ModuleInstall/ModuleScanner.php
Show:
inherited
inherited
Classes
\ModuleScanner
Package:
Parameters
Properties
$blackList= 'array(
'popen',
'proc_open',
'escapeshellarg',
'escapeshellcmd',
'proc_close',
'proc_get_status',
'proc_nice',
'basename',
'passthru',
'clearstatcache',
'dirname',
'disk_free_space',
'disk_total_space',
'diskfreespace',
'fclose',
'feof',
'fflush',
'fgetc',
'fgetcsv',
'fgets',
'fgetss',
'file_exists',
'file_get_contents',
'filesize',
'filetype',
'flock',
'fnmatch',
'fpassthru',
'fputcsv',
'fputs',
'fread',
'fscanf',
'fseek',
'fstat',
'ftell',
'ftruncate',
'fwrite',
'glob',
'is_dir',
'is_file',
'is_link',
'is_readable',
'is_uploaded_file',
'parse_ini_string',
'pathinfo',
'pclose',
'readfile',
'readlink',
'realpath_cache_get',
'realpath_cache_size',
'realpath',
'rewind',
'set_file_buffer',
'tmpfile',
'umask',
'ini_set',
'eval',
'exec',
'system',
'shell_exec',
'passthru',
'chgrp',
'chmod',
'chwown',
'file_put_contents',
'file',
'fileatime',
'filectime',
'filegroup',
'fileinode',
'filemtime',
'fileowner',
'fileperms',
'fopen',
'is_executable',
'is_writable',
'is_writeable',
'lchgrp',
'lchown',
'linkinfo',
'lstat',
'mkdir',
'parse_ini_file',
'rmdir',
'stat',
'tempnam',
'touch',
'unlink',
'getimagesize',
'call_user_func',
'call_user_func_array',
'create_function',
//mutliple files per function call
'copy',
'link',
'rename',
'symlink',
'move_uploaded_file',
'chdir',
'chroot',
'create_cache_directory',
'mk_temp_dir',
'write_array_to_file',
'write_encoded_file',
'create_custom_directory',
'sugar_rename',
'sugar_chown',
'sugar_fopen',
'sugar_mkdir',
'sugar_file_put_contents',
'sugar_chgrp',
'sugar_chmod',
'sugar_touch',
// Functions that have callbacks can circumvent our security measures.
// List retrieved through PHP's XML documentation, and running the
// following script in the reference directory:
// grep -R callable . | grep -v \.svn | grep methodparam | cut -d: -f1 | sort -u | cut -d"." -f2 | sed 's/\-/\_/g' | cut -d"/" -f4
// AMQPQueue
'consume',
// PHP internal - arrays
'array_diff_uassoc',
'array_diff_ukey',
'array_filter',
'array_intersect_uassoc',
'array_intersect_ukey',
'array_map',
'array_reduce',
'array_udiff_assoc',
'array_udiff_uassoc',
'array_udiff',
'array_uintersect_assoc',
'array_uintersect_uassoc',
'array_uintersect',
'array_walk_recursive',
'array_walk',
'uasort',
'uksort',
'usort',
// EIO functions that accept callbacks.
'eio_busy',
'eio_chmod',
'eio_chown',
'eio_close',
'eio_custom',
'eio_dup2',
'eio_fallocate',
'eio_fchmod',
'eio_fchown',
'eio_fdatasync',
'eio_fstat',
'eio_fstatvfs',
'eio_fsync',
'eio_ftruncate',
'eio_futime',
'eio_grp',
'eio_link',
'eio_lstat',
'eio_mkdir',
'eio_mknod',
'eio_nop',
'eio_open',
'eio_read',
'eio_readahead',
'eio_readdir',
'eio_readlink',
'eio_realpath',
'eio_rename',
'eio_rmdir',
'eio_sendfile',
'eio_stat',
'eio_statvfs',
'eio_symlink',
'eio_sync_file_range',
'eio_sync',
'eio_syncfs',
'eio_truncate',
'eio_unlink',
'eio_utime',
'eio_write',
// PHP internal - error functions
'set_error_handler',
'set_exception_handler',
// Forms Data Format functions
'fdf_enum_values',
// PHP internal - function handling
'call_user_func_array',
'call_user_func',
'forward_static_call_array',
'forward_static_call',
'register_shutdown_function',
'register_tick_function',
// Gearman
'setclientcallback',
'setcompletecallback',
'setdatacallback',
'setexceptioncallback',
'setfailcallback',
'setstatuscallback',
'setwarningcallback',
'setworkloadcallback',
'addfunction',
// Firebird/InterBase
'ibase_set_event_handler',
// LDAP
'ldap_set_rebind_proc',
// LibXML
'libxml_set_external_entity_loader',
// Mailparse functions
'mailparse_msg_extract_part_file',
'mailparse_msg_extract_part',
'mailparse_msg_extract_whole_part_file',
// Memcache(d) functions
'addserver',
'setserverparams',
'get',
'getbykey',
'getdelayed',
'getdelayedbykey',
// MySQLi
'set_local_infile_handler',
// PHP internal - network functions
'header_register_callback',
// Newt
'newt_entry_set_filter',
'newt_set_suspend_callback',
// OAuth
'consumerhandler',
'timestampnoncehandler',
'tokenhandler',
// PHP internal - output control
'ob_start',
// PHP internal - PCNTL
'pcntl_signal',
// PHP internal - PCRE
'preg_replace_callback',
// SQLite
'sqlitecreateaggregate',
'sqlitecreatefunction',
'sqlite_create_aggregate',
'sqlite_create_function',
// RarArchive
'open',
// Readline
'readline_callback_handler_install',
'readline_completion_function',
// PHP internal - session handling
'session_set_save_handler',
// PHP internal - SPL
'construct',
'iterator_apply',
'spl_autoload_register',
// Sybase
'sybase_set_message_handler',
// PHP internal - variable handling
'is_callable',
// XML Parser
'xml_set_character_data_handler',
'xml_set_default_handler',
'xml_set_element_handler',
'xml_set_end_namespace_decl_handler',
'xml_set_external_entity_ref_handler',
'xml_set_notation_decl_handler',
'xml_set_processing_instruction_handler',
'xml_set_start_namespace_decl_handler',
'xml_set_unparsed_entity_decl_handler',
)'
Default value
array(
'popen',
'proc_open',
'escapeshellarg',
'escapeshellcmd',
'proc_close',
'proc_get_status',
'proc_nice',
'basename',
'passthru',
'clearstatcache',
'dirname',
'disk_free_space',
'disk_total_space',
'diskfreespace',
'fclose',
'feof',
'fflush',
'fgetc',
'fgetcsv',
'fgets',
'fgetss',
'file_exists',
'file_get_contents',
'filesize',
'filetype',
'flock',
'fnmatch',
'fpassthru',
'fputcsv',
'fputs',
'fread',
'fscanf',
'fseek',
'fstat',
'ftell',
'ftruncate',
'fwrite',
'glob',
'is_dir',
'is_file',
'is_link',
'is_readable',
'is_uploaded_file',
'parse_ini_string',
'pathinfo',
'pclose',
'readfile',
'readlink',
'realpath_cache_get',
'realpath_cache_size',
'realpath',
'rewind',
'set_file_buffer',
'tmpfile',
'umask',
'ini_set',
'eval',
'exec',
'system',
'shell_exec',
'passthru',
'chgrp',
'chmod',
'chwown',
'file_put_contents',
'file',
'fileatime',
'filectime',
'filegroup',
'fileinode',
'filemtime',
'fileowner',
'fileperms',
'fopen',
'is_executable',
'is_writable',
'is_writeable',
'lchgrp',
'lchown',
'linkinfo',
'lstat',
'mkdir',
'parse_ini_file',
'rmdir',
'stat',
'tempnam',
'touch',
'unlink',
'getimagesize',
'call_user_func',
'call_user_func_array',
'create_function',
//mutliple files per function call
'copy',
'link',
'rename',
'symlink',
'move_uploaded_file',
'chdir',
'chroot',
'create_cache_directory',
'mk_temp_dir',
'write_array_to_file',
'write_encoded_file',
'create_custom_directory',
'sugar_rename',
'sugar_chown',
'sugar_fopen',
'sugar_mkdir',
'sugar_file_put_contents',
'sugar_chgrp',
'sugar_chmod',
'sugar_touch',
// Functions that have callbacks can circumvent our security measures.
// List retrieved through PHP's XML documentation, and running the
// following script in the reference directory:
// grep -R callable . | grep -v \.svn | grep methodparam | cut -d: -f1 | sort -u | cut -d"." -f2 | sed 's/\-/\_/g' | cut -d"/" -f4
// AMQPQueue
'consume',
// PHP internal - arrays
'array_diff_uassoc',
'array_diff_ukey',
'array_filter',
'array_intersect_uassoc',
'array_intersect_ukey',
'array_map',
'array_reduce',
'array_udiff_assoc',
'array_udiff_uassoc',
'array_udiff',
'array_uintersect_assoc',
'array_uintersect_uassoc',
'array_uintersect',
'array_walk_recursive',
'array_walk',
'uasort',
'uksort',
'usort',
// EIO functions that accept callbacks.
'eio_busy',
'eio_chmod',
'eio_chown',
'eio_close',
'eio_custom',
'eio_dup2',
'eio_fallocate',
'eio_fchmod',
'eio_fchown',
'eio_fdatasync',
'eio_fstat',
'eio_fstatvfs',
'eio_fsync',
'eio_ftruncate',
'eio_futime',
'eio_grp',
'eio_link',
'eio_lstat',
'eio_mkdir',
'eio_mknod',
'eio_nop',
'eio_open',
'eio_read',
'eio_readahead',
'eio_readdir',
'eio_readlink',
'eio_realpath',
'eio_rename',
'eio_rmdir',
'eio_sendfile',
'eio_stat',
'eio_statvfs',
'eio_symlink',
'eio_sync_file_range',
'eio_sync',
'eio_syncfs',
'eio_truncate',
'eio_unlink',
'eio_utime',
'eio_write',
// PHP internal - error functions
'set_error_handler',
'set_exception_handler',
// Forms Data Format functions
'fdf_enum_values',
// PHP internal - function handling
'call_user_func_array',
'call_user_func',
'forward_static_call_array',
'forward_static_call',
'register_shutdown_function',
'register_tick_function',
// Gearman
'setclientcallback',
'setcompletecallback',
'setdatacallback',
'setexceptioncallback',
'setfailcallback',
'setstatuscallback',
'setwarningcallback',
'setworkloadcallback',
'addfunction',
// Firebird/InterBase
'ibase_set_event_handler',
// LDAP
'ldap_set_rebind_proc',
// LibXML
'libxml_set_external_entity_loader',
// Mailparse functions
'mailparse_msg_extract_part_file',
'mailparse_msg_extract_part',
'mailparse_msg_extract_whole_part_file',
// Memcache(d) functions
'addserver',
'setserverparams',
'get',
'getbykey',
'getdelayed',
'getdelayedbykey',
// MySQLi
'set_local_infile_handler',
// PHP internal - network functions
'header_register_callback',
// Newt
'newt_entry_set_filter',
'newt_set_suspend_callback',
// OAuth
'consumerhandler',
'timestampnoncehandler',
'tokenhandler',
// PHP internal - output control
'ob_start',
// PHP internal - PCNTL
'pcntl_signal',
// PHP internal - PCRE
'preg_replace_callback',
// SQLite
'sqlitecreateaggregate',
'sqlitecreatefunction',
'sqlite_create_aggregate',
'sqlite_create_function',
// RarArchive
'open',
// Readline
'readline_callback_handler_install',
'readline_completion_function',
// PHP internal - session handling
'session_set_save_handler',
// PHP internal - SPL
'construct',
'iterator_apply',
'spl_autoload_register',
// Sybase
'sybase_set_message_handler',
// PHP internal - variable handling
'is_callable',
// XML Parser
'xml_set_character_data_handler',
'xml_set_default_handler',
'xml_set_element_handler',
'xml_set_end_namespace_decl_handler',
'xml_set_external_entity_ref_handler',
'xml_set_notation_decl_handler',
'xml_set_processing_instruction_handler',
'xml_set_start_namespace_decl_handler',
'xml_set_unparsed_entity_decl_handler',
)Details- Type
- n/a
$blackListExempt= 'array()'
Default value
array()Details- Type
- n/a
$classBlackList= 'array(
// Class names specified here must be in lowercase as the implementation
// of the tokenizer converts all tokens to lowercase.
'reflection',
'reflectionclass',
'reflectionzendextension',
'reflectionextension',
'reflectionfunction',
'reflectionfunctionabstract',
'reflectionmethod',
'reflectionobject',
'reflectionparameter',
'reflectionproperty',
'reflector',
'reflectionexception',
'lua',
)'
Default value
array(
// Class names specified here must be in lowercase as the implementation
// of the tokenizer converts all tokens to lowercase.
'reflection',
'reflectionclass',
'reflectionzendextension',
'reflectionextension',
'reflectionfunction',
'reflectionfunctionabstract',
'reflectionmethod',
'reflectionobject',
'reflectionparameter',
'reflectionproperty',
'reflector',
'reflectionexception',
'lua',
)Details- Type
- n/a
$classBlackListExempt= 'array()'
Default value
array()Details- Type
- n/a
$issues= 'array()'
Default value
array()Details- Type
- n/a
$manifestMap= 'array(
'pre_execute'=>'pre_execute',
'install_mkdirs'=>'mkdir',
'install_copy'=>'copy',
'install_images'=>'image_dir',
'install_menus'=>'menu',
'install_userpage'=>'user_page',
'install_dashlets'=>'dashlets',
'install_administration'=>'administration',
'install_connectors'=>'connectors',
'install_vardefs'=>'vardefs',
'install_layoutdefs'=>'layoutdefs',
'install_layoutfields'=>'layoutfields',
'install_relationships'=>'relationships',
'install_languages'=>'language',
'install_logichooks'=>'logic_hooks',
'post_execute'=>'post_execute',
)'
Default value
array(
'pre_execute'=>'pre_execute',
'install_mkdirs'=>'mkdir',
'install_copy'=>'copy',
'install_images'=>'image_dir',
'install_menus'=>'menu',
'install_userpage'=>'user_page',
'install_dashlets'=>'dashlets',
'install_administration'=>'administration',
'install_connectors'=>'connectors',
'install_vardefs'=>'vardefs',
'install_layoutdefs'=>'layoutdefs',
'install_layoutfields'=>'layoutfields',
'install_relationships'=>'relationships',
'install_languages'=>'language',
'install_logichooks'=>'logic_hooks',
'post_execute'=>'post_execute',
)Details- Type
- n/a
$pathToModule= ''''
Default value
''Details- Type
- n/a
$validExt= 'array('png', 'gif', 'jpg', 'css', 'js', 'php', 'txt', 'html', 'htm', 'tpl', 'pdf', 'md5', 'xml')'
Default value
array('png', 'gif', 'jpg', 'css', 'js', 'php', 'txt', 'html', 'htm', 'tpl', 'pdf', 'md5', 'xml')Details- Type
- n/a
Methods
__construct(
)
:
voiddisplayIssues(
$package
=
'Package'
)
:
voidThis function will take all issues of the current instance and print them to the screen
Parameters
| Name | Type | Description |
|---|---|---|
| $package |
getIssues(
)
:
voidreturns a list of issues
hasIssues(
)
:
voidreturns true or false if any issues were found
isPHPFile(
string $contents
)
:
booleanCheck if the file contents looks like PHP
Parameters
Returns
| Name | Type | Description |
|---|---|---|
| $contents | string | File contents |
| Type | Description |
|---|---|
| boolean |
isValidExtension(
$file
)
:
voidEnsures that a file has a valid extension
Parameters
| Name | Type | Description |
|---|---|---|
| $file |
printToWiki(
)
:
voidscanCopy(
$from, $to
)
:
voidTakes in where the file will is specified to be copied from and to and ensures that there is no official sugar file there. If the file exists it will check against the MD5 file list to see if Sugar Created the file
Parameters
| Name | Type | Description |
|---|---|---|
| $from | ||
| $to |
scanDir(
$path
)
:
voidScans a directory and calls on scan file for each file
Parameters
| Name | Type | Description |
|---|---|---|
| $path |
scanFile(
$file
)
:
voidGiven a file it will open it's contents and check if it is a PHP file (not safe to just rely on extensions) if it finds
It will also ensure that all files are of valid extension types
| Name | Type | Description |
|---|---|---|
| $file |
scanManifest(
$manifestPath
)
:
voidThis function will scan the Manifest for disabled actions specified in $GLOBALS['sugar_config']['moduleInstaller']['disableActions'] if $GLOBALS['sugar_config']['moduleInstaller']['disableRestrictedCopy'] is set to false or not set it will call on scanCopy to ensure that it is not overriding files
Parameters
| Name | Type | Description |
|---|---|---|
| $manifestPath |
scanPackage(
$path
)
:
voidMain external function that takes in a path to a package and then scans that package's manifest for disabled actions and then it scans the PHP files for restricted function calls
Parameters
| Name | Type | Description |
|---|---|---|
| $path |
sugarFileExists(
$path
)
:
void
Parameters
| Name | Type | Description |
|---|---|---|
| $path |