예제 #1
0
 /**
  * Check if our uploads or ConfigAndLog directories have browseable
  * listings.
  *
  * Retrieve a listing of files from the local filesystem, and the
  * corresponding path via HTTP. Then check and see if the local
  * files are represented in the HTTP result; if so then warn. This
  * MAY trigger false positives (if you have files named 'a', 'e'
  * we'll probably match that).
  *
  * @return array
  *   Array of messages
  * @see CRM-14091
  *
  * @todo Test with WordPress, Joomla.
  */
 public function checkDirectoriesAreNotBrowseable()
 {
     $messages = array();
     $config = CRM_Core_Config::singleton();
     $publicDirs = array($config->imageUploadDir => $config->imageUploadURL);
     // Setup index.html files to prevent browsing
     foreach ($publicDirs as $publicDir => $publicUrl) {
         CRM_Utils_File::restrictBrowsing($publicDir);
     }
     // Test that $publicDir is not browsable
     foreach ($publicDirs as $publicDir => $publicUrl) {
         if ($this->isBrowsable($publicDir, $publicUrl)) {
             $msg = 'Directory <a href="%1">%2</a> should not be browseable via the web.' . '<br />' . '<a href="%3">Read more about this warning</a>';
             $docs_url = $this->createDocUrl('checkDirectoriesAreNotBrowseable');
             $messages[] = new CRM_Utils_Check_Message(__FUNCTION__, ts($msg, array(1 => $publicDir, 2 => $publicDir, 3 => $docs_url)), ts('Browseable Directories'), \Psr\Log\LogLevel::ERROR, 'fa-lock');
         }
     }
     return $messages;
 }