2 namespace TYPO3\CMS\Reports\Report\Status;
36 'adminUserAccount' => $this->getAdminAccountStatus(),
40 'saltedpasswords' => $this->getSaltedPasswordsStatus()
52 $value =
$GLOBALS[
'LANG']->getLL(
'status_ok');
54 $severity = \TYPO3\CMS\Reports\Status::OK;
56 $value =
$GLOBALS[
'LANG']->getLL(
'status_insecure');
57 $severity = \TYPO3\CMS\Reports\Status::ERROR;
58 $message =
$GLOBALS[
'LANG']->sL(
'LLL:EXT:lang/locallang_core.xlf:warning.install_trustedhosts');
61 $GLOBALS[
'LANG']->getLL(
'status_trustedHostsPattern'), $value, $message, $severity);
69 protected function getAdminAccountStatus()
71 $value =
$GLOBALS[
'LANG']->getLL(
'status_ok');
73 $severity = \TYPO3\CMS\Reports\Status::OK;
74 $whereClause =
'username = ' .
$GLOBALS[
'TYPO3_DB']->fullQuoteStr(
'admin',
'be_users') .
76 $res =
$GLOBALS[
'TYPO3_DB']->exec_SELECTquery(
'uid, username, password',
'be_users', $whereClause);
77 $row =
$GLOBALS[
'TYPO3_DB']->sql_fetch_assoc($res);
81 $saltingObject = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($row[
'password']);
82 if (is_object($saltingObject)) {
83 if ($saltingObject->checkPassword(
'password', $row[
'password'])) {
88 if ($row[
'password'] ===
'5f4dcc3b5aa765d61d8327deb882cf99') {
92 $value =
$GLOBALS[
'LANG']->getLL(
'status_insecure');
93 $severity = \TYPO3\CMS\Reports\Status::ERROR;
94 $editUserAccountUrl = BackendUtility::getModuleUrl(
97 'edit[be_users][' . $row[
'uid'] .
']' =>
'edit',
98 'returnUrl' => BackendUtility::getModuleUrl(
'system_ReportsTxreportsm1')
101 $message = sprintf(
$GLOBALS[
'LANG']->sL(
'LLL:EXT:lang/locallang_core.xlf:warning.backend_admin'),
102 '<a href="' . htmlspecialchars($editUserAccountUrl) .
'">',
'</a>');
105 $GLOBALS[
'TYPO3_DB']->sql_free_result($res);
107 $GLOBALS[
'LANG']->getLL(
'status_adminUserAccount'), $value, $message, $severity);
117 $value =
$GLOBALS[
'LANG']->getLL(
'status_ok');
119 $severity = \TYPO3\CMS\Reports\Status::OK;
120 if (empty(
$GLOBALS[
'TYPO3_CONF_VARS'][
'SYS'][
'encryptionKey'])) {
121 $value =
$GLOBALS[
'LANG']->getLL(
'status_insecure');
122 $severity = \TYPO3\CMS\Reports\Status::ERROR;
123 $url =
'install/index.php?redirect_url=index.php' . urlencode(
'?TYPO3_INSTALL[type]=config#set_encryptionKey');
124 $message = sprintf(
$GLOBALS[
'LANG']->sL(
'LLL:EXT:lang/locallang_core.xlf:warning.install_encryption'),
125 '<a href="' .
$url .
'">',
'</a>');
128 $GLOBALS[
'LANG']->getLL(
'status_encryptionKey'), $value, $message, $severity);
138 $value =
$GLOBALS[
'LANG']->getLL(
'status_ok');
140 $severity = \TYPO3\CMS\Reports\Status::OK;
143 $result = array_intersect($defaultParts, $givenParts);
144 if ($defaultParts !== $result) {
145 $value =
$GLOBALS[
'LANG']->getLL(
'status_insecure');
146 $severity = \TYPO3\CMS\Reports\Status::ERROR;
147 $message = sprintf(
$GLOBALS[
'LANG']->sL(
'LLL:EXT:lang/locallang_core.xlf:warning.file_deny_pattern_partsNotPresent'),
148 '<br /><pre>' . htmlspecialchars(FILE_DENY_PATTERN_DEFAULT) .
'</pre><br />');
151 $GLOBALS[
'LANG']->getLL(
'status_fileDenyPattern'), $value, $message, $severity);
162 $value =
$GLOBALS[
'LANG']->getLL(
'status_ok');
164 $severity = \TYPO3\CMS\Reports\Status::OK;
165 if (
$GLOBALS[
'TYPO3_CONF_VARS'][
'BE'][
'fileDenyPattern'] != FILE_DENY_PATTERN_DEFAULT
167 $value =
$GLOBALS[
'LANG']->getLL(
'status_insecure');
168 $severity = \TYPO3\CMS\Reports\Status::ERROR;
169 $message =
$GLOBALS[
'LANG']->sL(
'LLL:EXT:lang/locallang_core.xlf:warning.file_deny_htaccess');
172 $GLOBALS[
'LANG']->getLL(
'status_htaccessUploadProtection'), $value, $message, $severity);
182 $memcachedUsed =
false;
183 $memcachedServers = $this->getConfiguredMemcachedServers();
184 if (!empty($memcachedServers)) {
185 $memcachedUsed =
true;
187 return $memcachedUsed;
195 protected function getSaltedPasswordsStatus()
197 $value =
$GLOBALS[
'LANG']->getLL(
'status_ok');
198 $severity = \TYPO3\CMS\Reports\Status::OK;
201 $message =
'<p>' .
$GLOBALS[
'LANG']->getLL(
'status_saltedPasswords_infoText') .
'</p>';
203 $resultCheck = $configCheck->checkConfigurationBackend(array(),
new \TYPO3\CMS\Core\TypoScript\ConfigurationForm());
204 switch ($resultCheck[
'errorType']) {
206 $messageDetail .= $resultCheck[
'html'];
209 $severity = \TYPO3\CMS\Reports\Status::WARNING;
210 $messageDetail .= $resultCheck[
'html'];
213 $value =
$GLOBALS[
'LANG']->getLL(
'status_insecure');
214 $severity = \TYPO3\CMS\Reports\Status::ERROR;
215 $messageDetail .= $resultCheck[
'html'];
220 if ($unsecureUserCount > 0) {
221 $value =
$GLOBALS[
'LANG']->getLL(
'status_insecure');
222 $severity = \TYPO3\CMS\Reports\Status::ERROR;
223 $messageDetail .=
'<div class="panel panel-warning">' .
224 '<div class="panel-body">' .
225 $GLOBALS[
'LANG']->getLL(
'status_saltedPasswords_notAllPasswordsHashed') .
229 $message .= $messageDetail;
230 if (empty($messageDetail)) {
234 $GLOBALS[
'LANG']->getLL(
'status_saltedPasswords'), $value, $message, $severity);