Merge pull request #2489 from totten/4.4-restrictBrowsing-defensive

CRM-14092 - restrictBrowsing - Defensive programming

Merge pull request #2489 from totten/4.4-restrictBrowsing-defensive
5dc21dd8 · Tim Otten · b3fe6f20 · 1305c22b · b3fe6f20 · 5dc21dd8
Commit 5dc21dd8 authored 11 years ago by Tim Otten
--- a/CRM/Upgrade/Incremental/sql/4.4.5.mysql.tpl
+++ b/CRM/Upgrade/Incremental/sql/4.4.5.mysql.tpl
-{* file to handle db changes in 4.4.5 during upgrade *}
--- a/CRM/Utils/Check/Security.php
+++ b/CRM/Utils/Check/Security.php
@@ -256,7 +256,7 @@ class CRM_Utils_Check_Security {
   * @return bool
   */
  public function isBrowsable($dir, $url) {
-    if (empty($dir) || empty($url)) {
+    if (empty($dir) || empty($url) || !is_dir($dir)) {
      return FALSE;
    }


--- a/CRM/Utils/File.php
+++ b/CRM/Utils/File.php
@@ -407,6 +407,10 @@ HTACCESS;
   * @param $publicDir
   */
  static function restrictBrowsing($publicDir) {
+    if (!is_dir($publicDir) || !is_writable($publicDir)) {
+      return;
+    }
+
    // base dir
    $nobrowse = realpath($publicDir) . '/index.html';
    if (!file_exists($nobrowse)) {

--- a/sql/civicrm_generated.mysql
+++ b/sql/civicrm_generated.mysql
@@ -382,7 +382,7 @@ UNLOCK TABLES;
  
 LOCK TABLES `civicrm_domain` WRITE;
 /*!40000 ALTER TABLE `civicrm_domain` DISABLE KEYS */;
-INSERT INTO `civicrm_domain` (`id`, `name`, `description`, `config_backend`, `version`, `contact_id`, `locales`, `locale_custom_strings`) VALUES (1,'Default Domain Name',NULL,NULL,'4.4.5',1,NULL,'a:1:{s:5:\"en_US\";a:0:{}}');
+INSERT INTO `civicrm_domain` (`id`, `name`, `description`, `config_backend`, `version`, `contact_id`, `locales`, `locale_custom_strings`) VALUES (1,'Default Domain Name',NULL,NULL,'4.4.4',1,NULL,'a:1:{s:5:\"en_US\";a:0:{}}');
 /*!40000 ALTER TABLE `civicrm_domain` ENABLE KEYS */;
 UNLOCK TABLES;
  
--- a/xml/version.xml
+++ b/xml/version.xml
 <?xml version="1.0" encoding="iso-8859-1" ?>
 <version>
-    <version_no>4.4.5</version_no>
+    <version_no>4.4.4</version_no>
 </version>