From a0dda0ed7794dc1ed6ad9b1dd7e421e7ca56457a Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 11 Sep 2022 12:35:40 +0200
Subject: [PATCH] NEW Add more advices into the Setup security page

---
 htdocs/admin/security.php        |  2 +-
 htdocs/admin/system/security.php | 26 ++++++++++++++++++++++----
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php
index de404916fb4..02cddbd5d70 100644
--- a/htdocs/admin/security.php
+++ b/htdocs/admin/security.php
@@ -229,7 +229,7 @@ foreach ($arrayhandler as $key => $module) {
 
 	if ($module->isEnabled()) {
 		print '<tr class="oddeven"><td>';
-		print img_picto('', $module->picto, 'class="width25 size15x opacitymedium"').' ';
+		print img_picto('', $module->picto, 'class="width25 size15x"').' ';
 		print ucfirst($key);
 		print "</td><td>\n";
 		print $module->getDescription().'<br>';
diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php
index 7ee7c93a97d..c2e486fc940 100644
--- a/htdocs/admin/system/security.php
+++ b/htdocs/admin/system/security.php
@@ -297,7 +297,7 @@ if (empty($conf->global->SECURITY_DISABLE_TEST_ON_OBFUSCATED_CONF)) {
 
 
 
-// Menu security
+// Menu Home - Setup - Security
 
 print '<br>';
 print '<br>';
@@ -338,6 +338,11 @@ print '<br>';
 print '<br>';
 */
 
+/* Password length
+
+// Stored into $tabconf[0] if module generator is "Perso" or specific to the module generator.
+$tabConf = explode(";", getDolGlobalString('USER_PASSWORD_PATTERN'));
+
 print '<strong>'.$langs->trans("PasswordLength").'</strong>: ';
 print empty($conf->global->DATABASE_PWD_ENCRYPTED) ? '' : img_picto('', 'tick').' ';
 print yn(empty($conf->global->DATABASE_PWD_ENCRYPTED) ? 0 : 1);
@@ -346,7 +351,7 @@ if (empty($conf->global->DATABASE_PWD_ENCRYPTED)) {
 }
 print '<br>';
 print '<br>';
-
+*/
 
 print '<strong>'.$langs->trans("AntivirusEnabledOnUpload").'</strong>: ';
 print empty($conf->global->MAIN_ANTIVIRUS_COMMAND) ? img_warning().' ' : img_picto('', 'tick').' ';
@@ -362,6 +367,19 @@ if (empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) {
 print '<br>';
 print '<br>';
 
+$umask = getDolGlobalString('MAIN_UMASK');
+
+print '<strong>'.$langs->trans("UMask").'</strong>: ';
+if (! in_array($umask, array('600', '660', '0600', '0660'))) {
+	print img_warning().' ';
+}
+print $umask;
+if (! in_array($umask, array('600', '660', '0600', '0660'))) {
+	print ' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 0600 | 0660'.')</span>';
+}
+print '<br>';
+print '<br>';
+
 
 $securityevent = new Events($db);
 $eventstolog = $securityevent->eventstolog;
@@ -527,10 +545,10 @@ print '<br>';
 print '<strong>MAIN_SECURITY_FORCECSP</strong> = '.(empty($conf->global->MAIN_SECURITY_FORCECSP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_FORCECSP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"default-src 'self'; img-src *;\")</span><br>";
 print '<br>';
 
-print '<strong>WEBSITE_MAIN_SECURITY_FORCECSP</strong> = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCECSP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->WEBSITE_MAIN_SECURITY_FORCECSP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *;\")</span><br>";
+print '<strong>MAIN_SECURITY_FORCERP</strong> = '.(empty($conf->global->MAIN_SECURITY_FORCERP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_FORCERP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"same-origin\")</span><br>";
 print '<br>';
 
-print '<strong>MAIN_SECURITY_FORCERP</strong> = '.(empty($conf->global->MAIN_SECURITY_FORCERP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_FORCERP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"same-origin\")</span><br>";
+print '<strong>WEBSITE_MAIN_SECURITY_FORCECSP</strong> = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCECSP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->WEBSITE_MAIN_SECURITY_FORCECSP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *;\")</span><br>";
 print '<br>';
 
 print '<strong>WEBSITE_MAIN_SECURITY_FORCERP</strong> = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCERP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->WEBSITE_MAIN_SECURITY_FORCERP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"strict-origin-when-cross-origin\")</span><br>";