0501cf3ef58372b043d892f30dd7b7c4c36e9d11
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / FolderStructure / DefaultPermissionsCheck.php
1 <?php
2 namespace TYPO3\CMS\Install\FolderStructure;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2014 Ernesto Baschny <ernst@cron-it.de>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 ***************************************************************/
26
27 /**
28 * Service class to check the default folder permissions
29 *
30 */
31 class DefaultPermissionsCheck {
32
33 /**
34 * @var array Recommended values for a secure production site
35 *
36 * These are not the default settings (which are 0664/2775), because they might not work on every installation.
37 * For security reasons these are the recommended values nevertheless (no world-readable files).
38 * It's up to the admins to decide if these recommended secure values can be applied to their installation.
39 */
40 protected $recommended = array(
41 'fileCreateMask' => '0660',
42 'folderCreateMask' => '2770',
43 );
44
45 /**
46 * @var array Verbose names of the settings
47 */
48 protected $names = array(
49 'fileCreateMask' => 'Default File permissions',
50 'folderCreateMask' => 'Default Directory permissions',
51 );
52
53 /**
54 * Checks a BE/*mask setting for it's security
55 *
56 * If it permits world writing: Error
57 * If it permits world reading: Warning
58 * If it permits group writing: Notice
59 * If it permits group reading: Notice
60 * If it permits only user read/write: Ok
61 *
62 * @param string $which fileCreateMask or folderCreateMask
63 * @return \TYPO3\CMS\Install\Status\StatusInterface
64 */
65 public function getMaskStatus($which) {
66 $octal = '0' . $GLOBALS['TYPO3_CONF_VARS']['BE'][$which];
67 $dec = octdec($octal);
68 $perms = array(
69 'ox' => (($dec & 001) == 001),
70 'ow' => (($dec & 002) == 002),
71 'or' => (($dec & 004) == 004),
72 'gx' => (($dec & 010) == 010),
73 'gw' => (($dec & 020) == 020),
74 'gr' => (($dec & 040) == 040),
75 'ux' => (($dec & 0100) == 0100),
76 'uw' => (($dec & 0200) == 0200),
77 'ur' => (($dec & 0400) == 0400),
78 'setgid' => (($dec & 02000) == 02000),
79 );
80 $extraMessage = '';
81 $groupPermissions = FALSE;
82 if (!$perms['uw'] || !$perms['ur']) {
83 $permissionStatus = new \TYPO3\CMS\Install\Status\ErrorStatus();
84 $extraMessage = ' (not read or writable by the user)';
85 } elseif ($perms['ow']) {
86 if (TYPO3_OS === 'WIN') {
87 $permissionStatus = new \TYPO3\CMS\Install\Status\InfoStatus();
88 $extraMessage = ' (writable by anyone on the server). This is the default behavior on a Windows system';
89 } else {
90 $permissionStatus = new \TYPO3\CMS\Install\Status\ErrorStatus();
91 $extraMessage = ' (writable by anyone on the server)';
92 }
93 } elseif ($perms['or']) {
94 $permissionStatus = new \TYPO3\CMS\Install\Status\NoticeStatus();
95 $extraMessage = ' (readable by anyone on the server). This is the default set by TYPO3 CMS to be as much compatible as possible but if your system allows, please consider to change rights';
96 } elseif ($perms['gw']) {
97 $permissionStatus = new \TYPO3\CMS\Install\Status\OkStatus();
98 $extraMessage = ' (group writeable)';
99 $groupPermissions = TRUE;
100 } elseif ($perms['gr']) {
101 $permissionStatus = new \TYPO3\CMS\Install\Status\OkStatus();
102 $extraMessage = ' (group readable)';
103 $groupPermissions = TRUE;
104 } else {
105 $permissionStatus = new \TYPO3\CMS\Install\Status\OkStatus();
106 }
107 $permissionStatus->setTitle($this->names[$which] . ' (BE/' . $which . ')');
108 $message = 'Recommended: ' . $this->recommended[$which] . '.';
109 $message .= ' Currently configured as ';
110 if ($GLOBALS['TYPO3_CONF_VARS']['BE'][$which] === $this->recommended[$which]) {
111 $message .= 'recommended';
112 } else {
113 $message .= $GLOBALS['TYPO3_CONF_VARS']['BE'][$which];
114 }
115 $message .= $extraMessage . '.';
116 if ($groupPermissions) {
117 $message .= ' This is fine as long as the webserver\'s group only comprises trusted users.';
118 if (!empty($GLOBALS['TYPO3_CONF_VARS']['BE']['createGroup'])) {
119 $message .= ' Your site is configured (BE/createGroup) to write as group \'' . $GLOBALS['TYPO3_CONF_VARS']['BE']['createGroup'] . '\'.';
120 }
121 }
122 $permissionStatus->setMessage($message);
123 return $permissionStatus;
124 }
125
126 }