View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|09764||Feature requests||Plugins||public||2015-07-07 18:00||2015-07-21 18:31|
|Summary||09764: Run Console Applications from within a PHP script|
|Description||We ran into a situation where we had the need to run console applications from within a PHP script. The use case: an application outside of LimeSurvey adds people to the LimeSurvey token table. We already have a console app, that sends invitations to those people. However, console apps can only be run by a cron job or by a system() call in a PHP script. Both are not preferable in our case.|
With limited changes to application/commands/console.php and framework/console/CConsoleApplication.php it is possible to call a console app from within a PHP script. In a follow-up to this bug report I will post the patch that is needed.
|Additional Information||If you are worried about the security: this has no impact, because application/commands/console.php will still be protected from direct calls.|
|Tags||No tags attached.|
The patch is here:
1. Comment out the 2 checks for isset($argv)
2. Add a $app->setCommand to console.php
3. Use a $this->getCommand() in CConsoleApplication.php to run the command
We use this as follows:
$run_console_command = 'invite';
In this way we can do a direct call to the InviteCommand plugin by @Mazi:
But : Remote control API can send invitation/reminder : not needed.
And please : console is made for console ! Security issue .
See the first post: there is no security issue, because application/commands/console.php is not accessible from outside. It is protected by the application/.htaccess.
With respect to the Remote Control API: this requires a login with Admin rights AFAIK. Of course you can script that as well, but putting a plain text password in get_session_key is more of a security risk than calling a console app with require_once, but without password from within a PHP script.
|Besides that: the remote control API does not send Registration mails according to the docs. And this is exactly what we want to do. We slightly adjusted @Mazi's script for that.|
|The patch API to allow sending registration email.|
I can find invite_participants() and remind_participants() in application/helpers/remotecontrol_handle.php
Where is the corresponding function for sending registration emails?
So why not extending the API to support sending registration emails?
That's something I'd definitely support because I can think of lots of use cases.
A, I now see that Denis meant to say 'Then patch the API ...'.
@Mazi: we can do both. The Remote Control API is limited by nature. Only things that have been added to it can be done with it. Console apps can be added quite easily without the need to patch and update LimeSurvey. It could be a good way to test new ideas before submitting them to core.
I really do not see the security issue. If the developer does not declare $run_console_command in a PHP-script and/or does not require_once('path/console.php') nothing has changed. If needed the argv checks could be put back in place and be something like:
if(!isset($_SERVER['argv']) && !isset($run_console_command))
JanE, from my point of view the best approach (which we also followed at similar requests) is:
1. extending the API (remotecontrol.php script) to include the new function
2. test in depth
3. provide a pull request for LS 2.06 (master) and the upcoming LS 3.0
4. update the documentation at https://manual.limesurvey.org/RemoteControl_2_API
That way others benefit from your changes as well and you are future save when updating later.
Sorry, then, not the ....
Yes, API is done to do someting in LimeSurvey
console is here for console
We don't have a feature request to allow API function by plugin ?
Yesterday evening and this morning I had a hell of a job to even get the remote control working properly. /index.php/admin/remotecontrol showed perfectly from outside, but all responses from the remote control API were empty.
Our provider has the feature to clone a VPS to another VPS and to my surprise the RC API worked on the clone. It took a lot of debugging to find the cause: Apache on the testing environment was not listening on IPv6 for the test domain and cUrl was trying to connect over IPv6.
I already had changed the RC handler, but now I finally can start testing it. Work in progress.
I am not sure about the use case for this but:
1. .htaccess is not enough protection (other webservers don't use it).
2. This does not run console applications from PHP, it runs PHP scripts from within another PHP script.
3. If the goal is to use a Yii ConsoleCommand from PHP then there are better solutions; changing the framework code is not an option.
I suggest closing this since changing framework code is not acceptable (and will be reverted the next time we upgrade the framework or when LS3 hits and the framework code is no longer in our repository).
|I cannot close it. I would have done it already if I could, because I am now using the LSRC for the use case.|
Maybe you should "Allow Reporter to close Issue"
FWIW: reporters can only Monitor or End Monitoring. We cannot Assign to, Change status, Stick/unstick, Clone or Close. We can't even Edit the original issue.
|I don't see the Yii framework update ... console.php is done for console not for web.|
|2015-07-07 18:00||JanE||New Issue|
|2015-07-07 18:11||JanE||Note Added: 32638|
|2015-07-07 18:15||DenisChenu||Note Added: 32640|
|2015-07-07 19:01||JanE||Note Added: 32644|
|2015-07-07 19:56||JanE||Note Edited: 32644||View Revisions|
|2015-07-07 19:59||JanE||Note Edited: 32644||View Revisions|
|2015-07-07 20:08||JanE||Note Added: 32645|
|2015-07-07 20:13||DenisChenu||Note Added: 32646|
|2015-07-07 20:33||JanE||Note Added: 32647|
|2015-07-07 20:49||Mazi||Note Added: 32648|
|2015-07-07 21:14||JanE||Note Added: 32649|
|2015-07-08 11:55||Mazi||Note Added: 32651|
|2015-07-08 12:01||DenisChenu||Note Added: 32652|
|2015-07-08 12:22||JanE||Note Added: 32654|
|2015-07-21 15:48||sammousa||Note Added: 32736|
|2015-07-21 15:57||JanE||Note Added: 32737|
|2015-07-21 16:04||JanE||Note Added: 32738|
|2015-07-21 16:09||JanE||Note Added: 32739|
|2015-07-21 17:10||JanE||Note Edited: 32739||View Revisions|
|2015-07-21 18:31||DenisChenu||Note Added: 32740|
|2015-07-21 18:31||DenisChenu||Status||new => closed|
|2015-07-21 18:31||DenisChenu||Assigned To||=> DenisChenu|
|2015-07-21 18:31||DenisChenu||Resolution||open => won't fix|