瀏覽代碼

Reduce default value from 1000 to 200 for
MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS

Laurent Destailleur 2 年之前
父節點
當前提交
981e165c3e

+ 3 - 3
htdocs/admin/security_other.php

@@ -180,7 +180,7 @@ if (ini_get("session.gc_probability") == 0) {
 }
 print '</td>';
 print '<td class="nowrap">';
-print '<input class="flat right width50" name="MAIN_SESSION_TIMEOUT" type="text" value="'.dol_escape_htmltag($conf->global->MAIN_SESSION_TIMEOUT).'"> '.strtolower($langs->trans("Seconds"));
+print '<input class="flat right width50" name="MAIN_SESSION_TIMEOUT" type="text" value="'.getDolGlobalInt('MAIN_SESSION_TIMEOUT').'"> '.strtolower($langs->trans("Seconds"));
 print '</td>';
 print '</tr>';
 
@@ -188,7 +188,7 @@ print '<tr class="oddeven">';
 print '<td>'.$langs->trans("MaxNumberOfImagesInGetPost").'</td><td class="right">';
 print '</td>';
 print '<td class="nowrap">';
-print '<input class="flat right width50" name="MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT" type="text" value="'.dol_escape_htmltag($conf->global->MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT).'"> '.strtolower($langs->trans("Images"));
+print '<input class="flat right width50" name="MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT" type="text" value="'.getDolGlobalInt('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT').'"> '.strtolower($langs->trans("Images"));
 print '</td>';
 print '</tr>';
 
@@ -196,7 +196,7 @@ print '<tr class="oddeven">';
 print '<td>'.$langs->trans("MaxNumberOfPostOnPublicPagesByIP").'</td><td class="right">';
 print '</td>';
 print '<td class="nowrap">';
-print '<input class="flat right width50" name="MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS" type="text" value="'.getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000).'"> '.strtolower($langs->trans("Posts"));
+print '<input class="flat right width50" name="MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS" type="text" value="'.getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200).'"> '.strtolower($langs->trans("Posts"));
 print '</td>';
 print '</tr>';
 

+ 26 - 0
htdocs/admin/system/security.php

@@ -312,6 +312,32 @@ print yn(empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) ? 0 : 1);
 print '<br>';
 print '<br>';
 
+
+$sessiontimeout = ini_get("session.gc_maxlifetime");
+if (empty($conf->global->MAIN_SESSION_TIMEOUT)) {
+	$conf->global->MAIN_SESSION_TIMEOUT = $sessiontimeout;
+}
+print '<strong>'.$langs->trans("SessionTimeOut").'</strong>';
+if (ini_get("session.gc_probability") == 0) {
+	print $form->textwithpicto('', $langs->trans("SessionsPurgedByExternalSystem", ini_get("session.gc_maxlifetime")));
+} else {
+	print $form->textwithpicto('', $langs->trans("SessionExplanation", ini_get("session.gc_probability"), ini_get("session.gc_divisor"), ini_get("session.gc_maxlifetime")));
+}
+print ': '.getDolGlobalInt('MAIN_SESSION_TIMEOUT').' '.strtolower($langs->trans("Seconds"));
+print '<br><br>';
+
+print '<strong>'.$langs->trans("MaxNumberOfImagesInGetPost").'</strong>: ';
+print getDolGlobalInt('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT').' '.strtolower($langs->trans("Images"));
+print '<br><br>';
+
+print '<strong>'.$langs->trans("MaxNumberOfPostOnPublicPagesByIP").'</strong>: ';
+print getDolGlobalInt('MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS', 200).' '.strtolower($langs->trans("Posts"));
+print '<br><br>';
+
+print '<strong>'.$langs->trans("MaxNumberOfAttachementOnForms").'</strong>: ';
+print getDolGlobalInt("MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", 10).' '.strtolower($langs->trans("Files"));
+print '<br><br>';
+
 print '<strong>'.$langs->trans("DoNotStoreClearPassword").'</strong>: ';
 print empty($conf->global->DATABASE_PWD_ENCRYPTED) ? '' : img_picto('', 'tick').' ';
 print yn(empty($conf->global->DATABASE_PWD_ENCRYPTED) ? 0 : 1);

+ 1 - 1
htdocs/public/eventorganization/attendee_new.php

@@ -285,7 +285,7 @@ if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conferen
 			$confattendee->note_public = $note_public;
 
 			$confattendee->ip = getUserRemoteIP();
-			$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+			$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200);
 			$now = dol_now();
 			$minmonthpost = dol_time_plus_duree($now, -1, "m");
 			// Calculate nb of post for IP

+ 1 - 1
htdocs/public/members/new.php

@@ -287,7 +287,7 @@ if (empty($reshook) && $action == 'add') {
 
 		$adh->ip = getUserRemoteIP();
 
-		$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+		$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200);
 		$now = dol_now();
 		$minmonthpost = dol_time_plus_duree($now, -1, "m");
 		// Calculate nb of post for IP

+ 2 - 2
htdocs/public/opensurvey/studs.php

@@ -99,7 +99,7 @@ if (GETPOST('ajoutcomment', 'alpha')) {
 	}
 
 	$user_ip = getUserRemoteIP();
-	$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+	$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200);
 	$now = dol_now();
 	$minmonthpost = dol_time_plus_duree($now, -1, "m");
 	// Calculate nb of post for IP
@@ -155,7 +155,7 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) {		// bo
 		}
 
 		$user_ip = getUserRemoteIP();
-		$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+		$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200);
 		$now = dol_now();
 		$minmonthpost = dol_time_plus_duree($now, -1, "m");
 		// Calculate nb of post for IP

+ 1 - 1
htdocs/public/partnership/new.php

@@ -226,7 +226,7 @@ if (empty($reshook) && $action == 'add') {
 		//$partnership->typeid               = $conf->global->PARTNERSHIP_NEWFORM_FORCETYPE ? $conf->global->PARTNERSHIP_NEWFORM_FORCETYPE : GETPOST('typeid', 'int');
 		$partnership->ip = getUserRemoteIP();
 
-		$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+		$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200);
 		$now = dol_now();
 		$minmonthpost = dol_time_plus_duree($now, -1, "m");
 		// Calculate nb of post for IP

+ 1 - 1
htdocs/public/project/new.php

@@ -298,7 +298,7 @@ if (empty($reshook) && $action == 'add') {
 		$proj->fk_opp_status  = $defaultoppstatus;
 
 		$proj->ip = getUserRemoteIP();
-		$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+		$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200);
 		$now = dol_now();
 		$minmonthpost = dol_time_plus_duree($now, -1, "m");
 		$nb_post_ip = 0;

+ 1 - 1
htdocs/public/project/suggestbooth.php

@@ -364,7 +364,7 @@ if (empty($reshook) && $action == 'add') {
 			$conforbooth->tms = dol_now();
 			$conforbooth->ip = getUserRemoteIP();
 
-			$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+			$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200);
 			$now = dol_now();
 			$minmonthpost = dol_time_plus_duree($now, -1, "m");
 

+ 1 - 1
htdocs/public/project/suggestconference.php

@@ -362,7 +362,7 @@ if (empty($reshook) && $action == 'add') {
 			$conforbooth->lastname = $contact->lastname;
 			$conforbooth->ip = getUserRemoteIP();
 
-			$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+			$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200);
 			$now = dol_now();
 			$minmonthpost = dol_time_plus_duree($now, -1, "m");
 

+ 1 - 1
htdocs/public/ticket/create_ticket.php

@@ -247,7 +247,7 @@ if (empty($reshook)) {
 			$object->severity_code = GETPOST("severity_code", 'aZ09');
 			$object->ip = getUserRemoteIP();
 
-			$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+			$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200);
 			$now = dol_now();
 			$minmonthpost = dol_time_plus_duree($now, -1, "m");