CRM-16005 verification

author Nicolas Ganivet <nicolas@cividesk.com>

Wed, 25 Feb 2015 03:12:56 +0000 (20:12 -0700)

committer Tim Otten <totten@civicrm.org>

Wed, 25 Feb 2015 19:00:02 +0000 (11:00 -0800)
author Nicolas Ganivet <nicolas@cividesk.com>
Wed, 25 Feb 2015 03:12:56 +0000 (20:12 -0700)
committer Tim Otten <totten@civicrm.org>
Wed, 25 Feb 2015 19:00:02 +0000 (11:00 -0800)
diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php

index e9998599f95c665ebacbe68cc4fe38fee5257cbb..6552d0d1a3fbc62b93710e5b90c63e8958ae060a 100644 (file)
--- a/CRM/Utils/Check/Security.php
+++ b/CRM/Utils/Check/Security.php
@@ -59,7 +59,8 @@ class CRM_Utils_Check_Security {
      $messages = array_merge(
        $this->checkLogFileIsNotAccessible(),
        $this->checkUploadsAreNotAccessible(),
-      $this->checkDirectoriesAreNotBrowseable()
+      $this->checkDirectoriesAreNotBrowseable(),
+      $this->checkFilesAreNotPresent()
      );
      return $messages;
    }
@@ -207,6 +208,31 @@ class CRM_Utils_Check_Security {
      return $messages;
    }
  
+
+  /**
+   * Check that some files are not present
+   *
+   * @return array of messages
+   */
+  public function checkFilesAreNotPresent() {
+    global $civicrm_root;
+
+    $messages = array();
+    $files = array(
+      "{$civicrm_root}/packages/dompdf/dompdf.php", // CRM-16005
+    );
+    foreach ($files as $file) {
+      if (file_exists($file)) {
+        $messages[] = new CRM_Utils_Check_Message(
+          'checkFilesAreNotPresent',
+          ts('File \'%1\' presents a security risk and should be deleted.', array(1 => $file)),
+          ts('Security Warning')
+        );
+      }
+    }
+    return $messages;
+  }
+
    /**
     * Determine whether $url is a public, browsable listing for $dir
     *
author	Nicolas Ganivet <nicolas@cividesk.com>
	Wed, 25 Feb 2015 03:12:56 +0000 (20:12 -0700)
committer	Tim Otten <totten@civicrm.org>
	Wed, 25 Feb 2015 19:00:02 +0000 (11:00 -0800)