Proyectos de Subversion Moodle

Rev

| Ultima modificación | Ver Log |

Rev Autor Línea Nro. Línea
1 efrain 1
<?php
2
// This file is part of Moodle - http://moodle.org/
3
//
4
// Moodle is free software: you can redistribute it and/or modify
5
// it under the terms of the GNU General Public License as published by
6
// the Free Software Foundation, either version 3 of the License, or
7
// (at your option) any later version.
8
//
9
// Moodle is distributed in the hope that it will be useful,
10
// but WITHOUT ANY WARRANTY; without even the implied warranty of
11
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12
// GNU General Public License for more details.
13
//
14
// You should have received a copy of the GNU General Public License
15
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
16
 
17
/**
18
 * url_finder class definition.
19
 *
20
 * @package    tool_httpsreplace
21
 * @copyright Copyright (c) 2016 Blackboard Inc. (http://www.blackboard.com)
22
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23
 */
24
 
25
namespace tool_httpsreplace;
26
 
27
use database_column_info;
28
use progress_bar;
29
 
30
defined('MOODLE_INTERNAL') || die();
31
 
32
/**
33
 * Examines DB for non-https src or data links
34
 *
35
 * @package tool_httpsreplace
36
 * @copyright Copyright (c) 2016 Blackboard Inc. (http://www.blackboard.com)
37
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
38
 */
39
class url_finder {
40
 
41
    /**
42
     * Returns a hash of what hosts are referred to over http and would need to be changed.
43
     *
44
     * @param progress_bar $progress Progress bar keeping track of this process.
45
     * @return array Hash of domains with number of references as the value.
46
     */
47
    public function http_link_stats($progress = null) {
48
        return $this->process(false, $progress);
49
    }
50
 
51
    /**
52
     * Changes all resources referred to over http to https.
53
     *
54
     * @param progress_bar $progress Progress bar keeping track of this process.
55
     * @return bool True upon success
56
     */
57
    public function upgrade_http_links($progress = null) {
58
        return $this->process(true, $progress);
59
    }
60
 
61
    /**
62
     * Replace http domains with https equivalent, with two types of exceptions
63
     * for less straightforward swaps.
64
     *
65
     * @param string $table
66
     * @param database_column_info $column
67
     * @param string $domain
68
     * @param string $search search string that has prefix, protocol, domain name and one extra character,
69
     *      example1: src="http://host.com/
70
     *      example2: DATA="HTTP://MYDOMAIN.EDU"
71
     *      example3: src="HTTP://hello.world?
72
     * @return void
73
     */
74
    protected function domain_swap($table, $column, $domain, $search) {
75
        global $DB;
76
 
77
        $renames = json_decode(get_config('tool_httpsreplace', 'renames'), true);
78
 
79
        if (isset($renames[$domain])) {
80
            $replace = preg_replace('|http://'.preg_quote($domain).'|i', 'https://' . $renames[$domain], $search);
81
        } else {
82
            $replace = preg_replace('|http://|i', 'https://', $search);
83
        }
84
        $DB->set_debug(true);
85
        $DB->replace_all_text($table, $column, $search, $replace);
86
        $DB->set_debug(false);
87
    }
88
 
89
    /**
90
     * Returns SQL to be used to match embedded http links in the given column
91
     *
92
     * @param string $columnname name of the column (ready to be used in the SQL query)
93
     * @return array
94
     */
95
    protected function get_select_search_in_column($columnname) {
96
        global $DB;
97
 
98
        if ($DB->sql_regex_supported()) {
99
            // Database supports regex, use it for better match.
100
            $select = $columnname . ' ' . $DB->sql_regex() . ' ?';
101
            $params = ["(src|data)\ *=\ *[\\\"\']http://"];
102
        } else {
103
            // Databases without regex support should use case-insensitive LIKE.
104
            // This will have false positive matches and more results than we need, we'll have to filter them in php.
105
            $select = $DB->sql_like($columnname, '?', false);
106
            $params = ['%=%http://%'];
107
        }
108
 
109
        return [$select, $params];
110
    }
111
 
112
    /**
113
     * Originally forked from core function db_search().
114
     * @param bool $replacing Whether or not to replace the found urls.
115
     * @param progress_bar $progress Progress bar keeping track of this process.
116
     * @return bool|array If $replacing, return true on success. If not, return hash of http urls to number of times used.
117
     */
118
    protected function process($replacing = false, $progress = null) {
119
        global $DB, $CFG;
120
 
121
        require_once($CFG->libdir.'/filelib.php');
122
 
123
        // TODO: block_instances have HTML content as base64, need to decode then
124
        // search, currently just skipped. See MDL-60024.
125
        $skiptables = array(
126
            'block_instances',
127
            'config',
128
            'config_log',
129
            'config_plugins',
130
            'events_queue',
131
            'files',
132
            'filter_config',
133
            'grade_grades_history',
134
            'grade_items_history',
135
            'log',
136
            'logstore_standard_log',
137
            'repository_instance_config',
138
            'sessions',
139
            'upgrade_log',
140
            'grade_categories_history',
141
            '',
142
        );
143
 
144
        // Turn off time limits.
145
        \core_php_time_limit::raise();
146
        if (!$tables = $DB->get_tables() ) {    // No tables yet at all.
147
            return false;
148
        }
149
 
150
        $urls = array();
151
        sort($tables); // Make it easier to see progress because they are ordered.
152
        $numberoftables = count($tables);
153
        $tablenumber = 0;
154
        sort($tables);
155
        foreach ($tables as $table) {
156
            if ($progress) {
157
                $progress->update($tablenumber, $numberoftables, get_string('searching', 'tool_httpsreplace', $table));
158
                $tablenumber++;
159
            }
160
            if (in_array($table, $skiptables)) {
161
                continue;
162
            }
163
            if ($columns = $DB->get_columns($table)) {
164
                foreach ($columns as $column) {
165
 
166
                    // Only convert columns that are either text or long varchar.
167
                    if ($column->meta_type == 'X' || ($column->meta_type == 'C' && $column->max_length > 255)) {
168
                        $columnname = $column->name;
169
                        $columnnamequoted = $DB->get_manager()->generator->getEncQuoted($columnname);
170
                        list($select, $params) = $this->get_select_search_in_column($columnnamequoted);
171
                        $rs = $DB->get_recordset_select($table, $select, $params, '', $columnnamequoted);
172
 
173
                        $found = array();
174
                        foreach ($rs as $record) {
175
                            // Regex to match src=http://etc. and data=http://etc.urls.
176
                            // Standard warning on expecting regex to perfectly parse HTML
177
                            // read http://stackoverflow.com/a/1732454 for more info.
178
                            $regex = '#((src|data)\ *=\ *[\'\"])(http://)([^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|/)))[\'\"]#i';
179
                            preg_match_all($regex, $record->$columnname, $match);
180
                            foreach ($match[0] as $i => $fullmatch) {
181
                                if (\core_text::strpos($fullmatch, $CFG->wwwroot) !== false) {
182
                                    continue;
183
                                }
184
                                $prefix = $match[1][$i];
185
                                $protocol = $match[3][$i];
186
                                $url = $protocol . $match[4][$i];
187
                                $host = \core_text::strtolower(parse_url($url, PHP_URL_HOST));
188
                                if (empty($host)) {
189
                                    continue;
190
                                }
191
                                if ($replacing) {
192
                                    // For replace string use: prefix, protocol, host and one extra character.
193
                                    $found[$prefix . \core_text::substr($url, 0, \core_text::strlen($host) + 8)] = $host;
194
                                } else {
195
                                    $entry["table"] = $table;
196
                                    $entry["columnname"] = $columnname;
197
                                    $entry["url"] = $url;
198
                                    $entry["host"] = $host;
199
                                    $entry["raw"] = $record->$columnname;
200
                                    $entry["ssl"] = '';
201
                                    $urls[] = $entry;
202
                                }
203
                            }
204
                        }
205
                        $rs->close();
206
 
207
                        if ($replacing) {
208
                            foreach ($found as $search => $domain) {
209
                                $this->domain_swap($table, $column, $domain, $search);
210
                            }
211
                        }
212
                    }
213
                }
214
            }
215
        }
216
 
217
        if ($replacing) {
218
            rebuild_course_cache(0, true);
219
            purge_all_caches();
220
            return true;
221
        }
222
 
223
        $domains = array_map(function ($i) {
224
            return $i['host'];
225
        }, $urls);
226
 
227
        $uniquedomains = array_unique($domains);
228
 
229
        $sslfailures = array();
230
 
231
        foreach ($uniquedomains as $domain) {
232
            if (!$this->check_domain_availability("https://$domain/")) {
233
                $sslfailures[] = $domain;
234
            }
235
        }
236
 
237
        $results = array();
238
        foreach ($urls as $url) {
239
            $host = $url['host'];
240
            foreach ($sslfailures as $badhost) {
241
                if ($host == $badhost) {
242
                    if (!isset($results[$host])) {
243
                        $results[$host] = 1;
244
                    } else {
245
                        $results[$host]++;
246
                    }
247
                }
248
            }
249
        }
250
        return $results;
251
    }
252
 
253
    /**
254
     * Check if url is available (GET request returns 200)
255
     *
256
     * @param string $url
257
     * @return bool
258
     */
259
    protected function check_domain_availability($url) {
260
        $curl = new \curl();
261
        $curl->head($url);
262
        $info = $curl->get_info();
263
        return !empty($info['http_code']) && $info['http_code'] == 200;
264
    }
265
}