From 3469a56c17ba235fe4ae76b8772c2a3085bb806a Mon Sep 17 00:00:00 2001 From: Benjamin Perche Date: Wed, 16 Jul 2014 08:50:50 +0200 Subject: [PATCH] =?UTF-8?q?Add=20new=20sql=20table=20in=20update=20file=20?= =?UTF-8?q?=09modifi=C3=A9:=20=20=20=20=20=20=20=20=20core/lib/Thelia/Form?= =?UTF-8?q?/FirewallForm.php=20=09modifi=C3=A9:=20=20=20=20=20=20=20=20=20?= =?UTF-8?q?setup/insert.sql=20=09modifi=C3=A9:=20=20=20=20=20=20=20=20=20s?= =?UTF-8?q?etup/update/2.0.3.sql?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/lib/Thelia/Form/FirewallForm.php | 22 +++++++------ setup/insert.sql | 5 +-- setup/update/2.0.3.sql | 46 +++++++++++++++++++++++++++ 3 files changed, 62 insertions(+), 11 deletions(-) diff --git a/core/lib/Thelia/Form/FirewallForm.php b/core/lib/Thelia/Form/FirewallForm.php index 773486bff..dc37d014f 100644 --- a/core/lib/Thelia/Form/FirewallForm.php +++ b/core/lib/Thelia/Form/FirewallForm.php @@ -23,28 +23,28 @@ use Thelia\Model\FormFirewallQuery; abstract class FirewallForm extends BaseForm { /** - * Those values are for a "normal" security context + * Those values are for a "normal" security policy */ const DEFAULT_TIME_TO_WAIT = 1; - const DEFAULT_ATTEMPTS = 3; + const DEFAULT_ATTEMPTS = 6; /** @var \Thelia\Model\FormFirewall */ - protected static $cachedInstance; + protected $firewallInstance; public function __construct(Request $request, $type = "form", $data = array(), $options = array()) { - parent::__construct($request, $type, $data, $options); - - static::$cachedInstance = FormFirewallQuery::create() + $this->firewallInstance = FormFirewallQuery::create() ->filterByFormName($this->getName()) ->filterByIpAddress($this->request->getClientIp()) ->findOne() ; + parent::__construct($request, $type, $data, $options); } public function isFirewallOk() { - if (null !== $firewallRow = &static::$cachedInstance) { + + if ($this->isFirewallActive() && null !== $firewallRow = &$this->firewallInstance) { /** @var \DateTime $lastRequestDateTime */ $lastRequestDateTime = $firewallRow->getUpdatedAt(); @@ -68,13 +68,12 @@ abstract class FirewallForm extends BaseForm return false; } } else { - $firewallRow = (new FormFirewall()) + $this->firewallInstance = $firewallRow = (new FormFirewall()) ->setIpAddress($this->request->getClientIp()) ->setFormName($this->getName()) ; $firewallRow->save(); - static::$cachedInstance = $firewallRow; } return true; @@ -99,4 +98,9 @@ abstract class FirewallForm extends BaseForm { return ConfigQuery::read("form_firewall_attempts", static::DEFAULT_ATTEMPTS); } + + public function isFirewallActive() + { + return ConfigQuery::read("form_firewall_active", true); + } } diff --git a/setup/insert.sql b/setup/insert.sql index 69a1ab64b..ec80613db 100644 --- a/setup/insert.sql +++ b/setup/insert.sql @@ -53,8 +53,9 @@ INSERT INTO `config` (`name`, `value`, `secured`, `hidden`, `created_at`, `updat ('sitemap_ttl','7200', 1, 1, NOW(), NOW()), ('feed_ttl','7200', 1, 1, NOW(), NOW()), -('form_firewall_time_to_wait', '1', 1, 1, NOW(), NOW()), -('form_firewall_attempts', '3', 1, 1, NOW(), NOW()); +('form_firewall_time_to_wait', '1', 0, 0, NOW(), NOW()), +('form_firewall_attempts', '6', 0, 0, NOW(), NOW()), +('from_firewall_active', '1', 0, 0, NOW(), NOW()); INSERT INTO `config_i18n` (`id`, `locale`, `title`, `description`, `chapo`, `postscriptum`) VALUES diff --git a/setup/update/2.0.3.sql b/setup/update/2.0.3.sql index 2fee9090f..64ed68485 100644 --- a/setup/update/2.0.3.sql +++ b/setup/update/2.0.3.sql @@ -264,6 +264,52 @@ SELECT @max := MAX(`id`) FROM `config`; INSERT INTO `config_i18n` (`id`, `locale`, `title`, `description`, `chapo`, `postscriptum`) VALUES (@max, 'en_US', 'Whitespace trim level of the generated HTML code (0 = none, 1 = medium, 2 = maximum)', NULL, NULL, NULL); +-- --------------------------------------------------------------------- +-- form_firewall +-- --------------------------------------------------------------------- + +DROP TABLE IF EXISTS `form_firewall`; + +CREATE TABLE `form_firewall` +( + `id` INTEGER NOT NULL AUTO_INCREMENT, + `form_name` VARCHAR(255) NOT NULL, + `ip_address` VARCHAR(15) NOT NULL, + `attempts` TINYINT DEFAULT 1, + `created_at` DATETIME, + `updated_at` DATETIME, + PRIMARY KEY (`id`), + INDEX `idx_form_firewall_form_name` (`form_name`), + INDEX `idx_form_firewall_ip_address` (`ip_address`) +) ENGINE=InnoDB; + + +INSERT INTO `config`(`name`, `value`, `secured`, `hidden`, `created_at`, `updated_at`) VALUES +('form_firewall_time_to_wait', '1', 0, 0, NOW(), NOW()), +('form_firewall_attempts', '6', 0, 0, NOW(), NOW()) +('from_firewall_active', '1', 0, 0, NOW(), NOW()) +; + +SELECT @time = `id` FROM `config` WHERE `name` = 'form_firewall_time_to_wait'; +SELECT @attempts = `id` FROM `config` WHERE `name` = 'form_firewall_attempts'; +SELECT @active = `id` FROM `config` WHERE `name` = 'from_firewall_active'; + +INSERT INTO `config_i18n` (`id`, `locale`, `title`, `description`, `chapo`, `postscriptum`) VALUES + (@time, 'en_US', '[Firewall] Time to wait between X attempts', NULL, NULL, NULL), + (@time, 'fr_FR', '[Pare-feu] Temps à attendre entre X essais', NULL, NULL, NULL) +; + +INSERT INTO `config_i18n` (`id`, `locale`, `title`, `description`, `chapo`, `postscriptum`) VALUES + (@attempts, 'en_US', '[Firewall] Number of allowed attemps', NULL, NULL, NULL), + (@attempts, 'fr_FR', '[Pare-feu] Nombre de tentatives autorisées', NULL, NULL, NULL) +; + +INSERT INTO `config_i18n` (`id`, `locale`, `title`, `description`, `chapo`, `postscriptum`) VALUES + (@active, 'en_US', '[Firewall] Activate the firewall', NULL, NULL, NULL), + (@active, 'fr_FR', '[Pare-feu] Activer le pare-feu', NULL, NULL, NULL) +; + + # Done ! # ------ SET FOREIGN_KEY_CHECKS = 1; \ No newline at end of file