projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 349b394)
CRM-14091. Run checks at most once a day for each user with administrative permissions.
authorChris Burgess <chris@fuzion.co.nz>
Fri, 31 Jan 2014 02:35:31 +0000 (15:35 +1300)
committerTim Otten <totten@civicrm.org>
Wed, 5 Feb 2014 17:47:31 +0000 (09:47 -0800)
CRM/Utils/Check/Security.php patch | blob | blame | history

diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php
index ab554cf4ab5e3bf6f70e75888d3b3375ed0ce5aa..c8b7ecf02e6f1c4279e676fb14aeedad3c386c43 100644 (file)
--- a/CRM/Utils/Check/Security.php
+++ b/CRM/Utils/Check/Security.php
@@ -34,6 +34,10 @@
  */
 class CRM_Utils_Check_Security {
 
+  CONST
+    // How often to run checks and notify admins about issues.
+    CHECK_TIMER = 86400;
+
   /**
    * We only need one instance of this object, so we use the
    * singleton pattern and cache the instance in this variable
@@ -70,9 +74,12 @@ class CRM_Utils_Check_Security {
    */
   public function allChecks() {
     if (CRM_Core_Permission::check('administer CiviCRM')) {
-      CRM_Utils_Check_Security::singleton()->CheckLogFileIsNotAccessible();
-      CRM_Utils_Check_Security::singleton()->CheckUploadsAreNotAccessible();
-      CRM_Utils_Check_Security::singleton()->CheckDirectoriesAreNotBrowseable();
+      $session = CRM_Core_Session::singleton();
+      if ($session->timer('check_' . __CLASS__, self::CHECK_TIMER)) {
+        CRM_Utils_Check_Security::singleton()->CheckLogFileIsNotAccessible();
+        CRM_Utils_Check_Security::singleton()->CheckUploadsAreNotAccessible();
+        CRM_Utils_Check_Security::singleton()->CheckDirectoriesAreNotBrowseable();
+      }
     }
   }
 
@@ -115,8 +122,6 @@ class CRM_Utils_Check_Security {
           if ($log_path = explode('/files/', $log_filename)) {
             $url[] = $log_path[1];
             $log_url = implode('/files/', $url);
-            // Fake a log being internet-accessible.
-            // $log_url = 'https://gist.github.com/xurizaemon/2141ee4e042c273c8979/raw/3eda5da63b114e206c2516569f88a45305cb1469/CiviCRM.aabbccdd.log';
             $docs_url = 'http://wiki.civicrm.org/confluence/display/CRMDOC/Security/LogNotAccessible';
             if ($log = @file_get_contents($log_url)) {
               $msg = 'The <a href="%1">CiviCRM debug log</a> should not be downloadable.'