diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 745b732b6e1..e05fc01fd82 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -25,6 +25,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/memory.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/events.class.php'; // Load translation files required by the page @@ -54,7 +55,12 @@ print load_fiche_titre($langs->trans("PHPSetup"), '', 'folder'); // Get version of PHP $phpversion = version_php(); -print "PHP - ".$langs->trans("Version").": ".$phpversion."
\n"; +print "PHP: ".$langs->trans("Version").": ".$phpversion; +if (function_exists('php_ini_loaded_file')) { + $inipath = php_ini_loaded_file(); + print " - INI: ".$inipath; +} +print "
\n"; // Get versionof web server print "
Web server - ".$langs->trans("Version").": ".$_SERVER["SERVER_SOFTWARE"]."
\n"; @@ -62,6 +68,35 @@ print '
'; print "PHP safe_mode = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0))."
\n"; print "PHP open_basedir = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0))."
\n"; +print "PHP allow_url_fopen = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0))."
\n"; +print "PHP allow_url_include = ".(ini_get('allow_url_include') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_include') : yn(0))."
\n"; +print "PHP disable_functions = "; +$arrayoffunctionsdisabled = explode(',', ini_get('disable_functions')); +$arrayoffunctionstodisable = explode(',', 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals'); +$arrayoffunctionstodisable2 = explode(',', 'exec,passthru,shell_exec,system,proc_open,popen'); +print join(', ', $arrayoffunctionsdisabled); +print "
\n"; +$todisabletext = ''; +foreach ($arrayoffunctionstodisable as $functiontodisable) { + if (! in_array($functiontodisable, $arrayoffunctionsdisabled)) { + $todisabletext .= img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.$functiontodisable; + } +} +if ($todisabletext) { + print $langs->trans("YouShouldDisablePHPFunctions").': '.$todisabletext; + print '
'; +} +$todisabletext = ''; +foreach ($arrayoffunctionstodisable2 as $functiontodisable) { + if (! in_array($functiontodisable, $arrayoffunctionsdisabled)) { + $todisabletext .= img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.$functiontodisable; + } +} +if ($todisabletext) { + print $langs->trans("IfCLINotRequiredYouShouldDisablePHPFunctions").': '.$todisabletext; + print '
'; +} + print '
'; // XDebug @@ -110,6 +145,14 @@ $perms = fileperms($dolibarr_main_document_root.'/'.$conffile); if ($perms) { if (($perms & 0x0004) || ($perms & 0x0002)) { print img_warning().' '.$langs->trans("ConfFileIsReadableOrWritableByAnyUsers"); + // Web user group by default + $labeluser = dol_getwebuser('user'); + $labelgroup = dol_getwebuser('group'); + print ' '.$langs->trans("User").': '.$labeluser.':'.$labelgroup; + if (function_exists('posix_geteuid') && function_exists('posix_getpwuid')) { + $arrayofinfoofuser = posix_getpwuid(posix_geteuid()); + print ' (POSIX '.$arrayofinfoofuser['name'].':'.$arrayofinfoofuser['gecos'].':'.$arrayofinfoofuser['dir'].':'.$arrayofinfoofuser['shell'].')'; + } } else { print img_picto('', 'tick'); } diff --git a/htdocs/admin/system/web.php b/htdocs/admin/system/web.php index 9c54b60f900..93af0097087 100644 --- a/htdocs/admin/system/web.php +++ b/htdocs/admin/system/web.php @@ -59,13 +59,20 @@ print ''.$langs->trans("DataRootServer")."".DOL_DATA_ROOT."'.$langs->trans("WebUserGroup")." (env vars)".$labeluser.'/'.$labelgroup."\n"; + print ''.$langs->trans("WebUserGroup")." (env vars)".$labeluser.':'.$labelgroup; + if (function_exists('posix_geteuid') && function_exists('posix_getpwuid')) { + $arrayofinfoofuser = posix_getpwuid(posix_geteuid()); + print ' (POSIX '.$arrayofinfoofuser['name'].':'.$arrayofinfoofuser['gecos'].':'.$arrayofinfoofuser['dir'].':'.$arrayofinfoofuser['shell'].')'; + } + print "\n"; } // Web user group real (detected by 'id' external command) -$arrayout = array(); $varout = 0; -exec('id', $arrayout, $varout); -if (empty($varout)) { // Test command is ok. Work only on Linux OS. - print ''.$langs->trans("WebUserGroup")." (real, 'id' command)".join(',', $arrayout)."\n"; +if (function_exists('exec')) { + $arrayout = array(); $varout = 0; + exec('id', $arrayout, $varout); + if (empty($varout)) { // Test command is ok. Work only on Linux OS. + print ''.$langs->trans("WebUserGroup")." (real, 'id' command)".join(',', $arrayout)."\n"; + } } print ''; print ''; diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index d7c2132a5e9..1f99e51c45b 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2110,3 +2110,5 @@ AdvancedModeOnly=Permision available in Advanced permission mode only ConfFileIsReadableOrWritableByAnyUsers=The conf file is reabable or writable by any users. Give permission to web server user and group only. MailToSendEventOrganization=Event Organization AGENDA_EVENT_DEFAULT_STATUS=Default event status when creating a event from the form +YouShouldDisablePHPFunctions=You should disable PHP functions +IfCLINotRequiredYouShouldDisablePHPFunctions=Except if you need to run system commands (for the module Scheduled job for example), you shoud disable PHP functions \ No newline at end of file