if (empty($_GET['snippet'])) {
// Version check and intermittent alert to admins
CRM_Utils_VersionCheck::singleton()->versionAlert();
- CRM_Utils_Check_Security::singleton()->showPeriodicAlerts();
+ CRM_Utils_Check::singleton()->showPeriodicAlerts();
// Debug msg once per hour
if ($config->debug && CRM_Core_Permission::check('administer CiviCRM') && CRM_Core_Session::singleton()->timer('debug_alert', 3600)) {
--- /dev/null
+<?php
+/*
+ +--------------------------------------------------------------------+
+ | CiviCRM version 4.4 |
+ +--------------------------------------------------------------------+
+ | Copyright CiviCRM LLC (c) 2004-2014 |
+ +--------------------------------------------------------------------+
+ | This file is a part of CiviCRM. |
+ | |
+ | CiviCRM is free software; you can copy, modify, and distribute it |
+ | under the terms of the GNU Affero General Public License |
+ | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
+ | |
+ | CiviCRM is distributed in the hope that it will be useful, but |
+ | WITHOUT ANY WARRANTY; without even the implied warranty of |
+ | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
+ | See the GNU Affero General Public License for more details. |
+ | |
+ | You should have received a copy of the GNU Affero General Public |
+ | License and the CiviCRM Licensing Exception along |
+ | with this program; if not, contact CiviCRM LLC |
+ | at info[AT]civicrm[DOT]org. If you have questions about the |
+ | GNU Affero General Public License or the licensing of CiviCRM, |
+ | see the CiviCRM license FAQ at http://civicrm.org/licensing |
+ +--------------------------------------------------------------------+
+*/
+
+/**
+ *
+ * @package CRM
+ * @copyright CiviCRM LLC (c) 2004-2014
+ * $Id: $
+ *
+ */
+class CRM_Utils_Check {
+ CONST
+ // How often to run checks and notify admins about issues.
+ CHECK_TIMER = 86400;
+
+ /**
+ * We only need one instance of this object, so we use the
+ * singleton pattern and cache the instance in this variable
+ *
+ * @var object
+ * @static
+ */
+ static private $_singleton = NULL;
+
+ /**
+ * Provide static instance of CRM_Utils_Check.
+ *
+ * @return CRM_Utils_Check
+ */
+ static function &singleton() {
+ if (!isset(self::$_singleton)) {
+ self::$_singleton = new CRM_Utils_Check();
+ }
+ return self::$_singleton;
+ }
+
+ /**
+ * Execute "checkAll"
+ */
+ public function showPeriodicAlerts() {
+ if (CRM_Core_Permission::check('administer CiviCRM')
+ && CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'securityAlert', NULL, TRUE)
+ ) {
+ $session = CRM_Core_Session::singleton();
+ if ($session->timer('check_' . __CLASS__, self::CHECK_TIMER)) {
+
+ // Best attempt at re-securing folders
+ $config = CRM_Core_Config::singleton();
+ $config->cleanup(0, FALSE);
+
+ foreach ($this->checkAll() as $message) {
+ CRM_Core_Session::setStatus($message->getMessage(), $message->getTitle());
+ }
+ }
+ }
+ }
+
+ /**
+ * Run some sanity checks.
+ *
+ * This could become a hook so that CiviCRM can run both built-in
+ * configuration & sanity checks, and modules/extensions can add
+ * their own checks.
+ *
+ * We might even expose the results of these checks on the Wordpress
+ * plugin status page or the Drupal admin/reports/status path.
+ *
+ * @return array of messages
+ * @see Drupal's hook_requirements() -
+ * https://api.drupal.org/api/drupal/modules%21system%21system.api.php/function/hook_requirements
+ */
+ public function checkAll() {
+ $security = new CRM_Utils_Check_Security();
+ $messages = array_merge(
+ $security->checkAll()
+ );
+ return $messages;
+ }
+
+}
\ No newline at end of file
*/
private $message;
- function __construct($name, $message) {
+ /**
+ * @var string
+ */
+ private $title;
+
+ function __construct($name, $message, $title) {
$this->name = $name;
$this->message = $message;
+ $this->title = $title;
}
/**
return $this->message;
}
+ /**
+ * @return string
+ */
+ public function getTitle() {
+ return $this->title;
+ }
+
/**
* @return array
*/
return array(
'name' => $this->name,
'message' => $this->message,
+ 'title' => $this->title,
);
}
}
*/
class CRM_Utils_Check_Security {
- CONST
- // How often to run checks and notify admins about issues.
- CHECK_TIMER = 86400;
-
- /**
- * We only need one instance of this object, so we use the
- * singleton pattern and cache the instance in this variable
- *
- * @var object
- * @static
- */
- static private $_singleton = NULL;
-
- /**
- * Provide static instance of CRM_Utils_Check_Security.
- *
- * @return CRM_Utils_Check_Security
- */
- static function &singleton() {
- if (!isset(self::$_singleton)) {
- self::$_singleton = new CRM_Utils_Check_Security();
- }
- return self::$_singleton;
- }
-
/**
* CMS have a different pattern to their default file path and URL.
*
}
}
- /**
- * Execute "checkAll"
- */
- public function showPeriodicAlerts() {
- if (CRM_Core_Permission::check('administer CiviCRM')
- && CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'securityAlert', NULL, TRUE)
- ) {
- $session = CRM_Core_Session::singleton();
- if ($session->timer('check_' . __CLASS__, self::CHECK_TIMER)) {
-
- // Best attempt at re-securing folders
- $config = CRM_Core_Config::singleton();
- $config->cleanup(0, FALSE);
-
- foreach ($this->checkAll() as $message) {
- CRM_Core_Session::setStatus($message->getMessage(), ts('Security Warning'));
- }
- }
- }
- }
-
/**
* Run some sanity checks.
*
- * This could become a hook so that CiviCRM can run both built-in
- * configuration & sanity checks, and modules/extensions can add
- * their own checks.
- *
- * We might even expose the results of these checks on the Wordpress
- * plugin status page or the Drupal admin/reports/status path.
- *
- * @return array of messages
- * @see Drupal's hook_requirements() -
- * https://api.drupal.org/api/drupal/modules%21system%21system.api.php/function/hook_requirements
+ * @return array<CRM_Utils_Check_Message>
*/
public function checkAll() {
$messages = array_merge(
- CRM_Utils_Check_Security::singleton()->checkLogFileIsNotAccessible(),
- CRM_Utils_Check_Security::singleton()->checkUploadsAreNotAccessible(),
- CRM_Utils_Check_Security::singleton()->checkDirectoriesAreNotBrowseable()
+ $this->checkLogFileIsNotAccessible(),
+ $this->checkUploadsAreNotAccessible(),
+ $this->checkDirectoriesAreNotBrowseable()
);
return $messages;
}
'<a href="%2">Read more about this warning</a>';
$messages[] = new CRM_Utils_Check_Message(
'checkLogFileIsNotAccessible',
- ts($msg, array(1 => $log_url, 2 => $docs_url))
+ ts($msg, array(1 => $log_url, 2 => $docs_url)),
+ ts('Security Warning')
);
}
}
$docs_url = $this->createDocUrl('checkUploadsAreNotAccessible');
$messages[] = new CRM_Utils_Check_Message(
'checkUploadsAreNotAccessible',
- ts($msg, array(1 => $docs_url))
+ ts($msg, array(1 => $docs_url)),
+ ts('Security Warning')
);
}
}
$docs_url = $this->createDocUrl('checkDirectoriesAreNotBrowseable');
$messages[] = new CRM_Utils_Check_Message(
'checkDirectoriesAreNotBrowseable',
- ts($msg, array(1 => $publicDir, 2 => $publicDir, 3 => $docs_url))
+ ts($msg, array(1 => $publicDir, 2 => $publicDir, 3 => $docs_url)),
+ ts('Security Warning')
);
}
}
*/
function civicrm_api3_system_check($params) {
$returnValues = array();
- foreach (CRM_Utils_Check_Security::singleton()->checkAll() as $message) {
+ foreach (CRM_Utils_Check::singleton()->checkAll() as $message) {
$returnValues[] = $message->toArray();
}
projects / civicrm-core.git / commitdiff