From 181e2dd50b270fc8abe110b204511bafe8892765 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Mon, 29 Aug 2016 20:32:12 -0700
Subject: [PATCH] CRM-15928 - Display warning if `remote_profile_submissions`
 is enabled

---
 CRM/Utils/Check/Component/Security.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/CRM/Utils/Check/Component/Security.php b/CRM/Utils/Check/Component/Security.php
index 19e7f66183..b1e13148a4 100644
--- a/CRM/Utils/Check/Component/Security.php
+++ b/CRM/Utils/Check/Component/Security.php
@@ -256,6 +256,28 @@ class CRM_Utils_Check_Component_Security extends CRM_Utils_Check_Component {
     return $messages;
   }
 
+  /**
+   * Discourage use of remote profile forms.
+   */
+  public function checkRemoteProfile() {
+    $messages = array();
+
+    if (Civi::settings()->get('remote_profile_submissions')) {
+      $messages[] = new CRM_Utils_Check_Message(
+        __FUNCTION__,
+        ts('Warning: External profile support (aka "HTML Snippet" support) is enabled in <a href="%1">system settings</a>. This setting may be prone to abuse. If you must retain it, consider HTTP throttling or other protections.',
+          array(1 => CRM_Utils_System::url('civicrm/admin/setting/misc', 'reset=1'))
+        ),
+        ts('Remote Profiles Enabled'),
+        \Psr\Log\LogLevel::WARNING,
+        'fa-lock'
+      );
+    }
+
+    return $messages;
+  }
+
+
   /**
    * Check that the sysadmin has not modified the Cxn
    * security setup.
-- 
2.25.1