From 6e24ee48d4564991dfef8f31ac7ddd877e84af64 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 6 Jul 2021 02:07:58 +0200 Subject: [PATCH] Debug security page --- htdocs/admin/system/security.php | 107 ++++++++++++++++++------------- htdocs/langs/en_US/admin.lang | 3 +- 2 files changed, 66 insertions(+), 44 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 0b2f2678521..c4140cfe416 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -251,7 +251,7 @@ print '
'; if (empty($conf->global->SECURITY_DISABLE_TEST_ON_OBFUSCATED_CONF)) { print '$dolibarr_main_db_pass: '; if (!empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass)) { - print img_picto('', 'warning').' '.$langs->trans("DatabasePasswordNotObfuscated").'   ('.$langs->trans("Recommanded").': '.$langs->trans("SetOptionTo", $langs->transnoentitiesnoconv("MainDbPasswordFileConfEncrypted"), yn(1)).')'; + print img_picto('', 'warning').' '.$langs->trans("DatabasePasswordNotObfuscated").'   ('.$langs->trans("Recommended").': '.$langs->trans("SetOptionTo", $langs->transnoentitiesnoconv("MainDbPasswordFileConfEncrypted"), yn(1)).')'; //print ' ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("IPsOfUsers")).')'; } else { print img_picto('', 'tick').' '.$langs->trans("DatabasePasswordObfuscated"); @@ -267,49 +267,14 @@ if (empty($conf->global->SECURITY_DISABLE_TEST_ON_OBFUSCATED_CONF)) { print '
'; print '
'; print '
'; -print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup").' + '.$langs->trans("OtherSetup"), '', 'folder'); -//print ''.$langs->trans("PasswordEncryption").': '; -print 'MAIN_SECURITY_HASH_ALGO = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_HASH_ALGO)."   "; -if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) { - print '     If unset: \'md5\''; -} -if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { - print '
MAIN_SECURITY_SALT = '.(empty($conf->global->MAIN_SECURITY_SALT) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_SALT).'
'; -} else { - print '('.$langs->trans("Recommanded").': password_hash)'; - print '
'; -} -if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { - print '
The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.
'; - print 'If you really want to switch, you must:
'; - print '- Go on home - setup - other and add constant MAIN_SECURITY_HASH_ALGO to value \'password_hash\'
'; - print '- In same session, WITHOUT LOGGING OUT, go into your admin user record and set a new password
'; - print '- You can now logout and login with this new password. You must now reset password of all other users.
'; - print '

'; -} +print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup"), '', 'folder'); + + +print ''.$langs->trans("UseCaptchaCode").': '; +print empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) ? '' : img_picto('', 'tick').' '; +print yn(empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) ? 0 : 1); print '
'; - - -print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Example").': static-ips-of-server - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
"; -print '
'; - -print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0   ('.$langs->trans("Recommanded").': 0)' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."
"; -print '
'; - -print 'MAIN_EXEC_USE_POPEN = '; -if (empty($conf->global->MAIN_EXEC_USE_POPEN)) { - print ''.$langs->trans("Undefined").''; -} else { - print $conf->global->MAIN_EXEC_USE_POPEN; -} -if ($execmethod == 1) { - print '   ("exec" PHP method will be used for shell commands)'; -} -if ($execmethod == 2) { - print '   ("popen" PHP method will be used for shell commands)'; -} -print "
"; print '
'; @@ -354,6 +319,62 @@ if (empty($out)) { } print '
'; +print '
'; +print '
'; +print '
'; + + +print load_fiche_titre($langs->trans("OtherSetup").' ('.$langs->trans("Experimental").')', '', 'folder'); + + +//print ''.$langs->trans("PasswordEncryption").': '; +print 'MAIN_SECURITY_HASH_ALGO = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_HASH_ALGO)."   "; +if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) { + print '     If unset: \'md5\''; +} +if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { + print '
MAIN_SECURITY_SALT = '.(empty($conf->global->MAIN_SECURITY_SALT) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_SALT).'
'; +} else { + print '('.$langs->trans("Recommanded").': password_hash)'; + print '
'; +} +if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { + print '
The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.
'; + print 'If you really want to switch, you must:
'; + print '- Go on home - setup - other and add constant MAIN_SECURITY_HASH_ALGO to value \'password_hash\'
'; + print '- In same session, WITHOUT LOGGING OUT, go into your admin user record and set a new password
'; + print '- You can now logout and login with this new password. You must now reset password of all other users.
'; + print '

'; +} +print '
'; + +print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Example").': static-ips-of-server - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
"; +print '
'; + +print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0   ('.$langs->trans("Recommanded").': 0)' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."
"; +print '
'; + +print 'MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : '')."
"; +print '
'; + +print 'MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommanded").': 1)' : '')."
"; +print '
'; + +print 'MAIN_EXEC_USE_POPEN = '; +if (empty($conf->global->MAIN_EXEC_USE_POPEN)) { + print ''.$langs->trans("Undefined").''; +} else { + print $conf->global->MAIN_EXEC_USE_POPEN; +} +if ($execmethod == 1) { + print '   ("exec" PHP method will be used for shell commands)'; +} +if ($execmethod == 2) { + print '   ("popen" PHP method will be used for shell commands)'; +} +print "
"; +print '
'; + // Modules/Applications @@ -405,7 +426,7 @@ if (empty($conf->api->enabled) && empty($conf->webservices->enabled)) { print '
'; } if (!empty($conf->api->enabled)) { - print 'API_ENDPOINT_RULES = '.(empty($conf->global->API_ENDPOINT_RULES) ? ''.$langs->trans("Undefined").'' : $conf->global->API_ENDPOINT_RULES)."
\n"; + print 'API_ENDPOINT_RULES = '.(empty($conf->global->API_ENDPOINT_RULES) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Example").': endpoint1:1,endpoint2:1,...)' : $conf->global->API_ENDPOINT_RULES)."
\n"; print '
'; } } diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 0e357e27577..0c15369a0a9 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2134,7 +2134,8 @@ IfCLINotRequiredYouShouldDisablePHPFunctions=Except if you need to run system co PHPFunctionsRequiredForCLI=For shell purpose (like scheduled job backup or running an anitivurs program), you must keep PHP functions NoWritableFilesFoundIntoRootDir=No writable files or directories of the common programs were found into your root directory (Good) RecommendedValueIs=Recommended: %s -NotRecommended=Not recommanded +Recommended=Recommended +NotRecommended=Not recommended ARestrictedPath=A restricted path CheckForModuleUpdate=Check for external modules updates CheckForModuleUpdateHelp=This action will connect to editors of external modules to check if a new version is available.