mirror of
https://github.com/OpenXE-org/OpenXE.git
synced 2024-12-25 14:10:28 +01:00
.htaccess security check feature with automatic repair upon login - amended - removed writing to .htaccess
This commit is contained in:
parent
e3b7634581
commit
7a530e1274
@ -16,3 +16,4 @@ Order deny,allow
|
|||||||
Order Allow,Deny
|
Order Allow,Deny
|
||||||
Allow from all
|
Allow from all
|
||||||
</Files>
|
</Files>
|
||||||
|
# end
|
||||||
|
@ -571,6 +571,9 @@ class Acl
|
|||||||
public function Login()
|
public function Login()
|
||||||
{
|
{
|
||||||
|
|
||||||
|
include dirname(__DIR__).'/../version.php';
|
||||||
|
$this->app->Tpl->Set('XENTRALVERSION',"V.".$version_revision);
|
||||||
|
|
||||||
$result = $this->CheckHtaccess();
|
$result = $this->CheckHtaccess();
|
||||||
if ($result !== true) {
|
if ($result !== true) {
|
||||||
$this->app->Tpl->Set('LOGINWARNING_TEXT', "Achtung: Zugriffskonfiguration (htaccess) fehlerhaft. Bitte wenden Sie sich an Ihren an Ihren Administrator. <br>($result)");
|
$this->app->Tpl->Set('LOGINWARNING_TEXT', "Achtung: Zugriffskonfiguration (htaccess) fehlerhaft. Bitte wenden Sie sich an Ihren an Ihren Administrator. <br>($result)");
|
||||||
@ -1219,7 +1222,8 @@ class Acl
|
|||||||
// true if ok, else error text
|
// true if ok, else error text
|
||||||
protected function CheckHtaccess() : mixed {
|
protected function CheckHtaccess() : mixed {
|
||||||
|
|
||||||
$nominal = array('# Generated file from class.acl.php
|
$nominal = array('
|
||||||
|
# Generated file from class.acl.php
|
||||||
# For detection of htaccess functionality
|
# For detection of htaccess functionality
|
||||||
SetEnv OPENXE_HTACCESS on
|
SetEnv OPENXE_HTACCESS on
|
||||||
# Disable directory browsing
|
# Disable directory browsing
|
||||||
@ -1236,22 +1240,27 @@ Order deny,allow
|
|||||||
<Files "index.php">
|
<Files "index.php">
|
||||||
Order Allow,Deny
|
Order Allow,Deny
|
||||||
Allow from all
|
Allow from all
|
||||||
</Files>',
|
</Files>
|
||||||
'# Generated file from class.acl.php
|
# end
|
||||||
|
',
|
||||||
|
'
|
||||||
|
# Generated file from class.acl.php
|
||||||
# Disable directory browsing
|
# Disable directory browsing
|
||||||
Options -Indexes
|
Options -Indexes
|
||||||
# Deny access to all *.php
|
# Deny access to all *.php
|
||||||
Order deny,allow
|
Order deny,allow
|
||||||
Allow from all
|
Allow from all
|
||||||
<Files *.php>
|
<FilesMatch "\.(css|jpg|jpeg|gif|png|svg|js)$">
|
||||||
Order Allow,Deny
|
Order Allow,Deny
|
||||||
Deny from all
|
Allow from all
|
||||||
</Files>
|
</FilesMatch>
|
||||||
# Allow access to index.php
|
# Allow access to index.php
|
||||||
<Files index.php>
|
<Files index.php>
|
||||||
Order Allow,Deny
|
Order Allow,Deny
|
||||||
Allow from all
|
Allow from all
|
||||||
</Files>');
|
</Files>
|
||||||
|
# end
|
||||||
|
');
|
||||||
|
|
||||||
$script_file_name = $_SERVER['SCRIPT_FILENAME'];
|
$script_file_name = $_SERVER['SCRIPT_FILENAME'];
|
||||||
$htaccess_path = array(
|
$htaccess_path = array(
|
||||||
@ -1259,20 +1268,16 @@ Allow from all
|
|||||||
dirname($script_file_name)."/.htaccess"); // www
|
dirname($script_file_name)."/.htaccess"); // www
|
||||||
|
|
||||||
for ($count = 0;$count < 2;$count++) {
|
for ($count = 0;$count < 2;$count++) {
|
||||||
|
$htaccess = trim(file_get_contents($htaccess_path[$count]));
|
||||||
|
$htaccess_nominal = trim($nominal[$count]);
|
||||||
|
|
||||||
$htaccess = file_get_contents($htaccess_path[$count]);
|
$result = strcmp($htaccess,$htaccess_nominal);
|
||||||
|
|
||||||
$result = strcmp(trim($htaccess[$count]),trim($nominal[$count]));
|
if ($result !== 0) {
|
||||||
|
return("FATAL: ".$htaccess_path[$count]." fehlerhaft.");
|
||||||
if (($result !== 0) || ($htaccess === false)) {
|
}
|
||||||
$result = file_put_contents($htaccess_path[$count],trim($nominal[$count]));
|
if ($htaccess === false) {
|
||||||
if ($result === false) {
|
return("FATAL: ".$htaccess_path[$count]." nicht vorhanden.");
|
||||||
|
|
||||||
if ($htaccess === false) {
|
|
||||||
return("FATAL: ".$htaccess_path[$count]." nicht vorhanden und kann nicht korrigiert werden.");
|
|
||||||
}
|
|
||||||
return("FATAL: ".$htaccess_path[$count]." fehlerhaft und kann nicht korrigiert werden.");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4,12 +4,13 @@ Options -Indexes
|
|||||||
# Deny access to all *.php
|
# Deny access to all *.php
|
||||||
Order deny,allow
|
Order deny,allow
|
||||||
Allow from all
|
Allow from all
|
||||||
<Files *.php>
|
<FilesMatch "\.(css|jpg|jpeg|gif|png|svg|js)$">
|
||||||
Order Allow,Deny
|
Order Allow,Deny
|
||||||
Deny from all
|
Allow from all
|
||||||
</Files>
|
</FilesMatch>
|
||||||
# Allow access to index.php
|
# Allow access to index.php
|
||||||
<Files index.php>
|
<Files index.php>
|
||||||
Order Allow,Deny
|
Order Allow,Deny
|
||||||
Allow from all
|
Allow from all
|
||||||
</Files>
|
</Files>
|
||||||
|
# end
|
||||||
|
@ -37,12 +37,9 @@
|
|||||||
[PAGE]
|
[PAGE]
|
||||||
<div id="login-footer">
|
<div id="login-footer">
|
||||||
<div class="copyright">
|
<div class="copyright">
|
||||||
© [YEAR] by OpenXE-org & Xentral ERP Software GmbH.
|
© [YEAR] by OpenXE-org & Xentral ERP Software GmbH.<br>
|
||||||
<br>
|
OpenXE is free open source software under AGPL-3.0 license, based on <a href="https://xentral.com" target="_blank">Xentral®</a>.<br>
|
||||||
[WAWIVERSION]
|
[XENTRALVERSION]
|
||||||
</br>
|
|
||||||
OpenXE is free open source software under AGPL-3.0 license, based on <a href="https://xentral.com" target="_blank">Xentral®</a>.
|
|
||||||
<!-- dead link [LIZENZHINWEIS] -->
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user