CRM-14210. Use get_headers() and check for 200 response instead of file_get_contents...

author Chris Burgess <chris@giantrobot.co.nz>

Sun, 16 Feb 2014 22:14:31 +0000 (11:14 +1300)

committer Tim Otten <totten@civicrm.org>

Sun, 9 Mar 2014 23:58:48 +0000 (16:58 -0700)
author Chris Burgess <chris@giantrobot.co.nz>
Sun, 16 Feb 2014 22:14:31 +0000 (11:14 +1300)
committer Tim Otten <totten@civicrm.org>
Sun, 9 Mar 2014 23:58:48 +0000 (16:58 -0700)
diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php

index c08d12046d237f5db8b433280a5207e177b6889f..f22be1535c1becded26071b2674488a79cebec56 100644 (file)
--- a/CRM/Utils/Check/Security.php
+++ b/CRM/Utils/Check/Security.php
@@ -153,7 +153,8 @@ class CRM_Utils_Check_Security {
          $url[] = $log_path[1];
          $log_url = implode($filePathMarker, $url);
          $docs_url = $this->createDocUrl('checkLogFileIsNotAccessible');
-        if ($log = @file_get_contents($log_url)) {
+        $headers = @get_headers($log_url);
+        if (stripos($headers[0], '200')) {
            $msg = 'The <a href="%1">CiviCRM debug log</a> should not be downloadable.'
              . '<br />' .
              '<a href="%2">Read more about this warning</a>';
@@ -192,7 +193,8 @@ class CRM_Utils_Check_Security {
            $f = array_rand($files);
            if ($file_path = explode($filePathMarker, $files[$f])) {
              $url = implode($filePathMarker, array($upload_url[0], $file_path[1]));
-            if ($file = @file_get_contents($url)) {
+            $headers = @get_headers($url);
+            if (stripos($headers[0], '200')) {
                $msg = 'Files in the upload directory should not be downloadable.'
                  . '<br />' .
                  '<a href="%1">Read more about this warning</a>';
author	Chris Burgess <chris@giantrobot.co.nz>
	Sun, 16 Feb 2014 22:14:31 +0000 (11:14 +1300)
committer	Tim Otten <totten@civicrm.org>
	Sun, 9 Mar 2014 23:58:48 +0000 (16:58 -0700)