Merge pull request #85 from getkirby/develop

1.6.0

.github/workflows/ci.yml

@@ -9,7 +9,7 @@ jobs:
     timeout-minutes: 5
     strategy:
       matrix:
-        php: ["8.1", "8.2", "8.3"]
+        php: ["8.1", "8.2", "8.3", "8.4"]
     env:
       extensions: mbstring, pcov
       ini: pcov.directory=., "pcov.exclude=\"~(vendor|tests)~\""

README.md

@@ -66,6 +66,7 @@ This should print the Kirby CLI version and a list of available commands
 - kirby register
 - kirby remove:command
 - kirby roots
+- kirby security
 - kirby unzip
 - kirby upgrade
 - kirby uuid:generate
@@ -300,7 +301,8 @@ return [
 - **[Forum](https://forum.getkirby.com)** – Whenever you get stuck, don't hesitate to reach out for questions and support.
 - **[Discord](https://chat.getkirby.com)** – Hang out and meet the community.
 - **[YouTube](https://youtube.com/kirbyCasts)** - Watch the latest video tutorials visually with Bastian.
-- **[Mastodon](https://mastodon.social/@getkirby)** – Spread the word.
+- **[Mastodon](https://mastodon.social/@getkirby)** – Follow us in the Fediverse.
+- **[Bluesky](https://bsky.app/profile/getkirby.com)** – Follow us on Bluesky.
 - **[Instagram](https://www.instagram.com/getkirby/)** – Share your creations: #madewithkirby.
 
 ---

bootstrap.php

@@ -12,9 +12,9 @@ function bootstrap(): string|null
 		// avoid any output in the CLI
 		$_ENV['KIRBY_RENDER'] = false;
 
-		if (empty($_ENV['KIRBY_HOST']) === false) {
-			$_SERVER['SERVER_NAME'] = $_ENV['KIRBY_HOST'];
-			$_SERVER['HTTP_HOST']   = $_ENV['KIRBY_HOST'];
+		if ($host = getenv('KIRBY_HOST')) {
+			$_SERVER['SERVER_NAME'] = $host;
+			$_SERVER['HTTP_HOST']   = $host;
 		}
 
 		ob_start();

commands/security.php

@@ -0,0 +1,57 @@
+<?php
+
+declare(strict_types = 1);
+
+use Kirby\CLI\CLI;
+use Kirby\Http\Remote;
+use Kirby\Http\Url;
+use Kirby\Toolkit\I18n;
+
+return [
+	'description' => 'Performs security checks of the site',
+	'command' => static function (CLI $cli): void {
+		$kirby        = $cli->kirby();
+		$system       = $kirby->system();
+		$updateStatus = $system->updateStatus();
+		$messages     = [
+			...array_column($updateStatus?->messages() ?? [], 'text'),
+			...$updateStatus->exceptionMessages()
+		];
+
+		if ($kirby->option('debug', false) === true) {
+			$messages[] = I18n::translate('system.issues.debug');
+		}
+
+		if ($kirby->environment()->https() !== true) {
+			$messages[] = I18n::translate('system.issues.https');
+		}
+
+		// checks exposable urls of the site
+		// works only site url is absolute since can't get it in CLI mode
+		// and CURL won't work for relative urls
+		if (Url::isAbsolute($kirby->url())) {
+			$urls = [
+				'content' => $system->exposedFileUrl('content'),
+				'git'     => $system->exposedFileUrl('git'),
+				'kirby'   => $system->exposedFileUrl('kirby'),
+				'site'    => $system->exposedFileUrl('site')
+			];
+
+			foreach ($urls as $key => $url) {
+				if (empty($url) === false && Remote::get($url)->code() < 400) {
+					$messages[] = I18n::translate('system.issues.' . $key);
+				}
+			}
+		} else {
+			$messages[] = 'Could not check for exposed folders as the site URL is not absolute';
+		}
+
+		if (empty($messages) === false) {
+			foreach ($messages as $message) {
+				$cli->error('> ' . $message);
+			}
+		} else {
+			$cli->success('Basic security checks were successful, please review https://getkirby.com/docs/guide/security for additional best practices.');
+		}
+	}
+];

composer.json

@@ -2,7 +2,7 @@
 	"name": "getkirby/cli",
 	"description": "Kirby command line interface",
 	"license": "MIT",
-	"version": "1.5.0",
+	"version": "1.6.0",
 	"keywords": [
 		"kirby",
 		"cms",
@@ -24,11 +24,11 @@
 		"source": "https://github.com/getkirby/cli"
 	},
 	"require": {
-		"php": "~8.1.0 || ~8.2.0 || ~8.3.0",
+		"php": "~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0",
 		"ext-zip": "*",
 		"composer-runtime-api": "^2.2",
-		"guzzlehttp/guzzle": "^7.8",
-		"league/climate": "^3.8.2"
+		"guzzlehttp/guzzle": "^7.9.2",
+		"league/climate": "^3.10.0"
 	},
 	"autoload": {
 		"psr-4": {