From 3b28a75608d36569340bdf0387adb17882717894 Mon Sep 17 00:00:00 2001
From: demeritcowboy <demeritcowboy@hotmail.com>
Date: Tue, 25 Jul 2023 19:15:47 -0400
Subject: [PATCH] avoid slow status checks

---
 CRM/Utils/Check/Component/Security.php | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/CRM/Utils/Check/Component/Security.php b/CRM/Utils/Check/Component/Security.php
index 0605cdb40c..1a1c4b9e24 100644
--- a/CRM/Utils/Check/Component/Security.php
+++ b/CRM/Utils/Check/Component/Security.php
@@ -157,7 +157,8 @@ class CRM_Utils_Check_Component_Security extends CRM_Utils_Check_Component {
     if ($this->isLimitedDevelopmentServer()) {
       $messages[] = new CRM_Utils_Check_Message(
         __FUNCTION__,
-        ts('In PHP 7.x, the built-in HTTP server cannot execute some security checks. This problem only affects local development on older versions of PHP.'),
+        // No ts since end users should never see this
+        'The built-in php HTTP server has no configuration options to secure folders, and so there is no point testing if they are secure. This problem only affects local development and E2E testing.',
         ts('Incomplete Security Checks'),
         \Psr\Log\LogLevel::WARNING,
         'fa-lock'
@@ -387,7 +388,7 @@ class CRM_Utils_Check_Component_Security extends CRM_Utils_Check_Component {
   }
 
   public function isLimitedDevelopmentServer(): bool {
-    return PHP_SAPI === 'cli-server' && version_compare(PHP_VERSION, '8.0', '<');
+    return PHP_SAPI === 'cli-server';
   }
 
   /**
@@ -461,8 +462,17 @@ class CRM_Utils_Check_Component_Security extends CRM_Utils_Check_Component {
       return FALSE;
     }
 
+    // @todo why call fileExists before doing almost the same thing. It's slightly different than reading the file's content, but is it necessary?
     if ($this->fileExists("$url/$file")) {
-      $content = @file_get_contents("$url/$file");
+      $content = '';
+      try {
+        $response = (new \GuzzleHttp\Client())->request('GET', "$url/$file", [
+          'timeout' => \Civi::settings()->get('http_timeout'),
+        ]);
+        $content = $response->getBody()->getContents();
+      }
+      catch (\GuzzleHttp\Exception\GuzzleException $e) {
+      }
       if (preg_match('/delete me/', $content)) {
         $result = TRUE;
       }
-- 
2.25.1