1 | <?php |
---|
2 | /**************************************************************************\ |
---|
3 | * eGroupWare * |
---|
4 | * http://www.egroupware.org * |
---|
5 | * -------------------------------------------- * |
---|
6 | * This program is free software; you can redistribute it and/or modify it * |
---|
7 | * under the terms of the GNU General Public License as published by the * |
---|
8 | * Free Software Foundation; either version 2 of the License, or (at your * |
---|
9 | * option) any later version. * |
---|
10 | \**************************************************************************/ |
---|
11 | |
---|
12 | require_once 'common.inc.php'; |
---|
13 | |
---|
14 | /** |
---|
15 | * Classe utilizada para melhorar a segurança do módulo ao se executar código dos processos |
---|
16 | * @author Sidnei Augusto Drovetto Jr. - drovetto@gmail.com |
---|
17 | * @version 1.0 |
---|
18 | * @package Workflow |
---|
19 | * @license http://www.gnu.org/copyleft/gpl.html GPL |
---|
20 | */ |
---|
21 | class WorkflowSecurity |
---|
22 | { |
---|
23 | /** |
---|
24 | * Construtor da classe |
---|
25 | * @return object |
---|
26 | * @access public |
---|
27 | */ |
---|
28 | public function WorkflowSecurity() |
---|
29 | { |
---|
30 | } |
---|
31 | |
---|
32 | /** |
---|
33 | * Aplica as diretivas de segurança do módulo |
---|
34 | * @return void |
---|
35 | * @access public |
---|
36 | */ |
---|
37 | public function enableSecurityPolicy() |
---|
38 | { |
---|
39 | $this->ensureEnvironmentProperWorking(); |
---|
40 | WorkflowWatcher::workflowWatcherEnableSecurity(); |
---|
41 | $this->protectDatabaseObjects(); |
---|
42 | $this->removeSensitiveInformation(); |
---|
43 | } |
---|
44 | |
---|
45 | /** |
---|
46 | * Garante que o ambiente funcionará corretamente após a ativação da segurança |
---|
47 | * @return void |
---|
48 | * @access private |
---|
49 | */ |
---|
50 | private function ensureEnvironmentProperWorking() |
---|
51 | { |
---|
52 | /* garante que o objeto de DataBase do Expresso estará disponível */ |
---|
53 | Factory::getInstance('WorkflowObjects')->getDBExpresso(); |
---|
54 | } |
---|
55 | |
---|
56 | /** |
---|
57 | * Protege os objetos de banco de dados (classe DB) conhecidos e que estão na $GLOBALS |
---|
58 | * @return void |
---|
59 | * @access public |
---|
60 | */ |
---|
61 | public function protectDatabaseObjects() |
---|
62 | { |
---|
63 | $variables = array(); |
---|
64 | $variables[] = &$GLOBALS['phpgw']->accounts->db; |
---|
65 | $variables[] = &$GLOBALS['phpgw']->applications->db; |
---|
66 | $variables[] = &$GLOBALS['phpgw']->acl->db; |
---|
67 | $variables[] = &$GLOBALS['phpgw']->hooks->db; |
---|
68 | $variables[] = &$GLOBALS['phpgw']->preferences->db; |
---|
69 | $variables[] = &$GLOBALS['phpgw']->session->db; |
---|
70 | $variables[] = &$GLOBALS['phpgw']->translation->db; |
---|
71 | $variables[] = &$GLOBALS['run_activity']->categories->db; |
---|
72 | $variables[] = &$GLOBALS['run_activity']->categories->db2; |
---|
73 | $variables[] = &$GLOBALS['phpgw']->db; |
---|
74 | foreach ($variables as &$variable) |
---|
75 | { |
---|
76 | if (is_null($variable) || (get_class($variable) !== 'db')) |
---|
77 | continue; |
---|
78 | $this->removeSensitiveInformationFromDatabaseObject($variable); |
---|
79 | $variable = Factory::newInstance('WorkflowWatcher', $variable); |
---|
80 | } |
---|
81 | } |
---|
82 | |
---|
83 | /** |
---|
84 | * Remove informações sensíveis de variáveis que o código dos processos pode acessar ($GLOBALS e $_SESSION) |
---|
85 | * @return void |
---|
86 | * @access public |
---|
87 | */ |
---|
88 | public function removeSensitiveInformation() |
---|
89 | { |
---|
90 | unset( |
---|
91 | $GLOBALS['phpgw_info']['server']['db_host'], |
---|
92 | $GLOBALS['phpgw_info']['server']['db_port'], |
---|
93 | $GLOBALS['phpgw_info']['server']['db_name'], |
---|
94 | $GLOBALS['phpgw_info']['server']['db_user'], |
---|
95 | $GLOBALS['phpgw_info']['server']['db_pass'], |
---|
96 | $GLOBALS['phpgw_info']['server']['db_type'], |
---|
97 | |
---|
98 | $_SESSION['phpgw_info']['workflow']['server']['db_host'], |
---|
99 | $_SESSION['phpgw_info']['workflow']['server']['db_port'], |
---|
100 | $_SESSION['phpgw_info']['workflow']['server']['db_name'], |
---|
101 | $_SESSION['phpgw_info']['workflow']['server']['db_user'], |
---|
102 | $_SESSION['phpgw_info']['workflow']['server']['db_pass'], |
---|
103 | $_SESSION['phpgw_info']['workflow']['server']['db_type'], |
---|
104 | |
---|
105 | $_SESSION['phpgw_info']['expressomail']['server']['db_host'], |
---|
106 | $_SESSION['phpgw_info']['expressomail']['server']['db_port'], |
---|
107 | $_SESSION['phpgw_info']['expressomail']['server']['db_name'], |
---|
108 | $_SESSION['phpgw_info']['expressomail']['server']['db_user'], |
---|
109 | $_SESSION['phpgw_info']['expressomail']['server']['db_pass'], |
---|
110 | $_SESSION['phpgw_info']['expressomail']['server']['db_type'], |
---|
111 | |
---|
112 | $GLOBALS['phpgw_domain']['default'] |
---|
113 | ); |
---|
114 | } |
---|
115 | |
---|
116 | /** |
---|
117 | * Remove informações de objetos de banco de dados |
---|
118 | * @return void |
---|
119 | * @access public |
---|
120 | */ |
---|
121 | public function removeSensitiveInformationFromDatabaseObject(&$object) |
---|
122 | { |
---|
123 | $object->User = ''; |
---|
124 | $object->Password = ''; |
---|
125 | $object->Database = ''; |
---|
126 | $object->Port = ''; |
---|
127 | $object->Host = ''; |
---|
128 | $object->Link_ID->host = ''; |
---|
129 | } |
---|
130 | } |
---|
131 | ?> |
---|