25e139ce87030f7a138a0c77865eaae0866bae0d
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / Report / SecurityStatusReport.php
1 <?php
2 namespace TYPO3\CMS\Install\Report;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Backend\Utility\BackendUtility;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19 use TYPO3\CMS\Install\Service\EnableFileService;
20 use TYPO3\CMS\Reports\Status;
21
22 /**
23 * Provides an status report of the security of the install tool
24 */
25 class SecurityStatusReport implements \TYPO3\CMS\Reports\StatusProviderInterface
26 {
27 /**
28 * Compiles a collection of system status checks as a status report.
29 *
30 * @return Status[]
31 */
32 public function getStatus()
33 {
34 $this->executeAdminCommand();
35 return [
36 'installToolPassword' => $this->getInstallToolPasswordStatus(),
37 'installToolProtection' => $this->getInstallToolProtectionStatus()
38 ];
39 }
40
41 /**
42 * Checks whether the Install Tool password is set to its default value.
43 *
44 * @return Status An object representing the security of the install tool password
45 */
46 protected function getInstallToolPasswordStatus()
47 {
48 $value = $GLOBALS['LANG']->getLL('status_ok');
49 $message = '';
50 $severity = Status::OK;
51 $validPassword = true;
52 $installToolPassword = $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'];
53 $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($installToolPassword);
54 if ($installToolPassword !== '' && is_object($saltFactory)) {
55 $validPassword = !$saltFactory->checkPassword('joh316', $installToolPassword);
56 } elseif ($installToolPassword === md5('joh316')) {
57 $validPassword = false;
58 }
59 if (!$validPassword) {
60 $value = $GLOBALS['LANG']->getLL('status_insecure');
61 $severity = Status::ERROR;
62 $changeInstallToolPasswordUrl = BackendUtility::getModuleUrl('tools_toolssettings');
63 $message = sprintf(
64 $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.installtool_default_password'),
65 '<a href="' . htmlspecialchars($changeInstallToolPasswordUrl) . '">',
66 '</a>'
67 );
68 }
69 return GeneralUtility::makeInstance(
70 Status::class,
71 $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installToolPassword'),
72 $value,
73 $message,
74 $severity
75 );
76 }
77
78 /**
79 * Checks for the existence of the ENABLE_INSTALL_TOOL file.
80 *
81 * @return Status An object representing whether ENABLE_INSTALL_TOOL exists
82 */
83 protected function getInstallToolProtectionStatus()
84 {
85 $enableInstallToolFile = PATH_site . EnableFileService::INSTALL_TOOL_ENABLE_FILE_PATH;
86 $value = $GLOBALS['LANG']->getLL('status_disabled');
87 $message = '';
88 $severity = Status::OK;
89 if (EnableFileService::installToolEnableFileExists()) {
90 if (EnableFileService::isInstallToolEnableFilePermanent()) {
91 $severity = Status::WARNING;
92 $disableInstallToolUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL') . '&adminCmd=remove_ENABLE_INSTALL_TOOL';
93 $value = $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_enabledPermanently');
94 $message = sprintf(
95 $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.install_enabled'),
96 '<code style="white-space: nowrap;">' . $enableInstallToolFile . '</code>'
97 );
98 $message .= ' <a href="' . htmlspecialchars($disableInstallToolUrl) . '">' .
99 $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.install_enabled_cmd') . '</a>';
100 } else {
101 if (EnableFileService::installToolEnableFileLifetimeExpired()) {
102 EnableFileService::removeInstallToolEnableFile();
103 } else {
104 $severity = Status::NOTICE;
105 $disableInstallToolUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL') . '&adminCmd=remove_ENABLE_INSTALL_TOOL';
106 $value = $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_enabledTemporarily');
107 $message = sprintf(
108 $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installEnabledTemporarily'),
109 '<code style="white-space: nowrap;">' . $enableInstallToolFile . '</code>',
110 floor((@filemtime($enableInstallToolFile) + EnableFileService::INSTALL_TOOL_ENABLE_FILE_LIFETIME - time()) / 60)
111 );
112 $message .= ' <a href="' . htmlspecialchars($disableInstallToolUrl) . '">' .
113 $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.install_enabled_cmd') . '</a>';
114 }
115 }
116 }
117 return GeneralUtility::makeInstance(
118 Status::class,
119 $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installTool'),
120 $value,
121 $message,
122 $severity
123 );
124 }
125
126 /**
127 * Executes commands like removing the Install Tool enable file.
128 */
129 protected function executeAdminCommand()
130 {
131 $command = GeneralUtility::_GET('adminCmd');
132 switch ($command) {
133 case 'remove_ENABLE_INSTALL_TOOL':
134 EnableFileService::removeInstallToolEnableFile();
135 break;
136 default:
137 // Do nothing
138 }
139 }
140 }