From 28d1914d3c12029a1aef0b195189bb27c5479dfc Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Wed, 16 Mar 2022 01:33:54 -0700
Subject: [PATCH] security/core#111 Add in Status check for if Anonymous Users
 have edit contributions and or access CiviContribute Permissions

---
 CRM/Utils/Check/Component/Security.php | 27 ++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/CRM/Utils/Check/Component/Security.php b/CRM/Utils/Check/Component/Security.php
index 2036e1b015..16d6459668 100644
--- a/CRM/Utils/Check/Component/Security.php
+++ b/CRM/Utils/Check/Component/Security.php
@@ -292,6 +292,33 @@ class CRM_Utils_Check_Component_Security extends CRM_Utils_Check_Component {
     return $messages;
   }
 
+  /**
+   * Check to see if anonymous user has edit contributions permission
+   * @return CRM_Utils_Check_Message[]
+   */
+  public function checkAnonEditContribution() {
+    $messages = [];
+    $permissions = [];
+    if (CRM_Core_Config::singleton()->userPermissionClass->check('edit contributions', 0)) {
+      $permissions[] = 'edit contributions';
+    }
+    if (CRM_Core_Config::singleton()->userPermissionClass->check('access CiviContribute', 0)) {
+      $permissions[] = 'access CiviContribute';
+    }
+    if (!empty($permissions)) {
+      $messages[] = new CRM_Utils_Check_Message(
+        __FUNCTION__,
+        ts('Anonymous users have permissions (%1). This may cause leakage of information in regards to recurring contributions.', [
+          1 => implode(', ', $permissions),
+        ]),
+        ts('Security Warning'),
+        \Psr\Log\LogLevel::WARNING,
+        'fa-lock'
+      );
+    }
+    return $messages;
+  }
+
   /**
    * Determine whether $url is a public, browsable listing for $dir
    *
-- 
2.25.1