From: Nicolas Ganivet <nicolas@cividesk.com>
Date: Wed, 25 Feb 2015 03:12:56 +0000 (-0700)
Subject: CRM-16005 verification
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=44d3eb82392d7ad16f0d836430f66dbc10645ca2;p=civicrm-core.git

CRM-16005 verification
---

diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php
index e9998599f9..6552d0d1a3 100644
--- a/CRM/Utils/Check/Security.php
+++ b/CRM/Utils/Check/Security.php
@@ -59,7 +59,8 @@ class CRM_Utils_Check_Security {
     $messages = array_merge(
       $this->checkLogFileIsNotAccessible(),
       $this->checkUploadsAreNotAccessible(),
-      $this->checkDirectoriesAreNotBrowseable()
+      $this->checkDirectoriesAreNotBrowseable(),
+      $this->checkFilesAreNotPresent()
     );
     return $messages;
   }
@@ -207,6 +208,31 @@ class CRM_Utils_Check_Security {
     return $messages;
   }
 
+
+  /**
+   * Check that some files are not present
+   *
+   * @return array of messages
+   */
+  public function checkFilesAreNotPresent() {
+    global $civicrm_root;
+
+    $messages = array();
+    $files = array(
+      "{$civicrm_root}/packages/dompdf/dompdf.php", // CRM-16005
+    );
+    foreach ($files as $file) {
+      if (file_exists($file)) {
+        $messages[] = new CRM_Utils_Check_Message(
+          'checkFilesAreNotPresent',
+          ts('File \'%1\' presents a security risk and should be deleted.', array(1 => $file)),
+          ts('Security Warning')
+        );
+      }
+    }
+    return $messages;
+  }
+
   /**
    * Determine whether $url is a public, browsable listing for $dir
    *