Commit 8ca45190 authored by Darryl Hamilton's avatar Darryl Hamilton
Browse files

Catch broken/incorrect theme config (bug #744591)



Change-Id: I25214a83290a1948a6cedcadb5937fa6fcdbaff6
Signed-off-by: default avatarDarryl Hamilton <darrylh@catalyst.net.nz>
parent 5b067df7
...@@ -234,7 +234,16 @@ header('Content-type: text/html; charset=UTF-8'); ...@@ -234,7 +234,16 @@ header('Content-type: text/html; charset=UTF-8');
require_once('auth/lib.php'); require_once('auth/lib.php');
$SESSION = Session::singleton(); $SESSION = Session::singleton();
$USER = new LiveUser(); $USER = new LiveUser();
$THEME = new Theme($USER);
// try to set the theme, or catch the thrown exception (eg if the name is invalid)
try {
$THEME = new Theme($USER);
} catch (SystemException $exception) {
// set the theme to 'default' and put up an error message
$THEME = new Theme('default');
$SESSION->add_error_msg($exception->getMessage());
}
// The installer does its own auth_setup checking, because some upgrades may // The installer does its own auth_setup checking, because some upgrades may
// break logging in and so need to allow no logins. // break logging in and so need to allow no logins.
if (!defined('INSTALLER')) { if (!defined('INSTALLER')) {
......
...@@ -265,7 +265,7 @@ $string['sitename'] = 'Site name'; ...@@ -265,7 +265,7 @@ $string['sitename'] = 'Site name';
$string['sitenamedescription'] = 'The site name appears in certain places around the site and in e-mails sent from the site'; $string['sitenamedescription'] = 'The site name appears in certain places around the site and in e-mails sent from the site';
$string['siteoptionspagedescription'] = 'Here you can set some global options that will apply by default throughout the entire site. <BR> Note: Disabled options are overridden by your config.php file.'; $string['siteoptionspagedescription'] = 'Here you can set some global options that will apply by default throughout the entire site. <BR> Note: Disabled options are overridden by your config.php file.';
$string['siteoptionsset'] = 'Site options have been updated.'; $string['siteoptionsset'] = 'Site options have been updated.';
$string['sitethemedescription'] = 'The default theme for the site'; $string['sitethemedescription'] = 'The default theme for the site - if your theme is not listed, check the error log.';
$string['smallviewheaders'] = 'Small page headers'; $string['smallviewheaders'] = 'Small page headers';
$string['smallviewheadersdescription'] = 'If enabled, a small header and site navigation block will be displayed when viewing or editing portfolio pages created by users.'; $string['smallviewheadersdescription'] = 'If enabled, a small header and site navigation block will be displayed when viewing or editing portfolio pages created by users.';
$string['spamhaus'] = 'Enable Spamhaus URL blacklist'; $string['spamhaus'] = 'Enable Spamhaus URL blacklist';
......
...@@ -112,4 +112,6 @@ $string['missingparamblocktype'] = 'Try selecting a block type to add first'; ...@@ -112,4 +112,6 @@ $string['missingparamblocktype'] = 'Try selecting a block type to add first';
$string['missingparamcolumn'] = 'Missing column specification'; $string['missingparamcolumn'] = 'Missing column specification';
$string['missingparamorder'] = 'Missing order specification'; $string['missingparamorder'] = 'Missing order specification';
$string['missingparamid'] = 'Missing id'; $string['missingparamid'] = 'Missing id';
$string['themenameinvalid'] = "The name of the theme '%s' contains invalid characters.";
?> ?>
...@@ -636,6 +636,10 @@ function get_all_theme_objects() { ...@@ -636,6 +636,10 @@ function get_all_theme_objects() {
} }
while (false !== ($subdir = readdir($themedir))) { while (false !== ($subdir = readdir($themedir))) {
if ($subdir != "." && $subdir != ".." && is_dir($themebase . $subdir)) { if ($subdir != "." && $subdir != ".." && is_dir($themebase . $subdir)) {
// is the theme directory name valid?
if (!Theme::name_is_valid($subdir)) {
log_warn(get_string('themenameinvalid', 'error', $subdir));
} else {
$config_path = $themebase . $subdir . '/themeconfig.php'; $config_path = $themebase . $subdir . '/themeconfig.php';
if (is_readable($config_path)) { if (is_readable($config_path)) {
require($config_path); require($config_path);
...@@ -645,6 +649,7 @@ function get_all_theme_objects() { ...@@ -645,6 +649,7 @@ function get_all_theme_objects() {
} }
} }
} }
}
closedir($themedir); closedir($themedir);
asort($themes); asort($themes);
} }
......
...@@ -649,17 +649,27 @@ class Theme { ...@@ -649,17 +649,27 @@ class Theme {
$themename = 'raw'; $themename = 'raw';
} }
} }
// check the validity of the name
if ($this->name_is_valid($themename)) {
$this->init_theme($themename); $this->init_theme($themename);
} else {
throw new SystemException("Theme name is in invalid form: '$themename'");
}
} }
/** /**
* Given a theme name, reads in all config and sets fields on this object * Given a theme name, check that it is valid
*/ */
private function init_theme($themename) { public static function name_is_valid($themename) {
if (!preg_match('/^[a-zA-Z0-9_-]+$/', $themename)) { // preg_match returns 0 if invalid characters were found, 1 if not
throw new SystemException("Theme name is in invalid form: '$themename'"); return (preg_match('/^[a-zA-Z0-9_-]+$/', $themename) == 1);
} }
/**
* Given a theme name, reads in all config and sets fields on this object
*/
private function init_theme($themename) {
$this->basename = $themename; $this->basename = $themename;
$themeconfigfile = get_config('docroot') . 'theme/' . $this->basename . '/themeconfig.php'; $themeconfigfile = get_config('docroot') . 'theme/' . $this->basename . '/themeconfig.php';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment