You are here

Home » API reference » Acquia Connector 7.3 » security_review.inc

function acquia_spi_security_review_check_executable_php in Acquia Connector 7.3

Same name and namespace in other branches
  1. 6.2 acquia_spi/security_review.inc \acquia_spi_security_review_check_executable_php()
  2. 7.2 acquia_spi/security_review.inc \acquia_spi_security_review_check_executable_php()

Check if PHP files written to the files directory can be executed.

1 string reference to 'acquia_spi_security_review_check_executable_php'
_acquia_spi_security_review_security_checks in acquia_spi/security_review.inc
Checks for acquia_spi_security_review_get_checks().

File

acquia_spi/security_review.inc, line 550
Stand-alone security checks and review system.

Code

function acquia_spi_security_review_check_executable_php($last_check = NULL) {
  global $base_url;
  $result = TRUE;
  $check_result_value = array();
  $message = 'Security review test ' . date('Ymdhis');
  $content = "<?php\necho '" . $message . "';";
  $directory = variable_get('file_public_path', 'sites/default/files');
  $file = '/security_review_test.php';
  if ($file_create = @fopen('./' . $directory . $file, 'w')) {
    $create_status = fwrite($file_create, $content);
    fclose($file_create);
  }
  $response = drupal_http_request($base_url . '/' . $directory . $file);
  if ($response->code == 200 && $response->data === $message) {
    $result = FALSE;
    $check_result_value[] = 'executable_php';
  }
  if (file_exists('./' . $directory . $file)) {
    @unlink('./' . $directory . $file);
  }

  // Check for presence of the .htaccess file and if the contents are correct.
  if (!file_exists($directory . '/.htaccess')) {
    $result = FALSE;
    $check_result_value[] = 'missing_htaccess';
  }
  elseif (!function_exists('file_htaccess_lines')) {
    $result = FALSE;
    $check_result_value[] = 'outdated_core';
  }
  else {
    if (!_acquia_spi_security_review_htaccess_analyze($directory)) {
      $result = FALSE;
      $check_result_value[] = 'incorrect_htaccess';
    }
    if (is_writable($directory . '/.htaccess')) {

      // Don't modify $result.
      $check_result_value[] = 'writable_htaccess';
    }
  }
  return array(
    'result' => $result,
    'value' => $check_result_value,
  );
}