Stable Release - 1.5.10.1584

* Setup/fix authentication issues

* Should commonize auth checks

* Set static mountd port for NFS

* Should fix issue of isloaded

* Should push the change derp

* Should refine out nfs building

* Should ensure ymls are updated appropriately here

* Should fix upload png/jpg issue

---------

Co-authored-by: JJ Fullmer <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tom Elliott <[email protected]>

lib/common/functions.sh

@@ -1355,6 +1355,29 @@ configureFOGService() {
     startInitScript
 }
 configureNFS() {
+    dots "Setting up NFS configuration file"
+    if [[ -f "/etc/nfs.conf" ]]; then
+        # Fix all set port=20048 back to default values
+        sed -i '/^port=20048/ {s/^port=20048/# port=0/}' /etc/nfs.conf >>$error_log 2>&1
+    fi
+    # set port in nfs.conf.d directory
+    if [[ -f "/etc/nfs.conf" && ! -d "/etc/nfs.conf.d/" ]]; then
+        mkdir /etc/nfs.conf.d
+    elif [[ -f "/usr/etc/nfs.conf" && ! -d "/usr/etc/nfs.conf.d/" ]]; then
+        mkdir /usr/etc/nfs.conf.d
+    fi
+    if [[ -f "/etc/nfs.conf" && ! -f "/etc/nfs.conf.d/fog-nfs.conf" ]]; then
+        cat > /etc/nfs.conf.d/fog-nfs.conf <<EOF
+[mountd]
+port=20048
+EOF
+    elif [[ -f "/usr/etc/nfs.conf" && ! -f "/usr/etc/nfs.conf.d/fog-nfs.conf" ]]; then
+        cat > /usr/etc/nfs.conf.d/fog-nfs.conf <<EOF
+[mountd]
+port=20048
+EOF
+    fi
+    errorStat $?
     dots "Setting up exports file"
     if [[ $blexports != 1 ]]; then
         echo "Skipped"

packages/web/lib/fog/fogbase.class.php

@@ -969,9 +969,8 @@ protected static function arrayFind(
     protected function isLoaded($key)
     {
         $key = $this->key($key);
-        $result = isset($this->isLoaded[$key]) ? $this->isLoaded[$key] : 0;
+        $result = isset($this->isLoaded[$key]) ? true : false;
         $this->isLoaded[$key] = true;
-        ++$this->isLoaded[$key];
 
         return $result ? $result : false;
     }
@@ -2578,4 +2577,22 @@ public static function is_array_of_assoc_arrays($arr) {
         }
         return true;
     }
+    /**
+     * Is Authorized to perform action simplified
+     *
+     * @param $return_bool Defaults to false, but can return bool
+     *
+     * @return void|bool
+     */
+    public static function is_authorized($return_bool = false)
+    {   $authorized = self::$FOGUser->isValid() || 
+            strtolower(($_SERVER['HTTP_X_REQUESTED_WITH'] ?? '')) == 'xmlhttprequest';
+        if ($return_bool) {
+            return $authorized;
+        }
+        if (!$authorized) {
+            echo _('Unauthorized');
+            exit;
+        }
+    }
 }

packages/web/lib/fog/system.class.php

@@ -53,7 +53,7 @@ private static function _versionCompare()
     public function __construct()
     {
         self::_versionCompare();
-        define('FOG_VERSION', '1.5.10.1566');
+        define('FOG_VERSION', '1.5.10.1584');
         define('FOG_SCHEMA', 271);
         define('FOG_BCACHE_VER', 141);
         define('FOG_CLIENT_VERSION', '0.13.0');

packages/web/lib/pages/fogconfigurationpage.class.php

@@ -3061,16 +3061,10 @@ public function settingsPost()
                         'jpeg',
                         'png',
                     ];
-                    $extensionCheck = strtolower(pathinfo($src, PATHINFO_EXTENSION));
-                    if (!in_array($extensionCheck, $validExtensions)) {
-                        throw new Exception(
-                            _('Upload file extension must be, jpg, jpeg, or png')
-                        );
-                    }
                     $extensionCheck = strtolower(pathinfo($set, PATHINFO_EXTENSION));
                     if (!in_array($extensionCheck, $validExtensions)) {
                         throw new Exception(
-                            _('Created file extension must be, jpg, jpeg, or png')
+                            _('Upload file extension must be, jpg, jpeg, or png')
                         );
                     }
                     if ($width != 650) {

packages/web/management/export.php

@@ -20,13 +20,7 @@
  * @link     https://fogproject.org
  */
 require '../commons/base.inc.php';
-$unauthorized = !(isset($currentUser) && $currentUser->isValid()) || empty($_SERVER['HTTP_X_REQUESTED_WITH'])
-    || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest';
-
-if ($unauthorized) {
-    echo _('Unauthorized');
-    exit;
-}
+FOGCore::is_authorized();
 
 $report = unserialize($_SESSION['foglastreport']);
 if (!($report instanceof ReportMaker)) {

packages/web/service/getversion.php

@@ -44,13 +44,7 @@
 } elseif (isset($_REQUEST['url'])) {
 
     // Prevent an unauthenticated user from making arbitrary requests.
-    $unauthorized = !$currentUser->isValid() || empty($_SERVER['HTTP_X_REQUESTED_WITH'])
-        || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest';
-
-    if ($unauthorized) {
-        echo _('Unauthorized');
-        exit;
-    }
+    FOGCore::is_authorized();
 
     $url = $_REQUEST['url'];
     $res = $FOGURLRequests

packages/web/status/getfiles.php

@@ -24,13 +24,7 @@
 require '../commons/base.inc.php';
 
 // Prevent file enumeration by an unauthenticated user
-$unauthorized = !(isset($currentUser) && $currentUser->isValid()) || empty($_SERVER['HTTP_X_REQUESTED_WITH'])
-    || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest';
-
-if ($unauthorized) {
-    echo _('Unauthorized');
-    exit;
-}
+FOGCore::is_authorized();
 
 if (!is_string($_GET['path'])) {
     echo json_encode(

packages/web/status/kernelvers.php

@@ -28,13 +28,7 @@
 if (isset($_POST['url'])) {
 
     // Prevent an unauthenticated user from making arbitrary requests.
-    $unauthorized = !$currentUser->isValid() || empty($_SERVER['HTTP_X_REQUESTED_WITH'])
-        || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest';
-
-    if ($unauthorized) {
-        echo _('Unauthorized');
-        exit;
-    }
+    FOGCore::is_authorized();
 
     $res = $FOGURLRequests
         ->process(filter_input(INPUT_POST, 'url'));