Elgg  Version master
hardening.php
Go to the documentation of this file.
1 <?php
8 $hardening = '';
9 
10 // protect upgrade.php
11 $protect_upgrade = (bool) elgg_get_config('security_protect_upgrade');
13  '#type' => 'switch',
14  '#label' => elgg_echo('admin:security:settings:protect_upgrade'),
15  '#help' => elgg_echo('admin:security:settings:protect_upgrade:help'),
16  'name' => 'security_protect_upgrade',
17  'value' => $protect_upgrade,
18 ]);
19 
20 if ($protect_upgrade) {
21  $url = elgg_http_get_signed_url('upgrade.php');
22  $url = elgg_format_element('pre', [], $url);
23 
25  'class' => 'elgg-divide-left plm',
26  ], elgg_echo('admin:security:settings:protect_upgrade:token') . $url);
27 }
28 
29 // protect /cron
30 $protect_cron = (bool) elgg_get_config('security_protect_cron');
32  '#type' => 'switch',
33  '#label' => elgg_echo('admin:security:settings:protect_cron'),
34  '#help' => elgg_echo('admin:security:settings:protect_cron:help'),
35  'name' => 'security_protect_cron',
36  'value' => $protect_cron,
37 ]);
38 
39 if ($protect_cron) {
40  $periods = _elgg_services()->cron->getConfiguredIntervals(true);
41  $rows = [];
42 
43  // header for table
44  $cells = [];
45  $cells[] = elgg_format_element('th', [], elgg_echo('admin:cron:period'));
46  $cells[] = elgg_format_element('th', [], 'URL');
47 
48  $rows[] = elgg_format_element('tr', [], implode('', $cells));
49 
50  // add inverval urls
51  foreach ($periods as $period) {
52  $cells = [];
53 
54  $cells[] = elgg_format_element('td', [], elgg_echo("interval:{$period}"));
55  $cells[] = elgg_format_element('td', [], elgg_http_get_signed_url("cron/{$period}"));
56 
57  $rows[] = elgg_format_element('tr', [], implode('', $cells));
58  }
59 
60  // cron url table
61  $table = elgg_format_element('table', [
62  'id' => 'security-cron-urls',
63  'class' => 'elgg-table mvm hidden',
64  ], implode('', $rows));
65 
66  $content = elgg_echo('admin:security:settings:protect_cron:token');
67  $content .= ' ' . elgg_view('output/url', [
68  'text' => elgg_echo('admin:security:settings:protect_cron:toggle'),
69  'href' => '#security-cron-urls',
70  'class' => 'elgg-toggle',
71  ]);
72  $content .= $table;
73 
75  'class' => 'elgg-divide-left plm mbm',
76  ], $content);
77 }
78 
79 // disable autocomplete on password forms
81  '#type' => 'switch',
82  '#label' => elgg_echo('admin:security:settings:disable_password_autocomplete'),
83  '#help' => elgg_echo('admin:security:settings:disable_password_autocomplete:help'),
84  'name' => 'security_disable_password_autocomplete',
85  'value' => elgg_get_config('security_disable_password_autocomplete'),
86 ]);
87 
88 // session bound entity icons
90  '#type' => 'switch',
91  '#label' => elgg_echo('admin:security:settings:session_bound_entity_icons'),
92  '#help' => elgg_echo('admin:security:settings:session_bound_entity_icons:help'),
93  'name' => 'session_bound_entity_icons',
94  'value' => elgg_get_config('session_bound_entity_icons'),
95 ]);
96 
97 // subresource integrity
99  '#type' => 'switch',
100  '#label' => elgg_echo('admin:security:settings:subresource_integrity_enabled'),
101  '#help' => elgg_echo('admin:security:settings:subresource_integrity_enabled:help'),
102  'name' => 'subresource_integrity_enabled',
103  'value' => elgg_get_config('subresource_integrity_enabled'),
104 ]);
105 
106 // allow others to extend this section
107 $hardening .= elgg_view('admin/security/settings/extend/hardening');
108 
109 echo elgg_view_module('info', elgg_echo('admin:security:settings:label:hardening'), $hardening);
elgg_view_module(string $type, string $title, string $body, array $vars=[])
Wrapper function for the module display pattern.
Definition: views.php:919
elgg_view_field(array $params=[])
Renders a form field, usually with a wrapper element, a label, help text, etc.
Definition: views.php:1112
elgg_get_config(string $name, $default=null)
Get an Elgg configuration value.
$hardening
Security settings subview - misc hardening settings.
Definition: hardening.php:8
$rows
Definition: redis.php:25
$periods
Definition: cron.php:9
elgg_echo(string $message_key, array $args=[], string $language= '')
Elgg language module Functions to manage language and translations.
Definition: languages.php:17
if($protect_upgrade) $protect_cron
Definition: hardening.php:30
elgg_view(string $view, array $vars=[], string $viewtype= '')
Return a parsed view.
Definition: views.php:156
$table
Definition: user.php:37
$content
Set robots.txt action.
Definition: set_robots.php:6
foreach($plugin_guids as $guid) if(empty($deactivated_plugins)) $url
Definition: deactivate.php:39
_elgg_services()
Get the global service provider.
Definition: elgglib.php:351
elgg_format_element(string $tag_name, array $attributes=[], string $text= '', array $options=[])
Format an HTML element.
Definition: output.php:145
$protect_upgrade
Definition: hardening.php:11
elgg_http_get_signed_url(string $url, string $expires=null)
Signs provided URL with a SHA256 HMAC key.
Definition: elgglib.php:214