[2222] | 1 | <?php |
---|
| 2 | /**************************************************************************\ |
---|
| 3 | * eGroupWare * |
---|
| 4 | * http://www.egroupware.org * |
---|
| 5 | * -------------------------------------------- * |
---|
| 6 | * This program is free software; you can redistribute it and/or modify it * |
---|
| 7 | * under the terms of the GNU General Public License as published by the * |
---|
| 8 | * Free Software Foundation; either version 2 of the License, or (at your * |
---|
| 9 | * option) any later version. * |
---|
| 10 | \**************************************************************************/ |
---|
| 11 | |
---|
| 12 | /** |
---|
| 13 | * Security class for Workflow module. |
---|
| 14 | * You should never forget to call 'enable' |
---|
| 15 | * public method to enable security before |
---|
| 16 | * executing process code. |
---|
| 17 | * |
---|
[2249] | 18 | * @package Security |
---|
[2222] | 19 | * @license http://www.gnu.org/copyleft/gpl.html GPL |
---|
| 20 | * @author Pedro Eugênio Rocha - pedro.eugenio.rocha@gmail.com |
---|
| 21 | */ |
---|
| 22 | class Security { |
---|
| 23 | |
---|
| 24 | /** |
---|
| 25 | * @var boolean $_protection Stores the current security mode. |
---|
| 26 | * @access private |
---|
| 27 | * @static |
---|
| 28 | */ |
---|
| 29 | private static $_protection = false; |
---|
| 30 | |
---|
| 31 | |
---|
| 32 | /** |
---|
| 33 | * Disallow the instantiation of this class. |
---|
| 34 | * @access public |
---|
| 35 | * @return void |
---|
| 36 | */ |
---|
| 37 | public function __construct() { |
---|
| 38 | throw new Exception("Oops! Static only class."); |
---|
| 39 | } |
---|
| 40 | |
---|
| 41 | |
---|
| 42 | /** |
---|
| 43 | * Returns the current security mode. |
---|
| 44 | * @access public |
---|
[2258] | 45 | * @return boolean |
---|
[2249] | 46 | * @static |
---|
[2222] | 47 | */ |
---|
| 48 | public static function isEnabled() { |
---|
| 49 | return self::$_protection; |
---|
| 50 | } |
---|
| 51 | |
---|
| 52 | |
---|
| 53 | /** |
---|
| 54 | * Change to secured mode. |
---|
| 55 | * @access public |
---|
| 56 | * @return boolean |
---|
| 57 | * @static |
---|
| 58 | */ |
---|
| 59 | public static function enable() { |
---|
| 60 | |
---|
[2249] | 61 | if (self::isSafeDir()) |
---|
[2222] | 62 | self::$_protection = true; |
---|
| 63 | else |
---|
[2249] | 64 | throw new Exception('You are not allowed to change the security mode.'); |
---|
[2222] | 65 | return true; |
---|
| 66 | } |
---|
| 67 | |
---|
| 68 | /** |
---|
| 69 | * Change to unsecured mode. |
---|
| 70 | * @access public |
---|
| 71 | * @return boolean |
---|
| 72 | * @static |
---|
| 73 | */ |
---|
| 74 | public static function disable() { |
---|
| 75 | |
---|
[2249] | 76 | if (self::isSafeDir()) |
---|
[2222] | 77 | self::$_protection = false; |
---|
| 78 | else |
---|
[2249] | 79 | throw new Exception('You are not allowed to change the security mode.'); |
---|
[2222] | 80 | return true; |
---|
| 81 | } |
---|
| 82 | |
---|
| 83 | |
---|
| 84 | /** |
---|
[2249] | 85 | * Implements the security validation. |
---|
| 86 | * This function tell us if a fileName is on a safe directory. |
---|
| 87 | * For safe dir we mean that no process code exists under it. |
---|
| 88 | * The 'depth' parameter specifies the deepness of the file that |
---|
[2258] | 89 | * we are validating. Default value is to validate the imediate |
---|
[2249] | 90 | * previous function. |
---|
| 91 | * |
---|
[2291] | 92 | * @param integer $depth The deepness of the fileName in backtrace. |
---|
[2249] | 93 | * @access public |
---|
| 94 | * @return boolean |
---|
| 95 | * @static |
---|
| 96 | */ |
---|
| 97 | public static function isSafeDir($depth = 1) { |
---|
| 98 | |
---|
| 99 | /* our backtrace based policy */ |
---|
| 100 | $backtrace = debug_backtrace(); |
---|
| 101 | $originFile = $backtrace[$depth]['file']; |
---|
| 102 | |
---|
| 103 | if (empty($originFile)) |
---|
| 104 | return false; |
---|
| 105 | |
---|
| 106 | /* if $fileName is a file under our server root, then it's safe. */ |
---|
| 107 | if (substr_compare($originFile, EGW_SERVER_ROOT, 0, strlen(EGW_SERVER_ROOT)) == 0) |
---|
| 108 | return true; |
---|
| 109 | return false; |
---|
| 110 | } |
---|
[2222] | 111 | } |
---|
| 112 | ?> |
---|