[Fusionforge-commits] FusionForge branch 6.0 updated. e9ed685271f99b7806ba279da877187e3c3dbca1

Sylvain Beucler beuc-inria at fusionforge.org
Mon Apr 13 18:19:24 CEST 2015


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, 6.0 has been updated
       via  e9ed685271f99b7806ba279da877187e3c3dbca1 (commit)
       via  a27752b68b1cf48e8d66ba1f0e38404f89328cec (commit)
      from  49490052a9ecd3653ba13898cfaa7be17e72a4b7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e9ed685271f99b7806ba279da877187e3c3dbca1
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Mon Apr 13 18:17:58 2015 +0200

    scmhook: drop 'read-only' mode since we now have reactivity

diff --git a/src/plugins/scmhook/common/scmhookPlugin.class.php b/src/plugins/scmhook/common/scmhookPlugin.class.php
index 81c6e69..b7f4159 100644
--- a/src/plugins/scmhook/common/scmhookPlugin.class.php
+++ b/src/plugins/scmhook/common/scmhookPlugin.class.php
@@ -195,25 +195,22 @@ project independently.");
 		use_javascript('/js/sortable.js');
 		echo $HTML->getJavascripts();
 		$hooksAvailable = $this->getAvailableHooks($group_id);
-		$statusDeploy = $this->getStatusDeploy($group_id);
 		$hooksEnabled = $this->getEnabledHooks($group_id);
 		if (count($hooksAvailable)) {
 			echo '<div id="scmhook">';
-			if ($statusDeploy)
-				echo $HTML->warning_msg(_('Hooks management update process waiting ...'));
 
 			echo '<h2>'._('Enable Repository Hooks').'</h2>';
 			switch ($scm) {
 				case "scmsvn": {
-					$this->displayScmSvnHook($hooksAvailable, $statusDeploy, $hooksEnabled, $group_id);
+					$this->displayScmSvnHook($hooksAvailable, $hooksEnabled, $group_id);
 					break;
 				}
 				case "scmhg": {
-					$this->displayScmHgHook($hooksAvailable, $statusDeploy, $hooksEnabled);
+					$this->displayScmHgHook($hooksAvailable, $hooksEnabled);
 					break;
 				}
 				case "scmgit": {
-					$this->displayScmGitHook($hooksAvailable, $statusDeploy, $hooksEnabled);
+					$this->displayScmGitHook($hooksAvailable, $hooksEnabled);
 					break;
 				}
 				default: {
@@ -318,7 +315,7 @@ project independently.");
 		return true;
 	}
 
-	function displayScmSvnHook($hooksAvailable, $statusDeploy, $hooksEnabled, $group_id) {
+	function displayScmSvnHook($hooksAvailable, $hooksEnabled, $group_id) {
 		global $HTML;
 		// Group available hooks by type
 		$hooks_by_type = array();
@@ -333,7 +330,6 @@ project independently.");
 				$classth = array('unsortable', '', '');
 				echo $HTML->listTableTop($tabletop, false, "sortable_scmhook_$hooktype", 'sortable', $classth);
 				foreach ($hooks as $hook) {
-					$isdisabled = 0;
 					if (! empty($hook->onlyGlobalAdmin) && ! Permission::isGlobalAdmin()) {
 						echo '<tr class="hide" ><td>';
 					}
@@ -345,15 +341,11 @@ project independently.");
 					if (in_array($hook->getClassname(), $hooksEnabled))
 						echo ' checked="checked"';
 
-					if ($statusDeploy) {
-						$isdisabled = 1;
-						echo ' disabled="disabled"';
-					}
-					if (!$isdisabled && !$hook->isAvailable())
+					if (!$hook->isAvailable())
 						echo ' disabled="disabled"';
 
 					echo ' />';
-					if (in_array($hook->getClassname(), $hooksEnabled) && $statusDeploy) {
+					if (in_array($hook->getClassname(), $hooksEnabled)) {
 						echo '<input type="hidden" ';
 						echo 'name="'.$hook->getLabel().'_'.$hook->getClassname().'" ';
 						echo 'value="on" />';
@@ -388,7 +380,7 @@ project independently.");
 		}
 	}
 
-	function displayScmHgHook($hooksAvailable, $statusDeploy, $hooksEnabled) {
+	function displayScmHgHook($hooksAvailable, $hooksEnabled) {
 		global $HTML;
 		$hooksServePushPullBundle = array();
 		foreach ($hooksAvailable as $hook) {
@@ -409,7 +401,6 @@ project independently.");
 			$classth = array('unsortable', '', '');
 			echo $HTML->listTableTop($tabletop, false, 'sortable_scmhook_serve-push-pull-bundle', 'sortable', $classth);
 			foreach ($hooksServePushPullBundle as $hookServePushPullBundle) {
-				$isdisabled = 0;
 				if (! empty($hookServePushPullBundle->onlyGlobalAdmin) && ! Permission::isGlobalAdmin()) {
 					echo '<tr class="hide" ><td>';
 				}
@@ -421,16 +412,11 @@ project independently.");
 				if (in_array($hookServePushPullBundle->getClassname(), $hooksEnabled))
 					echo ' checked="checked"';
 
-				if ($statusDeploy) {
-					$isdisabled = 1;
-					echo ' disabled="disabled"';
-				}
-
-				if (!$isdisabled && !$hookServePushPullBundle->isAvailable())
+				if (!$hookServePushPullBundle->isAvailable())
 					echo ' disabled="disabled"';
 
 				echo ' />';
-				if (in_array($hookServePushPullBundle->getClassname(), $hooksEnabled) && $statusDeploy) {
+				if (in_array($hookServePushPullBundle->getClassname(), $hooksEnabled)) {
 					echo '<input type="hidden" ';
 					echo 'name="'.$hookServePushPullBundle->getLabel().'_'.$hookServePushPullBundle->getClassname().'" ';
 					echo 'value="on" />';
@@ -449,7 +435,7 @@ project independently.");
 			echo $HTML->listTableBottom();
 		}
 	}
-	function displayScmGitHook($hooksAvailable, $statusDeploy, $hooksEnabled) {
+	function displayScmGitHook($hooksAvailable, $hooksEnabled) {
 		global $HTML;
 		$hooksPostReceive = array();
 		foreach ($hooksAvailable as $hook) {
@@ -470,7 +456,6 @@ project independently.");
 			$classth = array('unsortable', '', '');
 			echo $HTML->listTableTop($tabletop, false, 'sortable_scmhook_post-receive', 'sortable', $classth);
 			foreach ($hooksPostReceive as $hookPostReceive) {
-				$isdisabled = 0;
 				if (! empty($hookPostReceive->onlyGlobalAdmin) && ! Permission::isGlobalAdmin()) {
 					echo '<tr class="hide" ><td>';
 				}
@@ -482,16 +467,11 @@ project independently.");
 				if (in_array($hookPostReceive->getClassname(), $hooksEnabled))
 					echo ' checked="checked"';
 
-				if ($statusDeploy) {
-					$isdisabled = 1;
-					echo ' disabled="disabled"';
-				}
-
-				if (!$isdisabled && !$hookPostReceive->isAvailable())
+				if (!$hookPostReceive->isAvailable())
 					echo ' disabled="disabled"';
 
 				echo ' />';
-				if (in_array($hookPostReceive->getClassname(), $hooksEnabled) && $statusDeploy) {
+				if (in_array($hookPostReceive->getClassname(), $hooksEnabled)) {
 					echo '<input type="hidden" ';
 					echo 'name="'.$hookPostReceive->getLabel().'_'.$hookPostReceive->getClassname().'" ';
 					echo 'value="on" />';

commit a27752b68b1cf48e8d66ba1f0e38404f89328cec
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Mon Apr 13 17:51:08 2015 +0200

    scmhook: deal with symlink attacks

diff --git a/src/plugins/scmhook/common/scmhookPlugin.class.php b/src/plugins/scmhook/common/scmhookPlugin.class.php
index 559840f..81c6e69 100644
--- a/src/plugins/scmhook/common/scmhookPlugin.class.php
+++ b/src/plugins/scmhook/common/scmhookPlugin.class.php
@@ -101,7 +101,7 @@ project independently.");
 			if (!$res)
 				return false;
 			$systasksq = new SystasksQ();
-			$systasksq->add($this->getID(), 'SCMHOOK_UPDATE', $group_id);
+			$systasksq->add($this->getID(), 'SCMHOOK_UPDATE', $group_id, user_getid());
 		}
 		return true;
 	}
@@ -185,7 +185,7 @@ project independently.");
 			return false;
 
 		$systasksq = new SystasksQ();
-		$systasksq->add($this->getID(), 'SCMHOOK_UPDATE', $group_id);
+		$systasksq->add($this->getID(), 'SCMHOOK_UPDATE', $group_id, user_getid());
 
 		return true;
 	}
diff --git a/src/plugins/scmhook/cronjobs/updateScmRepo.php b/src/plugins/scmhook/cronjobs/updateScmRepo.php
index f2e5a19..45072b1 100755
--- a/src/plugins/scmhook/cronjobs/updateScmRepo.php
+++ b/src/plugins/scmhook/cronjobs/updateScmRepo.php
@@ -36,37 +36,56 @@ require_once $gfplugins.'scmhook/common/scmhookPlugin.class.php';
 ############
 ###### START
 
-// get the list of project to be updated
-$res = db_query_params('SELECT groups.group_id, groups.scm_box, plugin_scmhook.hooks
+$res = db_query_params('SELECT systask_id, group_id, user_name FROM systasks
+	JOIN users ON (systasks.user_id = users.user_id)
+	WHERE systasks.status=$1 AND systask_type=$2',
+	array('WIP', 'SCMHOOK_UPDATE'));
+while ($task = db_fetch_array($res)) {
+	$group_id = $task['group_id'];
+	$user_name = $task['user_name'];
+	// Run as the requesting user to avoid symlinks attacks
+	if (util_sudo_effective_user($user_name, 'install_hooks', array($group_id)) == false) {
+		cron_debug("ERROR scmhook: couldn't run install_hooks as user $user_name");
+	}
+}
+
+$group = null;  // pass info to library/ scripts
+function install_hooks($params) {
+	global $group, $gfplugins;
+
+	$group_id = $params[0];
+	// get the list of project to be updated
+	$res = db_query_params('SELECT groups.group_id, groups.scm_box, plugin_scmhook.hooks
 			FROM groups, plugin_scmhook
 			WHERE groups.status = $1
 			AND plugin_scmhook.id_group = groups.group_id
 			AND plugin_scmhook.need_update = $2
-			AND groups.use_scm = $3',
-			array('A', 1, 1));
+			AND groups.use_scm = $3
+            AND group_id = $4',
+		array('A', 1, 1, $group_id));
 
-if (! $res) {
-	cron_debug("FATAL Database Query Failed: " . db_error());
-}
+	if (! $res) {
+		cron_debug("FATAL Database Query Failed: " . db_error());
+	}
 
-$scmhookPlugin = new scmhookPlugin;
-while ($row = db_fetch_array($res)) {
-	$group_id = $row['group_id'];
-	$scm_box = $row['scm_box'];
-	$scmtype = '';
-	// find the scm type of the project
-	$listScm = $scmhookPlugin->getListLibraryScm();
-	$group = group_get_object($group_id);
-	for ($i = 0; $i < count($listScm); $i++) {
-		if ($group->usesPlugin($listScm[$i])) {
-			$scmtype = $listScm[$i];
-			continue;
+	$scmhookPlugin = new scmhookPlugin;
+	while ($row = db_fetch_array($res)) {
+		$group_id = $row['group_id'];
+		$scm_box = $row['scm_box'];
+		$scmtype = '';
+		// find the scm type of the project
+		$listScm = $scmhookPlugin->getListLibraryScm();
+		$group = group_get_object($group_id);
+		for ($i = 0; $i < count($listScm); $i++) {
+			if ($group->usesPlugin($listScm[$i])) {
+				$scmtype = $listScm[$i];
+				continue;
+			}
 		}
-	}
-	$returnvalue = true;
-	// call the right cronjob in the library
-	switch ($scmtype) {
-		case 'scmsvn': {
+		$returnvalue = true;
+		// call the right cronjob in the library
+		switch ($scmtype) {
+		case 'scmsvn':
 			cron_debug("INFO start updating hooks for project ".$group->getUnixName());
 			require_once $gfplugins.'scmhook/library/'.$scmtype.'/cronjobs/updateScmRepo.php';
 			$scmsvncronjob = new ScmSvnUpdateScmRepo();
@@ -81,8 +100,8 @@ while ($row = db_fetch_array($res)) {
 				}
 			}
 			break;
-		}
-		case 'scmhg': {
+
+		case 'scmhg':
 			cron_debug("INFO start updating hooks for project ".$group->getUnixName());
 			require_once $gfplugins.'scmhook/library/'.$scmtype.'/cronjobs/updateScmRepo.php';
 			$scmhgcronjob = new ScmHgUpdateScmRepo();
@@ -97,8 +116,8 @@ while ($row = db_fetch_array($res)) {
 				}
 			}
 			break;
-		}
-		case 'scmgit': {
+
+		case 'scmgit':
 			cron_debug("INFO start updating hooks for project ".$group->getUnixName());
 			require_once $gfplugins.'scmhook/library/'.$scmtype.'/cronjobs/updateScmRepo.php';
 			$scmgitcronjob = new ScmGitUpdateScmRepo();
@@ -113,18 +132,18 @@ while ($row = db_fetch_array($res)) {
 				}
 			}
 			break;
-		}
-		default: {
+
+		default:
 			cron_debug("WARNING No scm plugin found for this project ".$group->getUnixName()." or no cronjobs for this type");
 			$returnvalue = false;
 			break;
 		}
-	}
-
-	if ($returnvalue) {
-		cron_debug("INFO hooks updated for project ".$group->getUnixName());
-	} else {
-		cron_debug("ERROR Unable to update hooks for project ".$group->getUnixName());
+		
+		if ($returnvalue) {
+			cron_debug("INFO hooks updated for project ".$group->getUnixName());
+		} else {
+			cron_debug("ERROR Unable to update hooks for project ".$group->getUnixName());
+		}
 	}
 }
 

-----------------------------------------------------------------------

Summary of changes:
 src/plugins/scmhook/common/scmhookPlugin.class.php |   48 +++--------
 src/plugins/scmhook/cronjobs/updateScmRepo.php     |   91 ++++++++++++--------
 2 files changed, 69 insertions(+), 70 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list