summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/controllers/permissions.php1
-rw-r--r--core/helpers/access.php28
-rw-r--r--core/views/permissions_browse.html.php7
3 files changed, 36 insertions, 0 deletions
diff --git a/core/controllers/permissions.php b/core/controllers/permissions.php
index 70212d9f..b0cee303 100644
--- a/core/controllers/permissions.php
+++ b/core/controllers/permissions.php
@@ -27,6 +27,7 @@ class Permissions_Controller extends Controller {
}
$view = new View("permissions_browse.html");
+ $view->htaccess_works = access::htaccess_works();
$view->item = $item;
$view->parents = $item->parents();
$view->form = $this->_get_form($item);
diff --git a/core/helpers/access.php b/core/helpers/access.php
index c766870b..b9472aa0 100644
--- a/core/helpers/access.php
+++ b/core/helpers/access.php
@@ -595,4 +595,32 @@ class access_Core {
static function private_key() {
return module::get_var("core", "private_key");
}
+
+ /**
+ * Verify that our htaccess based permission system actually works. Create a temporary
+ * directory containing an .htaccess file that uses mod_rewrite to redirect /verify to
+ * /success. Then request that url. If we retrieve it successfully, then our redirects are
+ * working and our permission system works.
+ */
+ static function htaccess_works() {
+ $success_url = url::file("var/tmp/security_test/success");
+
+ @mkdir(VARPATH . "tmp/security_test");
+ if ($fp = @fopen(VARPATH . "tmp/security_test/.htaccess", "w+")) {
+ fwrite($fp, "RewriteEngine On\n");
+ fwrite($fp, "RewriteRule verify $success_url [L]\n");
+ fclose($fp);
+ }
+
+ if ($fp = @fopen(VARPATH . "tmp/security_test/success", "w+")) {
+ fwrite($fp, "success");
+ fclose($fp);
+ }
+
+ list ($response) = remote::do_request(url::abs_file("var/tmp/security_test/verify"));
+ $works = $response == "HTTP/1.1 200 OK";
+ @dir::unlink(VARPATH . "tmp/security_test");
+
+ return $works;
+ }
}
diff --git a/core/views/permissions_browse.html.php b/core/views/permissions_browse.html.php
index 30bd240d..afd87c2b 100644
--- a/core/views/permissions_browse.html.php
+++ b/core/views/permissions_browse.html.php
@@ -24,6 +24,13 @@
}
</script>
<div id="gPermissions">
+ <? if (!$htaccess_works): ?>
+ <ul id="gMessage">
+ <li class="gError">
+ <?= t("Oh no! Your server needs a configuration change in order for you to hide photos! Ask your server administrator to set <a href=\"%url\"><i>AllowOverride FileInfo Options</i></a> to fix this.", array("url" => "http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride")) ?>
+ </li>
+ </ul>
+ <? endif ?>
<ul>
<? foreach ($parents as $parent): ?>
<li>
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 14:26:53 +0000