<?php | |
// the shared secret, used to sign the POST data (using HMAC with SHA1) | |
$secret = '----------------'; | |
$command = "cd wp-content/themes/mytheme/ && git stash && git pull"; | |
// receive POST data for signature calculation, don't change! | |
$post_data = file_get_contents('php://input'); | |
$signature = hash_hmac('sha1', $post_data, $secret); | |
// required data in headers - probably doesn't need changing | |
$required_headers = array( | |
'REQUEST_METHOD' => 'POST', | |
'HTTP_X_GITHUB_EVENT' => 'push', | |
'HTTP_USER_AGENT' => 'GitHub-Hookshot/*', | |
'HTTP_X_HUB_SIGNATURE' => 'sha1=' . $signature, | |
); | |
//error_reporting(0); | |
function log_msg($msg) { | |
echo $msg."\n"; | |
} | |
function array_matches($have, $should, $name = 'array') { | |
$ret = true; | |
if(is_array($have)) { | |
foreach($should as $key => $value) { | |
if(!array_key_exists($key, $have)) { | |
log_msg("Missing: $key"); | |
$ret = false; | |
} | |
else if(is_array($value) && is_array($have[$key])) { | |
$ret &= array_matches($have[$key], $value); | |
} | |
else if(is_array($value) || is_array($have[$key])) { | |
log_msg("Type mismatch: $key"); | |
$ret = false; | |
} | |
else if(!fnmatch($value, $have[$key])) { | |
log_msg("Failed comparison: $key={$have[$key]} (expected $value)"); | |
$ret = false; | |
} | |
} | |
} | |
else { | |
log_msg("Not an array: $name"); | |
$ret = false; | |
} | |
return $ret; | |
} | |
log_msg("=== Received request from {$_SERVER['REMOTE_ADDR']} ==="); | |
header("Content-Type: text/plain"); | |
$data = json_decode($post_data, true); | |
// First do all checks and then report back in order to avoid timing attacks | |
$headers_ok = array_matches($_SERVER, $required_headers, '$_SERVER'); | |
$data_ok = true; | |
//$data_ok = array_matches($data, $required_data, '$data'); | |
if(!$headers_ok || !$data_ok) { | |
http_response_code(403); | |
die("\nForbidden\n"); | |
//log_msg("Access forbidden"); | |
} | |
exec($command." 2>&1", $output, $return_var); | |
foreach($output as $line) { | |
echo "\n".$line; | |
} | |
echo "\n\nExit code: ".$return_var; | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment