Merge remote-tracking branch 'origin/master' into next

UPGRADE.md

@@ -398,6 +398,12 @@ In this document you will find a changelog of the important changes related to t
 * Enable and disable function of a plugin bootstrap can now return same parameter as install, uninstall.
 * Added automatic APC detection for the general cache.
 
+## 4.3.6
+* Backport ESI security patch from Symfony Upstream (http://symfony.com/blog/cve-2015-2308-esi-code-injection).
+
+## 4.3.5
+* Additional checks for the auto update module in preparation for Shopware 5.
+
 ## 4.3.3
 * The config option `showException` now only applies to frontend errors. Backend errors will always display the exception details.
 * New event `Shopware_Modules_Basket_AddArticle_CheckBasketForArticle` in class sBasket

engine/Shopware/Components/HttpCache/AppCache.php

@@ -24,10 +24,10 @@
 
 namespace Shopware\Components\HttpCache;
 
+use Symfony\Component\HttpKernel\HttpCache\Esi;
 use Symfony\Component\HttpKernel\HttpCache\StoreInterface;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
 use Symfony\Component\HttpKernel\HttpCache\HttpCache;
-use Symfony\Component\HttpKernel\HttpCache\Esi;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 

engine/Shopware/Plugins/Default/Backend/SwagUpdate/Components/Checks/IonCubeLoaderCheck.php

@@ -64,7 +64,7 @@ public function canHandle($requirement)
      */
     public function check($requirement)
     {
-        $requiredVerson = $requirement['value'];
+        $requiredVersion = $requirement['value'];
 
         if (!extension_loaded('ionCube Loader')) {
             return null;
@@ -76,21 +76,21 @@ public function check($requirement)
                 'errorLevel' => $requirement['level'],
                 'message'    => sprintf(
                     $this->namespace->get('controller/check_ioncubeloaderversion_unknown'),
-                    $requiredVerson
+                    $requiredVersion
                 )
             );
         }
 
         $installedVersion = ioncube_loader_version();
 
-        $isValid = version_compare(strtolower($installedVersion), $requiredVerson, '>');
+        $isValid = version_compare(strtolower($installedVersion), $requiredVersion, '>');
         if ($isValid) {
             return array(
                 'type' => self::CHECK_TYPE,
                 'errorLevel' => Validation::REQUIREMENT_VALID,
                 'message'    => sprintf(
                     $this->namespace->get('controller/check_ioncubeloaderversion_success'),
-                    $requiredVerson,
+                    $requiredVersion,
                     $installedVersion
                 )
             );
@@ -100,7 +100,7 @@ public function check($requirement)
                 'errorLevel' => $requirement['level'],
                 'message'    => sprintf(
                     $this->namespace->get('check_ioncubeloaderversion_failure'),
-                    $requiredVerson,
+                    $requiredVersion,
                     $installedVersion
                 )
             );

engine/Shopware/Plugins/Default/Backend/SwagUpdate/Components/Checks/LicenseCheck.php

@@ -0,0 +1,171 @@
+<?php
+/**
+ * Shopware 5
+ * Copyright (c) shopware AG
+ *
+ * According to our dual licensing model, this program can be used either
+ * under the terms of the GNU Affero General Public License, version 3,
+ * or under a proprietary license.
+ *
+ * The texts of the GNU Affero General Public License with an additional
+ * permission and of our proprietary license can be found at and
+ * in the LICENSE file you have received along with this program.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * "Shopware" is a registered trademark of shopware AG.
+ * The licensing of the program under the AGPLv3 does not imply a
+ * trademark license. Therefore any rights, title and interest in
+ * our trademarks remain entirely with us.
+ */
+
+namespace ShopwarePlugins\SwagUpdate\Components\Checks;
+
+use Doctrine\DBAL\Connection;
+use ShopwarePlugins\SwagUpdate\Components\CheckInterface;
+use Enlight_Components_Snippet_Namespace as SnippetNamespace;
+use ShopwarePlugins\SwagUpdate\Components\Validation;
+
+/**
+ * @category  Shopware
+ * @package   ShopwarePlugins\SwagUpdate\Components\Checks
+ * @copyright Copyright (c) shopware AG (http://www.shopware.com)
+ */
+class LicenseCheck implements CheckInterface
+{
+    const CHECK_TYPE = 'licensecheck';
+
+    /**
+     * @var SnippetNamespace
+     */
+    private $namespace;
+
+    /**
+     * @var Connection
+     */
+    private $connection;
+
+    /**
+     * @var string
+     */
+    private $shopwareVersion;
+
+    /**
+     * @var string
+     */
+    private $endpoint;
+
+    /**
+     * @param Connection $connection
+     * @param string $endpoint
+     * @param string $shopwareVersion
+     * @param SnippetNamespace $namespace
+     */
+    public function __construct(Connection $connection, $endpoint, $shopwareVersion, SnippetNamespace $namespace)
+    {
+        $this->connection = $connection;
+        $this->endpoint = $endpoint;
+        $this->shopwareVersion = $shopwareVersion;
+        $this->namespace = $namespace;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function canHandle($requirement)
+    {
+        return $requirement['type'] == self::CHECK_TYPE;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function check($requirement)
+    {
+        $licenseKeys = $requirement['value']['licenseKeys'];
+
+        if (empty($licenseKeys)) {
+            return array(
+                'type' => self::CHECK_TYPE,
+                'errorLevel' => Validation::REQUIREMENT_WARNING,
+                'message' => 'License check requested but no license key provided'
+            );
+        }
+        $licenseData = $this->getLicenseData($licenseKeys);
+
+        if (empty($licenseData)) {
+            return array(
+                'type' => self::CHECK_TYPE,
+                'errorLevel' => Validation::REQUIREMENT_VALID,
+                'message' => $this->namespace->get('controller/check_license_nolicense')
+            );
+        }
+
+        $url = $this->endpoint.'/licenseupgrades/permission';
+        $client = new \Zend_Http_Client(
+            $url, array(
+                'timeout' => 15
+            )
+        );
+
+        foreach ($licenseData as $licenseDatum) {
+            $client->setParameterPost('domain', $licenseDatum['host']);
+            $client->setParameterPost('licenseKey', $licenseDatum['license']);
+            $client->setParameterPost('version', $this->shopwareVersion);
+
+            try {
+                $response = $client->request(\Zend_Http_Client::POST);
+            } catch (\Zend_Http_Client_Exception $e) {
+                // Do not show exception to user if request times out
+                return null;
+            }
+
+            try {
+                $body = $response->getBody();
+                $json = \Zend_Json::decode($body, true);
+            } catch (\Exception $e) {
+                // Do not show exception to user if SBP returns an error
+                return null;
+            }
+
+            if ($json === true) {
+                return array(
+                    'type' => self::CHECK_TYPE,
+                    'errorLevel' => Validation::REQUIREMENT_VALID,
+                    'message' => $this->namespace->get('controller/check_license_success')
+                );
+            }
+        }
+
+        return array(
+            'type' => self::CHECK_TYPE,
+            'errorLevel' => $requirement['level'],
+            'message' => $this->namespace->get('controller/check_license_failure')
+        );
+    }
+
+    /**
+     * Returns existing license data for the provided keys
+     *
+     * @param array $licenseKeys
+     * @return array
+     */
+    private function getLicenseData($licenseKeys)
+    {
+        /** @var \Doctrine\DBAL\Query\QueryBuilder $queryBuilder */
+        $queryBuilder = $this->connection->createQueryBuilder();
+        $queryBuilder->select(array('host', 'license'))
+            ->from('s_core_licenses', 'license')
+            ->where('license.active = 1')
+            ->andWhere('license.module IN (:modules)')
+            ->setParameter(':modules', $licenseKeys, Connection::PARAM_INT_ARRAY);
+
+        $statement = $queryBuilder->execute();
+        $licenseData = $statement->fetchAll();
+
+        return $licenseData;
+    }
+}

engine/Shopware/Plugins/Default/Backend/SwagUpdate/Components/Checks/PHPExtensionCheck.php

@@ -63,18 +63,18 @@ public function canHandle($requirement)
      */
     public function check($requirement)
     {
-        $requiredExtesion = $requirement['value'];
+        $requiredExtension = $requirement['value'];
 
         $successMessage = $this->namespace->get('controller/check_phpextension_success');
         $failMessage = $this->namespace->get('controller/check_phpextension_failure');
 
-        if (extension_loaded($requiredExtesion)) {
+        if (extension_loaded($requiredExtension)) {
             return array(
                 'type' => self::CHECK_TYPE,
                 'errorLevel' => Validation::REQUIREMENT_VALID,
                 'message'    => sprintf(
                     $successMessage,
-                    $requiredExtesion
+                    $requiredExtension
                 )
             );
         } else {
@@ -83,7 +83,7 @@ public function check($requirement)
                 'errorLevel' => $requirement['level'],
                 'message'    => sprintf(
                     $failMessage,
-                    $requiredExtesion
+                    $requiredExtension
                 )
             );
         }

engine/Shopware/Plugins/Default/Backend/SwagUpdate/Controllers/Backend/SwagUpdate.php

@@ -25,6 +25,7 @@
 use Psr\Log\LoggerInterface;
 use Shopware\Components\Random;
 use ShopwarePlugins\SwagUpdate\Components\Checks\IonCubeLoaderCheck;
+use ShopwarePlugins\SwagUpdate\Components\Checks\LicenseCheck;
 use ShopwarePlugins\SwagUpdate\Components\Checks\MySQLVersionCheck;
 use ShopwarePlugins\SwagUpdate\Components\Checks\PHPExtensionCheck;
 use ShopwarePlugins\SwagUpdate\Components\Checks\PHPVersionCheck;
@@ -123,6 +124,7 @@ public function requirementsAction()
             new PHPExtensionCheck($namespace),
             new WritableCheck($fileSystem, $namespace),
             new IonCubeLoaderCheck($namespace),
+            new LicenseCheck($conn, $this->container->getParameter('shopware.store.apiEndpoint'), $this->getShopwareVersion(), $namespace)
         );
         $validation = new Validation($namespace, $checks);
 
@@ -152,7 +154,7 @@ public function pluginsAction()
     /**
      * $this->View()->assign(array(
      *     'success' => false,
-     *     'error' => 'Their are some problems. SORRY!!'
+     *     'error' => 'There are some problems. SORRY!!'
      * ));
      *
      * $this->View()->assign(array(

engine/Shopware/Plugins/Default/Backend/SwagUpdate/Snippets/backend/swag_update/main.ini

@@ -22,6 +22,9 @@ controller/check_ioncubeloaderversion_failure = "Minimum ionCube loader Version:
 controller/check_ioncubeloaderversion_unknown = "ionCube Loader Version could not be detected. Required Version: %s."
 controller/check_phpextension_success = "PHP Extension '%s' loaded."
 controller/check_phpextension_failure = "PHP Extension '%s' not loaded."
+controller/check_license_failure = "No active Shopware subscription could be found for your shop.<br>The automatic update cannot be performed.<br>You can purchase a Shopware Subscription in the <a target="_blank" href="https://account.shopware.com">Shopware account page</a>."
+controller/check_license_success = "You have a valid Shopware subscription."
+controller/check_license_nolicense = "You are using Shopware CE."
 
 ftp/info_text = "The file permissions could not be fixed.<br><br>Please fix all file permission problems in the tab requirements.<br><br>Alternatively fill in your ftp credentials."
 ftp/label_password = "Password"
@@ -84,6 +87,9 @@ controller/check_ioncubeloaderversion_failure = "Erforderliche ionCube Loader Ve
 controller/check_ioncubeloaderversion_unknown = "ionCube Loader Version konnte nicht ermittelt werden. Erforderliche Version %s"
 controller/check_phpextension_success = "PHP Extension '%s' verfügbar."
 controller/check_phpextension_failure = "PHP Extension '%s' nicht verfügbar."
+controller/check_license_failure = "Für ihre eingesetzte Shopware Version konnte keine aktive Software-Subscription ermittelt werden.<br>Das Auto-Update kann aktuell nicht durchgeführt werden.<br>Eine Shopware Software-Subscription können Sie bequem über den <a href=“https://account.shopware.com“ target=“_blank“>Shopware Account buchen.</a>"
+controller/check_license_success = "Aktive Software-Subscription ermittelt"
+controller/check_license_nolicense = "Sie benutzen die Shopware CE."
 
 ftp/info_text = "Die Dateirechte konnten nicht automatisch angepasst werden.<br><br>Bitte lösen Sie alle Dateirechte-Warnungen im Reiter Voraussetzungen (empfohlen). <br><br>Alternativ tragen Sie Ihre FTP Zugangsdaten ein."
 ftp/label_password = "Passwort"

recovery/install/src/Requirements.php

@@ -109,9 +109,9 @@ protected function getRuntimeValue($name)
         } elseif (function_exists($name)) {
             return true;
         } elseif (($value = ini_get($name)) !== null) {
-            if (strtolower($value) == 'off' || $value == 0) {
+            if (strtolower($value) == 'off' || (is_numeric($value) && $value == 0)) {
                 return false;
-            } elseif (strtolower($value) == 'on' || $value == 1) {
+            } elseif (strtolower($value) == 'on' || (is_numeric($value) && $value == 1)) {
                 return true;
             } else {
                 return $value;