Admin: Add config disable_webservices

In order to block access to v2.php/registration.soap.php webservices.

Author: jmontoyaa

documentation/security.html

@@ -25,6 +25,7 @@ <h2><b>Contents</b></h2>
   <li><a href="#5.Files-permissions">Restricting files permissions</a></li>
   <li><a href="#6.HSTS">HTTP Headers Security</a></li>
   <li><a href="#7.Direct-web-access">Direct web access to files</a></li>
+  <li><a href="#8.Disable-webservices">Disable webservices</a></li>
 </ol>
 
 <h2><a name="1.Disclosing-server-info"></a>1. Disclosing server info</h2>
@@ -195,6 +196,14 @@ <h2><a name="7.Direct-web-access">Direct web access to files</a></h2>
     information in images, CSS or JavaScript files, you will need to update
     these rules to suit your needs.
     </p>
+
+<h2><a name="8.Disable-webservices">Disable webservices</a></h2>
+    <p>
+        In order to disable webservices add the configuration below:
+    <pre>
+    $_configuration['disable_webservices'] = true;
+    </pre>
+    </p>
 <h2>Authors</h2>
 <ul>
 <li>Yannick Warnier, Zend Certified PHP Engineer, BeezNest Belgium SPRL,

main/inc/lib/api.lib.php

@@ -10158,3 +10158,12 @@ function api_get_print_css(bool $getFileContents = true, bool $useWebPath = fals
 
     return $cssFile;
 }
+
+function api_protect_webservices()
+{
+    if (api_get_configuration_value('disable_webservices')) {
+        echo "Webservices are disabled. \n";
+        echo "To enable, add \$_configuration['disable_webservices'] = true; in configuration.php";
+        exit;
+    }
+}

main/install/configuration.dist.php

@@ -1942,6 +1942,9 @@
 // If true then a variable will be called get_lang('CareerDiagramDisclaimer') and printed below a diagram;
 //$_configuration['career_diagram_disclaimer'] = true;
 
+// Disable webservices.
+//$_configuration['disable_webservices'] = true;
+
 // KEEP THIS AT THE END
 // -------- Custom DB changes
 // Add user activation by confirmation email

main/webservices/access_url.php

@@ -5,6 +5,9 @@
  * @package chamilo.webservices
  */
 require_once __DIR__.'/../inc/global.inc.php';
+
+api_protect_webservices();
+
 $debug = true;
 
 define('WS_ERROR_SECRET_KEY', 1);

main/webservices/additional_webservices.php

@@ -7,6 +7,8 @@
  */
 require_once __DIR__.'/../inc/global.inc.php';
 
+api_protect_webservices();
+
 /**
  * Function to convert from ppt to png
  * This function is used from Chamilo Rapid Lesson.

main/webservices/api/v2.php

@@ -16,6 +16,8 @@
  */
 require_once __DIR__.'/../../inc/global.inc.php';
 
+api_protect_webservices();
+
 $hash = isset($_REQUEST['hash']) ? $_REQUEST['hash'] : null;
 
 if ($hash) {

main/webservices/cm_webservice.php

@@ -1,13 +1,13 @@
 <?php
+
 /* For licensing terms, see /license.txt */
 
 use Chamilo\UserBundle\Entity\User;
 
-/**
- * @package chamilo.webservices
- */
 require_once __DIR__.'/../inc/global.inc.php';
 
+api_protect_webservices();
+
 /**
  * Error returned by one of the methods of the web service. Contains an error code and an error message.
  */

main/webservices/courses_list.rest.php

@@ -13,6 +13,8 @@
  */
 require_once __DIR__.'/../inc/global.inc.php';
 
+api_protect_webservices();
+
 /**
  * Get a list of courses (code, url, title, teacher, language) and return to caller
  * Function registered as service. Returns strings in UTF-8.

main/webservices/courses_list.soap.php

@@ -1,4 +1,5 @@
 <?php
+
 /* For licensing terms, see /license.txt */
 
 /**
@@ -14,6 +15,8 @@
  */
 require_once __DIR__.'/../inc/global.inc.php';
 
+api_protect_webservices();
+
 // Create the server instance
 $server = new soap_server();
 // Initialize WSDL support

main/webservices/gradebook.php

@@ -6,6 +6,8 @@
 
 require_once __DIR__.'/../inc/global.inc.php';
 
+api_protect_webservices();
+
 ini_set('memory_limit', -1);
 
 /*