diff options
| -rw-r--r-- | data/.htaccess | 4 | ||||
| -rw-r--r-- | data/_dummy | 1 | ||||
| -rw-r--r-- | inc/infoutils.php | 17 |
3 files changed, 20 insertions, 2 deletions
diff --git a/data/.htaccess b/data/.htaccess index 9c96d3742..281d5c33d 100644 --- a/data/.htaccess +++ b/data/.htaccess @@ -1,2 +1,2 @@ -order allow,deny
-deny from all
+order allow,deny +deny from all diff --git a/data/_dummy b/data/_dummy new file mode 100644 index 000000000..37ed18a63 --- /dev/null +++ b/data/_dummy @@ -0,0 +1 @@ +data directory diff --git a/inc/infoutils.php b/inc/infoutils.php index f0a191bbe..c30266097 100644 --- a/inc/infoutils.php +++ b/inc/infoutils.php @@ -200,6 +200,23 @@ function check(){ }else{ msg('The current page is not writable by you',0); } + + require_once(DOKU_INC.'inc/HTTPClient.php'); + $check = wl('','',true).'data/_dummy'; + $http = new DokuHTTPClient(); + $http->timeout = 6; + $res = $http->get($check); + if(strpos($res,'data directory') !== false){ + msg('It seems like the data directory is accessible from the web. + Make sure this directory is properly protected + (See <a href="http://www.dokuwiki.org/security">security</a>)',-1); + }elseif($http->status == 404 || $http->status == 403){ + msg('The data directory seems to be properly protected',1); + }else{ + msg('Failed to check if the data directory is accessible from the web. + Make sure this directory is properly protected + (See <a href="http://www.dokuwiki.org/security">security</a>)',-1); + } } /** |