/**
* builds the security notes while checking some security issues
* these notes should be displayed!
*
* @return array returns the security issues, or null if none found!
* @author Andreas Morsing
*
* @internal rev :
**/
function getSecurityNotes(&$db)
{
$repository['type'] = config_get('repositoryType');
$repository['path'] = config_get('repositoryPath');
$securityNotes = null;
if (checkForInstallDir()) {
$securityNotes[] = lang_get("sec_note_remove_install_dir");
}
$authCfg = config_get('authentication');
if ('LDAP' == $authCfg['method']) {
if (!checkForLDAPExtension()) {
$securityNotes[] = lang_get("ldap_extension_not_loaded");
}
} else {
if (checkForAdminDefaultPwd($db)) {
$securityNotes[] = lang_get("sec_note_admin_default_pwd");
}
}
if (!checkForBTSConnection()) {
$securityNotes[] = lang_get("bts_connection_problems");
}
if ($repository['type'] == TL_REPOSITORY_TYPE_FS) {
$ret = checkForRepositoryDir($repository['path']);
if (!$ret['status_ok']) {
$securityNotes[] = $ret['msg'];
}
}
// Needed when schemas change has been done.
// This call can be removed when release is stable
$res = checkSchemaVersion($db);
$msg = $res['msg'];
if ($msg != "") {
$securityNotes[] = $msg;
}
$msg = checkEmailConfig();
if (!is_null($msg)) {
foreach ($msg as $detail) {
$securityNotes[] = $detail;
}
}
checkForExtensions($securityNotes);
if (!is_null($securityNotes)) {
$user_feedback = config_get('config_check_warning_mode');
switch ($user_feedback) {
case 'SCREEN':
break;
case 'FILE':
case 'SILENT':
$warnings = '';
$filename = config_get('log_path') . 'config_check.txt';
if (@($handle = fopen($filename, 'w'))) {
$warnings = implode("\n", $securityNotes);
@fwrite($handle, $warnings);
@fclose($handle);
}
$securityNotes = null;
if ($user_feedback == 'FILE') {
$securityNotes[] = sprintf(lang_get('config_check_warnings'), $filename);
}
break;
}
}
return $securityNotes;
}
/**
* General GUI page initialization procedure
* - init session
* - init database
* - check rights
* - initialize project data (if requested)
*
* @param integer $db DB connection identifier
* @param boolean $initProject (optional) Set true if adjustment of Product or
* Test Plan is required; default is FALSE
* @param boolean $bDontCheckSession (optional) Set to true if no session should be
* started
*/
function testlinkInitPage(&$db, $initProject = FALSE, $bDontCheckSession = false, $userRightsCheckFunction = null)
{
doSessionStart();
setPaths();
set_dt_formats();
doDBConnect($db);
static $pageStatistics = null;
if (!$pageStatistics && config_get('log_level') == 'EXTENDED') {
$pageStatistics = new tlPageStatistics($db);
}
if (!$bDontCheckSession) {
checkSessionValid($db);
}
if ($userRightsCheckFunction) {
checkUserRightsFor($db, $userRightsCheckFunction);
}
// adjust Product and Test Plan to $_SESSION
if ($initProject) {
initProject($db, $_REQUEST);
}
// used to disable the attachment feature if there are problems with repository path
/** @TODO this check should not be done anytime but on login and using */
global $g_repositoryType;
global $g_attachments;
global $g_repositoryPath;
$g_attachments->disabled_msg = "";
if ($g_repositoryType == TL_REPOSITORY_TYPE_FS) {
$ret = checkForRepositoryDir($g_repositoryPath);
if (!$ret['status_ok']) {
$g_attachments->enabled = FALSE;
$g_attachments->disabled_msg = $ret['msg'];
}
}
}
