/**
* Check if our uploads or ConfigAndLog directories have browseable
* listings.
*
* Retrieve a listing of files from the local filesystem, and the
* corresponding path via HTTP. Then check and see if the local
* files are represented in the HTTP result; if so then warn. This
* MAY trigger false positives (if you have files named 'a', 'e'
* we'll probably match that).
*
* @return array
* Array of messages
* @see CRM-14091
*
* @todo Test with WordPress, Joomla.
*/
public function checkDirectoriesAreNotBrowseable()
{
$messages = array();
$config = CRM_Core_Config::singleton();
$publicDirs = array($config->imageUploadDir => $config->imageUploadURL);
// Setup index.html files to prevent browsing
foreach ($publicDirs as $publicDir => $publicUrl) {
CRM_Utils_File::restrictBrowsing($publicDir);
}
// Test that $publicDir is not browsable
foreach ($publicDirs as $publicDir => $publicUrl) {
if ($this->isBrowsable($publicDir, $publicUrl)) {
$msg = 'Directory <a href="%1">%2</a> should not be browseable via the web.' . '<br />' . '<a href="%3">Read more about this warning</a>';
$docs_url = $this->createDocUrl('checkDirectoriesAreNotBrowseable');
$messages[] = new CRM_Utils_Check_Message(__FUNCTION__, ts($msg, array(1 => $publicDir, 2 => $publicDir, 3 => $docs_url)), ts('Browseable Directories'), \Psr\Log\LogLevel::ERROR, 'fa-lock');
}
}
return $messages;
}
