Magento Extensions Rating 2024
Magento 2 Documentation  2.3
Documentation for Magento 2 CMS v2.3 (December 2018)
Security.php
Go to the documentation of this file.
1 <?php
7 namespace Magento\AdminNotification\Model\System\Message;
8 
9 use Magento\Store\Model\Store;
10 
15 class Security implements \Magento\Framework\Notification\MessageInterface
16 {
20  const VERIFICATION_RESULT_CACHE_KEY = 'configuration_files_access_level_verification';
21 
27  private $_filePath = 'app/etc/config.php';
28 
34  private $_verificationTimeOut = 2;
35 
39  protected $_cache;
40 
44  protected $_backendConfig;
45 
49  protected $_config;
50 
54  protected $_curlFactory;
55 
62  public function __construct(
63  \Magento\Framework\App\CacheInterface $cache,
64  \Magento\Backend\App\ConfigInterface $backendConfig,
65  \Magento\Framework\App\Config\ScopeConfigInterface $config,
66  \Magento\Framework\HTTP\Adapter\CurlFactory $curlFactory
67  ) {
68  $this->_cache = $cache;
69  $this->_backendConfig = $backendConfig;
70  $this->_config = $config;
71  $this->_curlFactory = $curlFactory;
72  }
73 
79  private function _canShowNotification()
80  {
81  if ($this->_cache->load(self::VERIFICATION_RESULT_CACHE_KEY)) {
82  return false;
83  }
84 
85  if ($this->_isFileAccessible()) {
86  return true;
87  }
88 
89  $adminSessionLifetime = (int)$this->_backendConfig->getValue('admin/security/session_lifetime');
90  $this->_cache->save(true, self::VERIFICATION_RESULT_CACHE_KEY, [], $adminSessionLifetime);
91  return false;
92  }
93 
99  private function _isFileAccessible()
100  {
101  $unsecureBaseURL = $this->_config->getValue(Store::XML_PATH_UNSECURE_BASE_URL, 'default');
102 
104  $http = $this->_curlFactory->create();
105  $http->setConfig(['timeout' => $this->_verificationTimeOut]);
106  $http->write(\Zend_Http_Client::POST, $unsecureBaseURL . $this->_filePath);
107  $responseBody = $http->read();
108  $responseCode = \Zend_Http_Response::extractCode($responseBody);
109  $http->close();
110 
111  return $responseCode == 200;
112  }
113 
119  public function getIdentity()
120  {
121  return 'security';
122  }
123 
129  public function isDisplayed()
130  {
131  return $this->_canShowNotification();
132  }
133 
139  public function getText()
140  {
141  return __(
142  'Your web server is set up incorrectly and allows unauthorized access to sensitive files. '
143  . 'Please contact your hosting provider.'
144  );
145  }
146 
152  public function getSeverity()
153  {
154  return \Magento\Framework\Notification\MessageInterface::SEVERITY_CRITICAL;
155  }
156 }
$config
$config
Definition: fraud_order.php:17
__
__()
Definition: __.php:13
Magento\AdminNotification\Model\System\Message\Security\__construct
__construct(\Magento\Framework\App\CacheInterface $cache, \Magento\Backend\App\ConfigInterface $backendConfig, \Magento\Framework\App\Config\ScopeConfigInterface $config, \Magento\Framework\HTTP\Adapter\CurlFactory $curlFactory)
Definition: Security.php:62
Zend_Http_Client\POST
const POST
Definition: Client.php:78
$cache
$cache
Definition: application_cache.php:8
Zend_Http_Response\extractCode
static extractCode($response_str)
Definition: Response.php:449