diff --git a/.htaccess b/.htaccess new file mode 100644 index 000000000..a66e70b6e --- /dev/null +++ b/.htaccess @@ -0,0 +1,13 @@ +# In PrestaShop 9.0 php files are now protected so we allow only specific endpoints to be accessible + + # Apache 2.2 + + Order Allow,Deny + Allow from all + + + # Apache 2.4 + + Require all granted + + diff --git a/controllers/front/cron.php b/controllers/front/cron.php new file mode 100644 index 000000000..a5b40aedc --- /dev/null +++ b/controllers/front/cron.php @@ -0,0 +1,80 @@ + + * @copyright Since 2007 PrestaShop SA and Contributors + * @license https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) + */ + +declare(strict_types=1); + +class Ps_FacetedSearchCronModuleFrontController extends ModuleFrontController +{ + public function __construct() + { + parent::__construct(); + $this->ajax = true; + } + + public function postProcess() + { + if (substr(Tools::hash('ps_facetedsearch/index'), 0, 10) != Tools::getValue('token')) { + header('HTTP/1.1 403 Forbidden'); + header('Status: 403 Forbidden'); + $this->ajaxRender('Bad token'); + + return; + } + + $action = Tools::getValue('action'); + switch ($action) { + case 'indexAttributes': + Shop::setContext(Shop::CONTEXT_ALL); + + $psFacetedsearch = new Ps_Facetedsearch(); + $psFacetedsearch->indexAttributes(); + $psFacetedsearch->indexFeatures(); + $psFacetedsearch->indexAttributeGroup(); + + $this->ajaxRender('1'); + break; + case 'clearCache': + $psFacetedsearch = new Ps_Facetedsearch(); + $this->ajaxRender($psFacetedsearch->invalidateLayeredFilterBlockCache()); + break; + case 'indexPrices': + Shop::setContext(Shop::CONTEXT_ALL); + + $module = new Ps_Facetedsearch(); + if (Tools::getValue('full')) { + $this->ajaxRender($module->fullPricesIndexProcess((int) Tools::getValue('cursor'), (bool) Tools::getValue('ajax'), true)); + } else { + $this->ajaxRender($module->pricesIndexProcess((int) Tools::getValue('cursor'), (bool) Tools::getValue('ajax'))); + } + + break; + default: + header('HTTP/1.1 403 Forbidden'); + header('Status: 403 Forbidden'); + $this->ajaxRender('Unknown action'); + } + } +} diff --git a/ps_facetedsearch-attribute-indexer.php b/ps_facetedsearch-attribute-indexer.php index ad6b87c8f..ee7e1236f 100644 --- a/ps_facetedsearch-attribute-indexer.php +++ b/ps_facetedsearch-attribute-indexer.php @@ -17,6 +17,14 @@ * @copyright Since 2007 PrestaShop SA and Contributors * @license https://opensource.org/licenses/AFL-3.0 Academic Free License 3.0 (AFL-3.0) */ + +/* + * This standalone endpoint is deprecated, it should not be used anymore and should be removed along with the + * htaccess file that still allows it to work despite the security policy from the core forbidding this kind + * of file to be executed. + */ +@trigger_error('This endpoint has been deprecated and will be removed in the next major version for this module, you should rely on Ps_FacetedSearchCronModuleFrontController instead.', E_USER_DEPRECATED); + require_once __DIR__ . '/../../config/config.inc.php'; require_once __DIR__ . '/ps_facetedsearch.php'; diff --git a/ps_facetedsearch-clear-cache.php b/ps_facetedsearch-clear-cache.php index bcf7ec5f4..7068f49dc 100644 --- a/ps_facetedsearch-clear-cache.php +++ b/ps_facetedsearch-clear-cache.php @@ -17,6 +17,14 @@ * @copyright Since 2007 PrestaShop SA and Contributors * @license https://opensource.org/licenses/AFL-3.0 Academic Free License 3.0 (AFL-3.0) */ + +/* + * This standalone endpoint is deprecated, it should not be used anymore and should be removed along with the + * htaccess file that still allows it to work despite the security policy from the core forbidding this kind + * of file to be executed. + */ +@trigger_error('This endpoint has been deprecated and will be removed in the next major version for this module, you should rely on Ps_FacetedSearchCronModuleFrontController instead.', E_USER_DEPRECATED); + require_once __DIR__ . '/../../config/config.inc.php'; require_once __DIR__ . '/ps_facetedsearch.php'; diff --git a/ps_facetedsearch-price-indexer.php b/ps_facetedsearch-price-indexer.php index 60f8fa2a8..02c70e1c9 100644 --- a/ps_facetedsearch-price-indexer.php +++ b/ps_facetedsearch-price-indexer.php @@ -17,6 +17,14 @@ * @copyright Since 2007 PrestaShop SA and Contributors * @license https://opensource.org/licenses/AFL-3.0 Academic Free License 3.0 (AFL-3.0) */ + +/* + * This standalone endpoint is deprecated, it should not be used anymore and should be removed along with the + * htaccess file that still allows it to work despite the security policy from the core forbidding this kind + * of file to be executed. + */ +@trigger_error('This endpoint has been deprecated and will be removed in the next major version for this module, you should rely on Ps_FacetedSearchCronModuleFrontController instead.', E_USER_DEPRECATED); + require_once __DIR__ . '/../../config/config.inc.php'; require_once __DIR__ . '/ps_facetedsearch.php'; diff --git a/ps_facetedsearch.php b/ps_facetedsearch.php index f3e1d12e5..98d29ee72 100644 --- a/ps_facetedsearch.php +++ b/ps_facetedsearch.php @@ -779,20 +779,20 @@ public function getContent() public function renderAdminMain() { // General purpose variables - $moduleUrl = Tools::getProtocol(Tools::usingSecureMode()) . $_SERVER['HTTP_HOST'] . $this->getPathUri(); $features = $this->getAvailableFeatures(); $attributeGroups = $this->getAvailableAttributes(); + $cronToken = substr(Tools::hash('ps_facetedsearch/index'), 0, 10); $this->context->smarty->assign([ 'PS_LAYERED_INDEXED' => (int) Configuration::getGlobalValue('PS_LAYERED_INDEXED'), 'current_url' => Tools::safeOutput(preg_replace('/&deleteFilterTemplate=[0-9]*&id_layered_filter=[0-9]*/', '', $_SERVER['REQUEST_URI'])), 'id_lang' => $this->getContext()->cookie->id_lang, - 'token' => substr(Tools::hash('ps_facetedsearch/index'), 0, 10), + 'token' => $cronToken, 'base_folder' => urlencode(_PS_ADMIN_DIR_), - 'price_indexer_url' => $moduleUrl . 'ps_facetedsearch-price-indexer.php' . '?token=' . substr(Tools::hash('ps_facetedsearch/index'), 0, 10), - 'full_price_indexer_url' => $moduleUrl . 'ps_facetedsearch-price-indexer.php' . '?token=' . substr(Tools::hash('ps_facetedsearch/index'), 0, 10) . '&full=1', - 'attribute_indexer_url' => $moduleUrl . 'ps_facetedsearch-attribute-indexer.php' . '?token=' . substr(Tools::hash('ps_facetedsearch/index'), 0, 10), - 'clear_cache_url' => $moduleUrl . 'ps_facetedsearch-clear-cache.php' . '?token=' . substr(Tools::hash('ps_facetedsearch/index'), 0, 10), + 'price_indexer_url' => $this->context->link->getModuleLink('ps_facetedsearch', 'cron', ['ajax' => true, 'action' => 'indexPrices', 'token' => $cronToken]), + 'full_price_indexer_url' => $this->context->link->getModuleLink('ps_facetedsearch', 'cron', ['ajax' => true, 'action' => 'indexPrices', 'full' => 1, 'token' => $cronToken]), + 'attribute_indexer_url' => $this->context->link->getModuleLink('ps_facetedsearch', 'cron', ['ajax' => true, 'action' => 'indexAttributes', 'token' => $cronToken]), + 'clear_cache_url' => $this->context->link->getModuleLink('ps_facetedsearch', 'cron', ['ajax' => true, 'action' => 'clearCache', 'token' => $cronToken]), 'filters_templates' => $this->getExistingFiltersOverview(), 'show_quantities' => Configuration::get('PS_LAYERED_SHOW_QTIES'), 'cache_enabled' => Configuration::get('PS_LAYERED_CACHE_ENABLED'),