[TASK] Re-work/simplify copyright header in PHP files - Part 1
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / FolderStructure / DefaultPermissionsCheck.php
1 <?php
2 namespace TYPO3\CMS\Install\FolderStructure;
3
4 /**
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 /**
18 * Service class to check the default folder permissions
19 *
20 */
21 class DefaultPermissionsCheck {
22
23 /**
24 * @var array Recommended values for a secure production site
25 *
26 * These are not the default settings (which are 0664/2775), because they might not work on every installation.
27 * For security reasons these are the recommended values nevertheless (no world-readable files).
28 * It's up to the admins to decide if these recommended secure values can be applied to their installation.
29 */
30 protected $recommended = array(
31 'fileCreateMask' => '0660',
32 'folderCreateMask' => '2770',
33 );
34
35 /**
36 * @var array Verbose names of the settings
37 */
38 protected $names = array(
39 'fileCreateMask' => 'Default File permissions',
40 'folderCreateMask' => 'Default Directory permissions',
41 );
42
43 /**
44 * Checks a BE/*mask setting for it's security
45 *
46 * If it permits world writing: Error
47 * If it permits world reading: Warning
48 * If it permits group writing: Notice
49 * If it permits group reading: Notice
50 * If it permits only user read/write: Ok
51 *
52 * @param string $which fileCreateMask or folderCreateMask
53 * @return \TYPO3\CMS\Install\Status\StatusInterface
54 */
55 public function getMaskStatus($which) {
56 $octal = '0' . $GLOBALS['TYPO3_CONF_VARS']['BE'][$which];
57 $dec = octdec($octal);
58 $perms = array(
59 'ox' => (($dec & 001) == 001),
60 'ow' => (($dec & 002) == 002),
61 'or' => (($dec & 004) == 004),
62 'gx' => (($dec & 010) == 010),
63 'gw' => (($dec & 020) == 020),
64 'gr' => (($dec & 040) == 040),
65 'ux' => (($dec & 0100) == 0100),
66 'uw' => (($dec & 0200) == 0200),
67 'ur' => (($dec & 0400) == 0400),
68 'setgid' => (($dec & 02000) == 02000),
69 );
70 $extraMessage = '';
71 $groupPermissions = FALSE;
72 if (!$perms['uw'] || !$perms['ur']) {
73 $permissionStatus = new \TYPO3\CMS\Install\Status\ErrorStatus();
74 $extraMessage = ' (not read or writable by the user)';
75 } elseif ($perms['ow']) {
76 if (TYPO3_OS === 'WIN') {
77 $permissionStatus = new \TYPO3\CMS\Install\Status\InfoStatus();
78 $extraMessage = ' (writable by anyone on the server). This is the default behavior on a Windows system';
79 } else {
80 $permissionStatus = new \TYPO3\CMS\Install\Status\ErrorStatus();
81 $extraMessage = ' (writable by anyone on the server)';
82 }
83 } elseif ($perms['or']) {
84 $permissionStatus = new \TYPO3\CMS\Install\Status\NoticeStatus();
85 $extraMessage = ' (readable by anyone on the server). This is the default set by TYPO3 CMS to be as much compatible as possible but if your system allows, please consider to change rights';
86 } elseif ($perms['gw']) {
87 $permissionStatus = new \TYPO3\CMS\Install\Status\OkStatus();
88 $extraMessage = ' (group writeable)';
89 $groupPermissions = TRUE;
90 } elseif ($perms['gr']) {
91 $permissionStatus = new \TYPO3\CMS\Install\Status\OkStatus();
92 $extraMessage = ' (group readable)';
93 $groupPermissions = TRUE;
94 } else {
95 $permissionStatus = new \TYPO3\CMS\Install\Status\OkStatus();
96 }
97 $permissionStatus->setTitle($this->names[$which] . ' (BE/' . $which . ')');
98 $message = 'Recommended: ' . $this->recommended[$which] . '.';
99 $message .= ' Currently configured as ';
100 if ($GLOBALS['TYPO3_CONF_VARS']['BE'][$which] === $this->recommended[$which]) {
101 $message .= 'recommended';
102 } else {
103 $message .= $GLOBALS['TYPO3_CONF_VARS']['BE'][$which];
104 }
105 $message .= $extraMessage . '.';
106 if ($groupPermissions) {
107 $message .= ' This is fine as long as the webserver\'s group only comprises trusted users.';
108 if (!empty($GLOBALS['TYPO3_CONF_VARS']['BE']['createGroup'])) {
109 $message .= ' Your site is configured (BE/createGroup) to write as group \'' . $GLOBALS['TYPO3_CONF_VARS']['BE']['createGroup'] . '\'.';
110 }
111 }
112 $permissionStatus->setMessage($message);
113 return $permissionStatus;
114 }
115
116 }