commit: 8e5a0c81ef118c7d88e10fb7d793a36e9204aea8
Author: Marc Alexander <admin <AT> m-a-styles <DOT> de>
AuthorDate: Sun Apr 21 20:22:35 2019 +0000
Commit: Jimi Huotari <chiitoo <AT> gentoo <DOT> org>
CommitDate: Sun Apr 21 20:22:35 2019 +0000
URL: https://gitweb.gentoo.org/proj/forums.git/commit/?id=8e5a0c81
[ticket/security/233] Make smtp_password and smtp_username dynamic
SECURITY-233
phpBB/install/schemas/schema_data.sql | 4 +--
.../db/migration/data/v32x/smtp_dynamic_data.php | 42 ++++++++++++++++++++++
phpBB/phpbb/install/helper/config.php | 2 ++
3 files changed, 46 insertions(+), 2 deletions(-)
diff --git a/phpBB/install/schemas/schema_data.sql
b/phpBB/install/schemas/schema_data.sql
index 55dd72db0..e897a7b44 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -269,9 +269,9 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES
('smilies_per_page',
INSERT INTO phpbb_config (config_name, config_value) VALUES
('smtp_auth_method', 'PLAIN');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_delivery',
'0');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_host', '');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_password',
'');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_password',
'', 1);
INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_port',
'25');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_username',
'');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_username',
'', 1);
INSERT INTO phpbb_config (config_name, config_value) VALUES
('teampage_memberships', '1');
INSERT INTO phpbb_config (config_name, config_value) VALUES
('teampage_forums', '1');
INSERT INTO phpbb_config (config_name, config_value) VALUES
('topics_per_page', '25');
diff --git a/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php
b/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php
new file mode 100644
index 000000000..aeaa3e897
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php
@@ -0,0 +1,42 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v32x;
+
+class smtp_dynamic_data extends \phpbb\db\migration\migration
+{
+ static public function depends_on()
+ {
+ return array(
+ '\phpbb\db\migration\data\v32x\v326rc1',
+ );
+ }
+
+ public function update_data()
+ {
+ return array(
+ array('custom', array(array($this,
'set_smtp_dynamic'))),
+ );
+ }
+
+ public function set_smtp_dynamic()
+ {
+ $smtp_auth_entries = [
+ 'smtp_password',
+ 'smtp_username',
+ ];
+ $this->sql_query('UPDATE ' . CONFIG_TABLE . '
+ SET is_dynamic = 1
+ WHERE ' . $this->db->sql_in_set('config_name',
$smtp_auth_entries));
+ }
+}
diff --git a/phpBB/phpbb/install/helper/config.php
b/phpBB/phpbb/install/helper/config.php
index fad674901..7eb0ae3b0 100644
--- a/phpBB/phpbb/install/helper/config.php
+++ b/phpBB/phpbb/install/helper/config.php
@@ -330,6 +330,8 @@ class config
fwrite($fp, $file_content);
fclose($fp);
+ // Enforce 0600 permission for install config
+ $this->filesystem->chmod([$this->install_config_file], 0600);
}
/**
