From c9101bc0868e64fdeb45d13d2e0a7b4cbf17e35c Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 21 May 2009 06:06:08 +0000
Subject: Check to make sure that our permission system is working and report
 back to our users in the edit permissions dialog.

---
 core/controllers/permissions.php       |  1 +
 core/helpers/access.php                | 28 ++++++++++++++++++++++++++++
 core/views/permissions_browse.html.php |  7 +++++++
 3 files changed, 36 insertions(+)

(limited to 'core')

diff --git a/core/controllers/permissions.php b/core/controllers/permissions.php
index 70212d9f..b0cee303 100644
--- a/core/controllers/permissions.php
+++ b/core/controllers/permissions.php
@@ -27,6 +27,7 @@ class Permissions_Controller extends Controller {
     }
 
     $view = new View("permissions_browse.html");
+    $view->htaccess_works = access::htaccess_works();
     $view->item = $item;
     $view->parents = $item->parents();
     $view->form = $this->_get_form($item);
diff --git a/core/helpers/access.php b/core/helpers/access.php
index c766870b..b9472aa0 100644
--- a/core/helpers/access.php
+++ b/core/helpers/access.php
@@ -595,4 +595,32 @@ class access_Core {
   static function private_key() {
     return module::get_var("core", "private_key");
   }
+
+  /**
+   * Verify that our htaccess based permission system actually works.  Create a temporary
+   * directory containing an .htaccess file that uses mod_rewrite to redirect /verify to
+   * /success.  Then request that url.  If we retrieve it successfully, then our redirects are
+   * working and our permission system works.
+   */
+  static function htaccess_works() {
+    $success_url = url::file("var/tmp/security_test/success");
+
+    @mkdir(VARPATH . "tmp/security_test");
+    if ($fp = @fopen(VARPATH . "tmp/security_test/.htaccess", "w+")) {
+      fwrite($fp, "RewriteEngine On\n");
+      fwrite($fp, "RewriteRule verify $success_url [L]\n");
+      fclose($fp);
+    }
+
+    if ($fp = @fopen(VARPATH . "tmp/security_test/success", "w+")) {
+      fwrite($fp, "success");
+      fclose($fp);
+    }
+
+    list ($response) = remote::do_request(url::abs_file("var/tmp/security_test/verify"));
+    $works = $response == "HTTP/1.1 200 OK";
+    @dir::unlink(VARPATH . "tmp/security_test");
+
+    return $works;
+  }
 }
diff --git a/core/views/permissions_browse.html.php b/core/views/permissions_browse.html.php
index 30bd240d..afd87c2b 100644
--- a/core/views/permissions_browse.html.php
+++ b/core/views/permissions_browse.html.php
@@ -24,6 +24,13 @@
   }
 </script>
 <div id="gPermissions">
+  <? if (!$htaccess_works): ?>
+  <ul id="gMessage">
+    <li class="gError">
+      <?= t("Oh no!  Your server needs a configuration change in order for you to hide photos!  Ask your server administrator to set <a href=\"%url\"><i>AllowOverride FileInfo Options</i></a> to fix this.", array("url" => "http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride")) ?>
+    </li>
+  </ul>
+  <? endif ?>
   <ul>
     <? foreach ($parents as $parent): ?>
     <li>
-- 
cgit v1.2.3