#99011 follow up patch my merlinofchaos: inform users if the settings.php or the settings directory in use is not write protected after installation.

1 files changed, 5 insertions, 4 deletions

diff --git a/install.php b/install.php
index e0a6cd7d7..8334327e8 100644
--- a/install.php
+++ b/install.php
@@ -107,12 +107,13 @@ function install_main() {
     drupal_install_profile($profile, $modules);
 
     // Warn about settings.php permissions risk
-    $settings_file = './'. conf_path() .'/settings.php';
-    if (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE)) {
-      drupal_set_message(st('All necessary changes to %file have been made, so you should now remove write permissions to this file. Failure to remove write permissions to this file is a security risk.', array('%file' => $settings_file)), 'error');
+    $settings_dir = './'. conf_path();
+    $settings_file = $settings_dir .'/settings.php';
+    if (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file($settings_dir, FILE_NOT_WRITABLE, 'dir')) {
+      drupal_set_message(st('All necessary changes to %dir and %file have been made, so you should now remove write permissions to them. Failure to remove write permissions to them is a security risk.', array('%dir' => $settings_dir, '%file' => $settings_file)), 'error');
     }
     else {
-      drupal_set_message(st('All necessary changes to %file have been made. It has been set to read-only for security.', array('%file' => $settings_file)));
+      drupal_set_message(st('All necessary changes to %dir and %file have been made. They have been set to read-only for security.', array('%dir' => $settings_dir, '%file' => $settings_file)));
     }
   }