function acquia_spi_security_review_check_executable_php in Acquia Connector 6.2
Same name and namespace in other branches
- 7.3 acquia_spi/security_review.inc \acquia_spi_security_review_check_executable_php()
- 7.2 acquia_spi/security_review.inc \acquia_spi_security_review_check_executable_php()
Check if PHP files written to the files directory can be executed.
1 string reference to 'acquia_spi_security_review_check_executable_php'
- _acquia_spi_security_review_security_checks in acquia_spi/
security_review.inc - Checks for acquia_spi_security_review_get_checks().
File
- acquia_spi/
security_review.inc, line 577 - Stand-alone security checks and review system.
Code
function acquia_spi_security_review_check_executable_php($last_check = NULL) {
global $base_url;
$result = TRUE;
$check_result_value = array();
$message = 'Security review test ' . date('Ymdhis');
$content = "<?php\necho '" . $message . "';";
$directory = file_directory_path();
$file = '/security_review_test.php';
if ($file_create = @fopen('./' . $directory . $file, 'w')) {
$create_status = fwrite($file_create, $content);
fclose($file_create);
$response = drupal_http_request($base_url . '/' . $directory . $file);
if ($response->code == 200 && $response->data === $message) {
$result = FALSE;
$check_result_value[] = 'executable_php';
}
if (file_exists('./' . $directory . $file)) {
@unlink('./' . $directory . $file);
}
// Check for presence of the .htaccess file and if the contents are correct.
if (!file_exists($directory . '/.htaccess')) {
$result = FALSE;
$check_result_value[] = 'missing_htaccess';
}
else {
if (!_acquia_spi_security_review_htaccess_analyze($directory)) {
$result = FALSE;
$check_result_value[] = 'incorrect_htaccess';
}
if (is_writable($directory . '/.htaccess')) {
// Don't modify $result.
$check_result_value[] = 'writable_htaccess';
}
}
return array(
'result' => $result,
'value' => $check_result_value,
);
}
}