TYPO3 CMS  TYPO3_8-7
SecurityStatusReport.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Install\Report;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use TYPO3\CMS\Backend\Utility\BackendUtility;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19 use TYPO3\CMS\Install\Service\EnableFileService;
20 use TYPO3\CMS\Reports\Status;
21 
25 class SecurityStatusReport implements \TYPO3\CMS\Reports\StatusProviderInterface
26 {
32  public function getStatus()
33  {
34  $this->executeAdminCommand();
35  $statuses = [
36  'installToolPassword' => $this->getInstallToolPasswordStatus(),
37  'installToolProtection' => $this->getInstallToolProtectionStatus()
38  ];
39  return $statuses;
40  }
41 
47  protected function getInstallToolPasswordStatus()
48  {
49  $value = $GLOBALS['LANG']->getLL('status_ok');
50  $message = '';
51  $severity = Status::OK;
52  $validPassword = true;
53  $installToolPassword = $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'];
54  $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($installToolPassword);
55  if ($installToolPassword !== '' && is_object($saltFactory)) {
56  $validPassword = !$saltFactory->checkPassword('joh316', $installToolPassword);
57  } elseif ($installToolPassword === md5('joh316')) {
58  $validPassword = false;
59  }
60  if (!$validPassword) {
61  $value = $GLOBALS['LANG']->getLL('status_insecure');
62  $severity = Status::ERROR;
63  $changeInstallToolPasswordUrl = BackendUtility::getModuleUrl('system_extinstall');
64  $message = sprintf(
65  $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.installtool_default_password'),
66  '<a href="' . htmlspecialchars($changeInstallToolPasswordUrl) . '">',
67  '</a>'
68  );
69  }
70  return GeneralUtility::makeInstance(
71  Status::class,
72  $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installToolPassword'),
73  $value,
74  $message,
75  $severity
76  );
77  }
78 
84  protected function getInstallToolProtectionStatus()
85  {
86  $enableInstallToolFile = PATH_site . EnableFileService::INSTALL_TOOL_ENABLE_FILE_PATH;
87  $value = $GLOBALS['LANG']->getLL('status_disabled');
88  $message = '';
89  $severity = Status::OK;
90  if (EnableFileService::installToolEnableFileExists()) {
91  if (EnableFileService::isInstallToolEnableFilePermanent()) {
92  $severity = Status::WARNING;
93  $disableInstallToolUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL') . '&adminCmd=remove_ENABLE_INSTALL_TOOL';
94  $value = $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_enabledPermanently');
95  $message = sprintf(
96  $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.install_enabled'),
97  '<code style="white-space: nowrap;">' . $enableInstallToolFile . '</code>'
98  );
99  $message .= ' <a href="' . htmlspecialchars($disableInstallToolUrl) . '">' .
100  $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.install_enabled_cmd') . '</a>';
101  } else {
102  if (EnableFileService::installToolEnableFileLifetimeExpired()) {
103  EnableFileService::removeInstallToolEnableFile();
104  } else {
105  $severity = Status::NOTICE;
106  $disableInstallToolUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL') . '&adminCmd=remove_ENABLE_INSTALL_TOOL';
107  $value = $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_enabledTemporarily');
108  $message = sprintf(
109  $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installEnabledTemporarily'),
110  '<code style="white-space: nowrap;">' . $enableInstallToolFile . '</code>',
111  floor((@filemtime($enableInstallToolFile) + EnableFileService::INSTALL_TOOL_ENABLE_FILE_LIFETIME - time()) / 60)
112  );
113  $message .= ' <a href="' . htmlspecialchars($disableInstallToolUrl) . '">' .
114  $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.install_enabled_cmd') . '</a>';
115  }
116  }
117  }
118  return GeneralUtility::makeInstance(
119  Status::class,
120  $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installTool'),
121  $value,
122  $message,
123  $severity
124  );
125  }
126 
130  protected function executeAdminCommand()
131  {
132  $command = GeneralUtility::_GET('adminCmd');
133  switch ($command) {
134  case 'remove_ENABLE_INSTALL_TOOL':
135  EnableFileService::removeInstallToolEnableFile();
136  break;
137  default:
138  // Do nothing
139  }
140  }
141 }
TYPO3\CMS\Saltedpasswords\Salt\SaltFactory\getSaltingInstance
static getSaltingInstance($saltedHash='', $mode=TYPO3_MODE)
Definition: SaltFactory.php:83
TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance
static makeInstance($className,... $constructorArguments)
Definition: GeneralUtility.php:3945
$GLOBALS
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
Definition: ext_localconf.php:38