CRM-14091, CRM-14092 - Defensive programming

author Tim Otten <totten@civicrm.org>

Thu, 6 Feb 2014 16:35:55 +0000 (08:35 -0800)

committer Tim Otten <totten@civicrm.org>

Thu, 6 Feb 2014 16:35:55 +0000 (08:35 -0800)
author Tim Otten <totten@civicrm.org>
Thu, 6 Feb 2014 16:35:55 +0000 (08:35 -0800)
committer Tim Otten <totten@civicrm.org>
Thu, 6 Feb 2014 16:35:55 +0000 (08:35 -0800)
diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php

index 3c8ed4a079728be042543ea9d8aa41cdd525010f..bb076daa75d80e9ac49f7e9182f74a2de9460f12 100644 (file)
--- a/CRM/Utils/Check/Security.php
+++ b/CRM/Utils/Check/Security.php
@@ -256,10 +256,14 @@ class CRM_Utils_Check_Security {
     * @return bool
     */
    public function isBrowsable($dir, $url) {
+    if (empty($dir) || empty($url)) {
+      return FALSE;
+    }
+
      $result = FALSE;
      $file = 'delete-this-' . CRM_Utils_String::createRandom(10, CRM_Utils_String::ALPHANUMERIC);
  
-    // this could be a new system with uploads yet -- so we'll make a file
+    // this could be a new system with no uploads (yet) -- so we'll make a file
      file_put_contents("$dir/$file", "delete me");
      $content = @file_get_contents("$url");
      if (stristr($content, $file)) {
author	Tim Otten <totten@civicrm.org>
	Thu, 6 Feb 2014 16:35:55 +0000 (08:35 -0800)
committer	Tim Otten <totten@civicrm.org>
	Thu, 6 Feb 2014 16:35:55 +0000 (08:35 -0800)