diff --git a/.puppet/modules/php/manifests/init.pp b/.puppet/modules/php/manifests/init.pp index d9d111b71..d6dd9e328 100644 --- a/.puppet/modules/php/manifests/init.pp +++ b/.puppet/modules/php/manifests/init.pp @@ -17,6 +17,7 @@ class php { include apache + include epel package { 'php': ensure => latest, @@ -24,5 +25,11 @@ class php { require => Package['apache'], } + package { 'php-pecl-xdebug': + ensure => latest, + notify => Service['apache'], + require => Class['epel'], + } + php::phpd { ['error_reporting', 'timezone', 'xdebug_settings' ]: } } diff --git a/doc/installation.md b/doc/installation.md index 27a05ce10..d1b82aff5 100644 --- a/doc/installation.md +++ b/doc/installation.md @@ -11,10 +11,10 @@ thoroughly. * A web server, e.g. Apache or nginx * PHP >= 5.3.0 w/ gettext, intl and OpenSSL support -* MySQL or PostgreSQL PHP libraries when using a database for authentication or for storing preferences into a database * LDAP PHP library when using Active Directory or LDAP for authentication -* Icinga 1.x w/ Livestatus or IDO; Icinga 2.x w/ Livestatus or IDO feature enabled -* MySQL or PostgreSQL PHP libraries when using IDO +* Icinga 1.x w/ IDO; Icinga 2.x w/ IDO feature enabled +* The IDO table prefix must be icinga_ which is the default +* MySQL or PostgreSQL PHP libraries ### PageSpeed Module Incompatibility @@ -22,14 +22,14 @@ It seems that Web 2 is not compatible with the PageSpeed module. Please disable following methods. **Apache**: -```` +``` ModPagespeedDisallow "*/icingaweb2/*" -```` +``` **Nginx**: -```` +``` pagespeed Disallow "*/icingaweb2/*"; -```` +``` ## Installing Icinga Web 2 from Package @@ -55,52 +55,52 @@ You need to add the Icinga repository to your package management configuration f Below is a list with examples for various distributions. **Debian (debmon)**: -```` +``` wget -O - http://debmon.org/debmon/repo.key 2>/dev/null | apt-key add - echo 'deb http://debmon.org/debmon debmon-wheezy main' >/etc/apt/sources.list.d/debmon.list apt-get update -```` +``` **Ubuntu Trusty**: -```` +``` wget -O - http://packages.icinga.org/icinga.key | apt-key add - add-apt-repository 'deb http://packages.icinga.org/ubuntu icinga-trusty main' apt-get update -```` +``` For other Ubuntu versions just replace trusty with your distribution\'s code name. **RHEL and CentOS**: -```` +``` rpm --import http://packages.icinga.org/icinga.key curl -o /etc/yum.repos.d/ICINGA-release.repo http://packages.icinga.org/epel/ICINGA-release.repo yum makecache -```` +``` **Fedora**: -```` +``` rpm --import http://packages.icinga.org/icinga.key curl -o /etc/yum.repos.d/ICINGA-release.repo http://packages.icinga.org/fedora/ICINGA-release.repo yum makecache -```` +``` **SLES 11**: -```` +``` zypper ar http://packages.icinga.org/SUSE/ICINGA-release-11.repo zypper ref -```` +``` **SLES 12**: -```` +``` zypper ar http://packages.icinga.org/SUSE/ICINGA-release.repo zypper ref -```` +``` **openSUSE**: -```` +``` zypper ar http://packages.icinga.org/openSUSE/ICINGA-release.repo zypper ref -```` +``` #### RHEL/CentOS Notes @@ -123,35 +123,35 @@ You can install Icinga Web 2 by using your distribution's package manager to ins Below is a list with examples for various distributions. The additional package `icingacli` is necessary on RPM based systems for being able to follow further steps in this guide. In DEB based systems, the icingacli binary is included in the icingaweb2 package. **Debian and Ubuntu**: -```` +``` apt-get install icingaweb2 -```` +``` For Debian wheezy please read the [package repositories notes](#package-repositories-wheezy-notes). **RHEL, CentOS and Fedora**: -```` +``` yum install icingaweb2 icingacli -```` +``` For RHEL/CentOS please read the [package repositories notes](#package-repositories-rhel-notes). **SLES and openSUSE**: -```` +``` zypper install icingaweb2 icingacli -```` +``` ### Preparing Web Setup You can set up Icinga Web 2 quickly and easily with the Icinga Web 2 setup wizard which is available the first time you visit Icinga Web 2 in your browser. When using the web setup you are required to authenticate using a token. In order to generate a token use the `icingacli`: -```` +``` icingacli setup token create -```` +``` In case you do not remember the token you can show it using the `icingacli`: -```` +``` icingacli setup token show -```` +``` Finally visit Icinga Web 2 in your browser to access the setup wizard and complete the installation: `/icingaweb2/setup`. @@ -173,9 +173,9 @@ There is also a browsable version available at [git.icinga.org](https://git.icinga.org/?p=icingaweb2.git;a=summary "Icinga Web 2 Git Repository"). This version also offers snapshots for easy download which you can use if you do not have git present on your system. -```` +``` git clone git://git.icinga.org/icingaweb2.git -```` +``` ### Installing Requirements from Source @@ -198,41 +198,41 @@ The setup wizard will check the pre-requisites later on. Choose a target directory and move Icinga Web 2 there. -```` +``` mv icingaweb2 /usr/share/icingaweb2 -```` +``` ### Configuring the Web Server Use `icingacli` to generate web server configuration for either Apache or nginx. **Apache**: -```` +``` ./bin/icingacli setup config webserver apache --document-root /usr/share/icingaweb2/public -```` +``` **nginx**: -```` +``` ./bin/icingacli setup config webserver nginx --document-root /usr/share/icingaweb2/public -```` +``` Save the output as new file in your webserver's configuration directory. Example for Apache on RHEL or CentOS: -```` +``` ./bin/icingacli setup config webserver apache --document-root /usr/share/icingaweb2/public > /etc/httpd/conf.d/icingaweb2.conf -```` +``` Example for Apache on SUSE: -```` +``` ./bin/icingacli setup config webserver apache --document-root /usr/share/icingaweb2/public > /etc/apache2/conf.d/icingaweb2.conf -```` +``` Example for Apache on Debian Jessie: -```` +``` ./bin/icingacli setup config webserver apache --document-root /usr/share/icingaweb2/public > /etc/apache2/conf-available/icingaweb2.conf a2enconf icingaweb2 -```` +``` ### Preparing Icinga Web 2 Setup @@ -245,53 +245,53 @@ system group. The web server user and CLI user have to be added to this system g Add the system group `icingaweb2` in the first place. **Fedora, RHEL, CentOS, SLES and OpenSUSE**: -```` +``` groupadd -r icingaweb2 -```` +``` **Debian and Ubuntu**: -```` +``` addgroup --system icingaweb2 -```` +``` Add your web server's user to the system group `icingaweb2` and restart the web server: **Fedora, RHEL and CentOS**: -```` +``` usermod -a -G icingaweb2 apache service httpd restart -```` +``` **SLES and OpenSUSE**: -```` +``` usermod -A icingaweb2 wwwrun service apache2 restart -```` +``` **Debian and Ubuntu**: -```` +``` usermod -a -G icingaweb2 www-data service apache2 restart -```` +``` Use `icingacli` to create the configuration directory which defaults to **/etc/icingaweb2**: -```` +``` ./bin/icingacli setup config directory -```` +``` When using the web setup you are required to authenticate using a token. In order to generate a token use the `icingacli`: -```` +``` ./bin/icingacli setup token create -```` +``` In case you do not remember the token you can show it using the `icingacli`: -```` +``` ./bin/icingacli setup token show -```` +``` ### Icinga Web 2 Setup Wizard @@ -325,7 +325,7 @@ Puppet, Ansible, Chef, etc. modules. Create the database and add a new user as shown below for MySQL: -```` +``` sudo mysql -p CREATE DATABASE icingaweb2; @@ -333,18 +333,18 @@ GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icing quit mysql -p icingaweb2 < /usr/share/icingaweb2/etc/schema/mysql.schema.sql -```` +``` Then generate a new password hash as described in the [authentication docs](authentication.md#authentication-configuration-db-setup) and use it to insert a new user called `icingaadmin` into the database. -```` +``` mysql -p icingaweb2 INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '$1$EzxLOFDr$giVx3bGhVm4lDUAw6srGX1'); quit -```` +``` #### Icinga Web 2 Manual Configuration @@ -352,7 +352,7 @@ quit [resources.ini](resources.md#resources) providing the details for the Icinga Web 2 and Icinga 2 IDO database configuration. Example for MySQL: -```` +``` vim /etc/icingaweb2/resources.ini [icingaweb2] @@ -373,11 +373,11 @@ port = "3306" dbname = "icinga" username = "icinga" password = "icinga" -```` +``` [config.ini](configuration.md#configuration) defining general application settings. -```` +``` vim /etc/icingaweb2/config.ini [logging] @@ -389,60 +389,60 @@ application = "icingaweb2" [preferences] type = "db" resource = "icingaweb2" -```` +``` [authentication.ini](authentication.md#authentication) for e.g. using the previously created database. -```` +``` vim /etc/icingaweb2/authentication.ini [icingaweb2] backend = "db" resource = "icingaweb2" -```` +``` [roles.ini](security.md#security) granting the previously added `icingaadmin` user all permissions. -```` +``` vim /etc/icingaweb2/roles.ini [admins] users = "icingaadmin" permissions = "*" -```` +``` #### Icinga Web 2 Manual Configuration Monitoring Module [config.ini](../modules/monitoring/doc/configuration.md#configuration) defining additional security settings. -```` +``` vim /etc/icingaweb2/modules/monitoring/config.ini [security] protected_customvars = "*pw*,*pass*,community" -```` +``` [backends.ini](../modules/monitoring/doc/configuration.md#configuration) referencing the Icinga 2 DB IDO resource. -```` +``` vim /etc/icingaweb2/modules/monitoring/backends.ini [icinga2] type = "ido" resource = "icinga2" -```` +``` [commandtransports.ini](../modules/monitoring/doc/commandtransports.md#commandtransports) defining the Icinga 2 command pipe. -```` +``` vim /etc/icingaweb2/modules/monitoring/commandtransports.ini [icinga2] transport = "local" path = "/var/run/icinga2/cmd/icinga2.cmd" -```` +``` #### Icinga Web 2 Manual Setup Login @@ -456,11 +456,11 @@ Finally visit Icinga Web 2 in your browser to login as `icingaadmin` user: `/ici Icinga Web 2 Beta 2 introduces access control based on roles for secured actions. If you've already set up Icinga Web 2, you are required to create the file **roles.ini** beneath Icinga Web 2's configuration directory with the following content: -```` +``` [administrators] users = "your_user_name, another_user_name" permissions = "*" -```` +``` After please log out from Icinga Web 2 and log in again for having all permissions granted. diff --git a/library/Icinga/Application/Modules/Module.php b/library/Icinga/Application/Modules/Module.php index b3c567efd..bfe941d70 100644 --- a/library/Icinga/Application/Modules/Module.php +++ b/library/Icinga/Application/Modules/Module.php @@ -1289,7 +1289,7 @@ class Module $class = $implementation; } - Hook::register($name, $implementation, $class); + Hook::register($name, $class, $class); return $this; } diff --git a/library/Icinga/Application/Web.php b/library/Icinga/Application/Web.php index d0535423f..7104080ae 100644 --- a/library/Icinga/Application/Web.php +++ b/library/Icinga/Application/Web.php @@ -87,17 +87,17 @@ class Web extends EmbeddedWeb ->setupNotifications() ->setupRequest() ->setupResponse() - ->setupUserBackendFactory() - ->setupUser() - ->setupTimezone() - ->setupLogger() - ->setupInternationalization() ->setupZendMvc() ->setupModuleManager() ->loadSetupModuleIfNecessary() ->loadEnabledModules() ->setupRoute() - ->setupPagination(); + ->setupPagination() + ->setupUserBackendFactory() + ->setupUser() + ->setupTimezone() + ->setupLogger() + ->setupInternationalization(); } /** diff --git a/library/Icinga/Legacy/DashboardConfig.php b/library/Icinga/Legacy/DashboardConfig.php index 08b564602..54cd3b78f 100644 --- a/library/Icinga/Legacy/DashboardConfig.php +++ b/library/Icinga/Legacy/DashboardConfig.php @@ -77,6 +77,9 @@ class DashboardConfig extends Config public function saveIni($filePath = null, $fileMode = 0660) { parent::saveIni($filePath, $fileMode); + if ($filePath === null) { + $filePath = $this->configFile; + } foreach (static::listConfigFilesForUser($this->user) as $file) { if ($file !== $filePath) { @unlink($file); diff --git a/library/Icinga/Web/LessCompiler.php b/library/Icinga/Web/LessCompiler.php index 3ec48c5b6..acf616d18 100644 --- a/library/Icinga/Web/LessCompiler.php +++ b/library/Icinga/Web/LessCompiler.php @@ -155,18 +155,16 @@ class LessCompiler $moduleCss .= '}'; } - $moduleCss = preg_replace( - '/(\.icinga-module\.module-[^\s]+) (#layout\.[^\s]+)/m', - '\2 \1', - $moduleCss - ); - $this->source .= $moduleCss; if ($this->theme !== null) { $this->source .= file_get_contents($this->theme); } - return $this->lessc->compile($this->source); + return preg_replace( + '/(\.icinga-module\.module-[^\s]+) (#layout\.[^\s]+)/m', + '\2 \1', + $this->lessc->compile($this->source) + ); } } diff --git a/library/Icinga/Web/Navigation/Renderer/NavigationItemRenderer.php b/library/Icinga/Web/Navigation/Renderer/NavigationItemRenderer.php index 0fce5998f..e5866bcbf 100644 --- a/library/Icinga/Web/Navigation/Renderer/NavigationItemRenderer.php +++ b/library/Icinga/Web/Navigation/Renderer/NavigationItemRenderer.php @@ -192,7 +192,7 @@ class NavigationItemRenderer $content = sprintf( '%s', $this->view()->propertiesToString($item->getAttributes()), - $url, + $this->view()->escape($url->getAbsoluteUrl('&')), $this->renderTargetAttribute(), $label ); @@ -218,7 +218,7 @@ class NavigationItemRenderer protected function renderTargetAttribute() { $target = $this->getItem()->getTarget(); - if ($target === null) { + if ($target === null || $this->getItem()->getUrl()->getAbsoluteUrl() == '#') { return ''; } diff --git a/library/Icinga/Web/Widget/FilterEditor.php b/library/Icinga/Web/Widget/FilterEditor.php index 8457c905d..d6f186fdd 100644 --- a/library/Icinga/Web/Widget/FilterEditor.php +++ b/library/Icinga/Web/Widget/FilterEditor.php @@ -714,7 +714,7 @@ class FilterEditor extends AbstractWidget } else { $title = t('Modify this filter'); if (! $this->filter->isEmpty()) { - $title .= ': ' . $this->filter; + $title .= ': ' . $this->view()->escape($this->filter); } } return $html @@ -732,7 +732,7 @@ class FilterEditor extends AbstractWidget public function render() { if (! $this->preservedUrl()->getParam('modifyFilter')) { - return '
' . $this->renderSearch() . $this->shorten($this->filter, 50) . '
'; + return '
' . $this->renderSearch() . $this->view()->escape($this->shorten($this->filter, 50)) . '
'; } return '
' . $this->renderSearch() diff --git a/modules/monitoring/application/views/helpers/PluginOutput.php b/modules/monitoring/application/views/helpers/PluginOutput.php index 163dd2b14..1ccc8f866 100644 --- a/modules/monitoring/application/views/helpers/PluginOutput.php +++ b/modules/monitoring/application/views/helpers/PluginOutput.php @@ -33,7 +33,7 @@ class Zend_View_Helper_PluginOutput extends Zend_View_Helper_Abstract return ''; } $output = preg_replace('~]*>~', "\n", $output); - if (strlen($output) > strlen(strip_tags($output))) { + if (preg_match('~<[^>]*["/\'][^>]*>~', $output)) { // HTML $output = preg_replace( '~ .controls { z-index: 3; - > * { - margin-left: @gutter !important; - margin-right: @gutter !important; + padding-left: @gutter; + padding-right: @gutter; + + > .tabs { + // Remove gutter for tabs + margin-left: -1 * @gutter; + margin-right: -1 * @gutter; } } - - // 1em gutter of containers is maintained by padding of content and margin of every element in controls. We're not - // setting padding to .container because else horizontally scrolled .content may overflow .controls when scrolled - // vertically } } diff --git a/public/css/icinga/mixins.less b/public/css/icinga/mixins.less index 1ab28033d..40d98f457 100644 --- a/public/css/icinga/mixins.less +++ b/public/css/icinga/mixins.less @@ -41,11 +41,6 @@ } } -.invisible { - // Maintain layout but hide visually and from screen readers - visibility: hidden; -} - .opacity(@opacity: 0.6) { -webkit-opacity: @opacity; -moz-opacity: @opacity; @@ -77,10 +72,6 @@ transition: @transition; } -.visible { - visibility: visible; -} - // Fadein animation /* Chrome, WebKit */ diff --git a/public/css/icinga/spinner.less b/public/css/icinga/spinner.less index 29d3763db..117c32bea 100644 --- a/public/css/icinga/spinner.less +++ b/public/css/icinga/spinner.less @@ -20,10 +20,10 @@ div.spinner { vertical-align: middle; i { - .invisible(); + visibility: hidden; &.active { - .visible(); + visibility: visible; &:before { .animate(spin 2s infinite linear); diff --git a/public/js/icinga/loader.js b/public/js/icinga/loader.js index fbbce393a..8a6bf7ffe 100644 --- a/public/js/icinga/loader.js +++ b/public/js/icinga/loader.js @@ -711,7 +711,7 @@ c += ' persist'; } var $notice = $( - '
  • ' + message + '
    • ' + '
  • ' + this.icinga.utils.escape(message) + '
    • ' ).appendTo($('#notifications')); this.icinga.ui.fixControls(); diff --git a/public/js/icinga/ui.js b/public/js/icinga/ui.js index 9b6f7663c..a797aab1f 100644 --- a/public/js/icinga/ui.js +++ b/public/js/icinga/ui.js @@ -360,7 +360,7 @@ if (loading === '') { loading = '
    Loading:
    '; } - loading += el + ' => ' + req.url; + loading += el + ' => ' + encodeURI(req.url); }); $('#responsive-debug').html( diff --git a/public/js/icinga/utils.js b/public/js/icinga/utils.js index b3b6a9527..dea9c37ed 100644 --- a/public/js/icinga/utils.js +++ b/public/js/icinga/utils.js @@ -371,6 +371,21 @@ return encodeURIComponent(str).replace(/[()]/g, function(c) { return '%' + c.charCodeAt(0).toString(16); }); + }, + + escape: function (str) { + return String(str).replace( + /[&<>"']/gm, + function (c) { + return { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''' + }[c]; + } + ); } };