Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CRM-15925 CRM-15928 Port changes from Totten #8957

Merged
merged 2 commits into from
Sep 1, 2016
Merged

CRM-15925 CRM-15928 Port changes from Totten #8957

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6045da4
CRM-15925 - CRM/Upgrade - Add post-upgrade msg re: "import SQL dataso…
seamuslee001 Aug 30, 2016
759fafa
CRM-15928 - Display warning if is enabled
seamuslee001 Aug 30, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CRM/Upgrade/Incremental/php/FourSix.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,9 @@ public function setPostUpgradeMessage(&$postUpgradeMessage, $rev) {
// if ($rev == '4.6.21') {
// $postUpgradeMessage .= '<br /><br />' . ts("WARNING: For increased security, profile submissions embedded in remote sites are no longer allowed to create or edit data by default. If you need to allow users to submit profiles from external sites, you can restore this at Administer > System Settings > Misc (Undelete, PDFs, Limits, Logging, Captcha, etc.) > 'Accept profile submissions from external sites'");
// }
if ($rev == '4.6.21') {
$postUpgradeMessage .= '<br /><br />' . ts("By default, CiviCRM now disables the ability to import directly fro SQL. To use this feature, you must explicitly grant permission 'import SQL datasource'.");
}
}


Expand Down
23 changes: 22 additions & 1 deletion CRM/Utils/Check/Security.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,11 +62,32 @@ public function checkAll() {
$this->checkLogFileIsNotAccessible(),
$this->checkUploadsAreNotAccessible(),
$this->checkDirectoriesAreNotBrowseable(),
$this->checkFilesAreNotPresent()
$this->checkFilesAreNotPresent(),
$this->checkRemoteProfile()
);
return $messages;
}

/**
* Discourage use of remote profile forms.
*/
public function checkRemoteProfile() {
$messages = array();

if (CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'remote_profile_submissions')) {
$messages[] = new CRM_Utils_Check_Message(
__FUNCTION__,
ts('Warning: External profile support (aka "HTML Snippet" support) is enabled in <a href="%1">system settings</a>. This setting may be prone to abuse. If you must retain it, consider HTTP throttling or other protections.',
array(1 => CRM_Utils_System::url('civicrm/admin/setting/misc', 'reset=1'))
),
ts('Remote Profiles Enabled')
);
}

return $messages;
}


/**
* Check if our logfile is directly accessible.
*
Expand Down