Index: typo3/sysext/reports/mod/index.php =================================================================== --- typo3/sysext/reports/mod/index.php (revision 6520) +++ typo3/sysext/reports/mod/index.php (working copy) @@ -21,11 +21,6 @@ * * This copyright notice MUST APPEAR in all copies of the script! ***************************************************************/ -/** - * [CLASS/FUNCTION INDEX of SCRIPT] - * - * Hint: use extdeveval to insert/update function index above. - */ $LANG->includeLLFile('EXT:reports/mod/locallang.xml'); @@ -36,9 +31,11 @@ /** * Module 'Reports' for the 'reports' extension. * - * @author Ingo Renner - * @package TYPO3 + * @author Ingo Renner + * @package TYPO3 * @subpackage tx_reports + * + * $Id$ */ class tx_reports_Module extends t3lib_SCbase { Index: typo3/sysext/reports/interfaces/interface.tx_reports_report.php =================================================================== --- typo3/sysext/reports/interfaces/interface.tx_reports_report.php (revision 6520) +++ typo3/sysext/reports/interfaces/interface.tx_reports_report.php (working copy) @@ -29,9 +29,11 @@ /** * Interface for classes which provide a report. * - * @author Ingo Renner - * @package TYPO3 - * @subpackage tx_reports + * @author Ingo Renner + * @package TYPO3 + * @subpackage tx_reports + * + * $Id$ */ interface tx_reports_Report { Index: typo3/sysext/reports/interfaces/interface.tx_reports_statusprovider.php =================================================================== --- typo3/sysext/reports/interfaces/interface.tx_reports_statusprovider.php (revision 6520) +++ typo3/sysext/reports/interfaces/interface.tx_reports_statusprovider.php (working copy) @@ -29,9 +29,11 @@ /** * Interface for classes which provide a status report entry. * - * @author Ingo Renner - * @package TYPO3 - * @subpackage tx_reports + * @author Ingo Renner + * @package TYPO3 + * @subpackage tx_reports + * + * $Id$ */ interface tx_reports_StatusProvider { Index: typo3/sysext/reports/reports/status/class.tx_reports_reports_status_configurationstatus.php =================================================================== --- typo3/sysext/reports/reports/status/class.tx_reports_reports_status_configurationstatus.php (revision 6520) +++ typo3/sysext/reports/reports/status/class.tx_reports_reports_status_configurationstatus.php (working copy) @@ -1,185 +1,187 @@ - -* All rights reserved -* -* This script is part of the TYPO3 project. The TYPO3 project is -* free software; you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation; either version 2 of the License, or -* (at your option) any later version. -* -* The GNU General Public License can be found at -* http://www.gnu.org/copyleft/gpl.html. -* -* This script is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* This copyright notice MUST APPEAR in all copies of the script! -***************************************************************/ - - -/** - * Performs some checks about the install tool protection status - * - * @author Ingo Renner - * @package TYPO3 - * @subpackage reports - */ -class tx_reports_reports_status_ConfigurationStatus implements tx_reports_StatusProvider { - - /** - * Determines the Install Tool's status, mainly concerning its protection. - * - * @see typo3/sysext/reports/interfaces/tx_reports_StatusProvider::getStatus() - */ - public function getStatus() { - $statuses = array( - 'emptyReferenceIndex' => $this->getReferenceIndexStatus(), - - ); - - if ($this->isMemcachedUsed()) { - $statuses['memcachedConnection'] = $this->getMemcachedConnectionStatus(); - } - - return $statuses; - } - - /** - * Checks if sys_refindex is empty. - * - * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether the reference index is empty or not - */ - protected function getReferenceIndexStatus() { - $value = $GLOBALS['LANG']->getLL('status_ok'); - $message = ''; - $severity = tx_reports_reports_status_Status::OK; - - $count = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows('*', 'sys_refindex'); - - if (!$count) { - $value = $GLOBALS['LANG']->getLL('status_empty'); - $severity = tx_reports_reports_status_Status::WARNING; - - $url = 'sysext/lowlevel/dbint/index.php?&id=0&SET[function]=refindex'; - $message = sprintf( - $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.backend_reference'), - '', - '' - ); - } - - return t3lib_div::makeInstance('tx_reports_reports_status_Status', - $GLOBALS['LANG']->getLL('status_referenceIndex'), $value, $message, $severity - ); - } - - /** - * Checks whether memcached is configured, if that's the case we asume it's also used. - * - * @return boolean True if memcached is used, false otherwise. - */ - protected function isMemcachedUsed() { - $memcachedUsed = false; - - $memcachedServers = $this->getConfiguredMemcachedServers(); - if (count($memcachedServers)) { - $memcachedUsed = true; - } - - return $memcachedUsed; - } - - /** - * Gets the configured memcached server connections. - * - * @return array An array of configured memcached server connections. - */ - protected function getConfiguredMemcachedServers() { - $memcachedServers = array(); - - if (is_array($GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations'])) { - foreach ($GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations'] as $table => $conf) { - if (is_array($conf)) { - foreach ($conf as $key => $value) { - if (!is_array($value) && $value === 't3lib_cache_backend_MemcachedBackend') { - $memcachedServers = $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations'][$table]['options']['servers']; - break; - } - } - } - } - } - - return $memcachedServers; - } - - /** - * Checks whether TYPO3 can connect to the configured memcached servers. - * - * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether TYPO3 can connect to the configured memcached servers - */ - protected function getMemcachedConnectionStatus() { - $value = $GLOBALS['LANG']->getLL('status_ok'); - $message = ''; - $severity = tx_reports_reports_status_Status::OK; - - $failedConnections = array(); - $defaultMemcachedPort = ini_get('memcache.default_port'); - $memcachedServers = $this->getConfiguredMemcachedServers(); - - if (function_exists('memcache_connect') && is_array($memcachedServers)) { - foreach ($memcachedServers as $testServer) { - $configuredServer = $testServer; - if (substr($testServer, 0, 7) == 'unix://') { - $host = $testServer; - $port = 0; - } else { - if (substr($testServer, 0, 6) === 'tcp://') { - $testServer = substr($testServer, 6); - } - if (strstr($testServer, ':') !== FALSE) { - list($host, $port) = explode(':', $testServer, 2); - } else { - $host = $testServer; - $port = $defaultMemcachedPort; - } - } - $memcachedConnection = @memcache_connect($host, $port); - if ($memcachedConnection != null) { - memcache_close($memcachedConnection); - } else { - $failedConnections[] = $configuredServer; - } - } - } - - if (count($failedConnections)) { - $value = $GLOBALS['LANG']->getLL('status_connectionFailed'); - $severity = tx_reports_reports_status_Status::WARNING; - - $message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.memcache_not_usable') - . '

' - . '
  • ' - . implode('
  • ', $failedConnections) - . '
'; - } - - return t3lib_div::makeInstance('tx_reports_reports_status_Status', - $GLOBALS['LANG']->getLL('status_memcachedConfiguration'), $value, $message, $severity - ); - } - -} - - -if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/reports/reports/status/class.tx_reports_reports_status_installtoolstatus.php']) { - include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/reports/reports/status/class.tx_reports_reports_status_installtoolstatus.php']); -} - + +* All rights reserved +* +* This script is part of the TYPO3 project. The TYPO3 project is +* free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation; either version 2 of the License, or +* (at your option) any later version. +* +* The GNU General Public License can be found at +* http://www.gnu.org/copyleft/gpl.html. +* +* This script is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* This copyright notice MUST APPEAR in all copies of the script! +***************************************************************/ + + +/** + * Performs some checks about the install tool protection status + * + * @author Ingo Renner + * @package TYPO3 + * @subpackage reports + * + * $Id$ + */ +class tx_reports_reports_status_ConfigurationStatus implements tx_reports_StatusProvider { + + /** + * Determines the Install Tool's status, mainly concerning its protection. + * + * @return array List of statuses + * @see typo3/sysext/reports/interfaces/tx_reports_StatusProvider::getStatus() + */ + public function getStatus() { + $statuses = array( + 'emptyReferenceIndex' => $this->getReferenceIndexStatus(), + ); + + if ($this->isMemcachedUsed()) { + $statuses['memcachedConnection'] = $this->getMemcachedConnectionStatus(); + } + + return $statuses; + } + + /** + * Checks if sys_refindex is empty. + * + * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether the reference index is empty or not + */ + protected function getReferenceIndexStatus() { + $value = $GLOBALS['LANG']->getLL('status_ok'); + $message = ''; + $severity = tx_reports_reports_status_Status::OK; + + $count = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows('*', 'sys_refindex'); + + if (!$count) { + $value = $GLOBALS['LANG']->getLL('status_empty'); + $severity = tx_reports_reports_status_Status::WARNING; + + $url = 'sysext/lowlevel/dbint/index.php?&id=0&SET[function]=refindex'; + $message = sprintf( + $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.backend_reference'), + '', + '' + ); + } + + return t3lib_div::makeInstance('tx_reports_reports_status_Status', + $GLOBALS['LANG']->getLL('status_referenceIndex'), $value, $message, $severity + ); + } + + /** + * Checks whether memcached is configured, if that's the case we asume it's also used. + * + * @return boolean True if memcached is used, false otherwise. + */ + protected function isMemcachedUsed() { + $memcachedUsed = FALSE; + + $memcachedServers = $this->getConfiguredMemcachedServers(); + if (count($memcachedServers)) { + $memcachedUsed = TRUE; + } + + return $memcachedUsed; + } + + /** + * Gets the configured memcached server connections. + * + * @return array An array of configured memcached server connections. + */ + protected function getConfiguredMemcachedServers() { + $memcachedServers = array(); + + if (is_array($GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations'])) { + foreach ($GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations'] as $table => $conf) { + if (is_array($conf)) { + foreach ($conf as $key => $value) { + if (!is_array($value) && $value === 't3lib_cache_backend_MemcachedBackend') { + $memcachedServers = $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations'][$table]['options']['servers']; + break; + } + } + } + } + } + + return $memcachedServers; + } + + /** + * Checks whether TYPO3 can connect to the configured memcached servers. + * + * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether TYPO3 can connect to the configured memcached servers + */ + protected function getMemcachedConnectionStatus() { + $value = $GLOBALS['LANG']->getLL('status_ok'); + $message = ''; + $severity = tx_reports_reports_status_Status::OK; + + $failedConnections = array(); + $defaultMemcachedPort = ini_get('memcache.default_port'); + $memcachedServers = $this->getConfiguredMemcachedServers(); + + if (function_exists('memcache_connect') && is_array($memcachedServers)) { + foreach ($memcachedServers as $testServer) { + $configuredServer = $testServer; + if (substr($testServer, 0, 7) == 'unix://') { + $host = $testServer; + $port = 0; + } else { + if (substr($testServer, 0, 6) === 'tcp://') { + $testServer = substr($testServer, 6); + } + if (strstr($testServer, ':') !== FALSE) { + list($host, $port) = explode(':', $testServer, 2); + } else { + $host = $testServer; + $port = $defaultMemcachedPort; + } + } + $memcachedConnection = @memcache_connect($host, $port); + if ($memcachedConnection != null) { + memcache_close($memcachedConnection); + } else { + $failedConnections[] = $configuredServer; + } + } + } + + if (count($failedConnections)) { + $value = $GLOBALS['LANG']->getLL('status_connectionFailed'); + $severity = tx_reports_reports_status_Status::WARNING; + + $message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.memcache_not_usable') + . '

' + . '
  • ' + . implode('
  • ', $failedConnections) + . '
'; + } + + return t3lib_div::makeInstance('tx_reports_reports_status_Status', + $GLOBALS['LANG']->getLL('status_memcachedConfiguration'), $value, $message, $severity + ); + } + +} + + +if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/reports/reports/status/class.tx_reports_reports_status_installtoolstatus.php']) { + include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/reports/reports/status/class.tx_reports_reports_status_installtoolstatus.php']); +} + ?> \ No newline at end of file Property changes on: typo3/sysext/reports/reports/status/class.tx_reports_reports_status_configurationstatus.php ___________________________________________________________________ Name: svn:mime-type + text/plain Name: svn:keywords + Id Revision Name: svn:eol-style + LF Index: typo3/sysext/reports/reports/status/class.tx_reports_reports_status_securitystatus.php =================================================================== --- typo3/sysext/reports/reports/status/class.tx_reports_reports_status_securitystatus.php (revision 6520) +++ typo3/sysext/reports/reports/status/class.tx_reports_reports_status_securitystatus.php (working copy) @@ -1,275 +1,278 @@ - -* All rights reserved -* -* This script is part of the TYPO3 project. The TYPO3 project is -* free software; you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation; either version 2 of the License, or -* (at your option) any later version. -* -* The GNU General Public License can be found at -* http://www.gnu.org/copyleft/gpl.html. -* -* This script is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* This copyright notice MUST APPEAR in all copies of the script! -***************************************************************/ - - -/** - * Performs several checks about the system's health - * - * @author Ingo Renner - * @package TYPO3 - * @subpackage reports - */ -class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvider { - - /** - * Determines the Install Tool's status, mainly concerning its protection. - * - * @see typo3/sysext/reports/interfaces/tx_reports_StatusProvider::getStatus() - */ - public function getStatus() { - $this->executeAdminCommand(); - - $statuses = array( - 'adminUserAccount' => $this->getAdminAccountStatus(), - 'encryptionKeyEmpty' => $this->getEncryptionKeyStatus(), - 'fileDenyPattern' => $this->getFileDenyPatternStatus(), - 'htaccessUpload' => $this->getHtaccessUploadStatus(), - 'installToolEnabled' => $this->getInstallToolProtectionStatus(), - 'installToolPassword' => $this->getInstallToolPasswordStatus(), - ); - - return $statuses; - } - - /** - * Checks whether a an BE user account named admin with default password exists. - * - * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether a default admin account exists - */ - protected function getAdminAccountStatus() { - $value = $GLOBALS['LANG']->getLL('status_ok'); - $message = ''; - $severity = tx_reports_reports_status_Status::OK; - - $whereClause = 'username = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('admin', 'be_users') - . ' AND password = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('5f4dcc3b5aa765d61d8327deb882cf99', 'be_users') - . t3lib_BEfunc::deleteClause('be_users'); - $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery( - 'uid, username, password', - 'be_users', - $whereClause - ); - if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) { - $value = $GLOBALS['LANG']->getLL('status_insecure'); - $severity = tx_reports_reports_status_Status::ERROR; - - $editUserAccountUrl = 'alt_doc.php?returnUrl=index.php&edit[be_users][' . $row['uid'] . ']=edit'; - $message = sprintf( - $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.backend_admin'), - '', - '' - ); - } - $GLOBALS['TYPO3_DB']->sql_free_result($res); - - return t3lib_div::makeInstance('tx_reports_reports_status_Status', - $GLOBALS['LANG']->getLL('status_adminUserAccount'), $value, $message, $severity - ); - } - - /** - * Checks whether the encryption key is empty. - * - * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether the encryption key is empty or not - */ - protected function getEncryptionKeyStatus() { - $value = $GLOBALS['LANG']->getLL('status_ok'); - $message = ''; - $severity = tx_reports_reports_status_Status::OK; - - if (empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'])) { - $value = $GLOBALS['LANG']->getLL('status_insecure'); - $severity = tx_reports_reports_status_Status::ERROR; - - $url = 'install/index.php?redirect_url=index.php' - . urlencode('?TYPO3_INSTALL[type]=config#set_encryptionKey'); - - $message = sprintf( - $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_encryption'), - '', - '' - ); - } - - return t3lib_div::makeInstance('tx_reports_reports_status_Status', - $GLOBALS['LANG']->getLL('status_encryptionKey'), $value, $message, $severity - ); - } - - /** - * Checks if fileDenyPattern was changed which is dangerous on Apache - * - * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether the file deny pattern has changed - */ - protected function getFileDenyPatternStatus() { - $value = $GLOBALS['LANG']->getLL('status_ok'); - $message = ''; - $severity = tx_reports_reports_status_Status::OK; - - if ($GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] != FILE_DENY_PATTERN_DEFAULT) { - $value = $GLOBALS['LANG']->getLL('status_insecure'); - $severity = tx_reports_reports_status_Status::ERROR; - - $url = 'install/index.php?redirect_url=index.php' - . urlencode('?TYPO3_INSTALL[type]=config#set_encryptionKey'); - - $message = sprintf( - $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_pattern'), - '
'
-				. htmlspecialchars(FILE_DENY_PATTERN_DEFAULT)
-				. '

' - ); - } - - return t3lib_div::makeInstance('tx_reports_reports_status_Status', - $GLOBALS['LANG']->getLL('status_fileDenyPattern'), $value, $message, $severity - ); - } - - /** - * Checks if fileDenyPattern allows to upload .htaccess files which is - * dangerous on Apache. - * - * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether it's possible to upload .htaccess files - */ - protected function getHtaccessUploadStatus() { - $value = $GLOBALS['LANG']->getLL('status_ok'); - $message = ''; - $severity = tx_reports_reports_status_Status::OK; - - if ($GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] != FILE_DENY_PATTERN_DEFAULT && t3lib_div::verifyFilenameAgainstDenyPattern('.htaccess')) { - $value = $GLOBALS['LANG']->getLL('status_insecure'); - $severity = tx_reports_reports_status_Status::ERROR; - $message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_htaccess'); - } - - return t3lib_div::makeInstance('tx_reports_reports_status_Status', - $GLOBALS['LANG']->getLL('status_htaccessUploadProtection'), $value, $message, $severity - ); - } - - /** - * Checks whether memcached is configured, if that's the case we asume it's also used. - * - * @return boolean True if memcached is used, false otherwise. - */ - protected function isMemcachedUsed() { - $memcachedUsed = false; - - $memcachedServers = $this->getConfiguredMemcachedServers(); - if (count($memcachedServers)) { - $memcachedUsed = true; - } - - return $memcachedUsed; - } - - - /** - * Executes commands like removing the Install Tool enable file. - * - * @return void - */ - protected function executeAdminCommand() { - $command = t3lib_div::_GET('adminCmd'); - - switch($command) { - case 'remove_ENABLE_INSTALL_TOOL': - unlink(PATH_site . 'typo3conf/ENABLE_INSTALL_TOOL'); - break; - } - } - - /** - * Checks whether the Install Tool password is set to its default value. - * - * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing the security of the install tool password - */ - protected function getInstallToolPasswordStatus() { - $value = $GLOBALS['LANG']->getLL('status_ok'); - $message = ''; - $severity = tx_reports_reports_status_Status::OK; - - if ($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'] == md5('joh316')) { - $value = $GLOBALS['LANG']->getLL('status_insecure'); - $severity = tx_reports_reports_status_Status::ERROR; - - $changeInstallToolPasswordUrl = 'install/index.php?redirect_url=index.php' - . urlencode('?TYPO3_INSTALL[type]=about'); - - $message = sprintf( - $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_password'), - '', - '' - ); - } - - return t3lib_div::makeInstance('tx_reports_reports_status_Status', - $GLOBALS['LANG']->getLL('status_installToolPassword'), $value, $message, $severity - ); - } - - - - /** - * Checks for the existance of the ENABLE_INSTALL_TOOL file. - * - * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether ENABLE_INSTALL_TOOL exists - */ - protected function getInstallToolProtectionStatus() { - $enableInstallToolFile = PATH_site . 'typo3conf/ENABLE_INSTALL_TOOL'; - $value = $GLOBALS['LANG']->getLL('status_disabled'); - $message = ''; - $severity = tx_reports_reports_status_Status::OK; - - $enableInstallToolFileExists = is_file($enableInstallToolFile); - - if ($enableInstallToolFileExists || ($enableInstallToolFileExists && trim(file_get_contents($enableInstallToolFile)) === 'KEEP_FILE')) { - $value = $GLOBALS['LANG']->getLL('status_enabled'); - $severity = tx_reports_reports_status_Status::WARNING; - - $disableInstallToolUrl = t3lib_div::getIndpEnv('TYPO3_REQUEST_URL') - . '&adminCmd=remove_ENABLE_INSTALL_TOOL'; - - $message = sprintf( - $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled'), - '' . $enableInstallToolFile . ''); - $message .= ' ' - . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled_cmd') - . ''; - } - - return t3lib_div::makeInstance('tx_reports_reports_status_Status', - $GLOBALS['LANG']->getLL('status_installTool'), $value, $message, $severity - ); - } - -} - - -if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/reports/reports/status/class.tx_reports_reports_status_systemstatus.php']) { - include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/reports/reports/status/class.tx_reports_reports_status_systemstatus.php']); -} - + +* All rights reserved +* +* This script is part of the TYPO3 project. The TYPO3 project is +* free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation; either version 2 of the License, or +* (at your option) any later version. +* +* The GNU General Public License can be found at +* http://www.gnu.org/copyleft/gpl.html. +* +* This script is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* This copyright notice MUST APPEAR in all copies of the script! +***************************************************************/ + + +/** + * Performs several checks about the system's health + * + * @author Ingo Renner + * @package TYPO3 + * @subpackage reports + * + * $Id$ + */ +class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvider { + + /** + * Determines the Install Tool's status, mainly concerning its protection. + * + * @return array List of statuses + * @see typo3/sysext/reports/interfaces/tx_reports_StatusProvider::getStatus() + */ + public function getStatus() { + $this->executeAdminCommand(); + + $statuses = array( + 'adminUserAccount' => $this->getAdminAccountStatus(), + 'encryptionKeyEmpty' => $this->getEncryptionKeyStatus(), + 'fileDenyPattern' => $this->getFileDenyPatternStatus(), + 'htaccessUpload' => $this->getHtaccessUploadStatus(), + 'installToolEnabled' => $this->getInstallToolProtectionStatus(), + 'installToolPassword' => $this->getInstallToolPasswordStatus(), + ); + + return $statuses; + } + + /** + * Checks whether a an BE user account named admin with default password exists. + * + * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether a default admin account exists + */ + protected function getAdminAccountStatus() { + $value = $GLOBALS['LANG']->getLL('status_ok'); + $message = ''; + $severity = tx_reports_reports_status_Status::OK; + + $whereClause = 'username = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('admin', 'be_users') + . ' AND password = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('5f4dcc3b5aa765d61d8327deb882cf99', 'be_users') + . t3lib_BEfunc::deleteClause('be_users'); + $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery( + 'uid, username, password', + 'be_users', + $whereClause + ); + if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) { + $value = $GLOBALS['LANG']->getLL('status_insecure'); + $severity = tx_reports_reports_status_Status::ERROR; + + $editUserAccountUrl = 'alt_doc.php?returnUrl=index.php&edit[be_users][' . $row['uid'] . ']=edit'; + $message = sprintf( + $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.backend_admin'), + '', + '' + ); + } + $GLOBALS['TYPO3_DB']->sql_free_result($res); + + return t3lib_div::makeInstance('tx_reports_reports_status_Status', + $GLOBALS['LANG']->getLL('status_adminUserAccount'), $value, $message, $severity + ); + } + + /** + * Checks whether the encryption key is empty. + * + * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether the encryption key is empty or not + */ + protected function getEncryptionKeyStatus() { + $value = $GLOBALS['LANG']->getLL('status_ok'); + $message = ''; + $severity = tx_reports_reports_status_Status::OK; + + if (empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'])) { + $value = $GLOBALS['LANG']->getLL('status_insecure'); + $severity = tx_reports_reports_status_Status::ERROR; + + $url = 'install/index.php?redirect_url=index.php' + . urlencode('?TYPO3_INSTALL[type]=config#set_encryptionKey'); + + $message = sprintf( + $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_encryption'), + '', + '' + ); + } + + return t3lib_div::makeInstance('tx_reports_reports_status_Status', + $GLOBALS['LANG']->getLL('status_encryptionKey'), $value, $message, $severity + ); + } + + /** + * Checks if fileDenyPattern was changed which is dangerous on Apache + * + * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether the file deny pattern has changed + */ + protected function getFileDenyPatternStatus() { + $value = $GLOBALS['LANG']->getLL('status_ok'); + $message = ''; + $severity = tx_reports_reports_status_Status::OK; + + if ($GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] != FILE_DENY_PATTERN_DEFAULT) { + $value = $GLOBALS['LANG']->getLL('status_insecure'); + $severity = tx_reports_reports_status_Status::ERROR; + + $url = 'install/index.php?redirect_url=index.php' + . urlencode('?TYPO3_INSTALL[type]=config#set_encryptionKey'); + + $message = sprintf( + $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_pattern'), + '
'
+				. htmlspecialchars(FILE_DENY_PATTERN_DEFAULT)
+				. '

' + ); + } + + return t3lib_div::makeInstance('tx_reports_reports_status_Status', + $GLOBALS['LANG']->getLL('status_fileDenyPattern'), $value, $message, $severity + ); + } + + /** + * Checks if fileDenyPattern allows to upload .htaccess files which is + * dangerous on Apache. + * + * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether it's possible to upload .htaccess files + */ + protected function getHtaccessUploadStatus() { + $value = $GLOBALS['LANG']->getLL('status_ok'); + $message = ''; + $severity = tx_reports_reports_status_Status::OK; + + if ($GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] != FILE_DENY_PATTERN_DEFAULT && t3lib_div::verifyFilenameAgainstDenyPattern('.htaccess')) { + $value = $GLOBALS['LANG']->getLL('status_insecure'); + $severity = tx_reports_reports_status_Status::ERROR; + $message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_htaccess'); + } + + return t3lib_div::makeInstance('tx_reports_reports_status_Status', + $GLOBALS['LANG']->getLL('status_htaccessUploadProtection'), $value, $message, $severity + ); + } + + /** + * Checks whether memcached is configured, if that's the case we asume it's also used. + * + * @return boolean True if memcached is used, false otherwise. + */ + protected function isMemcachedUsed() { + $memcachedUsed = FALSE; + + $memcachedServers = $this->getConfiguredMemcachedServers(); + if (count($memcachedServers)) { + $memcachedUsed = TRUE; + } + + return $memcachedUsed; + } + + + /** + * Executes commands like removing the Install Tool enable file. + * + * @return void + */ + protected function executeAdminCommand() { + $command = t3lib_div::_GET('adminCmd'); + + switch ($command) { + case 'remove_ENABLE_INSTALL_TOOL': + unlink(PATH_site . 'typo3conf/ENABLE_INSTALL_TOOL'); + break; + } + } + + /** + * Checks whether the Install Tool password is set to its default value. + * + * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing the security of the install tool password + */ + protected function getInstallToolPasswordStatus() { + $value = $GLOBALS['LANG']->getLL('status_ok'); + $message = ''; + $severity = tx_reports_reports_status_Status::OK; + + if ($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'] == md5('joh316')) { + $value = $GLOBALS['LANG']->getLL('status_insecure'); + $severity = tx_reports_reports_status_Status::ERROR; + + $changeInstallToolPasswordUrl = 'install/index.php?redirect_url=index.php' + . urlencode('?TYPO3_INSTALL[type]=about'); + + $message = sprintf( + $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_password'), + '', + '' + ); + } + + return t3lib_div::makeInstance('tx_reports_reports_status_Status', + $GLOBALS['LANG']->getLL('status_installToolPassword'), $value, $message, $severity + ); + } + + + + /** + * Checks for the existance of the ENABLE_INSTALL_TOOL file. + * + * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether ENABLE_INSTALL_TOOL exists + */ + protected function getInstallToolProtectionStatus() { + $enableInstallToolFile = PATH_site . 'typo3conf/ENABLE_INSTALL_TOOL'; + $value = $GLOBALS['LANG']->getLL('status_disabled'); + $message = ''; + $severity = tx_reports_reports_status_Status::OK; + + $enableInstallToolFileExists = is_file($enableInstallToolFile); + + if ($enableInstallToolFileExists || ($enableInstallToolFileExists && trim(file_get_contents($enableInstallToolFile)) === 'KEEP_FILE')) { + $value = $GLOBALS['LANG']->getLL('status_enabled'); + $severity = tx_reports_reports_status_Status::WARNING; + + $disableInstallToolUrl = t3lib_div::getIndpEnv('TYPO3_REQUEST_URL') + . '&adminCmd=remove_ENABLE_INSTALL_TOOL'; + + $message = sprintf( + $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled'), + '' . $enableInstallToolFile . ''); + $message .= ' ' + . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled_cmd') + . ''; + } + + return t3lib_div::makeInstance('tx_reports_reports_status_Status', + $GLOBALS['LANG']->getLL('status_installTool'), $value, $message, $severity + ); + } + +} + + +if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/reports/reports/status/class.tx_reports_reports_status_systemstatus.php']) { + include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/reports/reports/status/class.tx_reports_reports_status_systemstatus.php']); +} + ?> \ No newline at end of file Property changes on: typo3/sysext/reports/reports/status/class.tx_reports_reports_status_securitystatus.php ___________________________________________________________________ Name: svn:mime-type + text/plain Name: svn:keywords + Id Revision Name: svn:eol-style + LF Index: typo3/sysext/reports/reports/status/class.tx_reports_reports_status_typo3status.php =================================================================== --- typo3/sysext/reports/reports/status/class.tx_reports_reports_status_typo3status.php (revision 6522) +++ typo3/sysext/reports/reports/status/class.tx_reports_reports_status_typo3status.php (working copy) @@ -1,70 +1,72 @@ - -* All rights reserved -* -* This script is part of the TYPO3 project. The TYPO3 project is -* free software; you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation; either version 2 of the License, or -* (at your option) any later version. -* -* The GNU General Public License can be found at -* http://www.gnu.org/copyleft/gpl.html. -* -* This script is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* This copyright notice MUST APPEAR in all copies of the script! -***************************************************************/ - - -/** - * Performs basic checks about the TYPO3 install - * - * @author Ingo Renner - * @package TYPO3 - * @subpackage reports - */ -class tx_reports_reports_status_Typo3Status implements tx_reports_StatusProvider { - - /** - * Returns the status for this report - * - * @see typo3/sysext/reports/interfaces/tx_reports_StatusProvider::getStatus() - */ - public function getStatus() { - $statuses = array( - 'Typo3Version' => $this->getTypo3VersionStatus(), - - ); - - return $statuses; - } - - /** - * Simply gets the current TYPO3 version. - * - * @return tx_reports_reports_status_Status - */ - protected function getTypo3VersionStatus() { - return t3lib_div::makeInstance('tx_reports_reports_status_Status', - 'TYPO3', - TYPO3_version, - '', - tx_reports_reports_status_Status::NOTICE - ); - } - -} - - -if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/reports/reports/status/class.tx_reports_reports_status_typo3status.php']) { - include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/reports/reports/status/class.tx_reports_reports_status_typo3status.php']); -} - + +* All rights reserved +* +* This script is part of the TYPO3 project. The TYPO3 project is +* free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation; either version 2 of the License, or +* (at your option) any later version. +* +* The GNU General Public License can be found at +* http://www.gnu.org/copyleft/gpl.html. +* +* This script is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* This copyright notice MUST APPEAR in all copies of the script! +***************************************************************/ + + +/** + * Performs basic checks about the TYPO3 install + * + * @author Ingo Renner + * @package TYPO3 + * @subpackage reports + * + * $Id$ + */ +class tx_reports_reports_status_Typo3Status implements tx_reports_StatusProvider { + + /** + * Returns the status for this report + * + * @return array List of statuses + * @see typo3/sysext/reports/interfaces/tx_reports_StatusProvider::getStatus() + */ + public function getStatus() { + $statuses = array( + 'Typo3Version' => $this->getTypo3VersionStatus(), + ); + + return $statuses; + } + + /** + * Simply gets the current TYPO3 version. + * + * @return tx_reports_reports_status_Status + */ + protected function getTypo3VersionStatus() { + return t3lib_div::makeInstance('tx_reports_reports_status_Status', + 'TYPO3', + TYPO3_version, + '', + tx_reports_reports_status_Status::NOTICE + ); + } + +} + + +if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/reports/reports/status/class.tx_reports_reports_status_typo3status.php']) { + include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/reports/reports/status/class.tx_reports_reports_status_typo3status.php']); +} + ?> \ No newline at end of file Property changes on: typo3/sysext/reports/reports/status/class.tx_reports_reports_status_typo3status.php ___________________________________________________________________ Name: svn:mime-type + text/plain Name: svn:keywords + Id Revision Name: svn:eol-style + LF Index: typo3/sysext/reports/reports/status/class.tx_reports_reports_status_status.php =================================================================== --- typo3/sysext/reports/reports/status/class.tx_reports_reports_status_status.php (revision 6520) +++ typo3/sysext/reports/reports/status/class.tx_reports_reports_status_status.php (working copy) @@ -26,9 +26,11 @@ /** * A class representing a certain status * - * @author Ingo Renner - * @package TYPO3 - * @subpackage reports + * @author Ingo Renner + * @package TYPO3 + * @subpackage reports + * + * $Id$ */ class tx_reports_reports_status_Status { Index: typo3/sysext/reports/reports/status/class.tx_reports_reports_status_systemstatus.php =================================================================== --- typo3/sysext/reports/reports/status/class.tx_reports_reports_status_systemstatus.php (revision 6520) +++ typo3/sysext/reports/reports/status/class.tx_reports_reports_status_systemstatus.php (working copy) @@ -26,15 +26,16 @@ /** * Performs several checks about the system's health * - * @author Ingo Renner - * @package TYPO3 - * @subpackage reports + * @author Ingo Renner + * @package TYPO3 + * @subpackage reports */ class tx_reports_reports_status_SystemStatus implements tx_reports_StatusProvider { /** * Determines the Install Tool's status, mainly concerning its protection. * + * @return array List of statuses * @see typo3/sysext/reports/interfaces/tx_reports_StatusProvider::getStatus() */ public function getStatus() { Index: typo3/sysext/reports/reports/class.tx_reports_reports_status.php =================================================================== --- typo3/sysext/reports/reports/class.tx_reports_reports_status.php (revision 6522) +++ typo3/sysext/reports/reports/class.tx_reports_reports_status.php (working copy) @@ -26,9 +26,11 @@ /** * The status report * - * @author Ingo Renner - * @package TYPO3 - * @subpackage reports + * @author Ingo Renner + * @package TYPO3 + * @subpackage reports + * + * $Id$ */ class tx_reports_reports_Status implements tx_reports_Report { @@ -215,7 +217,7 @@ array_multisort($sortTitle, SORT_DESC, $statuses); // making sure that the core version information is always on the top - if(is_object($header)) { + if (is_object($header)) { array_unshift($statuses, $header); } return $statuses; Index: typo3/sysext/install/report/class.tx_install_report_installstatus.php =================================================================== --- typo3/sysext/install/report/class.tx_install_report_installstatus.php (revision 6522) +++ typo3/sysext/install/report/class.tx_install_report_installstatus.php (working copy) @@ -29,9 +29,11 @@ /** * Provides an installation status report * - * @author Ingo Renner - * @package TYPO3 - * @subpackage tx_install + * @author Ingo Renner + * @package TYPO3 + * @subpackage tx_install + * + * $Id$ */ class tx_install_report_InstallStatus implements tx_reports_StatusProvider { @@ -40,6 +42,7 @@ /** * Compiles a collection of system status checks as a status report. * + * @return array List of statuses * @see typo3/sysext/reports/interfaces/tx_reports_StatusProvider::getStatus() */ public function getStatus() { @@ -54,9 +57,9 @@ } /** - * Checks for several directoris being writable. + * Checks for several directories being writable. * - * @return unknown_type + * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object indicating the status of the file system */ protected function getFileSystemStatus() { $value = $GLOBALS['LANG']->sL('LLL:EXT:install/report/locallang.xml:status_writable'); Property changes on: typo3/sysext/install/report/class.tx_install_report_installstatus.php ___________________________________________________________________ Name: svn:eol-style + LF