<section class="section">
<h2 class="sectionTitle">{lang}wcf.acp.systemCheck.result{/lang}</h2>
+ <dl{if !$results[status][web]} class="formError"{/if}>
+ <dt>{lang}wcf.acp.systemCheck.web{/lang}</dt>
+ <dd>
+ {if $results[status][web]}
+ {@$statusOk} {lang}wcf.acp.systemCheck.pass{/lang}
+ {else}
+ {@$statusInsufficient} {lang}wcf.acp.systemCheck.insufficient{/lang}
+ {/if}
+ </dd>
+ </dl>
+
<dl{if !$results[status][php]} class="formError"{/if}>
<dt>{lang}wcf.acp.systemCheck.php{/lang}</dt>
<dd>
</dl>
</section>
+<section class="section">
+ <h2 class="sectionTitle">{lang}wcf.acp.systemCheck.web{/lang}</h2>
+
+ <dl{if !$results[web][https]} class="formError"{/if}>
+ <dt>{lang}wcf.acp.systemCheck.web.https{/lang}</dt>
+ <dd>
+ {if $results[web][https]}
+ {@$statusOk} {lang}wcf.acp.systemCheck.pass{/lang}
+ {else}
+ {@$statusInsufficient} {lang}wcf.acp.systemCheck.notSupported{/lang}
+ {/if}
+ <small>{lang}wcf.acp.systemCheck.web.https.description{/lang}</small>
+ </dd>
+ </dl>
+</section>
+
<section class="section">
<h2 class="sectionTitle">{lang}wcf.acp.systemCheck.php{/lang}</h2>
use wcf\system\Environment;
use wcf\system\exception\SystemException;
use wcf\system\registry\RegistryHandler;
+use wcf\system\request\RouteHandler;
use wcf\system\WCF;
use wcf\util\FileUtil;
],
'x64' => false,
],
+ 'web' => [
+ 'https' => false,
+ ],
'status' => [
'directories' => false,
'mysql' => false,
'php' => false,
+ 'web' => false,
],
];
$this->validatePhpVersion();
$this->validatePhpGdSupport();
$this->validateWritableDirectories();
+ $this->validateWebHttps();
if (
$this->results['status']['mysql']
return true;
}
+
+ /**
+ * @since 6.1
+ */
+ protected function validateWebHttps(): void
+ {
+ $this->results['web']['https'] = RouteHandler::secureContext();
+
+ $this->results['status']['web'] = $this->results['web']['https'];
+ }
}
return self::$secure;
}
+ /**
+ * Returns true if the current environment is treated as a secure context by
+ * browsers.
+ *
+ * @see https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts#when_is_a_context_considered_secure
+ * @since 6.1
+ */
+ public static function secureContext(): bool
+ {
+ static $secureContext = null;
+ if ($secureContext === null) {
+ $secureContext = self::secureConnection();
+
+ // The connection is considered as secure if it is encrypted with
+ // TLS, or if the target host is a local address.
+ if (!$secureContext) {
+ $host = $_SERVER['HTTP_HOST'];
+
+ // @see https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-let-localhost-be-localhost-02
+ if ($host === '127.0.0.1' || $host === 'localhost' || \str_ends_with($host, '.localhost')) {
+ $secureContext = true;
+ }
+ }
+ }
+
+ return $secureContext;
+ }
+
/**
* Returns HTTP protocol, either 'http://' or 'https://'.
*/
<item name="wcf.acp.systemCheck.php.opcache"><![CDATA[OPcache]]></item>
<item name="wcf.acp.systemCheck.php.opcache.description"><![CDATA[PHPs OPcache beschleunigt die Bearbeitung von Anfragen, indem der vorverarbeitete Programmcode gecached wird. Bei aktiviertem OPcache müssen die Verwaltungsfunktionen <kbd>opcache_reset()</kbd> und <kbd>opcache_invalidate()</kbd> zur Verfügung stehen, damit der Cache nach einer Aktualisierung des Programmcodes zuverlässig neu aufgebaut werden kann.]]></item>
<item name="wcf.acp.systemCheck.php.opcache.broken"><![CDATA[Fehlerhaft – die Verwaltungsfunktionen sind nicht verfügbar]]></item>
+ <item name="wcf.acp.systemCheck.web"><![CDATA[Webserver]]></item>
+ <item name="wcf.acp.systemCheck.web.https"><![CDATA[Aufruf per HTTPS/TLS]]></item>
+ <item name="wcf.acp.systemCheck.web.https.description"><![CDATA[Neue Funktionen in Webbrowsern werden nur beim Aufruf über HTTPS/TLS unterstützt, bei unverschlüsselten Verbindungen fehlen wichtige Funktionen.]]></item>
</category>
<category name="wcf.acp.updateServer">
<item name="wcf.acp.updateServer.add"><![CDATA[Server hinzufügen]]></item>
<item name="wcf.acp.systemCheck.php.opcache"><![CDATA[OPcache]]></item>
<item name="wcf.acp.systemCheck.php.opcache.description"><![CDATA[PHP’s OPcache improves request processing performance by caching the preprocessed application code. If OPcache is enabled the management functions <kbd>opcache_reset()</kbd> and <kbd>opcache_invalidate()</kbd> need to be available to be able to reliably reset the cache when the application code is updated.]]></item>
<item name="wcf.acp.systemCheck.php.opcache.broken"><![CDATA[Broken – the management functions are unavailable]]></item>
+ <item name="wcf.acp.systemCheck.web"><![CDATA[Web Server]]></item>
+ <item name="wcf.acp.systemCheck.web.https"><![CDATA[Access via HTTPS/TLS]]></item>
+ <item name="wcf.acp.systemCheck.web.https.description"><![CDATA[New functions in web browsers are only supported when accessed via HTTPS/TLS; important features are missing for unencrypted connections.]]></item>
</category>
<category name="wcf.acp.updateServer">
<item name="wcf.acp.updateServer.add"><![CDATA[Add Server]]></item>
projects / GitHub / WoltLab / WCF.git / commitdiff