Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
<?php
// the shared secret, used to sign the POST data (using HMAC with SHA1)
$secret = '----------------';
$command = "cd wp-content/themes/mytheme/ && git stash && git pull";
// receive POST data for signature calculation, don't change!
$post_data = file_get_contents('php://input');
$signature = hash_hmac('sha1', $post_data, $secret);
// required data in headers - probably doesn't need changing
$required_headers = array(
'REQUEST_METHOD' => 'POST',
'HTTP_X_GITHUB_EVENT' => 'push',
'HTTP_USER_AGENT' => 'GitHub-Hookshot/*',
'HTTP_X_HUB_SIGNATURE' => 'sha1=' . $signature,
);
//error_reporting(0);
function log_msg($msg) {
echo $msg."\n";
}
function array_matches($have, $should, $name = 'array') {
$ret = true;
if(is_array($have)) {
foreach($should as $key => $value) {
if(!array_key_exists($key, $have)) {
log_msg("Missing: $key");
$ret = false;
}
else if(is_array($value) && is_array($have[$key])) {
$ret &= array_matches($have[$key], $value);
}
else if(is_array($value) || is_array($have[$key])) {
log_msg("Type mismatch: $key");
$ret = false;
}
else if(!fnmatch($value, $have[$key])) {
log_msg("Failed comparison: $key={$have[$key]} (expected $value)");
$ret = false;
}
}
}
else {
log_msg("Not an array: $name");
$ret = false;
}
return $ret;
}
log_msg("=== Received request from {$_SERVER['REMOTE_ADDR']} ===");
header("Content-Type: text/plain");
$data = json_decode($post_data, true);
// First do all checks and then report back in order to avoid timing attacks
$headers_ok = array_matches($_SERVER, $required_headers, '$_SERVER');
$data_ok = true;
//$data_ok = array_matches($data, $required_data, '$data');
if(!$headers_ok || !$data_ok) {
http_response_code(403);
die("\nForbidden\n");
//log_msg("Access forbidden");
}
exec($command." 2>&1", $output, $return_var);
foreach($output as $line) {
echo "\n".$line;
}
echo "\n\nExit code: ".$return_var;
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.