diff options
author | Andreas Gohr <andi@splitbrain.org> | 2009-01-14 18:47:24 +0100 |
---|---|---|
committer | Andreas Gohr <andi@splitbrain.org> | 2009-01-14 18:47:24 +0100 |
commit | 3b1dfc83d86d79d7fc97a6aab242b70b1f38deb0 (patch) | |
tree | 73fadb24c5625aa40393a0ef15b30201204c0b09 | |
parent | 528ddc7cac15cc9f17ebc90b5adab6908c11de45 (diff) | |
download | rpg-3b1dfc83d86d79d7fc97a6aab242b70b1f38deb0.tar.gz rpg-3b1dfc83d86d79d7fc97a6aab242b70b1f38deb0.tar.bz2 |
Added HTTP check for data directory security
The ?do
darcs-hash:20090114174724-7ad00-cc45b798d930b7e87c3c820925982fb8201cf7f4.gz
-rw-r--r-- | data/.htaccess | 4 | ||||
-rw-r--r-- | data/_dummy | 1 | ||||
-rw-r--r-- | inc/infoutils.php | 17 |
3 files changed, 20 insertions, 2 deletions
diff --git a/data/.htaccess b/data/.htaccess index 9c96d3742..281d5c33d 100644 --- a/data/.htaccess +++ b/data/.htaccess @@ -1,2 +1,2 @@ -order allow,deny
-deny from all
+order allow,deny +deny from all diff --git a/data/_dummy b/data/_dummy new file mode 100644 index 000000000..37ed18a63 --- /dev/null +++ b/data/_dummy @@ -0,0 +1 @@ +data directory diff --git a/inc/infoutils.php b/inc/infoutils.php index f0a191bbe..c30266097 100644 --- a/inc/infoutils.php +++ b/inc/infoutils.php @@ -200,6 +200,23 @@ function check(){ }else{ msg('The current page is not writable by you',0); } + + require_once(DOKU_INC.'inc/HTTPClient.php'); + $check = wl('','',true).'data/_dummy'; + $http = new DokuHTTPClient(); + $http->timeout = 6; + $res = $http->get($check); + if(strpos($res,'data directory') !== false){ + msg('It seems like the data directory is accessible from the web. + Make sure this directory is properly protected + (See <a href="http://www.dokuwiki.org/security">security</a>)',-1); + }elseif($http->status == 404 || $http->status == 403){ + msg('The data directory seems to be properly protected',1); + }else{ + msg('Failed to check if the data directory is accessible from the web. + Make sure this directory is properly protected + (See <a href="http://www.dokuwiki.org/security">security</a>)',-1); + } } /** |