Added HTTP check for data directory security

The ?do darcs-hash:20090114174724-7ad00-cc45b798d930b7e87c3c820925982fb8201cf7f4.gz

Added HTTP check for data directory security
The ?do darcs-hash:20090114174724-7ad00-cc45b798d930b7e87c3c820925982fb8201cf7f4.gz
3b1dfc83 · Andreas Gohr · 528ddc7c · 3b1dfc83 · 3b1dfc83 · 3b1dfc83
Commit 3b1dfc83 authored 16 years ago by Andreas Gohr
--- a/data/.htaccess
+++ b/data/.htaccess
-order allow,deny
-deny from all
+order allow,deny
+deny from all
--- a/data/_dummy
+++ b/data/_dummy
+data directory
--- a/inc/infoutils.php
+++ b/inc/infoutils.php
@@ -200,6 +200,23 @@ function check(){
  }else{
    msg('The current page is not writable by you',0);
  }
+
+  require_once(DOKU_INC.'inc/HTTPClient.php');
+  $check = wl('','',true).'data/_dummy';
+  $http = new DokuHTTPClient();
+  $http->timeout = 6;
+  $res = $http->get($check);
+  if(strpos($res,'data directory') !== false){
+    msg('It seems like the data directory is accessible from the web.
+         Make sure this directory is properly protected
+         (See <a href="http://www.dokuwiki.org/security">security</a>)',-1);
+  }elseif($http->status == 404 || $http->status == 403){
+    msg('The data directory seems to be properly protected',1);
+  }else{
+    msg('Failed to check if the data directory is accessible from the web.
+         Make sure this directory is properly protected
+         (See <a href="http://www.dokuwiki.org/security">security</a>)',-1);
+  }
 }

 /**