1 | <?php |
---|
2 | /**************************************************************************\ |
---|
3 | * eGroupWare * |
---|
4 | * http://www.egroupware.org * |
---|
5 | * -------------------------------------------- * |
---|
6 | * This program is free software; you can redistribute it and/or modify it * |
---|
7 | * under the terms of the GNU General Public License as published by the * |
---|
8 | * Free Software Foundation; either version 2 of the License, or (at your * |
---|
9 | * option) any later version. * |
---|
10 | \**************************************************************************/ |
---|
11 | |
---|
12 | /** |
---|
13 | * Security class for Workflow module. |
---|
14 | * You should never forget to call 'enable' |
---|
15 | * public method to enable security before |
---|
16 | * executing process code. |
---|
17 | * |
---|
18 | * @package Security |
---|
19 | * @license http://www.gnu.org/copyleft/gpl.html GPL |
---|
20 | * @author Pedro Eugênio Rocha - pedro.eugenio.rocha@gmail.com |
---|
21 | */ |
---|
22 | class Security { |
---|
23 | |
---|
24 | /** |
---|
25 | * @var boolean $_protection Stores the current security mode. |
---|
26 | * @access private |
---|
27 | * @static |
---|
28 | */ |
---|
29 | private static $_protection = false; |
---|
30 | |
---|
31 | |
---|
32 | /** |
---|
33 | * Disallow the instantiation of this class. |
---|
34 | * @access public |
---|
35 | * @return void |
---|
36 | */ |
---|
37 | public function __construct() { |
---|
38 | throw new Exception("Oops! Static only class."); |
---|
39 | } |
---|
40 | |
---|
41 | |
---|
42 | /** |
---|
43 | * Returns the current security mode. |
---|
44 | * @access public |
---|
45 | * @return boolean |
---|
46 | * @static |
---|
47 | */ |
---|
48 | public static function isEnabled() { |
---|
49 | return self::$_protection; |
---|
50 | } |
---|
51 | |
---|
52 | |
---|
53 | /** |
---|
54 | * Change to secured mode. |
---|
55 | * @access public |
---|
56 | * @return boolean |
---|
57 | * @static |
---|
58 | */ |
---|
59 | public static function enable() { |
---|
60 | |
---|
61 | if (self::isSafeDir()) |
---|
62 | self::$_protection = true; |
---|
63 | else |
---|
64 | throw new Exception('You are not allowed to change the security mode.'); |
---|
65 | return true; |
---|
66 | } |
---|
67 | |
---|
68 | /** |
---|
69 | * Change to unsecured mode. |
---|
70 | * @access public |
---|
71 | * @return boolean |
---|
72 | * @static |
---|
73 | */ |
---|
74 | public static function disable() { |
---|
75 | |
---|
76 | if (self::isSafeDir()) |
---|
77 | self::$_protection = false; |
---|
78 | else |
---|
79 | throw new Exception('You are not allowed to change the security mode.'); |
---|
80 | return true; |
---|
81 | } |
---|
82 | |
---|
83 | |
---|
84 | /** |
---|
85 | * Implements the security validation. |
---|
86 | * This function tell us if a fileName is on a safe directory. |
---|
87 | * For safe dir we mean that no process code exists under it. |
---|
88 | * The 'depth' parameter specifies the deepness of the file that |
---|
89 | * we are validating. Default value is to validate the imediate |
---|
90 | * previous function. |
---|
91 | * |
---|
92 | * @param integer $depth The deepness of the fileName in backtrace. |
---|
93 | * @access public |
---|
94 | * @return boolean |
---|
95 | * @static |
---|
96 | */ |
---|
97 | public static function isSafeDir($depth = 1) { |
---|
98 | |
---|
99 | /* our backtrace based policy */ |
---|
100 | $backtrace = debug_backtrace(); |
---|
101 | $originFile = $backtrace[$depth]['file']; |
---|
102 | |
---|
103 | if (empty($originFile)) |
---|
104 | return false; |
---|
105 | |
---|
106 | /* if $fileName is a file under our server root, then it's safe. */ |
---|
107 | if (substr_compare($originFile, EGW_SERVER_ROOT, 0, strlen(EGW_SERVER_ROOT)) == 0) |
---|
108 | return true; |
---|
109 | return false; |
---|
110 | } |
---|
111 | } |
---|
112 | ?> |
---|