[TASK] Move access right parameters from BE to SYS configuration
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / FolderStructure / DefaultPermissionsCheck.php
1 <?php
2 namespace TYPO3\CMS\Install\FolderStructure;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Install\Status;
18
19 /**
20 * Service class to check the default folder permissions
21 *
22 */
23 class DefaultPermissionsCheck
24 {
25 /**
26 * @var array Recommended values for a secure production site
27 *
28 * These are not the default settings (which are 0664/2775), because they might not work on every installation.
29 * For security reasons these are the recommended values nevertheless (no world-readable files).
30 * It's up to the admins to decide if these recommended secure values can be applied to their installation.
31 */
32 protected $recommended = array(
33 'fileCreateMask' => '0660',
34 'folderCreateMask' => '2770',
35 );
36
37 /**
38 * @var array Verbose names of the settings
39 */
40 protected $names = array(
41 'fileCreateMask' => 'Default File permissions',
42 'folderCreateMask' => 'Default Directory permissions',
43 );
44
45 /**
46 * Checks a BE/*mask setting for it's security
47 *
48 * If it permits world writing: Error
49 * If it permits world reading: Warning
50 * If it permits group writing: Notice
51 * If it permits group reading: Notice
52 * If it permits only user read/write: Ok
53 *
54 * @param string $which fileCreateMask or folderCreateMask
55 * @return \TYPO3\CMS\Install\Status\StatusInterface
56 */
57 public function getMaskStatus($which)
58 {
59 $octal = '0' . $GLOBALS['TYPO3_CONF_VARS']['SYS'][$which];
60 $dec = octdec($octal);
61 $perms = array(
62 'ox' => (($dec & 001) == 001),
63 'ow' => (($dec & 002) == 002),
64 'or' => (($dec & 004) == 004),
65 'gx' => (($dec & 010) == 010),
66 'gw' => (($dec & 020) == 020),
67 'gr' => (($dec & 040) == 040),
68 'ux' => (($dec & 0100) == 0100),
69 'uw' => (($dec & 0200) == 0200),
70 'ur' => (($dec & 0400) == 0400),
71 'setgid' => (($dec & 02000) == 02000),
72 );
73 $extraMessage = '';
74 $groupPermissions = false;
75 if (!$perms['uw'] || !$perms['ur']) {
76 $permissionStatus = new Status\ErrorStatus();
77 $extraMessage = ' (not read or writable by the user)';
78 } elseif ($perms['ow']) {
79 if (TYPO3_OS === 'WIN') {
80 $permissionStatus = new Status\InfoStatus();
81 $extraMessage = ' (writable by anyone on the server). This is the default behavior on a Windows system';
82 } else {
83 $permissionStatus = new Status\ErrorStatus();
84 $extraMessage = ' (writable by anyone on the server)';
85 }
86 } elseif ($perms['or']) {
87 $permissionStatus = new Status\NoticeStatus();
88 $extraMessage = ' (readable by anyone on the server). This is the default set by TYPO3 CMS to be as much compatible as possible but if your system allows, please consider to change rights';
89 } elseif ($perms['gw']) {
90 $permissionStatus = new Status\OkStatus();
91 $extraMessage = ' (group writable)';
92 $groupPermissions = true;
93 } elseif ($perms['gr']) {
94 $permissionStatus = new Status\OkStatus();
95 $extraMessage = ' (group readable)';
96 $groupPermissions = true;
97 } else {
98 $permissionStatus = new Status\OkStatus();
99 }
100 $permissionStatus->setTitle($this->names[$which] . ' (SYS/' . $which . ')');
101 $message = 'Recommended: ' . $this->recommended[$which] . '.';
102 $message .= ' Currently configured as ';
103 if ($GLOBALS['TYPO3_CONF_VARS']['SYS'][$which] === $this->recommended[$which]) {
104 $message .= 'recommended';
105 } else {
106 $message .= $GLOBALS['TYPO3_CONF_VARS']['SYS'][$which];
107 }
108 $message .= $extraMessage . '.';
109 if ($groupPermissions) {
110 $message .= ' This is fine as long as the web server\'s group only comprises trusted users.';
111 if (!empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup'])) {
112 $message .= ' Your site is configured (SYS/createGroup) to write as group \'' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup'] . '\'.';
113 }
114 }
115 $permissionStatus->setMessage($message);
116 return $permissionStatus;
117 }
118 }