diff --git a/README.md b/README.md index f280337..980780e 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # WordPress for YunoHost [![Integration level](https://dash.yunohost.org/integration/wordpress.svg)](https://dash.yunohost.org/appci/app/wordpress) ![](https://ci-apps.yunohost.org/ci/badges/wordpress.status.svg) [![](https://ci-apps.yunohost.org/ci/badges/wordpress.maintain.svg)](https://github.com/YunoHost/Apps/#what-to-do-if-i-cant-maintain-my-app-anymore-) -[![Install WordPress with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=wordpress) +[![Install WordPress with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=wordpress) *[Lire ce readme en français.](./README_fr.md)* @@ -10,9 +10,9 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to ## Overview WordPress is open source software you can use to create a beautiful website, blog, or app. -With this package, you can even activate the [multisite](https://codex.wordpress.org/Glossary#Multisite) option. +With this package, you can even activate the [multisite](https://wordpress.org/support/article/glossary/#multisite) option. -**Shipped version:** 5.6 +**Shipped version:** 5.7 ## Screenshots diff --git a/README_fr.md b/README_fr.md index da30f79..7e7a370 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,7 +1,7 @@ # WordPress pour YunoHost [![Niveau d'intégration](https://dash.yunohost.org/integration/wordpress.svg)](https://dash.yunohost.org/appci/app/wordpress) ![](https://ci-apps.yunohost.org/ci/badges/wordpress.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/wordpress.maintain.svg) -[![Installer WordPress avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=wordpress) +[![Installer WordPress avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=wordpress) *[Read this readme in english.](./README.md)* @@ -12,7 +12,7 @@ Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install WordPress est un logiciel libre que vous pouvez utiliser pour créer un site ou un blog. Avec ce package, vous pouvez même activer l'option [multisite](https://codex.wordpress.org/Glossary#Multisite). -**Version incluse :** 5.6 +**Version incluse :** 5.7 ## Captures d'écran diff --git a/actions.toml b/actions.toml index d5f7cd1..6a36fd7 100644 --- a/actions.toml +++ b/actions.toml @@ -1,15 +1,3 @@ -[public_private] -name = "Move to public or private" -command = "/bin/bash scripts/actions/public_private" -accepted_return_codes = [0] -description = "Change the public access of the app." - - [public_private.arguments] - [public_private.arguments.is_public] - type = "boolean" - ask = "Is it a public app?" - default = true - [reset_default_nginx] name = "Reset the NGINX config for this app." command = "/bin/bash scripts/actions/reset_default_system nginx" diff --git a/conf/app.src b/conf/app.src index 6fc3d12..2f4a19c 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://wordpress.org/wordpress-5.6.tar.gz -SOURCE_SUM=47f466f375557bd4e3e1fff69b1ccbe29053423736b1af8f3dbf9d38c4c5fcd3 +SOURCE_URL=https://wordpress.org/wordpress-5.7.tar.gz +SOURCE_SUM=92be8c4afd0186f783a12bad994baecc8f941a88535acddecbae0d7702169b71 SOURCE_SUM_PRG=sha256sum ARCH_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/sql/multisite.sql b/conf/sql/multisite.sql index 63a84a6..075381a 100644 --- a/conf/sql/multisite.sql +++ b/conf/sql/multisite.sql @@ -1 +1 @@ -INSERT INTO wp_sitemeta VALUES(NULL,1,'sll_settings','a:14:{s:14:"account_suffix";s:0:"";s:7:"base_dn";s:27:"ou=users,dc=yunohost,dc=org";s:18:"domain_controllers";a:1:{i:0;s:9:"localhost";}s:9:"directory";s:2:"ol";s:4:"role";s:10:"subscriber";s:13:"high_security";s:5:"false";s:8:"ol_login";s:3:"uid";s:7:"use_tls";s:5:"false";s:9:"ldap_port";s:3:"389";s:12:"ldap_version";s:1:"3";s:12:"create_users";s:4:"true";s:7:"enabled";s:4:"true";s:7:"version";s:3:"1.5";s:6:"groups";a:1:{i:0;s:0:"";}}'); +REPLACE INTO wp_sitemeta VALUES(NULL,1,'authLDAPOptions','a:22:{s:7:"Enabled";s:1:"1";s:7:"CachePW";b:0;s:3:"URI";s:44:"ldap://localhost/ou=users,dc=yunohost,dc=org";s:12:"URISeparator";s:1:" ";s:6:"Filter";s:__LENGTH__:"(&(|(objectclass=posixAccount))(uid=%s)(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";s:8:"NameAttr";s:9:"givenName";s:7:"SecName";s:2:"sn";s:7:"UidAttr";s:3:"uid";s:8:"MailAttr";s:4:"mail";s:7:"WebAttr";s:0:"";s:6:"Groups";a:5:{s:13:"administrator";s:0:"";s:6:"editor";s:0:"";s:6:"author";s:0:"";s:11:"contributor";s:0:"";s:10:"subscriber";s:0:"";}s:5:"Debug";b:0;s:9:"GroupAttr";s:0:"";s:11:"GroupFilter";s:0:"";s:11:"DefaultRole";s:10:"subscriber";s:11:"GroupEnable";b:0;s:13:"GroupOverUser";b:0;s:7:"Version";i:1;s:26:"DoNotOverwriteNonLdapUsers";b:0;s:8:"StartTLS";b:0;s:14:"GroupSeparator";s:0:"";s:9:"GroupBase";s:0:"";}'); diff --git a/conf/sql/single.sql b/conf/sql/single.sql index 0cc6985..9a3c8bd 100644 --- a/conf/sql/single.sql +++ b/conf/sql/single.sql @@ -1 +1 @@ -INSERT INTO wp_options VALUES(NULL,'sll_settings','a:14:{s:14:"account_suffix";s:0:"";s:7:"base_dn";s:27:"ou=users,dc=yunohost,dc=org";s:18:"domain_controllers";a:1:{i:0;s:9:"localhost";}s:9:"directory";s:2:"ol";s:4:"role";s:10:"subscriber";s:13:"high_security";s:5:"false";s:8:"ol_login";s:3:"uid";s:7:"use_tls";s:5:"false";s:9:"ldap_port";s:3:"389";s:12:"ldap_version";s:1:"3";s:12:"create_users";s:4:"true";s:7:"enabled";s:4:"true";s:7:"version";s:3:"1.5";s:6:"groups";a:1:{i:0;s:0:"";}}','yes'); +REPLACE INTO wp_options VALUES(NULL,'authLDAPOptions','a:22:{s:7:"Enabled";s:1:"1";s:7:"CachePW";b:0;s:3:"URI";s:44:"ldap://localhost/ou=users,dc=yunohost,dc=org";s:12:"URISeparator";s:1:" ";s:6:"Filter";s:__LENGTH__:"(&(|(objectclass=posixAccount))(uid=%s)(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";s:8:"NameAttr";s:9:"givenName";s:7:"SecName";s:2:"sn";s:7:"UidAttr";s:3:"uid";s:8:"MailAttr";s:4:"mail";s:7:"WebAttr";s:0:"";s:6:"Groups";a:5:{s:13:"administrator";s:0:"";s:6:"editor";s:0:"";s:6:"author";s:0:"";s:11:"contributor";s:0:"";s:10:"subscriber";s:0:"";}s:5:"Debug";b:0;s:9:"GroupAttr";s:0:"";s:11:"GroupFilter";s:0:"";s:11:"DefaultRole";s:10:"subscriber";s:11:"GroupEnable";b:0;s:13:"GroupOverUser";b:0;s:7:"Version";i:1;s:26:"DoNotOverwriteNonLdapUsers";b:0;s:8:"StartTLS";b:0;s:14:"GroupSeparator";s:0:"";s:9:"GroupBase";s:0:"";}','yes'); diff --git a/conf/wp-config.php b/conf/wp-config.php index f53900b..12c8c7e 100644 --- a/conf/wp-config.php +++ b/conf/wp-config.php @@ -18,6 +18,9 @@ * @package WordPress */ +/** Disable the wordress cron because it's managed by the system */ +define('DISABLE_WP_CRON', true); + // ** MySQL settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define('DB_NAME', '__DB_USER__'); diff --git a/config_panel.toml b/config_panel.toml index 10e11b1..07f014d 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -5,15 +5,6 @@ name = "Wordpress configuration panel" name = "Wordpress configuration" - [main.is_public] - name = "Public access" - - [main.is_public.is_public] - ask = "Is it a public WordPress site?" - type = "boolean" - default = true - - [main.overwrite_files] name = "Overwriting config files" diff --git a/manifest.json b/manifest.json index 00e8571..5c9e6a1 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Create a beautiful blog or website easily", "fr": "Logiciel de création de blog ou de site Web" }, - "version": "5.6~ynh1", + "version": "5.7~ynh1", "url": "https://wordpress.org/", "license": "GPL-2.0", "maintainer": { diff --git a/scripts/_common.sh b/scripts/_common.sh index 3c25980..4404f4b 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -6,7 +6,7 @@ YNH_PHP_VERSION="7.3" -extra_php_dependencies="php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-soap php${YNH_PHP_VERSION}-ssh2 php${YNH_PHP_VERSION}-tokenizer" +extra_php_dependencies="php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-soap php${YNH_PHP_VERSION}-ssh2 php${YNH_PHP_VERSION}-tokenizer php${YNH_PHP_VERSION}-ldap" #================================================= # EXPERIMENTAL HELPERS diff --git a/scripts/actions/public_private b/scripts/actions/public_private deleted file mode 100755 index d514a76..0000000 --- a/scripts/actions/public_private +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash - -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -source /usr/share/yunohost/helpers - -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -# Get is_public -is_public=${YNH_ACTION_IS_PUBLIC} - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF ARGUMENTS ARE CORRECT -#================================================= - -#================================================= -# CHECK IF AN ACTION HAS TO BE DONE -#================================================= - -is_public_old=$(ynh_app_setting_get --app=$app --key=is_public) - -if [ $is_public -eq $is_public_old ] -then - ynh_die --message="is_public is already set as $is_public." --ret_code=0 -fi - -#================================================= -# SPECIFIC ACTION -#================================================= -# MOVE TO PUBLIC OR PRIVATE -#================================================= - -if [ $is_public -eq 0 ]; then - public_private="private" -else - public_private="public" -fi -ynh_script_progression --message="Moving the application to $public_private..." --weight=3 - -if [ $is_public -eq 0 ] -then - ynh_app_setting_delete --app=$app --key=unprotected_uris -else - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - -ynh_script_progression --message="Upgrading SSOwat configuration..." -# Regen ssowat configuration -yunohost app ssowatconf - -# Update the config of the app -ynh_app_setting_set --app=$app --key=is_public --value=$is_public - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload - -#================================================= -# END OF SCRIPT -#================================================= - -ynh_script_progression --message="Execution completed" --last diff --git a/scripts/actions/reset_default_app b/scripts/actions/reset_default_app index fd1ab8d..b7e8f70 100755 --- a/scripts/actions/reset_default_app +++ b/scripts/actions/reset_default_app @@ -24,8 +24,8 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # SPECIFIC ACTION @@ -66,8 +66,8 @@ yunohost app action run $app reset_default_phpfpm # CREATE A CRON TASK FOR AUTOMATIC UPDATE #================================================= -echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress cron. -0 3 * * * root wget -q -O - https://$domain$path_url/wp-cron.php?doing_wp_cron >/dev/null 2>&1" > /etc/cron.d/$app +echo "# Reach everyday wp-cron.php to trig the internal WordPress cron. +0 3 * * * $app php$phpversion $final_path/wp-cron.php" > /etc/cron.d/$app #================================================= # SECURE FILES AND DIRECTORIES @@ -77,12 +77,15 @@ echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress # Files have to be own by the user of wordpress. To allow upgrade from the app. chown -R $app: $final_path # Except the file config wp-config.php -chown root: $final_path/wp-config.php +chown root:$app $final_path/wp-config.php # Reset permissions find $final_path/ -type f -print0 | xargs -0 chmod 0644 find $final_path/ -type d -print0 | xargs -0 chmod 0755 +# Remove permissions for others +chmod 640 $final_path/wp-config.php + #================================================= # UPGRADE FAIL2BAN #================================================= @@ -91,21 +94,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=5 # Create a dedicated fail2ban config ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="PHP message: Leed: wrong login for .* client: " --max_retry=5 -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1 - -# Remove skipped_uris if it's still present -ynh_app_setting_delete --app=$app --key=skipped_uris -if [ $is_public -eq 0 ]; then - # Remove the public access - ynh_app_setting_delete --app=$app --key=unprotected_uris -else - # Or replace skipped_uris by unprotected_uris - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/actions/reset_default_system b/scripts/actions/reset_default_system index 0c41e0a..9122755 100755 --- a/scripts/actions/reset_default_system +++ b/scripts/actions/reset_default_system @@ -29,7 +29,6 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) multisite=$(ynh_app_setting_get --app=$app --key=multisite) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) #================================================= # SPECIFIC ACTION @@ -63,7 +62,7 @@ then elif [ $type == phpfpm ] then # If the app is private, set the usage to low, otherwise to high. - if [ $is_public -eq 0 ] + if [ $(ynh_app_setting_get --app=$app --key=is_public) -eq 0 ] then usage=low else diff --git a/scripts/backup b/scripts/backup index 8624205..25bf9d5 100644 --- a/scripts/backup +++ b/scripts/backup @@ -69,7 +69,7 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" # BACKUP CRON #================================================= -ynh_backup "/etc/cron.d/$app" +ynh_backup --src_path="/etc/cron.d/$app" #================================================= # END OF SCRIPT diff --git a/scripts/change_url b/scripts/change_url index 1990e6e..44af2d5 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -123,13 +123,6 @@ db_prefix=$(grep '^$table_prefix' "$final_path/wp-config.php" | sed "s/.*'\(.*\) ynh_mysql_execute_as_root --sql="UPDATE ${db_prefix}options SET option_value='https://$new_domain$new_path' WHERE option_name='siteurl'" --database=$app ynh_mysql_execute_as_root --sql="UPDATE ${db_prefix}options SET option_value='https://$new_domain$new_path' WHERE option_name='home'" --database=$app -#================================================= -# UPDATE THE CRON -#================================================= - -echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress cron. -0 3 * * * root wget -q -O - https://$new_domain$new_path/wp-cron.php?doing_wp_cron >/dev/null 2>&1" > /etc/cron.d/$app - #================================================= # GENERIC FINALISATION #================================================= diff --git a/scripts/config b/scripts/config index 36c49ae..318b28c 100644 --- a/scripts/config +++ b/scripts/config @@ -26,10 +26,6 @@ fpm_config_dir=$(ynh_app_setting_get --app=$app --key=fpm_config_dir) # If the form has a value for a variable, take the value from the form, # Otherwise, keep the value from the app config. -# is_public -old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)" -is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}" - # Overwrite nginx configuration old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)" overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}" @@ -78,8 +74,6 @@ show_config() { # here you are supposed to read some config file/database/other then print the values # ynh_return "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value" - ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public" - ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx" ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_PHPFPM=$overwrite_phpfpm" @@ -97,17 +91,6 @@ show_config() { apply_config() { - # Change public accessibility - if [ "$is_public" != "$old_is_public" ] - then - if [ "$is_public" = "1" ] - then - yunohost app action run $app public_private --args is_public=1 - else - yunohost app action run $app public_private --args is_public=0 - fi - fi - #================================================= # MODIFY OVERWRITTING SETTINGS #================================================= diff --git a/scripts/install b/scripts/install index e4c6c69..8e3892b 100644 --- a/scripts/install +++ b/scripts/install @@ -52,7 +52,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin_wordpress -ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=multisite --value=$multisite @@ -140,7 +139,7 @@ ynh_script_progression --message="Installing wordpress with cURL..." --weight=10 chown -R $app: $final_path # Set the app as temporarily public for cURL call -ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" +ynh_permission_update --permission="main" --add="visitors" # Regen SSOwat configuration yunohost app ssowatconf @@ -150,6 +149,9 @@ ynh_systemd_action --service_name=nginx --action=reload # Wordpress installation ynh_local_curl "/wp-admin/install.php?step=2" "&weblog_title=YunoBlog" "user_name=$admin_wordpress" "admin_password=$db_pwd" "admin_password2=$db_pwd" "admin_email=$admin_wordpress@$domain" "Submit=Install+WordPress" +# Remove the public access +ynh_permission_update --permission="main" --remove="visitors" + ynh_print_info --message="Please wait during Wordpress installation..." for i in `seq 1 300` do @@ -169,7 +171,7 @@ ynh_script_progression --message="Installing WordPress plugins..." --weight=20 ynh_exec_warn_less wget --no-verbose https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar --output-document=$final_path/wp-cli.phar wpcli_alias="php$phpversion $final_path/wp-cli.phar --allow-root --path=$final_path" -$wpcli_alias plugin install simple-ldap-login +$wpcli_alias plugin install authldap $wpcli_alias plugin install http-authentication $wpcli_alias plugin install companion-auto-update $wpcli_alias plugin install wp-fail2ban-redux @@ -200,9 +202,15 @@ then # Activate multisite in wordpress config ynh_replace_string --match_string="//--MULTISITE2--define" --replace_string="define" --target_file=$final_path/wp-config.php + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/sql/multisite.sql + ynh_replace_string --match_string="__LENGTH__" --replace_string="$((${#app} + 95))" --target_file=../conf/sql/multisite.sql + ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/multisite.sql plugin_network="--network" else + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/sql/single.sql + ynh_replace_string --match_string="__LENGTH__" --replace_string="$((${#app} + 95))" --target_file=../conf/sql/single.sql + ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/single.sql plugin_network="" fi @@ -212,7 +220,7 @@ fi #================================================= ynh_script_progression --message="Activating plugins..." --weight=4 -$wpcli_alias plugin activate simple-ldap-login $plugin_network +$wpcli_alias plugin activate authldap $plugin_network # Do not activate http-authentication, this plugin is sometimes unstable $wpcli_alias plugin activate companion-auto-update $plugin_network $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network @@ -228,8 +236,8 @@ ynh_store_file_checksum --file="$final_path/wp-config.php" # CREATE A CRON TASK FOR AUTOMATIC UPDATE #================================================= -echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal WordPress cron. -0 3 * * * root wget -q -O - https://$domain$path_url/wp-cron.php?doing_wp_cron >/dev/null 2>&1" > /etc/cron.d/$app +echo "# Reach everyday wp-cron.php to trig the internal WordPress cron. +0 3 * * * $app php$phpversion $final_path/wp-cron.php" > /etc/cron.d/$app #================================================= # GENERIC FINALISATION @@ -241,7 +249,8 @@ echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal WordPress # Files have to be own by the user of wordpress. To allow upgrade from the app. chown -R $app: $final_path # Except the file config wp-config.php -chown root: $final_path/wp-config.php +chown root:$app $final_path/wp-config.php +chmod 640 $final_path/wp-config.php #================================================= # SETUP FAIL2BAN @@ -254,14 +263,19 @@ ynh_add_fail2ban_config --logpath="/var/log/auth.log" --failregex="Authenticatio #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring permissions..." --weight=1 -if [ $is_public -eq 0 ] +# Make app public if necessary +if [ $is_public -eq 1 ] then - # Remove the public access - ynh_app_setting_delete --app=$app --key=unprotected_uris + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi +# Only the admin can access the admin panel of the app +ynh_permission_create --permission="admin" --url="/wp-login.php" --additional_urls="/wp-admin.php" --allowed=$admin_wordpress + #================================================= # RELOAD NGINX #================================================= @@ -273,7 +287,7 @@ ynh_systemd_action --service_name=nginx --action=reload # REMOVE WP-CLI.PHAR #================================================= -ynh_secure_remove $final_path/wp-cli.phar +ynh_secure_remove --file=$final_path/wp-cli.phar #================================================= # SEND A README FOR THE ADMIN @@ -282,7 +296,10 @@ ynh_secure_remove $final_path/wp-cli.phar # Get main domain and buid the url of the admin panel of the app. admin_panel="https://$(grep portal_domain /etc/ssowat/conf.json | cut -d'"' -f4)/yunohost/admin/#/apps/$app" -echo "You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__. +echo "Please manually trigger updates to major versions in the WordPress admin area. +You can also activate the automatic update in the Companion Auto Update plugin settings. + +You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__. You can also find some specific actions for this app by using the experimental __URL_TAG1__action feature__URL_TAG2__$admin_panel/actions__URL_TAG3__. If you're facing an issue or want to improve this app, please open a new issue in this __URL_TAG1__project__URL_TAG2__https://github.com/YunoHost-Apps/wordpress_ynh__URL_TAG3__." > mail_to_send diff --git a/scripts/restore b/scripts/restore index d77447c..7672833 100644 --- a/scripts/restore +++ b/scripts/restore @@ -25,7 +25,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) admin_wordpress=$(ynh_app_setting_get --app=$app --key=admin) @@ -91,7 +90,8 @@ ynh_system_user_create --username=$app # Files have to be own by the user of wordpress. To allow upgrade from the app. chown -R $app: $final_path # Except the file config wp-config.php -chown root: $final_path/wp-config.php +chown root:$app $final_path/wp-config.php +chmod 640 $final_path/wp-config.php #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 4df9b47..f56c088 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -20,7 +20,6 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) admin_wordpress=$(ynh_app_setting_get --app=$app --key=admin) language=$(ynh_app_setting_get --app=$app --key=language) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) multisite=$(ynh_app_setting_get --app=$app --key=multisite) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) @@ -63,15 +62,6 @@ if [ -z "$language" ]; then ynh_app_setting_set --app=$app --key=language --value=$language fi -# Fix is_public as a boolean -if [ "${is_public,,}" = "yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "${is_public,,}" = "no" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - # Fix multisite as a boolean if [ "${multisite,,}" = "yes" ]; then ynh_app_setting_set --app=$app --key=multisite --value=1 @@ -110,14 +100,6 @@ if [ -z "$overwrite_phpfpm" ]; then ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=$overwrite_phpfpm fi -# If the app is private, set the usage to low, otherwise to high. -if [ $is_public -eq 0 ] -then - usage=low -else - usage=high -fi - # If fpm_footprint doesn't exist, create it if [ -z "$fpm_footprint" ]; then fpm_footprint=medium @@ -126,6 +108,13 @@ fi # If fpm_usage doesn't exist, create it if [ -z "$fpm_usage" ]; then + # If the app is private, set the usage to low, otherwise to high. + if [ $(ynh_app_setting_get --app=$app --key=is_public) -eq 0 ] + then + usage=low + else + usage=high + fi fpm_usage=$usage ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage fi @@ -145,6 +134,21 @@ fi $wpcli_alias plugin is-installed wp-fail2ban && $wpcli_alias plugin deactivate $plugin_network wp-fail2ban && $wpcli_alias plugin uninstall wp-fail2ban $wpcli_alias plugin is-installed wp-fail2ban-redux || $wpcli_alias plugin install wp-fail2ban-redux +# Remove old ldap plugin +$wpcli_alias plugin is-installed simple-ldap-login && $wpcli_alias plugin deactivate $plugin_network simple-ldap-login && $wpcli_alias plugin uninstall simple-ldap-login + +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + +if ! ynh_permission_exists --permission="admin"; then + # Create the required permissions + ynh_permission_create --permission="admin" --url="/wp-login.php" --additional_urls="/wp-admin.php" --allowed=$admin_wordpress +fi + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -213,6 +217,8 @@ ynh_backup_if_checksum_is_different --file="$final_path/wp-config.php" #================================================= ynh_script_progression --message="Configuring multisite..." --weight=2 +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) + if [ $multisite -eq 1 ] then ynh_replace_string --match_string="#--MULTISITE--" --replace_string="" --target_file=/etc/nginx/conf.d/$domain.d/$app.conf @@ -220,12 +226,20 @@ then ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_systemd_action --service_name=nginx --action=reload - + + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/sql/multisite.sql + ynh_replace_string --match_string="__LENGTH__" --replace_string="$((${#app} + 95))" --target_file=../conf/sql/multisite.sql + + ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/multisite.sql plugin_network="--network" else multisite=0 + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/sql/single.sql + ynh_replace_string --match_string="__LENGTH__" --replace_string="$((${#app} + 95))" --target_file=../conf/sql/single.sql + + ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/single.sql plugin_network="" - if [ $is_public -eq 1 ] + if ynh_permission_has_user --permission="main" --user="visitor" then ynh_replace_string --match_string="//--PUBLIC--define" --replace_string="define" --target_file=$final_path/wp-config.php fi @@ -242,10 +256,11 @@ ynh_script_progression --message="Updating plugins" --weight=11 update_plugin () { ( $wpcli_alias plugin is-installed $1 && $wpcli_alias plugin update $1 ) || $wpcli_alias plugin install $1 } -update_plugin simple-ldap-login -$wpcli_alias plugin activate simple-ldap-login $plugin_network +update_plugin authldap +$wpcli_alias plugin activate authldap $plugin_network update_plugin companion-auto-update $wpcli_alias plugin activate companion-auto-update $plugin_network + update_plugin wp-fail2ban-redux $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network @@ -263,8 +278,8 @@ ynh_store_file_checksum --file="$final_path/wp-config.php" # CREATE A CRON TASK FOR AUTOMATIC UPDATE #================================================= -echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress cron. -0 3 * * * root wget -q -O - https://$domain$path_url/wp-cron.php?doing_wp_cron >/dev/null 2>&1" > /etc/cron.d/$app +echo "# Reach everyday wp-cron.php to trig the internal WordPress cron. +0 3 * * * $app php$phpversion $final_path/wp-cron.php" > /etc/cron.d/$app #================================================= # GENERIC FINALISATION @@ -276,7 +291,8 @@ echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress # Files have to be own by the user of wordpress. To allow upgrade from the app. chown -R $app: $final_path # Except the file config wp-config.php -chown root: $final_path/wp-config.php +chown root:$app $final_path/wp-config.php +chmod 640 $final_path/wp-config.php #================================================= # UPGRADE FAIL2BAN @@ -286,21 +302,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=9 # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/auth.log" --failregex="Authentication (attempt for unknown user|failure for) .* from " --max_retry=5 -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." - -# Remove skipped_uris if it's still present -ynh_app_setting_delete --app=$app --key=skipped_uris -if [ $is_public -eq 0 ]; then - # Remove the public access - ynh_app_setting_delete --app=$app --key=unprotected_uris -else - # Or replace skipped_uris by unprotected_uris - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - #================================================= # RELOAD NGINX #================================================= @@ -336,7 +337,10 @@ else fi ynh_app_changelog --format=$format -echo "You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__. +echo "Please manually trigger updates to major versions in the WordPress admin area. +You can also activate the automatic update in the Companion Auto Update plugin settings. + +You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__. You can also find some specific actions for this app by using the experimental __URL_TAG1__action feature__URL_TAG2__$admin_panel/actions__URL_TAG3__. If you're facing an issue or want to improve this app, please open a new issue in this __URL_TAG1__project__URL_TAG2__https://github.com/YunoHost-Apps/wordpress_ynh__URL_TAG3__.