diff options
author | Marc Alexander <admin@m-a-styles.de> | 2019-04-21 22:22:35 +0200 |
---|---|---|
committer | Marc Alexander <admin@m-a-styles.de> | 2019-04-21 22:22:35 +0200 |
commit | 8e5a0c81ef118c7d88e10fb7d793a36e9204aea8 (patch) | |
tree | 0a7f8c7d840cf523d1a9296873c3fff6dd285c9f | |
parent | [prep-release-3.2.6] Update changelog for 3.2.6-RC1 (diff) | |
download | forums-8e5a0c81ef118c7d88e10fb7d793a36e9204aea8.tar.gz forums-8e5a0c81ef118c7d88e10fb7d793a36e9204aea8.tar.bz2 forums-8e5a0c81ef118c7d88e10fb7d793a36e9204aea8.zip |
[ticket/security/233] Make smtp_password and smtp_username dynamic
SECURITY-233
-rw-r--r-- | phpBB/install/schemas/schema_data.sql | 4 | ||||
-rw-r--r-- | phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php | 42 | ||||
-rw-r--r-- | phpBB/phpbb/install/helper/config.php | 2 |
3 files changed, 46 insertions, 2 deletions
diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index 55dd72db0..e897a7b44 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -269,9 +269,9 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('smilies_per_page', INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_auth_method', 'PLAIN'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_delivery', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_host', ''); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_password', ''); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_password', '', 1); INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_port', '25'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_username', ''); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_username', '', 1); INSERT INTO phpbb_config (config_name, config_value) VALUES ('teampage_memberships', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('teampage_forums', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('topics_per_page', '25'); diff --git a/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php b/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php new file mode 100644 index 000000000..aeaa3e897 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php @@ -0,0 +1,42 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\db\migration\data\v32x; + +class smtp_dynamic_data extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v326rc1', + ); + } + + public function update_data() + { + return array( + array('custom', array(array($this, 'set_smtp_dynamic'))), + ); + } + + public function set_smtp_dynamic() + { + $smtp_auth_entries = [ + 'smtp_password', + 'smtp_username', + ]; + $this->sql_query('UPDATE ' . CONFIG_TABLE . ' + SET is_dynamic = 1 + WHERE ' . $this->db->sql_in_set('config_name', $smtp_auth_entries)); + } +} diff --git a/phpBB/phpbb/install/helper/config.php b/phpBB/phpbb/install/helper/config.php index fad674901..7eb0ae3b0 100644 --- a/phpBB/phpbb/install/helper/config.php +++ b/phpBB/phpbb/install/helper/config.php @@ -330,6 +330,8 @@ class config fwrite($fp, $file_content); fclose($fp); + // Enforce 0600 permission for install config + $this->filesystem->chmod([$this->install_config_file], 0600); } /** |