diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-05-21 06:06:08 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-05-21 06:06:08 +0000 |
| commit | c9101bc0868e64fdeb45d13d2e0a7b4cbf17e35c (patch) | |
| tree | 4adc973c975c5c17dcbb7bc700bd5c3f685d122c /core | |
| parent | cce2f3e77ac0b79b5cc94a5404693e358adf2e54 (diff) | |
Check to make sure that our permission system is working and report
back to our users in the edit permissions dialog.
Diffstat (limited to 'core')
| -rw-r--r-- | core/controllers/permissions.php | 1 | ||||
| -rw-r--r-- | core/helpers/access.php | 28 | ||||
| -rw-r--r-- | core/views/permissions_browse.html.php | 7 |
3 files changed, 36 insertions, 0 deletions
diff --git a/core/controllers/permissions.php b/core/controllers/permissions.php index 70212d9f..b0cee303 100644 --- a/core/controllers/permissions.php +++ b/core/controllers/permissions.php @@ -27,6 +27,7 @@ class Permissions_Controller extends Controller { } $view = new View("permissions_browse.html"); + $view->htaccess_works = access::htaccess_works(); $view->item = $item; $view->parents = $item->parents(); $view->form = $this->_get_form($item); diff --git a/core/helpers/access.php b/core/helpers/access.php index c766870b..b9472aa0 100644 --- a/core/helpers/access.php +++ b/core/helpers/access.php @@ -595,4 +595,32 @@ class access_Core { static function private_key() { return module::get_var("core", "private_key"); } + + /** + * Verify that our htaccess based permission system actually works. Create a temporary + * directory containing an .htaccess file that uses mod_rewrite to redirect /verify to + * /success. Then request that url. If we retrieve it successfully, then our redirects are + * working and our permission system works. + */ + static function htaccess_works() { + $success_url = url::file("var/tmp/security_test/success"); + + @mkdir(VARPATH . "tmp/security_test"); + if ($fp = @fopen(VARPATH . "tmp/security_test/.htaccess", "w+")) { + fwrite($fp, "RewriteEngine On\n"); + fwrite($fp, "RewriteRule verify $success_url [L]\n"); + fclose($fp); + } + + if ($fp = @fopen(VARPATH . "tmp/security_test/success", "w+")) { + fwrite($fp, "success"); + fclose($fp); + } + + list ($response) = remote::do_request(url::abs_file("var/tmp/security_test/verify")); + $works = $response == "HTTP/1.1 200 OK"; + @dir::unlink(VARPATH . "tmp/security_test"); + + return $works; + } } diff --git a/core/views/permissions_browse.html.php b/core/views/permissions_browse.html.php index 30bd240d..afd87c2b 100644 --- a/core/views/permissions_browse.html.php +++ b/core/views/permissions_browse.html.php @@ -24,6 +24,13 @@ } </script> <div id="gPermissions"> + <? if (!$htaccess_works): ?> + <ul id="gMessage"> + <li class="gError"> + <?= t("Oh no! Your server needs a configuration change in order for you to hide photos! Ask your server administrator to set <a href=\"%url\"><i>AllowOverride FileInfo Options</i></a> to fix this.", array("url" => "http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride")) ?> + </li> + </ul> + <? endif ?> <ul> <? foreach ($parents as $parent): ?> <li> |