diff options
| author | Frank Karlitschek <frank@owncloud.org> | 2012-06-21 16:18:43 +0400 |
|---|---|---|
| committer | Frank Karlitschek <frank@owncloud.org> | 2012-06-21 16:18:43 +0400 |
| commit | 5212fa3fa76b3cef3fc862e75dfd66fbb5ada688 (patch) | |
| tree | fe3644246d570fb542f399b4c3eab4ba89770806 | |
| parent | 3b4d2a971ac254432cf78570a8442654cdad09c0 (diff) | |
check if the data directory is accessible via http. Show a big security warning if yes
| -rw-r--r-- | lib/util.php | 41 | ||||
| -rw-r--r-- | settings/admin.php | 2 | ||||
| -rw-r--r-- | settings/css/settings.css | 8 | ||||
| -rw-r--r-- | settings/templates/admin.php | 13 |
4 files changed, 62 insertions, 2 deletions
diff --git a/lib/util.php b/lib/util.php index 1eeb70aca69..58d6ab1be78 100644 --- a/lib/util.php +++ b/lib/util.php @@ -417,5 +417,46 @@ class OC_Util { else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
return $value;
} + + + + + + /** + * Check if the htaccess file is working buy creating a test file in the data directory and trying to access via http + */ + public static function ishtaccessworking() { + + // testdata + $filename='/htaccesstest.txt'; + $testcontent='testcontent'; + + // creating a test file + $testfile = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ).'/'.$filename; + $fp = @fopen($testfile, 'w'); + @fwrite($fp, $testcontent); + @fclose($fp); + + // accessing the file via http + $url = OC_Helper::serverProtocol(). '://' . OC_Helper::serverHost() . OC::$WEBROOT.'/data'.$filename; + $fp = @fopen($url, 'r'); + $content=@fread($fp, 2048); + @fclose($fp); + + // cleanup + @unlink($testfile); + + // does it work ? + if($content==$testcontent) { + return(false); + }else{ + return(true); + } + + } + + + + } diff --git a/settings/admin.php b/settings/admin.php index 88aae5bdb60..a6928bf82de 100644 --- a/settings/admin.php +++ b/settings/admin.php @@ -15,6 +15,7 @@ OC_App::setActiveNavigationEntry( "admin" ); $tmpl = new OC_Template( 'settings', 'admin', 'user'); $forms=OC_App::getForms('admin'); +$htaccessworking=OC_Util::ishtaccessworking(); $entries=OC_Log_Owncloud::getEntries(3); function compareEntries($a,$b){ @@ -24,6 +25,7 @@ usort($entries, 'compareEntries'); $tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 )); $tmpl->assign('entries',OC_Util::sanitizeHTML($entries)); +$tmpl->assign('htaccessworking',$htaccessworking); $tmpl->assign('forms',array()); foreach($forms as $form){ $tmpl->append('forms',$form); diff --git a/settings/css/settings.css b/settings/css/settings.css index 6e9d2432e49..f45fa9bc019 100644 --- a/settings/css/settings.css +++ b/settings/css/settings.css @@ -48,7 +48,11 @@ li.active { color:#000; } small.externalapp { color:#FFF; background-color:#BBB; font-weight:bold; font-size:6pt; padding:4px; border-radius: 4px;} span.version { margin-left:3em; color:#ddd; } -/* LOF */ +/* LOG */ #log { white-space:normal; } /* Don't show blank images */ -img[src=""] { display:none}
\ No newline at end of file +img[src=""] { display:none} + +/* ADMIN */ +span.securitywarning {color:#C33; font-weight:bold; } + diff --git a/settings/templates/admin.php b/settings/templates/admin.php index d167f2780ef..9f839cf7491 100644 --- a/settings/templates/admin.php +++ b/settings/templates/admin.php @@ -4,8 +4,21 @@ * See the COPYING-README file. */ $levels=array('Debug','Info','Warning','Error','Fatal'); + +if(!$_['htaccessworking']) { + ?> + <fieldset class="personalblock"> + <legend><strong><?php echo $l->t('Security Warning');?></strong></legend> + + <span class="securitywarning">Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.</span> + + </fieldset> + <?php +} ?> + + <?php foreach($_['forms'] as $form){ echo $form; };?> |