From: Nicolas Ganivet Date: Thu, 3 Sep 2015 17:57:13 +0000 (-0600) Subject: CRM-17149: full fix X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=4de448d705e22166306c09accdd32d94937aed8f;p=civicrm-core.git CRM-17149: full fix --- diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php index 0ef911f4ae..6e5dc7f903 100644 --- a/CRM/Utils/Check/Security.php +++ b/CRM/Utils/Check/Security.php @@ -101,19 +101,22 @@ class CRM_Utils_Check_Security { if ($upload_url = explode($filePathMarker, $config->imageUploadURL)) { $url[] = $upload_url[0]; if ($log_path = explode($filePathMarker, $log_filename)) { - $url[] = $log_path[1]; - $log_url = implode($filePathMarker, $url); - $headers = @get_headers($log_url); - if (stripos($headers[0], '200')) { - $docs_url = $this->createDocUrl('checkLogFileIsNotAccessible'); - $msg = 'The CiviCRM debug log should not be downloadable.' - . '
' . - 'Read more about this warning'; - $messages[] = new CRM_Utils_Check_Message( - 'checkLogFileIsNotAccessible', - ts($msg, array(1 => $log_url, 2 => $docs_url)), - ts('Security Warning') - ); + // CRM-17149: check if debug log path includes $filePathMarker + if (sizeof($log_path) > 1) { + $url[] = $log_path[1]; + $log_url = implode($filePathMarker, $url); + $headers = @get_headers($log_url); + if (stripos($headers[0], '200')) { + $docs_url = $this->createDocUrl('checkLogFileIsNotAccessible'); + $msg = 'The CiviCRM debug log should not be downloadable.' + . '
' . + 'Read more about this warning'; + $messages[] = new CRM_Utils_Check_Message( + 'checkLogFileIsNotAccessible', + ts($msg, array(1 => $log_url, 2 => $docs_url)), + ts('Security Warning') + ); + } } } }