mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2025-12-24 01:57:51 -05:00
Code Issues Packages Projects Releases Wiki Activity

Adapt Configuration checker for CI4 (#4108)

Browse Source 
- Removed $import variable as it is never used and the code generates the csv file for item imports
- Refactored import_customers.csv to match PSR-12 standard file names
- Refactored variable names to match PSR-12 standard variable names
- Updated .editorconfig to reflect PSR-12 requirement for spaces rather than tab symbols. https://www.php-fig.org/psr/psr-12/#24-indenting
- Added version number to browser reporting
- Corrected timezone reporting

Signed-off-by: objecttothis <objecttothis@gmail.com>

* Revert .editorconfig (#3708)

---------

Signed-off-by: objecttothis <objecttothis@gmail.com>
Co-authored-by: jekkos <jeroen.peelaerts@gmail.com>
This commit is contained in:
objecttothis
2024-11-10 12:23:42 +04:00
committed by GitHub
parent ae27cba6f6
commit 2d895b4a9e
4 changed files with 1156 additions and 1229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1975
app/Controllers/Config.php
View File

File diff suppressed because it is too large Load Diff

2
app/Controllers/Customers.php
View File

@@ -412,7 +412,7 @@ class Customers extends Persons
*/
public function getCsv(): DownloadResponse
{
$name = 'import_customers.csv';
$name = 'importCustomers.csv';
$data = file_get_contents(WRITEPATH . "uploads/$name");
return $this->response->download($name, $data);
}

408
app/Views/configs/system_info.php
View File

@@ -1,227 +1,241 @@
<?php
use Config\OSPOS;
use Config\OSPOS;
/**
* @var string $db_version
* @var string $dbVersion
* @var array $config
*/
?>
<style>
a:hover {
cursor:pointer;
a:hover {
cursor:pointer;
}
hidden {
hidden {
visibility: hidden;
}
</style>
</style><script type="application/javascript" src="js/clipboard.min.js"></script>
<div id="config_wrapper" class="col-sm-12">
<?php
<?php
echo lang('Config.server_notice') ?>
<div class="container">
<div class="row">
<div class="col-sm-2" style="text-align: left;"><br>
<p style="min-height:14.7em;"><strong>General Info </p>
<p style="min-height:9.9em;">User Setup</p><br>
<p>Permissions</p></strong>
</div>
<div class="col-sm-8" id="issuetemplate" style="text-align: left;"><br>
<?= lang('Config.ospos_info') . ':' ?>
<?= esc(config('App')->application_version) ?> - <?= esc(substr(config(OSPOS::class)->commit_sha1, 0, 6)) ?><br>
Language Code: <?= current_language_code() ?><br><br>
<div id="TimeError"></div>
Extensions & Modules:<br>
<?php
echo "&#187; GD: ", extension_loaded('gd') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red;">Disabled &#x2717</span>', '<br>';
echo "&#187; BC Math: ", extension_loaded('bcmath') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red">Disabled &#x2717</span>', '<br>';
echo "&#187; INTL: ", extension_loaded('intl') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red">Disabled &#x2717</span>', '<br>';
echo "&#187; OpenSSL: ", extension_loaded('openssl') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red">Disabled &#x2717</span>', '<br>';
echo "&#187; MBString: ", extension_loaded('mbstring') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red">Disabled &#x2717</span>', '<br>';
echo "&#187; Curl: ", extension_loaded('curl') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red">Disabled &#x2717</span>', '<br>';
echo "&#187; Xml: ", extension_loaded('xml') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red">Disabled &#x2717</span>', '<br><br>';
?>
User Configuration:<br>
.Browser:
<?php
/**
* @param string $user_agent
* @return string
*/
function get_browser_name(string $user_agent): string
{
if (strpos($user_agent, 'Opera') || strpos($user_agent, 'OPR/')) return 'Opera';
elseif (strpos($user_agent, 'Edge')) return 'Edge';
elseif (strpos($user_agent, 'Chrome')) return 'Chrome';
elseif (strpos($user_agent, 'Safari')) return 'Safari';
elseif (strpos($user_agent, 'Firefox')) return 'Firefox';
elseif (strpos($user_agent, 'MSIE') || strpos($user_agent, 'Trident/7')) return 'Internet Explorer';
return 'Other';
}
echo esc(get_browser_name($_SERVER['HTTP_USER_AGENT']));
?><br>
.Server Software: <?= esc($_SERVER['SERVER_SOFTWARE']) ?><br>
.PHP Version: <?= PHP_VERSION ?><br>
.DB Version: <?= esc($db_version) ?><br>
.Server Port: <?= esc($_SERVER['SERVER_PORT']) ?><br>
.OS: <?= php_uname('s') .' '. php_uname('r') ?><br><br>
File Permissions:<br>
&#187; [writeable/logs:]
<?php $logs = WRITEPATH . 'logs/';
$uploads = FCPATH . 'uploads/';
$images = FCPATH . 'uploads/item_pics/';
$import = '../import_items.csv'; //TODO: These two are probably incorrect paths because CI4 has a different folder structure
$importcustomers = WRITEPATH . '/uploads/import_customers.csv'; //TODO: This variable does not follow naming conventions for the project.
echo lang('Config.server_notice') ?>
<div class="container">
<div class="row">
<div class="col-sm-2" style="text-align: left;"><br>
<strong>
<p style="min-height:14.7em;">General Info</p>
<p style="min-height:10.5em;">User Setup</p><br>
<p>Permissions</p>
</strong>
</div>
<div class="col-sm-8" id="issuetemplate" style="text-align: left;"><br>
<?= lang('Config.ospos_info') . ':' ?>
<?= esc(config('App')->application_version) ?> - <?= esc(substr(config(OSPOS::class)->commit_sha1, 0, 6)) ?><br>
Language Code: <?= current_language_code() ?><br><br>
<div id="TimeError"></div>
Extensions & Modules:<br>
<?php
echo "&#187; GD: ", extension_loaded('gd') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red;">Disabled &#x2717</span>', '<br>';
echo "&#187; BC Math: ", extension_loaded('bcmath') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red">Disabled &#x2717</span>', '<br>';
echo "&#187; INTL: ", extension_loaded('intl') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red">Disabled &#x2717</span>', '<br>';
echo "&#187; OpenSSL: ", extension_loaded('openssl') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red">Disabled &#x2717</span>', '<br>';
echo "&#187; MBString: ", extension_loaded('mbstring') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red">Disabled &#x2717</span>', '<br>';
echo "&#187; Curl: ", extension_loaded('curl') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red">Disabled &#x2717</span>', '<br>';
echo "&#187; Xml: ", extension_loaded('xml') ? '<span style="color: green;">Enabled &#x2713</span>' : '<span style="color: red">Disabled &#x2717</span>', '<br><br>';
?>
User Configuration:<br>
.Browser:
<?php
/**
* @param string $userAgent
* @return string
*/
function getBrowserNameAndVersion(string $userAgent): string
{
$browser = match (true) {
strpos($userAgent, 'Opera') !== false || strpos($userAgent, 'OPR/') !== false => 'Opera',
strpos($userAgent, 'Edge') !== false => 'Edge',
strpos($userAgent, 'Chrome') !== false => 'Chrome',
strpos($userAgent, 'Safari') !== false => 'Safari',
strpos($userAgent, 'Firefox') !== false => 'Firefox',
strpos($userAgent, 'MSIE') !== false || strpos($userAgent, 'Trident/7') !== false => 'Internet Explorer',
default => 'Other',
};
if(is_writable($logs))
{
echo ' - ' . substr(sprintf("%o",fileperms($logs)),-4) . ' | ' . '<span style="color: green;"> Writable &#x2713 </span>';
}
else
{
echo ' - ' . substr(sprintf("%o",fileperms($logs)),-4) . ' | ' . '<span style="color: red;"> Not Writable &#x2717 </span>';
}
$version = match ($browser) {
'Opera' => preg_match('/(Opera|OPR)\/([0-9.]+)/', $userAgent, $matches) ? $matches[2] : '',
'Edge' => preg_match('/Edge\/([0-9.]+)/', $userAgent, $matches) ? $matches[1] : '',
'Chrome' => preg_match('/Chrome\/([0-9.]+)/', $userAgent, $matches) ? $matches[1] : '',
'Safari' => preg_match('/Version\/([0-9.]+)/', $userAgent, $matches) ? $matches[1] : '',
'Firefox' => preg_match('/Firefox\/([0-9.]+)/', $userAgent, $matches) ? $matches[1] : '',
'Internet Explorer' => preg_match('/(MSIE|rv:)([0-9.]+)/', $userAgent, $matches) ? $matches[2] : '',
default => '',
};
clearstatcache();
if(is_writable($logs) && substr(decoct(fileperms($logs)), -4) != 750 )
{
echo ' | <span style="color: red;">Vulnerable or Incorrect Permissions &#x2717</span>';
}
else
{
echo ' | <span style="color: green;">Security Check Passed &#x2713</span>';
}
clearstatcache();
?>
<br>
&#187; [public/uploads:]
<?php
if(is_writable($uploads))
{
echo ' - ' . substr(sprintf("%o",fileperms($uploads)),-4) . ' | ' . '<span style="color: green;"> Writable &#x2713 </span>';
}
else
{
echo ' - ' . substr(sprintf("%o",fileperms($uploads)),-4) . ' | ' . '<span style="color: red;"> Not Writable &#x2717 </span>';
}
return $browser . ($version ? ' ' . $version : '');
}
echo esc(getBrowserNameAndVersion($_SERVER['HTTP_USER_AGENT']));
?><br>
.Server Software: <?= esc($_SERVER['SERVER_SOFTWARE']) ?><br>
.PHP Version: <?= PHP_VERSION ?><br>
.DB Version: <?= esc($dbVersion) ?><br>
.Server Port: <?= esc($_SERVER['SERVER_PORT']) ?><br>
.OS: <?= php_uname('s') .' '. php_uname('r') ?><br><br>
.OS Time Zone: <span id="timezone" style="font-weight:600"></span><br>
.OSPOS Time Zone: <span id="ostimezone" style="font-weight:600;" ><?= esc($config['timezone']) ?></span>
<br><br>
clearstatcache();
if(is_writable($uploads) && substr(decoct(fileperms($uploads)), -4) != 750 )
{
echo ' | <span style="color: red;">Vulnerable or Incorrect Permissions &#x2717</span>';
}
else
{
echo ' | <span style="color: green;">Security Check Passed &#x2713 </span>';
}
clearstatcache();
?>
<br>
&#187; [writable/uploads/item_pics:]
<?php
if (is_writable($images))
{
echo ' - ' . substr(sprintf("%o",fileperms($images)),-4) . ' | ' . '<span style="color: green;"> Writable &#x2713 </span>';
}
else
{
echo ' - ' . substr(sprintf("%o",fileperms($images)),-4) . ' | ' . '<span style="color: red;"> Not Writable &#x2717 </span>';
}
File Permissions:<br>
&#187; [writeable/logs:]
<?php $logs = WRITEPATH . 'logs/';
$uploads = FCPATH . 'uploads/';
$images = FCPATH . 'uploads/item_pics/';
$importCustomers = WRITEPATH . '/uploads/importCustomers.csv'; //TODO: This variable does not follow naming conventions for the project.
clearstatcache();
if (substr(decoct(fileperms($images)), -4) != 750 )
{
echo ' | <span style="color: red;">Vulnerable or Incorrect Permissions &#x2717</span>';
}
else
{
echo ' | <span style="color: green;">Security Check Passed &#x2713 </span>';
}
clearstatcache();
?>
<br>
&#187; [import_customers.csv:]
<?php
if (is_readable($importcustomers))
{
echo ' - ' . substr(sprintf("%o",fileperms($importcustomers)),-4) . ' | ' . '<span style="color: green;"> Readable &#x2713 </span>';
}
else
{
echo ' - ' . substr(sprintf("%o",fileperms($importcustomers)),-4) . ' | ' . '<span style="color: red;"> Not Readable &#x2717 </span>';
}
clearstatcache();
if (is_writable($logs))
{
echo ' - ' . substr(sprintf("%o", fileperms($logs)), -4) . ' | ' . '<span style="color: green;"> Writable &#x2713 </span>';
}
else
{
echo ' - ' . substr(sprintf("%o", fileperms($logs)), -4) . ' | ' . '<span style="color: red;"> Not Writable &#x2717 </span>';
}
if (!((substr(decoct(fileperms($importcustomers)), -4) == 640) || (substr(decoct(fileperms($importcustomers)), -4) == 660) ))
{
echo ' | <span style="color: red;">Vulnerable or Incorrect Permissions &#x2717</span>';
}
else
{
echo ' | <span style="color: green;">Security Check Passed &#x2713 </span>';
}
clearstatcache();
?>
<br>
<?php
if(!((substr(decoct(fileperms($logs)), -4) == 750)
&& (substr(decoct(fileperms($uploads)), -4) == 750)
&& (substr(decoct(fileperms($images)), -4) == 750)
&& ((substr(decoct(fileperms($importcustomers)), -4) == 640)
|| (substr(decoct(fileperms($importcustomers)), -4) == 660))))
{
echo '<br><span style="color: red;"><strong>' . lang('Config.security_issue') . '</strong> <br>' . lang('Config.perm_risk') . '</span><br>';
}
else
{
echo '<br><span style="color: green;">' . lang('Config.no_risk') . '</strong> <br> </span>';
}
clearstatcache();
if (is_writable($logs) && substr(decoct(fileperms($logs)), -4) != 750)
{
echo ' | <span style="color: red;">Vulnerable or Incorrect Permissions &#x2717</span>';
}
else
{
echo ' | <span style="color: green;">Security Check Passed &#x2713</span>';
}
clearstatcache();
?>
<br>
&#187; [public/uploads:]
<?php
if (is_writable($uploads))
{
echo ' - ' . substr(sprintf("%o", fileperms($uploads)), -4) . ' | ' . '<span style="color: green;"> Writable &#x2713 </span>';
}
else
{
echo ' - ' . substr(sprintf("%o", fileperms($uploads)), -4) . ' | ' . '<span style="color: red;"> Not Writable &#x2717 </span>';
}
if(substr(decoct(fileperms($logs)), -4) != 750)
{
echo '<br><span style="color: red;"> &#187; [writeable/logs:] ' . lang('Config.is_writable') . '</span>';
}
clearstatcache();
if(substr(decoct(fileperms($uploads)), -4) != 750)
{
echo '<br><span style="color: red;"> &#187; [writable/uploads:] ' . lang('Config.is_writable') . '</span>';
}
if (is_writable($uploads) && substr(decoct(fileperms($uploads)), -4) != 750)
{
echo ' | <span style="color: red;">Vulnerable or Incorrect Permissions &#x2717</span>';
}
else
{
echo ' | <span style="color: green;">Security Check Passed &#x2713 </span>';
}
if(substr(decoct(fileperms($images)), -4) != 750)
{
echo '<br><span style="color: red;"> &#187; [writable/uploads/item_pics:] ' . lang('Config.is_writable') . '</span>';
}
clearstatcache();
?>
<br>
&#187; [writable/uploads/item_pics:]
<?php
if (is_writable($images))
{
echo ' - ' . substr(sprintf("%o", fileperms($images)), -4) . ' | ' . '<span style="color: green;"> Writable &#x2713 </span>';
}
else
{
echo ' - ' . substr(sprintf("%o", fileperms($images)), -4) . ' | ' . '<span style="color: red;"> Not Writable &#x2717 </span>';
}
if(!((substr(decoct(fileperms($importcustomers)), -4) == 640)
|| (substr(decoct(fileperms($importcustomers)), -4) == 660)))
{
echo '<br><span style="color: red;"> &#187; [import_customers.csv:] ' . lang('Config.is_readable') . '</span>';
}
?>
<br>
<div id="timezone" style="font-weight:600;"></div><br><br>
<div id="ostimezone" style="display:none;" ><?= esc($config['timezone']) ?></div><br>
<br>
</div>
</div>
</div>
clearstatcache();
if (substr(decoct(fileperms($images)), -4) != 750)
{
echo ' | <span style="color: red;">Vulnerable or Incorrect Permissions &#x2717</span>';
}
else
{
echo ' | <span style="color: green;">Security Check Passed &#x2713 </span>';
}
clearstatcache();
?>
<br>
&#187; [importCustomers.csv:]
<?php
if (is_readable($importCustomers)) {
echo ' - ' . substr(sprintf("%o", fileperms($importCustomers)), -4) . ' | ' . '<span style="color: green;"> Readable &#x2713 </span>';
} else {
echo ' - ' . substr(sprintf("%o", fileperms($importCustomers)), -4) . ' | ' . '<span style="color: red;"> Not Readable &#x2717 </span>';
}
clearstatcache();
if (!((substr(decoct(fileperms($importCustomers)), -4) == 640) || (substr(decoct(fileperms($importCustomers)), -4) == 660))) {
echo ' | <span style="color: red;">Vulnerable or Incorrect Permissions &#x2717</span>';
} else {
echo ' | <span style="color: green;">Security Check Passed &#x2713 </span>';
}
clearstatcache();
?>
<br>
<?php
if (!((substr(decoct(fileperms($logs)), -4) == 750)
&& (substr(decoct(fileperms($uploads)), -4) == 750)
&& (substr(decoct(fileperms($images)), -4) == 750)
&& ((substr(decoct(fileperms($importCustomers)), -4) == 640)
|| (substr(decoct(fileperms($importCustomers)), -4) == 660))))
{
echo '<br><span style="color: red;"><strong>' . lang('Config.security_issue') . '</strong> <br>' . lang('Config.perm_risk') . '</span><br>';
}
else
{
echo '<br><span style="color: green;">' . lang('Config.no_risk') . '</strong> <br> </span>';
}
if (substr(decoct(fileperms($logs)), -4) != 750)
{
echo '<br><span style="color: red;"> &#187; [writeable/logs:] ' . lang('Config.is_writable') . '</span>';
}
if (substr(decoct(fileperms($uploads)), -4) != 750)
{
echo '<br><span style="color: red;"> &#187; [writable/uploads:] ' . lang('Config.is_writable') . '</span>';
}
if (substr(decoct(fileperms($images)), -4) != 750)
{
echo '<br><span style="color: red;"> &#187; [writable/uploads/item_pics:] ' . lang('Config.is_writable') . '</span>';
}
if (!((substr(decoct(fileperms($importCustomers)), -4) == 640)
|| (substr(decoct(fileperms($importCustomers)), -4) == 660)))
{
echo '<br><span style="color: red;"> &#187; [importCustomers.csv:] ' . lang('Config.is_readable') . '</span>';
}
?>
</div>
</div>
</div>
</div>
<div style="text-align: center;">
<a class="copy" data-clipboard-action="copy" data-clipboard-target="#issuetemplate">Copy Info</a> | <a href="https://github.com/opensourcepos/opensourcepos/issues/new" target="_blank"> <?= lang('Config.report_an_issue') ?></a>
<script>
var clipboard = new ClipboardJS('.copy');
<a class="copy" data-clipboard-action="copy" data-clipboard-target="#issuetemplate">Copy Info</a> | <a href="https://github.com/opensourcepos/opensourcepos/issues/new" target="_blank"> <?= lang('Config.report_an_issue') ?></a>
<script>
var clipboard = new ClipboardJS('.copy');
clipboard.on('success', function(e) {
document.getSelection().removeAllRanges();
});
clipboard.on('success', function(e) {
document.getSelection().removeAllRanges();
});
document.getElementById("timezone").innerText = Intl.DateTimeFormat().resolvedOptions().timeZone;
document.getElementById("timezone").innerText = Intl.DateTimeFormat().resolvedOptions().timeZone;
$(function() {
$('#timezone').clone().appendTo('#timezoneE');
});
$(function() {
$('#timezone').clone().appendTo('#timezoneE');
});
if($('#timezone').html() !== $('#ostimezone').html())
document.getElementById("TimeError").innerHTML = '<span style="color: red;"><?= lang('Config.timezone_error') ?></span><br><br><?= lang('Config.user_timezone') ?><div id="timezoneE" style="font-weight:600;"></div><br><?= lang('Config.os_timezone') ?><div id="ostimezoneE" style="font-weight:600;"><?= esc($config['timezone']) ?></div><br>';
</script>
if($('#timezone').html() !== $('#ostimezone').html())
document.getElementById("TimeError").innerHTML = '<span style="color: red;"><?= lang('Config.timezone_error') ?></span><br><br><?= lang('Config.user_timezone') ?><div id="timezoneE" style="font-weight:600;"></div><br><?= lang('Config.os_timezone') ?><div id="ostimezoneE" style="font-weight:600;"><?= esc($config['timezone']) ?></div><br>';
</script>
</div>

0
writable/uploads/import_customers.csv → writable/uploads/importCustomers.csv
View File