1<?php 2// checkupdates.php -- HotCRP update checker helper 3// Copyright (c) 2006-2018 Eddie Kohler; see LICENSE. 4 5require_once("src/initweb.php"); 6header("Content-Type: " . ($Qreq->text ? "text/plain" : "application/json")); 7 8if ($Me->privChair && $Qreq->post_ok() && isset($Qreq->ignore)) { 9 $when = time() + 86400 * 2; 10 $Conf->qe("insert into Settings (name, value) values (?, ?) on duplicate key update value=?", "ignoreupdate_" . $Qreq->ignore, $when, $when); 11} 12 13$messages = array(); 14if ($Me->privChair 15 && isset($Qreq->data) 16 && ($data = json_decode($Qreq->data, true)) 17 && isset($data["updates"]) 18 && is_array($data["updates"])) { 19 foreach ($data["updates"] as $update) { 20 $ok = true; 21 if (isset($update["opt"]) && is_array($update["opt"])) 22 foreach ($update["opt"] as $k => $v) { 23 $kk = ($k[0] == "-" ? substr($k, 1) : $k); 24 $test = $Conf->opt($kk, null) == $v; 25 $ok = $ok && ($k[0] == "-" ? !$test : $test); 26 } 27 if (isset($update["settings"]) && is_array($update["settings"])) 28 foreach ($update["settings"] as $k => $v) { 29 if (preg_match('/\A([!<>]?)(-?\d+|now)\z/', $v, $m)) { 30 $setting = $Conf->setting($k, 0); 31 if ($m[2] == "now") 32 $m[2] = time(); 33 if ($m[1] == "!") 34 $test = $setting != +$m[2]; 35 else if ($m[1] == ">") 36 $test = $setting > +$m[2]; 37 else if ($m[1] == "<") 38 $test = $setting < +$m[2]; 39 else 40 $test = $setting == +$m[2]; 41 $ok = $ok && $test; 42 } 43 } 44 $errid = isset($update["errid"]) && ctype_alnum("" . $update["errid"]) ? $update["errid"] : false; 45 if ($errid && $Conf->setting("ignoreupdate_$errid", 0) > time()) 46 $ok = false; 47 if ($ok) { 48 $m = "<div class='msg msg-error'"; 49 if ($errid) 50 $m .= " id='softwareupdate_$errid'"; 51 $m .= " style='font-size:smaller'><div class='dod'><strong>WARNING: Upgrade your HotCRP installation.</strong>"; 52 if (isset($update["vulnid"]) && is_numeric($update["vulnid"])) 53 $m .= " (HotCRP-Vulnerability-" . $update["vulnid"] . ")"; 54 $m .= "</div>"; 55 if (isset($update["message"]) && is_string($update["message"])) 56 $m .= "<div class='bigid'>" . CleanHTML::clean($update["message"], $error) . "</div>"; 57 if (isset($update["to"]) && is_string($update["to"])) { 58 $m .= "<div class='bigid'>First unaffected commit: " . htmlspecialchars($update["to"]); 59 if ($errid) 60 $m .= ' <span class="barsep">·</span> ' 61 . '<a class="ui js-check-version-ignore" href="" data-version-id="' . $errid . '">Ignore for two days</a>'; 62 $m .= "</div>"; 63 } 64 $messages[] = $m . "</div>\n"; 65 $_SESSION["updatecheck"] = 0; 66 } 67 } 68} 69 70json_exit($messages ? ["ok" => true] : ["ok" => true, "messages" => join("", $messages)]); 71