From 5ee70cb251bd89605716e3e333284f17a2315b4d Mon Sep 17 00:00:00 2001
From: Chris Burgess <chris@giantrobot.co.nz>
Date: Mon, 17 Feb 2014 11:14:31 +1300
Subject: [PATCH] CRM-14210. Use get_headers() and check for 200 response
 instead of file_get_contents(), as some servers do not return FALSE on 40x
 response code.

---
 CRM/Utils/Check/Security.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php
index c08d12046d..f22be1535c 100644
--- a/CRM/Utils/Check/Security.php
+++ b/CRM/Utils/Check/Security.php
@@ -153,7 +153,8 @@ class CRM_Utils_Check_Security {
         $url[] = $log_path[1];
         $log_url = implode($filePathMarker, $url);
         $docs_url = $this->createDocUrl('checkLogFileIsNotAccessible');
-        if ($log = @file_get_contents($log_url)) {
+        $headers = @get_headers($log_url);
+        if (stripos($headers[0], '200')) {
           $msg = 'The <a href="%1">CiviCRM debug log</a> should not be downloadable.'
             . '<br />' .
             '<a href="%2">Read more about this warning</a>';
@@ -192,7 +193,8 @@ class CRM_Utils_Check_Security {
           $f = array_rand($files);
           if ($file_path = explode($filePathMarker, $files[$f])) {
             $url = implode($filePathMarker, array($upload_url[0], $file_path[1]));
-            if ($file = @file_get_contents($url)) {
+            $headers = @get_headers($url);
+            if (stripos($headers[0], '200')) {
               $msg = 'Files in the upload directory should not be downloadable.'
                 . '<br />' .
                 '<a href="%1">Read more about this warning</a>';
-- 
2.25.1