1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-12-30 16:24:57 +00:00

add peppermint_json_perms setting to auto chmod peppermint.json on save

This commit is contained in:
Starbeamrainbowlabs 2024-09-07 17:45:51 +01:00
parent 16ce60feb1
commit c245ea44c2
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
6 changed files with 27 additions and 9 deletions

View file

@ -27,7 +27,7 @@ $modules = glob("modules/*.php");
$module_index = [];
// Defined just in case a module needs to reference them when we require() them
// to gain information
$env = $paths = new stdClass();
$env = new stdClass(); $paths = new stdClass();
$paths->extra_data_directory = "build/._extra_data";
/**

View file

@ -37,7 +37,8 @@ if(!file_exists($settingsFilename)) {
// Copy the default settings over to the main settings array
foreach ($guiConfig as $key => $value)
$settings->$key = $value->default;
if(file_put_contents("peppermint.json", json_encode($settings, JSON_PRETTY_PRINT)) === false) {
// From below if statement: file_put_contents("peppermint.json", json_encode($settings, JSON_PRETTY_PRINT))
if(save_settings() === false) {
http_response_code(503);
header("content-type: text/plain");
exit("Oops! It looks like $settings->sitename wasn't able to write peppermint.json to disk.\nThis file contains all of $settings->sitename's settings, so it's really important!\nHave you checked that PHP has write access to the directory that index.php is located in (and all it's contents and subdirectories)? Try\n\nsudo chown USERNAME:USERNAME -R path/to/directory\n\nand\n\nsudo chmod -R 0644 path/to/directory;\nsudo chmod -R +X path/to/directory\n\n....where USERNAME is the username that the PHP process is running under.");
@ -68,8 +69,10 @@ if(!property_exists($settings, "secret")) {
$settings->secret = bin2hex(random_bytes(16));
$settings_upgraded = true;
}
if($settings_upgraded)
file_put_contents("peppermint.json", json_encode($settings, JSON_PRETTY_PRINT));
if($settings_upgraded) {
save_settings();
// file_put_contents("peppermint.json", json_encode($settings, JSON_PRETTY_PRINT));
}
// If:
// * The first-run wizard hasn't been completed
@ -80,7 +83,8 @@ if($settings_upgraded)
// Note we added this additional specific check because in Docker containers we recommend that firstrun_complete be manually preset to false, which would previously get autset to true as we thought it was a pre-existing wiki when it isn't! Note also we don't yet have access to the pageindex at this stage, so we can't check that either.
if(!$settings->firstrun_complete && $settings_upgraded && $did_upgrade_firstrun_key) {
$settings->firstrun_complete = true;
file_put_contents("peppermint.json", json_encode($settings, JSON_PRETTY_PRINT));
save_settings();
// file_put_contents("peppermint.json", json_encode($settings, JSON_PRETTY_PRINT));
}
// Insert the default CSS if requested

View file

@ -724,11 +724,23 @@ function minify_css(string $css_str) : string {
/**
* Saves the settings file back to peppermint.json.
* @package core
* @param stdObject [$new_settings=null] A new settings object to REPLACE the old one with - use with extreme care! A value of null (default) indicates that the existing global $settings object will be saved.
* @return bool Whether the settings were saved successfully.
*/
function save_settings() {
function save_settings($new_settings=null, $filepath=null) {
global $paths, $settings;
return file_put_contents($paths->settings_file, json_encode($settings, JSON_PRETTY_PRINT)) !== false;
$result = file_put_contents(
isset($paths->settings_file) ? $paths->settings_file : "peppermint.json",
json_encode(
$new_settings == null ? $settings : $new_settings,
JSON_PRETTY_PRINT)
) !== false;
if($settings->peppermint_json_perms !== null) {
$perms = octdec($settings->peppermint_json_perms);
if(!chmod($paths->settings_file, $perms))
error_log("Warning: Failed to chmod peppermint.json at {$paths->settings_file}"); // Complain about inability to chmod but don't claim we can't save
}
return $result;
}
/**
* Save the page index back to disk, respecting $settings->minify_pageindex

View file

@ -196,7 +196,8 @@ SCRIPT;
// Take a backup of the current settings file
rename($paths->settings_file, "$paths->settings_file.bak");
// Save the new settings file
file_put_contents($paths->settings_file, json_encode($newSettings, JSON_PRETTY_PRINT));
save_settings($newSettings);
// file_put_contents($paths->settings_file, json_encode($newSettings, JSON_PRETTY_PRINT));
$content = "<h1>Master settings updated successfully</h1>\n";
$content .= "<p>$settings->sitename's master settings file has been updated successfully. A backup of the original settings has been created under the name <code>peppermint.json.bak</code>, just in case. You can <a href='?action=configure'>go back</a> and continue editing the master settings file, or you can go to the <a href='?action=view&page=" . rawurlencode($settings->defaultpage) . "'>" . htmlentities($settings->defaultpage) . "</a>.</p>\n";

View file

@ -238,7 +238,7 @@ function do_password_hash_code_update() {
$settings->password_cost = $new_cost;
// Save the current time in the settings
$settings->password_cost_time_lastcheck = time();
file_put_contents($paths->settings_file, json_encode($settings, JSON_PRETTY_PRINT));
save_settings();
}
/**

View file

@ -270,6 +270,7 @@
"sessionlifetime": { "type": "number", "description": "Again, you shouldn't need to change this under normal circumstances. This setting controls the lifetime of a login session. Defaults to 24 hours, but it may get cut off sooner depending on the underlying PHP session lifetime.", "default": 86400 },
"cookie_secure": { "type": "text", "description": "Whether to set the 'Secure' flag on all cookies. This prevents cookies from being transmitted over an unencrypted connection. Default: auto (sets the flag if HTTPS is detected). Other possible values: false (the flag is never set), true (the flag will always be set, regardless of whether HTTPS is detected or not)", "default": "auto" },
"disable_peppermint_access_check": { "type": "checkbox", "description": "Disables the access check for peppermint.json on first-run. <strong>VERY DANGEROUS</strong>. Use only for development. Note that it's recommend to block access to peppermint.json for a reason - it contains your site secret and password hashes, so an attacker could do all <em>sorts</em> of nefarious things if it's left unblocked.", "default": false },
"peppermint_json_perms": { "type": "text", "description": "The permissions to chmod peppermint.json to after saving it. Defaults to null, which means do not alter permissions. String must be a linux octal string with a leading 0: for example 0640. WARNING: Do <strong>NOT</strong> mark peppermint.json as 0777 - this is very insecure! Generally 0660, 0640, and 0600 work well for most purposes. Do not edit this setting unless you know what you're doing!", "default": null },
"css_theme_autoupdate_url": { "type": "url", "description": "A url that points to the css theme file to check for updates. If blank, then automatic updates are disabled.", "default": "" },
"css_theme_autoupdate_interval": { "type": "number", "description": "The interval, in seconds, that updates to the theme should be checked for. Defaults to every week. A value of -1 disables automatic updates.", "default": 604800 },
"css_theme_autoupdate_lastcheck": { "type": "number", "description": "The timestamp of the last time that updates for the selected theme were last checked for. To disable automatic updates, you should set <code>css_theme_autoupdate_interval</code> to <code>-1</code> instead of changing this setting.", "default": 0 },