[TASK] Protect bootstrap methods
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / InstallBootstrap.php
1 <?php
2 namespace TYPO3\CMS\Install;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2012 Christian Kuhn <lolli@schwarzbu.ch>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the textfile GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29 /**
30 * Encapsulate install tool specific bootstrap methods.
31 *
32 * This script is internal code and subject to change.
33 * DO NOT use it in own code, or be prepared your code might
34 * break in future core versions.
35 *
36 * @author Christian Kuhn <lolli@schwarzbu.ch>
37 */
38 class InstallBootstrap {
39
40 /**
41 * Check ENABLE_INSTALL_TOOL and FIRST_INSTALL file in typo3conf
42 * or exit the script if conditions to access the install tool are not met.
43 *
44 * @return void
45 * @internal This is not a public API method, do not use in own extensions
46 */
47 static public function checkEnabledInstallToolOrDie() {
48 $quickstartFile = PATH_site . 'typo3conf/FIRST_INSTALL';
49 $enableInstallToolFile = PATH_site . 'typo3conf/ENABLE_INSTALL_TOOL';
50 // If typo3conf/FIRST_INSTALL is present and can be deleted, automatically create typo3conf/ENABLE_INSTALL_TOOL
51 if (is_file($quickstartFile) && is_writeable($quickstartFile) && unlink($quickstartFile)) {
52 touch($enableInstallToolFile);
53 }
54 // Additional security measure if ENABLE_INSTALL_TOOL file cannot, but
55 // should be deleted (in case it is write-protected, for example).
56 $removeInstallToolFileFailed = FALSE;
57 // Only allow Install Tool access if the file "typo3conf/ENABLE_INSTALL_TOOL" is found
58 if (is_file($enableInstallToolFile) && time() - filemtime($enableInstallToolFile) > 3600) {
59 $content = file_get_contents($enableInstallToolFile);
60 $verifyString = 'KEEP_FILE';
61 if (trim($content) !== $verifyString) {
62 // Delete the file if it is older than 3600s (1 hour)
63 if (!@unlink($enableInstallToolFile)) {
64 $removeInstallToolFileFailed = TRUE;
65 }
66 }
67 }
68 if (!is_file($enableInstallToolFile) || $removeInstallToolFileFailed) {
69 self::dieWithLockedInstallToolMessage();
70 }
71 }
72
73 /**
74 * Exit the script with a message that the install tool is locked.
75 *
76 * @return void
77 */
78 static protected function dieWithLockedInstallToolMessage() {
79 require_once PATH_site . 't3lib/class.t3lib_parsehtml.php';
80 // Define the stylesheet
81 $stylesheet = '<link rel="stylesheet" type="text/css" href="' . '../stylesheets/install/install.css" />';
82 $javascript = '<script type="text/javascript" src="' . '../contrib/prototype/prototype.js"></script>';
83 $javascript .= '<script type="text/javascript" src="' . '../sysext/install/Resources/Public/Javascript/install.js"></script>';
84 // Get the template file
85 $template = @file_get_contents((PATH_site . 'typo3/templates/install.html'));
86 // Define the markers content
87 $markers = array(
88 'styleSheet' => $stylesheet,
89 'javascript' => $javascript,
90 'title' => 'The Install Tool is locked',
91 'content' => '
92 <p>
93 To enable the Install Tool, the file ENABLE_INSTALL_TOOL must be created.
94 </p>
95 <ul>
96 <li>
97 In the typo3conf/ folder, create a file named ENABLE_INSTALL_TOOL. The file name is
98 case sensitive, but the file itself can simply be an empty file.
99 </li>
100 <li class="t3-install-locked-user-settings">
101 Alternatively, in the Backend, go to <a href="javascript:top.goToModule(\'tools_install\',1);">Admin tools &gt; Install</a>
102 and let TYPO3 create this file for you.<br />
103 You are recommended to log out from the Install Tool after finishing your work.
104 The file will then automatically be deleted.
105 </li>
106 </ul>
107 <p>
108 For security reasons, it is highly recommended that you either rename or delete the file after the operation is finished.
109 </p>
110 <p>
111 As an additional security measure, if the file is older than one hour, TYPO3 will automatically delete it. The file must be writable by the web server user.
112 </p>
113 '
114 );
115 // Fill the markers
116 $content = \TYPO3\CMS\Core\Html\HtmlParser::substituteMarkerArray($template, $markers, '###|###', 1, 1);
117 // Output the warning message and exit
118 header('Content-Type: text/html; charset=utf-8');
119 header('Cache-Control: no-cache, must-revalidate');
120 header('Pragma: no-cache');
121 echo $content;
122 die;
123 }
124
125 }
126
127
128 ?>