/**
* This is a standard function to update the configuration parameters of the
* module given the information passed back by the modification form
* @see securitycenter_admin_modifyconfig()
*
* @param int enableanticracker
* @param int itemsperpage
* @param int emailhackattempt
* @param int loghackattempttodb
* @param int onlysendsummarybyemail
* @param int updatecheck
* @param int updatefrequency
* @param int keyexpiry
* @param int sessionauthkeyua
* @param string secure_domain
* @param int signcookies
* @param string signingkey
* @param string seclevel
* @param int secmeddays
* @param int secinactivemins
* @param int sessionstoretofile
* @param string sessionsavepath
* @param int gc_probability
* @param int anonymoussessions
* @param int sessionrandregenerate
* @param int sessionregenerate
* @param int sessionregeneratefreq
* @param int sessionipcheck
* @param string sessionname
* @param int filtergetvars
* @param int filterpostvars
* @param int filtercookievars
* @param int outputfilter
* @param string summarycontent
* @param string fullcontent
*
* @return bool true if successful, false otherwise.
*/
public function updateconfig()
{
$this->checkCsrfToken();
// Security check
if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
$validates = true;
// Update module variables.
$updatecheck = (int)FormUtil::getPassedValue('updatecheck', 0, 'POST');
System::setVar('updatecheck', $updatecheck);
// if update checks are disabled, reset values to force new update check if re-enabled
if ($updatecheck == 0) {
System::setVar('updateversion', Zikula_Core::VERSION_NUM);
System::setVar('updatelastchecked', 0);
}
$updatefrequency = (int)FormUtil::getPassedValue('updatefrequency', 30, 'POST');
System::setVar('updatefrequency', $updatefrequency);
$keyexpiry = (int)FormUtil::getPassedValue('keyexpiry', 0, 'POST');
if ($keyexpiry < 0 || $keyexpiry > 3600) {
$keyexpiry = 0;
}
System::setVar('keyexpiry', $keyexpiry);
$sessionauthkeyua = (int)FormUtil::getPassedValue('sessionauthkeyua', 0, 'POST');
System::setVar('sessionauthkeyua', $sessionauthkeyua);
$secure_domain = FormUtil::getPassedValue('secure_domain', '', 'POST');
System::setVar('secure_domain', $secure_domain);
$signcookies = (int)FormUtil::getPassedValue('signcookies', 1, 'POST');
System::setVar('signcookies', $signcookies);
$signingkey = FormUtil::getPassedValue('signingkey', '', 'POST');
System::setVar('signingkey', $signingkey);
$seclevel = FormUtil::getPassedValue('seclevel', 'High', 'POST');
System::setVar('seclevel', $seclevel);
$secmeddays = (int)FormUtil::getPassedValue('secmeddays', 7, 'POST');
if ($secmeddays < 1 || $secmeddays > 365) {
$secmeddays = 7;
}
System::setVar('secmeddays', $secmeddays);
$secinactivemins = (int)FormUtil::getPassedValue('secinactivemins', 20, 'POST');
if ($secinactivemins < 1 || $secinactivemins > 1440) {
$secinactivemins = 7;
}
System::setVar('secinactivemins', $secinactivemins);
$sessionstoretofile = (int)FormUtil::getPassedValue('sessionstoretofile', 0, 'POST');
$sessionsavepath = FormUtil::getPassedValue('sessionsavepath', '', 'POST');
// check session path config is writable (if method is being changed to session file storage)
$cause_logout = false;
$storeTypeCanBeWritten = true;
if ($sessionstoretofile == 1 && !empty($sessionsavepath)) {
// fix path on windows systems
$sessionsavepath = str_replace('\\', '/', $sessionsavepath);
// sanitize the path
$sessionsavepath = trim(stripslashes($sessionsavepath));
// check if sessionsavepath is a dir and if it is writable
// if yes, we need to logout
$cause_logout = (is_dir($sessionsavepath)) ? is_writable($sessionsavepath) : false;
if ($cause_logout == false) {
// an error occured - we do not change the way of storing session data
LogUtil::registerStatus($this->__('Error! Session path not writeable!'));
$storeTypeCanBeWritten = false;
}
}
if ($storeTypeCanBeWritten == true) {
System::setVar('sessionstoretofile', $sessionstoretofile);
System::setVar('sessionsavepath', $sessionsavepath);
}
if ((bool)$sessionstoretofile != (bool)System::getVar('sessionstoretofile')) {
// logout if going from one storage to another one
$cause_logout = true;
}
$gc_probability = (int)FormUtil::getPassedValue('gc_probability', 100, 'POST');
if ($gc_probability < 1 || $gc_probability > 10000) {
$gc_probability = 7;
}
System::setVar('gc_probability', $gc_probability);
$anonymoussessions = (int)FormUtil::getPassedValue('anonymoussessions', 1, 'POST');
System::setVar('anonymoussessions', $anonymoussessions);
$sessionrandregenerate = (int)FormUtil::getPassedValue('sessionrandregenerate', 1, 'POST');
System::setVar('sessionrandregenerate', $sessionrandregenerate);
$sessionregenerate = (int)FormUtil::getPassedValue('sessionregenerate', 1, 'POST');
System::setVar('sessionregenerate', $sessionregenerate);
$sessionregeneratefreq = (int)FormUtil::getPassedValue('sessionregeneratefreq', 10, 'POST');
if ($sessionregeneratefreq < 1 || $sessionregeneratefreq > 100) {
$sessionregeneratefreq = 10;
}
System::setVar('sessionregeneratefreq', $sessionregeneratefreq);
$sessionipcheck = (int)FormUtil::getPassedValue('sessionipcheck', 0, 'POST');
System::setVar('sessionipcheck', $sessionipcheck);
$sessionname = FormUtil::getPassedValue('sessionname', 'ZSID', 'POST');
if (strlen($sessionname) < 3) {
$sessionname = 'ZSID';
}
$sessioncsrftokenonetime = (int)FormUtil::getPassedValue('sessioncsrftokenonetime', 0, 'POST');
System::setVar('sessioncsrftokenonetime', $sessioncsrftokenonetime);
// cause logout if we changed session name
if ($sessionname != System::getVar('sessionname')) {
$cause_logout = true;
}
System::setVar('sessionname', $sessionname);
System::setVar('sessionstoretofile', $sessionstoretofile);
$outputfilter = FormUtil::getPassedValue('outputfilter', 0, 'POST');
System::setVar('outputfilter', $outputfilter);
$useids = (bool)FormUtil::getPassedValue('useids', 0, 'POST');
System::setVar('useids', $useids);
// create tmp directory for PHPIDS
if ($useids == 1) {
$idsTmpDir = CacheUtil::getLocalDir() . '/idsTmp';
if (!file_exists($idsTmpDir)) {
CacheUtil::clearLocalDir('idsTmp');
}
}
$idssoftblock = (bool)FormUtil::getPassedValue('idssoftblock', 1, 'POST');
System::setVar('idssoftblock', $idssoftblock);
$idsmail = (bool)FormUtil::getPassedValue('idsmail', 1, 'POST');
System::setVar('idsmail', $idsmail);
$idsfilter = FormUtil::getPassedValue('idsfilter', 'xml', 'POST');
System::setVar('idsfilter', $idsfilter);
$idsrulepath = FormUtil::getPassedValue('idsrulepath', 'config/zikula_default.xml', 'POST');
$idsrulepath = DataUtil::formatForOS($idsrulepath);
if (is_readable($idsrulepath)) {
System::setVar('idsrulepath', $idsrulepath);
} else {
LogUtil::registerError($this->__f('Error! PHPIDS rule file %s does not exist or is not readable.', $idsrulepath));
$validates = false;
}
$idsimpactthresholdone = (int)FormUtil::getPassedValue('idsimpactthresholdone', 1, 'POST');
System::setVar('idsimpactthresholdone', $idsimpactthresholdone);
$idsimpactthresholdtwo = (int)FormUtil::getPassedValue('idsimpactthresholdtwo', 10, 'POST');
System::setVar('idsimpactthresholdtwo', $idsimpactthresholdtwo);
$idsimpactthresholdthree = (int)FormUtil::getPassedValue('idsimpactthresholdthree', 25, 'POST');
System::setVar('idsimpactthresholdthree', $idsimpactthresholdthree);
$idsimpactthresholdfour = (int)FormUtil::getPassedValue('idsimpactthresholdfour', 75, 'POST');
System::setVar('idsimpactthresholdfour', $idsimpactthresholdfour);
$idsimpactmode = (int)FormUtil::getPassedValue('idsimpactmode', 1, 'POST');
System::setVar('idsimpactmode', $idsimpactmode);
$idshtmlfields = FormUtil::getPassedValue('idshtmlfields', '', 'POST');
$idshtmlfields = explode(PHP_EOL, $idshtmlfields);
$idshtmlarray = array();
foreach ($idshtmlfields as $idshtmlfield) {
$idshtmlfield = trim($idshtmlfield);
if (!empty($idshtmlfield)) {
$idshtmlarray[] = $idshtmlfield;
}
}
System::setVar('idshtmlfields', $idshtmlarray);
$idsjsonfields = FormUtil::getPassedValue('idsjsonfields', '', 'POST');
$idsjsonfields = explode(PHP_EOL, $idsjsonfields);
$idsjsonarray = array();
foreach ($idsjsonfields as $idsjsonfield) {
$idsjsonfield = trim($idsjsonfield);
if (!empty($idsjsonfield)) {
$idsjsonarray[] = $idsjsonfield;
}
}
System::setVar('idsjsonfields', $idsjsonarray);
$idsexceptions = FormUtil::getPassedValue('idsexceptions', '', 'POST');
$idsexceptions = explode(PHP_EOL, $idsexceptions);
$idsexceptarray = array();
foreach ($idsexceptions as $idsexception) {
$idsexception = trim($idsexception);
if (!empty($idsexception)) {
$idsexceptarray[] = $idsexception;
}
}
System::setVar('idsexceptions', $idsexceptarray);
// clear all cache and compile directories
ModUtil::apiFunc('Settings', 'admin', 'clearallcompiledcaches');
// the module configuration has been updated successfuly
if ($validates) {
$this->registerStatus($this->__('Done! Saved module configuration.'));
}
// we need to auto logout the user if they changed from DB to FILE
if ($cause_logout == true) {
UserUtil::logout();
$this->registerStatus($this->__('Session handling variables have changed. You must log in again.'));
$returnPage = urlencode(ModUtil::url('SecurityCenter', 'admin', 'modifyconfig'));
$this->redirect(ModUtil::url('Users', 'user', 'login', array('returnpage' => $returnPage)));
}
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
return $this->redirect(ModUtil::url('SecurityCenter', 'admin', 'modifyconfig'));
}
/**
* upgrade the SecurityCenter module from an old version
*
* @param string $oldVersion version number string to upgrade from
* @return mixed true on success, last valid version string or false if fails
*/
public function upgrade($oldversion)
{
switch ($oldversion) {
case '1.3':
// create cache directory for HTML Purifier
$purifierCacheDir = CacheUtil::getLocalDir() . '/purifierCache';
if (!file_exists($purifierCacheDir)) {
CacheUtil::clearLocalDir('purifierCache');
}
// create ids intrusions table
if (!DBUtil::createTable('sc_intrusion')) {
return false;
}
// create vars for phpids usage
System::setVar('useids', 0);
System::setVar('idsmail', 0);
System::setVar('idsrulepath', 'config/phpids_zikula_default.xml');
System::setVar('idssoftblock', 1);
// do not block requests, but warn for debugging
System::setVar('idsfilter', 'xml');
// filter type
System::setVar('idsimpactthresholdone', 1);
// db logging
System::setVar('idsimpactthresholdtwo', 10);
// mail admin
System::setVar('idsimpactthresholdthree', 25);
// block request
System::setVar('idsimpactthresholdfour', 75);
// kick user, destroy session
System::setVar('idsimpactmode', 1);
// per request per default
System::setVar('idshtmlfields', array('POST.__wysiwyg'));
System::setVar('idsjsonfields', array('POST.__jsondata'));
// Location of HTML Purifier
System::setVar('idsrulepath', 'config/phpids_zikula_default.xml');
System::setVar('idsexceptions', array('GET.__utmz', 'GET.__utmc', 'REQUEST.linksorder', 'POST.linksorder', 'REQUEST.fullcontent', 'POST.fullcontent', 'REQUEST.summarycontent', 'POST.summarycontent', 'REQUEST.filter.page', 'POST.filter.page', 'REQUEST.filter.value', 'POST.filter.value'));
System::delVar('htmlpurifierConfig');
// HTML Purifier default settings
$purifierDefaultConfig = SecurityCenter_Util::getpurifierconfig(array('forcedefault' => true));
$this->setVar('htmlpurifierConfig', serialize($purifierDefaultConfig));
if (!DBUtil::changeTable('sc_intrusion')) {
return false;
}
System::setVar('sessioncsrftokenonetime', 0);
case '1.4.4':
// future upgrade routines
}
// Update successful
return true;
}
/**
* upgrade the Feeds module from an old version
* This function can be called multiple times
*/
public function upgrade($oldversion)
{
$dom = ZLanguage::getModuleDomain('Feeds');
// when upgrading let's clear the cache directory
CacheUtil::clearLocalDir('feeds');
switch ($oldversion)
{
// version 1.0 shipped with PN .7x
case '1.0':
// rename table if upgrading from an earlier version
if (in_array(DBUtil::getLimitedTablename('RSS'), DBUtil::MetaTables())) {
DBUtil::renameTable('RSS', 'feeds');
}
if (in_array(DBUtil::getLimitedTablename('rss'), DBUtil::MetaTables())) {
DBUtil::renameTable('rss', 'feeds');
}
// create cache directory
CacheUtil::createLocalDir('feeds');
// migrate module vars
$tables = DBUtil::getTables();
$sql = "UPDATE $tables[module_vars] SET pn_modname = 'Feeds' WHERE pn_modname = 'RSS'";
if (!DBUtil::executeSQL($sql)) {
LogUtil::registerError(__('Error! Update attempt failed.', $dom));
return '1.0';
}
// create our default category
$this->setVar('enablecategorization', true);
if (!$this->_feeds_createdefaultcategory()) {
LogUtil::registerError(__('Error! Update attempt failed.', $dom));
return '1.0';
}
// update table
if (!DBUtil::changeTable('feeds')) {
return '1.0';
}
// update the permalinks
$shorturlsep = System::getVar('shorturlsseparator');
$sql = "UPDATE $tables[feeds] SET pn_urltitle = REPLACE(pn_name, ' ', '{$shorturlsep}')";
if (!DBUtil::executeSQL($sql)) {
LogUtil::registerError(__('Error! Update attempt failed.', $dom));
return '1.0';
}
case '2.1':
$modvars = array('multifeedlimit' => 0,
'feedsperpage' => 10,
'usingcronjob' => 0,
'key' => md5(time()));
if (!ModUtil::setVars('Feeds', $modvars)) {
LogUtil::registerError(__('Error! Update attempt failed.', $dom));
return '2.1';
}
// 2.2 -> 2.3 is the Gettext change
case '2.2':
case '2.3':
case '2.4':
case '2.5':
$prefix = $this->serviceManager['prefix'];
$connection = Doctrine_Manager::getInstance()->getConnection('default');
$sqlStatements = array();
// N.B. statements generated with PHPMyAdmin
$sqlStatements[] = 'RENAME TABLE ' . $prefix . '_feeds' . " TO `feeds`";
$sqlStatements[] = "ALTER TABLE `feeds`
CHANGE `pn_fid` `fid` INT( 10 ) NOT NULL AUTO_INCREMENT ,
CHANGE `pn_name` `name` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '',
CHANGE `pn_urltitle` `urltitle` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '',
CHANGE `pn_url` `url` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '',
CHANGE `pn_obj_status` `obj_status` CHAR( 1 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'A',
CHANGE `pn_cr_date` `cr_date` DATETIME NOT NULL DEFAULT '1970-01-01 00:00:00',
CHANGE `pn_cr_uid` `cr_uid` INT( 11 ) NOT NULL DEFAULT '0',
CHANGE `pn_lu_date` `lu_date` DATETIME NOT NULL DEFAULT '1970-01-01 00:00:00',
CHANGE `pn_lu_uid` `lu_uid` INT( 11 ) NOT NULL DEFAULT '0'";
foreach ($sqlStatements as $sql) {
$stmt = $connection->prepare($sql);
try {
$stmt->execute();
} catch (Exception $e) {
}
}
case '2.6.0':
$this->delVar('feedsperpage');
case '2.6.1':
// further upgrade routine
}
// update successful
return true;
}
