Upgrading to Version 5.0.10+210723

- since we are not in charge of the app

.github/workflows/test-latest-container-images.yaml

@@ -39,6 +39,9 @@ jobs:
           image-ref: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
           format: 'template'
           template: '@/contrib/sarif.tpl'
+          exit-code: '0'
+          # Since we are not in charge of the Application
+          vuln-type: 'os'
           output: trivy-results-5-${{ matrix.context }}.sarif
           severity: 'CRITICAL,HIGH'
 

.github/workflows/test-lts-container-images.yaml

@@ -39,6 +39,9 @@ jobs:
           image-ref: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
           format: 'template'
           template: '@/contrib/sarif.tpl'
+          exit-code: '0'
+          # Since we are not in charge of the Application
+          vuln-type: 'os'
           output: trivy-results-3-${{ matrix.context }}.sarif
           severity: 'CRITICAL,HIGH'
 

3.0/apache/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.4-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.4+210622'
-ARG sha256_checksum='0333dcce611e06f46bdffc08a052d63dd68ef919860bf811116bf246bd214514'
+ARG version='3.27.8+210721'
+ARG sha256_checksum='5eb216a576649d77cd7c49d23727be809c7f64d85e70b8bdb80b4d2921fb6ab1'
 ARG USER=root
 ARG LISTEN_PORT=80
 
@@ -76,6 +76,7 @@ RUN set -ex; \
 
 WORKDIR /var/www/html
 COPY entrypoint.sh entrypoint.sh
+COPY vhosts-access-log.conf /etc/apache2/conf-enabled/other-vhosts-access-log.conf
 USER $USER
 ENTRYPOINT ["/var/www/html/entrypoint.sh"]
 CMD ["apache2-foreground"]

3.0/apache/entrypoint.sh

@@ -19,6 +19,8 @@ ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
+SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
 
 DEBUG=${DEBUG:-0}
 DEBUG_SQL=${DEBUG_SQL:-0}
@@ -42,7 +44,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -65,7 +67,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -89,10 +91,15 @@ return array(
       'charset' => '$DB_CHARSET',
       'tablePrefix' => '$DB_TABLE_PREFIX',
     ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
     'urlManager' => array(
       'urlFormat' => '$URL_FORMAT',
       'rules' => array(),
-      'showScriptName' => true,
+      'showScriptName' => $SHOW_SCRIPT_NAME,
     ),
     'request' => array(
       'baseUrl' => '$BASE_URL',
@@ -109,17 +116,25 @@ EOF
 
 fi
 
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

3.0/apache/vhosts-access-log.conf

@@ -0,0 +1,3 @@
+SetEnvIF User-Agent "(?i)(check|health|probe)" dontlog
+ErrorLog ${APACHE_LOG_DIR}/error.log
+CustomLog ${APACHE_LOG_DIR}/access.log combined env=!dontlog

3.0/fpm-alpine/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.4-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.4+210622'
-ARG sha256_checksum='0333dcce611e06f46bdffc08a052d63dd68ef919860bf811116bf246bd214514'
+ARG version='3.27.8+210721'
+ARG sha256_checksum='5eb216a576649d77cd7c49d23727be809c7f64d85e70b8bdb80b4d2921fb6ab1'
 
 # Install OS dependencies
 RUN set -ex; \

3.0/fpm-alpine/entrypoint.sh

@@ -19,6 +19,8 @@ ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
+SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
 
 DEBUG=${DEBUG:-0}
 DEBUG_SQL=${DEBUG_SQL:-0}
@@ -35,7 +37,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -58,7 +60,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -82,10 +84,15 @@ return array(
       'charset' => '$DB_CHARSET',
       'tablePrefix' => '$DB_TABLE_PREFIX',
     ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
     'urlManager' => array(
       'urlFormat' => '$URL_FORMAT',
       'rules' => array(),
-      'showScriptName' => true,
+      'showScriptName' => $SHOW_SCRIPT_NAME,
     ),
     'request' => array(
       'baseUrl' => '$BASE_URL',
@@ -102,17 +109,25 @@ EOF
 
 fi
 
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

3.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.4-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.4+210622'
-ARG sha256_checksum='0333dcce611e06f46bdffc08a052d63dd68ef919860bf811116bf246bd214514'
+ARG version='3.27.8+210721'
+ARG sha256_checksum='5eb216a576649d77cd7c49d23727be809c7f64d85e70b8bdb80b4d2921fb6ab1'
 
 # Install OS dependencies
 RUN set -ex; \

3.0/fpm/entrypoint.sh

@@ -19,6 +19,8 @@ ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
+SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
 
 DEBUG=${DEBUG:-0}
 DEBUG_SQL=${DEBUG_SQL:-0}
@@ -35,7 +37,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -58,7 +60,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -82,10 +84,15 @@ return array(
       'charset' => '$DB_CHARSET',
       'tablePrefix' => '$DB_TABLE_PREFIX',
     ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
     'urlManager' => array(
       'urlFormat' => '$URL_FORMAT',
       'rules' => array(),
-      'showScriptName' => true,
+      'showScriptName' => $SHOW_SCRIPT_NAME,
     ),
     'request' => array(
       'baseUrl' => '$BASE_URL',
@@ -102,17 +109,25 @@ EOF
 
 fi
 
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

4.0/apache/entrypoint.sh

@@ -46,7 +46,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -69,7 +69,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -118,7 +118,7 @@ if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
@@ -139,12 +139,14 @@ fi
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

4.0/fpm-alpine/entrypoint.sh

@@ -39,7 +39,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -62,7 +62,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -111,7 +111,7 @@ if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
@@ -132,12 +132,14 @@ fi
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

4.0/fpm/entrypoint.sh

@@ -39,7 +39,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -62,7 +62,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -111,7 +111,7 @@ if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
@@ -132,12 +132,14 @@ fi
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

5.0/apache/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:8-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='5.0.5+210621'
-ARG sha256_checksum='4e2c7b6338fd4422f2a20822b32e128c57bcb0a3073cad4b8b8a9858bbd2d36f'
+ARG version='5.0.10+210723'
+ARG sha256_checksum='e891524865339c2bea2a12f6bca2279150acf9baf80c61fcd34ae9479ee4caea'
 ARG USER=www-data
 ARG LISTEN_PORT=8080
 
@@ -79,6 +79,7 @@ EXPOSE $LISTEN_PORT
 
 WORKDIR /var/www/html
 COPY entrypoint.sh entrypoint.sh
+COPY vhosts-access-log.conf /etc/apache2/conf-enabled/other-vhosts-access-log.conf
 USER $USER
 ENTRYPOINT ["/var/www/html/entrypoint.sh"]
 CMD ["apache2-foreground"]

5.0/apache/entrypoint.sh

@@ -24,6 +24,7 @@ BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
 
 DEBUG=${DEBUG:-0}
 DEBUG_SQL=${DEBUG_SQL:-0}
@@ -47,7 +48,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -70,7 +71,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -94,6 +95,11 @@ return array(
       'charset' => '$DB_CHARSET',
       'tablePrefix' => '$DB_TABLE_PREFIX',
     ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
     'urlManager' => array(
       'urlFormat' => '$URL_FORMAT',
       'rules' => array(),
@@ -114,12 +120,19 @@ EOF
 
 fi
 
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
+fi
+
 # Check if security config already provisioned
 if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
@@ -140,12 +153,14 @@ fi
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

5.0/apache/vhosts-access-log.conf

@@ -0,0 +1,3 @@
+SetEnvIF User-Agent "(?i)(check|health|probe)" dontlog
+ErrorLog ${APACHE_LOG_DIR}/error.log
+CustomLog ${APACHE_LOG_DIR}/access.log combined env=!dontlog

5.0/fpm-alpine/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:8-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='5.0.5+210621'
-ARG sha256_checksum='4e2c7b6338fd4422f2a20822b32e128c57bcb0a3073cad4b8b8a9858bbd2d36f'
+ARG version='5.0.10+210723'
+ARG sha256_checksum='e891524865339c2bea2a12f6bca2279150acf9baf80c61fcd34ae9479ee4caea'
 ARG USER=www-data
 
 # Install OS dependencies

5.0/fpm-alpine/entrypoint.sh

@@ -24,6 +24,7 @@ BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
 
 DEBUG=${DEBUG:-0}
 DEBUG_SQL=${DEBUG_SQL:-0}
@@ -40,7 +41,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -63,7 +64,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -87,6 +88,11 @@ return array(
       'charset' => '$DB_CHARSET',
       'tablePrefix' => '$DB_TABLE_PREFIX',
     ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
     'urlManager' => array(
       'urlFormat' => '$URL_FORMAT',
       'rules' => array(),
@@ -107,12 +113,19 @@ EOF
 
 fi
 
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
+fi
+
 # Check if security config already provisioned
 if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
@@ -133,12 +146,14 @@ fi
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

5.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:8-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='5.0.5+210621'
-ARG sha256_checksum='4e2c7b6338fd4422f2a20822b32e128c57bcb0a3073cad4b8b8a9858bbd2d36f'
+ARG version='5.0.10+210723'
+ARG sha256_checksum='e891524865339c2bea2a12f6bca2279150acf9baf80c61fcd34ae9479ee4caea'
 ARG USER=www-data
 
 # Install OS dependencies

5.0/fpm/entrypoint.sh

@@ -24,6 +24,7 @@ BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
 
 DEBUG=${DEBUG:-0}
 DEBUG_SQL=${DEBUG_SQL:-0}
@@ -40,7 +41,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -63,7 +64,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -87,6 +88,11 @@ return array(
       'charset' => '$DB_CHARSET',
       'tablePrefix' => '$DB_TABLE_PREFIX',
     ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
     'urlManager' => array(
       'urlFormat' => '$URL_FORMAT',
       'rules' => array(),
@@ -107,12 +113,19 @@ EOF
 
 fi
 
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
+fi
+
 # Check if security config already provisioned
 if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
@@ -133,12 +146,14 @@ fi
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME $ADMIN_EMAIL"
 fi
 
 exec "$@"

CONTRIBUTING.md

@@ -24,15 +24,29 @@ It is best to use the upgrade shell script:
 # Check if sha256 is correct
 
 git add 4.0/ && git commit -m 'Upgrading to Version 4.3.13+200824'
-git tag 4.3.13+200824
+git tag 4.3.13-200824
 ```
 
 ## Testing
 
-In order to make sure the image works as promised, some tests are provided:
-
-```bash
-./tests/run.sh
-```
+In order to make sure the image works as promised, some container-structure-tests are provided. The tests require the `container-structure-test` tool to be installed.
 
 For further information:  https://github.com/GoogleContainerTools/container-structure-test
+
+```bash
+make apache-latest
+
+container-structure-test test --image docker.io/martialblog/limesurvey:5-apache --config tests/apache-tests.yaml
+```
+
+```bash
+make fpm-latest
+
+container-structure-test test --image  docker.io/martialblog/limesurvey:5-fpm-alpine --config tests/fpm-alpine-tests.yaml
+```
+
+```bash
+make fpm-alpine-latest
+
+container-structure-test test --image  docker.io/martialblog/limesurvey:5-fpm --config tests/fpm-tests.yaml
+```

README.md

@@ -113,6 +113,7 @@ For further details on the settings see: https://manual.limesurvey.org/Data_encr
 | PUBLIC_URL      | Public URL for public scripts             |
 | BASE_URL        | Application Base URL                      |
 | URL_FORMAT      | URL Format. path or get                   |
+| TABLE_SESSION   | Enable table sessions (true)              |
 | SHOW_SCRIPT_NAME | Script name in URL (true|false). Default: true |
 | DEBUG           | Debug level (0, 1, 2). Default: 0         |
 | DEBUG_SQL       | SQL Debug level (0, 1, 2). Default 0      |
@@ -123,7 +124,7 @@ For further details on the settings see: https://manual.limesurvey.org/Data_encr
 
 For further details on the settings see: https://manual.limesurvey.org/Optional_settings#Advanced_Path_Settings
 
-# Running this Image with docker-compose
+# Running LimeSurvey with docker-compose
 
 The easiest way to get a fully featured and functional setup is using a docker-compose file. Several examples are provided in the [repository](https://github.com/martialblog/docker-limesurvey).
 
@@ -137,6 +138,12 @@ http://localhost:8080/
 http://localhost:8080/index.php/admin
 ```
 
+# Running LimeSurvey with Helm
+
+A Helm Chart for this Image can be used for deployments. Please refer to the Helm Repository for further details:
+
+https://github.com/martialblog/helm-charts
+
 # Upgrade Guide
 
 These guides are only referring to the Docker Image, for details on the application users should consult the [official LimeSurvey documentation](https://manual.limesurvey.org/Upgrading_from_a_previous_version) for details.

nginx-certbot/entrypoint.sh

@@ -1,25 +1,25 @@
 #!/bin/sh
 
-cert_path=/etc/letsencrypt/live/$(echo $HOSTNAMES | awk '{print $1}')
+cert_path=/etc/letsencrypt/live/$(echo "$HOSTNAMES" | awk '{print $1}')
 mkdir -p cert_path
 
 # if there is no certificate yet, get one
 email="--email $CERT_EMAIL"
-if [ -z $CERT_EMAIL ]
+if [ -z "$CERT_EMAIL" ]
 then
     email='--register-unsafely-without-email'
 fi
-if [ ! -e $cert_path/privkey.pem ]
+if [ ! -e "$cert_path/privkey.pem" ]
 then
     names=""
     for h in $HOSTNAMES
     do
-        names=$(echo "$names -d $h")
+        names="$names -d $h"
     done
     echo "Getting new certificate..."
     /usr/bin/curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > /etc/letsencrypt/options-ssl-nginx.conf
     /usr/bin/curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > /etc/letsencrypt/ssl-dhparams.pem
-    /usr/bin/certbot certonly --standalone $names --agree-tos $email
+    /usr/bin/certbot certonly --standalone "$names" --agree-tos "$email"
 fi
 
 nginx -g "daemon off;"

upgrade.sh

@@ -11,12 +11,14 @@ if [ $# -eq 0 ]
 fi
 
 NEW_VERSION=$1
-MAJOR_VERSION=$(echo $NEW_VERSION | cut -c 1 | awk '{print $1".0"}')
-NEW_TAG=$(echo $NEW_VERSION | sed "s/+/-/")
+MAJOR_VERSION="${NEW_VERSION%%.*}.0"
+NEW_TAG="${NEW_VERSION%+*}-${NEW_VERSION#*+}"
 
-grep -qc $NEW_VERSION $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile
+grep -qc "$NEW_VERSION" "$MAJOR_VERSION/apache/Dockerfile" "$MAJOR_VERSION/fpm/Dockerfile" "$MAJOR_VERSION/fpm-alpine/Dockerfile"
 
-if [ $? -eq 0 ]
+GREP_NEW_VERSION_EXIT_CODE=$?
+
+if [ $GREP_NEW_VERSION_EXIT_CODE -eq 0 ]
    then
        echo "Already at version ${NEW_VERSION}"
        exit 0
@@ -28,8 +30,8 @@ wget -P /tmp "https://github.com/LimeSurvey/LimeSurvey/archive/${NEW_VERSION}.ta
 SHA256_CHECKSUM=$(sha256sum "/tmp/${NEW_VERSION}.tar.gz" | awk '{ print $1 }')
 
 # Update lines in the files
-sed -r -i -e "s/[0-9]+(\.[0-9]+)+\+[0-9]+/$NEW_VERSION/" $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile
-sed -r -i -e "s/[A-Fa-f0-9]{64}/$SHA256_CHECKSUM/" $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile
+sed -r -i -e "s/[0-9]+(\.[0-9]+)+\+[0-9]+/$NEW_VERSION/" "$MAJOR_VERSION/apache/Dockerfile" "$MAJOR_VERSION/fpm/Dockerfile" "$MAJOR_VERSION/fpm-alpine/Dockerfile"
+sed -r -i -e "s/[A-Fa-f0-9]{64}/$SHA256_CHECKSUM/" "$MAJOR_VERSION/apache/Dockerfile" "$MAJOR_VERSION/fpm/Dockerfile" "$MAJOR_VERSION/fpm-alpine/Dockerfile"
 
 # After that, check and commit
 echo "git add 3.0 ; git commit -m 'Upgrading to LTS Version ${NEW_VERSION}' && git tag ${NEW_TAG}"