44 * See COPYING.txt for license details.
55 */
66
7- if (isset ($ _POST 'command ' ])) {
7+ if (isset ($ _POST 'baseUrl ' ]) && isset ($ _POST 'username ' ]) && isset ($ _POST 'password ' ]) && isset ($ _POST 'command ' ])) {
8+ $ baseUrlurldecode ($ _POST 'baseUrl ' ]);
9+ $ usernameurldecode ($ _POST 'username ' ]);
10+ $ passwordurldecode ($ _POST 'password ' ]);
811 $ commandurldecode ($ _POST 'command ' ]);
912 if (array_key_exists ("arguments " , $ _POST
1013 $ argumentsurldecode ($ _POST 'arguments ' ]);
1114 } else {
1215 $ argumentsnull ;
1316 }
14- $ phpPHP_BINDIR ? PHP_BINDIR . '/php ' : 'php ' ;
15- $ validvalidateCommand ($ command
16- if ($ valid
17- exec (
18- escapeCommand ($ php' -f ../../../../bin/magento ' . $ command" $ arguments ." 2>&1 " ,
19- $ output
20- $ exitCode
21- );
22- if ($ exitCode0 ) {
23- http_response_code (202 );
17+
18+ if (isAuthenticated ($ baseUrl$ username$ password
19+ $ phpPHP_BINDIR ? PHP_BINDIR . '/php ' : 'php ' ;
20+ $ magentoBinary$ php' -f ../../../../bin/magento ' ;
21+ $ validvalidateCommand ($ magentoBinary$ command
22+ if ($ valid
23+ exec (
24+ escapeCommand ($ magentoBinary' ' . $ command" $ arguments ." 2>&1 " ,
25+ $ output
26+ $ exitCode
27+ );
28+ if ($ exitCode0 ) {
29+ http_response_code (202 );
30+ } else {
31+ http_response_code (500 );
32+ }
33+ echo implode ("\n" , $ output
2434 } else {
25- http_response_code (500 );
35+ http_response_code (403 );
36+ echo "Given command not found valid in Magento CLI Command list. " ;
2637 }
27- echo implode ("\n" , $ output
2838 } else {
29- http_response_code (403 );
30- echo " Given command not found valid in Magento CLI Command list. "
39+ http_response_code (401 );
40+ echo ( " Command not unauthorized. " ) ;
3141 }
3242} else {
3343 http_response_code (412 );
34- echo ("Command parameter is not set. " );
44+ echo ("Required parameters are not set. " );
45+ }
46+
47+ /**
48+ * Returns if credentials are successfully authenticated.
49+ *
50+ * @param string $baseUrl
51+ * @param string $username
52+ * @param string $password
53+ * @return bool
54+ */
55+ function isAuthenticated ($ baseUrl$ username$ password
56+ {
57+ $ userData
58+ "username " => $ username
59+ "password " => $ password
60+ ];
61+ $ chcurl_init ($ baseUrl"/index.php/rest/V1/integration/admin/token " );
62+ curl_setopt ($ chCURLOPT_POST , true );
63+ curl_setopt ($ chCURLOPT_POSTFIELDS , json_encode ($ userData
64+ curl_setopt ($ chCURLOPT_RETURNTRANSFER , true );
65+ curl_setopt ($ chCURLOPT_FOLLOWLOCATION , true );
66+ curl_setopt ($ chCURLOPT_SSL_VERIFYPEER , false );
67+ curl_setopt ($ chCURLOPT_SSL_VERIFYHOST , false );
68+ curl_setopt ($ chCURLOPT_COOKIEFILE , '' );
69+ curl_setopt (
70+ $ ch
71+ CURLOPT_HTTPHEADER ,
72+ array ("Content-Type: application/json " , "Content-Lenght: " . strlen (json_encode ($ userData
73+ );
74+
75+ $ tokencurl_exec ($ ch
76+
77+ if (!empty ($ tokencurl_getinfo ($ chCURLINFO_HTTP_CODE ) === 200 ) {
78+ curl_close ($ ch
79+ return true ;
80+ } else {
81+ echo "Authentication error. " ;
82+ curl_close ($ ch
83+ return false ;
84+ }
3585}
3686
3787/**
@@ -55,13 +105,13 @@ function escapeCommand($command)
55105
56106/**
57107 * Checks magento list of CLI commands for given $command. Does not check command parameters, just base command.
108+ * @param string $magentoBinary
58109 * @param string $command
59110 * @return bool
60111 */
61- function validateCommand ($ command
112+ function validateCommand ($ magentoBinary , $ command
62113{
63- $ phpPHP_BINDIR ? PHP_BINDIR . '/php ' : 'php ' ;
64- exec ($ php' -f ../../../../bin/magento list ' , $ commandList
114+ exec ($ magentoBinary' list ' , $ commandList
65115 // Trim list of commands after first whitespace
66116 $ commandListarray_map ("trimAfterWhitespace " , $ commandList
67117 return in_array (trimAfterWhitespace ($ command$ commandList
0 commit comments