vcs.fsf.org Git - civicrm-core.git/commit

author	Tim Otten <totten@civicrm.org>
	Wed, 5 Feb 2014 21:36:08 +0000 (13:36 -0800)
committer	Tim Otten <totten@civicrm.org>
	Wed, 5 Feb 2014 21:36:08 +0000 (13:36 -0800)
commit	af5201d492e07457a96fed6f839003e1c9ef3456
tree	184fcc0c54c0bda131a75bfde29589fcdced3ffa	tree \| snapshot (zip tar.gz)
parent	8944eb097c1ffd44b8063c77b2cd0fa315192ceb	commit \| diff

CRM-14092 - Restrict browsing of imageUploadDir via imageUploadURL

Previously, it attempted to restrict browsing of uploadDir and
configAndLogDir.  However, this is extraneoous because we have other checks
to ensure that those directories are inaccessible.  However, imageUploadDir
is different because we want to expose its file -- we just don't want to
expose a listing of them.

This commit also breaks out checkDirectoriesAreNotBrowseable() into
three functions.

----------------------------------------
* CRM-14092:
  http://issues.civicrm.org/jira/browse/CRM-14092

CRM/Utils/Check/Security.php		diff \| blob \| blame \| history
CRM/Utils/File.php		diff \| blob \| blame \| history