Commit 5ebbc2df authored by Carsten  Rose's avatar Carsten Rose
Browse files

AutoCron.php: allow https connections with invalid certificate (e.g....

AutoCron.php: allow https connections with invalid certificate (e.g. 'localhost' is not listed as a valid hostname).
Manual.rst: Enhance best practice to setup AutoCron.
parent 2b5db97a
......@@ -6607,10 +6607,13 @@ SYSTEM
AutoCron
--------
The `AutoCron` service fires periodically jobs like `open a webpage` or `send mail`.
The `AutoCron` service fires periodically jobs like `open a webpage` (typically a QFQ page which does some database
actions) or `send mail`.
* Will be triggered via system cron. Minimal time distance is 1 minute.
* Starttime and frequency configureable.
* AutoCron will be triggered via system cron. Minimal time distance therefore is 1 minute. If this is not sufficient,
any process who starts `.../typo3conf/ext/qfq/qfq/external/autocron.php` via `/usr/bin/php` frequently might be used.
* Custom start time and frequency.
* Per job:
* If a job still runs and receives the next trigger, the running job will be completed first.
......@@ -6623,10 +6626,21 @@ The `AutoCron` service fires periodically jobs like `open a webpage` or `send ma
Setup
^^^^^
Setup a system cron entry, typically as the webserver user ('www-data' on debian): ::
* Setup a system cron entry, typically as the webserver user ('www-data' on debian).
* Necessary privileges:
* Read for `.../typo3conf/ext/qfq/*`
* Write, if a logfile should be written (specified per cron job) in the custom specified directory.
Cron task: ::
* * * * * /usr/bin/php /var/www/html/typo3conf/ext/qfq/qfq/external/autocron.php
AutoCron Jobs of type 'website' needs the php.ini setting: ::
allow_url_fopen = On
Create / edit `AutoCron` jobs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
......@@ -6742,11 +6756,36 @@ To check for a successful DB connection, it's a good practice to report a custom
needs to be written in PHP PCRE syntax. For a simple search string, just surround them with '/'.
If the pattern is found on the page, the job get's 'Ok' - else 'Error - ...'.
Access restriction
;;;;;;;;;;;;;;;;;;
To protect AutoCron pages not to be triggered accidental or by unprivileged access, access to those page tree might be
limited to localhost. Some example Typoscript: ::
# Access allowed for any logged in user or via 'localhost'
[usergroup = *] || [IP = 127.0.0.1]
page.10 < styles.content.get
[else]
# Error Message
page.10 = TEXT
page.10.value = <h2>Access denied</h2>Please log in or access this page from an authorized host. Your current IP address:&nbsp;
page.20 = TEXT
page.20.data = getenv : REMOTE_ADDR
[global]
AutoCron / website: HTTPS protocol
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
* For `https` the PHP extension `php_openssl` has to be installed.
* All certificates are accepted, even self signed without a correct chain or hostnames, not listed in the certificate.
This is useful if there is a general 'HTTP >> HTTPS' redirection configured and the website is accessed via `https://localhost/...`
.. _help:
Help
====
General Tips
============
* Does the error happens on every *page* or only on specific one?
* Does the error happens on every *form* or only on specific one?
......
......@@ -334,8 +334,8 @@ Bug Fixes
* #4865 / Pill Dynamic Updates Show / Hide
* #5031 / Missing details in DbException: New definition of SYSTEM_SHOW_DEBUG_INFO: even after config.qfq.ini is parsed
and SIP Infos has been read - if there is no BE User logged in, the value stays on 'auto' (earlier it has been replaced
to 'no'). Staying on 'auto' keeps the information that replacing is still open and not replaced means 'no'-BE User logged in.
and SIP Infos has been read - if there is no BE User logged in, the value stays on 'auto' (earlier it has been replaced
to 'no'). Staying on 'auto' keeps the information that replacing is still open and not replaced means 'no'-BE User logged in.
* #5016 / Loose checkbox value on save - Dirty workaround - better solution necessary.
* #5017 / STORE_RECORD used in FormElement and via '#!report' - save & restore STORE_RECORD.
* #5004 / FormElement with state 'ReadOnly' will be saved with empty value - existing values will be overwritten - fixed.
......@@ -951,7 +951,7 @@ Features
* New security option `escapeTypeDefault`: will be defined 1) sytem wide in config.qfq.ini, or 2) more specific per
Form or 3) individually per variable. The later has priority.
* #3544 / Form: view current form - It's now possible to direct view a form, which is currently loaded/edited in the
FormEditor: Button 'eye' near left of button 'save'.
FormEditor: Button 'eye' near left of button 'save'.
* #3552 / typeAheadLdapSearchPerToken - webpass kann nicht gleichzeitig nach Vornamen und Nachnamen suchen. Added option
typeAheadLdapSearchPerToken to split search value in token and OR-combine every search with the individual tokens.
* Download latest QFQ builds and releases: https://w3.math.uzh.ch/qfq/.
......@@ -1043,7 +1043,7 @@ Bug Fixes
* TypeAhead.js: Handle <ENTER> key properly.
* #3462 / FormElement.parameter: requiredList not ok for non numeric content. STORE_FORM had been called without 'sanatize class'.
Therefore, all non numeric values has been sanatized by default. New: SANATIZE_ALLOW_ALL.
Therefore, all non numeric values has been sanatized by default. New: SANATIZE_ALLOW_ALL.
* Corrected error message to use 'itemList' instead of 'itemValues'. Renamed constant too.
* #2542 / FormElement-Typ 'note' funktioniert nicht mit dynamic update. 'Label' and 'note' are fixed - 'value' is still not updated, open.
......@@ -1084,8 +1084,8 @@ Bug Fixes
* #3419 / typeAheadSql: Array with only one column or non standard columnnames are not handeld properbly.
Detection of missing LIMIT implemented.
* #3425 / Form.parameter, FormElement.parameter: comment handling, trailing & leading spaces
Manual.rst: commented handling of 'comment character' and 'escaping of leading/trailing spaces'
Support.php: new funtion handleEscapeSpaceComment().
Manual.rst: commented handling of 'comment character' and 'escaping of leading/trailing spaces'
Support.php: new funtion handleEscapeSpaceComment().
* Evaluate.php: parse all F|FE.parameter via handleEscapeSpaceComment(). A leading '#' or ' ' might be escaped by '\'.
* Saving 'extra' FE in STORE_SIP has been done with inappropiate FE_NAME. Correct is the pure FE_NAME, without any
extension like recordId. Unessary and broken decoding removed.
......
......@@ -145,7 +145,13 @@ class AutoCron {
}
// Download page
$page = file_get_contents($job[AUTOCRON_CONTENT]);
$ctx = array(
"ssl" => array(
"verify_peer" => false,
"verify_peer_name" => false,
),
);
$page = file_get_contents($job[AUTOCRON_CONTENT], false, stream_context_create($ctx));
if ($page === false) {
$job[AUTOCRON_LAST_STATUS] = htmlspecialchars(AUTOCRON_STATUS_ERROR . 'failed to fetch "' . $job[AUTOCRON_CONTENT] . '"');
......
......@@ -445,7 +445,7 @@ VALUES
(4, 'content', '{{SELECT IF("{{type:FR:alnumx}}"="mail","Mail body","URL") }}', 'show', '', 'text', 'none', 'all', 70,
'extraButtonInfo = Website: URL absolute like "http://..." or relative like "?id=pagealias..."<br>Mail: Static Body or &#123;{SELECT ...&#125;}', '40,4', '', 'yes', '', '', ''),
(4, 'outputFile', 'Log output to file', 'show', '{{SELECT IF("{{type:FR:alnumx}}"="mail","hidden","show") }}', 'text', 'none', 'all', 80, '', '', '', 'yes', '', '', ''),
(4, 'outputFile', 'Log output to file', 'show', '{{SELECT IF("{{type:FR:alnumx}}"="mail","hidden","show") }}', 'text', 'none', 'all', 80, '', '', 'CWD: Site installation directory', 'yes', '', '', ''),
(4, 'outputMode', 'Mode output', 'show', '{{SELECT IF("{{type:FR:alnumx}}"="mail","hidden","show") }}', 'radio', 'specialchar', 'alnumx', 90, 'buttonClass=btn-default', '', '', 'yes', '', '', ''),
(4, 'outputPattern', 'Pattern to look for on output', 'show', '{{SELECT IF("{{type:FR:alnumx}}"="mail","hidden","show") }}', 'text', 'none', 'all', 100, '', '', 'If pattern isn\'t found, return an error.<br>Check <a href="https://secure.php.net/manual/en/pcre.pattern.php">pcre</a> / <a href="https://regexp101.com">regexp101.com</a> ', 'yes', '', '', ''),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment