From 759fafaa68233d1d3ecb90beb4519896423a861c Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Tue, 30 Aug 2016 17:48:50 +1000
Subject: [PATCH] CRM-15928 - Display warning if  is enabled

---
 CRM/Utils/Check/Security.php | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php
index a8f5b24ce9..d18363a4fd 100644
--- a/CRM/Utils/Check/Security.php
+++ b/CRM/Utils/Check/Security.php
@@ -62,11 +62,32 @@ class CRM_Utils_Check_Security {
       $this->checkLogFileIsNotAccessible(),
       $this->checkUploadsAreNotAccessible(),
       $this->checkDirectoriesAreNotBrowseable(),
-      $this->checkFilesAreNotPresent()
+      $this->checkFilesAreNotPresent(),
+      $this->checkRemoteProfile()
     );
     return $messages;
   }
 
+  /**
+   * Discourage use of remote profile forms.
+   */
+  public function checkRemoteProfile() {
+    $messages = array();
+
+    if (CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'remote_profile_submissions')) {
+      $messages[] = new CRM_Utils_Check_Message(
+        __FUNCTION__,
+        ts('Warning: External profile support (aka "HTML Snippet" support) is enabled in <a href="%1">system settings</a>. This setting may be prone to abuse. If you must retain it, consider HTTP throttling or other protections.',
+          array(1 => CRM_Utils_System::url('civicrm/admin/setting/misc', 'reset=1'))
+        ),
+        ts('Remote Profiles Enabled')
+      );
+    }
+
+    return $messages;
+  }
+
+
   /**
    * Check if our logfile is directly accessible.
    *
-- 
2.25.1