Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ensure reserved environment names aren't changed, fix undefined variable, ref #412

Browse source
This commit is contained in:
Dane Everitt 2017-05-01 17:01:46 -04:00
parent 5545075302
commit 43df6533b0
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 37 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
app/Models/ServiceVariable.php
View file

@ -53,6 +53,30 @@ class ServiceVariable extends Model
'user_editable' => 'integer', 'user_editable' => 'integer',
]; ];
/**
* Reserved environment variable names.
*
* @var array
*/
protected static $reservedNames = [
'SERVER_MEMORY',
'SERVER_IP',
'SERVER_PORT',
'ENV',
'HOME',
'USER',
];
/**
* Returns an array of environment variable names that cannot be used.
*
* @return array
*/
public static function reservedNames()
{
return self::$reservedNames;
}
/** /**
* Returns the display executable for the option and will use the parent * Returns the display executable for the option and will use the parent
* service one if the option does not have one defined. * service one if the option does not have one defined.

21
app/Repositories/VariableRepository.php
View file

@ -53,12 +53,11 @@ class VariableRepository
'env_variable' => 'required|regex:/^[\w]{1,255}$/', 'env_variable' => 'required|regex:/^[\w]{1,255}$/',
'default_value' => 'string', 'default_value' => 'string',
'options' => 'sometimes|required|array', 'options' => 'sometimes|required|array',
'rules' => 'bail|required|string|min:1', 'rules' => 'bail|required|string',
]); ]);
// Ensure the default value is allowed by the rules provided. // Ensure the default value is allowed by the rules provided.
$rules = (isset($data['rules'])) ? $data['rules'] : $variable->rules; $validator->sometimes('default_value', $data['rules'] ?? null, function ($input) {
$validator->sometimes('default_value', $rules, function ($input) {
return $input->default_value; return $input->default_value;
}); });
@ -66,11 +65,13 @@ class VariableRepository
throw new DisplayValidationException(json_encode($validator->errors())); throw new DisplayValidationException(json_encode($validator->errors()));
} }
if (isset($data['env_variable'])) { if (in_array($data['env_variable'], ServiceVariable::reservedNames())) {
$search = ServiceVariable::where('env_variable', $data['env_variable'])->where('option_id', $option->id); throw new DisplayException('The environment variable name provided is a reserved keyword for the daemon.');
if ($search->first()) { }
throw new DisplayException('The envionment variable name assigned to this variable must be unique for this service option.');
} $search = ServiceVariable::where('env_variable', $data['env_variable'])->where('option_id', $option->id);
if ($search->first()) {
throw new DisplayException('The envionment variable name assigned to this variable must be unique for this service option.');
} }
if (! isset($data['options']) || ! is_array($data['options'])) { if (! isset($data['options']) || ! is_array($data['options'])) {
@ -141,6 +142,10 @@ class VariableRepository
} }
if (isset($data['env_variable'])) { if (isset($data['env_variable'])) {
if (in_array($data['env_variable'], ServiceVariable::reservedNames())) {
throw new DisplayException('The environment variable name provided is a reserved keyword for the daemon.');
}
$search = ServiceVariable::where('env_variable', $data['env_variable']) $search = ServiceVariable::where('env_variable', $data['env_variable'])
->where('option_id', $variable->option_id) ->where('option_id', $variable->option_id)
->where('id', '!=', $variable->id); ->where('id', '!=', $variable->id);