diff options
author | diosmosis <diosmosis@users.noreply.github.com> | 2019-01-25 03:46:58 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-25 03:46:58 +0300 |
commit | bd22c3e9439fd78bdeb679280f668b3f1e669469 (patch) | |
tree | a41aa2896d265bca13d0a540303c93f377671c51 /plugins/Login/Security | |
parent | 4936fa288560aec2916e6f907b607fdc075934dd (diff) |
Do not enable brute force detection during update process. (#14001)
* Do not enable brute force detection during update process.
* Try detection through checking for updates.
* Do not enable brute force detection until version is successfully updated to 3.8.0.
* $dbSchemaVersion may be false
Diffstat (limited to 'plugins/Login/Security')
-rw-r--r-- | plugins/Login/Security/BruteForceDetection.php | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/plugins/Login/Security/BruteForceDetection.php b/plugins/Login/Security/BruteForceDetection.php index 7337257483..9ca79e3266 100644 --- a/plugins/Login/Security/BruteForceDetection.php +++ b/plugins/Login/Security/BruteForceDetection.php @@ -12,6 +12,8 @@ use Piwik\Common; use Piwik\Date; use Piwik\Db; use Piwik\Plugins\Login\SystemSettings; +use Piwik\Updater; +use Piwik\Version; class BruteForceDetection { @@ -26,16 +28,27 @@ class BruteForceDetection { */ private $settings; + /** + * @var Updater + */ + private $updater; + public function __construct(SystemSettings $systemSettings) { $this->tablePrefixed = Common::prefixTable($this->table); $this->settings = $systemSettings; $this->minutesTimeRange = $systemSettings->loginAttemptsTimeRange->getValue(); $this->maxLogAttempts = $systemSettings->maxFailedLoginsPerMinutes->getValue(); + $this->updater = new Updater(); } public function isEnabled() { + $dbSchemaVersion = $this->updater->getCurrentComponentVersion('core'); + if ($dbSchemaVersion && version_compare($dbSchemaVersion, '3.8.0') == -1) { + return false; // do not enable brute force detection before the tables exist + } + return $this->settings->enableBruteForceDetection->getValue(); } @@ -131,4 +144,4 @@ class BruteForceDetection { { return $this->getNow()->subPeriod($minutes, 'minute')->getDatetime(); } -}
\ No newline at end of file +} |