[795] | 1 | <?php |
---|
| 2 | /**************************************************************************\ |
---|
| 3 | * eGroupWare * |
---|
| 4 | * http://www.egroupware.org * |
---|
| 5 | * -------------------------------------------- * |
---|
| 6 | * This program is free software; you can redistribute it and/or modify it * |
---|
| 7 | * under the terms of the GNU General Public License as published by the * |
---|
| 8 | * Free Software Foundation; either version 2 of the License, or (at your * |
---|
| 9 | * option) any later version. * |
---|
| 10 | \**************************************************************************/ |
---|
| 11 | |
---|
| 12 | require_once 'common.inc.php'; |
---|
| 13 | |
---|
| 14 | /** |
---|
| 15 | * Classe utilizada para melhorar a segurança do módulo ao se executar código dos processos |
---|
| 16 | * @author Sidnei Augusto Drovetto Jr. - drovetto@gmail.com |
---|
| 17 | * @version 1.0 |
---|
| 18 | * @package Workflow |
---|
| 19 | * @license http://www.gnu.org/copyleft/gpl.html GPL |
---|
| 20 | */ |
---|
| 21 | class WorkflowSecurity |
---|
| 22 | { |
---|
| 23 | /** |
---|
| 24 | * Construtor da classe |
---|
| 25 | * @return object |
---|
| 26 | * @access public |
---|
| 27 | */ |
---|
| 28 | public function WorkflowSecurity() |
---|
| 29 | { |
---|
| 30 | } |
---|
| 31 | |
---|
| 32 | /** |
---|
| 33 | * Aplica as diretivas de segurança do módulo |
---|
| 34 | * @return void |
---|
| 35 | * @access public |
---|
| 36 | */ |
---|
| 37 | public function enableSecurityPolicy() |
---|
| 38 | { |
---|
| 39 | $this->ensureEnvironmentProperWorking(); |
---|
| 40 | WorkflowWatcher::workflowWatcherEnableSecurity(); |
---|
| 41 | $this->protectDatabaseObjects(); |
---|
| 42 | $this->removeSensitiveInformation(); |
---|
| 43 | } |
---|
| 44 | |
---|
| 45 | /** |
---|
| 46 | * Garante que o ambiente funcionará corretamente após a ativação da segurança |
---|
| 47 | * @return void |
---|
| 48 | * @access private |
---|
| 49 | */ |
---|
| 50 | private function ensureEnvironmentProperWorking() |
---|
| 51 | { |
---|
| 52 | /* garante que o objeto de DataBase do Expresso estará disponível */ |
---|
[2591] | 53 | Factory::getInstance('WorkflowObjects')->getDBExpresso(); |
---|
[795] | 54 | } |
---|
| 55 | |
---|
| 56 | /** |
---|
| 57 | * Protege os objetos de banco de dados (classe DB) conhecidos e que estão na $GLOBALS |
---|
| 58 | * @return void |
---|
| 59 | * @access public |
---|
| 60 | */ |
---|
| 61 | public function protectDatabaseObjects() |
---|
| 62 | { |
---|
| 63 | $variables = array(); |
---|
| 64 | $variables[] = &$GLOBALS['phpgw']->accounts->db; |
---|
| 65 | $variables[] = &$GLOBALS['phpgw']->applications->db; |
---|
| 66 | $variables[] = &$GLOBALS['phpgw']->acl->db; |
---|
| 67 | $variables[] = &$GLOBALS['phpgw']->hooks->db; |
---|
| 68 | $variables[] = &$GLOBALS['phpgw']->preferences->db; |
---|
| 69 | $variables[] = &$GLOBALS['phpgw']->session->db; |
---|
| 70 | $variables[] = &$GLOBALS['phpgw']->translation->db; |
---|
| 71 | $variables[] = &$GLOBALS['run_activity']->categories->db; |
---|
| 72 | $variables[] = &$GLOBALS['run_activity']->categories->db2; |
---|
| 73 | $variables[] = &$GLOBALS['phpgw']->db; |
---|
| 74 | foreach ($variables as &$variable) |
---|
| 75 | { |
---|
| 76 | if (is_null($variable) || (get_class($variable) !== 'db')) |
---|
| 77 | continue; |
---|
| 78 | $this->removeSensitiveInformationFromDatabaseObject($variable); |
---|
[2591] | 79 | $variable = Factory::newInstance('WorkflowWatcher', $variable); |
---|
[795] | 80 | } |
---|
| 81 | } |
---|
| 82 | |
---|
| 83 | /** |
---|
| 84 | * Remove informações sensíveis de variáveis que o código dos processos pode acessar ($GLOBALS e $_SESSION) |
---|
| 85 | * @return void |
---|
| 86 | * @access public |
---|
| 87 | */ |
---|
| 88 | public function removeSensitiveInformation() |
---|
| 89 | { |
---|
| 90 | unset( |
---|
| 91 | $GLOBALS['phpgw_info']['server']['db_host'], |
---|
| 92 | $GLOBALS['phpgw_info']['server']['db_port'], |
---|
| 93 | $GLOBALS['phpgw_info']['server']['db_name'], |
---|
| 94 | $GLOBALS['phpgw_info']['server']['db_user'], |
---|
| 95 | $GLOBALS['phpgw_info']['server']['db_pass'], |
---|
| 96 | $GLOBALS['phpgw_info']['server']['db_type'], |
---|
| 97 | |
---|
| 98 | $_SESSION['phpgw_info']['workflow']['server']['db_host'], |
---|
| 99 | $_SESSION['phpgw_info']['workflow']['server']['db_port'], |
---|
| 100 | $_SESSION['phpgw_info']['workflow']['server']['db_name'], |
---|
| 101 | $_SESSION['phpgw_info']['workflow']['server']['db_user'], |
---|
| 102 | $_SESSION['phpgw_info']['workflow']['server']['db_pass'], |
---|
| 103 | $_SESSION['phpgw_info']['workflow']['server']['db_type'], |
---|
| 104 | |
---|
| 105 | $_SESSION['phpgw_info']['expressomail']['server']['db_host'], |
---|
| 106 | $_SESSION['phpgw_info']['expressomail']['server']['db_port'], |
---|
| 107 | $_SESSION['phpgw_info']['expressomail']['server']['db_name'], |
---|
| 108 | $_SESSION['phpgw_info']['expressomail']['server']['db_user'], |
---|
| 109 | $_SESSION['phpgw_info']['expressomail']['server']['db_pass'], |
---|
| 110 | $_SESSION['phpgw_info']['expressomail']['server']['db_type'], |
---|
| 111 | |
---|
| 112 | $GLOBALS['phpgw_domain']['default'] |
---|
| 113 | ); |
---|
| 114 | } |
---|
| 115 | |
---|
| 116 | /** |
---|
| 117 | * Remove informações de objetos de banco de dados |
---|
| 118 | * @return void |
---|
| 119 | * @access public |
---|
| 120 | */ |
---|
| 121 | public function removeSensitiveInformationFromDatabaseObject(&$object) |
---|
| 122 | { |
---|
| 123 | $object->User = ''; |
---|
| 124 | $object->Password = ''; |
---|
| 125 | $object->Database = ''; |
---|
| 126 | $object->Port = ''; |
---|
| 127 | $object->Host = ''; |
---|
| 128 | $object->Link_ID->host = ''; |
---|
| 129 | } |
---|
| 130 | } |
---|
| 131 | ?> |
---|