From 3b1dfc83d86d79d7fc97a6aab242b70b1f38deb0 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Wed, 14 Jan 2009 18:47:24 +0100
Subject: [PATCH] Added HTTP check for data directory security

The ?do

darcs-hash:20090114174724-7ad00-cc45b798d930b7e87c3c820925982fb8201cf7f4.gz
---
 data/.htaccess    |  4 ++--
 data/_dummy       |  1 +
 inc/infoutils.php | 17 +++++++++++++++++
 3 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 data/_dummy

diff --git a/data/.htaccess b/data/.htaccess
index 9c96d3742..281d5c33d 100644
--- a/data/.htaccess
+++ b/data/.htaccess
@@ -1,2 +1,2 @@
-order allow,deny
-deny from all
+order allow,deny
+deny from all
diff --git a/data/_dummy b/data/_dummy
new file mode 100644
index 000000000..37ed18a63
--- /dev/null
+++ b/data/_dummy
@@ -0,0 +1 @@
+data directory
diff --git a/inc/infoutils.php b/inc/infoutils.php
index f0a191bbe..c30266097 100644
--- a/inc/infoutils.php
+++ b/inc/infoutils.php
@@ -200,6 +200,23 @@ function check(){
   }else{
     msg('The current page is not writable by you',0);
   }
+
+  require_once(DOKU_INC.'inc/HTTPClient.php');
+  $check = wl('','',true).'data/_dummy';
+  $http = new DokuHTTPClient();
+  $http->timeout = 6;
+  $res = $http->get($check);
+  if(strpos($res,'data directory') !== false){
+    msg('It seems like the data directory is accessible from the web.
+         Make sure this directory is properly protected
+         (See <a href="http://www.dokuwiki.org/security">security</a>)',-1);
+  }elseif($http->status == 404 || $http->status == 403){
+    msg('The data directory seems to be properly protected',1);
+  }else{
+    msg('Failed to check if the data directory is accessible from the web.
+         Make sure this directory is properly protected
+         (See <a href="http://www.dokuwiki.org/security">security</a>)',-1);
+  }
 }
 
 /**
-- 
GitLab