From 137270097792a030114e0e92765fda9b3329ac1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A1bor=20Hojtsy?= Date: Tue, 28 Aug 2007 11:42:56 +0000 Subject: #170638 by JirkaRybka and chx: move update access variable to settings.php, so we can check whether it is wide open, and we have one place for settings --- modules/system/system.install | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'modules/system/system.install') diff --git a/modules/system/system.install b/modules/system/system.install index 6bd3d970f..79f732b85 100644 --- a/modules/system/system.install +++ b/modules/system/system.install @@ -105,7 +105,7 @@ function system_requirements($phase) { } $requirements['cron'] += array('description' => ''); - $requirements['cron']['description'] .= ' '. t('You can run cron manually.', array('@cron' => url('admin/logs/status/run-cron'))); + $requirements['cron']['description'] .= ' '. $t('You can run cron manually.', array('@cron' => url('admin/logs/status/run-cron'))); $requirements['cron']['title'] = $t('Cron maintenance tasks'); } @@ -166,6 +166,23 @@ function system_requirements($phase) { } } + // Verify the update.php access setting + if ($phase == 'runtime') { + if (!empty($GLOBALS['update_free_access'])) { + $requirements['update access'] = array( + 'value' => $t('Not protected'), + 'severity' => REQUIREMENT_ERROR, + 'description' => $t('The update.php script is accessible to everyone without authentication check, which is a security risk. You must change the $update_free_access value in your settings.php back to FALSE.'), + ); + } + else { + $requirements['update access'] = array( + 'value' => $t('Protected'), + ); + } + $requirements['update access']['title'] = $t('Access to update.php'); + } + // Test Unicode library include_once './includes/unicode.inc'; $requirements = array_merge($requirements, unicode_requirements()); -- cgit v1.2.3