1<?php
2
3/**
4 * Information and debugging functions
5 *
6 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
7 * @author     Andreas Gohr <andi@splitbrain.org>
8 */
9
10use dokuwiki\Extension\AuthPlugin;
11use dokuwiki\Extension\Event;
12use dokuwiki\Utf8\PhpString;
13use dokuwiki\Debug\DebugHelper;
14use dokuwiki\HTTP\DokuHTTPClient;
15use dokuwiki\Logger;
16
17if (!defined('DOKU_MESSAGEURL')) {
18    if (in_array('ssl', stream_get_transports())) {
19        define('DOKU_MESSAGEURL', 'https://update.dokuwiki.org/check/');
20    } else {
21        define('DOKU_MESSAGEURL', 'http://update.dokuwiki.org/check/');
22    }
23}
24
25/**
26 * Check for new messages from upstream
27 *
28 * @author Andreas Gohr <andi@splitbrain.org>
29 */
30function checkUpdateMessages()
31{
32    global $conf;
33    global $INFO;
34    global $updateVersion;
35    if (!$conf['updatecheck']) return;
36    if ($conf['useacl'] && !$INFO['ismanager']) return;
37
38    $cf = getCacheName($updateVersion, '.updmsg');
39    $lm = @filemtime($cf);
40    $is_http = !str_starts_with(DOKU_MESSAGEURL, 'https');
41
42    // check if new messages needs to be fetched
43    if ($lm < time() - (60 * 60 * 24) || $lm < @filemtime(DOKU_INC . DOKU_SCRIPT)) {
44        @touch($cf);
45        Logger::debug(
46            sprintf(
47                'checkUpdateMessages(): downloading messages to %s%s',
48                $cf,
49                $is_http ? ' (without SSL)' : ' (with SSL)'
50            )
51        );
52        $http = new DokuHTTPClient();
53        $http->timeout = 12;
54        $resp = $http->get(DOKU_MESSAGEURL . $updateVersion);
55        if (is_string($resp) && ($resp == '' || str_ends_with(trim($resp), '%'))) {
56            // basic sanity check that this is either an empty string response (ie "no messages")
57            // or it looks like one of our messages, not WiFi login or other interposed response
58            io_saveFile($cf, $resp);
59        } else {
60            Logger::debug("checkUpdateMessages(): unexpected HTTP response received", $http->error);
61        }
62    } else {
63        Logger::debug("checkUpdateMessages(): messages up to date");
64    }
65
66    $data = io_readFile($cf);
67    // show messages through the usual message mechanism
68    $msgs = explode("\n%\n", $data);
69    foreach ($msgs as $msg) {
70        if ($msg) msg($msg, 2);
71    }
72}
73
74
75/**
76 * Return DokuWiki's version (split up in date and type)
77 *
78 * @author Andreas Gohr <andi@splitbrain.org>
79 */
80function getVersionData()
81{
82    $version = [];
83    //import version string
84    if (file_exists(DOKU_INC . 'VERSION')) {
85        //official release
86        $version['date'] = trim(io_readFile(DOKU_INC . 'VERSION'));
87        $version['type'] = 'Release';
88    } elseif (is_dir(DOKU_INC . '.git')) {
89        $version['type'] = 'Git';
90        $version['date'] = 'unknown';
91
92        // First try to get date and commit hash by calling Git
93        if (function_exists('shell_exec')) {
94            $commitInfo = shell_exec("git log -1 --pretty=format:'%h %cd' --date=short");
95            if ($commitInfo) {
96                [$version['sha'], $date] = explode(' ', $commitInfo);
97                $version['date'] = hsc($date);
98                return $version;
99            }
100        }
101
102        // we cannot use git on the shell -- let's do it manually!
103        if (file_exists(DOKU_INC . '.git/HEAD')) {
104            $headCommit = trim(file_get_contents(DOKU_INC . '.git/HEAD'));
105            if (strpos($headCommit, 'ref: ') === 0) {
106                // it is something like `ref: refs/heads/master`
107                $headCommit = substr($headCommit, 5);
108                $pathToHead = DOKU_INC . '.git/' . $headCommit;
109                if (file_exists($pathToHead)) {
110                    $headCommit = trim(file_get_contents($pathToHead));
111                } else {
112                    $packedRefs = file_get_contents(DOKU_INC . '.git/packed-refs');
113                    if (!preg_match("~([[:xdigit:]]+) $headCommit~", $packedRefs, $matches)) {
114                        # ref not found in pack file
115                        return $version;
116                    }
117                    $headCommit = $matches[1];
118                }
119            }
120            // At this point $headCommit is a SHA
121            $version['sha'] = $headCommit;
122
123            // Get commit date from Git object
124            $subDir = substr($headCommit, 0, 2);
125            $fileName = substr($headCommit, 2);
126            $gitCommitObject = DOKU_INC . ".git/objects/$subDir/$fileName";
127            if (file_exists($gitCommitObject) && function_exists('zlib_decode')) {
128                $commit = zlib_decode(file_get_contents($gitCommitObject));
129                $committerLine = explode("\n", $commit)[3];
130                $committerData = explode(' ', $committerLine);
131                end($committerData);
132                $ts = prev($committerData);
133                if ($ts && $date = date('Y-m-d', $ts)) {
134                    $version['date'] = $date;
135                }
136            }
137        }
138    } else {
139        global $updateVersion;
140        $version['date'] = 'update version ' . $updateVersion;
141        $version['type'] = 'snapshot?';
142    }
143    return $version;
144}
145
146/**
147 * Return DokuWiki's version
148 *
149 * This returns the version in the form "Type Date (SHA)". Where type is either
150 * "Release" or "Git" and date is the date of the release or the date of the
151 * last commit. SHA is the short SHA of the last commit - this is only added on
152 * git checkouts.
153 *
154 * If no version can be determined "snapshot? update version XX" is returned.
155 * Where XX represents the update version number set in doku.php.
156 *
157 * @author Anika Henke <anika@selfthinker.org>
158 * @return string The version string e.g. "Release 2023-04-04a"
159 */
160function getVersion()
161{
162    $version = getVersionData();
163    $sha = empty($version['sha']) ? '' : ' (' . $version['sha'] . ')';
164    return $version['type'] . ' ' . $version['date'] . $sha;
165}
166
167/**
168 * Run a few sanity checks
169 *
170 * @author Andreas Gohr <andi@splitbrain.org>
171 */
172function check()
173{
174    global $conf;
175    global $INFO;
176    /* @var Input $INPUT */
177    global $INPUT;
178
179    if ($INFO['isadmin'] || $INFO['ismanager']) {
180        msg('DokuWiki version: ' . getVersion(), 1);
181        if (version_compare(phpversion(), '7.4.0', '<')) {
182            msg('Your PHP version is too old (' . phpversion() . ' vs. 7.4+ needed)', -1);
183        } else {
184            msg('PHP version ' . phpversion(), 1);
185        }
186    } elseif (version_compare(phpversion(), '7.4.0', '<')) {
187        msg('Your PHP version is too old', -1);
188    }
189
190    $mem = php_to_byte(ini_get('memory_limit'));
191    if ($mem) {
192        if ($mem === -1) {
193            msg('PHP memory is unlimited', 1);
194        } elseif ($mem < 16_777_216) {
195            msg('PHP is limited to less than 16MB RAM (' . filesize_h($mem) . ').
196            Increase memory_limit in php.ini', -1);
197        } elseif ($mem < 20_971_520) {
198            msg('PHP is limited to less than 20MB RAM (' . filesize_h($mem) . '),
199                you might encounter problems with bigger pages. Increase memory_limit in php.ini', -1);
200        } elseif ($mem < 33_554_432) {
201            msg('PHP is limited to less than 32MB RAM (' . filesize_h($mem) . '),
202                but that should be enough in most cases. If not, increase memory_limit in php.ini', 0);
203        } else {
204            msg('More than 32MB RAM (' . filesize_h($mem) . ') available.', 1);
205        }
206    }
207
208    if (is_writable($conf['changelog'])) {
209        msg('Changelog is writable', 1);
210    } elseif (file_exists($conf['changelog'])) {
211        msg('Changelog is not writable', -1);
212    }
213
214    if (isset($conf['changelog_old']) && file_exists($conf['changelog_old'])) {
215        msg('Old changelog exists', 0);
216    }
217
218    if (file_exists($conf['changelog'] . '_failed')) {
219        msg('Importing old changelog failed', -1);
220    } elseif (file_exists($conf['changelog'] . '_importing')) {
221        msg('Importing old changelog now.', 0);
222    } elseif (file_exists($conf['changelog'] . '_import_ok')) {
223        msg('Old changelog imported', 1);
224        if (!plugin_isdisabled('importoldchangelog')) {
225            msg('Importoldchangelog plugin not disabled after import', -1);
226        }
227    }
228
229    if (is_writable(DOKU_CONF)) {
230        msg('conf directory is writable', 1);
231    } else {
232        msg('conf directory is not writable', -1);
233    }
234
235    if ($conf['authtype'] == 'plain') {
236        global $config_cascade;
237        if (is_writable($config_cascade['plainauth.users']['default'])) {
238            msg('conf/users.auth.php is writable', 1);
239        } else {
240            msg('conf/users.auth.php is not writable', 0);
241        }
242    }
243
244    if (function_exists('mb_strpos')) {
245        if (defined('UTF8_NOMBSTRING')) {
246            msg('mb_string extension is available but will not be used', 0);
247        } else {
248            msg('mb_string extension is available and will be used', 1);
249            if (ini_get('mbstring.func_overload') != 0) {
250                msg('mb_string function overloading is enabled, this will cause problems and should be disabled', -1);
251            }
252        }
253    } else {
254        msg('mb_string extension not available - PHP only replacements will be used', 0);
255    }
256
257    if (!UTF8_PREGSUPPORT) {
258        msg('PHP is missing UTF-8 support in Perl-Compatible Regular Expressions (PCRE)', -1);
259    }
260    if (!UTF8_PROPERTYSUPPORT) {
261        msg('PHP is missing Unicode properties support in Perl-Compatible Regular Expressions (PCRE)', -1);
262    }
263
264    $loc = setlocale(LC_ALL, 0);
265    if (!$loc) {
266        msg('No valid locale is set for your PHP setup. You should fix this', -1);
267    } elseif (stripos($loc, 'utf') === false) {
268        msg('Your locale <code>' . hsc($loc) . '</code> seems not to be a UTF-8 locale,
269             you should fix this if you encounter problems.', 0);
270    } else {
271        msg('Valid locale ' . hsc($loc) . ' found.', 1);
272    }
273
274    if ($conf['allowdebug']) {
275        msg('Debugging support is enabled. If you don\'t need it you should set $conf[\'allowdebug\'] = 0', -1);
276    } else {
277        msg('Debugging support is disabled', 1);
278    }
279
280    if (!empty($INFO['userinfo']['name'])) {
281        msg(sprintf(
282            "You are currently logged in as %s (%s)",
283            $INPUT->server->str('REMOTE_USER'),
284            $INFO['userinfo']['name']
285        ), 0);
286        msg('You are part of the groups ' . implode(', ', $INFO['userinfo']['grps']), 0);
287    } else {
288        msg('You are currently not logged in', 0);
289    }
290
291    msg('Your current permission for this page is ' . $INFO['perm'], 0);
292
293    if (file_exists($INFO['filepath']) && is_writable($INFO['filepath'])) {
294        msg('The current page is writable by the webserver', 1);
295    } elseif (!file_exists($INFO['filepath']) && is_writable(dirname($INFO['filepath']))) {
296        msg('The current page can be created by the webserver', 1);
297    } else {
298        msg('The current page is not writable by the webserver', -1);
299    }
300
301    if ($INFO['writable']) {
302        msg('The current page is writable by you', 1);
303    } else {
304        msg('The current page is not writable by you', -1);
305    }
306
307    // Check for corrupted search index
308    $lengths = idx_listIndexLengths();
309    $index_corrupted = false;
310    foreach ($lengths as $length) {
311        if (count(idx_getIndex('w', $length)) !== count(idx_getIndex('i', $length))) {
312            $index_corrupted = true;
313            break;
314        }
315    }
316
317    foreach (idx_getIndex('metadata', '') as $index) {
318        if (count(idx_getIndex($index . '_w', '')) !== count(idx_getIndex($index . '_i', ''))) {
319            $index_corrupted = true;
320            break;
321        }
322    }
323
324    if ($index_corrupted) {
325        msg(
326            'The search index is corrupted. It might produce wrong results and most
327                probably needs to be rebuilt. See
328                <a href="https://www.dokuwiki.org/faq:searchindex">faq:searchindex</a>
329                for ways to rebuild the search index.',
330            -1
331        );
332    } elseif (!empty($lengths)) {
333        msg('The search index seems to be working', 1);
334    } else {
335        msg(
336            'The search index is empty. See
337                <a href="https://www.dokuwiki.org/faq:searchindex">faq:searchindex</a>
338                for help on how to fix the search index. If the default indexer
339                isn\'t used or the wiki is actually empty this is normal.'
340        );
341    }
342
343    // rough time check
344    $http = new DokuHTTPClient();
345    $http->max_redirect = 0;
346    $http->timeout = 3;
347    $http->sendRequest('https://www.dokuwiki.org', '', 'HEAD');
348    $now = time();
349    if (isset($http->resp_headers['date'])) {
350        $time = strtotime($http->resp_headers['date']);
351        $diff = $time - $now;
352
353        if (abs($diff) < 4) {
354            msg("Server time seems to be okay. Diff: {$diff}s", 1);
355        } else {
356            msg("Your server's clock seems to be out of sync!
357                 Consider configuring a sync with a NTP server.  Diff: {$diff}s");
358        }
359    }
360}
361
362/**
363 * Display a message to the user
364 *
365 * If HTTP headers were not sent yet the message is added
366 * to the global message array else it's printed directly
367 * using html_msgarea()
368 *
369 * Triggers INFOUTIL_MSG_SHOW
370 *
371 * @param string $message
372 * @param int $lvl -1 = error, 0 = info, 1 = success, 2 = notify
373 * @param string $line line number
374 * @param string $file file number
375 * @param int $allow who's allowed to see the message, see MSG_* constants
376 * @see html_msgarea()
377 */
378function msg($message, $lvl = 0, $line = '', $file = '', $allow = MSG_PUBLIC)
379{
380    global $MSG, $MSG_shown;
381    static $errors = [
382        -1 => 'error',
383        0 => 'info',
384        1 => 'success',
385        2 => 'notify',
386    ];
387
388    $msgdata = [
389        'msg' => $message,
390        'lvl' => $errors[$lvl],
391        'allow' => $allow,
392        'line' => $line,
393        'file' => $file,
394    ];
395
396    $evt = new Event('INFOUTIL_MSG_SHOW', $msgdata);
397    if ($evt->advise_before()) {
398        /* Show msg normally - event could suppress message show */
399        if ($msgdata['line'] || $msgdata['file']) {
400            $basename = PhpString::basename($msgdata['file']);
401            $msgdata['msg'] .= ' [' . $basename . ':' . $msgdata['line'] . ']';
402        }
403
404        if (!isset($MSG)) $MSG = [];
405        $MSG[] = $msgdata;
406        if (isset($MSG_shown) || headers_sent()) {
407            if (function_exists('html_msgarea')) {
408                html_msgarea();
409            } else {
410                echo "ERROR(" . $msgdata['lvl'] . ") " . $msgdata['msg'] . "\n";
411            }
412            unset($GLOBALS['MSG']);
413        }
414    }
415    $evt->advise_after();
416    unset($evt);
417}
418
419/**
420 * Determine whether the current user is allowed to view the message
421 * in the $msg data structure
422 *
423 * @param array $msg dokuwiki msg structure:
424 *              msg   => string, the message;
425 *              lvl   => int, level of the message (see msg() function);
426 *              allow => int, flag used to determine who is allowed to see the message, see MSG_* constants
427 * @return bool
428 */
429function info_msg_allowed($msg)
430{
431    global $INFO, $auth;
432
433    // is the message public? - everyone and anyone can see it
434    if (empty($msg['allow']) || ($msg['allow'] == MSG_PUBLIC)) return true;
435
436    // restricted msg, but no authentication
437    if (!$auth instanceof AuthPlugin) return false;
438
439    switch ($msg['allow']) {
440        case MSG_USERS_ONLY:
441            return !empty($INFO['userinfo']);
442
443        case MSG_MANAGERS_ONLY:
444            return $INFO['ismanager'];
445
446        case MSG_ADMINS_ONLY:
447            return $INFO['isadmin'];
448
449        default:
450            trigger_error(
451                'invalid msg allow restriction.  msg="' . $msg['msg'] . '" allow=' . $msg['allow'] . '"',
452                E_USER_WARNING
453            );
454            return $INFO['isadmin'];
455    }
456}
457
458/**
459 * print debug messages
460 *
461 * little function to print the content of a var
462 *
463 * @param string $msg
464 * @param bool $hidden
465 *
466 * @author Andreas Gohr <andi@splitbrain.org>
467 */
468function dbg($msg, $hidden = false)
469{
470    if ($hidden) {
471        echo "<!--\n";
472        print_r($msg);
473        echo "\n-->";
474    } else {
475        echo '<pre class="dbg">';
476        echo hsc(print_r($msg, true));
477        echo '</pre>';
478    }
479}
480
481/**
482 * Print info to debug log file
483 *
484 * @param string $msg
485 * @param string $header
486 *
487 * @author Andreas Gohr <andi@splitbrain.org>
488 * @deprecated 2020-08-13
489 */
490function dbglog($msg, $header = '')
491{
492    dbg_deprecated('\\dokuwiki\\Logger');
493
494    // was the msg as single line string? use it as header
495    if ($header === '' && is_string($msg) && strpos($msg, "\n") === false) {
496        $header = $msg;
497        $msg = '';
498    }
499
500    Logger::getInstance(Logger::LOG_DEBUG)->log(
501        $header,
502        $msg
503    );
504}
505
506/**
507 * Log accesses to deprecated fucntions to the debug log
508 *
509 * @param string $alternative The function or method that should be used instead
510 * @triggers INFO_DEPRECATION_LOG
511 */
512function dbg_deprecated($alternative = '')
513{
514    DebugHelper::dbgDeprecatedFunction($alternative, 2);
515}
516
517/**
518 * Print a reversed, prettyprinted backtrace
519 *
520 * @author Gary Owen <gary_owen@bigfoot.com>
521 */
522function dbg_backtrace()
523{
524    // Get backtrace
525    $backtrace = debug_backtrace();
526
527    // Unset call to debug_print_backtrace
528    array_shift($backtrace);
529
530    // Iterate backtrace
531    $calls = [];
532    $depth = count($backtrace) - 1;
533    foreach ($backtrace as $i => $call) {
534        if (isset($call['file'])) {
535            $location = $call['file'] . ':' . ($call['line'] ?? '0');
536        } else {
537            $location = '[anonymous]';
538        }
539        if (isset($call['class'])) {
540            $function = $call['class'] . $call['type'] . $call['function'];
541        } else {
542            $function = $call['function'];
543        }
544
545        $params = [];
546        if (isset($call['args'])) {
547            foreach ($call['args'] as $arg) {
548                if (is_object($arg)) {
549                    $params[] = '[Object ' . get_class($arg) . ']';
550                } elseif (is_array($arg)) {
551                    $params[] = '[Array]';
552                } elseif (is_null($arg)) {
553                    $params[] = '[NULL]';
554                } else {
555                    $params[] = '"' . $arg . '"';
556                }
557            }
558        }
559        $params = implode(', ', $params);
560
561        $calls[$depth - $i] = sprintf(
562            '%s(%s) called at %s',
563            $function,
564            str_replace("\n", '\n', $params),
565            $location
566        );
567    }
568    ksort($calls);
569
570    return implode("\n", $calls);
571}
572
573/**
574 * Remove all data from an array where the key seems to point to sensitive data
575 *
576 * This is used to remove passwords, mail addresses and similar data from the
577 * debug output
578 *
579 * @param array $data
580 *
581 * @author Andreas Gohr <andi@splitbrain.org>
582 */
583function debug_guard(&$data)
584{
585    foreach ($data as $key => $value) {
586        if (preg_match('/(notify|pass|auth|secret|ftp|userinfo|token|buid|mail|proxy)/i', $key)) {
587            $data[$key] = '***';
588            continue;
589        }
590        if (is_array($value)) debug_guard($data[$key]);
591    }
592}
593