From: Tim Otten <totten@civicrm.org>
Date: Sat, 12 Oct 2013 15:45:18 +0000 (+0100)
Subject: CRM-13572 - Upgrader - Delete OFC file and/or display message
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=7abafcbcf44021f56e9317315584d4496c09a84c;p=civicrm-core.git

CRM-13572 - Upgrader - Delete OFC file and/or display message

----------------------------------------
* CRM-13572:
  http://issues.civicrm.org/jira/browse/CRM-13572
---

diff --git a/CRM/Upgrade/Incremental/Legacy.php b/CRM/Upgrade/Incremental/Legacy.php
index 5bd61ee3e6..d17e870444 100644
--- a/CRM/Upgrade/Incremental/Legacy.php
+++ b/CRM/Upgrade/Incremental/Legacy.php
@@ -91,16 +91,22 @@ SELECT  id
       }
     }
 
+    // http://issues.civicrm.org/jira/browse/CRM-13572
+    // Depending on how the code was upgraded, some sites may still have copies of old
+    // source files left behind. This is often a forgivable offense, but it's quite
+    // dangerous for CIVI-SA-2013-001.
     global $civicrm_root;
     $ofcFile = "$civicrm_root/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php";
     if (file_exists($ofcFile)) {
-      // http://issues.civicrm.org/jira/browse/CRM-13572
-      // Depending on how the code was upgraded, some sites may still have copies of old
-      // source files left behind. This is often a forgivable offense, but it's quite
-      // dangerous for CIVI-SA-2013-001.
-      $preUpgradeMessage .= '<br />' . ts('This system includes an outdated, insecure script (%1). Please delete it.', array(
-        1 => $ofcFile
-      ));
+      if (@unlink($ofcFile)) {
+        $preUpgradeMessage .= '<br />' . ts('This system included an outdated, insecure script (%1). The file was automatically deleted.', array(
+          1 => $ofcFile
+        ));
+      } else {
+        $preUpgradeMessage .= '<br />' . ts('This system includes an outdated, insecure script (%1). Please delete it.', array(
+          1 => $ofcFile
+        ));
+      }
     }
   }