Ryzom
/
ryzom-core
1
1
Fork 0
Code Issues 38 Pull Requests Projects 1 Releases 1 Activity

Remove web notification polling (remote code execution path)

Browse Source
ryzomclassic-develop
kaetemi 3 years ago
parent 578cef6c85
commit fc3f0355a5
No known key found for this signature in database
GPG Key ID: 9873C4D40BB479BC
6 changed files with 0 additions and 204 deletions
Show Stats Download Patch File Download Diff File

1
ryzom/client/client_default.cfg
Unescape Escape View File

@ -608,7 +608,6 @@ HelpPages =
}; };
// interval in minutes for webig notify thread to run // interval in minutes for webig notify thread to run
WebIgNotifInterval = 0;
WebIgMainDomain = "https://classic.ryzom.dev"; WebIgMainDomain = "https://classic.ryzom.dev";
WebIgTrustedDomains = { WebIgTrustedDomains = {
"classic.ryzom.dev" "classic.ryzom.dev"

2
ryzom/client/src/client_cfg.cpp
Unescape Escape View File

@ -436,7 +436,6 @@ CClientConfig::CClientConfig()
WebIgMainDomain = RYZOM_WEBIG_MAIN_URL; // https://open.ryzom.dev/" WebIgMainDomain = RYZOM_WEBIG_MAIN_URL; // https://open.ryzom.dev/"
WebIgTrustedDomains.push_back(RYZOM_WEBIG_TRUSTED_DOMAIN); // open.ryzom.dev WebIgTrustedDomains.push_back(RYZOM_WEBIG_TRUSTED_DOMAIN); // open.ryzom.dev
WebIgNotifInterval = 10; // time in minutes
CurlMaxConnections = 5; CurlMaxConnections = 5;
CurlCABundle.clear(); CurlCABundle.clear();
@ -1115,7 +1114,6 @@ void CClientConfig::setValues()
|| ClientCfg.WebIgMainDomain.find("https://") == std::string::npos) || ClientCfg.WebIgMainDomain.find("https://") == std::string::npos)
ClientCfg.WebIgMainDomain = "http://" + ClientCfg.WebIgMainDomain; ClientCfg.WebIgMainDomain = "http://" + ClientCfg.WebIgMainDomain;
READ_STRINGVECTOR_FV(WebIgTrustedDomains); READ_STRINGVECTOR_FV(WebIgTrustedDomains);
READ_INT_FV(WebIgNotifInterval);
READ_INT_FV(CurlMaxConnections); READ_INT_FV(CurlMaxConnections);
if (ClientCfg.CurlMaxConnections < 0) if (ClientCfg.CurlMaxConnections < 0)
ClientCfg.CurlMaxConnections = 2; ClientCfg.CurlMaxConnections = 2;

1
ryzom/client/src/client_cfg.h
Unescape Escape View File

@ -323,7 +323,6 @@ struct CClientConfig
std::string WebIgMainDomain; std::string WebIgMainDomain;
std::vector<string> WebIgTrustedDomains; std::vector<string> WebIgTrustedDomains;
uint WebIgNotifInterval; // value in minutes for notification thread
sint32 CurlMaxConnections; sint32 CurlMaxConnections;
string CurlCABundle; string CurlCABundle;

193
ryzom/client/src/interface_v3/group_html_webig.cpp
Unescape Escape View File

@ -159,199 +159,6 @@ size_t writeDataFromCurl(void *buffer, size_t size, size_t nmemb, void *pcl)
return size*nmemb; return size*nmemb;
} }
class CWebigNotificationThread : public NLMISC::IRunnable
{
private:
CURL *Curl;
bool _Running;
IThread *_Thread;
public:
CWebigNotificationThread()
{
_Running = false;
_Thread = NULL;
curl_global_init(CURL_GLOBAL_ALL);
Curl = NULL;
//nlinfo("ctor CWebigNotificationThread");
}
void init()
{
if (Curl)
{
return;
}
Curl = curl_easy_init();
if(!Curl) return;
curl_easy_setopt(Curl, CURLOPT_COOKIEFILE, "");
curl_easy_setopt(Curl, CURLOPT_NOPROGRESS, 1);
curl_easy_setopt(Curl, CURLOPT_USERAGENT, getUserAgent().c_str());
curl_easy_setopt(Curl, CURLOPT_FOLLOWLOCATION, 1);
curl_easy_setopt(Curl, CURLOPT_WRITEFUNCTION, writeDataFromCurl);
NLWEB::CCurlCertificates::useCertificates(Curl);
}
~CWebigNotificationThread()
{
if(Curl)
{
curl_easy_cleanup(Curl);
Curl = NULL;
}
if (_Thread)
{
_Thread->terminate();
delete _Thread;
_Thread = NULL;
}
}
void get(const std::string &url)
{
if(!Curl) return;
curlresult.clear();
//nlinfo("get '%s'", url.c_str());
curl_easy_setopt(Curl, CURLOPT_URL, url.c_str());
CURLcode res = curl_easy_perform(Curl);
long r;
curl_easy_getinfo(Curl, CURLINFO_RESPONSE_CODE, &r);
//nlwarning("result : '%s'", curlresult.c_str());
char *ch;
std::string contentType;
res = curl_easy_getinfo(Curl, CURLINFO_CONTENT_TYPE, &ch);
if (res == CURLE_OK && ch != NULL)
{
contentType = ch;
}
// "text/lua; charset=utf8"
if (contentType.find("text/lua") == 0)
{
std::string script;
script = "\nlocal __WEBIG_NOTIF__= true\n" + curlresult;
CInterfaceManager::getInstance()->queueLuaScript(script);
}
else
{
nlwarning("Invalid content-type '%s', expected 'text/lua'", contentType.c_str());
}
}
std::string randomString()
{
std::string chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
std::string s;
for (int i = 0; i < 32; i++)
{
s += chars[uint(frand(float(chars.size())))];
}
return s;
}
void run()
{
if (ClientCfg.WebIgNotifInterval == 0)
{
_Running = false;
nlwarning("ClientCfg.WebIgNotifInterval == 0, notification thread not running");
return;
}
std::string domain = ClientCfg.WebIgMainDomain;
uint32 ms = ClientCfg.WebIgNotifInterval*60*1000;
_Running = true;
// first time, we wait a small amount of time to be sure everything is initialized
nlSleep(30*1000);
uint c = 0;
while (_Running)
{
string url = domain + "/index.php?app=notif&format=lua&rnd=" + randomString();
addWebIGParams(url, true);
get(url);
sleepLoop(ms);
}
}
void sleepLoop(uint ms)
{
// use smaller sleep time so stopThread() will not block too long
// tick == 100ms
uint32 ticks = ms / 100;
while (_Running && ticks > 0) {
nlSleep(100);
ticks--;
}
}
void startThread()
{
// initialize curl outside thread
init();
if (!_Thread)
{
_Thread = IThread::create(this);
nlassert(_Thread != NULL);
_Thread->start();
nlwarning("WebIgNotification thread started");
}
else
{
nlwarning("WebIgNotification thread already started");
}
}
void stopThread()
{
_Running = false;
if (_Thread)
{
_Thread->wait();
delete _Thread;
_Thread = NULL;
nlwarning("WebIgNotification thread stopped");
}
else
{
nlwarning("WebIgNotification thread already stopped");
}
}
bool isRunning() const
{
return _Running;
}
};
static CWebigNotificationThread webigThread;
void startWebIgNotificationThread()
{
if (!webigThread.isRunning())
{
webigThread.startThread();
}
}
void stopWebIgNotificationThread()
{
if (webigThread.isRunning())
{
webigThread.stopThread();
}
}
// ***************************************************************************
// ***************************************************************************
// *************************************************************************** // ***************************************************************************
NLMISC_REGISTER_OBJECT(CViewBase, CGroupHTMLAuth, std::string, "auth_html"); NLMISC_REGISTER_OBJECT(CViewBase, CGroupHTMLAuth, std::string, "auth_html");

3
ryzom/client/src/interface_v3/group_html_webig.h
Unescape Escape View File

@ -25,9 +25,6 @@
#include "nel/misc/types_nl.h" #include "nel/misc/types_nl.h"
#include "nel/gui/group_html.h" #include "nel/gui/group_html.h"
void startWebIgNotificationThread();
void stopWebIgNotificationThread();
/** /**
* Auth HTML group * Auth HTML group
*/ */

4
ryzom/client/src/interface_v3/interface_manager.cpp
Unescape Escape View File

@ -1071,8 +1071,6 @@ void CInterfaceManager::initInGame()
{ {
displaySystemInfo(CI18N::get("uiLogTurnedOff")); displaySystemInfo(CI18N::get("uiLogTurnedOff"));
} }
startWebIgNotificationThread();
} }
// ------------------------------------------------------------------------------------------------ // ------------------------------------------------------------------------------------------------
@ -1326,8 +1324,6 @@ void CInterfaceManager::uninitInGame0 ()
// ------------------------------------------------------------------------------------------------ // ------------------------------------------------------------------------------------------------
void CInterfaceManager::uninitInGame1 () void CInterfaceManager::uninitInGame1 ()
{ {
stopWebIgNotificationThread();
// release Bar Manager (HP, SAP etc... Bars) // release Bar Manager (HP, SAP etc... Bars)
CBarManager::getInstance()->releaseInGame(); CBarManager::getInstance()->releaseInGame();

Write Preview
Loading…
Cancel
Save