|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
/* |
|
6
|
|
|
* This file is part of the Zikula package. |
|
7
|
|
|
* |
|
8
|
|
|
* Copyright Zikula Foundation - https://ziku.la/ |
|
9
|
|
|
* |
|
10
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
11
|
|
|
* file that was distributed with this source code. |
|
12
|
|
|
*/ |
|
13
|
|
|
|
|
14
|
|
|
namespace Zikula\SecurityCenterModule; |
|
15
|
|
|
|
|
16
|
|
|
use Doctrine\Persistence\ManagerRegistry; |
|
17
|
|
|
use Exception; |
|
18
|
|
|
use Symfony\Component\HttpFoundation\RequestStack; |
|
19
|
|
|
use Symfony\Contracts\Translation\TranslatorInterface; |
|
20
|
|
|
use Zikula\Bundle\CoreBundle\CacheClearer; |
|
21
|
|
|
use Zikula\Bundle\CoreBundle\Doctrine\Helper\SchemaHelper; |
|
22
|
|
|
use Zikula\Bundle\CoreBundle\DynamicConfigDumper; |
|
23
|
|
|
use Zikula\Bundle\CoreBundle\HttpKernel\ZikulaKernel; |
|
24
|
|
|
use Zikula\ExtensionsModule\AbstractExtension; |
|
25
|
|
|
use Zikula\ExtensionsModule\Api\ApiInterface\VariableApiInterface; |
|
26
|
|
|
use Zikula\ExtensionsModule\Api\VariableApi; |
|
27
|
|
|
use Zikula\ExtensionsModule\Installer\AbstractExtensionInstaller; |
|
28
|
|
|
use Zikula\SecurityCenterModule\Entity\IntrusionEntity; |
|
29
|
|
|
use Zikula\SecurityCenterModule\Helper\PurifierHelper; |
|
30
|
|
|
use Zikula\SecurityCenterModule\Helper\HtmlTagsHelper; |
|
31
|
|
|
|
|
32
|
|
|
/** |
|
33
|
|
|
* Installation routines for the security center module. |
|
34
|
|
|
*/ |
|
35
|
|
|
class SecurityCenterModuleInstaller extends AbstractExtensionInstaller |
|
36
|
|
|
{ |
|
37
|
|
|
/** |
|
38
|
|
|
* @var DynamicConfigDumper |
|
39
|
|
|
*/ |
|
40
|
|
|
private $configDumper; |
|
41
|
|
|
|
|
42
|
|
|
/** |
|
43
|
|
|
* @var CacheClearer |
|
44
|
|
|
*/ |
|
45
|
|
|
private $cacheClearer; |
|
46
|
|
|
|
|
47
|
|
|
/** |
|
48
|
|
|
* @var PurifierHelper |
|
49
|
|
|
*/ |
|
50
|
|
|
private $purifierHelper; |
|
51
|
|
|
|
|
52
|
|
|
/** |
|
53
|
|
|
* @var HtmlTagsHelper |
|
54
|
|
|
*/ |
|
55
|
|
|
private $htmlTagsHelper; |
|
56
|
|
|
|
|
57
|
|
|
public function __construct( |
|
58
|
|
|
DynamicConfigDumper $configDumper, |
|
59
|
|
|
CacheClearer $cacheClearer, |
|
60
|
|
|
PurifierHelper $purifierHelper, |
|
61
|
|
|
AbstractExtension $extension, |
|
62
|
|
|
ManagerRegistry $managerRegistry, |
|
63
|
|
|
SchemaHelper $schemaTool, |
|
64
|
|
|
RequestStack $requestStack, |
|
65
|
|
|
TranslatorInterface $translator, |
|
66
|
|
|
VariableApiInterface $variableApi, |
|
67
|
|
|
HtmlTagsHelper $htmlTagsHelper |
|
68
|
|
|
) { |
|
69
|
|
|
$this->configDumper = $configDumper; |
|
70
|
|
|
$this->cacheClearer = $cacheClearer; |
|
71
|
|
|
$this->purifierHelper = $purifierHelper; |
|
72
|
|
|
$this->htmlTagsHelper = $htmlTagsHelper; |
|
73
|
|
|
parent::__construct($extension, $managerRegistry, $schemaTool, $requestStack, $translator, $variableApi); |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
|
|
public function install(): bool |
|
77
|
|
|
{ |
|
78
|
|
|
// create the table |
|
79
|
|
|
try { |
|
80
|
|
|
$this->schemaTool->create([ |
|
81
|
|
|
IntrusionEntity::class |
|
82
|
|
|
]); |
|
83
|
|
|
} catch (Exception $exception) { |
|
84
|
|
|
return false; |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
// Set up an initial value for a module variable. |
|
88
|
|
|
$this->setVar('itemsperpage', 10); |
|
89
|
|
|
|
|
90
|
|
|
// We use config vars for the rest of the configuration as config vars |
|
91
|
|
|
$this->setSystemVar('updatecheck', 1); |
|
92
|
|
|
$this->setSystemVar('updatefrequency', 7); |
|
93
|
|
|
$this->setSystemVar('updatelastchecked', 0); |
|
94
|
|
|
$this->setSystemVar('updateversion', ZikulaKernel::VERSION); |
|
95
|
|
|
$this->setSystemVar('seclevel', 'Medium'); |
|
96
|
|
|
$this->setSystemVar('secmeddays', 7); |
|
97
|
|
|
$this->setSystemVar('secinactivemins', 20); |
|
98
|
|
|
$this->setSystemVar('sessionstoretofile', Constant::SESSION_STORAGE_FILE); |
|
99
|
|
|
$this->setSystemVar('sessionsavepath'); |
|
100
|
|
|
$this->setSystemVar('gc_probability', 100); |
|
101
|
|
|
$this->setSystemVar('sessionregenerate', 1); |
|
102
|
|
|
$this->setSystemVar('sessionregeneratefreq', 10); |
|
103
|
|
|
$this->setSystemVar('sessionname', '_zsid'); |
|
104
|
|
|
|
|
105
|
|
|
$this->setSystemVar('filtergetvars', 1); |
|
106
|
|
|
$this->setSystemVar('filterpostvars', 1); |
|
107
|
|
|
$this->setSystemVar('filtercookievars', 1); |
|
108
|
|
|
|
|
109
|
|
|
// HTML Purifier cache dir |
|
110
|
|
|
$this->cacheClearer->clear('purifier'); |
|
111
|
|
|
|
|
112
|
|
|
// HTML Purifier default settings |
|
113
|
|
|
$purifierDefaultConfig = $this->purifierHelper->getPurifierConfig(['forcedefault' => true]); |
|
114
|
|
|
$this->setVar('htmlpurifierConfig', serialize($purifierDefaultConfig)); |
|
115
|
|
|
|
|
116
|
|
|
// create vars for phpids usage |
|
117
|
|
|
$this->setSystemVar('useids', 0); |
|
118
|
|
|
$this->setSystemVar('idsmail', 0); |
|
119
|
|
|
$this->setSystemVar('idsrulepath', 'system/SecurityCenterModule/Resources/config/phpids_zikula_default.xml'); |
|
120
|
|
|
$this->setSystemVar('idssoftblock', 1); // do not block requests, but warn for debugging |
|
121
|
|
|
$this->setSystemVar('idsfilter', 'xml'); // filter type |
|
122
|
|
|
$this->setSystemVar('idsimpactthresholdone', 1); // db logging |
|
123
|
|
|
$this->setSystemVar('idsimpactthresholdtwo', 10); // mail admin |
|
124
|
|
|
$this->setSystemVar('idsimpactthresholdthree', 25); // block request |
|
125
|
|
|
$this->setSystemVar('idsimpactthresholdfour', 75); // kick user, destroy session |
|
126
|
|
|
$this->setSystemVar('idsimpactmode', 1); // per request per default |
|
127
|
|
|
$this->setSystemVar('idshtmlfields', ['POST.__wysiwyg']); |
|
128
|
|
|
$this->setSystemVar('idsjsonfields', ['POST.__jsondata']); |
|
129
|
|
|
$this->setSystemVar('idsexceptions', [ |
|
130
|
|
|
'GET.__utmz', |
|
131
|
|
|
'GET.__utmc', |
|
132
|
|
|
'REQUEST.linksorder', 'POST.linksorder', |
|
133
|
|
|
'REQUEST.fullcontent', 'POST.fullcontent', |
|
134
|
|
|
'REQUEST.summarycontent', 'POST.summarycontent', |
|
135
|
|
|
'REQUEST.filter.page', 'POST.filter.page', |
|
136
|
|
|
'REQUEST.filter.value', 'POST.filter.value' |
|
137
|
|
|
]); |
|
138
|
|
|
$this->setSystemVar('outputfilter', 1); |
|
139
|
|
|
|
|
140
|
|
|
$this->setSystemVar('htmlentities', 1); |
|
141
|
|
|
$this->setSystemVar('AllowableHTML', $this->htmlTagsHelper->getDefaultValues()); |
|
142
|
|
|
|
|
143
|
|
|
// Initialisation successful |
|
144
|
|
|
return true; |
|
145
|
|
|
} |
|
146
|
|
|
|
|
147
|
|
|
public function upgrade(string $oldVersion): bool |
|
148
|
|
|
{ |
|
149
|
|
|
switch ($oldVersion) { |
|
150
|
|
|
case '1.5.0': |
|
151
|
|
|
// avoid storing absolute pathes in module vars |
|
152
|
|
|
|
|
153
|
|
|
// delete obsolete variable |
|
154
|
|
|
$this->getVariableApi()->del(VariableApi::CONFIG, 'htmlpurifierlocation'); |
|
155
|
|
|
|
|
156
|
|
|
// only update this value if it has not been customised |
|
157
|
|
|
if (false !== mb_strpos($this->getVariableApi()->get(VariableApi::CONFIG, 'idsrulepath'), 'phpids_zikula_default')) { |
|
|
|
|
|
|
158
|
|
|
$this->setSystemVar('idsrulepath', 'system/SecurityCenterModule/Resources/config/phpids_zikula_default.xml'); |
|
159
|
|
|
} |
|
160
|
|
|
case '1.5.1': |
|
161
|
|
|
// set the session information in /config/dynamic/generated.yaml |
|
162
|
|
|
$sessionStoreToFile = $this->getVariableApi()->getSystemVar('sessionstoretofile', Constant::SESSION_STORAGE_DATABASE); |
|
163
|
|
|
$sessionHandlerId = Constant::SESSION_STORAGE_FILE === $sessionStoreToFile ? 'session.handler.native_file' : 'zikula_core.bridge.http_foundation.doctrine_session_handler'; |
|
164
|
|
|
$this->configDumper->setParameter('zikula.session.handler_id', $sessionHandlerId); |
|
165
|
|
|
$sessionStorageId = Constant::SESSION_STORAGE_FILE === $sessionStoreToFile ? 'zikula_core.bridge.http_foundation.zikula_session_storage_file' : 'zikula_core.bridge.http_foundation.zikula_session_storage_doctrine'; |
|
166
|
|
|
$this->configDumper->setParameter('zikula.session.storage_id', $sessionStorageId); // Symfony default is 'session.storage.native' |
|
167
|
|
|
$sessionSavePath = $this->getVariableApi()->getSystemVar('sessionsavepath', ''); |
|
168
|
|
|
$zikulaSessionSavePath = empty($sessionSavePath) ? '%kernel.cache_dir%/sessions' : $sessionSavePath; |
|
169
|
|
|
$this->configDumper->setParameter('zikula.session.save_path', $zikulaSessionSavePath); |
|
170
|
|
|
case '1.5.2': |
|
171
|
|
|
$varsToRemove = [ |
|
172
|
|
|
'secure_domain', |
|
173
|
|
|
'signcookies', |
|
174
|
|
|
'signingkey', |
|
175
|
|
|
'sessioncsrftokenonetime', |
|
176
|
|
|
'sessionipcheck', |
|
177
|
|
|
'keyexpiry', |
|
178
|
|
|
'sessionauthkeyua', |
|
179
|
|
|
'gc_probability', |
|
180
|
|
|
'sessionrandregenerate', |
|
181
|
|
|
'sessionregenerate', |
|
182
|
|
|
'sessionregeneratefreq' |
|
183
|
|
|
]; |
|
184
|
|
|
foreach ($varsToRemove as $varName) { |
|
185
|
|
|
$this->getVariableApi()->del(VariableApi::CONFIG, $varName); |
|
186
|
|
|
} |
|
187
|
|
|
case '1.5.3': |
|
188
|
|
|
// current version |
|
189
|
|
|
} |
|
190
|
|
|
|
|
191
|
|
|
// Update successful |
|
192
|
|
|
return true; |
|
193
|
|
|
} |
|
194
|
|
|
|
|
195
|
|
|
public function uninstall(): bool |
|
196
|
|
|
{ |
|
197
|
|
|
// this module can't be uninstalled |
|
198
|
|
|
return false; |
|
199
|
|
|
} |
|
200
|
|
|
|
|
201
|
|
|
private function setSystemVar(string $name, $value = ''): bool |
|
202
|
|
|
{ |
|
203
|
|
|
return $this->getVariableApi()->set(VariableApi::CONFIG, $name, $value); |
|
204
|
|
|
} |
|
205
|
|
|
} |
|
206
|
|
|
|
zikula /
core
Loading history...