From 13132ef2ed66f811251f4274e3124aeda572ba36 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 12 Jan 2015 13:20:27 +0100 Subject: [PATCH 1/2] Better organisation of entries into security setup area --- htdocs/admin/security_file.php | 214 ++++++++++++++++++++++++ htdocs/admin/security_other.php | 104 +----------- htdocs/core/lib/admin.lib.php | 15 +- htdocs/core/menus/standard/eldy.lib.php | 2 +- 4 files changed, 226 insertions(+), 109 deletions(-) create mode 100644 htdocs/admin/security_file.php diff --git a/htdocs/admin/security_file.php b/htdocs/admin/security_file.php new file mode 100644 index 00000000000..4c0dd435634 --- /dev/null +++ b/htdocs/admin/security_file.php @@ -0,0 +1,214 @@ + + * Copyright (C) 2005-2012 Regis Houssin + * Copyright (C) 2013 Juanjo Menent + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/admin/security_file.php + * \ingroup core + * \brief Security options setup + */ + +require '../main.inc.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; + +$langs->load("users"); +$langs->load("admin"); +$langs->load("other"); + +if (! $user->admin) + accessforbidden(); + +$action=GETPOST('action','alpha'); + +$upload_dir=$conf->admin->dir_temp; + + +/* + * Actions + */ + +if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC)) +{ + require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + + dol_add_file_process($upload_dir, 0, 0, 'userfile'); +} + +if (preg_match('/set_(.*)/',$action,$reg)) +{ + $code=$reg[1]; + $value=(GETPOST($code) ? GETPOST($code) : 1); + if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) + { + Header("Location: ".$_SERVER["PHP_SELF"]); + exit; + } + else + { + dol_print_error($db); + } +} + +else if (preg_match('/del_(.*)/',$action,$reg)) +{ + $code=$reg[1]; + if (dolibarr_del_const($db, $code, $conf->entity) > 0) + { + Header("Location: ".$_SERVER["PHP_SELF"]); + exit; + } + else + { + dol_print_error($db); + } +} + +else if ($action == 'updateform') +{ + $res3=dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',$_POST["MAIN_UPLOAD_DOC"],'chaine',0,'',$conf->entity); + $res4=dolibarr_set_const($db, "MAIN_UMASK", $_POST["MAIN_UMASK"],'chaine',0,'',$conf->entity); + $res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", $_POST["MAIN_ANTIVIRUS_COMMAND"],'chaine',0,'',$conf->entity); + $res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", $_POST["MAIN_ANTIVIRUS_PARAM"],'chaine',0,'',$conf->entity); + if ($res3 && $res4 && $res5 && $res6) setEventMessage($langs->trans("RecordModifiedSuccessfully")); +} + + + +// Delete file +else if ($action == 'delete') +{ + $langs->load("other"); + $file = $conf->admin->dir_temp . '/' . GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). + $ret=dol_delete_file($file); + if ($ret) setEventMessage($langs->trans("FileWasRemoved", GETPOST('urlfile'))); + else setEventMessage($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), 'errors'); + Header('Location: '.$_SERVER["PHP_SELF"]); + exit; +} + +/* + * View + */ + +$form = new Form($db); + +llxHeader('',$langs->trans("Files")); + +print_fiche_titre($langs->trans("SecuritySetup"),'','setup'); + +//print $langs->trans("FilesDesc")."
\n"; +//print "
\n"; + + + +print '
'; +print ''; +print ''; + +$head=security_prepare_head(); + +dol_fiche_head($head, 'file', $langs->trans("Security")); + + +// Upload options +$var=false; + +print ''; +print ''; +print ''; +print ''; +print ''; + +print ''; +print ''; +print ''; +print ''; + +$var=!$var; +print ''; +print ''; +print ''; +print ''; + +// Use anti virus +$var=!$var; +print ""; +print ''; +print '"; +print ''; + +// Use anti virus +$var=!$var; +print ""; +print ''; +print '"; +print ''; + +print '
'.$langs->trans("Parameters").''.$langs->trans("Value").'
'.$langs->trans("MaxSizeForUploadedFiles").'.'; +$max=@ini_get('upload_max_filesize'); +if ($max) print ' '.$langs->trans("MustBeLowerThanPHPLimit",$max*1024,$langs->trans("Kb")).'.'; +else print ' '.$langs->trans("NoMaxSizeByPHPLimit").'.'; +print ''; +print ' '.$langs->trans("Kb"); +print '
'.$langs->trans("UMask").''; +print $form->textwithpicto('',$langs->trans("UMaskExplanation")); +print ''; +print ''; +print '
'.$langs->trans("AntiVirusCommand").'
'; +print $langs->trans("AntiVirusCommandExample"); +// Check command in inside safe_mode +print '		'; +if (ini_get('safe_mode') && ! empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) +{ + $langs->load("errors"); + $basedir=preg_replace('/"/','',dirname($conf->global->MAIN_ANTIVIRUS_COMMAND)); + $listdir=explode(';',ini_get('safe_mode_exec_dir')); + if (! in_array($basedir,$listdir)) + { + print img_warning($langs->trans('WarningSafeModeOnCheckExecDir')); + dol_syslog("safe_mode is on, basedir is ".$basedir.", safe_mode_exec_dir is ".ini_get('safe_mode_exec_dir'), LOG_WARNING); + } +} +print ''; +print "
'.$langs->trans("AntiVirusParam").'
'; +print $langs->trans("AntiVirusParamExample"); +print '		'; +print ''; +print "
'; + +dol_fiche_end(); + +print '
'; + +print '
'; + + + +// Form to test upload +print '
'; +$formfile=new FormFile($db); +$formfile->form_attach_new_file($_SERVER['PHP_SELF'], $langs->trans("FormToTestFileUploadForm"), 0, 0, 1, 50, '', '', 1, '', 0); + +// List of document +$filearray=dol_dir_list($upload_dir, "files", 0, '', '', 'name', SORT_ASC, 1); +$formfile->list_of_documents($filearray, '', 'admin_temp', ''); + +llxFooter(); +$db->close(); diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index 064f7ad0cd9..4dc0c0e06a3 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -37,20 +37,12 @@ if (! $user->admin) $action=GETPOST('action','alpha'); -$upload_dir=$conf->admin->dir_temp; /* * Actions */ -if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC)) -{ - require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - - dol_add_file_process($upload_dir, 0, 0, 'userfile'); -} - if (preg_match('/set_(.*)/',$action,$reg)) { $code=$reg[1]; @@ -84,27 +76,11 @@ else if ($action == 'updateform') { $res1=dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", $_POST["MAIN_APPLICATION_TITLE"],'chaine',0,'',$conf->entity); $res2=dolibarr_set_const($db, "MAIN_SESSION_TIMEOUT", $_POST["MAIN_SESSION_TIMEOUT"],'chaine',0,'',$conf->entity); - $res3=dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',$_POST["MAIN_UPLOAD_DOC"],'chaine',0,'',$conf->entity); - $res4=dolibarr_set_const($db, "MAIN_UMASK", $_POST["MAIN_UMASK"],'chaine',0,'',$conf->entity); - $res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", $_POST["MAIN_ANTIVIRUS_COMMAND"],'chaine',0,'',$conf->entity); - $res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", $_POST["MAIN_ANTIVIRUS_PARAM"],'chaine',0,'',$conf->entity); - if ($res1 && $res2 && $res3 && $res4 && $res5 && $res6) setEventMessage($langs->trans("RecordModifiedSuccessfully")); + if ($res1 && $res2) setEventMessage($langs->trans("RecordModifiedSuccessfully")); } -// Delete file -else if ($action == 'delete') -{ - $langs->load("other"); - $file = $conf->admin->dir_temp . '/' . GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). - $ret=dol_delete_file($file); - if ($ret) setEventMessage($langs->trans("FileWasRemoved", GETPOST('urlfile'))); - else setEventMessage($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), 'errors'); - Header('Location: '.$_SERVER["PHP_SELF"]); - exit; -} - /* * View */ @@ -230,74 +206,6 @@ print ''; print ''; -print '
'; - -// Upload options -$var=false; - -print ''; -print ''; -print ''; -print ''; -print ''; - -print ''; -print ''; -print ''; -print ''; - -$var=!$var; -print ''; -print ''; -print ''; -print ''; - -// Use anti virus -$var=!$var; -print ""; -print ''; -print '"; -print ''; - -// Use anti virus -$var=!$var; -print ""; -print ''; -print '"; -print ''; - -print '
'.$langs->trans("Parameters").''.$langs->trans("Value").'
'.$langs->trans("MaxSizeForUploadedFiles").'.'; -$max=@ini_get('upload_max_filesize'); -if ($max) print ' '.$langs->trans("MustBeLowerThanPHPLimit",$max*1024,$langs->trans("Kb")).'.'; -else print ' '.$langs->trans("NoMaxSizeByPHPLimit").'.'; -print ''; -print ' '.$langs->trans("Kb"); -print '
'.$langs->trans("UMask").''; -print $form->textwithpicto('',$langs->trans("UMaskExplanation")); -print ''; -print ''; -print '
'.$langs->trans("AntiVirusCommand").'
'; -print $langs->trans("AntiVirusCommandExample"); -// Check command in inside safe_mode -print '		'; -if (ini_get('safe_mode') && ! empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) -{ - $langs->load("errors"); - $basedir=preg_replace('/"/','',dirname($conf->global->MAIN_ANTIVIRUS_COMMAND)); - $listdir=explode(';',ini_get('safe_mode_exec_dir')); - if (! in_array($basedir,$listdir)) - { - print img_warning($langs->trans('WarningSafeModeOnCheckExecDir')); - dol_syslog("safe_mode is on, basedir is ".$basedir.", safe_mode_exec_dir is ".ini_get('safe_mode_exec_dir'), LOG_WARNING); - } -} -print ''; -print "
'.$langs->trans("AntiVirusParam").'
'; -print $langs->trans("AntiVirusParamExample"); -print '		'; -print ''; -print "
'; - dol_fiche_end(); print '
'; @@ -305,15 +213,5 @@ print '
'; - -// Form to test upload -print '
'; -$formfile=new FormFile($db); -$formfile->form_attach_new_file($_SERVER['PHP_SELF'], $langs->trans("FormToTestFileUploadForm"), 0, 0, 1, 50, '', '', 1, '', 0); - -// List of document -$filearray=dol_dir_list($upload_dir, "files", 0, '', '', 'name', SORT_ASC, 1); -$formfile->list_of_documents($filearray, '', 'admin_temp', ''); - llxFooter(); $db->close(); diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index dd1615d7427..a54cb5fcc79 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -516,11 +516,6 @@ function security_prepare_head() $h = 0; $head = array(); - $head[$h][0] = DOL_URL_ROOT."/admin/proxy.php"; - $head[$h][1] = $langs->trans("ExternalAccess"); - $head[$h][2] = 'proxy'; - $h++; - $head[$h][0] = DOL_URL_ROOT."/admin/security_other.php"; $head[$h][1] = $langs->trans("Miscellaneous"); $head[$h][2] = 'misc'; @@ -531,6 +526,16 @@ function security_prepare_head() $head[$h][2] = 'passwords'; $h++; + $head[$h][0] = DOL_URL_ROOT."/admin/security_file.php"; + $head[$h][1] = $langs->trans("Files"); + $head[$h][2] = 'file'; + $h++; + + $head[$h][0] = DOL_URL_ROOT."/admin/proxy.php"; + $head[$h][1] = $langs->trans("ExternalAccess"); + $head[$h][2] = 'proxy'; + $h++; + $head[$h][0] = DOL_URL_ROOT."/admin/events.php"; $head[$h][1] = $langs->trans("Audit"); $head[$h][2] = 'audit'; diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 9b7b49c9d3d..91a24db79ac 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -487,7 +487,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu } $newmenu->add("/admin/boxes.php?mainmenu=home", $langs->trans("Boxes"),1); $newmenu->add("/admin/delais.php?mainmenu=home",$langs->trans("Alerts"),1); - $newmenu->add("/admin/proxy.php?mainmenu=home", $langs->trans("Security"),1); + $newmenu->add("/admin/security_other.php?mainmenu=home", $langs->trans("Security"),1); $newmenu->add("/admin/limits.php?mainmenu=home", $langs->trans("MenuLimits"),1); $newmenu->add("/admin/pdf.php?mainmenu=home", $langs->trans("PDF"),1); $newmenu->add("/admin/mails.php?mainmenu=home", $langs->trans("Emails"),1); From f8b58605c6f8963b863f13ee3deacd62f21b6b20 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 12 Jan 2015 13:21:16 +0100 Subject: [PATCH 2/2] Better organisation of entries into security setup area --- htdocs/core/menus/init_menu_auguria.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/menus/init_menu_auguria.sql b/htdocs/core/menus/init_menu_auguria.sql index 2758ff5ecbd..b5818362591 100644 --- a/htdocs/core/menus/init_menu_auguria.sql +++ b/htdocs/core/menus/init_menu_auguria.sql @@ -27,7 +27,7 @@ insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, left insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 104__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/boxes.php?leftmenu=setup', 'Boxes', 1, 'admin', '', '', 2, 6, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 105__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/menus.php?leftmenu=setup', 'Menus', 1, 'admin', '', '', 2, 3, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 106__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/delais.php?leftmenu=setup', 'Alerts', 1, 'admin', '', '', 2, 7, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 108__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/proxy.php?leftmenu=setup', 'Security', 1, 'admin', '', '', 2, 8, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 108__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/security_other.php?leftmenu=setup', 'Security', 1, 'admin', '', '', 2, 8, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 110__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/limits.php?leftmenu=setup', 'MenuLimits', 1, 'admin', '', '', 2, 9, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 107__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/pdf.php?leftmenu=setup', 'PDF', 1, 'admin', '', '', 2, 10, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$leftmenu=="setup"', __HANDLER__, 'left', 109__+MAX_llx_menu__, 'home', '', 100__+MAX_llx_menu__, '/admin/mails.php?leftmenu=setup', 'Emails', 1, 'admin', '', '', 2, 11, __ENTITY__);