Elgg  Version master
hardening.php
Go to the documentation of this file.
1 <?php
8 $hardening = '';
9 
10 // protect upgrade.php
11 $protect_upgrade = (bool) elgg_get_config('security_protect_upgrade');
13  '#type' => 'checkbox',
14  '#label' => elgg_echo('admin:security:settings:protect_upgrade'),
15  '#help' => elgg_echo('admin:security:settings:protect_upgrade:help'),
16  'name' => 'security_protect_upgrade',
17  'default' => 0,
18  'value' => 1,
19  'switch' => true,
20  'checked' => $protect_upgrade,
21 ]);
22 if ($protect_upgrade) {
23  $url = elgg_http_get_signed_url('upgrade.php');
24  $url = elgg_format_element('pre', [], $url);
25 
27  'class' => 'elgg-divide-left plm',
28  ], elgg_echo('admin:security:settings:protect_upgrade:token') . $url);
29 }
30 
31 // protect /cron
32 $protect_cron = (bool) elgg_get_config('security_protect_cron');
34  '#type' => 'checkbox',
35  '#label' => elgg_echo('admin:security:settings:protect_cron'),
36  '#help' => elgg_echo('admin:security:settings:protect_cron:help'),
37  'name' => 'security_protect_cron',
38  'default' => 0,
39  'value' => 1,
40  'switch' => true,
41  'checked' => $protect_cron,
42 ]);
43 if ($protect_cron) {
44  $periods = _elgg_services()->cron->getConfiguredIntervals(true);
45  $rows = [];
46 
47  // header for table
48  $cells = [];
49  $cells[] = elgg_format_element('th', [], elgg_echo('admin:cron:period'));
50  $cells[] = elgg_format_element('th', [], 'URL');
51 
52  $rows[] = elgg_format_element('tr', [], implode('', $cells));
53 
54  // add inverval urls
55  foreach ($periods as $period) {
56  $cells = [];
57 
58  $cells[] = elgg_format_element('td', [], elgg_echo("interval:{$period}"));
59  $cells[] = elgg_format_element('td', [], elgg_http_get_signed_url("cron/{$period}"));
60 
61  $rows[] = elgg_format_element('tr', [], implode('', $cells));
62  }
63 
64  // cron url table
65  $table = elgg_format_element('table', [
66  'id' => 'security-cron-urls',
67  'class' => 'elgg-table mvm hidden',
68  ], implode('', $rows));
69 
70  $content = elgg_echo('admin:security:settings:protect_cron:token');
71  $content .= ' ' . elgg_view('output/url', [
72  'text' => elgg_echo('admin:security:settings:protect_cron:toggle'),
73  'href' => '#security-cron-urls',
74  'class' => 'elgg-toggle',
75  ]);
76  $content .= $table;
77 
79  'class' => 'elgg-divide-left plm mbm',
80  ], $content);
81 }
82 
83 // disable autocomplete on password forms
85  '#type' => 'checkbox',
86  '#label' => elgg_echo('admin:security:settings:disable_password_autocomplete'),
87  '#help' => elgg_echo('admin:security:settings:disable_password_autocomplete:help'),
88  'name' => 'security_disable_password_autocomplete',
89  'default' => 0,
90  'value' => 1,
91  'switch' => true,
92  'checked' => (bool) elgg_get_config('security_disable_password_autocomplete'),
93 ]);
94 
95 // session bound entity icons
97  '#type' => 'checkbox',
98  '#label' => elgg_echo('admin:security:settings:session_bound_entity_icons'),
99  '#help' => elgg_echo('admin:security:settings:session_bound_entity_icons:help'),
100  'name' => 'session_bound_entity_icons',
101  'default' => 0,
102  'value' => 1,
103  'switch' => true,
104  'checked' => (bool) elgg_get_config('session_bound_entity_icons'),
105 ]);
106 
107 // subresource integrity
109  '#type' => 'checkbox',
110  '#label' => elgg_echo('admin:security:settings:subresource_integrity_enabled'),
111  '#help' => elgg_echo('admin:security:settings:subresource_integrity_enabled:help'),
112  'name' => 'subresource_integrity_enabled',
113  'default' => 0,
114  'value' => 1,
115  'switch' => true,
116  'checked' => (bool) elgg_get_config('subresource_integrity_enabled'),
117 ]);
118 
119 // allow others to extend this section
120 $hardening .= elgg_view('admin/security/settings/extend/hardening');
121 
122 echo elgg_view_module('info', elgg_echo('admin:security:settings:label:hardening'), $hardening);
elgg_view_module(string $type, string $title, string $body, array $vars=[])
Wrapper function for the module display pattern.
Definition: views.php:919
elgg_view_field(array $params=[])
Renders a form field, usually with a wrapper element, a label, help text, etc.
Definition: views.php:1112
elgg_get_config(string $name, $default=null)
Get an Elgg configuration value.
$hardening
Security settings subview - misc hardening settings.
Definition: hardening.php:8
$rows
Definition: redis.php:25
$periods
Definition: cron.php:9
elgg_echo(string $message_key, array $args=[], string $language= '')
Elgg language module Functions to manage language and translations.
Definition: languages.php:17
if($protect_upgrade) $protect_cron
Definition: hardening.php:32
elgg_view(string $view, array $vars=[], string $viewtype= '')
Return a parsed view.
Definition: views.php:156
$table
Definition: user.php:37
$content
Set robots.txt action.
Definition: set_robots.php:6
foreach($plugin_guids as $guid) if(empty($deactivated_plugins)) $url
Definition: deactivate.php:39
_elgg_services()
Get the global service provider.
Definition: elgglib.php:346
elgg_format_element(string $tag_name, array $attributes=[], string $text= '', array $options=[])
Format an HTML element.
Definition: output.php:145
$protect_upgrade
Definition: hardening.php:11
elgg_http_get_signed_url(string $url, string $expires=null)
Signs provided URL with a SHA256 HMAC key.
Definition: elgglib.php:214