TYPO3CMS  8
 All Classes Namespaces Files Functions Variables Pages
SecurityStatusReport.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Install\Report;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
21 
27 {
33  public function getStatus()
34  {
35  $this->executeAdminCommand();
36  $statuses = [
37  'installToolPassword' => $this->getInstallToolPasswordStatus(),
38  'installToolProtection' => $this->getInstallToolProtectionStatus()
39  ];
40  return $statuses;
41  }
42 
48  protected function getInstallToolPasswordStatus()
49  {
50  $value = $GLOBALS['LANG']->getLL('status_ok');
51  $message = '';
52  $severity = Status::OK;
53  $validPassword = true;
54  $installToolPassword = $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'];
55  $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($installToolPassword);
56  if (is_object($saltFactory)) {
57  $validPassword = !$saltFactory->checkPassword('joh316', $installToolPassword);
58  } elseif ($installToolPassword === md5('joh316')) {
59  $validPassword = false;
60  }
61  if (!$validPassword) {
62  $value = $GLOBALS['LANG']->getLL('status_insecure');
63  $severity = Status::ERROR;
64  $changeInstallToolPasswordUrl = BackendUtility::getModuleUrl('system_extinstall');
65  $message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.installtool_default_password'),
66  '<a href="' . htmlspecialchars($changeInstallToolPasswordUrl) . '">', '</a>');
67  }
68  return GeneralUtility::makeInstance(Status::class,
69  $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installToolPassword'), $value, $message, $severity);
70  }
71 
77  protected function getInstallToolProtectionStatus()
78  {
79  $enableInstallToolFile = PATH_site . EnableFileService::INSTALL_TOOL_ENABLE_FILE_PATH;
80  $value = $GLOBALS['LANG']->getLL('status_disabled');
81  $message = '';
82  $severity = Status::OK;
85  $severity = Status::WARNING;
86  $disableInstallToolUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL') . '&adminCmd=remove_ENABLE_INSTALL_TOOL';
87  $value = $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_enabledPermanently');
88  $message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.install_enabled'),
89  '<code style="white-space: nowrap;">' . $enableInstallToolFile . '</code>');
90  $message .= ' <a href="' . htmlspecialchars($disableInstallToolUrl) . '">' .
91  $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.install_enabled_cmd') . '</a>';
92  } else {
95  } else {
96  $severity = Status::NOTICE;
97  $disableInstallToolUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL') . '&adminCmd=remove_ENABLE_INSTALL_TOOL';
98  $value = $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_enabledTemporarily');
99  $message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installEnabledTemporarily'),
100  '<code style="white-space: nowrap;">' . $enableInstallToolFile . '</code>', floor((@filemtime($enableInstallToolFile) + EnableFileService::INSTALL_TOOL_ENABLE_FILE_LIFETIME - time()) / 60));
101  $message .= ' <a href="' . htmlspecialchars($disableInstallToolUrl) . '">' .
102  $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.install_enabled_cmd') . '</a>';
103  }
104  }
105  }
106  return GeneralUtility::makeInstance(Status::class,
107  $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installTool'), $value, $message, $severity);
108  }
109 
115  protected function executeAdminCommand()
116  {
117  $command = GeneralUtility::_GET('adminCmd');
118  switch ($command) {
119  case 'remove_ENABLE_INSTALL_TOOL':
121  break;
122  default:
123  // Do nothing
124  }
125  }
126 }
static getSaltingInstance($saltedHash= '', $mode=TYPO3_MODE)
Definition: SaltFactory.php:83
if(TYPO3_MODE=== 'BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
static makeInstance($className,...$constructorArguments)