TYPO3 CMS  TYPO3_6-2
Public Member Functions | Protected Member Functions | List of all members
TYPO3\CMS\Reports\Report\Status\SecurityStatus Class Reference
Inheritance diagram for TYPO3\CMS\Reports\Report\Status\SecurityStatus:
TYPO3\CMS\Reports\StatusProviderInterface tx_reports_reports_status_SecurityStatus

Public Member Functions

 getStatus ()
 

Protected Member Functions

 getCacheFloodingProtectionStatus ()
 
 getEncryptionKeyStatus ()
 
 getFileDenyPatternStatus ()
 
 getHtaccessUploadStatus ()
 
 isMemcachedUsed ()
 
 executeAdminCommand ()
 
 getInstallToolPasswordStatus ()
 
 getInstallToolProtectionStatus ()
 

Detailed Description

Performs several checks about the system's health

Author
Ingo Renner ingo@.nosp@m.typo.nosp@m.3.org

Definition at line 26 of file SecurityStatus.php.

Member Function Documentation

◆ executeAdminCommand()

TYPO3\CMS\Reports\Report\Status\SecurityStatus::executeAdminCommand ( )
protected

Executes commands like removing the Install Tool enable file.

Returns
void

Definition at line 174 of file SecurityStatus.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\_GET(), and TYPO3\CMS\Install\Service\EnableFileService\removeInstallToolEnableFile().

Referenced by TYPO3\CMS\Reports\Report\Status\SecurityStatus\getStatus().

◆ getCacheFloodingProtectionStatus()

TYPO3\CMS\Reports\Report\Status\SecurityStatus::getCacheFloodingProtectionStatus ( )
protected
Returns
An object representing whether the check is disabled

Definition at line 51 of file SecurityStatus.php.

References $GLOBALS, TYPO3\CMS\Backend\Utility\BackendUtility\deleteClause(), TYPO3\CMS\Reports\Status\ERROR, TYPO3\CMS\Backend\Utility\BackendUtility\getModuleUrl(), TYPO3\CMS\Saltedpasswords\Salt\SaltFactory\getSaltingInstance(), TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance(), and TYPO3\CMS\Reports\Status\OK.

Referenced by TYPO3\CMS\Reports\Report\Status\SecurityStatus\getStatus().

◆ getEncryptionKeyStatus()

TYPO3\CMS\Reports\Report\Status\SecurityStatus::getEncryptionKeyStatus ( )
protected

Checks whether the encryption key is empty.

Returns
An object representing whether the encryption key is empty or not

Definition at line 103 of file SecurityStatus.php.

References $GLOBALS, TYPO3\CMS\Reports\Status\ERROR, TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance(), and TYPO3\CMS\Reports\Status\OK.

Referenced by TYPO3\CMS\Reports\Report\Status\SecurityStatus\getStatus().

◆ getFileDenyPatternStatus()

TYPO3\CMS\Reports\Report\Status\SecurityStatus::getFileDenyPatternStatus ( )
protected

Checks if fileDenyPattern was changed which is dangerous on Apache

Returns
An object representing whether the file deny pattern has changed

Definition at line 121 of file SecurityStatus.php.

References $GLOBALS, $result, TYPO3\CMS\Reports\Status\ERROR, TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance(), TYPO3\CMS\Reports\Status\OK, and TYPO3\CMS\Core\Utility\GeneralUtility\trimExplode().

Referenced by TYPO3\CMS\Reports\Report\Status\SecurityStatus\getStatus().

◆ getHtaccessUploadStatus()

TYPO3\CMS\Reports\Report\Status\SecurityStatus::getHtaccessUploadStatus ( )
protected

Checks if fileDenyPattern allows to upload .htaccess files which is dangerous on Apache.

Returns
An object representing whether it's possible to upload .htaccess files

Definition at line 143 of file SecurityStatus.php.

References $GLOBALS, TYPO3\CMS\Reports\Status\ERROR, TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance(), TYPO3\CMS\Reports\Status\OK, and TYPO3\CMS\Core\Utility\GeneralUtility\verifyFilenameAgainstDenyPattern().

Referenced by TYPO3\CMS\Reports\Report\Status\SecurityStatus\getStatus().

◆ getInstallToolPasswordStatus()

TYPO3\CMS\Reports\Report\Status\SecurityStatus::getInstallToolPasswordStatus ( )
protected

Checks whether the Install Tool password is set to its default value.

Returns
An object representing the security of the install tool password

Definition at line 190 of file SecurityStatus.php.

References $GLOBALS, TYPO3\CMS\Reports\Status\ERROR, TYPO3\CMS\Backend\Utility\BackendUtility\getModuleUrl(), TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility\getNumberOfBackendUsersWithInsecurePassword(), TYPO3\CMS\Saltedpasswords\Salt\SaltFactory\getSaltingInstance(), TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance(), TYPO3\CMS\Reports\Status\OK, and TYPO3\CMS\Reports\Status\WARNING.

Referenced by TYPO3\CMS\Reports\Report\Status\SecurityStatus\getStatus().

◆ getInstallToolProtectionStatus()

TYPO3\CMS\Reports\Report\Status\SecurityStatus::getInstallToolProtectionStatus ( )
protected

Checks for the existence of the ENABLE_INSTALL_TOOL file.

Returns
An object representing whether ENABLE_INSTALL_TOOL exists

Definition at line 255 of file SecurityStatus.php.

References $GLOBALS, TYPO3\CMS\Core\Utility\GeneralUtility\getIndpEnv(), TYPO3\CMS\Install\Service\EnableFileService\INSTALL_TOOL_ENABLE_FILE_LIFETIME, TYPO3\CMS\Install\Service\EnableFileService\INSTALL_TOOL_ENABLE_FILE_PATH, TYPO3\CMS\Install\Service\EnableFileService\installToolEnableFileExists(), TYPO3\CMS\Install\Service\EnableFileService\installToolEnableFileLifetimeExpired(), TYPO3\CMS\Install\Service\EnableFileService\isInstallToolEnableFilePermanent(), TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance(), TYPO3\CMS\Reports\Status\NOTICE, TYPO3\CMS\Reports\Status\OK, TYPO3\CMS\Install\Service\EnableFileService\removeInstallToolEnableFile(), and TYPO3\CMS\Reports\Status\WARNING.

Referenced by TYPO3\CMS\Reports\Report\Status\SecurityStatus\getStatus().

◆ getStatus()

TYPO3\CMS\Reports\Report\Status\SecurityStatus::getStatus ( )

Determines the Install Tool's status, mainly concerning its protection.

Returns
array List of statuses

Implements TYPO3\CMS\Reports\StatusProviderInterface.

Definition at line 33 of file SecurityStatus.php.

References TYPO3\CMS\Reports\Report\Status\SecurityStatus\executeAdminCommand(), TYPO3\CMS\Reports\Report\Status\SecurityStatus\getCacheFloodingProtectionStatus(), TYPO3\CMS\Reports\Report\Status\SecurityStatus\getEncryptionKeyStatus(), TYPO3\CMS\Reports\Report\Status\SecurityStatus\getFileDenyPatternStatus(), TYPO3\CMS\Reports\Report\Status\SecurityStatus\getHtaccessUploadStatus(), TYPO3\CMS\Reports\Report\Status\SecurityStatus\getInstallToolPasswordStatus(), and TYPO3\CMS\Reports\Report\Status\SecurityStatus\getInstallToolProtectionStatus().

◆ isMemcachedUsed()

TYPO3\CMS\Reports\Report\Status\SecurityStatus::isMemcachedUsed ( )
protected

Checks whether memcached is configured, if that's the case we assume it's also used.

Returns
boolean TRUE if memcached is used, FALSE otherwise.

Definition at line 160 of file SecurityStatus.php.