dolibarr 19.0.4
security.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2013-2022 Laurent Destailleur <eldy@users.sourceforge.net>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 3 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
23// Load Dolibarr environment
24require '../../main.inc.php';
25require_once DOL_DOCUMENT_ROOT.'/core/lib/memory.lib.php';
26require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
27require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
28require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
29require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
30require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
31require_once DOL_DOCUMENT_ROOT.'/core/class/events.class.php';
32
33// Load translation files required by the page
34$langs->loadLangs(array("install", "other", "admin", "errors"));
35
36if (!$user->admin) {
38}
39
40if (GETPOST('action', 'aZ09') == 'donothing') {
41 exit;
42}
43
44$execmethod = getDolGlobalInt('MAIN_EXEC_USE_POPEN', 1);
45
46
47/*
48 * View
49 */
50
51$form = new Form($db);
52
53llxHeader();
54
55print load_fiche_titre($langs->trans("Security"), '', 'title_setup');
56
57print '<span class="opacitymedium">'.$langs->trans("YouMayFindSecurityAdviceHere", 'hhttps://wiki.dolibarr.org/index.php/Security_information').'</span>';
58print ' &nbsp; &nbsp; ';
59print '<a href="'.$_SERVER["PHP_SELF"].'">';
60print img_picto($langs->trans("Reload"), 'refresh').' ';
61print $langs->trans("Reload");
62print '</a>';
63print '<br>';
64print '<br>';
65
66print load_fiche_titre($langs->trans("PHPSetup"), '', 'folder');
67
68print '<div class="wordbreak">';
69
70// Get version of PHP
71$phpversion = version_php();
72print "<strong>PHP</strong>: ".$langs->trans("Version").": ".$phpversion;
73if (function_exists('php_ini_loaded_file')) {
74 $inipath = php_ini_loaded_file();
75 print " - <strong>INI</strong>: ".$inipath;
76}
77print "<br>\n";
78
79// Get version of web server
80print "<br><strong>Web server - ".$langs->trans("Version")."</strong>: ".$_SERVER["SERVER_SOFTWARE"]."<br>\n";
81print '<strong>'.$langs->trans("DataRootServer")."</strong>: ".DOL_DATA_ROOT."<br>\n";
82// Web user group by default
83$labeluser = dol_getwebuser('user');
84$labelgroup = dol_getwebuser('group');
85if ($labeluser && $labelgroup) {
86 print '<strong>'.$langs->trans("WebUserGroup")." (env vars)</strong> : ".$labeluser.':'.$labelgroup;
87 if (function_exists('posix_geteuid') && function_exists('posix_getpwuid')) {
88 $arrayofinfoofuser = posix_getpwuid(posix_geteuid());
89 print ' <span class="opacitymedium">(POSIX '.$arrayofinfoofuser['name'].':'.$arrayofinfoofuser['gecos'].':'.$arrayofinfoofuser['dir'].':'.$arrayofinfoofuser['shell'].')</span><br>'."\n";
90 }
91}
92// Web user group real (detected by 'id' external command)
93if (function_exists('exec')) {
94 $arrayout = array();
95 $varout = 0;
96 exec('id', $arrayout, $varout);
97 if (empty($varout)) { // Test command is ok. Work only on Linux OS.
98 print '<strong>'.$langs->trans("WebUserGroup")." (real, 'id' command)</strong> : ".join(',', $arrayout)."<br>\n";
99 }
100}
101print '<br>';
102
103print "<strong>PHP session.use_strict_mode</strong> = ".(ini_get('session.use_strict_mode') ? img_picto('', 'tick').' ' : img_warning().' ').(ini_get('session.use_strict_mode') ? ini_get('session.use_strict_mode') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", '1').")</span><br>\n";
104print "<strong>PHP session.use_only_cookies</strong> = ".(ini_get('session.use_only_cookies') ? img_picto('', 'tick').' ' : img_warning().' ').(ini_get('session.use_only_cookies') ? ini_get('session.use_only_cookies') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", '1').")</span><br>\n";
105print "<strong>PHP session.cookie_httponly</strong> = ".(ini_get('session.cookie_httponly') ? img_picto('', 'tick').' ' : img_warning().' ').(ini_get('session.cookie_httponly') ? ini_get('session.cookie_httponly') : '').' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", '1').")</span><br>\n";
106print "<strong>PHP session.cookie_samesite</strong> = ".(ini_get('session.cookie_samesite') ? img_picto('', 'tick').' ' .ini_get('session.cookie_samesite') : 'None');
107if (!ini_get('session.cookie_samesite') || ini_get('session.cookie_samesite') == 'Lax') {
108 print ' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", 'Lax').")</span>";
109} elseif (ini_get('session.cookie_samesite') == 'Strict') {
110 print ' &nbsp; '.img_warning().' <span class="opacitymedium">'.$langs->trans("WarningPaypalPaymentNotCompatibleWithStrict")."</span>";
111}
112print "<br>\n";
113print "<strong>PHP open_basedir</strong> = ".(ini_get('open_basedir') ? img_picto('', 'tick').' '.ini_get('open_basedir') : img_warning().' '.yn(0).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("ARestrictedPath").', '.$langs->transnoentitiesnoconv("Example").': '.$_SERVER["DOCUMENT_ROOT"].','.DOL_DATA_ROOT).')</span>')."<br>\n";
114print "<strong>PHP short_open_tag</strong> = ".((empty(ini_get('short_open_tag')) || ini_get('short_open_tag') == 'Off') ? img_picto('', 'tick').' '.yn(0) : img_warning().' '.yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).')</span>'."<br>\n";
115print "<strong>PHP allow_url_fopen</strong> = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")</span><br>\n";
116print "<strong>PHP allow_url_include</strong> = ".(ini_get('allow_url_include') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_include') : img_picto('', 'tick').' '.yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")</span><br>\n";
117//print "<strong>PHP safe_mode</strong> = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0)).' &nbsp; <span class="opacitymedium">'.$langs->trans("Deprecated")." (removed in PHP 5.4)</span><br>\n";
118print "<strong>PHP disable_functions</strong> = ";
119$arrayoffunctionsdisabled = explode(',', ini_get('disable_functions'));
120$arrayoffunctionstodisable = explode(',', 'dl,apache_note,apache_setenv,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,show_source,virtual');
121//$arrayoffunctionstodisable[] = 'stream_wrapper_restore';
122//$arrayoffunctionstodisable[] = 'stream_wrapper_register';
123if ($execmethod == 1) {
124 $arrayoffunctionstodisable2 = explode(',', 'passthru,shell_exec,system,proc_open,popen');
125 $functiontokeep = 'exec';
126} else {
127 $arrayoffunctionstodisable2 = explode(',', 'exec,passthru,shell_exec,system,proc_open');
128 $functiontokeep = 'popen';
129}
130$i = 0;
131foreach ($arrayoffunctionsdisabled as $functionkey) {
132 if ($i > 0) {
133 print ', ';
134 }
135 print '<span class="opacitymedium">'.$functionkey.'</span>';
136 $i++;
137}
138print "<br>\n";
139$todisabletext = '';
140$i = 0;
141foreach ($arrayoffunctionstodisable as $functiontodisable) {
142 if (! in_array($functiontodisable, $arrayoffunctionsdisabled)) {
143 if ($i > 0) {
144 $todisabletext .= ', ';
145 }
146 $todisabletext .= img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' <span class="opacitymedium">'.$functiontodisable.'</span>';
147 $i++;
148 }
149}
150if ($todisabletext) {
151 print $langs->trans("YouShouldDisablePHPFunctions").': '.$todisabletext;
152 print '<br>';
153}
154$todisabletext = '';
155$i = 0;
156foreach ($arrayoffunctionstodisable2 as $functiontodisable) {
157 if (! in_array($functiontodisable, $arrayoffunctionsdisabled)) {
158 if ($i > 0) {
159 $todisabletext .= ', ';
160 }
161 $todisabletext .= img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' <span class="opacitymedium">'.$functiontodisable.'</span>';
162 $i++;
163 }
164}
165if ($todisabletext) {
166 print $langs->trans("IfCLINotRequiredYouShouldDisablePHPFunctions").': '.$todisabletext;
167 print '<br>';
168}
169
170print $langs->trans("PHPFunctionsRequiredForCLI").': ';
171if (in_array($functiontokeep, $arrayoffunctionsdisabled)) {
172 print img_picto($langs->trans("PHPFunctionsRequiredForCLI"), 'warning');
173}
174print '<span class="opacitymedium">'.$functiontokeep.'</span>';
175print '<br>';
176
177
178// XDebug
179print '<strong>'.$langs->trans("XDebug").'</strong>: ';
180$test = !function_exists('xdebug_is_enabled') && !extension_loaded('xdebug');
181if ($test) {
182 print img_picto('', 'tick').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
183} else {
184 print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedMayExposeInformation", $langs->transnoentities("XDebug"));
185 print ' - '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php">XDebug admin page</a>';
186}
187
188print '</div>';
189
190print '<br>';
191
192
193// OS Permissions
194
195print '<br>';
196print '<br>';
197print '<br>';
198print load_fiche_titre($langs->trans("OSSetup").' - '.$langs->trans("PermissionsOnFiles"), '', 'folder');
199
200print '<div class="wordbreak">';
201
202print '<strong>'.$langs->trans("PermissionsOnFilesInWebRoot").'</strong>: ';
203$arrayoffilesinroot = dol_dir_list(DOL_DOCUMENT_ROOT, 'all', 1, '', array('\/custom'), 'name', SORT_ASC, 4, 1, '', 1);
204$fileswithwritepermission = array();
205foreach ($arrayoffilesinroot as $fileinroot) {
206 // Test if there is at least one write permission file. If yes, add the entry into array $fileswithwritepermission
207 if (isset($fileinroot['perm']) && ($fileinroot['perm'] & 0222)) {
208 $fileswithwritepermission[] = $fileinroot['relativename'];
209 }
210}
211if (empty($fileswithwritepermission)) {
212 print img_picto('', 'tick').' '.$langs->trans("NoWritableFilesFoundIntoRootDir");
213} else {
214 print img_warning().' '.$langs->trans("SomeFilesOrDirInRootAreWritable");
215 print '<br>'.$langs->trans("Example").': ';
216 $i = 0;
217 foreach ($fileswithwritepermission as $filewithwritepermission) {
218 if ($i > 0) {
219 print ', ';
220 }
221 print '<span class="opacitymedium">'.$filewithwritepermission.'</span>';
222 if ($i > 20) {
223 print ' ...';
224 break;
225 }
226 $i++;
227 }
228}
229print '<br>';
230print '<br>';
231
232print '<strong>'.$langs->trans("PermissionsOnFile", $conffile).'</strong>: '; // $conffile is defined into filefunc.inc.php
233$perms = fileperms($dolibarr_main_document_root.'/'.$conffile);
234if ($perms) {
235 if (($perms & 0x0004) || ($perms & 0x0002)) {
236 print img_warning().' '.$langs->trans("ConfFileIsReadableOrWritableByAnyUsers");
237 // Web user group by default
238 $labeluser = dol_getwebuser('user');
239 $labelgroup = dol_getwebuser('group');
240 print ' '.$langs->trans("User").': '.$labeluser.':'.$labelgroup;
241 if (function_exists('posix_geteuid') && function_exists('posix_getpwuid')) {
242 $arrayofinfoofuser = posix_getpwuid(posix_geteuid());
243 print ' <span class="opacitymedium">(POSIX '.$arrayofinfoofuser['name'].':'.$arrayofinfoofuser['gecos'].':'.$arrayofinfoofuser['dir'].':'.$arrayofinfoofuser['shell'].')</span>';
244 }
245 } else {
246 print img_picto('', 'tick');
247 }
248} else {
249 print img_warning().' '.$langs->trans("FailedToReadFile", $conffile);
250}
251print '<br>';
252print '<br>';
253
254$installlock = DOL_DATA_ROOT.'/install.lock';
255$upgradeunlock = DOL_DATA_ROOT.'/upgrade.unlock';
256$installmoduleslock = DOL_DATA_ROOT.'/installmodules.lock';
257
258// Is install (upgrade) locked
259print '<strong>'.$langs->trans("DolibarrSetup").'</strong>: ';
260if (file_exists($installlock)) {
261 if (file_exists($upgradeunlock)) {
262 print img_picto('', 'tick').' '.$langs->trans("InstallLockedBy", $installlock);
263 } else {
264 print img_picto('', 'tick').' '.$langs->trans("InstallAndUpgradeLockedBy", $installlock);
265 }
266} else {
267 print img_warning().' '.$langs->trans("WarningLockFileDoesNotExists", DOL_DATA_ROOT);
268}
269print '<br>';
270
271// Is upgrade unlocked
272if (file_exists($installlock)) { // If install not locked, no need to show this.
273 if (file_exists($upgradeunlock)) {
274 print '<strong>'.$langs->trans("DolibarrUpgrade").'</strong>: ';
275 print img_warning().' '.$langs->trans("WarningUpgradeHasBeenUnlocked", $upgradeunlock);
276 print '<br>';
277 }
278}
279
280// Is addon install locked ?
281print '<strong>'.$langs->trans("DolibarrAddonInstall").'</strong>: ';
282if (file_exists($installmoduleslock)) {
283 print img_picto('', 'tick').' '.$langs->trans("InstallAndUpgradeLockedBy", $installmoduleslock);
284} else {
285 print $langs->trans("InstallOfAddonIsNotBlocked", DOL_DATA_ROOT);
286}
287print '<br>';
288
289print '</div>';
290
291
292// File conf.php
293
294print '<br>';
295print '<br>';
296print '<br>';
297print load_fiche_titre($langs->trans("ConfigurationFile").' ('.$conffile.')', '', 'folder');
298
299print '<strong>$dolibarr_main_prod</strong>: '.($dolibarr_main_prod ? $dolibarr_main_prod : '0');
300if (empty($dolibarr_main_prod)) {
301 print ' &nbsp; &nbsp; '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 1);
302}
303print '<br>';
304
305print '<strong>$dolibarr_nocsrfcheck</strong>: '.(empty($dolibarr_nocsrfcheck) ? '0' : $dolibarr_nocsrfcheck);
306if (!empty($dolibarr_nocsrfcheck)) {
307 print ' &nbsp; &nbsp;'.img_picto('', 'error').' '.$langs->trans("IfYouAreOnAProductionSetThis", 0);
308} else {
309 print ' &nbsp; &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 0)</span>';
310}
311print '<br>';
312
313print '<strong>$dolibarr_main_restrict_ip</strong>: ';
314if (empty($dolibarr_main_restrict_ip)) {
315 print '<span class="opacitymedium">'.$langs->trans("None").'</span>';
316 //print ' <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("IPsOfUsers")).')</span>';
317} else {
318 print $dolibarr_main_restrict_ip;
319}
320print '<br>';
321
322print '<strong>$dolibarr_main_restrict_os_commands</strong>: ';
323if (empty($dolibarr_main_restrict_os_commands)) {
324 print $langs->trans("None");
325} else {
326 print $dolibarr_main_restrict_os_commands;
327}
328print ' &nbsp; &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", 'mysqldump, mysql, pg_dump, pgrestore, mariadb, mariadb-dump, clamdscan').')</span>';
329print '<br>';
330
331if (!getDolGlobalString('SECURITY_DISABLE_TEST_ON_OBFUSCATED_CONF')) {
332 print '<strong>$dolibarr_main_db_pass</strong>: ';
333 if (!empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass)) {
334 print img_picto('', 'warning').' '.$langs->trans("DatabasePasswordNotObfuscated").' &nbsp; &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("SetOptionTo", $langs->transnoentitiesnoconv("MainDbPasswordFileConfEncrypted"), yn(1)).')</span>';
335 //print ' <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("IPsOfUsers")).')</span>';
336 } else {
337 print img_picto('', 'tick').' '.$langs->trans("DatabasePasswordObfuscated");
338 }
339
340 print '<br>';
341}
342
343print '<strong>$dolibarr_main_stream_to_disable</strong>: ';
344// $arrayofstreamtodisable is defined into filefunc.inc.php
345if (empty($dolibarr_main_stream_to_disable)) {
346 print '<span class="opacitymedium">'.$langs->trans("Undefined").' = '.join(', ', $arrayofstreamtodisable).'</span>';
347} else {
348 print join(', ', $dolibarr_main_stream_to_disable);
349}
350print '<span class="bold"> -> Current PHP streams allowed = </span>';
351$arrayofstreams = stream_get_wrappers();
352if (!empty($arrayofstreams)) {
353 sort($arrayofstreams);
354 print(join(',', $arrayofstreams)).' &nbsp; &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("TryToKeepOnly", 'file,http,https,php').')</span>'."\n";
355}
356
357print '<br>';
358
359/*
360if (!empty($dolibarr_main_stream_do_not_disable)) {
361 print '<strong>$dolibarr_main_stream_do_not_disable</strong>: ';
362 if (empty($dolibarr_main_stream_do_not_disable)) {
363 print '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>';
364 } else {
365 print join(', ', $dolibarr_main_stream_do_not_disable);
366 }
367 print ' -> PHP stream allowed = ';
368 $arrayofstreams = stream_get_wrappers();
369 if (!empty($arrayofstreams)) {
370 sort($arrayofstreams);
371 print (join(',', $arrayofstreams)).' &nbsp; &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", 'Undefined').')</span>'."\n";
372 }
373
374 print '<br>';
375}
376*/
377
378// Menu Home - Setup - Security
379
380print '<br>';
381print '<br>';
382print '<br>';
383
384print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup"), '', 'folder');
385
386print '<div class="wordbreak">';
387
388print '<strong>'.$langs->trans("UseCaptchaCode").'</strong>: ';
389print !getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA') ? '' : img_picto('', 'tick').' ';
390print yn(!getDolGlobalString('MAIN_SECURITY_ENABLECAPTCHA') ? 0 : 1);
391print '<br>';
392print '<br>';
393
394
395$sessiontimeout = ini_get("session.gc_maxlifetime");
396if (!getDolGlobalString('MAIN_SESSION_TIMEOUT')) {
397 $conf->global->MAIN_SESSION_TIMEOUT = $sessiontimeout;
398}
399print '<strong>'.$langs->trans("SessionTimeOut").'</strong>';
400if (!ini_get("session.gc_probability")) {
401 print $form->textwithpicto('', $langs->trans("SessionsPurgedByExternalSystem", ini_get("session.gc_maxlifetime")));
402} else {
403 print $form->textwithpicto('', $langs->trans("SessionExplanation", ini_get("session.gc_probability"), ini_get("session.gc_divisor"), ini_get("session.gc_maxlifetime")));
404}
405print ': '.getDolGlobalInt('MAIN_SESSION_TIMEOUT').' '.strtolower($langs->trans("Seconds"));
406print '<br><br>';
407
408print '<strong>'.$langs->trans("MaxNumberOfImagesInGetPost").'</strong>: ';
409print(getDolGlobalInt('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT') ? img_picto('', 'tick').' ' : '').getDolGlobalInt('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT').' '.strtolower($langs->trans("Images"));
410print '<br><br>';
411
412print '<strong>'.$langs->trans("MaxNumberOfPostOnPublicPagesByIP").'</strong>: ';
413print(getDolGlobalInt('MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS', 200) ? img_picto('', 'tick').' ' : '').getDolGlobalInt('MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS', 200).' '.strtolower($langs->trans("Posts"));
414print '<br><br>';
415
416print '<strong>'.$langs->trans("MaxNumberOfAttachementOnForms").'</strong>: ';
417print(getDolGlobalInt('MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS', 10) ? img_picto('', 'tick').' ' : '').getDolGlobalInt("MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", 10).' '.strtolower($langs->trans("Files"));
418print '<br><br>';
419
420print '<strong>'.$langs->trans("DoNotStoreClearPassword").'</strong>: ';
421print !getDolGlobalString('DATABASE_PWD_ENCRYPTED') ? '' : img_picto('', 'tick').' ';
422print yn(!getDolGlobalString('DATABASE_PWD_ENCRYPTED') ? 0 : 1);
423if (!getDolGlobalString('DATABASE_PWD_ENCRYPTED')) {
424 print ' <span class="opacitymedium">('.$langs->trans("Recommended").' '.yn(1).')</span>';
425}
426print '<br>';
427print '<br>';
428
429/* Already into section conf file */
430/*
431$usepassinconfencrypted = 0;
432global $dolibarr_main_db_pass, $dolibarr_main_db_encrypted_pass;
433if (preg_match('/crypted:/i', $dolibarr_main_db_pass) || !empty($dolibarr_main_db_encrypted_pass)) {
434 $usepassinconfencrypted = 1;
435}
436print '<strong>'.$langs->trans("MainDbPasswordFileConfEncrypted").'</strong>: ';
437print $usepassinconfencrypted ? img_picto('', 'tick').' ' : img_warning().' ';
438print yn($usepassinconfencrypted);
439if (empty($usepassinconfencrypted)) {
440 print ' <span class="opacitymedium">('.$langs->trans("Recommended").' '.yn(1).')</span>';
441}
442print '<br>';
443print '<br>';
444*/
445
446/* Password length
447
448// Stored into $tabconf[0] if module generator is "Perso" or specific to the module generator.
449$tabConf = explode(";", getDolGlobalString('USER_PASSWORD_PATTERN'));
450
451print '<strong>'.$langs->trans("PasswordLength").'</strong>: ';
452print empty($conf->global->DATABASE_PWD_ENCRYPTED) ? '' : img_picto('', 'tick').' ';
453print yn(empty($conf->global->DATABASE_PWD_ENCRYPTED) ? 0 : 1);
454if (empty($conf->global->DATABASE_PWD_ENCRYPTED)) {
455 print ' <span class="opacitymedium">('.$langs->trans("Recommended").' '.yn(1).')</span>';
456}
457print '<br>';
458print '<br>';
459*/
460
461print '<strong>'.$langs->trans("AntivirusEnabledOnUpload").'</strong>: ';
462print !getDolGlobalString('MAIN_ANTIVIRUS_COMMAND') ? img_warning().' ' : img_picto('', 'tick').' ';
463print yn(!getDolGlobalString('MAIN_ANTIVIRUS_COMMAND') ? 0 : 1);
464if (!getDolGlobalString('MAIN_ANTIVIRUS_COMMAND')) {
465 print ' - <span class="opacitymedium">'.$langs->trans("Recommended").': '.$langs->trans("DefinedAPathForAntivirusCommandIntoSetup", $langs->transnoentitiesnoconv("Home")." - ".$langs->transnoentitiesnoconv("Setup")." - ".$langs->transnoentitiesnoconv("Security")).'</span>';
466} else {
467 print ' &nbsp; - ' . getDolGlobalString('MAIN_ANTIVIRUS_COMMAND');
468 if (defined('MAIN_ANTIVIRUS_COMMAND') && !defined('MAIN_ANTIVIRUS_BYPASS_COMMAND_AND_PARAM')) {
469 print ' - <span class="opacitymedium">'.$langs->trans("ValueIsForcedBySystem").'</span>';
470 }
471}
472print '<br>';
473print '<br>';
474
475$umask = getDolGlobalString('MAIN_UMASK');
476
477print '<strong>'.$langs->trans("UMask").'</strong>: ';
478if (! in_array($umask, array('600', '660', '0600', '0660'))) {
479 print img_warning().' ';
480}
481print $umask;
482if (! in_array($umask, array('600', '660', '0600', '0660'))) {
483 print ' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 0600 | 0660)</span>';
484}
485print '<br>';
486print '<br>';
487
488
489$securityevent = new Events($db);
490$eventstolog = $securityevent->eventstolog;
491
492print '<strong>'.$langs->trans("AuditedSecurityEvents").'</strong>: ';
493$out = '';
494if (!empty($eventstolog) && is_array($eventstolog)) {
495 // Loop on each event type
496 $i = 0;
497 foreach ($eventstolog as $key => $arr) {
498 if ($arr['id']) {
499 $key = 'MAIN_LOGEVENTS_'.$arr['id'];
500 $value = getDolGlobalString($key);
501 if ($value) {
502 if ($i > 0) {
503 $out .= ', ';
504 }
505 $out .= '<span class="opacitymedium">'.$key.'</span>';
506 $i++;
507 }
508 }
509 }
510 print $out;
511}
512
513if (empty($out)) {
514 print img_warning().' '.$langs->trans("NoSecurityEventsAreAduited", $langs->transnoentities("Home").' - '.$langs->transnoentities("Setup").' - '.$langs->transnoentities("Security").' - '.$langs->transnoentities("Audit")).'<br>';
515} else {
516 $s = $langs->trans("SeeSetupPage", '{s1}'.$langs->transnoentities("Home").' - '.$langs->transnoentities("Setup").' - '.$langs->transnoentities("Security").' - '.$langs->transnoentities("Audit").'{s2}');
517 print ' - '.str_replace('{s2}', '</a>', str_replace('{s1}', '<a href="'.DOL_URL_ROOT.'/admin/events.php" target="_blank">', $s));
518}
519
520print '<br>';
521
522print '</div>';
523
524
525
526// Modules/Applications
527
528print '<br>';
529print '<br>';
530print '<br>';
531print load_fiche_titre($langs->trans("Modules"), '', 'folder');
532
533print '<div class="wordbreak">';
534
535// Module log
536print '<strong>'.$langs->trans("Syslog").'</strong>: ';
537$test = isModEnabled('syslog');
538if (!$test) {
539 print img_picto('', 'tick').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
540} else {
541 if (getDolGlobalInt('SYSLOG_LEVEL') > LOG_NOTICE) {
542 print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedWithTooHighLogLevel", $langs->transnoentities("Syslog"));
543 } else {
544 print img_picto('', 'tick').' '.$langs->trans("ModuleSyslogActivatedButLevelNotTooVerbose", $langs->transnoentities("Syslog"), getDolGlobalInt('SYSLOG_LEVEL'));
545 }
546 //print ' '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php'.'">XDebug admin page</a>';
547}
548print '<br>';
549
550print '<br>';
551
552// Module debugbar
553print '<strong>'.$langs->trans("DebugBar").'</strong>: ';
554$test = isModEnabled('debugbar');
555if (!$test) {
556 print img_picto('', 'tick').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
557} else {
558 print img_picto('', 'error').' '.$langs->trans("ModuleActivatedDoNotUseInProduction", $langs->transnoentities("DebugBar"));
559 //print ' '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php'.'">XDebug admin page</a>';
560}
561print '<br>';
562
563print '<br>';
564
565// Modules for Payments
566$test = isModEnabled('stripe');
567if ($test) {
568 print '<strong>'.$langs->trans("Stripe").'</strong>: ';
569 if (!getDolGlobalString('PAYMENT_SECURITY_TOKEN_UNIQUE')) {
570 print img_picto('', 'error').' '.$langs->trans("OptionXShouldBeEnabledInModuleY", $langs->transnoentities("SecurityTokenIsUnique"), $langs->transnoentities("Stripe"));
571 } else {
572 print img_picto('', 'tick').' '.$langs->trans("OptionXIsCorrectlyEnabledInModuleY", $langs->transnoentities("SecurityTokenIsUnique"), $langs->transnoentities("Stripe"));
573 }
574 print '<br>';
575} else {
576 $test = isModEnabled('paypal');
577 if ($test) {
578 print '<strong>'.$langs->trans("Paypal").'</strong>: ';
579 if (!getDolGlobalString('PAYMENT_SECURITY_TOKEN_UNIQUE')) {
580 print img_picto('', 'error').' '.$langs->trans("OptionXShouldBeEnabledInModuleY", $langs->transnoentities("SecurityTokenIsUnique"), $langs->transnoentities("Paypal"));
581 } else {
582 print img_picto('', 'tick').' '.$langs->trans("OptionXIsCorrectlyEnabledInModuleY", $langs->transnoentities("SecurityTokenIsUnique"), $langs->transnoentities("Paypal"));
583 }
584 print '<br>';
585 }
586}
587
588
589// APIs
590
591print '<br>';
592print '<br>';
593print '<br>';
594print load_fiche_titre($langs->trans("API"), '', 'folder');
595
596if (!isModEnabled('api') && !isModEnabled('webservices')) {
597 print $langs->trans("APIsAreNotEnabled");
598} else {
599 if (isModEnabled('webservices')) {
600 print img_picto('', 'warning').' '.$langs->trans('YouEnableDeprecatedWSAPIsUseRESTAPIsInstead')."<br>\n";
601 print '<br>';
602 }
603 if (isModEnabled('api')) {
604 print '<strong>API_ENDPOINT_RULES</strong> = '.getDolGlobalString('API_ENDPOINT_RULES', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Example").': login:0,users:0,setup:1,status:1,tickets:1,...)</span>')."<br>\n";
605 print '<br>';
606 }
607}
608
609print '</div>';
610
611
612print '<br><br>';
613print '<br>';
614
615
616print load_fiche_titre($langs->trans("OtherSetup"), '', 'folder');
617
618print '<div class="wordbreak">';
619
620print '<strong>MAIN_ALLOW_SVG_FILES_AS_IMAGES</strong> = '.getDolGlobalString('MAIN_ALLOW_SVG_FILES_AS_IMAGES', '0').' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 0)</span><br>';
621print '<br>';
622
623print '<strong>MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE</strong> = '.getDolGlobalString('MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 1)</span><br>';
624print '<br>';
625
626//print '<strong>'.$langs->trans("PasswordEncryption").'</strong>: ';
627print '<strong>MAIN_SECURITY_HASH_ALGO</strong> = '.getDolGlobalString('MAIN_SECURITY_HASH_ALGO', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>')." &nbsp; ";
628if (!getDolGlobalString('MAIN_SECURITY_HASH_ALGO')) {
629 print '<span class="opacitymedium"> &nbsp; &nbsp; If unset: \'md5\'</span>';
630}
631if (getDolGlobalString('MAIN_SECURITY_HASH_ALGO') != 'password_hash') {
632 print '<br><strong>MAIN_SECURITY_SALT</strong> = '.getDolGlobalString('MAIN_SECURITY_SALT', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').'<br>';
633} else {
634 print '<span class="opacitymedium">('.$langs->trans("Recommended").': password_hash)</span>';
635 print '<br>';
636}
637if (getDolGlobalString('MAIN_SECURITY_HASH_ALGO') != 'password_hash') {
638 print '<div class="info">The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.<br>';
639 print 'If you really want to switch, you must:<br>';
640 print '- Go on home - setup - other and add constant MAIN_SECURITY_HASH_ALGO to value \'password_hash\'<br>';
641 print '- In same session, WITHOUT LOGGING OUT, go into your admin user record and set a new password<br>';
642 print '- You can now logout and login with this new password. You must now reset password of all other users.<br>';
643 print '</div><br>';
644}
645print '<br>';
646
647print '<strong>MAIN_SECURITY_ANTI_SSRF_SERVER_IP</strong> = '.getDolGlobalString('MAIN_SECURITY_ANTI_SSRF_SERVER_IP', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span> &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': List of static IPs of server separated with coma - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)</span>')."<br>";
648print '<br>';
649
650print '<strong>MAIN_SECURITY_CSRF_WITH_TOKEN</strong> = '.getDolGlobalString('MAIN_SECURITY_CSRF_WITH_TOKEN', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 2)</span>'."<br>";
651print '<br>';
652
653print '<br>';
654print '<br>';
655
656
657print load_fiche_titre($langs->trans("OtherSetup").' ('.$langs->trans("Experimental").')', '', 'folder');
658
659print '<strong>MAIN_EXEC_USE_POPEN</strong> = ';
660if (!getDolGlobalString('MAIN_EXEC_USE_POPEN')) {
661 print '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>';
662} else {
663 print $conf->global->MAIN_EXEC_USE_POPEN;
664}
665if ($execmethod == 1) {
666 print '<span class="opacitymedium"> &nbsp; &nbsp; "exec" PHP method will be used for shell commands';
667 print ' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 1)';
668 print '</span>';
669}
670if ($execmethod == 2) {
671 print '<span class="opacitymedium"> &nbsp; &nbsp; "popen" PHP method will be used for shell commands';
672 print ' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 1)';
673 print '</span>';
674}
675print '<br>';
676print '<br>';
677
678print '<strong>MAIN_SECURITY_MAXFILESIZE_DOWNLOADED</strong> = '.getDolGlobalString('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': 100000000)</span>')."<br>";
679print '<br>';
680
681print '<strong>MAIN_RESTRICTHTML_ONLY_VALID_HTML</strong> = '.(getDolGlobalString('MAIN_RESTRICTHTML_ONLY_VALID_HTML') ? '1' : '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>');
682print ' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").": 1 - does not work on HTML5 with some old libxml libs)</span>";
683$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 0;
684$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 1;
685$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY = 0;
686$result=dol_htmlwithnojs('<img onerror<=alert(document.domain)> src=>0xbeefed');
687if ($result == 'InvalidHTMLStringCantBeCleaned') {
688 print ' &nbsp; - &nbsp; '.img_warning().' Your libxml seems to old to work correctly with this option. Disable it !';
689} else {
690 print ' &nbsp; - &nbsp; Test of compatibility with this option seems ok';
691}
692print '<br>';
693
694print '<br>';
695
696print '<strong>MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY</strong> = '.(getDolGlobalString('MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY') ? '1' : '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>');
697print ' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 1)</span> &nbsp; - &nbsp; Module "php-tidy" must be enabled (currently: '.((extension_loaded('tidy') && class_exists("tidy")) ? 'Enabled' : img_picto('', 'warning').' Not available').")";
698if (extension_loaded('tidy') && class_exists("tidy")) {
699 $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 0;
700 $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 0;
701 $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY = 1;
702 $result=dol_htmlwithnojs('<img onerror<=alert(document.domain)> src=>0xbeefed');
703 if ($result == 'InvalidHTMLStringCantBeCleaned') {
704 print ' &nbsp; - &nbsp; '.img_warning().' Your libxml seems to old to work correctly with this option. Disable it !';
705 } else {
706 print ' &nbsp; - &nbsp; Test of compatibility with this option seems ok';
707 }
708}
709print '<br>';
710
711print '<br>';
712
713print '<strong>MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES</strong> = '.(getDolGlobalString('MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES') ? '1' : '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>');
714print ' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").": 1 - does not work on HTML5 with some old libxml libs)</span><br>";
715print '<br>';
716
717// MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 1, disallow url links except if on /medias
718// MAIN_DISALLOW_URL_INTO_DESCRIPTIONS = 2, disallow all external urls link
719print '<strong>MAIN_DISALLOW_URL_INTO_DESCRIPTIONS</strong> = '.getDolGlobalString('MAIN_DISALLOW_URL_INTO_DESCRIPTIONS', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': 1=only local links allowed or 2=no links at all)</span>')."<br>";
720print '<br>';
721
722print '<strong>MAIN_ALLOW_SVG_FILES_AS_EXTERNAL_LINKS</strong> = '.getDolGlobalString('MAIN_ALLOW_SVG_FILES_AS_EXTERNAL_LINKS', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)</span>')."<br>";
723print '<br>';
724
725// MAIN_ALLOW_LOCAL_LINKS_AS_EXTERNAL_LINKS
726
727print '<strong>MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL</strong> = '.getDolGlobalString('MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)</span>')."<br>";
728print '<br>';
729
730print '<strong>MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED</strong> = '.getDolGlobalString('MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)</span>')."<br>";
731print '<br>';
732
733$examplecsprule = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
734print '<strong>MAIN_SECURITY_FORCECSPRO</strong> = '.getDolGlobalString('MAIN_SECURITY_FORCECSPRO', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").': "'.$examplecsprule.'")</span><br>';
735print '<br>';
736
737$examplecsprule = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
738print '<strong>MAIN_SECURITY_FORCECSP</strong> = '.getDolGlobalString('MAIN_SECURITY_FORCECSP', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").': "'.$examplecsprule.'")</span><br>';
739print '<br>';
740
741print '<strong>MAIN_SECURITY_FORCERP</strong> = '.getDolGlobalString('MAIN_SECURITY_FORCERP', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"strict-origin-when-cross-origin\" so browser doesn't send any referrer when going into another web site domain)</span><br>";
742print '<br>';
743
744print '<strong>MAIN_SECURITY_FORCE_ACCESS_CONTROL_ALLOW_ORIGIN</strong> = '.getDolGlobalString('MAIN_SECURITY_FORCE_ACCESS_CONTROL_ALLOW_ORIGIN', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").": 1)</span><br>";
745print '<br>';
746
747// For websites
748
749print '<strong>WEBSITE_MAIN_SECURITY_FORCECSPRO</strong> = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSPRO', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>');
750print ' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").': "';
751$examplecsprule = "default-src 'self' 'unsafe-inline' matomo.".getDomainFromURL($_SERVER["SERVER_NAME"], 1)." *.transifex.net *.transifex.com *.cloudflare.com *.cloudflareinsights.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.googleadservices.com *.ads-twitter.com *.doubleclick.net; frame-ancestors 'self'; object-src https://youtube.com; frame-src 'self' https://youtube.com; img-src * data:;";
752print $examplecsprule;
753print '")</span><br>';
754print '<br>';
755
756print '<strong>WEBSITE_MAIN_SECURITY_FORCECSP</strong> = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSP', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>');
757print ' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").': "';
758$examplecsprule = "default-src 'self' 'unsafe-inline' matomo.".getDomainFromURL($_SERVER["SERVER_NAME"], 1)." *.transifex.net *.transifex.com *.cloudflare.com *.cloudflareinsights.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.googleadservices.com *.ads-twitter.com *.doubleclick.net; frame-ancestors 'self'; object-src https://youtube.com; frame-src 'self' https://youtube.com; img-src * data:;";
759print $examplecsprule;
760print '")</span><br>';
761print '<br>';
762
763print '<strong>WEBSITE_MAIN_SECURITY_FORCERP</strong> = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCERP', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").'="strict-origin-when-cross-origin" '.$langs->trans("or").' "same-origin"=more secured)</span><br>';
764print '<br>';
765
766print '<strong>WEBSITE_MAIN_SECURITY_FORCESTS</strong> = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCESTS', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"max-age=31536000; includeSubDomains\")</span><br>";
767print '<br>';
768
769print '<strong>WEBSITE_MAIN_SECURITY_FORCEPP</strong> = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCEPP', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"camera=(), microphone=(), geolocation=*\")</span><br>";
770print '<br>';
771
772
773print '</div>';
774
775
776print '<br>';
777
778
779print load_fiche_titre($langs->trans("LimitsAndMitigation"), '', 'folder');
780
781print '<div class="wordbreak">';
782
783print '<span class="opacitymedium">';
784print $langs->trans("RecommendMitigationOnURL").'<br>';
785print '</span>';
786
787print '<br>';
788$urlexamplebase = 'https://github.com/Dolibarr/dolibarr/blob/develop/dev/setup/fail2ban/filter.d/';
789print '<span class="fas fa-shield-alt"></span> Login or API authentication (see <a target="_blank" rel="noopener" href="'.$urlexamplebase.'web-dolibarr-rulesbruteforce.conf">fail2ban example on GitHub</a>)<br>';
790print '<span class="fas fa-shield-alt"></span> '.DOL_URL_ROOT.'/passwordforgotten.php (see <a target="_blank" rel="noopener" href="'.$urlexamplebase.'web-dolibarr-rulespassforgotten.conf">fail2ban example on GitHub</a>)<br>';
791print '<span class="fas fa-shield-alt"></span> '.DOL_URL_ROOT.'/public/* (see <a target="_blank" rel="noopener" href="'.$urlexamplebase.'web-dolibarr-limitpublic.conf">fail2ban example on GitHub</a>)<br>';
792print '<br>';
793$urlexamplebase = 'https://github.com/Dolibarr/dolibarr/blob/develop/dev/setup/apache/';
794print '<span class="fas fa-shield-alt"></span> You can also protect the application using a HTTP Basic authentication layer (see <a target="_blank" rel="noopener" href="'.$urlexamplebase.'virtualhost">apache2 virtualhost example on GitHub</a>)<br>';
795
796print '</div>';
797
798// End of page
799llxFooter();
800$db->close();
if(!defined('NOREQUIRESOC')) if(!defined( 'NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined( 'NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined( 'NOREQUIREAJAX')) llxHeader()
Empty header.
Definition wrapper.php:55
llxFooter()
Empty footer.
Definition wrapper.php:69
Events class.
Class to manage generation of HTML components Only common components must be here.
dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0, $nbsecondsold=0)
Scan a directory and return a list of files/directories.
Definition files.lib.php:62
version_php()
Return PHP version.
load_fiche_titre($titre, $morehtmlright='', $picto='generic', $pictoisfullpath=0, $id='', $morecssontable='', $morehtmlcenter='')
Load a title with picto.
img_warning($titlealt='default', $moreatt='', $morecss='pictowarning')
Show warning logo.
yn($yesno, $case=1, $color=0)
Return yes or no in current language.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=false, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox=0, $check='restricthtml')
Sanitize a HTML to remove js, dangerous content and external link.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_getwebuser($mode)
Return user/group account of web server.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.