From: Chris Burgess Date: Fri, 31 Jan 2014 02:35:31 +0000 (+1300) Subject: CRM-14091. Run checks at most once a day for each user with administrative permissions. X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=6e663e845c2b8c345fa642979a9e925d30d12701;p=civicrm-core.git CRM-14091. Run checks at most once a day for each user with administrative permissions. --- diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php index ab554cf4ab..c8b7ecf02e 100644 --- a/CRM/Utils/Check/Security.php +++ b/CRM/Utils/Check/Security.php @@ -34,6 +34,10 @@ */ class CRM_Utils_Check_Security { + CONST + // How often to run checks and notify admins about issues. + CHECK_TIMER = 86400; + /** * We only need one instance of this object, so we use the * singleton pattern and cache the instance in this variable @@ -70,9 +74,12 @@ class CRM_Utils_Check_Security { */ public function allChecks() { if (CRM_Core_Permission::check('administer CiviCRM')) { - CRM_Utils_Check_Security::singleton()->CheckLogFileIsNotAccessible(); - CRM_Utils_Check_Security::singleton()->CheckUploadsAreNotAccessible(); - CRM_Utils_Check_Security::singleton()->CheckDirectoriesAreNotBrowseable(); + $session = CRM_Core_Session::singleton(); + if ($session->timer('check_' . __CLASS__, self::CHECK_TIMER)) { + CRM_Utils_Check_Security::singleton()->CheckLogFileIsNotAccessible(); + CRM_Utils_Check_Security::singleton()->CheckUploadsAreNotAccessible(); + CRM_Utils_Check_Security::singleton()->CheckDirectoriesAreNotBrowseable(); + } } } @@ -115,8 +122,6 @@ class CRM_Utils_Check_Security { if ($log_path = explode('/files/', $log_filename)) { $url[] = $log_path[1]; $log_url = implode('/files/', $url); - // Fake a log being internet-accessible. - // $log_url = 'https://gist.github.com/xurizaemon/2141ee4e042c273c8979/raw/3eda5da63b114e206c2516569f88a45305cb1469/CiviCRM.aabbccdd.log'; $docs_url = 'http://wiki.civicrm.org/confluence/display/CRMDOC/Security/LogNotAccessible'; if ($log = @file_get_contents($log_url)) { $msg = 'The CiviCRM debug log should not be downloadable.'