[BUGFIX] Reports module shows unnecessary info text
authorMarkus Klein <klein.t3@mfc-linz.at>
Thu, 15 Dec 2011 01:49:26 +0000 (19:49 -0600)
committerChristian Kuhn <lolli@schwarzbu.ch>
Sat, 28 Jan 2012 17:23:29 +0000 (18:23 +0100)
Do not show saltedpasswords info text in reports module
unless problems have been detected.

Change-Id: Ic0a456bb6128c7024150a22152228d6ddce842db
Fixes: #32580
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/7267
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
typo3/sysext/reports/reports/status/class.tx_reports_reports_status_securitystatus.php

index dcf77ce..ff0bd16 100644 (file)
 /**
  * Performs several checks about the system's health
  *
- * @author             Ingo Renner <ingo@typo3.org>
- * @package            TYPO3
- * @subpackage reports
+ * @author Ingo Renner <ingo@typo3.org>
+ * @package TYPO3
+ * @subpackage reports
  */
 class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvider {
 
        /**
         * Determines the Install Tool's status, mainly concerning its protection.
         *
-        * @return      array   List of statuses
+        * @return array List of statuses
         * @see typo3/sysext/reports/interfaces/tx_reports_StatusProvider::getStatus()
         */
        public function getStatus() {
                $this->executeAdminCommand();
 
                $statuses = array(
-                       'adminUserAccount'    => $this->getAdminAccountStatus(),
-                       'encryptionKeyEmpty'  => $this->getEncryptionKeyStatus(),
-                       'fileDenyPattern'     => $this->getFileDenyPatternStatus(),
-                       'htaccessUpload'      => $this->getHtaccessUploadStatus(),
-                       'installToolEnabled'  => $this->getInstallToolProtectionStatus(),
+                       'adminUserAccount' => $this->getAdminAccountStatus(),
+                       'encryptionKeyEmpty' => $this->getEncryptionKeyStatus(),
+                       'fileDenyPattern' => $this->getFileDenyPatternStatus(),
+                       'htaccessUpload' => $this->getHtaccessUploadStatus(),
+                       'installToolEnabled' => $this->getInstallToolProtectionStatus(),
                        'installToolPassword' => $this->getInstallToolPasswordStatus(),
-                       'saltedpasswords'     => $this->getSaltedPasswordsStatus()
+                       'saltedpasswords' => $this->getSaltedPasswordsStatus()
                );
 
                return $statuses;
@@ -57,15 +57,15 @@ class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvi
        /**
         * Checks whether a an BE user account named admin with default password exists.
         *
-        * @return      tx_reports_reports_status_Status        An tx_reports_reports_status_Status object representing whether a default admin account exists
+        * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether a default admin account exists
         */
        protected function getAdminAccountStatus() {
-               $value    = $GLOBALS['LANG']->getLL('status_ok');
-               $message  = '';
+               $value = $GLOBALS['LANG']->getLL('status_ok');
+               $message = '';
                $severity = tx_reports_reports_status_Status::OK;
 
-               $whereClause = 'username = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('admin', 'be_users')
-                       t3lib_BEfunc::deleteClause('be_users');
+               $whereClause = 'username = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('admin', 'be_users') .
+                       t3lib_BEfunc::deleteClause('be_users');
                $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
                        'uid, username, password',
                        'be_users',
@@ -76,7 +76,6 @@ class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvi
 
                                // Check against salted password
                        if (t3lib_extMgm::isLoaded('saltedpasswords')) {
-
                                if (tx_saltedpasswords_div::isUsageEnabled('BE')) {
                                                /** @var $saltingObject tx_saltedpasswords_salts */
                                        $saltingObject = tx_saltedpasswords_salts_factory::getSaltingInstance($row['password']);
@@ -94,7 +93,7 @@ class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvi
                        }
 
                        if (!$secure) {
-                               $value    = $GLOBALS['LANG']->getLL('status_insecure');
+                               $value = $GLOBALS['LANG']->getLL('status_insecure');
                                $severity = tx_reports_reports_status_Status::ERROR;
 
                                $editUserAccountUrl = 'alt_doc.php?returnUrl=mod.php?M=tools_txreportsM1&edit[be_users][' . $row['uid'] . ']=edit';
@@ -115,19 +114,17 @@ class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvi
        /**
         * Checks whether the encryption key is empty.
         *
-        * @return      tx_reports_reports_status_Status        An tx_reports_reports_status_Status object representing whether the encryption key is empty or not
+        * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether the encryption key is empty or not
         */
        protected function getEncryptionKeyStatus() {
-               $value    = $GLOBALS['LANG']->getLL('status_ok');
-               $message  = '';
+               $value = $GLOBALS['LANG']->getLL('status_ok');
+               $message = '';
                $severity = tx_reports_reports_status_Status::OK;
 
                if (empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'])) {
-                       $value    = $GLOBALS['LANG']->getLL('status_insecure');
+                       $value = $GLOBALS['LANG']->getLL('status_insecure');
                        $severity = tx_reports_reports_status_Status::ERROR;
-
-                       $url = 'install/index.php?redirect_url=index.php'
-                               . urlencode('?TYPO3_INSTALL[type]=config#set_encryptionKey');
+                       $url = 'install/index.php?redirect_url=index.php' . urlencode('?TYPO3_INSTALL[type]=config#set_encryptionKey');
 
                        $message = sprintf(
                                $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_encryption'),
@@ -144,28 +141,24 @@ class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvi
        /**
         * Checks if fileDenyPattern was changed which is dangerous on Apache
         *
-        * @return      tx_reports_reports_status_Status        An tx_reports_reports_status_Status object representing whether the file deny pattern has changed
+        * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether the file deny pattern has changed
         */
        protected function getFileDenyPatternStatus() {
-               $value    = $GLOBALS['LANG']->getLL('status_ok');
-               $message  = '';
+               $value = $GLOBALS['LANG']->getLL('status_ok');
+               $message = '';
                $severity = tx_reports_reports_status_Status::OK;
 
                $defaultParts = t3lib_div::trimExplode('|', FILE_DENY_PATTERN_DEFAULT, TRUE);
                $givenParts = t3lib_div::trimExplode('|', $GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'], TRUE);
                $result = array_intersect($defaultParts, $givenParts);
                if ($defaultParts !== $result) {
-                       $value    = $GLOBALS['LANG']->getLL('status_insecure');
+                       $value = $GLOBALS['LANG']->getLL('status_insecure');
                        $severity = tx_reports_reports_status_Status::ERROR;
-
-                       $url = 'install/index.php?redirect_url=index.php'
-                               . urlencode('?TYPO3_INSTALL[type]=config#set_encryptionKey');
+                       $url = 'install/index.php?redirect_url=index.php' . urlencode('?TYPO3_INSTALL[type]=config#set_encryptionKey');
 
                        $message = sprintf(
                                $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_pattern_partsNotPresent'),
-                               '<br /><pre>'
-                               . htmlspecialchars(FILE_DENY_PATTERN_DEFAULT)
-                               . '</pre><br />'
+                               '<br /><pre>' . htmlspecialchars(FILE_DENY_PATTERN_DEFAULT) . '</pre><br />'
                        );
                }
 
@@ -178,17 +171,17 @@ class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvi
         * Checks if fileDenyPattern allows to upload .htaccess files which is
         * dangerous on Apache.
         *
-        * @return      tx_reports_reports_status_Status        An tx_reports_reports_status_Status object representing whether it's possible to upload .htaccess files
+        * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether it's possible to upload .htaccess files
         */
        protected function getHtaccessUploadStatus() {
-               $value    = $GLOBALS['LANG']->getLL('status_ok');
-               $message  = '';
+               $value = $GLOBALS['LANG']->getLL('status_ok');
+               $message = '';
                $severity = tx_reports_reports_status_Status::OK;
 
                if ($GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] != FILE_DENY_PATTERN_DEFAULT && t3lib_div::verifyFilenameAgainstDenyPattern('.htaccess')) {
-                       $value    = $GLOBALS['LANG']->getLL('status_insecure');
+                       $value = $GLOBALS['LANG']->getLL('status_insecure');
                        $severity = tx_reports_reports_status_Status::ERROR;
-                       $message  = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_htaccess');
+                       $message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_htaccess');
                }
 
                return t3lib_div::makeInstance('tx_reports_reports_status_Status',
@@ -199,7 +192,7 @@ class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvi
        /**
         * Checks whether memcached is configured, if that's the case we asume it's also used.
         *
-        * @return      boolean TRUE if memcached is used, FALSE otherwise.
+        * @return boolean TRUE if memcached is used, FALSE otherwise.
         */
        protected function isMemcachedUsed() {
                $memcachedUsed = FALSE;
@@ -216,7 +209,7 @@ class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvi
        /**
         * Executes commands like removing the Install Tool enable file.
         *
-        * @return      void
+        * @return void
         */
        protected function executeAdminCommand() {
                $command = t3lib_div::_GET('adminCmd');
@@ -231,19 +224,19 @@ class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvi
        /**
         * Checks whether the Install Tool password is set to its default value.
         *
-        * @return      tx_reports_reports_status_Status        An tx_reports_reports_status_Status object representing the security of the install tool password
+        * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing the security of the install tool password
         */
        protected function getInstallToolPasswordStatus() {
-               $value    = $GLOBALS['LANG']->getLL('status_ok');
-               $message  = '';
+               $value = $GLOBALS['LANG']->getLL('status_ok');
+               $message = '';
                $severity = tx_reports_reports_status_Status::OK;
 
                if ($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'] == md5('joh316')) {
-                       $value    = $GLOBALS['LANG']->getLL('status_insecure');
+                       $value = $GLOBALS['LANG']->getLL('status_insecure');
                        $severity = tx_reports_reports_status_Status::ERROR;
 
-                       $changeInstallToolPasswordUrl = 'install/index.php?redirect_url=index.php'
-                               urlencode('?TYPO3_INSTALL[type]=about');
+                       $changeInstallToolPasswordUrl = 'install/index.php?redirect_url=index.php' .
+                               urlencode('?TYPO3_INSTALL[type]=about');
 
                        $message = sprintf(
                                $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_password'),
@@ -260,38 +253,44 @@ class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvi
        /**
         * Checks whether the Install Tool password is set to its default value.
         *
-        * @return      tx_reports_reports_status_Status        An tx_reports_reports_status_Status object representing the security of the saltedpassswords extension
+        * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing the security of the saltedpassswords extension
         */
        protected function getSaltedPasswordsStatus() {
-               $value    = $GLOBALS['LANG']->getLL('status_ok');
-               $message  = '';
+               $value = $GLOBALS['LANG']->getLL('status_ok');
+               $message = '';
                $severity = tx_reports_reports_status_Status::OK;
 
                if (!t3lib_extMgm::isLoaded('saltedpasswords')) {
-                       $value    = $GLOBALS['LANG']->getLL('status_insecure');
+                       $value = $GLOBALS['LANG']->getLL('status_insecure');
                        $severity = tx_reports_reports_status_Status::ERROR;
                        $message .= $GLOBALS['LANG']->getLL('status_saltedPasswords_notInstalled');
                } else {
-                       /** @var tx_saltedpasswords_emconfhelper $configCheck */
+                               /** @var tx_saltedpasswords_emconfhelper $configCheck */
                        $configCheck = t3lib_div::makeInstance('tx_saltedpasswords_emconfhelper');
-                       $message .= '<p>' . $GLOBALS['LANG']->getLL('status_saltedPasswords_infoText') . '</p>';
+                       $message = '<p>' . $GLOBALS['LANG']->getLL('status_saltedPasswords_infoText') . '</p>';
+                       $messageDetail = '';
                        $flashMessage = $configCheck->checkConfigurationBackend(array(), new t3lib_tsStyleConfig());
 
                        if (strpos($flashMessage, 'message-error') !== FALSE ||
                                strpos($flashMessage, 'message-warning') !== FALSE ||
                                strpos($flashMessage, 'message-information') !== FALSE
                        ) {
-                               $value    = $GLOBALS['LANG']->getLL('status_insecure');
+                               $value = $GLOBALS['LANG']->getLL('status_insecure');
                                $severity = tx_reports_reports_status_Status::ERROR;
-                               $message .= $flashMessage;
+                               $messageDetail .= $flashMessage;
                        }
 
                        $unsecureUserCount = tx_saltedpasswords_div::getNumberOfBackendUsersWithInsecurePassword();
                        if ($unsecureUserCount > 0) {
-                               $value    = $GLOBALS['LANG']->getLL('status_insecure');
+                               $value = $GLOBALS['LANG']->getLL('status_insecure');
                                $severity = tx_reports_reports_status_Status::ERROR;
-                               $message .= '<div class="typo3-message message-warning">' .
-                                               $GLOBALS['LANG']->getLL('status_saltedPasswords_notAllPasswordsHashed') .'</div>';
+                               $messageDetail .= '<div class="typo3-message message-warning">' .
+                                       $GLOBALS['LANG']->getLL('status_saltedPasswords_notAllPasswordsHashed') . '</div>';
+                       }
+
+                       $message .= $messageDetail;
+                       if (empty($messageDetail)) {
+                               $message = '';
                        }
                }
 
@@ -303,57 +302,45 @@ class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvi
        /**
         * Checks for the existance of the ENABLE_INSTALL_TOOL file.
         *
-        * @return      tx_reports_reports_status_Status        An tx_reports_reports_status_Status object representing whether ENABLE_INSTALL_TOOL exists
+        * @return tx_reports_reports_status_Status An tx_reports_reports_status_Status object representing whether ENABLE_INSTALL_TOOL exists
         */
        protected function getInstallToolProtectionStatus() {
                $enableInstallToolFile = PATH_site . 'typo3conf/ENABLE_INSTALL_TOOL';
-               $value    = $GLOBALS['LANG']->getLL('status_disabled');
-               $message  = '';
+               $value = $GLOBALS['LANG']->getLL('status_disabled');
+               $message = '';
                $severity = tx_reports_reports_status_Status::OK;
 
                $enableInstallToolFileExists = is_file($enableInstallToolFile);
 
                if ($enableInstallToolFileExists) {
-
                        if (trim(file_get_contents($enableInstallToolFile)) === 'KEEP_FILE') {
-
                                $severity = tx_reports_reports_status_Status::WARNING;
-
-                               $disableInstallToolUrl = t3lib_div::getIndpEnv('TYPO3_REQUEST_URL')
-                                       . '&amp;adminCmd=remove_ENABLE_INSTALL_TOOL';
-
-                               $value    = $GLOBALS['LANG']->getLL('status_enabledPermanently');
+                               $disableInstallToolUrl = t3lib_div::getIndpEnv('TYPO3_REQUEST_URL') .
+                                       '&amp;adminCmd=remove_ENABLE_INSTALL_TOOL';
+                               $value = $GLOBALS['LANG']->getLL('status_enabledPermanently');
 
                                $message = sprintf(
                                        $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled'),
                                        '<span style="white-space: nowrap;">' . $enableInstallToolFile . '</span>');
-                               $message .= ' <a href="' . $disableInstallToolUrl . '">'
-                                       . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled_cmd')
-                                       . '</a>';
-
+                               $message .= ' <a href="' . $disableInstallToolUrl . '">' .
+                                       $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled_cmd') .
+                                       '</a>';
                        } else {
-
                                $enableInstallToolFileTtl = filemtime($enableInstallToolFile) + 3600 - time();
-
                                if ($enableInstallToolFileTtl <= 0) {
-
                                        unlink($enableInstallToolFile);
-
                                } else {
-
                                        $severity = tx_reports_reports_status_Status::NOTICE;
-
-                                       $disableInstallToolUrl = t3lib_div::getIndpEnv('TYPO3_REQUEST_URL')
-                                               . '&amp;adminCmd=remove_ENABLE_INSTALL_TOOL';
-
+                                       $disableInstallToolUrl = t3lib_div::getIndpEnv('TYPO3_REQUEST_URL') .
+                                               '&amp;adminCmd=remove_ENABLE_INSTALL_TOOL';
                                        $value = $GLOBALS['LANG']->getLL('status_enabledTemporarily');
 
                                        $message = sprintf(
                                                $GLOBALS['LANG']->getLL('status_installEnabledTemporarily'),
                                                '<span style="white-space: nowrap;">' . $enableInstallToolFile . '</span>', floor($enableInstallToolFileTtl/60) );
-                                       $message .= ' <a href="' . $disableInstallToolUrl . '">'
-                                               . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled_cmd')
-                                               '</a>';
+                                       $message .= ' <a href="' . $disableInstallToolUrl . '">' .
+                                               $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled_cmd') .
+                                               '</a>';
                                }
                        }
                }
@@ -362,7 +349,6 @@ class tx_reports_reports_status_SecurityStatus implements tx_reports_StatusProvi
                        $GLOBALS['LANG']->getLL('status_installTool'), $value, $message, $severity
                );
        }
-
 }