/** * This is a standard function to update the configuration parameters of the * module given the information passed back by the modification form * @see securitycenter_admin_modifyconfig() * * @param int enableanticracker * @param int itemsperpage * @param int emailhackattempt * @param int loghackattempttodb * @param int onlysendsummarybyemail * @param int updatecheck * @param int updatefrequency * @param int keyexpiry * @param int sessionauthkeyua * @param string secure_domain * @param int signcookies * @param string signingkey * @param string seclevel * @param int secmeddays * @param int secinactivemins * @param int sessionstoretofile * @param string sessionsavepath * @param int gc_probability * @param int anonymoussessions * @param int sessionrandregenerate * @param int sessionregenerate * @param int sessionregeneratefreq * @param int sessionipcheck * @param string sessionname * @param int filtergetvars * @param int filterpostvars * @param int filtercookievars * @param int outputfilter * @param string summarycontent * @param string fullcontent * * @return bool true if successful, false otherwise. */ public function updateconfig() { $this->checkCsrfToken(); // Security check if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $validates = true; // Update module variables. $updatecheck = (int)FormUtil::getPassedValue('updatecheck', 0, 'POST'); System::setVar('updatecheck', $updatecheck); // if update checks are disabled, reset values to force new update check if re-enabled if ($updatecheck == 0) { System::setVar('updateversion', Zikula_Core::VERSION_NUM); System::setVar('updatelastchecked', 0); } $updatefrequency = (int)FormUtil::getPassedValue('updatefrequency', 30, 'POST'); System::setVar('updatefrequency', $updatefrequency); $keyexpiry = (int)FormUtil::getPassedValue('keyexpiry', 0, 'POST'); if ($keyexpiry < 0 || $keyexpiry > 3600) { $keyexpiry = 0; } System::setVar('keyexpiry', $keyexpiry); $sessionauthkeyua = (int)FormUtil::getPassedValue('sessionauthkeyua', 0, 'POST'); System::setVar('sessionauthkeyua', $sessionauthkeyua); $secure_domain = FormUtil::getPassedValue('secure_domain', '', 'POST'); System::setVar('secure_domain', $secure_domain); $signcookies = (int)FormUtil::getPassedValue('signcookies', 1, 'POST'); System::setVar('signcookies', $signcookies); $signingkey = FormUtil::getPassedValue('signingkey', '', 'POST'); System::setVar('signingkey', $signingkey); $seclevel = FormUtil::getPassedValue('seclevel', 'High', 'POST'); System::setVar('seclevel', $seclevel); $secmeddays = (int)FormUtil::getPassedValue('secmeddays', 7, 'POST'); if ($secmeddays < 1 || $secmeddays > 365) { $secmeddays = 7; } System::setVar('secmeddays', $secmeddays); $secinactivemins = (int)FormUtil::getPassedValue('secinactivemins', 20, 'POST'); if ($secinactivemins < 1 || $secinactivemins > 1440) { $secinactivemins = 7; } System::setVar('secinactivemins', $secinactivemins); $sessionstoretofile = (int)FormUtil::getPassedValue('sessionstoretofile', 0, 'POST'); $sessionsavepath = FormUtil::getPassedValue('sessionsavepath', '', 'POST'); // check session path config is writable (if method is being changed to session file storage) $cause_logout = false; $storeTypeCanBeWritten = true; if ($sessionstoretofile == 1 && !empty($sessionsavepath)) { // fix path on windows systems $sessionsavepath = str_replace('\\', '/', $sessionsavepath); // sanitize the path $sessionsavepath = trim(stripslashes($sessionsavepath)); // check if sessionsavepath is a dir and if it is writable // if yes, we need to logout $cause_logout = (is_dir($sessionsavepath)) ? is_writable($sessionsavepath) : false; if ($cause_logout == false) { // an error occured - we do not change the way of storing session data LogUtil::registerStatus($this->__('Error! Session path not writeable!')); $storeTypeCanBeWritten = false; } } if ($storeTypeCanBeWritten == true) { System::setVar('sessionstoretofile', $sessionstoretofile); System::setVar('sessionsavepath', $sessionsavepath); } if ((bool)$sessionstoretofile != (bool)System::getVar('sessionstoretofile')) { // logout if going from one storage to another one $cause_logout = true; } $gc_probability = (int)FormUtil::getPassedValue('gc_probability', 100, 'POST'); if ($gc_probability < 1 || $gc_probability > 10000) { $gc_probability = 7; } System::setVar('gc_probability', $gc_probability); $anonymoussessions = (int)FormUtil::getPassedValue('anonymoussessions', 1, 'POST'); System::setVar('anonymoussessions', $anonymoussessions); $sessionrandregenerate = (int)FormUtil::getPassedValue('sessionrandregenerate', 1, 'POST'); System::setVar('sessionrandregenerate', $sessionrandregenerate); $sessionregenerate = (int)FormUtil::getPassedValue('sessionregenerate', 1, 'POST'); System::setVar('sessionregenerate', $sessionregenerate); $sessionregeneratefreq = (int)FormUtil::getPassedValue('sessionregeneratefreq', 10, 'POST'); if ($sessionregeneratefreq < 1 || $sessionregeneratefreq > 100) { $sessionregeneratefreq = 10; } System::setVar('sessionregeneratefreq', $sessionregeneratefreq); $sessionipcheck = (int)FormUtil::getPassedValue('sessionipcheck', 0, 'POST'); System::setVar('sessionipcheck', $sessionipcheck); $sessionname = FormUtil::getPassedValue('sessionname', 'ZSID', 'POST'); if (strlen($sessionname) < 3) { $sessionname = 'ZSID'; } $sessioncsrftokenonetime = (int)FormUtil::getPassedValue('sessioncsrftokenonetime', 0, 'POST'); System::setVar('sessioncsrftokenonetime', $sessioncsrftokenonetime); // cause logout if we changed session name if ($sessionname != System::getVar('sessionname')) { $cause_logout = true; } System::setVar('sessionname', $sessionname); System::setVar('sessionstoretofile', $sessionstoretofile); $outputfilter = FormUtil::getPassedValue('outputfilter', 0, 'POST'); System::setVar('outputfilter', $outputfilter); $useids = (bool)FormUtil::getPassedValue('useids', 0, 'POST'); System::setVar('useids', $useids); // create tmp directory for PHPIDS if ($useids == 1) { $idsTmpDir = CacheUtil::getLocalDir() . '/idsTmp'; if (!file_exists($idsTmpDir)) { CacheUtil::clearLocalDir('idsTmp'); } } $idssoftblock = (bool)FormUtil::getPassedValue('idssoftblock', 1, 'POST'); System::setVar('idssoftblock', $idssoftblock); $idsmail = (bool)FormUtil::getPassedValue('idsmail', 1, 'POST'); System::setVar('idsmail', $idsmail); $idsfilter = FormUtil::getPassedValue('idsfilter', 'xml', 'POST'); System::setVar('idsfilter', $idsfilter); $idsrulepath = FormUtil::getPassedValue('idsrulepath', 'config/zikula_default.xml', 'POST'); $idsrulepath = DataUtil::formatForOS($idsrulepath); if (is_readable($idsrulepath)) { System::setVar('idsrulepath', $idsrulepath); } else { LogUtil::registerError($this->__f('Error! PHPIDS rule file %s does not exist or is not readable.', $idsrulepath)); $validates = false; } $idsimpactthresholdone = (int)FormUtil::getPassedValue('idsimpactthresholdone', 1, 'POST'); System::setVar('idsimpactthresholdone', $idsimpactthresholdone); $idsimpactthresholdtwo = (int)FormUtil::getPassedValue('idsimpactthresholdtwo', 10, 'POST'); System::setVar('idsimpactthresholdtwo', $idsimpactthresholdtwo); $idsimpactthresholdthree = (int)FormUtil::getPassedValue('idsimpactthresholdthree', 25, 'POST'); System::setVar('idsimpactthresholdthree', $idsimpactthresholdthree); $idsimpactthresholdfour = (int)FormUtil::getPassedValue('idsimpactthresholdfour', 75, 'POST'); System::setVar('idsimpactthresholdfour', $idsimpactthresholdfour); $idsimpactmode = (int)FormUtil::getPassedValue('idsimpactmode', 1, 'POST'); System::setVar('idsimpactmode', $idsimpactmode); $idshtmlfields = FormUtil::getPassedValue('idshtmlfields', '', 'POST'); $idshtmlfields = explode(PHP_EOL, $idshtmlfields); $idshtmlarray = array(); foreach ($idshtmlfields as $idshtmlfield) { $idshtmlfield = trim($idshtmlfield); if (!empty($idshtmlfield)) { $idshtmlarray[] = $idshtmlfield; } } System::setVar('idshtmlfields', $idshtmlarray); $idsjsonfields = FormUtil::getPassedValue('idsjsonfields', '', 'POST'); $idsjsonfields = explode(PHP_EOL, $idsjsonfields); $idsjsonarray = array(); foreach ($idsjsonfields as $idsjsonfield) { $idsjsonfield = trim($idsjsonfield); if (!empty($idsjsonfield)) { $idsjsonarray[] = $idsjsonfield; } } System::setVar('idsjsonfields', $idsjsonarray); $idsexceptions = FormUtil::getPassedValue('idsexceptions', '', 'POST'); $idsexceptions = explode(PHP_EOL, $idsexceptions); $idsexceptarray = array(); foreach ($idsexceptions as $idsexception) { $idsexception = trim($idsexception); if (!empty($idsexception)) { $idsexceptarray[] = $idsexception; } } System::setVar('idsexceptions', $idsexceptarray); // clear all cache and compile directories ModUtil::apiFunc('Settings', 'admin', 'clearallcompiledcaches'); // the module configuration has been updated successfuly if ($validates) { $this->registerStatus($this->__('Done! Saved module configuration.')); } // we need to auto logout the user if they changed from DB to FILE if ($cause_logout == true) { UserUtil::logout(); $this->registerStatus($this->__('Session handling variables have changed. You must log in again.')); $returnPage = urlencode(ModUtil::url('SecurityCenter', 'admin', 'modifyconfig')); $this->redirect(ModUtil::url('Users', 'user', 'login', array('returnpage' => $returnPage))); } // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work return $this->redirect(ModUtil::url('SecurityCenter', 'admin', 'modifyconfig')); }
/** * upgrade the SecurityCenter module from an old version * * @param string $oldVersion version number string to upgrade from * @return mixed true on success, last valid version string or false if fails */ public function upgrade($oldversion) { switch ($oldversion) { case '1.3': // create cache directory for HTML Purifier $purifierCacheDir = CacheUtil::getLocalDir() . '/purifierCache'; if (!file_exists($purifierCacheDir)) { CacheUtil::clearLocalDir('purifierCache'); } // create ids intrusions table if (!DBUtil::createTable('sc_intrusion')) { return false; } // create vars for phpids usage System::setVar('useids', 0); System::setVar('idsmail', 0); System::setVar('idsrulepath', 'config/phpids_zikula_default.xml'); System::setVar('idssoftblock', 1); // do not block requests, but warn for debugging System::setVar('idsfilter', 'xml'); // filter type System::setVar('idsimpactthresholdone', 1); // db logging System::setVar('idsimpactthresholdtwo', 10); // mail admin System::setVar('idsimpactthresholdthree', 25); // block request System::setVar('idsimpactthresholdfour', 75); // kick user, destroy session System::setVar('idsimpactmode', 1); // per request per default System::setVar('idshtmlfields', array('POST.__wysiwyg')); System::setVar('idsjsonfields', array('POST.__jsondata')); // Location of HTML Purifier System::setVar('idsrulepath', 'config/phpids_zikula_default.xml'); System::setVar('idsexceptions', array('GET.__utmz', 'GET.__utmc', 'REQUEST.linksorder', 'POST.linksorder', 'REQUEST.fullcontent', 'POST.fullcontent', 'REQUEST.summarycontent', 'POST.summarycontent', 'REQUEST.filter.page', 'POST.filter.page', 'REQUEST.filter.value', 'POST.filter.value')); System::delVar('htmlpurifierConfig'); // HTML Purifier default settings $purifierDefaultConfig = SecurityCenter_Util::getpurifierconfig(array('forcedefault' => true)); $this->setVar('htmlpurifierConfig', serialize($purifierDefaultConfig)); if (!DBUtil::changeTable('sc_intrusion')) { return false; } System::setVar('sessioncsrftokenonetime', 0); case '1.4.4': // future upgrade routines } // Update successful return true; }
/** * upgrade the Feeds module from an old version * This function can be called multiple times */ public function upgrade($oldversion) { $dom = ZLanguage::getModuleDomain('Feeds'); // when upgrading let's clear the cache directory CacheUtil::clearLocalDir('feeds'); switch ($oldversion) { // version 1.0 shipped with PN .7x case '1.0': // rename table if upgrading from an earlier version if (in_array(DBUtil::getLimitedTablename('RSS'), DBUtil::MetaTables())) { DBUtil::renameTable('RSS', 'feeds'); } if (in_array(DBUtil::getLimitedTablename('rss'), DBUtil::MetaTables())) { DBUtil::renameTable('rss', 'feeds'); } // create cache directory CacheUtil::createLocalDir('feeds'); // migrate module vars $tables = DBUtil::getTables(); $sql = "UPDATE $tables[module_vars] SET pn_modname = 'Feeds' WHERE pn_modname = 'RSS'"; if (!DBUtil::executeSQL($sql)) { LogUtil::registerError(__('Error! Update attempt failed.', $dom)); return '1.0'; } // create our default category $this->setVar('enablecategorization', true); if (!$this->_feeds_createdefaultcategory()) { LogUtil::registerError(__('Error! Update attempt failed.', $dom)); return '1.0'; } // update table if (!DBUtil::changeTable('feeds')) { return '1.0'; } // update the permalinks $shorturlsep = System::getVar('shorturlsseparator'); $sql = "UPDATE $tables[feeds] SET pn_urltitle = REPLACE(pn_name, ' ', '{$shorturlsep}')"; if (!DBUtil::executeSQL($sql)) { LogUtil::registerError(__('Error! Update attempt failed.', $dom)); return '1.0'; } case '2.1': $modvars = array('multifeedlimit' => 0, 'feedsperpage' => 10, 'usingcronjob' => 0, 'key' => md5(time())); if (!ModUtil::setVars('Feeds', $modvars)) { LogUtil::registerError(__('Error! Update attempt failed.', $dom)); return '2.1'; } // 2.2 -> 2.3 is the Gettext change case '2.2': case '2.3': case '2.4': case '2.5': $prefix = $this->serviceManager['prefix']; $connection = Doctrine_Manager::getInstance()->getConnection('default'); $sqlStatements = array(); // N.B. statements generated with PHPMyAdmin $sqlStatements[] = 'RENAME TABLE ' . $prefix . '_feeds' . " TO `feeds`"; $sqlStatements[] = "ALTER TABLE `feeds` CHANGE `pn_fid` `fid` INT( 10 ) NOT NULL AUTO_INCREMENT , CHANGE `pn_name` `name` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '', CHANGE `pn_urltitle` `urltitle` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '', CHANGE `pn_url` `url` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '', CHANGE `pn_obj_status` `obj_status` CHAR( 1 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'A', CHANGE `pn_cr_date` `cr_date` DATETIME NOT NULL DEFAULT '1970-01-01 00:00:00', CHANGE `pn_cr_uid` `cr_uid` INT( 11 ) NOT NULL DEFAULT '0', CHANGE `pn_lu_date` `lu_date` DATETIME NOT NULL DEFAULT '1970-01-01 00:00:00', CHANGE `pn_lu_uid` `lu_uid` INT( 11 ) NOT NULL DEFAULT '0'"; foreach ($sqlStatements as $sql) { $stmt = $connection->prepare($sql); try { $stmt->execute(); } catch (Exception $e) { } } case '2.6.0': $this->delVar('feedsperpage'); case '2.6.1': // further upgrade routine } // update successful return true; }