From 3b1dfc83d86d79d7fc97a6aab242b70b1f38deb0 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Wed, 14 Jan 2009 18:47:24 +0100
Subject: Added HTTP check for data directory security

The ?do

darcs-hash:20090114174724-7ad00-cc45b798d930b7e87c3c820925982fb8201cf7f4.gz
---
 inc/infoutils.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'inc/infoutils.php')

diff --git a/inc/infoutils.php b/inc/infoutils.php
index f0a191bbe..c30266097 100644
--- a/inc/infoutils.php
+++ b/inc/infoutils.php
@@ -200,6 +200,23 @@ function check(){
   }else{
     msg('The current page is not writable by you',0);
   }
+
+  require_once(DOKU_INC.'inc/HTTPClient.php');
+  $check = wl('','',true).'data/_dummy';
+  $http = new DokuHTTPClient();
+  $http->timeout = 6;
+  $res = $http->get($check);
+  if(strpos($res,'data directory') !== false){
+    msg('It seems like the data directory is accessible from the web.
+         Make sure this directory is properly protected
+         (See <a href="http://www.dokuwiki.org/security">security</a>)',-1);
+  }elseif($http->status == 404 || $http->status == 403){
+    msg('The data directory seems to be properly protected',1);
+  }else{
+    msg('Failed to check if the data directory is accessible from the web.
+         Make sure this directory is properly protected
+         (See <a href="http://www.dokuwiki.org/security">security</a>)',-1);
+  }
 }
 
 /**
-- 
cgit v1.2.3