diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2009-01-14 18:47:24 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2009-01-14 18:47:24 +0100 |
| commit | 3b1dfc83d86d79d7fc97a6aab242b70b1f38deb0 (patch) | |
| tree | 73fadb24c5625aa40393a0ef15b30201204c0b09 /inc/infoutils.php | |
| parent | 528ddc7cac15cc9f17ebc90b5adab6908c11de45 (diff) | |
| download | rpg-3b1dfc83d86d79d7fc97a6aab242b70b1f38deb0.tar.gz rpg-3b1dfc83d86d79d7fc97a6aab242b70b1f38deb0.tar.bz2 | |
Added HTTP check for data directory security
The ?do
darcs-hash:20090114174724-7ad00-cc45b798d930b7e87c3c820925982fb8201cf7f4.gz
Diffstat (limited to 'inc/infoutils.php')
| -rw-r--r-- | inc/infoutils.php | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/inc/infoutils.php b/inc/infoutils.php index f0a191bbe..c30266097 100644 --- a/inc/infoutils.php +++ b/inc/infoutils.php @@ -200,6 +200,23 @@ function check(){ }else{ msg('The current page is not writable by you',0); } + + require_once(DOKU_INC.'inc/HTTPClient.php'); + $check = wl('','',true).'data/_dummy'; + $http = new DokuHTTPClient(); + $http->timeout = 6; + $res = $http->get($check); + if(strpos($res,'data directory') !== false){ + msg('It seems like the data directory is accessible from the web. + Make sure this directory is properly protected + (See <a href="http://www.dokuwiki.org/security">security</a>)',-1); + }elseif($http->status == 404 || $http->status == 403){ + msg('The data directory seems to be properly protected',1); + }else{ + msg('Failed to check if the data directory is accessible from the web. + Make sure this directory is properly protected + (See <a href="http://www.dokuwiki.org/security">security</a>)',-1); + } } /** |