/**
* Constructor. Starts PHP session handling in our own private store
*
* Side-effect: might set a cookie, so must be called before any other output.
*/
public function __construct()
{
$this->typo3tempPath = PATH_site . 'typo3temp/';
// Start our PHP session early so that hasSession() works
$sessionSavePath = $this->getSessionSavePath();
// Register our "save" session handler
session_set_save_handler(array($this, 'open'), array($this, 'close'), array($this, 'read'), array($this, 'write'), array($this, 'destroy'), array($this, 'gc'));
session_save_path($sessionSavePath);
session_name($this->cookieName);
ini_set('session.cookie_path', GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
// Always call the garbage collector to clean up stale session files
ini_set('session.gc_probability', 100);
ini_set('session.gc_divisor', 100);
ini_set('session.gc_maxlifetime', $this->expireTimeInMinutes * 2 * 60);
if (\TYPO3\CMS\Core\Utility\PhpOptionsUtility::isSessionAutoStartEnabled()) {
$sessionCreationError = 'Error: session.auto-start is enabled.<br />';
$sessionCreationError .= 'The PHP option session.auto-start is enabled. Disable this option in php.ini or .htaccess:<br />';
$sessionCreationError .= '<pre>php_value session.auto_start Off</pre>';
throw new \TYPO3\CMS\Install\Exception($sessionCreationError, 1294587485);
} elseif (defined('SID')) {
$sessionCreationError = 'Session already started by session_start().<br />';
$sessionCreationError .= 'Make sure no installed extension is starting a session in its ext_localconf.php or ext_tables.php.';
throw new \TYPO3\CMS\Install\Exception($sessionCreationError, 1294587486);
}
session_start();
}
/**
* Checking php.ini configuration and set appropriate messages and flags.
*
* @return void
* @todo Define visibility
*/
public function checkConfiguration()
{
$ext = 'php.ini configuration checked';
$this->message($ext);
// *****************
// Incoming values:
// *****************
// Includepath
$incPaths = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(TYPO3_OS == 'WIN' ? ';' : ':', ini_get('include_path'));
if (!in_array('.', $incPaths)) {
$this->message($ext, 'Current directory (./) is not in include path!', '
<p>
<em>include_path=' . ini_get('include_path') . '</em>
<br />
Normally the current path, \'.\', is included in the
include_path of PHP. Although TYPO3 does not rely on this,
it is an unusual setting that may introduce problems for
some extensions.
</p>
', 1);
} else {
$this->message($ext, 'Current directory in include path', '', -1);
}
// *****************
// File uploads
// *****************
if (!ini_get('file_uploads')) {
$this->message($ext, 'File uploads not allowed', '
<p>
<em>file_uploads=' . ini_get('file_uploads') . '</em>
<br />
TYPO3 uses the ability to upload files from the browser in
various cases.
<br />
As long as this flag is disabled, you\'ll not be able to
upload files.
<br />
But it doesn\'t end here, because not only are files not
accepted by the server - ALL content in the forms are
discarded and therefore nothing at all will be editable
if you don\'t set this flag!
<br />
However if you cannot enable fileupload for some reason
alternatively you change the default form encoding value
with \\$TYPO3_CONF_VARS[SYS][form_enctype].
</p>
', 3);
} else {
$this->message($ext, 'File uploads allowed', '', -1);
}
$upload_max_filesize = \TYPO3\CMS\Core\Utility\GeneralUtility::getBytesFromSizeMeasurement(ini_get('upload_max_filesize'));
$post_max_size = \TYPO3\CMS\Core\Utility\GeneralUtility::getBytesFromSizeMeasurement(ini_get('post_max_size'));
if ($upload_max_filesize < 1024 * 1024 * 10) {
$this->message($ext, 'Maximum upload filesize too small?', '
<p>
<em>upload_max_filesize=' . ini_get('upload_max_filesize') . '</em>
<br />
By default TYPO3 supports uploading, copying and moving
files of sizes up to 10MB (You can alter the TYPO3 defaults
by the config option TYPO3_CONF_VARS[BE][maxFileSize]).
<br />
Your current value is below this, so at this point, PHP sets
the limits for uploaded filesizes and not TYPO3.
<br />
<strong>Notice:</strong> The limits for filesizes attached
to database records are set in the tables.php configuration
files (\\$TCA) for each group/file field. You may override
these values in the local configuration or by page TSconfig settings.
</p>
', 1);
}
if ($upload_max_filesize > $post_max_size) {
$this->message($ext, 'Maximum size for POST requests is smaller than max. upload filesize', '
<p>
<em>upload_max_filesize=' . ini_get('upload_max_filesize') . '
, post_max_size=' . ini_get('post_max_size') . '</em>
<br />
You have defined a maximum size for file uploads which
exceeds the allowed size for POST requests. Therefore the
file uploads can not be larger than ' . ini_get('post_max_size') . '
</p>
', 1);
}
// *****************
// Memory and functions
// *****************
$memory_limit_value = \TYPO3\CMS\Core\Utility\GeneralUtility::getBytesFromSizeMeasurement(ini_get('memory_limit'));
if ($memory_limit_value <= 0) {
$this->message($ext, 'Unlimited memory limit!', '<p>Your webserver is configured to not limit PHP memory usage at all. This is a risk
and should be avoided in production setup. In general it\'s best practice to limit this
in the configuration of your webserver. To be safe, ask the system administrator of the
webserver to raise the limit to something over ' . TYPO3_REQUIREMENTS_MINIMUM_PHP_MEMORY_LIMIT . '.</p>', 2);
} elseif ($memory_limit_value < \TYPO3\CMS\Core\Utility\GeneralUtility::getBytesFromSizeMeasurement(TYPO3_REQUIREMENTS_MINIMUM_PHP_MEMORY_LIMIT)) {
$this->message($ext, 'Memory limit below ' . TYPO3_REQUIREMENTS_MINIMUM_PHP_MEMORY_LIMIT, '
<p>
<em>memory_limit=' . ini_get('memory_limit') . '</em>
<br />
Your system is configured to enforce a memory limit of PHP
scripts lower than ' . TYPO3_REQUIREMENTS_MINIMUM_PHP_MEMORY_LIMIT . '.
The Extension Manager needs to include more PHP-classes than
will fit into this memory space. There is nothing else to do
than raise the limit. To be safe, ask the system
administrator of the webserver to raise the limit to over
' . TYPO3_REQUIREMENTS_MINIMUM_PHP_MEMORY_LIMIT . '.
</p>
', 3);
} else {
$this->message($ext, 'Memory limit: ' . ini_get('memory_limit'), '', -1);
}
if (ini_get('max_execution_time') < 30) {
$this->message($ext, 'Maximum execution time below 30 seconds', '
<p>
<em>max_execution_time=' . ini_get('max_execution_time') . '</em>
<br />
May impose problems if too low.
</p>
', 1);
} else {
$this->message($ext, 'Maximum execution time: ' . ini_get('max_execution_time') . ' seconds', '', -1);
}
if (ini_get('disable_functions')) {
$this->message($ext, 'Functions disabled!', '
<p>
<em>disable_functions=' . ini_get('disable_functions') . '</em>
<br />
The above list of functions are disabled. If TYPO3 use any
of these there might be trouble.
<br />
TYPO3 is designed to use the default set of PHP4.3.0+
functions plus the functions of GDLib.
<br />
Possibly these functions are disabled due to security risks
and most likely the list would include a function like
<em>exec()</em> which is use by TYPO3 to access ImageMagick.
</p>
', 2);
} else {
$this->message($ext, 'Functions disabled: none', '', -1);
}
// Mail tests
if (TYPO3_OS == 'WIN') {
$smtp = ini_get('SMTP');
$bad_smtp = FALSE;
if (!\TYPO3\CMS\Core\Utility\GeneralUtility::validIP($smtp)) {
$smtp_addr = @gethostbyname($smtp);
$bad_smtp = $smtp_addr == $smtp;
} else {
$smtp_addr = $smtp;
}
if (!$smtp || $bad_smtp || !\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger(ini_get('smtp_port'))) {
$this->message($ext, 'Mail configuration is not set correctly', '
<p>
Mail configuration is not set
<br />
PHP mail() function requires SMTP and smtp_port to have
correct values on Windows.
</p>
', 2);
} else {
if (($smtp_addr == '127.0.0.1' || $smtp_addr == '::1') && ($_SERVER['SERVER_ADDR'] == '127.0.0.1' || $_SERVER['SERVER_ADDR'] == '::1')) {
$this->message($ext, 'Mail is configured (potential problem exists!)', '
<p>
<em>SMTP=' . $smtp . '</em> - <strong>Note:</strong>
this server! Are you sure it runs SMTP server?
<br />
<em>smtp_port=' . ini_get('smtp_port') . '</em>
</p>' . $this->check_mail('get_form') . '
', 1);
} else {
$this->message($ext, 'Mail is configured', '
<p>
<em>SMTP=' . $smtp . '</em>
<br />
<em>smtp_port=' . ini_get('smtp_port') . '</em>
</p>' . $this->check_mail('get_form') . '
', -1);
}
}
} elseif (!ini_get('sendmail_path')) {
$this->message($ext, 'Sendmail path not defined!', '
<p>
This may be critical to TYPO3\'s use of the mail() function.
Please be sure that the mail() function in your
php-installation works!
</p>' . $this->check_mail('get_form') . '
', 1);
} else {
list($prg) = explode(' ', ini_get('sendmail_path'));
if (!@is_executable($prg)) {
$this->message($ext, 'Sendmail program not found or not executable?', '
<p>
<em>sendmail_path=' . ini_get('sendmail_path') . '</em>
<br />
This may be critical to TYPO3\'s use of the mail()
function. Please be sure that the mail() function in
your php-installation works!
</p>' . $this->check_mail('get_form') . '
', 1);
} else {
$this->message($ext, 'Sendmail OK', '
<p>
<em>sendmail_path=' . ini_get('sendmail_path') . '</em>
</p>' . $this->check_mail('get_form') . '
', -1);
}
}
// *****************
// Safe mode related
// *****************
if (\TYPO3\CMS\Core\Utility\PhpOptionsUtility::isSafeModeEnabled()) {
$this->message($ext, 'Safe mode turned on', '
<p>
<em>safe_mode=' . ini_get('safe_mode') . '</em>
<br />
In safe_mode PHP is restricted in several ways. This is a
good thing because it adds protection to your (and others)
scripts. But it may also introduce problems. In TYPO3 this
<em>may be</em> a problem in two areas: File administration
and execution of external programs, in particular
ImageMagick.
<br />
If you just ignore this warning, you\'ll most likely find,
that TYPO3 seems to work except from the image-generation.
The problem in that case is that the external ImageMagick
programs are not allowed to be executed from the regular
paths like "/usr/bin/" or "/usr/X11R6/bin/".
<br />
If you use safe_mode with TYPO3, you should disable use of
external programs ([BE][disable_exec_function]=1).
<br />
In safe mode you must ensure that all the php-scripts and
upload folders are owned by the same user.
</p>
<p>
<em>safe_mode_exec_dir=' . ini_get('safe_mode_exec_dir') . '</em>
<br />
If the ImageMagick utilities are located in this directory,
everything is fine. Below on this page, you can see if
ImageMagick is found here. If not, ask you ISP to put the
three ImageMagick programs, \'convert\',
\'combine\'/\'composite\' and \'identify\' there (eg. with
symlinks if Unix server)
</p>
<p>
<strong>Example of safe_mode settings:</strong>
<br />
Set this in the php.ini file:
</p>
<p>
; Safe Mode
<br />
safe_mode = On
<br />
safe_mode_exec_dir = /usr/bin/
</p>
<p>
...and the ImageMagick \'/usr/bin/convert\' will be
executable.
<br />
The last slash is important (..../) and you can only specify
one directory.
</p>
<p>
<strong>Notice: </strong>
<br />
ImageMagick 6 or GraphicsMagick is recommended and the binaries are
normally installed in /usr/bin.
<br />
Paths to ImageMagick are defined in local configuration and may be
something else than /usr/bin/, but this is default for
ImageMagick 6+
</p>
', 2);
if (ini_get('doc_root')) {
$this->message($ext, 'doc_root set', '
<p>
<em>doc_root=' . ini_get('doc_root') . '</em>
<br />
PHP cannot execute scripts outside this directory. If
that is a problem is please correct it.
</p>
', 1);
}
$this->config_array['safemode'] = 1;
} else {
$this->message($ext, 'safe_mode: off', '', -1);
}
if (\TYPO3\CMS\Core\Utility\PhpOptionsUtility::isSqlSafeModeEnabled()) {
$this->message($ext, 'sql.safe_mode is enabled', '
<p>
<em>sql.safe_mode=' . ini_get('sql.safe_mode') . '</em>
<br />
This means that you can only connect to the database with a
username corresponding to the user of the webserver process
or fileowner. Consult your ISP for information about this.
Also see <a href="http://www.wrox.com/Consumer/Store/Books/2963/29632002.htm">
http://www.wrox.com/Consumer/Store/Books/2963/29632002.htm</a>
<br />
The owner of the current file is:
<strong>' . get_current_user() . '</strong>
</p>
', 1);
$this->config_array['sql.safe_mode_user'] = get_current_user();
} else {
$this->message($ext, 'sql.safe_mode: off', '', -1);
}
if (ini_get('open_basedir')) {
$this->message($ext, 'open_basedir set', '
<p>
<em>open_basedir=' . ini_get('open_basedir') . '</em>
<br />
This restricts TYPO3 to open and include files only in this
path. Please make sure that this does not prevent TYPO3 from
running.
<br />
<strong>Notice (UNIX):</strong> Before checking a path
according to open_basedir, PHP resolves all symbolic links.
</p>
', 1);
} else {
$this->message($ext, 'open_basedir: off', '', -1);
}
// Check availability of PHP session support
if (extension_loaded('session')) {
$this->message($ext, 'PHP sessions available', '
<p>
<em>PHP Sessions available</em>
<br />
PHP is compiled with session support and session support is
available.
</p>
', -1);
} else {
$this->message($ext, 'PHP Sessions not available', '
<p>
PHP is not compiled with session support, or session support
is disabled in php.ini.
<br />
TYPO3 needs session support.
</p>
', 3);
}
// Suhosin/Hardened PHP:
$suhosinDescription = '
<p>
Suhosin limits the number of elements that can be submitted in
forms to the server. This will affect for example the
"All configuration" section in the Install Tool or Inline
Relational Record Editing (IRRE) with many child records.
</p>';
if (extension_loaded('suhosin')) {
$suhosinSuggestion = '
<p>
At least a value of 400 is suggested.
</p>
';
$suhosinRequestMaxVars = ini_get('suhosin.request.max_vars');
$suhosinPostMaxVars = ini_get('suhosin.post.max_vars');
$suhosinRequestMaxVarsType = $suhosinRequestMaxVars < 400 ? 2 : -1;
$suhosinPostMaxVarsType = $suhosinPostMaxVars < 400 ? 2 : -1;
$suhosinType = $suhosinRequestMaxVars < 400 || $suhosinPostMaxVars < 400 ? 2 : -1;
$this->message($ext, 'Suhosin/Hardened PHP is loaded', $suhosinDescription, $suhosinType);
$this->message($ext, 'suhosin.request.max_vars: ' . $suhosinRequestMaxVars, $suhosinSuggestion, $suhosinRequestMaxVarsType);
$this->message($ext, 'suhosin.post.max_vars: ' . $suhosinPostMaxVars, $suhosinSuggestion, $suhosinPostMaxVarsType);
} else {
$this->message($ext, 'Suhosin/Hardened PHP is not loaded', $suhosinDescription, 0);
}
// Check for stripped PHPdoc comments that are required to evaluate annotations:
$method = new \ReflectionMethod('TYPO3\\CMS\\Install\\Installer', 'check_mail');
if (strlen($method->getDocComment()) === 0) {
$description = '
<p>
The system extension Extbase evaluates annotations in PHPdoc
comments and thus requires eAccelerator not to strip away
these parts. However, this is currently the only part in the
TYPO3 Core (beside deprecation log and unit tests). If
Extbase is not used, recompiling eAccelerator is not
required at all.
<br/>
<br/>
If you do not want comments to be stripped by eAccelerator,
please recompile with the following configuration setting
(<a href="http://eaccelerator.net/ticket/229" target="_blank">
more details</a>):
<br />
<em>--with-eaccelerator-doc-comment-inclusion</em>
</p>
';
$this->message($ext, 'PHPdoc comments are stripped', $description, 2);
}
}
/**
* Checks if PHP magic_quotes_gpc is enabled.
*
* @return \TYPO3\CMS\Reports\Status A tx_reports_reports_status_Status object representing whether the magic_quote_gpc is enabled or not
*/
protected function getPhpMagicQuotesGpcStatus()
{
$value = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_common.xml:disabled');
$message = '';
$severity = \TYPO3\CMS\Reports\Status::OK;
if (\TYPO3\CMS\Core\Utility\PhpOptionsUtility::isMagicQuotesGpcEnabled()) {
$value = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_common.xml:enabled');
$severity = \TYPO3\CMS\Reports\Status::WARNING;
$message = $GLOBALS['LANG']->getLL('status_configuration_PhpMagicQuotesGpcEnabled');
}
return \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Reports\\Status', $GLOBALS['LANG']->getLL('status_PhpMagicQuotesGpc'), $value, $message, $severity);
}
