WWWWWW

Current Directory: /usr/local/bin
Viewing File: /usr/local/bin/ea_convert_php_ini
#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - ea_convert_php_ini                     Copyright(c) 2016 cPanel, Inc.
#                                                           All rights Reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

# !!! This should only be run during migration !!!
#
# Description
#   Updates each user's 'php.ini' file so it's compatible with EA4.
#
# Conditions (ALL must be met for this script to run)
#   1. This is being run by the migrate_ea3_to_ea4 script.
#   2. The system default PHP version is assigned to the mod_suphp
#      Apache handler.
#   3. User is assigned to the system default PHP version.
#   4. The user has defined the 'suPHP_ConfigPath' setting within
#      an .htaccess file in the docroot of a vhost.
#
# Design
#   You'll notice 4 packages in this script.  These are separate
#   because:
#    1. It's overkill right now to create a whole new RPM package
#       which would contain the code we need to correctly parse
#       PHP ini files, get it into cpanel & whm, etc.
#    2. This used to be broken up into 2 scripts and designed to
#       allow future cmd-line execution.  However, it was too slow.
#       In an effort to speed it up (1.5 hrs to 5 mins against
#       10k accounts), the files were merged (/bin/cat a b > c) and
#       it was easier to combine the files and keep the packages
#       intact.
#
#   The 4 packages in here are as follows:
#    - Parse::PHP::Ini -- logic to parse/merge/render PHP ini files
#    - ea_convert_php_ini_file -- logic to convert a single php ini file
#    - ea_convert_php_ini_system -- logic to convert an entire
#        cpanel system
#    - main -- main script interface
#
# TODO:
#   1. Allow user to manually run this script to convert the system at-will.
#   2. Allow script to convert a vhost's ini files assigned to a php version
#      other than the system default.
#   3. Allow script to run if the php version is assigned to a non-suphp handler.
#   4. Allow user to convert an individual ini file.
#
# !!! This should only be run during migration !!!

package Parse::PHP::Ini;

use strict;
use warnings;
use Cpanel::Fcntl     ();
use Cpanel::ArrayFunc ();
use Time::HiRes qw( CLOCK_REALTIME );

# the special name we apply to things we find at file-scope within a php ini file.  this
# name should not be a valid section name
our $ROOT_NAME = '!_ROOT_!';

sub new {
    my $class = shift;
    my %args  = @_;
    require Tree::DAG_Node;    # this wasn't available on cpanel 11.54 and older
    return bless( \%args, $class );
}

# Accessor method for profiling the parser
# NOTE: Would be nice to have some sort of Aspect-oriented api for this
sub add_timestamp {
    my $self = shift;
    return 1 unless $self->{debug};

    my $label = shift;
    my $ts    = Time::HiRes::clock_gettime();
    push @{ $self->{timestamp} }, { label => $label, ts => $ts };

    return 1;
}

# Get a list of profiling timestamps
sub get_timestamps {
    my $self = shift;
    return ( defined $self->{timestamp} ? @{ $self->{timestamp} } : [] );
}

sub parse_init {
    my $self = shift;
    my %args = @_;
    my %struct;

    if ( $args{path} ) {
        require Tie::File;
        open( my $fh, '<', $args{path} ) or die Cpanel::Exception::create( 'IO::FileOpenError', { path => $args{path}, error => $!, mode => '<' } );
        my @content;
        my $tie = tie @content, 'Tie::File', $fh, recsep => "\n", mode => Cpanel::Fcntl::or_flags(qw(O_RDONLY));
        $struct{fh}      = $fh;
        $struct{content} = \@content;
    }
    elsif ( $args{str} ) {
        my @content = split( /\n/, ${ $args{str} } );
        $struct{content} = \@content;
    }
    else {
        die Cpanel::Exception::create( 'MissingParameter', { name => 'path' } ) if ( !defined $args{path} && !defined $args{str} );
    }

    return \%struct;
}

sub parse_clean {
    my ( $self, $struct ) = @_;

    if ( $struct->{fh} ) {
        untie $struct->{content};
        delete $struct->{content};
        close $struct->{fh};
        delete $struct->{fh};
    }

    return 1;
}

# Returns the current PHP ini section.
#
# Parsing a PHP ini file ensures that everything it parses is container within
# a section (e.g. [curl]).  The exception being, that we have a special section
# called, $ROOT_NAME.  This section often contains comments and blank lines.
#
# Since everything must be in a section, the "mother" must always be of
# type 'section'.
# TODO: add checks to guarantee $node and $attr passed in
sub get_current_section {
    my ( $self, $node ) = @_;
    my $type = $self->get_node_type($node);
    return ( $type eq 'section' ? $node : $node->mother() );
}

# Finds a matching php ini section (e.g. [curl])
# TODO: add checks to guarantee $tree and $match passed in
sub get_matching_section {
    my ( $self, $tree, $match ) = @_;

    # $match matches the value attribute (lc of section name), not what's displayed in ini file
    my $section;

    $self->add_timestamp("Start: get_matching_section( $match )");

    $match = lc $match;

    $tree->walk_down(
        {
            _depth   => scalar $tree->ancestors,
            callback => sub {
                my ( $node, $opt ) = @_;

                return 1 if ( defined $opt->{_depth} && $opt->{_depth} > 1 );    # all settings are inside sections, which are depth 1 (or undef for root)

                my $type = $self->get_node_type($node);
                my $attr = $node->attribute();
                my $ret  = 1;

                if ( $type eq 'section' && $attr->{value} eq $match ) {
                    $section = $node;
                    $ret     = 0;                                                # stop traversing, we found the section
                }

                return $ret;
            }
        }
    );

    $self->add_timestamp("End: get_matching_section( $match )");

    return $section;
}

# Find a setting within a php ini section, if any
# TODO: add checks to guarantee $section, $key, and $value passed in
sub get_matching_setting {
    my ( $self, $section, $key, $value ) = @_;
    my $setting;

    $self->add_timestamp("Start: get_matching_setting( section=$section setting=$key )");

    $key = lc $key;

    # For the most part, when PHP finds the same setting, it knows to
    # override the value that it saw earlier.  However, the exception
    # to this is when it finds 'extension' and 'zend_extension'.  These
    # can be duplicated all over.

    $section->walk_down(
        {
            _depth   => scalar $section->ancestors,
            callback => sub {
                my $node = shift;
                my $type = $self->get_node_type($node);
                my $attr = $node->attribute();

                return 1 unless $type eq 'setting';

                my $ret = 1;

                if ( $key eq 'extension' || $key eq 'zend_extension' ) {
                    if ( $value eq $attr->{value} ) {
                        $setting = $node;
                        $ret     = 0;
                    }
                }
                else {
                    if ( $key eq $attr->{key} ) {
                        $setting = $node;
                        $ret     = 0;
                    }
                }

                return $ret;
            }
        }
    );

    $self->add_timestamp("End: get_matching_setting( section=$section setting=$key )");

    return $setting;
}

sub is_root_node {
    my ( $self, $node ) = @_;
    return ( $node->name() eq $ROOT_NAME ? 1 : 0 );
}

sub make_root_node {
    my $self = shift;
    return $self->make_section_node( $ROOT_NAME, 0 );
}

# TODO: add checks to guarantee $name and $line passed in
sub make_section_node {
    my $self = shift;
    my ( $name, $line ) = @_;

    $self->add_timestamp("Start: make_section_node( name=$name )");

    $line ||= 0;

    my $node = Tree::DAG_Node->new();
    $node->name($name);
    $node->attribute( { type => 'section', value => lc $name, line => $line } );

    $self->add_timestamp("End: make_section_node( name=$name )");

    return $node;
}

# TODO: add checks to guarantee $value and $line passed in
sub make_filler_node {
    my $self = shift;
    my ( $value, $line ) = @_;

    $self->add_timestamp("Start: make_filler_node()");

    $line ||= 0;

    my $node = Tree::DAG_Node->new();
    $node->name('filler');
    $node->attribute( { type => 'filler', value => $value, line => $line } );

    $self->add_timestamp("End: make_filler_node()");

    return $node;
}

# TODO: add checks to guarantee $key, $value, and $line passed in
sub make_setting_node {
    my $self = shift;
    my ( $key, $value, $line ) = @_;

    $line ||= 0;

    my $node = Tree::DAG_Node->new();
    $node->name($key);
    $node->attribute( { type => 'setting', key => lc $key, value => $value, line => $line } );

    return $node;
}

# TODO: validate $in is a Tree::DAG_Node type
sub dup_node {
    my ( $self, $in ) = @_;
    my $type = $self->get_node_type($in);
    my $attr = $in->attribute();
    my $out;

    $self->add_timestamp("Start: dup_node( type=$type )");

    if ( $type eq 'setting' ) {
        $out = $self->make_setting_node( $in->name(), $attr->{value}, $attr->{line} );
    }
    elsif ( $type eq 'section' ) {
        $out = $self->make_section_node( $in->name(), $attr->{line} );
    }
    elsif ( $type eq 'filler' ) {
        $out = $self->make_filler_node( $attr->{value}, $attr->{line} );
    }
    else {
        die Cpanel::Exception::create( 'InvalidParameter', "Programmer Error: Request node duplicate on unknown type: $type" );
    }

    $self->add_timestamp("End: dup_node( type=$type )");

    return $out;
}

# TODO: add checks to guarantee $node and $attr passed in
# TODO: add check to ensure $attr is a hash ref that contains all setting values
# NOTE: We make a copy of %$attr for tinkering safety
sub update_node {
    my $self = shift;
    my ( $node, $attr ) = @_;
    my %copy = %$attr;
    $node->attribute( \%copy );
    return 1;
}

# TODO: validate $node existence and type
sub get_node_type {
    my ( $self, $node ) = @_;
    my $attr = $node->attribute();
    return $attr->{type};
}

# TODO: validate $node existence, Tree::DAG_Node type, and is a 'setting' type
# TODO: validate each @exclude entry ('key' and 'value') is a regex (qr//)
# TODO: generalize this method to is_excluded_node() (YAGNI?)
sub is_excluded_setting {
    my $self    = shift;
    my $node    = shift;
    my @exclude = @_;

    my $excluded = 0;
    my $attr     = $node->attribute();

    $self->add_timestamp("Start: is_excluded_setting()");

    # Exclusion criteria:
    #   1. if only 'key' regex supplied, then the key must match
    #   2. if only 'value' regex supplied, then only the value must match
    #   3. if both 'key' and 'value' supplied, then both regexes must match
    for my $href (@exclude) {
        my @and;

        push @and, ( $href->{key}   && $attr->{key} =~ $href->{key} )     ? 1 : 0;
        push @and, ( $href->{value} && $attr->{value} =~ $href->{value} ) ? 1 : 0;

        # the sum of the votes must be equal to the number of exclusions compared against
        if ( Cpanel::ArrayFunc::sum(@and) == scalar keys %$href ) {
            $excluded = 1;
            last;
        }
    }

    $self->add_timestamp("End: is_excluded_setting()");

    return $excluded;
}

# Parses a PHP ini file and returns the Tree
sub parse {
    my $self = shift;
    my %args = @_;

    $self->add_timestamp("Start: parse()");

    my $struct = $self->parse_init(%args);

    # initialize parsing tree with our special ROOT node
    my $root = $self->make_root_node();

    my %section_cache;

    # this is used so that we can easily access the previously inserted
    # node (or perhaps use it to determine which ini section we're in)
    my $current_node = $root;

    # line count
    my $count = 0;

    # parse the ini file
    for my $line ( @{ $struct->{content} } ) {
        $count++;
        chomp $line;

        if ( $line =~ /^\s*\[(.+?(?=\]))\]/ ) {    # e.g. [curl]
            my $name = "$1";
            my $section = $self->get_matching_section( $root, $name );

            # never seen this section before, create and add it
            unless ($section) {
                $section = _get_cache( \%section_cache, $name );
                $section = $self->make_section_node( $name, $count ) unless $section;
                $root->add_daughter($section);
            }

            $current_node = $section;
            _set_cache( \%section_cache, $name, $section );
        }
        elsif ( $line =~ /^\s*([\/\-\w\.]+)\s*=\s*(.*)$/ ) {    # e.g. "allow_url_fopen = Off" (NOTE: You can have empty values)
            my ( $key, $value ) = ( "$1", "$2" );
            my $section = $self->get_current_section($current_node);

            # don't add settings to the root node, they must go into the global PHP section
            if ( $self->is_root_node($section) ) {
                $section = $self->get_matching_section( $root, 'PHP' );

                if ( !$section ) {
                    $section = $self->make_section_node( 'PHP', $count );
                    $root->add_daughter($section);
                }
            }

            # add/update the setting in this section
            my $setting = $self->get_matching_setting( $section, $key, $value );

            if ($setting) {
                my $tmp = $self->make_setting_node( $key, $value, $count );
                my $attr = $tmp->attribute();
                $self->update_node( $setting, $attr );
            }
            else {
                $setting = $self->make_setting_node( $key, $value, $count );
                $section->add_daughter($setting);
            }

            $current_node = $setting;
        }
        elsif ( $line =~ /^(\s*(?:;.*)?)$/ ) {    # comment or blank line
            my $value = "$1\n";
            my $attr  = $current_node->attribute();

            if ( $attr->{type} eq 'filler' ) {
                $attr->{value} .= $value;         # just append to previous filler, instead of creating a new one for each line
            }
            else {
                my $filler = $self->make_filler_node( $value, $count );
                my $section = $self->get_current_section($current_node);
                $section->add_daughter($filler);
                $current_node = $filler;
            }
        }
        else {                                    # if we get here, we're not taking into account all possible php ini file formats
            warn "Unable to parse line $count: $line";
        }
    }

    $self->parse_clean($struct);
    $self->add_timestamp("End: parse()");

    return $root;
}

sub _get_cache {
    my ( $cache, $key ) = @_;
    $key = lc $key;
    return $cache->{$key};
}

sub _set_cache {
    my ( $cache, $key, $val ) = @_;
    $key = lc $key;
    $cache->{$key} = $val;
    return 1;
}

# Creates a new tree that contains the properties of both.  If there's
# a conflict, then the "right" tree's value wins.
sub merge {
    my $self = shift;
    my ( $ltree, $rtree ) = @_;
    my %args = @_;
    my $exclude = $args{exclude} || [];

    die Cpanel::Exception::create( 'MissingParameter', { name => 'ltree' } ) unless $ltree;
    die Cpanel::Exception::create( 'MissingParameter', { name => 'rtree' } ) unless $rtree;
    die Cpanel::Exception::create( 'InvalidParameter', "The “[_1]” parameter must be a “[_2]” object.", [ 'ltree', 'Tree::DAG_Node' ] ) unless ( ref $ltree eq 'Tree::DAG_Node' );
    die Cpanel::Exception::create( 'InvalidParameter', "The “[_1]” parameter must be a “[_2]” object.", [ 'rtree', 'Tree::DAG_Node' ] ) unless ( ref $rtree eq 'Tree::DAG_Node' );

    $self->add_timestamp("Start: merge()");

    # start by duplicating the left tree (aka, the merge tree)
    my $root = $ltree->copy_tree;
    my %section_cache;

    # now merge the right tree into the merge tree (top down, as opposed to
    # bottom up)
    $rtree->walk_down(
        {
            _depth   => scalar $rtree->ancestors,
            callback => sub {
                my $node = shift;
                my $name = $node->name();

                my $attr = $node->attribute();
                my $type = $self->get_node_type($node);

                return 1 if $self->is_root_node($node);                                             # the root node is a special container, nothing to merge, move on
                return 1 if $type eq 'setting' && $self->is_excluded_setting( $node, @$exclude );

                if ( $type eq 'section' ) {
                    unless ( $self->get_matching_section( $root, $name ) ) {
                        $root->add_daughter( $self->dup_node($node) ) unless $self->is_root_node($node);
                    }
                }
                elsif ( $type eq 'setting' ) {
                    my $node_section = $self->get_current_section($node);
                    my $merge_section = _get_cache( \%section_cache, $node_section->name() );
                    unless ($merge_section) {
                        $merge_section = $self->get_matching_section( $root, $node_section->name() );
                        _set_cache( \%section_cache, $node_section->name(), $merge_section );
                    }

                    # NOTE: We're reading top-down, so this section should have already been created above
                    unless ($merge_section) {
                        die Cpanel::Exception::create( 'InvalidParameter', "Programmer Error: The left merge tree is unable to merge a setting because it's missing section: “[_1]”.", [ $node_section->name() ] );
                    }

                    my $setting = $self->get_matching_setting( $merge_section, $name, $attr->{value} );

                    if ($setting) {
                        $self->update_node( $setting, $attr );
                    }
                    else {
                        my $dup = $self->dup_node($node);
                        $merge_section->add_daughter($dup);
                    }
                }
                elsif ( $type eq 'filler' ) {

                    # TODO: We're not going to merge blank lines and comments from the right, into the left.
                    #       Why? if there's duplicate settings found, then the comment would be added at
                    #         the end of the current section, and is going to be a dangle (TM) now -- e.g. not
                    #         next to the setting anymore.  Since this would make merging far more
                    #         complex than copying things from "left into right trees", I am leaving this
                    #         alone for now.
                }
                else {
                    die Cpanel::Exception::create( 'InvalidParameter', "Programmer Error: The left merge tree contains an invalid note type: “[_1]”.", [$type] );
                }

                return 1;
            }
        }
    );

    $self->add_timestamp("End: merge()");

    return $root;
}

# Returns a reference to a string that contains a rendered ini file
sub render {
    my ( $self, $tree ) = @_;
    my $str = '';

    die Cpanel::Exception::create( 'MissingParameter', { name => 'tree' } ) unless $tree;
    die Cpanel::Exception::create( 'InvalidParameter', "The “[_1]” parameter must be a “[_2]” object.", [ 'tree', 'Tree::DAG_Node' ] ) unless ( ref $tree eq 'Tree::DAG_Node' );

    $self->add_timestamp("Start: render()");

    # NOTE: use 'callback' not 'callbackback' to ensure we do a top-down traversal
    $tree->walk_down(
        {
            _depth   => scalar $tree->ancestors,
            callback => sub {
                my $node = shift;
                my $type = $self->get_node_type($node);
                my $attr = $node->attribute();

                if ( $type eq 'section' ) {
                    $str .= '[' . $node->name() . "]\n" unless $self->is_root_node($node);
                }
                elsif ( $type eq 'setting' ) {
                    $str .= $attr->{key} . ' = ' . $attr->{value} . "\n";
                }
                elsif ( $type eq 'filler' ) {
                    $str .= $attr->{value};
                }
                else {
                    die Cpanel::Exception::create( 'InvalidParameter', "Programmer Error: The tree being rendered contains an invalid node type: “[_1]”.", [$type] );
                }

                return 1;
            }
        }
    );

    $self->add_timestamp("End: render()");

    return \$str;
}

package ea_convert_php_ini_file;    # This package is used by the suphp conf yum hook script in ea-apache24-config, do not modify it without adjusting that too.

use 5.014;                          # for /a and /r options
use strict;
use warnings;
use Cwd                    ();
use Cpanel::Fcntl          ();
use Cpanel::Exception      ();
use Cpanel::ProgLang::Conf ();
use Cpanel::SysPkgs::SCL   ();

our %Cfg;
our %SysIniCache;                   # store parsed versions of the system ini files to speed up conversion

# Retrieves the root directory of the SCL PHP package.  This is specified
# in the scl prefixes directory.
#
# This is determine which Software Collection based PHP package we're converting
# to.  If the user specified an explicit hint, then try to use that.
# If we can't figure it out, or the user specified an invalid package, then
# give up and spit out an error.
sub get_scl_rootpath {
    my $hint = shift;

    usage("ERROR: You must specify a valid PHP package name.") if ( !$hint || $hint =~ /\Q[\w\-]+\E/a );

    # This must be the directory where the SCL package is installed
    my $path = Cpanel::SysPkgs::SCL::get_scl_prefix($hint);
    die Cpanel::Exception::create( 'InvalidParameter', "The “[_1]” package does not exist or does not conform to the [asis,RedHat] [asis,Software Collection] standard.", 'PHP' ) unless $path;

    return "$path/root";
}

# Determine the SCL package we want to use for the ea3 -> ea4 conversion
sub guess_scl_package {
    my ( $path, $hint ) = @_;

    # TODO: Examine the $path of ini to automatically guess which
    #       PHP package to use (EA-4827).  For example, if the
    #       user specifies an ini file located in /home/joe/public_html,
    #       then be smart enough to pick the php package assigned
    #       to the domain that has that as a docroot.
    #
    #       For now, just explicitly use the $hint or system default

    my $conf = defined $Cfg{state} ? $Cfg{state} : Cpanel::ProgLang::Conf->new( type => 'php' )->get_conf();
    my $package;

    if ( defined $hint && defined $conf->{$hint} ) {
        $package = $hint;
    }
    else {
        $package = $conf->{default};
    }

    die Cpanel::Exception::create( 'FeatureNotEnabled', q{“[_1]” is not installed on the system.}, ['PHP'] ) unless $package;

    return $package;
}

sub get_php_ini {
    my $path = shift;
    my $ini;

    if ( sysopen( my $fh, $path, Cpanel::Fcntl::or_flags(qw( O_NOFOLLOW O_RDONLY )) ) ) {
        binmode $fh, ':utf8';
        if ( -f $fh ) {
            local $/ = undef;
            my $txt = <$fh>;

            my $parser = Parse::PHP::Ini->new();
            $ini = $parser->parse( str => \$txt );
        }
        else {
            warn "Skipping $path. Not a regular file";
        }

        close $fh;
    }
    else {
        warn "Skipping $path.  Failed to open: $!";
    }

    return $ini;
}

sub get_phpd_ini {
    my $phpd   = shift;
    my %args   = @_;
    my $parser = Parse::PHP::Ini->new();
    my $cwd    = Cwd::getcwd;
    my $ini;

    chdir $phpd or die Cpanel::Exception::create( 'IO::ChdirError', { error => $!, path => $phpd } );

    if ( opendir( my $dh, '.' ) ) {
        for my $file ( sort grep { /\.ini$/ } readdir($dh) ) {    # sort asciibetically like PHP does
            my $entry = get_php_ini($file);
            next unless $entry;
            $ini = $ini ? $parser->merge( $ini, $entry ) : $entry;
        }
        closedir $dh;

        $ini = $parser->make_root_node() unless $ini;             # return empty parse tree if empty dir
    }
    else {
        chdir $cwd;
        die Cpanel::Exception::create( 'IO::DirectoryOpenError', { path => $phpd, error => $! } );
    }

    chdir $cwd or die Cpanel::Exception::create( 'IO::DirectoryOpenError', { path => $cwd, error => $! } );

    return $ini;
}

sub get_system_ini {
    my $scl_package = shift;
    my $scl_root    = get_scl_rootpath($scl_package);
    my $ini         = $SysIniCache{$scl_root};
    return $ini if $ini;

    # get default system php.ini file, which MUST exist
    my $path   = "$scl_root/etc/php.ini";
    my $sysini = get_php_ini($path);
    die "ERROR: Failed to read the system default PHP ini file, $path" unless $sysini;

    my $phpd = get_phpd_ini("$scl_root/etc/php.d");

    # now merge all of these ini files together in the correct order
    my $parser = Parse::PHP::Ini->new();
    $ini = $parser->merge( $phpd, $sysini );

    $SysIniCache{$scl_root} = $ini;

    return $ini;
}

sub get_converted_php_ini {
    my ( $path, $scl_package ) = @_;
    my $ini = get_system_ini($scl_package);

    # get user's ini file, but ignore warnings since it may not exist
    my $srcini;
    {
        local $SIG{__WARN__} = sub { };
        $srcini = get_php_ini($path);
    }

    my @exclude = (
        { key => qr/^extension$/i },
        { key => qr/^zend_extension$/i },
        { key => qr/^extension_dir$/i },
    );

    my $parser = Parse::PHP::Ini->new();
    $ini = $parser->merge( $ini, $srcini, exclude => \@exclude ) if $srcini;

    return $ini;
}

sub write_php_ini {
    my ( $ini, $path ) = @_;
    my $parser = Parse::PHP::Ini->new();
    my $txtref = $parser->render($ini);

    die "ERROR: An existing ini file already exists with that name.\n       Remove the file or use the -f option\n" if ( -e $path && !$Cfg{force} );

    # If it exists as a symlink, remove the symlink so we can write it to the proper location
    unlink $path if ( -l $path );

    if ( sysopen( my $fh, $path, Cpanel::Fcntl::or_flags(qw( O_NOFOLLOW O_WRONLY O_TRUNC O_CREAT )) ) ) {
        binmode $fh, ':utf8';

        if ( -f $fh || !-e _ ) {
            print $fh $$txtref;
        }
        else {
            die "ERROR: Attempting to write to an invalid path: $path";
        }

        close $fh;
    }
    else {
        die Cpanel::Exception::create( 'IO::FileOpenError', { path => $path, error => $!, mode => '>' } );
    }

    return 1;
}

sub main {
    my %cfg = @_;

    # remove from cfg hash to ensure we don't duplicate, and
    # possible use the wrong arg
    my $in   = delete $cfg{in};
    my $out  = delete $cfg{out};
    my $hint = delete $cfg{hint};

    %Cfg = %cfg;

    my $scl_package = guess_scl_package( $in, $hint );
    my $ini = get_converted_php_ini( $in, $scl_package );
    write_php_ini( $ini, $out );

    return 1;
}

package ea_convert_php_ini_system;

use strict;
use warnings;
use Cwd                                  ();
use Getopt::Long                         ();
use Cpanel::AccessIds::ReducedPrivileges ();
use Cpanel::ProgLang::Conf               ();
use Cpanel::WebServer                    ();
use Cpanel::WebServer::Userdata          ();
use Cpanel::ProgLang                     ();
use Cpanel::SafeRun::Errors              ();
use Cpanel::Config::userdata             ();
use Cpanel::Version::Tiny                ();
use Cpanel::Version::Compare             ();
use File::Basename                       ();
use Cpanel::Logger                       ();

our $TMPDIR          = '/var/cpanel/tmp';
our $DEFAULT_HANDLER = 'suphp';
our %Cfg;

sub logger {
    my $msg = shift;

    my %log = (
        'message'   => $msg,
        'level'     => 'info',
        'output'    => $Cfg{verbose} ? 1 : 0,
        'service'   => 'ea_convert_php_ini',
        'backtrace' => 0,
        'die'       => 0,
    );

    # use logger() instead of info() so that user can turn verbose on/off
    Cpanel::Logger::logger( \%log );

    return 1;
}

sub usage {
    my $msg = shift;
    my $fh = $msg ? \*STDERR : \*STDOUT;

    print $fh "$msg\n\n" if $msg;
    print $fh "Converts PHP ini files from EA3 to EA4\n";
    print $fh "\nUsage: $0 --action <ini|sys> [OPTIONS]\n\n";
    print $fh "Required:\n";

    #print $fh "   --action ini -i <old.ini> -o <new.ini> # Convert a single ini file\n";
    print $fh "   --action sys                           # Converts ini files in entire system\n";
    print $fh "\n";
    print $fh "Optional arguments:\n";
    print $fh "  -h|--help                        # Show this help output\n";
    print $fh "\n";

    #print $fh "Optional --ini arguments:\n";
    #print $fh "  -t|--hint <php package>          # Choose which package to inherit from\n";
    #print $fh "  -f|--force                       # Overwrite -o argument if the file exists\n";
    #print $fh "\n";
    print $fh "Optional --sys arguments:\n";
    print $fh "  -q|--quiet                       # Only display warnings/errors\n";
    print $fh "  -n|--dryrun                      # Display actions, but don't convert files\n";
    print $fh "\n";
    print $fh "Example:\n";

    #print $fh " $0 -a ini -i php.ini.old -o php.ini -f\n";
    print $fh " $0 -a sys -n -q p -u user1 -u user2\n";

    exit( $msg ? 1 : 0 );
}

# TODO: Use Params::Validate
sub process_args {
    my $argv = shift;

    my %opts = (
        sys => {
            default => {
                verbose => 1,
                dryrun  => 0,
                user    => [],
                hint    => undef,
            },
            opts => {
                'q|quiet'  => sub { $Cfg{verbose} = 0 },
                'n|dryrun' => sub { $Cfg{dryrun}  = 1 },
                'u|user=s@' => sub { shift; push @{ $Cfg{user} }, shift },    # undocumented/unsupported -- convert specific users on system
                't|hint=s' => sub { shift; $Cfg{hint} = shift },              # undocumented/unsupported -- allow conversion to alternate php version
            },
            required => [],
        },
        'ini' => {
            default => {
                force => 0,
                in    => undef,
                out   => undef,
                hint  => undef,
            },
            opts => {
                'f|force' => sub { $Cfg{force} = 1 },
                'i|in=s'   => sub { shift; $Cfg{in}   = shift },
                'o|out=s'  => sub { shift; $Cfg{out}  = shift },
                't|hint=s' => sub { shift; $Cfg{hint} = shift },    # undocumented/unsupported -- convert packages using a diff PHP than sys default
            },
            required => [qw( in out )],
        },
    );

    # determine action type first so that we can validate args based on that action type
    my $action;
    Getopt::Long::Configure('pass_through');
    Getopt::Long::GetOptionsFromArray(
        $argv,
        'h|help'     => sub { usage() },
        'a|action=s' => sub { shift; $action = lc shift },
    );

    usage("ERROR: You must specify a valid action argument") if ( !defined $action || !defined $opts{$action} );
    usage("ERROR: Only supports the 'sys' action") if $action ne 'sys';    # hack until this code is updated to support cmd-line execution

    # apply default settings so user can override
    %Cfg = %{ $opts{$action}->{default} };

    # grab action specific options
    Getopt::Long::GetOptionsFromArray(
        $argv,
        %{ $opts{$action}->{opts} },
    );

    usage("ERROR: The $argv->[0] argument isn't a valid '$action' action") if @$argv;    # in case user passes unsupported 'cmd -- args'

    # ensure required params are passed in
    my %required = map { $_ => 1 } @{ $opts{$action}->{required} };
    my @missing = grep { defined $required{$_} && !defined $Cfg{$_} } keys %Cfg;
    usage("ERROR: You must pass the --$missing[0] argument for the '$action' action") if @missing;

    # get system php version
    my $pg = Cpanel::ProgLang::Conf->new( type => 'php' );
    $Cfg{state}  = $pg->get_conf();
    $Cfg{action} = $action;

    return 1;
}

sub verbose {
    my $msg = shift;
    print "$msg\n" if $Cfg{verbose};
    return 1;
}

# make it exceedingly not fun to run this via the command-line
sub is_manual {
    my $touch = "$TMPDIR/you_take_full_responsibility_do_not_do_this_manually.ea_convert_php_ini";
    my $now   = time;
    my $ctime = ( stat $touch )[10];
    return ( defined $ctime && ( $now - $ctime ) < 30 ? 0 : 1 );
}

sub is_root {    # so we can mock root check
    return ( $> == 0 ? 1 : 0 );
}

# This function ensures conditions 1 and 2 are met as
# defined above (along with being root)
sub sane_or_bail {
    die "ERROR: This will only run during EA3 to EA4 migration" if is_manual();
    die "ERROR: You must be root to run this" unless is_root();

    my $default = $Cfg{state}{default};

    # no default php version defined in the configuration file
    unless ( defined $default ) {
        logger("ERROR: Skipping conversion: The system default PHP version hasn't been configured");
        die "ERROR: Skipping conversion: The system default PHP version hasn't been configured";
    }

    my $handler = $Cfg{state}{$default};

    if ( $handler ne $DEFAULT_HANDLER ) {
        logger("Skipping conversion: The system default PHP version isn't assigned to the '$handler' instead of $DEFAULT_HANDLER");
        die "Skipping conversion: The system default PHP version isn't assigned to the '$handler' instead of $DEFAULT_HANDLER";
    }

    return 1;
}

sub do_rename {
    my ( $old, $new ) = @_;
    return ( $Cfg{dryrun} ? 1 : rename( $old, $new ) );
}

sub do_convert {
    my ( $old, $new ) = @_;
    my $ret;

    if ( $Cfg{dryrun} ) {
        $ret = 1;
    }
    else {
        my %cfg = ( force => 0, in => $old, out => $new, hint => $Cfg{hint}, state => $Cfg{state} );
        eval { ea_convert_php_ini_file::main(%cfg) };
        $ret = $@ ? 0 : 1;
    }

    return $ret;
}

sub convert_ini {
    my $user = shift;
    my $new  = shift;
    my $old  = "$new.ea3.bak";
    my $ret  = 1;

    if ( -s $new ) {
        if ( do_rename( $new, $old ) ) {
            local $@;

            if ( do_convert( $old, $new ) ) {
                logger("[$user] Converted $new for EasyApache 4 compatibility");
            }
            else {
                my $err = "$@" =~ s/^\s*Error:\s*//ir;
                warn "\nWARNING: [$user] Failed to convert $new\n$err\n";
                do_rename( $old, $new );
                $ret = 0;
            }
        }
        else {
            warn "WARNING: [$user] Skipping $new -- Unable to backup: $!";
            $ret = 0;
        }
    }
    else {
        verbose("[$user] Skipping $new -- missing/empty");
    }

    return $ret;
}

# Retrieve the suphp_configpath directory.
# Apache directive syntax: http://httpd.apache.org/docs/current/configuring.html#syntax
# NOTE: This does not take into account usage of trailing '\' to indicate multiple lines
# NOTE: This assumes there's only a single entry path defined
sub get_suphp_configpath {
    my $htaccess = shift;
    my $path;
    my $basedir = File::Basename::dirname($htaccess);

    if ( sysopen( my $fh, $htaccess, Cpanel::Fcntl::or_flags(qw( O_RDONLY )) ) ) {
        while ( !$path && ( my $line = <$fh> ) ) {
            if ( $line =~ /^\s*suPHP_ConfigPath\s*(\S+)\s*$/i ) {
                my $val = "$1";
                next if $val =~ /^\s*\\\s*$/;    # multi-line not supported
                $val =~ s/(?:^['"]+)|(?:['"]*$)//g;
                $val =~ s/\/+$//g;
                $path = "$val/php.ini";
                $path = "$basedir/$path" unless $path =~ /^\//;
            }
        }

        close $fh;
    }

    return $path;
}

# Verifies that a file is within a given directory
sub is_within {
    my ( $path, $basedir ) = @_;
    $basedir =~ s/\/+$//g;
    my $subdir = substr( $path, 0, length($basedir) + 1 );    # grab trailing slash in $path
    return ( $subdir eq "$basedir/" ? 1 : 0 );
}

# Performs some sanity checks/verification on the path specified within
# an .htaccess file.
#
# Expectation: $fullpath is a full path (dirs and all) that points to a file
sub get_safe_path {
    my ( $fullpath, $homedir ) = @_;
    my $safe;

    if ( -f $fullpath ) {
        my $dir = File::Basename::dirname($fullpath);
        my $cwd = Cwd::getcwd;

        if ( chdir $dir ) {    # so abs_path uses correct basedir
            my $ln = readlink($fullpath);
            my $actual = Cwd::abs_path( $ln || $fullpath );
            $safe = $actual if ( $actual && is_within( $actual, $homedir ) );    # don't set $safe if circular symlink
            chdir $cwd or die Cpanel::Exception::create( 'IO::ChdirError', { path => $cwd, error => $! } );
        }
    }

    return $safe;
}

sub convert_user {
    my $user = shift;
    my $php  = Cpanel::ProgLang->new( type => 'php' );
    my $ws   = Cpanel::WebServer->new();
    my $aref = $ws->get_vhost_lang_packages( lang => $php, user => $user );
    my %seen;    # prevent converting the same file repeatedly (e.g. symlinks to same file)
    my $count = 0;

    if ( !@$aref || !$aref->[0]->{homedir} ) {
        warn "WARNING: [$user] Skipping -- The home directory isn't configured in cPanel";
        return -1;
    }

    # first update the php.ini file sitting in the user's home directory (if any)
    my $homedir = $aref->[0]->{homedir};
    my $path    = get_suphp_configpath("$homedir/.htaccess");

    if ($path) {
        my $safe = get_safe_path( $path, $homedir );

        if ($safe) {
            $seen{$safe} = 1;
            $count++ if convert_ini( $user, $safe );
        }
        else {
            verbose("[$user] Skipping home directory -- suPHP_ConfigPath setting doesn't exist or is outside of home directory");
        }
    }
    else {
        verbose("[$user] Skipping home directory -- The suPHP_ConfigPath directive is not defined in an .htaccess file");
    }

    # now perform this same work on each php.ini file within the docroot of the domains
    for my $rec (@$aref) {
        my $docroot = $rec->{documentroot};

        unless ($docroot) {
            warn "WARNING: [$user] Skipping $rec->{vhost}, document root undefined";
            next;
        }

        # if the .htaccess file in home directory is convertible, then
        # all of the documentroots under the home directory are also
        # convertible.
        $path = get_suphp_configpath("$docroot/.htaccess");

        if ($path) {
            my $safe = get_safe_path( $path, $homedir );

            if ($safe) {
                if ( defined $seen{$path} ) {
                    verbose("[$user] Skipping $rec->{vhost} -- Found duplicate ini file");
                }
                else {
                    $seen{$path} = 1;
                    $count++ if convert_ini( $user, $path );
                }
            }
            else {
                verbose("[$user] Skipping $rec->{vhost} -- suPHP_ConfigPath setting does not exist or is outside of home directory");
            }
        }
        else {
            verbose("[$user] Skipping $rec->{vhost} -- The suPHP_ConfigPath directive is not defined in an .htaccess file");
        }
    }

    return $count;
}

# Intent: only convert suphp configured ini files
sub convert_system {
    unlink "$TMPDIR/you_take_full_responsibility_do_not_do_this_manually.ea_convert_php_ini";

    my $aref = Cpanel::Config::userdata::load_user_list();
    my $cnt  = $#{ $Cfg{user} } + 1;                         # micro optimization
    my %lu   = map { $_ => 1 } @{ $Cfg{user} };              # micro optimization

    for my $user (@$aref) {
        next if ( $user eq 'nobody' or $user eq 'root' );
        next if ( $cnt > 0 && !defined $lu{$user} );         # ~3-5% faster with 10k hosts
        my $ud = Cpanel::WebServer::Userdata->new( user => $user );
        my $sub = sub { return convert_user($user) };
        Cpanel::AccessIds::ReducedPrivileges::call_as_user( $sub, $ud->id() );
    }

    return 1;
}

sub main {
    my $argv = shift;

    # Tree::DAG_Node wasn't introduced until 11.56
    if ( Cpanel::Version::Compare::compare( $Cpanel::Version::Tiny::VERSION, '<', '11.56' ) ) {
        warn "ERROR: You should only run this on cPanel & WHM version 11.56 and newer";
        exit 1;
    }

    logger("Beginning EA3 to EA4 php ini conversion");
    process_args($argv);
    sane_or_bail();
    convert_system();
    logger("Completed EA3 to EA4 php ini conversion");

    exit 0;
}

package main;

use strict;
use warnings;
ea_convert_php_ini_system::main( \@ARGV ) unless caller();

1;

__END__
F1l3 Manager
