memo.xight.org

日々のメモ

Drupalのsmtp モジュール + PHPMailerのアップデート

Summary

DrupalのPHPMailerのリモートコード実行脆弱性対策を行う。

sites/all/libraries/PHPMailer

cd sites/all/libraries
git clone https://github.com/PHPMailer/PHPMailer
ln -s PHPMailer phpmailer


sites/all/modules/smtp/smtp.module

include するファイルを class.phpmailer.php から PHPMailerAutoload.php に変更する。

/**
 * Load the PHPMailer library.
 *
 * @return
 *   TRUE if the PHPMailer library is loaded, FALSE otherwise.
 */
function smtp_load_library() {
  // Include the PHPMailer class (which includes the SMTP class).
  if (!class_exists('PHPMailer')) {
	// First try using the libraries module.
	if (module_exists('libraries')) {
	   // $smtp_phpmailer_library = module_invoke('libraries', 'get_path', 'phpmailer') . '/class.phpmailer.php';
	   $smtp_phpmailer_library = module_invoke('libraries', 'get_path', 'phpmailer') . '/PHPMailerAutoload.php';
	 }
	 //If you aren't using libraries, then check a couple other places.
	 else {
	   //Look in the default libraries location
	   // $smtp_phpmailer_library = 'sites/all/libraries/phpmailer/class.phpmailer.php';
	   $smtp_phpmailer_library = 'sites/all/libraries/phpmailer/PHPMailerAutoload.php';
	   //If the default libraries doesn't exist, then try the old module location.
	   if (!file_exists($smtp_phpmailer_library)) {
		 // $smtp_phpmailer_library = drupal_get_path('module', 'smtp') .'/phpmailer/class.phpmailer.php';
		 $smtp_phpmailer_library = drupal_get_path('module', 'smtp') .'/phpmailer/PHPMailerAutoload.php';
	   }
	 }
	 //Now include whatever you found.
	 if (file_exists($smtp_phpmailer_library)) {
		require_once($smtp_phpmailer_library);
	 }
  }
  
  // Tell the caller if PHPMailer class exists.
  return class_exists('PHPMailer');
}


Reference

github.com - PHPMailer
https://github.com/PHPMailer/PHPMailer

Drupal.org - PHPmailer 3rd party library - DRUPAL-SA-PSA-2016-004
https://www.drupal.org/psa-2016-004

Qiita - PHPMailerのリモートコード実行脆弱性(CVE-2016-10033)の影響範囲
http://qiita.com/ichikaway/items/d2d9205c57f35b618951

clang の python binding (libclang-py3) + Python3

Summary

python binding を Python3で動かす。

install

$ pyvenv env
$ source env/bin/activate
$ pip install libclang-py3


dump_tree_py3.py

(http://blog.fenrir-inc.com/jp/2011/07/clang_syntax_analysis_interface_with_python.html)
Macの場合, Xcode.app 内の libclang.dylib を指定すること。

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# python dump_tree_py3.py test.m

import sys
import clang.cindex
from clang.cindex import Config

Config.set_compatibility_check(False)
Config.set_library_file("/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/libclang.dylib")

def visit_node(node, indent=0):
	print('%s%s : %s' % (' ' * indent, node.kind.name, node.spelling))
	for c in node.get_children():
		visit_node(c, indent=indent+1)

index = clang.cindex.Index.create()
tree = index.parse(sys.argv[1])
visit_node(tree.cursor)


実行

$ python dump_tree_py3.py src.c


Reference

llvm-mirror/clang
https://github.com/llvm-mirror/clang/tree/master/bindings/python

BitBucket - Anteru/python3-libclang
https://bitbucket.org/

Fenrir Developer's Blog - 2011-07-11 - Clang の構文解析インターフェースを Python から叩いてみようという話
http://blog.fenrir-inc.com/jp/2011/07/clang_syntax_analysis_interface_with_python.html

脱初心者を目指す - 2015-01-08 - Clangのpython bindingsを使う
http://asdm.hatenablog.com/entry/2015/01/08/170707

StackOverflow - clang_complete: where is the libclang.{so,dylib} in OS X?
http://stackoverflow.com/questions/6000554/clang-complete-where-is-the-libclang-so-dylib-in-os-x

C++でゲームプログラミング - 2014-01-18 - libclang の Python binding を使用する
http://d.hatena.ne.jp/osyo-manga/20140118/1390045795