Commit 0995d62b authored by Gábor Hojtsy's avatar Gábor Hojtsy

#99011 follow up patch my merlinofchaos: inform users if the settings.php or...

#99011 follow up patch my merlinofchaos: inform users if the settings.php or the settings directory in use is not write protected after installation.
parent 15bf4681
......@@ -107,12 +107,13 @@ function install_main() {
drupal_install_profile($profile, $modules);
// Warn about settings.php permissions risk
$settings_file = './'. conf_path() .'/settings.php';
if (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE)) {
drupal_set_message(st('All necessary changes to %file have been made, so you should now remove write permissions to this file. Failure to remove write permissions to this file is a security risk.', array('%file' => $settings_file)), 'error');
$settings_dir = './'. conf_path();
$settings_file = $settings_dir .'/settings.php';
if (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file($settings_dir, FILE_NOT_WRITABLE, 'dir')) {
drupal_set_message(st('All necessary changes to %dir and %file have been made, so you should now remove write permissions to them. Failure to remove write permissions to them is a security risk.', array('%dir' => $settings_dir, '%file' => $settings_file)), 'error');
}
else {
drupal_set_message(st('All necessary changes to %file have been made. It has been set to read-only for security.', array('%file' => $settings_file)));
drupal_set_message(st('All necessary changes to %dir and %file have been made. They have been set to read-only for security.', array('%dir' => $settings_dir, '%file' => $settings_file)));
}
}
......
......@@ -66,12 +66,20 @@ function system_requirements($phase) {
// Test settings.php file writability
if ($phase == 'runtime') {
if (!drupal_verify_install_file(conf_path() .'/settings.php', FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE)) {
$conf_dir = drupal_verify_install_file(conf_path(), FILE_NOT_WRITABLE, 'dir');
$conf_file = drupal_verify_install_file(conf_path() .'/settings.php', FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE);
if (!$conf_dir || !$conf_file) {
$requirements['settings.php'] = array(
'value' => $t('Not protected'),
'severity' => REQUIREMENT_ERROR,
'description' => $t('The file %file is not protected from modifications and poses a security risk. You must change the file\'s permissions to be non-writable.', array('%file' => conf_path() .'/settings.php')),
'description' => '',
);
if (!$conf_dir) {
$requirements['settings.php']['description'] .= $t('The directory %file is not protected from modifications and poses a security risk. You must change the directory\'s permissions to be non-writable. ', array('%file' => conf_path()));
}
if (!$conf_file) {
$requirements['settings.php']['description'] .= $t('The file %file is not protected from modifications and poses a security risk. You must change the file\'s permissions to be non-writable.', array('%file' => conf_path() .'/settings.php'));
}
}
else {
$requirements['settings.php'] = array(
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment