From c9101bc0868e64fdeb45d13d2e0a7b4cbf17e35c Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 21 May 2009 06:06:08 +0000
Subject: Check to make sure that our permission system is working and report
 back to our users in the edit permissions dialog.

---
 core/helpers/access.php | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'core/helpers')

diff --git a/core/helpers/access.php b/core/helpers/access.php
index c766870b..b9472aa0 100644
--- a/core/helpers/access.php
+++ b/core/helpers/access.php
@@ -595,4 +595,32 @@ class access_Core {
   static function private_key() {
     return module::get_var("core", "private_key");
   }
+
+  /**
+   * Verify that our htaccess based permission system actually works.  Create a temporary
+   * directory containing an .htaccess file that uses mod_rewrite to redirect /verify to
+   * /success.  Then request that url.  If we retrieve it successfully, then our redirects are
+   * working and our permission system works.
+   */
+  static function htaccess_works() {
+    $success_url = url::file("var/tmp/security_test/success");
+
+    @mkdir(VARPATH . "tmp/security_test");
+    if ($fp = @fopen(VARPATH . "tmp/security_test/.htaccess", "w+")) {
+      fwrite($fp, "RewriteEngine On\n");
+      fwrite($fp, "RewriteRule verify $success_url [L]\n");
+      fclose($fp);
+    }
+
+    if ($fp = @fopen(VARPATH . "tmp/security_test/success", "w+")) {
+      fwrite($fp, "success");
+      fclose($fp);
+    }
+
+    list ($response) = remote::do_request(url::abs_file("var/tmp/security_test/verify"));
+    $works = $response == "HTTP/1.1 200 OK";
+    @dir::unlink(VARPATH . "tmp/security_test");
+
+    return $works;
+  }
 }
-- 
cgit v1.2.3