These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | // hardening |
||
4 | $hardening = ''; |
||
5 | // protect upgrade.php |
||
6 | $protect_upgrade = (bool) get_config('security_protect_upgrade'); |
||
0 ignored issues
–
show
|
|||
7 | $hardening .= elgg_view_field([ |
||
8 | '#type' => 'checkbox', |
||
9 | 'label' => elgg_echo('admin:security:settings:protect_upgrade'), |
||
10 | '#help' => elgg_echo('admin:security:settings:protect_upgrade:help'), |
||
11 | 'name' => 'security_protect_upgrade', |
||
12 | 'default' => 0, |
||
13 | 'value' => 1, |
||
14 | 'switch' => true, |
||
15 | 'checked' => $protect_upgrade, |
||
16 | ]); |
||
17 | if ($protect_upgrade) { |
||
18 | $url = elgg_http_get_signed_url('upgrade.php'); |
||
19 | $url = elgg_format_element('pre', [], $url); |
||
20 | |||
21 | $hardening .= elgg_format_element('div', [ |
||
22 | 'class' => 'elgg-divide-left plm', |
||
23 | ], elgg_echo('admin:security:settings:protect_upgrade:token') . $url); |
||
24 | } |
||
25 | |||
26 | // protect /cron |
||
27 | $protect_cron = (bool) get_config('security_protect_cron'); |
||
0 ignored issues
–
show
The function
get_config() has been deprecated with message: Use elgg_get_config()
This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.
Loading history...
|
|||
28 | $hardening .= elgg_view_field([ |
||
29 | '#type' => 'checkbox', |
||
30 | 'label' => elgg_echo('admin:security:settings:protect_cron'), |
||
31 | '#help' => elgg_echo('admin:security:settings:protect_cron:help'), |
||
32 | 'name' => 'security_protect_cron', |
||
33 | 'default' => 0, |
||
34 | 'value' => 1, |
||
35 | 'switch' => true, |
||
36 | 'checked' => $protect_cron, |
||
37 | ]); |
||
38 | if ($protect_cron) { |
||
39 | $periods = elgg_get_config('elgg_cron_periods'); |
||
40 | $rows = []; |
||
41 | |||
42 | // header for table |
||
43 | $cells = []; |
||
44 | $cells[] = elgg_format_element('th', [], elgg_echo('admin:cron:period')); |
||
45 | $cells[] = elgg_format_element('th', [], 'URL'); |
||
46 | |||
47 | $rows[] = elgg_format_element('tr', [], implode('', $cells)); |
||
48 | |||
49 | // add inverval urls |
||
50 | foreach ($periods as $period) { |
||
51 | $cells = []; |
||
52 | |||
53 | $cells[] = elgg_format_element('td', [], elgg_echo("interval:{$period}")); |
||
54 | $cells[] = elgg_format_element('td', [], elgg_http_get_signed_url("cron/{$period}")); |
||
55 | |||
56 | $rows[] = elgg_format_element('tr', [], implode('', $cells)); |
||
57 | } |
||
58 | |||
59 | // cron url table |
||
60 | $table = elgg_format_element('table', [ |
||
61 | 'id' => 'security-cron-urls', |
||
62 | 'class' => 'elgg-table mvm hidden', |
||
63 | ], implode('', $rows)); |
||
64 | |||
65 | $content = elgg_echo('admin:security:settings:protect_cron:token'); |
||
66 | $content .= ' ' . elgg_view('output/url', [ |
||
67 | 'text' => elgg_echo('admin:security:settings:protect_cron:toggle'), |
||
68 | 'href' => '#security-cron-urls', |
||
69 | 'rel' => 'toggle', |
||
70 | ]); |
||
71 | $content .= $table; |
||
72 | |||
73 | $hardening .= elgg_format_element('div', [ |
||
74 | 'class' => 'elgg-divide-left plm mbm', |
||
75 | ], $content); |
||
76 | } |
||
77 | |||
78 | // disable autocomplete on password forms |
||
79 | $hardening .= elgg_view_field([ |
||
80 | '#type' => 'checkbox', |
||
81 | 'label' => elgg_echo('admin:security:settings:disable_password_autocomplete'), |
||
82 | '#help' => elgg_echo('admin:security:settings:disable_password_autocomplete:help'), |
||
83 | 'name' => 'security_disable_password_autocomplete', |
||
84 | 'default' => 0, |
||
85 | 'value' => 1, |
||
86 | 'switch' => true, |
||
87 | 'checked' => (bool) get_config('security_disable_password_autocomplete'), |
||
0 ignored issues
–
show
The function
get_config() has been deprecated with message: Use elgg_get_config()
This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.
Loading history...
|
|||
88 | ]); |
||
89 | |||
90 | // require password the changing email address |
||
91 | $hardening .= elgg_view_field([ |
||
92 | '#type' => 'checkbox', |
||
93 | 'label' => elgg_echo('admin:security:settings:email_require_password'), |
||
94 | '#help' => elgg_echo('admin:security:settings:email_require_password:help'), |
||
95 | 'name' => 'security_email_require_password', |
||
96 | 'default' => 0, |
||
97 | 'value' => 1, |
||
98 | 'switch' => true, |
||
99 | 'checked' => (bool) get_config('security_email_require_password'), |
||
0 ignored issues
–
show
The function
get_config() has been deprecated with message: Use elgg_get_config()
This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.
Loading history...
|
|||
100 | ]); |
||
101 | |||
102 | // allow others to extend this section |
||
103 | $hardening .= elgg_view('admin/security/settings/extend/hardening'); |
||
104 | |||
105 | echo elgg_view_module('inline', elgg_echo('admin:security:settings:label:hardening'), $hardening); |
||
106 | |||
107 | // notifications |
||
108 | $notifications = ''; |
||
109 | // notify admins about add/remove of another admin |
||
110 | $notifications .= elgg_view_field([ |
||
111 | '#type' => 'checkbox', |
||
112 | 'label' => elgg_echo('admin:security:settings:notify_admins'), |
||
113 | '#help' => elgg_echo('admin:security:settings:notify_admins:help'), |
||
114 | 'name' => 'security_notify_admins', |
||
115 | 'default' => 0, |
||
116 | 'value' => 1, |
||
117 | 'switch' => true, |
||
118 | 'checked' => (bool) get_config('security_notify_admins'), |
||
0 ignored issues
–
show
The function
get_config() has been deprecated with message: Use elgg_get_config()
This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.
Loading history...
|
|||
119 | ]); |
||
120 | |||
121 | // notify user about add/remove admin of his/her account |
||
122 | $notifications .= elgg_view_field([ |
||
123 | '#type' => 'checkbox', |
||
124 | 'label' => elgg_echo('admin:security:settings:notify_user_admin'), |
||
125 | '#help' => elgg_echo('admin:security:settings:notify_user_admin:help'), |
||
126 | 'name' => 'security_notify_user_admin', |
||
127 | 'default' => 0, |
||
128 | 'value' => 1, |
||
129 | 'switch' => true, |
||
130 | 'checked' => (bool) get_config('security_notify_user_admin'), |
||
0 ignored issues
–
show
The function
get_config() has been deprecated with message: Use elgg_get_config()
This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.
Loading history...
|
|||
131 | ]); |
||
132 | |||
133 | // notify user about (un)ban of his/her account |
||
134 | $notifications .= elgg_view_field([ |
||
135 | '#type' => 'checkbox', |
||
136 | 'label' => elgg_echo('admin:security:settings:notify_user_ban'), |
||
137 | '#help' => elgg_echo('admin:security:settings:notify_user_ban:help'), |
||
138 | 'name' => 'security_notify_user_ban', |
||
139 | 'default' => 0, |
||
140 | 'value' => 1, |
||
141 | 'switch' => true, |
||
142 | 'checked' => (bool) get_config('security_notify_user_ban'), |
||
0 ignored issues
–
show
The function
get_config() has been deprecated with message: Use elgg_get_config()
This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.
Loading history...
|
|||
143 | ]); |
||
144 | |||
145 | // allow others to extend this section |
||
146 | $notifications .= elgg_view('admin/security/settings/extend/notification'); |
||
147 | |||
148 | echo elgg_view_module('inline', elgg_echo('admin:security:settings:label:notifications'), $notifications); |
||
149 | |||
150 | // footer |
||
151 | $footer = elgg_view_field([ |
||
152 | '#type' => 'submit', |
||
153 | 'value' => elgg_echo('save'), |
||
154 | ]); |
||
155 | |||
156 | elgg_set_form_footer($footer); |
||
157 |
This function has been deprecated. The supplier of the file has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.