[TASK] Use BE Routing / PSR-7 instead of BackendUtility::getModuleUrl
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / Report / SecurityStatusReport.php
1 <?php
2 namespace TYPO3\CMS\Install\Report;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Utility\GeneralUtility;
18 use TYPO3\CMS\Install\Service\EnableFileService;
19 use TYPO3\CMS\Reports\Status;
20
21 /**
22 * Provides an status report of the security of the install tool
23 */
24 class SecurityStatusReport implements \TYPO3\CMS\Reports\StatusProviderInterface
25 {
26 /**
27 * Compiles a collection of system status checks as a status report.
28 *
29 * @return Status[]
30 */
31 public function getStatus()
32 {
33 $this->executeAdminCommand();
34 return [
35 'installToolPassword' => $this->getInstallToolPasswordStatus(),
36 'installToolProtection' => $this->getInstallToolProtectionStatus()
37 ];
38 }
39
40 /**
41 * Checks whether the Install Tool password is set to its default value.
42 *
43 * @return Status An object representing the security of the install tool password
44 */
45 protected function getInstallToolPasswordStatus()
46 {
47 $value = $GLOBALS['LANG']->getLL('status_ok');
48 $message = '';
49 $severity = Status::OK;
50 $validPassword = true;
51 $installToolPassword = $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'];
52 $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($installToolPassword);
53 if ($installToolPassword !== '' && is_object($saltFactory)) {
54 $validPassword = !$saltFactory->checkPassword('joh316', $installToolPassword);
55 } elseif ($installToolPassword === md5('joh316')) {
56 $validPassword = false;
57 }
58 if (!$validPassword) {
59 $value = $GLOBALS['LANG']->getLL('status_insecure');
60 $severity = Status::ERROR;
61 /** @var \TYPO3\CMS\Backend\Routing\UriBuilder $uriBuilder */
62 $uriBuilder = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Routing\UriBuilder::class);
63 $changeInstallToolPasswordUrl = (string)$uriBuilder->buildUriFromRoute('tools_toolssettings');
64 $message = sprintf(
65 $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.installtool_default_password'),
66 '<a href="' . htmlspecialchars($changeInstallToolPasswordUrl) . '">',
67 '</a>'
68 );
69 }
70 return GeneralUtility::makeInstance(
71 Status::class,
72 $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installToolPassword'),
73 $value,
74 $message,
75 $severity
76 );
77 }
78
79 /**
80 * Checks for the existence of the ENABLE_INSTALL_TOOL file.
81 *
82 * @return Status An object representing whether ENABLE_INSTALL_TOOL exists
83 */
84 protected function getInstallToolProtectionStatus()
85 {
86 $enableInstallToolFile = PATH_site . EnableFileService::INSTALL_TOOL_ENABLE_FILE_PATH;
87 $value = $GLOBALS['LANG']->getLL('status_disabled');
88 $message = '';
89 $severity = Status::OK;
90 if (EnableFileService::installToolEnableFileExists()) {
91 if (EnableFileService::isInstallToolEnableFilePermanent()) {
92 $severity = Status::WARNING;
93 $disableInstallToolUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL') . '&adminCmd=remove_ENABLE_INSTALL_TOOL';
94 $value = $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_enabledPermanently');
95 $message = sprintf(
96 $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.install_enabled'),
97 '<code style="white-space: nowrap;">' . $enableInstallToolFile . '</code>'
98 );
99 $message .= ' <a href="' . htmlspecialchars($disableInstallToolUrl) . '">' .
100 $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.install_enabled_cmd') . '</a>';
101 } else {
102 if (EnableFileService::installToolEnableFileLifetimeExpired()) {
103 EnableFileService::removeInstallToolEnableFile();
104 } else {
105 $severity = Status::NOTICE;
106 $disableInstallToolUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL') . '&adminCmd=remove_ENABLE_INSTALL_TOOL';
107 $value = $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_enabledTemporarily');
108 $message = sprintf(
109 $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installEnabledTemporarily'),
110 '<code style="white-space: nowrap;">' . $enableInstallToolFile . '</code>',
111 floor((@filemtime($enableInstallToolFile) + EnableFileService::INSTALL_TOOL_ENABLE_FILE_LIFETIME - time()) / 60)
112 );
113 $message .= ' <a href="' . htmlspecialchars($disableInstallToolUrl) . '">' .
114 $GLOBALS['LANG']->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:warning.install_enabled_cmd') . '</a>';
115 }
116 }
117 }
118 return GeneralUtility::makeInstance(
119 Status::class,
120 $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installTool'),
121 $value,
122 $message,
123 $severity
124 );
125 }
126
127 /**
128 * Executes commands like removing the Install Tool enable file.
129 */
130 protected function executeAdminCommand()
131 {
132 $command = GeneralUtility::_GET('adminCmd');
133 switch ($command) {
134 case 'remove_ENABLE_INSTALL_TOOL':
135 EnableFileService::removeInstallToolEnableFile();
136 break;
137 default:
138 // Do nothing
139 }
140 }
141 }