From: Nicolas Ganivet Date: Wed, 25 Feb 2015 03:12:56 +0000 (-0700) Subject: CRM-16005 verification X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=44d3eb82392d7ad16f0d836430f66dbc10645ca2;p=civicrm-core.git CRM-16005 verification --- diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php index e9998599f9..6552d0d1a3 100644 --- a/CRM/Utils/Check/Security.php +++ b/CRM/Utils/Check/Security.php @@ -59,7 +59,8 @@ class CRM_Utils_Check_Security { $messages = array_merge( $this->checkLogFileIsNotAccessible(), $this->checkUploadsAreNotAccessible(), - $this->checkDirectoriesAreNotBrowseable() + $this->checkDirectoriesAreNotBrowseable(), + $this->checkFilesAreNotPresent() ); return $messages; } @@ -207,6 +208,31 @@ class CRM_Utils_Check_Security { return $messages; } + + /** + * Check that some files are not present + * + * @return array of messages + */ + public function checkFilesAreNotPresent() { + global $civicrm_root; + + $messages = array(); + $files = array( + "{$civicrm_root}/packages/dompdf/dompdf.php", // CRM-16005 + ); + foreach ($files as $file) { + if (file_exists($file)) { + $messages[] = new CRM_Utils_Check_Message( + 'checkFilesAreNotPresent', + ts('File \'%1\' presents a security risk and should be deleted.', array(1 => $file)), + ts('Security Warning') + ); + } + } + return $messages; + } + /** * Determine whether $url is a public, browsable listing for $dir *