denis/peliprint
denis/peliprint
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove developer terminal completely and more.

Browse source 
Make Blueprint more secure, restore blueprint.sh if upgrading fails, fix problems with the BlueprintAdminFormRequest resulting in errors.
This commit is contained in:
purple 2023-06-28 16:57:05 +02:00
parent e6fa4895fe
commit fb7dfcf054
4 changed files with 25 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/Http/Controllers/Admin/Extensions/Blueprint/BlueprintExtensionController.php
View file

@ -14,7 +14,6 @@ use Pterodactyl\Services\Helpers\BlueprintExtensionLibrary;
use Pterodactyl\Services\Helpers\BlueprintPlaceholderService;
use Pterodactyl\Contracts\Repository\SettingsRepositoryInterface;
use Illuminate\Contracts\Config\Repository as ConfigRepository;
use BlueprintSettingsFormRequest;
use Illuminate\Http\RedirectResponse;
use Pterodactyl\Http\Requests\Admin\AdminFormRequest;
@ -44,11 +43,6 @@ class BlueprintExtensionController extends Controller
*/
public function index(): View
{
if($this->bp->dbGet('developer:cmd') != "") {
$this->bplib->notify("Execute arguments sent to Blueprint.");
$this->bp->dbSet('developer:log', $this->bp->exec($this->bp->dbGet('developer:cmd')));
};
if ($this->settings->get('blueprint::panel:id') == "" || $this->bp->version() != $this->settings->get('blueprint::version:cache')) {
$this->settings->set('blueprint::panel:id', uniqid(rand())."@".$this->bp->version());
$this->settings->set('blueprint::version:cache', $this->bp->version());
@ -71,7 +65,7 @@ class BlueprintExtensionController extends Controller
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function update(BlueprintSettingsFormRequest $request): RedirectResponse
public function update(BlueprintAdminFormRequest $request): RedirectResponse
{
foreach ($request->normalize() as $key => $value) {
$this->settings->set('blueprint::' . $key, $value);
@ -82,7 +76,7 @@ class BlueprintExtensionController extends Controller
}
}
class BlueprintSettingsFormRequest extends AdminFormRequest
class BlueprintAdminFormRequest extends AdminFormRequest
{
public function rules(): array {
return [

4
app/Services/Helpers/BlueprintExtensionLibrary.php
View file

@ -45,13 +45,13 @@ class BlueprintExtensionLibrary
*/
public function notify($text) {
$this->dbSet("blueprint", "notification:text", $text);
shell_exec("cd /var/www/".escapeshellarg($this->placeholder->folder()).";echo \"".escapeshellarg($text)."\" > .blueprint/data/internal/db/notification;");
shell_exec("cd /var/www/".escapeshellarg($this->placeholder->folder()).";echo ".escapeshellarg($text)." > .blueprint/data/internal/db/notification;");
return;
}
public function notifyAfter($delay, $text) {
$this->dbSet("blueprint", "notification:text", $text);
shell_exec("cd /var/www/".escapeshellarg($this->placeholder->folder()).";echo \"".escapeshellarg($text)."\" > .blueprint/data/internal/db/notification;");
shell_exec("cd /var/www/".escapeshellarg($this->placeholder->folder()).";echo ".escapeshellarg($text)." > .blueprint/data/internal/db/notification;");
header("Refresh:$delay");
return;
}

26
blueprint.sh
View file

@ -56,13 +56,19 @@ source .blueprint/lib/telemetry.sh;
# -exec
if [[ "$1" == "-exec" ]]; then
# Quoteless arguments.
# There should be an easier way to do this and will be added in the future.
ql1=$(echo "$1" | tr -d "'\\\n\r;");ql2=$(echo "$2" | tr -d "'\\\n\r;");ql3=$(echo "$3" | tr -d "'\\\n\r;");ql4=$(echo "$4" | tr -d "'\\\n\r;");ql5=$(echo "$5" | tr -d "'\\\n\r;");
# Update the telemetry id to argument.
if [[ $2 == "key" ]]; then
z=true;
echo "$3" > .blueprint/data/internal/db/telemetry_id;
if [[ $ql2 == "key" ]]; then
echo "$ql3" > .blueprint/data/internal/db/telemetry_id;
echo Command executed.;
exit 1;
fi;
if [[ $z == false ]]; then echo "Command not found."; else; echo " "; fi; exit 1;
echo Command not found.;
exit 1;
fi;
# Function that exits the script after logging a "red" message.
@ -499,6 +505,7 @@ if [[ $2 == "-upgrade" ]]; then
if [[ $YN3 != "continue" ]]; then log_bright "[INFO] Upgrade cancelled.";exit 1;fi;
log_bright "[INFO] Blueprint is upgrading.. Please do not turn off your machine.";
cp blueprint.sh .blueprint.sh.bak;
if [[ $3 == "dev" ]]; then
bash tools/update.sh /var/www/$FOLDER dev
else
@ -530,8 +537,17 @@ if [[ $2 == "-upgrade" ]]; then
if [[ $score == 1 ]]; then
log_green "[SUCCESS] Blueprint has upgraded successfully.";
elif [[ $score == 0 ]]; then
log_yellow "[WARNING] All checks have failed, attempting automatic repair.";
rm blueprint.sh;
cp .blueprint.sh.bak blueprint.sh;
log_bright "[INFO] blueprint.sh has been rolled back.";
log_red "[FATAL] Upgrading has failed."
else
log_yellow "[WARNING] Some post-upgrade checks have failed."
log_yellow "[WARNING] Some post-upgrade checks have failed, attempting automatic repair.";
rm blueprint.sh;
cp .blueprint.sh.bak blueprint.sh;
log_bright "[INFO] blueprint.sh has been rolled back.";
log_red "[FATAL] Upgrading has failed."
fi;
rm .blueprint.sh.bak;
fi;

26
resources/views/admin/extensions/blueprint/index.blade.php
View file

@ -29,32 +29,6 @@
</div>
</div>
<!-- Terminal -->
@if($bp->dbGet('developer') == "true")
<div class="box">
<div class="box-header with-border">
<h3 class="box-title"><i class='bx bxs-terminal' style='margin-right:5px;'></i>Terminal</h3>
</div>
<div class="box-body">
<form action="" method="POST">
<div class="col-xs-12" style="padding-top:5px;">
<input type="text" required name="developer:cmd" id="developer:cmd" value="{{ $bp->dbGet('developer:cmd') }}" class="form-control" style="height:40px;width:100%;"/>
<p class="text-muted small">Run a execute command on blueprint.sh, but you'll probably never use this anyways.</p>
{{ csrf_field() }}
<button type="submit" name="_method" value="PATCH" class="btn btn-gray-alt btn-sm pull-right" style="display:none;">Send</button>
</div>
<div class="col-xs-12" style="padding-top:10px;">
@if($bp->dbGet('developer:log') != "")
<code>{{ $bp->dbGet('developer:log') }}</code>
@endif
</div>
</form>
</div>
</div>
{{ $bp->dbSet('developer:log', '') }}
{{ $bp->dbSet('developer:cmd', '') }}
@endif
</div>
<div class="col-xs-9">
<form action="" method="POST">