namespace Friendica\Core;
-use Friendica\Core\System;
+use Friendica\BaseObject;
+use Friendica\Model\Profile;
+use Friendica\Util\Strings;
require_once 'boot.php';
*/
class Theme
{
+ public static function getAllowedList()
+ {
+ $allowed_themes_str = Config::get('system', 'allowed_themes');
+ $allowed_themes_raw = explode(',', str_replace(' ', '', $allowed_themes_str));
+ $allowed_themes = [];
+ if (count($allowed_themes_raw)) {
+ foreach ($allowed_themes_raw as $theme) {
+ $theme = Strings::sanitizeFilePathItem(trim($theme));
+ if (strlen($theme) && is_dir("view/theme/$theme")) {
+ $allowed_themes[] = $theme;
+ }
+ }
+ }
+
+ return $allowed_themes;
+ }
+
+ public static function setAllowedList(array $allowed_themes)
+ {
+ Config::set('system', 'allowed_themes', implode(',', $allowed_themes));
+ }
+
/**
* @brief Parse theme comment in search of theme infos.
*
*/
public static function getInfo($theme)
{
+ $theme = Strings::sanitizeFilePathItem($theme);
+
$info = [
'name' => $theme,
'description' => "",
return $info;
}
- $a = get_app();
+ $a = \get_app();
$stamp1 = microtime(true);
$theme_file = file_get_contents("view/theme/$theme/theme.php");
- $a->save_timestamp($stamp1, "file");
+ $a->getProfiler()->saveTimestamp($stamp1, "file", System::callstack());
$result = preg_match("|/\*.*\*/|msU", $theme_file, $matches);
*
* The screenshot is expected as view/theme/$theme/screenshot.[png|jpg].
*
- * @param sring $theme The name of the theme
+ * @param string $theme The name of the theme
* @return string
+ * @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
public static function getScreenshot($theme)
{
+ $theme = Strings::sanitizeFilePathItem($theme);
+
$exts = ['.png', '.jpg'];
foreach ($exts as $ext) {
if (file_exists('view/theme/' . $theme . '/screenshot' . $ext)) {
- return(System::baseUrl() . '/view/theme/' . $theme . '/screenshot' . $ext);
+ return System::baseUrl() . '/view/theme/' . $theme . '/screenshot' . $ext;
}
}
- return(System::baseUrl() . '/images/blank.png');
+ return System::baseUrl() . '/images/blank.png';
}
- // install and uninstall theme
public static function uninstall($theme)
{
- logger("Addons: uninstalling theme " . $theme);
+ $theme = Strings::sanitizeFilePathItem($theme);
+
+ // silently fail if theme was removed or if $theme is funky
+ if (file_exists("view/theme/$theme/theme.php")) {
+ include_once "view/theme/$theme/theme.php";
- include_once "view/theme/$theme/theme.php";
- if (function_exists("{$theme}_uninstall")) {
$func = "{$theme}_uninstall";
- $func();
+ if (function_exists($func)) {
+ $func();
+ }
+ }
+
+ $allowed_themes = Theme::getAllowedList();
+ $key = array_search($theme, $allowed_themes);
+ if ($key !== false) {
+ unset($allowed_themes[$key]);
+ Theme::setAllowedList($allowed_themes);
}
}
public static function install($theme)
{
- // silently fail if theme was removed
+ $theme = Strings::sanitizeFilePathItem($theme);
+ // silently fail if theme was removed or if $theme is funky
if (!file_exists("view/theme/$theme/theme.php")) {
return false;
}
- logger("Addons: installing theme $theme");
-
- include_once "view/theme/$theme/theme.php";
+ try {
+ include_once "view/theme/$theme/theme.php";
- if (function_exists("{$theme}_install")) {
$func = "{$theme}_install";
- $func();
+ if (function_exists($func)) {
+ $func();
+ }
+
+ $allowed_themes = Theme::getAllowedList();
+ $allowed_themes[] = $theme;
+ Theme::setAllowedList($allowed_themes);
+
return true;
- } else {
- logger("Addons: FAILED installing theme $theme");
+ } catch (\Exception $e) {
+ Logger::error('Theme installation failed', ['theme' => $theme, 'error' => $e->getMessage()]);
return false;
}
}
/**
* @brief Get the full path to relevant theme files by filename
*
- * This function search in the theme directory (and if not present in global theme directory)
- * if there is a directory with the file extension and for a file with the given
- * filename.
+ * This function searches in order in the current theme directory, in the current theme parent directory, and lastly
+ * in the base view/ folder.
*
* @param string $file Filename
- * @param string $root Full root path
* @return string Path to the file or empty string if the file isn't found
+ * @throws \Exception
*/
- public static function getPathForFile($file, $root = '')
+ public static function getPathForFile($file)
{
- $file = basename($file);
+ $a = BaseObject::getApp();
+
+ $theme = $a->getCurrentTheme();
+
+ $parent = Strings::sanitizeFilePathItem($a->theme_info['extends'] ?? $theme);
- // Make sure $root ends with a slash / if it's not blank
- if ($root !== '' && $root[strlen($root) - 1] !== '/') {
- $root = $root . '/';
- }
- $theme_info = get_app()->theme_info;
- if (is_array($theme_info) && array_key_exists('extends', $theme_info)) {
- $parent = $theme_info['extends'];
- } else {
- $parent = 'NOPATH';
- }
- $theme = current_theme();
- $thname = $theme;
- $ext = substr($file, strrpos($file, '.') + 1);
$paths = [
- "{$root}view/theme/$thname/$ext/$file",
- "{$root}view/theme/$parent/$ext/$file",
- "{$root}view/$ext/$file",
+ "view/theme/$theme/$file",
+ "view/theme/$parent/$file",
+ "view/$file",
];
- foreach ($paths as $p) {
- // strpos() is faster than strstr when checking if one string is in another (http://php.net/manual/en/function.strstr.php)
- if (strpos($p, 'NOPATH') !== false) {
- continue;
- } elseif (file_exists($p)) {
- return $p;
+
+ foreach ($paths as $path) {
+ if (file_exists($path)) {
+ return $path;
}
}
+
return '';
}
*/
public static function getStylesheetPath($theme)
{
- $a = get_app();
+ $theme = Strings::sanitizeFilePathItem($theme);
+
+ if (!file_exists('view/theme/' . $theme . '/style.php')) {
+ return 'view/theme/' . $theme . '/style.css';
+ }
+
+ $a = BaseObject::getApp();
+
+ $query_params = [];
- $opts = (($a->profile_uid) ? '?f=&puid=' . $a->profile_uid : '');
- if (file_exists('view/theme/' . $theme . '/style.php')) {
- return 'view/theme/' . $theme . '/style.pcss' . $opts;
+ $puid = Profile::getThemeUid($a);
+ if ($puid) {
+ $query_params['puid'] = $puid;
}
- return 'view/theme/' . $theme . '/style.css';
+ return 'view/theme/' . $theme . '/style.pcss' . (!empty($query_params) ? '?' . http_build_query($query_params) : '');
}
}