You are here

function backup_migrate_destination_files::check_web_dir in Backup and Migrate 7.2

Same name and namespace in other branches
  1. 8.2 includes/destinations.file.inc \backup_migrate_destination_files::check_web_dir()
  2. 8.3 includes/destinations.file.inc \backup_migrate_destination_files::check_web_dir()
  3. 6.3 includes/destinations.file.inc \backup_migrate_destination_files::check_web_dir()
  4. 6.2 includes/destinations.file.inc \backup_migrate_destination_files::check_web_dir()
  5. 7.3 includes/destinations.file.inc \backup_migrate_destination_files::check_web_dir()

Check that a web accessible directory has been properly secured, othewise attempt to secure it.

1 call to backup_migrate_destination_files::check_web_dir()
backup_migrate_destination_files::check_dir in includes/destinations.file.inc
Prepare the destination directory for the backups.

File

includes/destinations.file.inc, line 194
A destination type for saving locally to the server.

Class

backup_migrate_destination_files
A destination type for saving locally to the server.

Code

function check_web_dir($directory) {
  file_create_htaccess($directory, TRUE);

  // Check the user agent to make sure we're not responding to a request from drupal itself.
  // That should prevent infinite loops which could be caused by poormanscron in some circumstances.
  if (strpos($_SERVER['HTTP_USER_AGENT'], 'Drupal') !== FALSE) {
    return FALSE;
  }

  // Check to see if the destination is publicly accessible
  $test_contents = "this file should not be publicly accessible";

  // Create the the text.txt file if it's not already there.
  if (!is_file($directory . '/test.txt') || file_get_contents($directory . '/test.txt') != $test_contents) {
    if ($fp = fopen($directory . '/test.txt', 'w')) {
      @fputs($fp, $test_contents);
      fclose($fp);
    }
    else {
      $message = t("Security notice: Backup and Migrate was unable to write a test text file to the destination directory %directory, and is therefore unable to check the security of the backup destination. Backups to the server will be disabled until the destination becomes writable and secure.", array(
        '%directory' => $directory,
      ));
      drupal_set_message($message, "error");
      return FALSE;
    }
  }

  // Attempt to read the test file via http. This may fail for other reasons,
  // so it's not a bullet-proof check.
  if ($this
    ->test_file_readable_remotely($directory . '/test.txt', $test_contents)) {
    $message = t("Security notice: Backup and Migrate will not save backup files to the server because the destination directory is publicly accessible. If you want to save files to the server, please secure the '%directory' directory", array(
      '%directory' => $directory,
    ));
    drupal_set_message($message, "error");
    return FALSE;
  }
  return $directory;
}