From 981e165c3e626ee3e33b3e38f945df9255629a63 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 29 Nov 2022 10:24:21 +0100 Subject: [PATCH] Reduce default value from 1000 to 200 for MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS --- htdocs/admin/security_other.php | 6 ++--- htdocs/admin/system/security.php | 26 +++++++++++++++++++ .../public/eventorganization/attendee_new.php | 2 +- htdocs/public/members/new.php | 2 +- htdocs/public/opensurvey/studs.php | 4 +-- htdocs/public/partnership/new.php | 2 +- htdocs/public/project/new.php | 2 +- htdocs/public/project/suggestbooth.php | 2 +- htdocs/public/project/suggestconference.php | 2 +- htdocs/public/ticket/create_ticket.php | 2 +- 10 files changed, 38 insertions(+), 12 deletions(-) diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index 99b08df44d0..07ddb48dba4 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -180,7 +180,7 @@ if (ini_get("session.gc_probability") == 0) { } print ''; print ''; -print ' '.strtolower($langs->trans("Seconds")); +print ' '.strtolower($langs->trans("Seconds")); print ''; print ''; @@ -188,7 +188,7 @@ print ''; print ''.$langs->trans("MaxNumberOfImagesInGetPost").''; print ''; print ''; -print ' '.strtolower($langs->trans("Images")); +print ' '.strtolower($langs->trans("Images")); print ''; print ''; @@ -196,7 +196,7 @@ print ''; print ''.$langs->trans("MaxNumberOfPostOnPublicPagesByIP").''; print ''; print ''; -print ' '.strtolower($langs->trans("Posts")); +print ' '.strtolower($langs->trans("Posts")); print ''; print ''; diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index d820b8faab7..f8f47baebf9 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -312,6 +312,32 @@ print yn(empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) ? 0 : 1); print '
'; print '
'; + +$sessiontimeout = ini_get("session.gc_maxlifetime"); +if (empty($conf->global->MAIN_SESSION_TIMEOUT)) { + $conf->global->MAIN_SESSION_TIMEOUT = $sessiontimeout; +} +print ''.$langs->trans("SessionTimeOut").''; +if (ini_get("session.gc_probability") == 0) { + print $form->textwithpicto('', $langs->trans("SessionsPurgedByExternalSystem", ini_get("session.gc_maxlifetime"))); +} else { + print $form->textwithpicto('', $langs->trans("SessionExplanation", ini_get("session.gc_probability"), ini_get("session.gc_divisor"), ini_get("session.gc_maxlifetime"))); +} +print ': '.getDolGlobalInt('MAIN_SESSION_TIMEOUT').' '.strtolower($langs->trans("Seconds")); +print '

'; + +print ''.$langs->trans("MaxNumberOfImagesInGetPost").': '; +print getDolGlobalInt('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT').' '.strtolower($langs->trans("Images")); +print '

'; + +print ''.$langs->trans("MaxNumberOfPostOnPublicPagesByIP").': '; +print getDolGlobalInt('MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS', 200).' '.strtolower($langs->trans("Posts")); +print '

'; + +print ''.$langs->trans("MaxNumberOfAttachementOnForms").': '; +print getDolGlobalInt("MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", 10).' '.strtolower($langs->trans("Files")); +print '

'; + print ''.$langs->trans("DoNotStoreClearPassword").': '; print empty($conf->global->DATABASE_PWD_ENCRYPTED) ? '' : img_picto('', 'tick').' '; print yn(empty($conf->global->DATABASE_PWD_ENCRYPTED) ? 0 : 1); diff --git a/htdocs/public/eventorganization/attendee_new.php b/htdocs/public/eventorganization/attendee_new.php index f26a4b38548..cb4ba38e628 100644 --- a/htdocs/public/eventorganization/attendee_new.php +++ b/htdocs/public/eventorganization/attendee_new.php @@ -285,7 +285,7 @@ if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conferen $confattendee->note_public = $note_public; $confattendee->ip = getUserRemoteIP(); - $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200); $now = dol_now(); $minmonthpost = dol_time_plus_duree($now, -1, "m"); // Calculate nb of post for IP diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index 4523a86b063..7b5acf5c99d 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -287,7 +287,7 @@ if (empty($reshook) && $action == 'add') { $adh->ip = getUserRemoteIP(); - $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200); $now = dol_now(); $minmonthpost = dol_time_plus_duree($now, -1, "m"); // Calculate nb of post for IP diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index a0cff3254e4..34f8ecd9400 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -99,7 +99,7 @@ if (GETPOST('ajoutcomment', 'alpha')) { } $user_ip = getUserRemoteIP(); - $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200); $now = dol_now(); $minmonthpost = dol_time_plus_duree($now, -1, "m"); // Calculate nb of post for IP @@ -155,7 +155,7 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo } $user_ip = getUserRemoteIP(); - $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200); $now = dol_now(); $minmonthpost = dol_time_plus_duree($now, -1, "m"); // Calculate nb of post for IP diff --git a/htdocs/public/partnership/new.php b/htdocs/public/partnership/new.php index 322e2601e53..b6444753eb7 100644 --- a/htdocs/public/partnership/new.php +++ b/htdocs/public/partnership/new.php @@ -226,7 +226,7 @@ if (empty($reshook) && $action == 'add') { //$partnership->typeid = $conf->global->PARTNERSHIP_NEWFORM_FORCETYPE ? $conf->global->PARTNERSHIP_NEWFORM_FORCETYPE : GETPOST('typeid', 'int'); $partnership->ip = getUserRemoteIP(); - $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200); $now = dol_now(); $minmonthpost = dol_time_plus_duree($now, -1, "m"); // Calculate nb of post for IP diff --git a/htdocs/public/project/new.php b/htdocs/public/project/new.php index 11815a2a0e2..7603c046006 100644 --- a/htdocs/public/project/new.php +++ b/htdocs/public/project/new.php @@ -298,7 +298,7 @@ if (empty($reshook) && $action == 'add') { $proj->fk_opp_status = $defaultoppstatus; $proj->ip = getUserRemoteIP(); - $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200); $now = dol_now(); $minmonthpost = dol_time_plus_duree($now, -1, "m"); $nb_post_ip = 0; diff --git a/htdocs/public/project/suggestbooth.php b/htdocs/public/project/suggestbooth.php index 8f9705d0b92..68e469b6a00 100644 --- a/htdocs/public/project/suggestbooth.php +++ b/htdocs/public/project/suggestbooth.php @@ -364,7 +364,7 @@ if (empty($reshook) && $action == 'add') { $conforbooth->tms = dol_now(); $conforbooth->ip = getUserRemoteIP(); - $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200); $now = dol_now(); $minmonthpost = dol_time_plus_duree($now, -1, "m"); diff --git a/htdocs/public/project/suggestconference.php b/htdocs/public/project/suggestconference.php index f68ec3352d4..5590b0bf94c 100644 --- a/htdocs/public/project/suggestconference.php +++ b/htdocs/public/project/suggestconference.php @@ -362,7 +362,7 @@ if (empty($reshook) && $action == 'add') { $conforbooth->lastname = $contact->lastname; $conforbooth->ip = getUserRemoteIP(); - $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200); $now = dol_now(); $minmonthpost = dol_time_plus_duree($now, -1, "m"); diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 242508b7a8c..75111725df0 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -247,7 +247,7 @@ if (empty($reshook)) { $object->severity_code = GETPOST("severity_code", 'aZ09'); $object->ip = getUserRemoteIP(); - $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200); $now = dol_now(); $minmonthpost = dol_time_plus_duree($now, -1, "m");