From e7d3e318c0d12684a5aab5522a70517ac7c350e3 Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Wed, 5 Feb 2014 10:20:21 -0800 Subject: [PATCH] CRM_Utils_Check_Security - Remove hard dependency on CRM_Core_Session::setStatus --- CRM/Utils/Check/Security.php | 38 ++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/CRM/Utils/Check/Security.php b/CRM/Utils/Check/Security.php index d3d3d4dec6..2783c1ccf3 100644 --- a/CRM/Utils/Check/Security.php +++ b/CRM/Utils/Check/Security.php @@ -82,7 +82,9 @@ class CRM_Utils_Check_Security { if (CRM_Core_Permission::check('administer CiviCRM')) { $session = CRM_Core_Session::singleton(); if ($session->timer('check_' . __CLASS__, self::CHECK_TIMER)) { - $this->checkAll(); + foreach ($this->checkAll() as $message) { + CRM_Core_Session::setStatus($message, ts('Security Warning')); + } } } } @@ -97,13 +99,17 @@ class CRM_Utils_Check_Security { * We might even expose the results of these checks on the Wordpress * plugin status page or the Drupal admin/reports/status path. * + * @return array of messages * @see Drupal's hook_requirements() - * https://api.drupal.org/api/drupal/modules%21system%21system.api.php/function/hook_requirements */ public function checkAll() { - CRM_Utils_Check_Security::singleton()->checkLogFileIsNotAccessible(); - CRM_Utils_Check_Security::singleton()->checkUploadsAreNotAccessible(); - CRM_Utils_Check_Security::singleton()->checkDirectoriesAreNotBrowseable(); + $messages = array_merge( + CRM_Utils_Check_Security::singleton()->checkLogFileIsNotAccessible(), + CRM_Utils_Check_Security::singleton()->checkUploadsAreNotAccessible(), + CRM_Utils_Check_Security::singleton()->checkDirectoriesAreNotBrowseable() + ); + return $messages; } /** @@ -121,9 +127,12 @@ class CRM_Utils_Check_Security { * is browseable or visible to search engines; it means it can be * requested directly. * + * @return array of messages * @see CRM-14091 */ public function checkLogFileIsNotAccessible() { + $messages = array(); + $config = CRM_Core_Config::singleton(); $log = CRM_Core_Error::createDebugLogger(); @@ -144,11 +153,12 @@ class CRM_Utils_Check_Security { $msg = 'The CiviCRM debug log should not be downloadable.' . '
' . 'Read more about this warning'; - $msg = ts($msg, array(1 => $log_url, 2 => $docs_url)); - CRM_Core_Session::setStatus($msg, ts('Security Warning')); + $messages[] = ts($msg, array(1 => $log_url, 2 => $docs_url)); } } } + + return $messages; } /** @@ -161,11 +171,14 @@ class CRM_Utils_Check_Security { * Being retrievable doesn't mean the files are browseable or visible * to search engines; it only means they can be requested directly. * + * @return array of messages * @see CRM-14091 * * @TODO: Test with WordPress, Joomla. */ public function checkUploadsAreNotAccessible() { + $messages = array(); + $config = CRM_Core_Config::singleton(); $filePathMarker = $this->getFilePathMarker(); @@ -180,13 +193,14 @@ class CRM_Utils_Check_Security { . '
' . 'Read more about this warning'; $docs_url = 'http://wiki.civicrm.org/confluence/display/CRMDOC/Security/UploadDirNotAccessible'; - $msg = ts($msg, array(1 => $docs_url)); - CRM_Core_Session::setStatus($msg, ts('Security Warning')); + $messages[] = ts($msg, array(1 => $docs_url)); } } } } } + + return $messages; } /** @@ -199,11 +213,14 @@ class CRM_Utils_Check_Security { * MAY trigger false positives (if you have files named 'a', 'e' * we'll probably match that). * + * @return array of messages * @see CRM-14091 * * @TODO: Test with WordPress, Joomla. */ public function checkDirectoriesAreNotBrowseable() { + $messages = array(); + $config = CRM_Core_Config::singleton(); $log = CRM_Core_Error::createDebugLogger(); $log_name = $log->_filename; @@ -237,8 +254,7 @@ class CRM_Utils_Check_Security { . '
' . 'Read more about this warning'; $docs_url = 'http://wiki.civicrm.org/confluence/display/CRMDOC/Security/UploadDirNotAccessible'; - $msg = ts($msg, array(1 => $log_url, 2 => $path, 3 => $docs_url)); - CRM_Core_Session::setStatus($msg, ts('Security Warning')); + $messages[] = ts($msg, array(1 => $log_url, 2 => $path, 3 => $docs_url)); } } } @@ -247,6 +263,8 @@ class CRM_Utils_Check_Security { } } } + + return $messages; } } -- 2.25.1