X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=bin%2FencryptDB.php;h=30698d63e9838f2e10e3df65626eaa32fd2a2647;hb=65e172a32ec6b6d9d944202e9bda1e0f47c392e9;hp=acbc7457d976d532ddf7fd20dc8a320234fa4ec2;hpb=30c4c2c577c0c53b93173552b62564bea0c69b68;p=civicrm-core.git

diff --git a/bin/encryptDB.php b/bin/encryptDB.php
index acbc7457d9..30698d63e9 100644
--- a/bin/encryptDB.php
+++ b/bin/encryptDB.php
@@ -3,7 +3,7 @@
  +--------------------------------------------------------------------+
  | CiviCRM version 4.7                                                |
  +--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2015                                |
+ | Copyright CiviCRM LLC (c) 2004-2016                                |
  +--------------------------------------------------------------------+
  | This file is a part of CiviCRM.                                    |
  |                                                                    |
@@ -25,10 +25,17 @@
  +--------------------------------------------------------------------+
  */
 
+die("This script is disabled because it is dangerous. If you need it, please duplicate it elsewhere and provide your own secure workflow. This example file will be removed in the future.");
+
+// TIP: If/when we do delete this file, take care to affirmatively check for
+// deletion as part of the status-check infrastructure. Some upgrade workflows
+// don't clear out old files properly, and there's no telling the history
+// of upgrades that have been performed.
+
 /**
  *
  * @package CRM
- * @copyright CiviCRM LLC (c) 2004-2015
+ * @copyright CiviCRM LLC (c) 2004-2016
  */
 
 define('CRM_ENCRYPT', 1);
@@ -93,6 +100,9 @@ function run() {
 
   // this does not return on failure
   CRM_Utils_System::authenticateScript(TRUE);
+  if (!CRM_Core_Permission::check('administer CiviCRM')) {
+    CRM_Utils_System::authenticateAbort("User does not have required permission (administer CiviCRM).\n", TRUE);
+  }
 
   encryptDB();
 }