security/core#111 Add in Status check for if Anonymous Users have edit...

security/core#111 Add in Status check for if Anonymous Users have edit contributions and or access CiviContribute Permissions

security/core#111 Add in Status check for if Anonymous Users have edit...
0bab1fe8 · Seamus Lee · totten · cd8066be · 0bab1fe8
Commit 0bab1fe8 authored 3 years ago by Seamus Lee Committed by totten 3 years ago
--- a/CRM/Utils/Check/Component/Security.php
+++ b/CRM/Utils/Check/Component/Security.php
@@ -292,6 +292,33 @@ class CRM_Utils_Check_Component_Security extends CRM_Utils_Check_Component {
    return $messages;
  }

+  /**
+   * Check to see if anonymous user has edit contributions permission
+   * @return CRM_Utils_Check_Message[]
+   */
+  public function checkAnonEditContribution() {
+    $messages = [];
+    $permissions = [];
+    if (CRM_Core_Config::singleton()->userPermissionClass->check('edit contributions', 0)) {
+      $permissions[] = 'edit contributions';
+    }
+    if (CRM_Core_Config::singleton()->userPermissionClass->check('access CiviContribute', 0)) {
+      $permissions[] = 'access CiviContribute';
+    }
+    if (!empty($permissions)) {
+      $messages[] = new CRM_Utils_Check_Message(
+        __FUNCTION__,
+        ts('Anonymous users have permissions (%1). This may cause leakage of information in regards to recurring contributions.', [
+          1 => implode(', ', $permissions),
+        ]),
+        ts('Security Warning'),
+        \Psr\Log\LogLevel::WARNING,
+        'fa-lock'
+      );
+    }
+    return $messages;
+  }
+
  /**
   * Determine whether $url is a public, browsable listing for $dir
   *