function security_review_check_file_perms in Security Review 6
Same name and namespace in other branches
- 7 security_review.inc \security_review_check_file_perms()
Check that files aren't writeable by the server.
1 call to security_review_check_file_perms()
1 string reference to 'security_review_check_file_perms'
- _security_review_security_checks in ./
security_review.inc - Checks for security_review_security_checks() or security_review_get_checks().
File
- ./
security_review.inc, line 224 - Stand-alone security checks and review system.
Code
function security_review_check_file_perms() {
$result = TRUE;
// Extract ending folder for file directory path.
$file_path = './' . rtrim(file_directory_path(), '/');
// Set files to ignore.
$ignore = array(
'..',
'CVS',
$file_path,
);
// Add temporary files directory if it's set.
$temp_path = variable_get('file_directory_temp', '');
if (!empty($temp_path)) {
$ignore[] = './' . rtrim($temp_path, '/');
}
drupal_alter('security_review_file_ignore', $ignore);
$files = _security_review_check_file_perms_scan('.', $ignore);
// Try creating or appending files.
// Assume it doesn't work.
$create_status = $append_status = FALSE;
$directory = drupal_get_path('module', 'security_review');
// Write a file with the timestamp
$file = './' . $directory . '/file_write_test.' . date('Ymdhis');
if ($file_create = @fopen($file, 'w')) {
$create_status = fwrite($file_create, t("This is a vulnerable directory.\n"));
fclose($file_create);
}
// Try to append to our IGNOREME file.
$file = './' . $directory . '/IGNOREME.txt';
if ($file_append = @fopen($file, 'a')) {
$append_status = fwrite($file_append, date('Ymdhis') . "\n");
fclose($file_append);
}
if (count($files) || $create_status || $append_status) {
$result = FALSE;
}
return array(
'result' => $result,
'value' => $files,
);
}