public function backup_migrate_destination_files::check_web_dir in Backup and Migrate 7.3
Same name and namespace in other branches
- 8.2 includes/destinations.file.inc \backup_migrate_destination_files::check_web_dir()
- 8.3 includes/destinations.file.inc \backup_migrate_destination_files::check_web_dir()
- 6.3 includes/destinations.file.inc \backup_migrate_destination_files::check_web_dir()
- 6.2 includes/destinations.file.inc \backup_migrate_destination_files::check_web_dir()
- 7.2 includes/destinations.file.inc \backup_migrate_destination_files::check_web_dir()
Check that a web accessible directory has been properly secured, othewise attempt to secure it.
1 call to backup_migrate_destination_files::check_web_dir()
- backup_migrate_destination_files::check_dir in includes/
destinations.file.inc - Prepare the destination directory for the backups.
File
- includes/
destinations.file.inc, line 229 - A destination type for saving locally to the server.
Class
- backup_migrate_destination_files
- A destination type for saving locally to the server.
Code
public function check_web_dir($directory) {
// Check if the file has already been tested.
if (is_file($directory . '/tested.txt')) {
return $directory;
}
else {
file_create_htaccess($directory, TRUE);
// Check the user agent to make sure we're not responding to a request from drupal itself.
// That should prevent infinite loops which could be caused by poormanscron in some circumstances.
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Drupal') !== FALSE) {
return FALSE;
}
// Check to see if the destination is publicly accessible.
$test_contents = "this file should not be publicly accessible";
// Create the the text.txt file if it's not already there.
if (!is_file($directory . '/test.txt') || file_get_contents($directory . '/test.txt') != $test_contents) {
if ($fp = fopen($directory . '/test.txt', 'w')) {
@fputs($fp, $test_contents);
fclose($fp);
}
else {
$message = t("Security notice: Backup and Migrate was unable to write a test text file to the destination directory %directory, and is therefore unable to check the security of the backup destination. Backups to the server will be disabled until the destination becomes writable and secure.", array(
'%directory' => $directory,
));
drupal_set_message($message, "error");
return FALSE;
}
}
// Attempt to read the test file via http. This may fail for other
// reasons, so it's not a bullet-proof check.
if ($this
->test_file_readable_remotely($directory . '/test.txt', $test_contents)) {
$message = t("Security notice: Backup and Migrate will not save backup files to the server because the destination directory is publicly accessible. If you want to save files to the server, please secure the '%directory' directory", array(
'%directory' => $directory,
));
drupal_set_message($message, "error");
unlink($directory . '/test.txt');
return FALSE;
}
// Directory tested OK, so we mark it as tested.
if ($fp = fopen($directory . '/tested.txt', 'w')) {
$contents = t('The presence of this file indicates that this directory has been tested as safe to use as a destination for Backup and Migrate. If you change the permissions of this directory or change your web server settings, please delete this file so that the directory can be checked again.');
@fputs($fp, $contents);
fclose($fp);
}
return $directory;
}
}