summaryrefslogtreecommitdiff
path: root/lib/scripts/script.js
diff options
context:
space:
mode:
Diffstat (limited to 'lib/scripts/script.js')
-rw-r--r--lib/scripts/script.js32
1 files changed, 32 insertions, 0 deletions
diff --git a/lib/scripts/script.js b/lib/scripts/script.js
index 57917aeb5..84114923f 100644
--- a/lib/scripts/script.js
+++ b/lib/scripts/script.js
@@ -537,3 +537,35 @@ addInitEvent(function(){
});
}
});
+
+/**
+ * Check data directory security
+ *
+ * Tries to access data/_dummy from the client.
+ * In a proper setup this should fail, if it succeeds a warning is displayed.
+ * This is only done on the Admin screen
+ */
+addInitEvent(function(){
+ var isadmin = $('admin__version');
+ if(!isadmin) return;
+
+ var ajax = new sack(DOKU_BASE + 'data/_dummy');
+ ajax.AjaxFailedAlert = '';
+ ajax.encodeURIString = false;
+ if(ajax.failed) return true;
+ ajax.method = 'GET';
+
+ ajax.onCompletion = function(){
+ if(this.response && (this.response.substr(0,14) == 'data directory')){
+ var msg = document.createElement('div');
+ msg.className = 'error';
+ msg.innerHTML = '<b>Important:</b> Your <code>data</code> directory is not properly '+
+ 'secured. This is a serious security problem and should be fixed '+
+ 'immeadiately.<br /> You can find more info on our '+
+ '<a href="http://www.dokuwiki.org/security#web_access_security">security page</a>.';
+ var container = $('admin__version').parentNode;
+ container.insertBefore(msg,container.childNodes[0]);
+ }
+ };
+ ajax.runAJAX();
+});
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-11 05:28:50 +0000