot'
|
|
||||||
; - 'chdir'
|
|
||||||
; - 'php_values'
|
|
||||||
; - 'php_admin_values'
|
|
||||||
; When not set, the global prefix (or /usr) applies instead.
|
|
||||||
; Note: This directive can also be relative to the global prefix.
|
|
||||||
; Default Value: none
|
|
||||||
;prefix = /path/to/pools/$pool
|
|
||||||
|
|
||||||
; Unix user/group of processes
|
|
||||||
; Note: The user is mandatory. If the group is not set, the default user's group
|
|
||||||
; will be used.
|
|
||||||
user = __USER__
|
|
||||||
group = __USER__
|
|
||||||
|
|
||||||
; The address on which to accept FastCGI requests.
|
|
||||||
; Valid syntaxes are:
|
|
||||||
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
|
|
||||||
; a specific port;
|
|
||||||
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
|
|
||||||
; a specific port;
|
|
||||||
; 'port' - to listen on a TCP socket to all addresses
|
|
||||||
; (IPv6 and IPv4-mapped) on a specific port;
|
|
||||||
; '/path/to/unix/socket' - to listen on a unix socket.
|
|
||||||
; Note: This value is mandatory.
|
|
||||||
listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock
|
|
||||||
|
|
||||||
; Set listen(2) backlog.
|
|
||||||
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
|
|
||||||
;listen.backlog = 511
|
|
||||||
|
|
||||||
; Set permissions for unix socket, if one is used. In Linux, read/write
|
|
||||||
; permissions must be set in order to allow connections from a web server. Many
|
|
||||||
; BSD-derived systems allow connections regardless of permissions.
|
|
||||||
; Default Values: user and group are set as the running user
|
|
||||||
; mode is set to 0660
|
|
||||||
listen.owner = www-data
|
|
||||||
listen.group = www-data
|
|
||||||
;listen.mode = 0660
|
|
||||||
; When POSIX Access Control Lists are supported you can set them using
|
|
||||||
; these options, value is a comma separated list of user/group names.
|
|
||||||
; When set, listen.owner and listen.group are ignored
|
|
||||||
;listen.acl_users =
|
|
||||||
;listen.acl_groups =
|
|
||||||
|
|
||||||
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
|
|
||||||
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
|
|
||||||
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
|
|
||||||
; must be separated by a comma. If this value is left blank, connections will be
|
|
||||||
; accepted from any ip address.
|
|
||||||
; Default Value: any
|
|
||||||
;listen.allowed_clients = 127.0.0.1
|
|
||||||
|
|
||||||
; Specify the nice(2) priority to apply to the pool processes (only if set)
|
|
||||||
; The value can vary from -19 (highest priority) to 20 (lower priority)
|
|
||||||
; Note: - It will only work if the FPM master process is launched as root
|
|
||||||
; - The pool processes will inherit the master process priority
|
|
||||||
; unless it specified otherwise
|
|
||||||
; Default Value: no set
|
|
||||||
; process.priority = -19
|
|
||||||
|
|
||||||
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
|
|
||||||
; or group is differrent than the master process user. It allows to create process
|
|
||||||
; core dump and ptrace the process for the pool user.
|
|
||||||
; Default Value: no
|
|
||||||
; process.dumpable = yes
|
|
||||||
|
|
||||||
; Choose how the process manager will control the number of child processes.
|
|
||||||
; Possible Values:
|
|
||||||
; static - a fixed number (pm.max_children) of child processes;
|
|
||||||
; dynamic - the number of child processes are set dynamically based on the
|
|
||||||
; following directives. With this process management, there will be
|
|
||||||
; always at least 1 children.
|
|
||||||
; pm.max_children - the maximum number of children that can
|
|
||||||
; be alive at the same time.
|
|
||||||
; pm.start_servers - the number of children created on startup.
|
|
||||||
; pm.min_spare_servers - the minimum number of children in 'idle'
|
|
||||||
; state (waiting to process). If the number
|
|
||||||
; of 'idle' processes is less than this
|
|
||||||
; number then some children will be created.
|
|
||||||
; pm.max_spare_servers - the maximum number of children in 'idle'
|
|
||||||
; state (waiting to process). If the number
|
|
||||||
; of 'idle' processes is greater than this
|
|
||||||
; number then some children will be killed.
|
|
||||||
; ondemand - no children are created at startup. Children will be forked when
|
|
||||||
; new requests will connect. The following parameter are used:
|
|
||||||
; pm.max_children - the maximum number of children that
|
|
||||||
; can be alive at the same time.
|
|
||||||
; pm.process_idle_timeout - The number of seconds after which
|
|
||||||
; an idle process will be killed.
|
|
||||||
; Note: This value is mandatory.
|
|
||||||
pm = dynamic
|
|
||||||
|
|
||||||
; The number of child processes to be created when pm is set to 'static' and the
|
|
||||||
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
|
|
||||||
; This value sets the limit on the number of simultaneous requests that will be
|
|
||||||
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
|
|
||||||
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
|
|
||||||
; CGI. The below defaults are based on a server without much resources. Don't
|
|
||||||
; forget to tweak pm.* to fit your needs.
|
|
||||||
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
|
|
||||||
; Note: This value is mandatory.
|
|
||||||
pm.max_children = 5
|
|
||||||
|
|
||||||
; The number of child processes created on startup.
|
|
||||||
; Note: Used only when pm is set to 'dynamic'
|
|
||||||
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
|
|
||||||
pm.start_servers = 2
|
|
||||||
|
|
||||||
; The desired minimum number of idle server processes.
|
|
||||||
; Note: Used only when pm is set to 'dynamic'
|
|
||||||
; Note: Mandatory when pm is set to 'dynamic'
|
|
||||||
pm.min_spare_servers = 1
|
|
||||||
|
|
||||||
; The desired maximum number of idle server processes.
|
|
||||||
; Note: Used only when pm is set to 'dynamic'
|
|
||||||
; Note: Mandatory when pm is set to 'dynamic'
|
|
||||||
pm.max_spare_servers = 3
|
|
||||||
|
|
||||||
; The number of seconds after which an idle process will be killed.
|
|
||||||
; Note: Used only when pm is set to 'ondemand'
|
|
||||||
; Default Value: 10s
|
|
||||||
;pm.process_idle_timeout = 10s;
|
|
||||||
|
|
||||||
; The number of requests each child process should execute before respawning.
|
|
||||||
; This can be useful to work around memory leaks in 3rd party libraries. For
|
|
||||||
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
|
|
||||||
; Default Value: 0
|
|
||||||
;pm.max_requests = 500
|
|
||||||
|
|
||||||
; The URI to view the FPM status page. If this value is not set, no URI will be
|
|
||||||
; recognized as a status page. It shows the following informations:
|
|
||||||
; pool - the name of the pool;
|
|
||||||
; process manager - static, dynamic or ondemand;
|
|
||||||
; start time - the date and time FPM has started;
|
|
||||||
; start since - number of seconds since FPM has started;
|
|
||||||
; accepted conn - the number of request accepted by the pool;
|
|
||||||
; listen queue - the number of request in the queue of pending
|
|
||||||
; connections (see backlog in listen(2));
|
|
||||||
; max listen queue - the maximum number of requests in the queue
|
|
||||||
; of pending connections since FPM has started;
|
|
||||||
; listen queue len - the size of the socket queue of pending connections;
|
|
||||||
; idle processes - the number of idle processes;
|
|
||||||
; active processes - the number of active processes;
|
|
||||||
; total processes - the number of idle + active processes;
|
|
||||||
; max active processes - the maximum number of active processes since FPM
|
|
||||||
; has started;
|
|
||||||
; max children reached - number of times, the process limit has been reached,
|
|
||||||
; when pm tries to start more children (works only for
|
|
||||||
; pm 'dynamic' and 'ondemand');
|
|
||||||
; Value are updated in real time.
|
|
||||||
; Example output:
|
|
||||||
; pool: www
|
|
||||||
; process manager: static
|
|
||||||
; start time: 01/Jul/2011:17:53:49 +0200
|
|
||||||
; start since: 62636
|
|
||||||
; accepted conn: 190460
|
|
||||||
; listen queue: 0
|
|
||||||
; max listen queue: 1
|
|
||||||
; listen queue len: 42
|
|
||||||
; idle processes: 4
|
|
||||||
; active processes: 11
|
|
||||||
; total processes: 15
|
|
||||||
; max active processes: 12
|
|
||||||
; max children reached: 0
|
|
||||||
;
|
|
||||||
; By default the status page output is formatted as text/plain. Passing either
|
|
||||||
; 'html', 'xml' or 'json' in the query string will return the corresponding
|
|
||||||
; output syntax. Example:
|
|
||||||
; http://www.foo.bar/status
|
|
||||||
; http://www.foo.bar/status?json
|
|
||||||
; http://www.foo.bar/status?html
|
|
||||||
; http://www.foo.bar/status?xml
|
|
||||||
;
|
|
||||||
; By default the status page only outputs short status. Passing 'full' in the
|
|
||||||
; query string will also return status for each pool process.
|
|
||||||
; Example:
|
|
||||||
; http://www.foo.bar/status?full
|
|
||||||
; http://www.foo.bar/status?json&full
|
|
||||||
; http://www.foo.bar/status?html&full
|
|
||||||
; http://www.foo.bar/status?xml&full
|
|
||||||
; The Full status returns for each process:
|
|
||||||
; pid - the PID of the process;
|
|
||||||
; state - the state of the process (Idle, Running, ...);
|
|
||||||
; start time - the date and time the process has started;
|
|
||||||
; start since - the number of seconds since the process has started;
|
|
||||||
; requests - the number of requests the process has served;
|
|
||||||
; request duration - the duration in µs of the requests;
|
|
||||||
; request method - the request method (GET, POST, ...);
|
|
||||||
; request URI - the request URI with the query string;
|
|
||||||
; content length - the content length of the request (only with POST);
|
|
||||||
; user - the user (PHP_AUTH_USER) (or '-' if not set);
|
|
||||||
; script - the main script called (or '-' if not set);
|
|
||||||
; last request cpu - the %cpu the last request consumed
|
|
||||||
; it's always 0 if the process is not in Idle state
|
|
||||||
; because CPU calculation is done when the request
|
|
||||||
; processing has terminated;
|
|
||||||
; last request memory - the max amount of memory the last request consumed
|
|
||||||
; it's always 0 if the process is not in Idle state
|
|
||||||
; because memory calculation is done when the request
|
|
||||||
; processing has terminated;
|
|
||||||
; If the process is in Idle state, then informations are related to the
|
|
||||||
; last request the process has served. Otherwise informations are related to
|
|
||||||
; the current request being served.
|
|
||||||
; Example output:
|
|
||||||
; ************************
|
|
||||||
; pid: 31330
|
|
||||||
; state: Running
|
|
||||||
; start time: 01/Jul/2011:17:53:49 +0200
|
|
||||||
; start since: 63087
|
|
||||||
; requests: 12808
|
|
||||||
; request duration: 1250261
|
|
||||||
; request method: GET
|
|
||||||
; request URI: /test_mem.php?N=10000
|
|
||||||
; content length: 0
|
|
||||||
; user: -
|
|
||||||
; script: /home/fat/web/docs/php/test_mem.php
|
|
||||||
; last request cpu: 0.00
|
|
||||||
; last request memory: 0
|
|
||||||
;
|
|
||||||
; Note: There is a real-time FPM status monitoring sample web page available
|
|
||||||
; It's available in: /usr/share/php/7.0/fpm/status.html
|
|
||||||
;
|
|
||||||
; Note: The value must start with a leading slash (/). The value can be
|
|
||||||
; anything, but it may not be a good idea to use the .php extension or it
|
|
||||||
; may conflict with a real PHP file.
|
|
||||||
; Default Value: not set
|
|
||||||
;pm.status_path = /status
|
|
||||||
|
|
||||||
; The ping URI to call the monitoring page of FPM. If this value is not set, no
|
|
||||||
; URI will be recognized as a ping page. This could be used to test from outside
|
|
||||||
; that FPM is alive and responding, or to
|
|
||||||
; - create a graph of FPM availability (rrd or such);
|
|
||||||
; - remove a server from a group if it is not responding (load balancing);
|
|
||||||
; - trigger alerts for the operating team (24/7).
|
|
||||||
; Note: The value must start with a leading slash (/). The value can be
|
|
||||||
; anything, but it may not be a good idea to use the .php extension or it
|
|
||||||
; may conflict with a real PHP file.
|
|
||||||
; Default Value: not set
|
|
||||||
;ping.path = /ping
|
|
||||||
|
|
||||||
; This directive may be used to customize the response of a ping request. The
|
|
||||||
; response is formatted as text/plain with a 200 response code.
|
|
||||||
; Default Value: pong
|
|
||||||
;ping.response = pong
|
|
||||||
|
|
||||||
; The access log file
|
|
||||||
; Default: not set
|
|
||||||
;access.log = log/$pool.access.log
|
|
||||||
|
|
||||||
; The access log format.
|
|
||||||
; The following syntax is allowed
|
|
||||||
; %%: the '%' character
|
|
||||||
; %C: %CPU used by the request
|
|
||||||
; it can accept the following format:
|
|
||||||
; - %{user}C for user CPU only
|
|
||||||
; - %{system}C for system CPU only
|
|
||||||
; - %{total}C for user + system CPU (default)
|
|
||||||
; %d: time taken to serve the request
|
|
||||||
; it can accept the following format:
|
|
||||||
; - %{seconds}d (default)
|
|
||||||
; - %{miliseconds}d
|
|
||||||
; - %{mili}d
|
|
||||||
; - %{microseconds}d
|
|
||||||
; - %{micro}d
|
|
||||||
; %e: an environment variable (same as $_ENV or $_SERVER)
|
|
||||||
; it must be associated with embraces to specify the name of the env
|
|
||||||
; variable. Some exemples:
|
|
||||||
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
|
|
||||||
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
|
|
||||||
; %f: script filename
|
|
||||||
; %l: content-length of the request (for POST request only)
|
|
||||||
; %m: request method
|
|
||||||
; %M: peak of memory allocated by PHP
|
|
||||||
; it can accept the following format:
|
|
||||||
; - %{bytes}M (default)
|
|
||||||
; - %{kilobytes}M
|
|
||||||
; - %{kilo}M
|
|
||||||
; - %{megabytes}M
|
|
||||||
; - %{mega}M
|
|
||||||
; %n: pool name
|
|
||||||
; %o: output header
|
|
||||||
; it must be associated with embraces to specify the name of the header:
|
|
||||||
; - %{Content-Type}o
|
|
||||||
; - %{X-Powered-By}o
|
|
||||||
; - %{Transfert-Encoding}o
|
|
||||||
; - ....
|
|
||||||
; %p: PID of the child that serviced the request
|
|
||||||
; %P: PID of the parent of the child that serviced the request
|
|
||||||
; %q: the query string
|
|
||||||
; %Q: the '?' character if query string exists
|
|
||||||
; %r: the request URI (without the query string, see %q and %Q)
|
|
||||||
; %R: remote IP address
|
|
||||||
; %s: status (response code)
|
|
||||||
; %t: server time the request was received
|
|
||||||
; it can accept a strftime(3) format:
|
|
||||||
; %d/%b/%Y:%H:%M:%S %z (default)
|
|
||||||
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
|
|
||||||
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
|
|
||||||
; %T: time the log has been written (the request has finished)
|
|
||||||
; it can accept a strftime(3) format:
|
|
||||||
; %d/%b/%Y:%H:%M:%S %z (default)
|
|
||||||
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
|
|
||||||
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
|
|
||||||
; %u: remote user
|
|
||||||
;
|
|
||||||
; Default: "%R - %u %t \"%m %r\" %s"
|
|
||||||
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
|
|
||||||
|
|
||||||
; The log file for slow requests
|
|
||||||
; Default Value: not set
|
|
||||||
; Note: slowlog is mandatory if request_slowlog_timeout is set
|
|
||||||
;slowlog = log/$pool.log.slow
|
|
||||||
|
|
||||||
; The timeout for serving a single request after which a PHP backtrace will be
|
|
||||||
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
|
|
||||||
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
|
|
||||||
; Default Value: 0
|
|
||||||
;request_slowlog_timeout = 0
|
|
||||||
|
|
||||||
; The timeout for serving a single request after which the worker process will
|
|
||||||
; be killed. This option should be used when the 'max_execution_time' ini option
|
|
||||||
; does not stop script execution for some reason. A value of '0' means 'off'.
|
|
||||||
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
|
|
||||||
; Default Value: 0
|
|
||||||
request_terminate_timeout = 1d
|
|
||||||
|
|
||||||
; Set open file descriptor rlimit.
|
|
||||||
; Default Value: system defined value
|
|
||||||
;rlimit_files = 1024
|
|
||||||
|
|
||||||
; Set max core size rlimit.
|
|
||||||
; Possible Values: 'unlimited' or an integer greater or equal to 0
|
|
||||||
; Default Value: system defined value
|
|
||||||
;rlimit_core = 0
|
|
||||||
|
|
||||||
; Chroot to this directory at the start. This value must be defined as an
|
|
||||||
; absolute path. When this value is not set, chroot is not used.
|
|
||||||
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
|
|
||||||
; of its subdirectories. If the pool prefix is not set, the global prefix
|
|
||||||
; will be used instead.
|
|
||||||
; Note: chrooting is a great security feature and should be used whenever
|
|
||||||
; possible. However, all PHP paths will be relative to the chroot
|
|
||||||
; (error_log, sessions.save_path, ...).
|
|
||||||
; Default Value: not set
|
|
||||||
;chroot =
|
|
||||||
|
|
||||||
; Chdir to this directory at the start.
|
|
||||||
; Note: relative path can be used.
|
|
||||||
; Default Value: current directory or / when chroot
|
|
||||||
chdir = __FINALPATH__
|
|
||||||
|
|
||||||
; Redirect worker stdout and stderr into main error log. If not set, stdout and
|
|
||||||
; stderr will be redirected to /dev/null according to FastCGI specs.
|
|
||||||
; Note: on highloaded environement, this can cause some delay in the page
|
|
||||||
; process time (several ms).
|
|
||||||
; Default Value: no
|
|
||||||
;catch_workers_output = yes
|
|
||||||
|
|
||||||
; Clear environment in FPM workers
|
|
||||||
; Prevents arbitrary environment variables from reaching FPM worker processes
|
|
||||||
; by clearing the environment in workers before env vars specified in this
|
|
||||||
; pool configuration are added.
|
|
||||||
; Setting to "no" will make all environment variables available to PHP code
|
|
||||||
; via getenv(), $_ENV and $_SERVER.
|
|
||||||
; Default Value: yes
|
|
||||||
;clear_env = no
|
|
||||||
|
|
||||||
; Limits the extensions of the main script FPM will allow to parse. This can
|
|
||||||
; prevent configuration mistakes on the web server side. You should only limit
|
|
||||||
; FPM to .php extensions to prevent malicious users to use other extensions to
|
|
||||||
; execute php code.
|
|
||||||
; Note: set an empty value to allow all extensions.
|
|
||||||
; Default Value: .php
|
|
||||||
;security.limit_extensions = .php .php3 .php4 .php5 .php7
|
|
||||||
|
|
||||||
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
|
|
||||||
; the current environment.
|
|
||||||
; Default Value: clean env
|
|
||||||
;env[HOSTNAME] = $HOSTNAME
|
|
||||||
;env[PATH] = /usr/local/bin:/usr/bin:/bin
|
|
||||||
;env[TMP] = /tmp
|
|
||||||
;env[TMPDIR] = /tmp
|
|
||||||
;env[TEMP] = /tmp
|
|
||||||
|
|
||||||
; Additional php.ini defines, specific to this pool of workers. These settings
|
|
||||||
; overwrite the values previously defined in the php.ini. The directives are the
|
|
||||||
; same as the PHP SAPI:
|
|
||||||
; php_value/php_flag - you can set classic ini defines which can
|
|
||||||
; be overwritten from PHP call 'ini_set'.
|
|
||||||
; php_admin_value/php_admin_flag - these directives won't be overwritten by
|
|
||||||
; PHP call 'ini_set'
|
|
||||||
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
|
|
||||||
|
|
||||||
; Defining 'extension' will load the corresponding shared extension from
|
|
||||||
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
|
|
||||||
; overwrite previously defined php.ini values, but will append the new value
|
|
||||||
; instead.
|
|
||||||
|
|
||||||
; Note: path INI options can be relative and will be expanded with the prefix
|
|
||||||
; (pool, global or /usr)
|
|
||||||
|
|
||||||
; Default Value: nothing is defined by default except the values in php.ini and
|
|
||||||
; specified at startup with the -d argument
|
|
||||||
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
|
|
||||||
;php_flag[display_errors] = off
|
|
||||||
;php_admin_value[error_log] = /var/log/fpm-php.www.log
|
|
||||||
;php_admin_flag[log_errors] = on
|
|
||||||
;php_admin_value[memory_limit] = 32M
|
|
||||||
|
|
||||||
; Common values to change to increase file upload limit
|
|
||||||
php_admin_value[upload_max_filesize] = 30M
|
|
||||||
php_admin_value[post_max_size] = 30M
|
|
||||||
; php_admin_flag[mail.add_x_header] = Off
|
|
||||||
|
|
||||||
; Other common parameters
|
|
||||||
; php_admin_value[max_execution_time] = 600
|
|
||||||
; php_admin_value[max_input_time] = 300
|
|
||||||
; php_admin_value[memory_limit] = 256M
|
|
||||||
; php_admin_flag[short_open_tag] = On
|
|
|
@ -1,10 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Final path
|
|
||||||
/var/www/$app
|
|
||||||
|
|
||||||
# Nginx config
|
|
||||||
/etc/nginx/conf.d/$domain.d/$app.conf
|
|
||||||
|
|
||||||
# php-fpm config
|
|
||||||
/etc/php/7.0/fpm/pool.d/$app.conf
|
|
|
@ -1,38 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Ending the migration process from Spip2 to Spip
|
|
||||||
|
|
||||||
set -u
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# IMPORT GENERIC HELPERS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
source /usr/share/yunohost/helpers
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SET VARIABLES
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
old_app="__OLD_APP__"
|
|
||||||
new_app="__NEW_APP__"
|
|
||||||
script_name="$0"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# DELETE OLD APP'S SETTINGS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
ynh_secure_remove "/etc/yunohost/apps/$old_app"
|
|
||||||
yunohost app ssowatconf
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE THE OLD USER
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
ynh_system_user_delete $old_app
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# DELETE THIS SCRIPT
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
echo "rm $script_name" | at now + 1 minutes
|
|
1
doc/DESCRIPTION.md
Normal file
1
doc/DESCRIPTION.md
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CMS with a focus on collaborative edition and multilingualism
|
|
@ -1,32 +0,0 @@
|
||||||
## Configuration
|
|
||||||
|
|
||||||
How to configure this app: by an admin panel.
|
|
||||||
|
|
||||||
#### Multi-users support
|
|
||||||
|
|
||||||
* Are LDAP and HTTP auth supported? **Yes**
|
|
||||||
* Can the app be used by multiple users? **Yes**
|
|
||||||
|
|
||||||
## Migrate from SPIP2
|
|
||||||
|
|
||||||
**This is not considered as stable yet, please do it with care and only for testing!**
|
|
||||||
|
|
||||||
This package handle the migration from SPIP2 to SPIP. For that, your
|
|
||||||
SPIP2 application must be **up-to-date** in YunoHost. To ensure that, execute:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/spip2_ynh spip2 --debug
|
|
||||||
```
|
|
||||||
|
|
||||||
You will then have to upgrade your SPIP2 application with this repository.
|
|
||||||
This can only be done from the command-line interface - e.g. through SSH. Once you're connected, you simply have to execute the following:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/spip_ynh spip2 --debug
|
|
||||||
```
|
|
||||||
|
|
||||||
The `--debug` option will let you see the full output. If you encounter any issue, please paste it.
|
|
||||||
|
|
||||||
Note that a cron job will be executed at some time after the end of this
|
|
||||||
command. You must wait that before doing any other application operations!
|
|
||||||
You should see that SPIP is installed after that.
|
|
|
@ -1,29 +0,0 @@
|
||||||
## Configuration
|
|
||||||
|
|
||||||
Comment configurer cette application: via le panneau d'administration.
|
|
||||||
|
|
||||||
#### Support multi-utilisateurs
|
|
||||||
|
|
||||||
* L'authentification LDAP et HTTP est-elle prise en charge? **Oui**
|
|
||||||
* L'application peut-elle être utilisée par plusieurs utilisateurs? **Oui**
|
|
||||||
|
|
||||||
## Migration depuis SPIP2
|
|
||||||
|
|
||||||
**Ceci n'est pas encore considéré comme stable, veuillez le faire avec soin et uniquement pour test!**
|
|
||||||
|
|
||||||
Ce paquet gère la migration de SPIP2 vers SPIP. Pour cela, votre application SPIP2 doit être **à jour** dans YunoHost. Pour s'en assurer :
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/spip2_ynh spip2 --debug
|
|
||||||
```
|
|
||||||
|
|
||||||
Vous devrez ensuite mettre à jour votre application SPIP2 avec ce dépôt.
|
|
||||||
Cela ne peut se faire qu'à partir de l'interface en ligne de commande - par exemple via SSH. Une fois connecté, il vous suffit d'exécuter ce qui suit :
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/spip_ynh spip2 --debug
|
|
||||||
```
|
|
||||||
|
|
||||||
L'option `--debug` vous permettra de voir la sortie complète. Si vous rencontrez un problème, veuillez ouvrir une issue.
|
|
||||||
|
|
||||||
Notez qu'une tâche cron sera exécutée après la fin de cette commande. Vous devez attendre cela avant de faire toute autre opération d'application ! Vous devriez voir que SPIP est installé après cela.
|
|
|
@ -1,73 +0,0 @@
|
||||||
{
|
|
||||||
"name": "SPIP",
|
|
||||||
"id": "spip",
|
|
||||||
"packaging_format": 1,
|
|
||||||
"description": {
|
|
||||||
"en": "CMS with a focus on collaborative edition and multilingualism",
|
|
||||||
"fr": "CMS conçu pour l'édition collaborative et le multilinguisme"
|
|
||||||
},
|
|
||||||
"version": "4.2.2~ynh1",
|
|
||||||
"url": "http://www.spip.net/",
|
|
||||||
"upstream": {
|
|
||||||
"license": "GPL-3.0-or-later",
|
|
||||||
"website": "http://www.spip.net/",
|
|
||||||
"demo": "https://demo.spip.net/",
|
|
||||||
"admindoc": "https://www.spip.net/en_rubrique209.html",
|
|
||||||
"userdoc": "https://www.spip.net/en_rubrique57.html",
|
|
||||||
"code": "https://git.spip.net/spip/spip"
|
|
||||||
},
|
|
||||||
"license": "GPL-3.0-or-later",
|
|
||||||
"maintainer": {
|
|
||||||
"name": "cyp",
|
|
||||||
"email": "cyp@rouquin.me"
|
|
||||||
},
|
|
||||||
"requirements": {
|
|
||||||
"yunohost": ">= 4.3.2"
|
|
||||||
},
|
|
||||||
"multi_instance": true,
|
|
||||||
"services": [
|
|
||||||
"nginx",
|
|
||||||
"mysql"
|
|
||||||
],
|
|
||||||
"arguments": {
|
|
||||||
"install": [
|
|
||||||
{
|
|
||||||
"name": "domain",
|
|
||||||
"type": "domain"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "path",
|
|
||||||
"type": "path",
|
|
||||||
"example": "/spip",
|
|
||||||
"default": "/spip"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "is_public",
|
|
||||||
"type": "boolean",
|
|
||||||
"default": true
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "admin",
|
|
||||||
"type": "user"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "password",
|
|
||||||
"type": "password"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "users_status",
|
|
||||||
"type": "string",
|
|
||||||
"ask": {
|
|
||||||
"en": "Choose the status of YunoHost users",
|
|
||||||
"fr": "Choisissez le status des utilisateurs de YunoHost"
|
|
||||||
},
|
|
||||||
"choices": [
|
|
||||||
"Administrator",
|
|
||||||
"Editor",
|
|
||||||
"Visitor"
|
|
||||||
],
|
|
||||||
"default": "Editor"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
74
manifest.toml
Normal file
74
manifest.toml
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
packaging_format = 2
|
||||||
|
|
||||||
|
id = "spip"
|
||||||
|
name = "SPIP"
|
||||||
|
description.en = "CMS with a focus on collaborative edition and multilingualism"
|
||||||
|
description.fr = "CMS conçu pour l'édition collaborative et le multilinguisme"
|
||||||
|
|
||||||
|
version = "4.2.2~ynh1"
|
||||||
|
|
||||||
|
maintainers = ["cyp"]
|
||||||
|
|
||||||
|
[upstream]
|
||||||
|
license = "GPL-3.0-or-later"
|
||||||
|
website = "http://www.spip.net/"
|
||||||
|
demo = "https://demo.spip.net/"
|
||||||
|
admindoc = "https://www.spip.net/en_rubrique209.html"
|
||||||
|
userdoc = "https://www.spip.net/en_rubrique57.html"
|
||||||
|
code = "https://git.spip.net/spip/spip"
|
||||||
|
|
||||||
|
[integration]
|
||||||
|
yunohost = ">= 11.1.19"
|
||||||
|
architectures = "all"
|
||||||
|
multi_instance = true
|
||||||
|
ldap = false
|
||||||
|
sso = true
|
||||||
|
disk = "50M"
|
||||||
|
ram.build = "50M"
|
||||||
|
ram.runtime = "50M"
|
||||||
|
|
||||||
|
[install]
|
||||||
|
[install.domain]
|
||||||
|
type = "domain"
|
||||||
|
|
||||||
|
[install.path]
|
||||||
|
type = "path"
|
||||||
|
default = "/spip"
|
||||||
|
|
||||||
|
[install.init_main_permission]
|
||||||
|
type = "group"
|
||||||
|
default = "visitors"
|
||||||
|
|
||||||
|
[install.admin]
|
||||||
|
type = "user"
|
||||||
|
|
||||||
|
[install.password]
|
||||||
|
type = "password"
|
||||||
|
|
||||||
|
[install.users_status]
|
||||||
|
ask.en = "Choose the status of YunoHost users"
|
||||||
|
ask.fr = "Choisissez le status des utilisateurs de YunoHost"
|
||||||
|
type = "string"
|
||||||
|
choices = ["Administrator", "Editor", "Visitor"]
|
||||||
|
default = "Editor"
|
||||||
|
|
||||||
|
[resources]
|
||||||
|
[resources.sources.main]
|
||||||
|
url = "https://files.spip.net/spip/archives/spip-v4.2.2.zip"
|
||||||
|
sha256 = "47ab43b1ac8014b70e60867ecd9474a2afeaff471852eab0f41b94cb077d18d1"
|
||||||
|
in_subdir = false
|
||||||
|
|
||||||
|
|
||||||
|
[resources.system_user]
|
||||||
|
|
||||||
|
[resources.install_dir]
|
||||||
|
|
||||||
|
[resources.permissions]
|
||||||
|
main.url = "/"
|
||||||
|
|
||||||
|
[resources.apt]
|
||||||
|
packages = "mariadb-server libsodium23 php8.2-curl php8.2-xml php8.2-gd php8.2-mysqli php8.2-zip"
|
||||||
|
|
||||||
|
|
||||||
|
[resources.database]
|
||||||
|
type = "mysql"
|
|
@ -4,10 +4,6 @@
|
||||||
# COMMON VARIABLES
|
# COMMON VARIABLES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
YNH_PHP_VERSION="7.4"
|
|
||||||
|
|
||||||
pkg_dependencies="libsodium23 php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-mysqli php${YNH_PHP_VERSION}-zip"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# EXPERIMENTAL HELPERS
|
# EXPERIMENTAL HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -35,7 +31,7 @@ ynh_send_readme_to_admin() {
|
||||||
type="${type:-install}"
|
type="${type:-install}"
|
||||||
|
|
||||||
# Get the value of admin_mail_html
|
# Get the value of admin_mail_html
|
||||||
admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
|
#REMOVEME? admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
|
||||||
admin_mail_html="${admin_mail_html:-0}"
|
admin_mail_html="${admin_mail_html:-0}"
|
||||||
|
|
||||||
# Retrieve the email of users
|
# Retrieve the email of users
|
||||||
|
@ -173,7 +169,7 @@ __PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/service
|
||||||
# If you don't have a $pkg_dependencies variable, the helper can't know what the app dependencies are.
|
# If you don't have a $pkg_dependencies variable, the helper can't know what the app dependencies are.
|
||||||
#
|
#
|
||||||
# The app settings.yml will be modified as follows:
|
# The app settings.yml will be modified as follows:
|
||||||
# - finalpath will be changed according to the new name (but only if the existing $final_path contains the old app name)
|
# - finalpath will be changed according to the new name (but only if the existing $install_dir contains the old app name)
|
||||||
# - The checksums of php-fpm and nginx config files will be updated too.
|
# - The checksums of php-fpm and nginx config files will be updated too.
|
||||||
# - If there is a $db_name value, it will be changed.
|
# - If there is a $db_name value, it will be changed.
|
||||||
# - And, of course, the ID will be changed to the new name too.
|
# - And, of course, the ID will be changed to the new name too.
|
||||||
|
@ -196,7 +192,7 @@ ynh_handle_app_migration () {
|
||||||
# LOAD SETTINGS
|
# LOAD SETTINGS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
old_app=$YNH_APP_INSTANCE_NAME
|
#REMOVEME? old_app=$YNH_APP_INSTANCE_NAME
|
||||||
local old_app_id=$YNH_APP_ID
|
local old_app_id=$YNH_APP_ID
|
||||||
local old_app_number=$YNH_APP_INSTANCE_NUMBER
|
local old_app_number=$YNH_APP_INSTANCE_NUMBER
|
||||||
|
|
||||||
|
@ -281,7 +277,7 @@ ynh_handle_app_migration () {
|
||||||
# https://github.com/YunoHost/yunohost/blob/c6b5284be8da39cf2da4e1036a730eb5e0515096/src/yunohost/app.py#L1316-L1321
|
# https://github.com/YunoHost/yunohost/blob/c6b5284be8da39cf2da4e1036a730eb5e0515096/src/yunohost/app.py#L1316-L1321
|
||||||
|
|
||||||
# Change the label if it's simply the name of the app
|
# Change the label if it's simply the name of the app
|
||||||
old_label=$(ynh_app_setting_get $new_app label)
|
#REMOVEME? old_label=$(ynh_app_setting_get $new_app label)
|
||||||
if [ "${old_label,,}" == "$old_app_id" ]
|
if [ "${old_label,,}" == "$old_app_id" ]
|
||||||
then
|
then
|
||||||
# Build the new label from the id of the app. With the first character as upper case
|
# Build the new label from the id of the app. With the first character as upper case
|
||||||
|
@ -312,15 +308,15 @@ ynh_handle_app_migration () {
|
||||||
# Replace php5-fpm checksums
|
# Replace php5-fpm checksums
|
||||||
ynh_replace_string "\(^checksum__etc_php5.*[-_]\)$old_app" "\1$new_app/" "$settings_dir/$new_app/settings.yml"
|
ynh_replace_string "\(^checksum__etc_php5.*[-_]\)$old_app" "\1$new_app/" "$settings_dir/$new_app/settings.yml"
|
||||||
|
|
||||||
# Replace final_path
|
# Replace install_dir
|
||||||
ynh_replace_string "\(^final_path: .*\)$old_app" "\1$new_app" "$settings_dir/$new_app/settings.yml"
|
ynh_replace_string "\(^install_dir: .*\)$old_app" "\1$new_app" "$settings_dir/$new_app/settings.yml"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# MOVE THE DATABASE
|
# MOVE THE DATABASE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
db_pwd=$(ynh_app_setting_get $old_app mysqlpwd)
|
#REMOVEME? db_pwd=$(ynh_app_setting_get $old_app mysqlpwd)
|
||||||
db_name=$(ynh_app_setting_get $old_app db_name)
|
#REMOVEME? db_name=$(ynh_app_setting_get $old_app db_name)
|
||||||
|
|
||||||
# Check if a database exists before trying to move it
|
# Check if a database exists before trying to move it
|
||||||
local mysql_root_password=$(cat $MYSQL_ROOT_PWD_FILE)
|
local mysql_root_password=$(cat $MYSQL_ROOT_PWD_FILE)
|
||||||
|
@ -335,18 +331,18 @@ ynh_handle_app_migration () {
|
||||||
ynh_mysql_dump_db "$db_name" > "$sql_dump"
|
ynh_mysql_dump_db "$db_name" > "$sql_dump"
|
||||||
|
|
||||||
# Create a new database
|
# Create a new database
|
||||||
ynh_mysql_setup_db $new_db_name $new_db_name $db_pwd
|
#REMOVEME? ynh_mysql_setup_db $new_db_name $new_db_name $db_pwd
|
||||||
# Then restore the old one into the new one
|
# Then restore the old one into the new one
|
||||||
ynh_mysql_connect_as $new_db_name $db_pwd $new_db_name < "$sql_dump"
|
ynh_mysql_connect_as $new_db_name $db_pwd $new_db_name < "$sql_dump"
|
||||||
|
|
||||||
# Remove the old database
|
# Remove the old database
|
||||||
ynh_mysql_remove_db $db_name $db_name
|
#REMOVEME? ynh_mysql_remove_db $db_name $db_name
|
||||||
# And the dump
|
# And the dump
|
||||||
ynh_secure_remove "$sql_dump"
|
ynh_secure_remove "$sql_dump"
|
||||||
|
|
||||||
# Update the value of $db_name
|
# Update the value of $db_name
|
||||||
db_name=$new_db_name
|
db_name=$new_db_name
|
||||||
ynh_app_setting_set $new_app db_name $db_name
|
#REMOVEME? ynh_app_setting_set $new_app db_name $db_name
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -357,7 +353,7 @@ ynh_handle_app_migration () {
|
||||||
if ynh_system_user_exists "$old_app"
|
if ynh_system_user_exists "$old_app"
|
||||||
then
|
then
|
||||||
echo "Create a new user $new_app to replace $old_app" >&2
|
echo "Create a new user $new_app to replace $old_app" >&2
|
||||||
ynh_system_user_create $new_app
|
#REMOVEME? ynh_system_user_create $new_app
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -376,10 +372,10 @@ ynh_handle_app_migration () {
|
||||||
then
|
then
|
||||||
# Install a new fake package
|
# Install a new fake package
|
||||||
app=$new_app
|
app=$new_app
|
||||||
ynh_install_app_dependencies $pkg_dependencies
|
#REMOVEME? ynh_install_app_dependencies $pkg_dependencies
|
||||||
# Then remove the old one
|
# Then remove the old one
|
||||||
app=$old_app
|
app=$old_app
|
||||||
ynh_remove_app_dependencies
|
#REMOVEME? ynh_remove_app_dependencies
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -10,28 +10,6 @@
|
||||||
source ../settings/scripts/_common.sh
|
source ../settings/scripts/_common.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# MANAGE SCRIPT FAILURE
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
ynh_clean_setup () {
|
|
||||||
true
|
|
||||||
}
|
|
||||||
# Exit if an error occurs during the execution of the script
|
|
||||||
ynh_abort_if_errors
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# LOAD SETTINGS
|
|
||||||
#=================================================
|
|
||||||
ynh_print_info --message="Loading installation settings..."
|
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|
||||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
|
||||||
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DECLARE DATA AND CONF FILES TO BACKUP
|
# DECLARE DATA AND CONF FILES TO BACKUP
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -41,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..."
|
||||||
# BACKUP THE APP MAIN DIR
|
# BACKUP THE APP MAIN DIR
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
ynh_backup --src_path="$final_path"
|
ynh_backup --src_path="$install_dir"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# BACKUP THE NGINX CONFIGURATION
|
# BACKUP THE NGINX CONFIGURATION
|
||||||
|
|
|
@ -9,59 +9,6 @@
|
||||||
source _common.sh
|
source _common.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# RETRIEVE ARGUMENTS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
old_domain=$YNH_APP_OLD_DOMAIN
|
|
||||||
old_path=$YNH_APP_OLD_PATH
|
|
||||||
|
|
||||||
new_domain=$YNH_APP_NEW_DOMAIN
|
|
||||||
new_path=$YNH_APP_NEW_PATH
|
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# LOAD SETTINGS
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Loading installation settings..."
|
|
||||||
|
|
||||||
# Needed for helper "ynh_add_nginx_config"
|
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..."
|
|
||||||
|
|
||||||
# Backup the current version of the app
|
|
||||||
ynh_backup_before_upgrade
|
|
||||||
ynh_clean_setup () {
|
|
||||||
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
|
|
||||||
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
|
|
||||||
|
|
||||||
# Restore it if the upgrade fails
|
|
||||||
ynh_restore_upgradebackup
|
|
||||||
}
|
|
||||||
# Exit if an error occurs during the execution of the script
|
|
||||||
ynh_abort_if_errors
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CHECK WHICH PARTS SHOULD BE CHANGED
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
change_domain=0
|
|
||||||
if [ "$old_domain" != "$new_domain" ]
|
|
||||||
then
|
|
||||||
change_domain=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
change_path=0
|
|
||||||
if [ "$old_path" != "$new_path" ]
|
|
||||||
then
|
|
||||||
change_path=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD MODIFICATIONS
|
# STANDARD MODIFICATIONS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -69,38 +16,7 @@ fi
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Updating NGINX web server configuration..."
|
ynh_script_progression --message="Updating NGINX web server configuration..."
|
||||||
|
|
||||||
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
|
ynh_change_url_nginx_config
|
||||||
|
|
||||||
# Change the path in the NGINX config file
|
|
||||||
if [ $change_path -eq 1 ]
|
|
||||||
then
|
|
||||||
# Make a backup of the original NGINX config file if modified
|
|
||||||
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
|
|
||||||
# Set global variables for NGINX helper
|
|
||||||
domain="$old_domain"
|
|
||||||
path_url="$new_path"
|
|
||||||
# Create a dedicated NGINX config
|
|
||||||
ynh_add_nginx_config
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Change the domain for NGINX
|
|
||||||
if [ $change_domain -eq 1 ]
|
|
||||||
then
|
|
||||||
# Delete file checksum for the old conf file location
|
|
||||||
ynh_delete_file_checksum --file="$nginx_conf_path"
|
|
||||||
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
|
|
||||||
# Store file checksum for the new config file location
|
|
||||||
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# GENERIC FINALISATION
|
|
||||||
#=================================================
|
|
||||||
# RELOAD NGINX
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Reloading NGINX web server..."
|
|
||||||
|
|
||||||
ynh_systemd_action --service_name=nginx --action=reload
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
|
|
121
scripts/install
121
scripts/install
|
@ -9,91 +9,23 @@
|
||||||
source _common.sh
|
source _common.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# MANAGE SCRIPT FAILURE
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
ynh_clean_setup () {
|
|
||||||
true
|
|
||||||
}
|
|
||||||
# Exit if an error occurs during the execution of the script
|
|
||||||
ynh_abort_if_errors
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
domain=$YNH_APP_ARG_DOMAIN
|
|
||||||
path_url=$YNH_APP_ARG_PATH
|
|
||||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
|
||||||
admin=$YNH_APP_ARG_ADMIN
|
|
||||||
password=$YNH_APP_ARG_PASSWORD
|
password=$YNH_APP_ARG_PASSWORD
|
||||||
users_status=$YNH_APP_ARG_USERS_STATUS
|
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Validating installation parameters..."
|
|
||||||
|
|
||||||
final_path=/var/www/$app
|
|
||||||
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
|
|
||||||
|
|
||||||
# Register (book) web path
|
|
||||||
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# STORE SETTINGS FROM MANIFEST
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Storing installation settings..."
|
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
|
||||||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
|
||||||
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
|
||||||
ynh_app_setting_set --app=$app --key=password --value=$password
|
ynh_app_setting_set --app=$app --key=password --value=$password
|
||||||
ynh_app_setting_set --app=$app --key=users_status --value=$users_status
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# STANDARD MODIFICATIONS
|
|
||||||
#=================================================
|
|
||||||
# INSTALL DEPENDENCIES
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Installing dependencies..."
|
|
||||||
|
|
||||||
ynh_install_app_dependencies $pkg_dependencies
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CREATE DEDICATED USER
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Configuring system user..."
|
|
||||||
|
|
||||||
# Create a system user
|
|
||||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CREATE A MYSQL DATABASE
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Creating a MySQL database..."
|
|
||||||
|
|
||||||
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
|
||||||
db_user=$db_name
|
|
||||||
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
|
||||||
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
|
|
||||||
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Setting up source files..."
|
ynh_script_progression --message="Setting up source files..."
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
|
||||||
# Download, check integrity, uncompress and patch the source from app.src
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
ynh_setup_source --dest_dir="$final_path"
|
ynh_setup_source --dest_dir="$install_dir"
|
||||||
|
|
||||||
chmod 750 "$final_path"
|
chmod -R o-rwx "$install_dir"
|
||||||
chmod -R o-rwx "$final_path"
|
chown -R $app:www-data "$install_dir"
|
||||||
chown -R $app:www-data "$final_path"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# PHP-FPM CONFIGURATION
|
# PHP-FPM CONFIGURATION
|
||||||
|
@ -101,12 +33,7 @@ chown -R $app:www-data "$final_path"
|
||||||
ynh_script_progression --message="Configuring PHP-FPM..."
|
ynh_script_progression --message="Configuring PHP-FPM..."
|
||||||
|
|
||||||
# Create a dedicated PHP-FPM config
|
# Create a dedicated PHP-FPM config
|
||||||
ynh_add_fpm_config
|
ynh_add_fpm_config --usage=low --footprint=low
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# NGINX CONFIGURATION
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Configuring NGINX web server..."
|
|
||||||
|
|
||||||
# Create a dedicated NGINX config
|
# Create a dedicated NGINX config
|
||||||
ynh_add_nginx_config
|
ynh_add_nginx_config
|
||||||
|
@ -116,20 +43,21 @@ ynh_add_nginx_config
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP APPLICATION WITH CURL
|
# SETUP APPLICATION WITH CURL
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Setuping application with CURL..."
|
ynh_script_progression --message="Setuping application with cURL..."
|
||||||
|
|
||||||
# Set right permissions for curl install
|
# Set right permissions for curl install
|
||||||
mkdir -p $final_path/plugins/auto
|
mkdir -p $install_dir/plugins/auto
|
||||||
chown -R $app:www-data "$final_path"
|
chown -R $app:www-data "$install_dir"
|
||||||
|
|
||||||
# Set the app as temporarily public for curl call
|
# Set the app as temporarily public for curl call
|
||||||
ynh_script_progression --message="Configuring SSOwat..."
|
ynh_script_progression --message="Configuring SSOwat..."
|
||||||
|
|
||||||
# Installation with curl
|
# Installation with cURL
|
||||||
ynh_script_progression --message="Finalizing installation..."
|
ynh_script_progression --message="Finalizing installation..."
|
||||||
ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=chmod"
|
ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=chmod"
|
||||||
ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=2" "chmod=750" "adresse_db=localhost" "login_db=$db_name" "pass_db=$db_pwd" "server_db=mysql"
|
ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=2" "chmod=750" "adresse_db=localhost" "login_db=$db_name" "pass_db=$db_pwd" "server_db=mysql"
|
||||||
ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=3" "adresse_db=localhost" "login_db=$db_name" "pass_db=$db_pwd" "server_db=mysql" "choix_db=$db_name" "tprefix=$db_name"
|
ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=3" "adresse_db=localhost" "login_db=$db_name" "pass_db=$db_pwd" "server_db=mysql" "choix_db=$db_name" "tprefix=$db_name"
|
||||||
|
|
||||||
# For now spip have a problem with LDAP
|
# For now spip have a problem with LDAP
|
||||||
#ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=ldap1"
|
#ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=ldap1"
|
||||||
#ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=ldap2" "adresse_ldap=localhost" "port_ldap=389" "tls_ldap=no" "protocole_ldap=3"
|
#ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=ldap2" "adresse_ldap=localhost" "port_ldap=389" "tls_ldap=no" "protocole_ldap=3"
|
||||||
|
@ -159,36 +87,17 @@ ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=fin"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Adding a configuration file..."
|
ynh_script_progression --message="Adding a configuration file..."
|
||||||
|
|
||||||
#ynh_replace_string "'','utf8');" "'ldap.php','utf8');" $final_path/config/connect.php
|
#ynh_replace_string "'','utf8');" "'ldap.php','utf8');" $install_dir/config/connect.php
|
||||||
cp ../conf/mes_options.php $final_path/config/mes_options.php
|
cp ../conf/mes_options.php $install_dir/config/mes_options.php
|
||||||
|
|
||||||
|
# Add security fix https://www.spip.net/en_article4201.html to be removed after version 4.2.2
|
||||||
|
cp ../conf/ecran_securite.php $install_dir/config/ecran_securite.php
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STORE THE CONFIG FILE CHECKSUM
|
# STORE THE CONFIG FILE CHECKSUM
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
ynh_store_file_checksum --file="$final_path/config/connect.php"
|
ynh_store_file_checksum --file="$install_dir/config/connect.php"
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# GENERIC FINALIZATION
|
|
||||||
#=================================================
|
|
||||||
# SETUP SSOWAT
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Configuring permissions..."
|
|
||||||
|
|
||||||
# Make app public if necessary
|
|
||||||
if [ $is_public -eq 1 ]
|
|
||||||
then
|
|
||||||
# Everyone can access the app.
|
|
||||||
# The "main" permission is automatically created before the install script.
|
|
||||||
ynh_permission_update --permission="main" --add="visitors"
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# RELOAD NGINX
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Reloading NGINX web server..."
|
|
||||||
|
|
||||||
ynh_systemd_action --service_name=nginx --action=reload
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
|
|
|
@ -9,18 +9,6 @@
|
||||||
source _common.sh
|
source _common.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# LOAD SETTINGS
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Loading installation settings..."
|
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
|
||||||
db_user=$db_name
|
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD REMOVE
|
# STANDARD REMOVE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -31,56 +19,12 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
|
||||||
# Remove the dedicated systemd config
|
# Remove the dedicated systemd config
|
||||||
ynh_remove_systemd_config
|
ynh_remove_systemd_config
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE THE MYSQL DATABASE
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing the MySQL database..."
|
|
||||||
|
|
||||||
# Remove a database if it exists, along with the associated user
|
|
||||||
ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE APP MAIN DIR
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing app main directory..."
|
|
||||||
|
|
||||||
# Remove the app directory securely
|
|
||||||
ynh_secure_remove --file="$final_path"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE NGINX CONFIGURATION
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing NGINX web server configuration..."
|
|
||||||
|
|
||||||
# Remove the dedicated NGINX config
|
# Remove the dedicated NGINX config
|
||||||
ynh_remove_nginx_config
|
ynh_remove_nginx_config
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE PHP-FPM CONFIGURATION
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing PHP-FPM configuration..."
|
|
||||||
|
|
||||||
# Remove the dedicated PHP-FPM config
|
# Remove the dedicated PHP-FPM config
|
||||||
ynh_remove_fpm_config
|
ynh_remove_fpm_config
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE DEPENDENCIES
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing dependencies..."
|
|
||||||
|
|
||||||
# Remove metapackage and its dependencies
|
|
||||||
ynh_remove_app_dependencies
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# GENERIC FINALIZATION
|
|
||||||
#=================================================
|
|
||||||
# REMOVE DEDICATED USER
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing the dedicated system user..."
|
|
||||||
|
|
||||||
# Delete a system user
|
|
||||||
ynh_system_user_delete --username=$app
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -10,66 +10,15 @@
|
||||||
source ../settings/scripts/_common.sh
|
source ../settings/scripts/_common.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# MANAGE SCRIPT FAILURE
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
ynh_clean_setup () {
|
|
||||||
true
|
|
||||||
}
|
|
||||||
# Exit if an error occurs during the execution of the script
|
|
||||||
ynh_abort_if_errors
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# LOAD SETTINGS
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Loading installation settings..."
|
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
||||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
|
||||||
db_user=$db_name
|
|
||||||
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CHECK IF THE APP CAN BE RESTORED
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Validating restoration parameters..."
|
|
||||||
|
|
||||||
test ! -d $final_path \
|
|
||||||
|| ynh_die --message="There is already a directory: $final_path "
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# STANDARD RESTORATION STEPS
|
|
||||||
#=================================================
|
|
||||||
# RECREATE THE DEDICATED USER
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Recreating the dedicated system user..."
|
|
||||||
|
|
||||||
# Create the dedicated user (if not existing)
|
|
||||||
ynh_system_user_create --username=$app --home_dir=$final_path
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RESTORE THE APP MAIN DIR
|
# RESTORE THE APP MAIN DIR
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Restoring the app main directory..."
|
ynh_script_progression --message="Restoring the app main directory..."
|
||||||
|
|
||||||
ynh_restore_file --origin_path="$final_path"
|
ynh_restore_file --origin_path="$install_dir"
|
||||||
|
|
||||||
chmod 750 "$final_path"
|
chmod -R o-rwx "$install_dir"
|
||||||
chmod -R o-rwx "$final_path"
|
chown -R $app:www-data "$install_dir"
|
||||||
chown -R $app:www-data "$final_path"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REINSTALL DEPENDENCIES
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Reinstalling dependencies..."
|
|
||||||
|
|
||||||
# Define and install dependencies
|
|
||||||
ynh_install_app_dependencies $pkg_dependencies
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RESTORE THE PHP-FPM CONFIGURATION
|
# RESTORE THE PHP-FPM CONFIGURATION
|
||||||
|
@ -79,14 +28,6 @@ ynh_script_progression --message="Restoring the PHP-FPM configuration..."
|
||||||
# Restore the file first, so it can have a backup if different
|
# Restore the file first, so it can have a backup if different
|
||||||
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
|
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
|
||||||
|
|
||||||
# Recreate a dedicated php-fpm config
|
|
||||||
ynh_add_fpm_config --phpversion=$phpversion
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# RESTORE THE NGINX CONFIGURATION
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Restoring the NGINX web server configuration..."
|
|
||||||
|
|
||||||
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -94,8 +35,6 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Restoring the MySQL database..."
|
ynh_script_progression --message="Restoring the MySQL database..."
|
||||||
|
|
||||||
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
|
|
||||||
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
|
|
||||||
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
|
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
173
scripts/upgrade
173
scripts/upgrade
|
@ -9,49 +9,12 @@
|
||||||
source _common.sh
|
source _common.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# LOAD SETTINGS
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Loading installation settings..."
|
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
||||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
|
||||||
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
|
||||||
password=$(ynh_app_setting_get --app=$app --key=password)
|
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|
||||||
users_status=$(ynh_app_setting_get --app=$app --key=users_status)
|
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
|
||||||
db_user=$db_name
|
|
||||||
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CHECK VERSION
|
# CHECK VERSION
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Checking version..."
|
|
||||||
|
|
||||||
upgrade_type=$(ynh_check_app_version_changed)
|
upgrade_type=$(ynh_check_app_version_changed)
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
|
|
||||||
|
|
||||||
# Backup the current version of the app
|
|
||||||
ynh_backup_before_upgrade
|
|
||||||
ynh_clean_setup () {
|
|
||||||
if [ $migration_process -eq 1 ]; then
|
|
||||||
yunohost app remove $app
|
|
||||||
# Reload some values changed by the migration process
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
|
||||||
fi
|
|
||||||
# Restore it if the upgrade fails
|
|
||||||
ynh_restore_upgradebackup
|
|
||||||
}
|
|
||||||
# Exit if an error occurs during the execution of the script
|
|
||||||
ynh_abort_if_errors
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD UPGRADE STEPS
|
# STANDARD UPGRADE STEPS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -59,67 +22,12 @@ ynh_abort_if_errors
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Ensuring downward compatibility..."
|
ynh_script_progression --message="Ensuring downward compatibility..."
|
||||||
|
|
||||||
# Remove is_public
|
|
||||||
if [ -n "$(ynh_app_setting_get --app=$app --key=is_public)" ]; then
|
|
||||||
ynh_app_setting_delete --app=$app --key=is_public
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If db_name doesn't exist, create it
|
|
||||||
if [ -z $db_name ]; then
|
|
||||||
db_name=$app
|
|
||||||
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If final_path doesn't exist, create it
|
|
||||||
if [ -z $final_path ]; then
|
|
||||||
final_path=/var/www/$app
|
|
||||||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If users_status doesn't exist, create it
|
# If users_status doesn't exist, create it
|
||||||
if [ -z $users_status ]; then
|
if [ -z "${users_status:-}" ]; then
|
||||||
users_status="Editor"
|
users_status="Editor"
|
||||||
ynh_app_setting_set --app=$app --key=users_status --value=$users_status
|
ynh_app_setting_set --app=$app --key=users_status --value=$users_status
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z $password ]; then
|
|
||||||
# Generate random password
|
|
||||||
password=$(ynh_string_random --length=8)
|
|
||||||
|
|
||||||
echo "The new version of SPIP provide a new password. You can change it in the private area." > mail_to_send
|
|
||||||
echo "" >> mail_to_send
|
|
||||||
echo "This password is: $password" >> mail_to_send
|
|
||||||
|
|
||||||
ynh_send_readme_to_admin --app_message="mail_to_send" --type="upgrade"
|
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=password --value=$password
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Cleaning legacy permissions
|
|
||||||
if ynh_legacy_permissions_exists; then
|
|
||||||
ynh_legacy_permissions_delete_all
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# HANDLE MIGRATION FROM SPIP2
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
ynh_handle_app_migration "spip2" "spip2_migration"
|
|
||||||
if [ $migration_process -eq 1 ]; then
|
|
||||||
# If a migration has been perform
|
|
||||||
# Reload some values changed by the migration process
|
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CREATE DEDICATED USER
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Making sure dedicated system user exists..."
|
|
||||||
|
|
||||||
# Create a dedicated user (if not existing)
|
|
||||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -129,19 +37,11 @@ then
|
||||||
ynh_script_progression --message="Upgrading source files..."
|
ynh_script_progression --message="Upgrading source files..."
|
||||||
|
|
||||||
# Download, check integrity, uncompress and patch the source from app.src
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
ynh_setup_source --dest_dir="$final_path"
|
ynh_setup_source --dest_dir="$install_dir"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
chmod 750 "$final_path"
|
chmod -R o-rwx "$install_dir"
|
||||||
chmod -R o-rwx "$final_path"
|
chown -R $app:www-data "$install_dir"
|
||||||
chown -R $app:www-data "$final_path"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# UPGRADE DEPENDENCIES
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Upgrading dependencies..."
|
|
||||||
|
|
||||||
ynh_install_app_dependencies $pkg_dependencies
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# PHP-FPM CONFIGURATION
|
# PHP-FPM CONFIGURATION
|
||||||
|
@ -149,12 +49,7 @@ ynh_install_app_dependencies $pkg_dependencies
|
||||||
ynh_script_progression --message="Upgrading PHP-FPM configuration..."
|
ynh_script_progression --message="Upgrading PHP-FPM configuration..."
|
||||||
|
|
||||||
# Create a dedicated PHP-FPM config
|
# Create a dedicated PHP-FPM config
|
||||||
ynh_add_fpm_config
|
ynh_add_fpm_config --usage=low --footprint=low
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# NGINX CONFIGURATION
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Upgrading NGINX web server configuration..."
|
|
||||||
|
|
||||||
# Create a dedicated NGINX config
|
# Create a dedicated NGINX config
|
||||||
ynh_add_nginx_config
|
ynh_add_nginx_config
|
||||||
|
@ -167,21 +62,22 @@ ynh_add_nginx_config
|
||||||
ynh_script_progression --message="Setuping application with CURL..."
|
ynh_script_progression --message="Setuping application with CURL..."
|
||||||
|
|
||||||
# Set right permissions for curl install
|
# Set right permissions for curl install
|
||||||
mkdir -p $final_path/plugins/auto
|
mkdir -p $install_dir/plugins/auto
|
||||||
chown -R $app:www-data "$final_path"
|
chown -R $app:www-data "$install_dir"
|
||||||
|
|
||||||
# Set the app as temporarily public for curl call
|
# Set the app as temporarily public for curl call
|
||||||
ynh_script_progression --message="Configuring SSOwat..."
|
ynh_script_progression --message="Configuring SSOwat..."
|
||||||
|
|
||||||
ynh_backup_if_checksum_is_different --file="$final_path/config/connect.php"
|
ynh_backup_if_checksum_is_different --file="$install_dir/config/connect.php"
|
||||||
|
|
||||||
mv $final_path/config/connect.php $final_path/config/connect.php.ynh_bkp
|
mv $install_dir/config/connect.php $install_dir/config/connect.php.ynh_bkp
|
||||||
|
|
||||||
# Installation with curl
|
# Installation with curl
|
||||||
ynh_script_progression --message="Finalizing installation..."
|
ynh_script_progression --message="Finalizing installation..."
|
||||||
ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=chmod"
|
ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=chmod"
|
||||||
ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=2" "chmod=750" "adresse_db=localhost" "login_db=$db_name" "pass_db=$db_pwd" "server_db=mysql"
|
ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=2" "chmod=750" "adresse_db=localhost" "login_db=$db_name" "pass_db=$db_pwd" "server_db=mysql"
|
||||||
ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=3" "adresse_db=localhost" "login_db=$db_name" "pass_db=$db_pwd" "server_db=mysql" "choix_db=$db_name" "tprefix=$db_name"
|
ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=3" "adresse_db=localhost" "login_db=$db_name" "pass_db=$db_pwd" "server_db=mysql" "choix_db=$db_name" "tprefix=$db_name"
|
||||||
|
|
||||||
# For now spip have a problem with LDAP
|
# For now spip have a problem with LDAP
|
||||||
#ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=ldap1"
|
#ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=ldap1"
|
||||||
#ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=ldap2" "adresse_ldap=localhost" "port_ldap=389" "tls_ldap=no" "protocole_ldap=3"
|
#ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=ldap2" "adresse_ldap=localhost" "port_ldap=389" "tls_ldap=no" "protocole_ldap=3"
|
||||||
|
@ -211,50 +107,19 @@ ynh_local_curl "/ecrire/?suivant" "exec=install" "etape=fin"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Updating a configuration file..."
|
ynh_script_progression --message="Updating a configuration file..."
|
||||||
|
|
||||||
#ynh_replace_string --match_string="'','utf8');" --replace_string="'ldap.php','utf8');" --target_file=$final_path/config/connect.php
|
#ynh_replace_string --match_string="'','utf8');" --replace_string="'ldap.php','utf8');" --target_file=$install_dir/config/connect.php
|
||||||
cp ../conf/mes_options.php $final_path/config/mes_options.php
|
cp ../conf/mes_options.php $install_dir/config/mes_options.php
|
||||||
|
|
||||||
if [ ! -f $final_path/config/connect.php ]; then
|
# Add security fix https://www.spip.net/en_article4201.html to be removed after version 4.2.2
|
||||||
mv $final_path/config/connect.php.ynh_bkp $final_path/config/connect.php
|
cp ../conf/ecran_securite.php $install_dir/config/ecran_securite.php
|
||||||
|
|
||||||
|
if [ ! -f $install_dir/config/connect.php ]; then
|
||||||
|
mv $install_dir/config/connect.php.ynh_bkp $install_dir/config/connect.php
|
||||||
else
|
else
|
||||||
ynh_secure_remove --file="$final_path/config/connect.php.ynh_bkp"
|
ynh_secure_remove --file="$install_dir/config/connect.php.ynh_bkp"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ynh_store_file_checksum --file="$final_path/config/connect.php"
|
ynh_store_file_checksum --file="$install_dir/config/connect.php"
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# GENERIC FINALIZATION
|
|
||||||
#=================================================
|
|
||||||
# RELOAD NGINX
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Reloading NGINX web server..."
|
|
||||||
|
|
||||||
ynh_systemd_action --service_name=nginx --action=reload
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SEND INFORMATION
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
echo "To finish the upgrade, you may have to update the database by clicking on the button (if asked) at this location: https://$domain$path_url/ecrire/" > mail_to_send
|
|
||||||
|
|
||||||
ynh_send_readme_to_admin --app_message="mail_to_send" --type="upgrade"
|
|
||||||
|
|
||||||
if [ $migration_process -eq 1 ]
|
|
||||||
then
|
|
||||||
ynh_script_progression --message="Spip2 has been successfully migrated to Spip! \
|
|
||||||
A last scheduled operation will run in a couple of minutes to finish the \
|
|
||||||
migration in YunoHost side. Do not proceed any application operation while \
|
|
||||||
you don't see Spip as installed."
|
|
||||||
|
|
||||||
# Execute a post migration script after the end of this upgrade.
|
|
||||||
# Mainly for some cleaning
|
|
||||||
script_post_migration=spip2_post_migration.sh
|
|
||||||
cp ../conf/$script_post_migration /tmp
|
|
||||||
ynh_replace_string --match_string="__OLD_APP__" --replace_string="$old_app" --target_file=/tmp/$script_post_migration
|
|
||||||
ynh_replace_string --match_string="__NEW_APP__" --replace_string="$app" --target_file=/tmp/$script_post_migration
|
|
||||||
chmod +x /tmp/$script_post_migration
|
|
||||||
(cd /tmp; echo "/tmp/$script_post_migration > /tmp/$script_post_migration.log 2>&1" | at now + 2 minutes)
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
|
|
9
tests.toml
Normal file
9
tests.toml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
test_format = 1.0
|
||||||
|
|
||||||
|
[default]
|
||||||
|
|
||||||
|
# -------------------------------
|
||||||
|
# Default args to use for install
|
||||||
|
# -------------------------------
|
||||||
|
|
||||||
|
args.users_status = "Editor"
|
Loading…
Reference in a new issue