Commit 0211370e authored by Carsten  Rose's avatar Carsten Rose

Merge branch 'F9959UpdateQFQExtConfig' into 'develop'

F9959 update qfq ext config

See merge request !247
parents a7ec8a91 392b3b32
Pipeline #3209 passed with stages
in 3 minutes and 34 seconds
......@@ -1363,15 +1363,15 @@ The following `escape` & `action` types are available:
+=======+==================================================================================================================================+
| c | Config - the escape type configured in `configuration`_. |
+-------+----------------------------------------------------------------------------------------------------------------------------------+
| C | Colon ':' will be escaped against \\: |
| C | Colon ``:`` will be escaped by ``\:`` |
+-------+----------------------------------------------------------------------------------------------------------------------------------+
| d | Double ticks " will be escaped against \\\". |
| d | Double ticks ``"`` will be escaped by ``\"``. |
+-------+----------------------------------------------------------------------------------------------------------------------------------+
| l | LDAP search filter values: `ldap-escape() <http://php.net/manual/en/function.ldap-escape.php>`_ (LDAP_ESCAPE_FILTER). |
+-------+----------------------------------------------------------------------------------------------------------------------------------+
| L | LDAP DN values. `ldap-escape() <http://php.net/manual/en/function.ldap-escape.php>`_ (LDAP_ESCAPE_DN). |
+-------+----------------------------------------------------------------------------------------------------------------------------------+
| s | Single ticks ' will be escaped against \\\'. |
| s | Single ticks ``'`` will be escaped by ``\'``. |
+-------+----------------------------------------------------------------------------------------------------------------------------------+
| S | Stop replace. If the replaced value contains nested variables, they won't be replaced. |
+-------+----------------------------------------------------------------------------------------------------------------------------------+
......
......@@ -516,6 +516,10 @@ const SYSTEM_REDIRECT_ALL_MAIL_TO = 'redirectAllMailTo';
const SYSTEM_THROW_GENERAL_ERROR = 'throwExceptionGeneralError';
const SYSTEM_FLAG_PRODUCTION = 'flagProduction';
const SYSTEM_RENDER = 'render';
const SYSTEM_RENDER_SINGLE = 'single';
const SYSTEM_RENDER_BOTH = 'both';
const SYSTEM_RENDER_API = 'api';
const SYSTEM_SHOW_DEBUG_INFO = 'showDebugInfo';
const SYSTEM_SHOW_DEBUG_INFO_YES = 'yes';
......
......@@ -10,6 +10,7 @@ namespace IMATHUZH\Qfq\Core\Database;
use IMATHUZH\Qfq\Core\Helper\Logger;
use IMATHUZH\Qfq\Core\Store\Store;
use IMATHUZH\Qfq\Core\Typo3\T3Handler;
/*
......@@ -129,14 +130,17 @@ class DatabaseUpdate {
*/
public function checkNupdate($dbUpdate) {
if ($dbUpdate === SYSTEM_DB_UPDATE_NEVER) {
return;
}
$new = $this->getExtensionVersion();
$versionInfo = $this->getDatabaseVersion();
$old = $versionInfo[QFQ_VERSION_KEY] ?? false;
$this->checkT3QfqConfig($old, $new);
if ($dbUpdate === SYSTEM_DB_UPDATE_NEVER) {
return;
}
if ($dbUpdate === SYSTEM_DB_UPDATE_ALWAYS || ($dbUpdate === SYSTEM_DB_UPDATE_AUTO && $new != $old)) {
$newFunctionHash = $this->updateSqlFunctions($versionInfo[QFQ_VERSION_KEY_FUNCTION_HASH] ?? '');
......@@ -167,6 +171,23 @@ class DatabaseUpdate {
}
/**
* Check Typo3 config if values needs to be updated.
* This is typically necessary if default config values change, to guarantee existing installations behave in legacy mode.
*
* @param $old
* @param $new
*/
private function checkT3QfqConfig($old, $new) {
if ($new == $old) {
return;
}
if (version_compare($old, '20.2.0') == -1) {
T3Handler::updateT3QfqConfig(SYSTEM_RENDER, SYSTEM_RENDER_BOTH); //Legacy behaviour.
}
}
/**
* Check if there are special columns without prepended underscore in the QFQ application. If yes, then throw an error.
* A link is provided to automatically prepend all found special columns. And another link to skip the auto-replacement.
......
......@@ -16,7 +16,7 @@ use IMATHUZH\Qfq\Core\Report\Link;
use IMATHUZH\Qfq\Core\Report\Tablesorter;
use IMATHUZH\Qfq\Core\Store\Sip;
use IMATHUZH\Qfq\Core\Store\Store;
use IMATHUZH\Qfq\Core\Typo3\Password;
use IMATHUZH\Qfq\Core\Typo3\T3Handler;
const EVALUATE_DB_INDEX_DEFAULT = 0;
......@@ -423,7 +423,7 @@ class Evaluate {
case TOKEN_ESCAPE_NONE: // do nothing
break;
case TOKEN_ESCAPE_PASSWORD_T3FE:
$value = Password::getHash($value);
$value = T3Handler::getHash($value);
break;
case TOKEN_ESCAPE_STOP_REPLACE:
$value = Support::encryptDoubleCurlyBraces($value);
......
......@@ -1572,4 +1572,12 @@ class Support {
return $formModeGlobal;
}
/**
* Set QFQ Error Handler.
* Should not be active if T3 code runs.
*/
public static function setQfqErrorHandler() {
set_error_handler("\\IMATHUZH\\Qfq\\Core\\Exception\\ErrorHandler::exception_error_handler");
}
}
\ No newline at end of file
......@@ -27,6 +27,7 @@ use IMATHUZH\Qfq\Core\Store\FillStoreForm;
use IMATHUZH\Qfq\Core\Store\Session;
use IMATHUZH\Qfq\Core\Store\Sip;
use IMATHUZH\Qfq\Core\Store\Store;
use IMATHUZH\Qfq\Core\Typo3\T3Handler;
/*
* Form will be called
......@@ -129,7 +130,8 @@ class QuickFormQuery {
// Refresh the session even if no new data saved.
Session::set(SESSION_LAST_ACTIVITY, time());
set_error_handler("\\IMATHUZH\\Qfq\\Core\\Exception\\ErrorHandler::exception_error_handler");
Support::setQfqErrorHandler();
// PHPExcel
set_include_path(get_include_path() . PATH_SEPARATOR . '../../Resources/Private/Classes/');
......
......@@ -189,7 +189,6 @@ class Config {
}
}
/**
* Check for attack
*
......
......@@ -8,8 +8,8 @@
namespace IMATHUZH\Qfq\Core\Store;
use IMATHUZH\Qfq\Core\Typo3\Misc;
use IMATHUZH\Qfq\Core\Typo3\T3Handler;
/**
......@@ -322,7 +322,7 @@ class Session
if (time() - self::$lastActivity > $timeout) {
Misc::feLogOff();
T3Handler::feLogOff();
self::destroy();
}
}
......
<?php
/**
* Created by PhpStorm.
* User: crose
* Date: 16.02.19
* Time: 18:44
*/
namespace IMATHUZH\Qfq\Core\Typo3;
/**
* Class Misc
* @package IMATHUZH\Qfq\Core\Typo3
*/
class Misc
{
public static function feLogOff() {
$GLOBALS['TSFE']->fe_user->logoff();
}
}
\ No newline at end of file
......@@ -2,17 +2,40 @@
/**
* Created by PhpStorm.
* User: crose
* Date: 2/1/19
* Time: 10:31 PM
* Date: 2/2/20
* Time: 9:02 AM
*/
namespace IMATHUZH\Qfq\Core\Typo3;
use IMATHUZH\Qfq\Core\Helper\Support;
/**
* Class FePassword
* @package qfq
* Class T3Handler
* @package IMATHUZH\Qfq\Core\Typo3
*/
class Password {
class T3Handler {
/**
* @var
*/
private static $objectManager = null;
/**
* Call logoff of current FE User
*/
public static function feLogOff() {
// Restore T3 ErrorHandler. T3 throws exceptions - those should be handled by T3!
restore_error_handler();
$GLOBALS['TSFE']->fe_user->logoff();
// Activate QFQ ErrorHandler again.
Support::setQfqErrorHandler();
}
/**
* Based on https://docs.typo3.org/typo3cms/extensions/saltedpasswords/8.7/DevelopersGuide/Index.html
......@@ -23,6 +46,9 @@ class Password {
*/
public static function getHash($newPassword) {
// Restore T3 ErrorHandler. T3 throws exceptions - those should be handled by T3!
restore_error_handler();
$saltedPassword = md5($newPassword); // Use md5 as fallback
self::t3AutoloadIfNotRunning();
if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
......@@ -31,6 +57,10 @@ class Password {
$saltedPassword = $objSalt->getHashedPassword($newPassword);
}
}
// Activate QFQ ErrorHandler again.
Support::setQfqErrorHandler();
return $saltedPassword;
}
......@@ -44,6 +74,9 @@ class Password {
*/
public static function checkPassword($saltedPassword, $password) {
// Restore T3 ErrorHandler. T3 throws exceptions - those should be handled by T3!
restore_error_handler();
self::t3AutoloadIfNotRunning();
$success = FALSE;
if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
......@@ -52,6 +85,10 @@ class Password {
$success = $objSalt2->checkPassword($password, $saltedPassword);
}
}
// Activate QFQ ErrorHandler again.
Support::setQfqErrorHandler();
return $success;
}
......@@ -75,4 +112,41 @@ class Password {
}
}
}
/**
* Update a single key/value pair in `typo3conf/LocalConfiguration.php` QFQ config.
*
* @param $key
* @param $value
*/
public static function updateT3QfqConfig($key, $value) {
if (defined('PHPUNIT_QFQ')) {
// There is no typo3conf/LocalConfiguration.php in phpunit.
return;
}
// Restore T3 ErrorHandler. T3 throws exceptions - those should be handled by T3!
restore_error_handler();
self::t3AutoloadIfNotRunning();
$configurationManager = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Configuration\\ConfigurationManager');
// Same as $GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['qfq']
$configT3 = $configurationManager->getLocalConfiguration();
$configQfq = unserialize($configT3['EXT']['extConf'][EXT_KEY]);
// Set new value
$configQfq[$key] = $value;
// Prepare
$configT3['EXT']['extConf'][EXT_KEY] = serialize($configQfq);
// Write new config to typo3conf/LocalConfiguration.php
$configurationManager->writeLocalConfiguration($configT3);
// Activate QFQ ErrorHandler again.
Support::setQfqErrorHandler();
}
}
\ No newline at end of file
......@@ -15,7 +15,7 @@ use PHPUnit\Framework\TestCase;
* Class PasswordTest
* @package qfq
*/
class PasswordTest extends TestCase {
class T3HandlerTest extends TestCase {
public function testPasswordHashAndCheck() {
......
# cat=config/config; type=string; label=Flag Production:Possible values: 'yes', 'no'. Retrieve via '{{flagProduction:Y}}''. Default is 'yes'. Used to differentiate between development & production systems.
flagProduction = yes
# cat=config/config; type=string; label=QFQ will show form and/or report. In most cases only one at a time is needed. Options: 'single' (default) or 'both' (legacy). In 'single' prefer 'form' over 'report'.
render = single
# cat=config/config; type=string; label=Max file size for file uploads:If empty, take minimum of 'post_max_size' and 'upload_max_filesize' (PHP.INI).
maxFileSize =
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment