Commit 24229891 authored by Stephen Mustgrave's avatar Stephen Mustgrave
Browse files

Issue #3179937: False positive for the file permissions check on multisite setup

parent 4aebce36
Loading
Loading
Loading
Loading
+1 −0
Original line number Diff line number Diff line
@@ -37,6 +37,7 @@ class Field extends Check {

  /**
   * {@inheritdoc}
   *
   * @throws \Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException
   * @throws \Drupal\Component\Plugin\Exception\PluginNotFoundException
   */
+20 −1
Original line number Diff line number Diff line
@@ -131,7 +131,7 @@ HTML;
    $paragraphs = [];
    $paragraphs[] = $this->t('It is dangerous to allow the web server to write to files inside the document root of your server. Doing so could allow Drupal to write files that could then be executed. An attacker might use such a vulnerability to take control of your site. An exception is the Drupal files, private files, and temporary directories which Drupal needs permission to write to in order to provide features like file attachments.');
    $paragraphs[] = $this->t('In addition to inspecting existing directories, this test attempts to create and write to your file system. Look in your security_review module directory on the server for files named file_write_test.YYYYMMDDHHMMSS and for a file called IGNOREME.txt which gets a timestamp appended to it if it is writeable.');
    $paragraphs[] = $this->t($markup);
    $paragraphs[] = $markup;
    $paragraphs[] = new Link(
      $this->t('Read more about file system permissions in the handbooks.'),
      Url::fromUri('http://drupal.org/node/244924')
@@ -239,6 +239,19 @@ HTML;
    return $items;
  }

  /**
   * Get the sites.php file.
   *
   * @return array
   *   Sites file.
   */
  private function getSites() {
    $sites = [];
    include DRUPAL_ROOT . '/sites/sites.php';

    return $sites;
  }

  /**
   * Returns an array of relative and canonical paths to ignore.
   *
@@ -249,6 +262,12 @@ HTML;
    $file_path = PublicStream::basePath();
    $ignore = ['..', 'CVS', '.git', '.svn', '.bzr', realpath($file_path)];

    foreach ($this->getSites() as $site) {
      $ignore[] = realpath(PublicStream::basePath('sites/' . $site));
    }

    $ignore = array_unique($ignore);

    // Add temporary files directory if it's set.
    $temp_path = \Drupal::service('file_system')->getTempDirectory();
    if (!empty($temp_path)) {