From 1c6ff0a9b9251695400be4082ea08a7663b55b9c Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Wed, 28 Mar 2018 14:39:13 -0700 Subject: [PATCH 1/3] CRM_Utils_Check_Component_Env - Remove redundant check for extensionsDir When you have a non-writeable extensions directory, *two* status checks will copmlain about it (`checkDirsWritable`, `checkExtensions`). Between the two, `checkExtensions` is smarter. --- CRM/Utils/Check/Component/Env.php | 1 - 1 file changed, 1 deletion(-) diff --git a/CRM/Utils/Check/Component/Env.php b/CRM/Utils/Check/Component/Env.php index 8a8e75fa3501..ee1da2aed8bb 100644 --- a/CRM/Utils/Check/Component/Env.php +++ b/CRM/Utils/Check/Component/Env.php @@ -413,7 +413,6 @@ public function checkDirsWritable() { 'uploadDir' => ts('Temporary Files Directory'), 'imageUploadDir' => ts('Images Directory'), 'customFileUploadDir' => ts('Custom Files Directory'), - 'extensionsDir' => ts('CiviCRM Extensions Directory'), ); foreach ($directories as $directory => $label) { From 37b705a0d678403b08fe89bb547917b886470837 Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Wed, 28 Mar 2018 14:59:27 -0700 Subject: [PATCH 2/3] CRM_Utils_Check_Component_Env - Soften messages for read-only extDir There are competing schools of thought on whether extension folders should be web-writable: * Sometimes, the most active (or the only) admins are web-based. Making the folder writeable lets them keep extensions up-to-date through the web UI. This includes applying security-fixes for extensions. Thus, sites with writeable extdir are harder to attack (more secure). * Sometimes, the most active (or the only) admins don't use the web-based admin UI, and they don't trust any web-based users to do administration. They don't want the folder to be writeable. * If there's a flaw that allows writing to the filesystem, it could be escalated to writing+executing code. Thus, sites with read-only extdir are harder to attack (more secure). This commit tries to accept each scenario as valid -- but communicate better. Instead of flatly describing the read-only dir as erroreous, present a warning with some choice/trade-off. --- CRM/Utils/Check/Component/Env.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CRM/Utils/Check/Component/Env.php b/CRM/Utils/Check/Component/Env.php index ee1da2aed8bb..4b9cfd39650e 100644 --- a/CRM/Utils/Check/Component/Env.php +++ b/CRM/Utils/Check/Component/Env.php @@ -581,10 +581,10 @@ public function checkExtensions() { elseif (!is_writable($basedir)) { $messages[] = new CRM_Utils_Check_Message( __FUNCTION__, - ts('Directory %1 is not writable. Please change your file permissions.', + ts('Your extensions directory (%1) is read-only. If you would like perform downloads or upgrades, then change the file permissions.', array(1 => $basedir)), - ts('Directory not writable'), - \Psr\Log\LogLevel::ERROR, + ts('Read-Only Extensions'), + \Psr\Log\LogLevel::WARNING, 'fa-plug' ); return $messages; From 599164feb5430cd703b4ecc261a9feffc7729322 Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Wed, 28 Mar 2018 15:33:57 -0700 Subject: [PATCH 3/3] CRM_Utils_Check_Component_Env::checkExtensions - Fix typo --- CRM/Utils/Check/Component/Env.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CRM/Utils/Check/Component/Env.php b/CRM/Utils/Check/Component/Env.php index 4b9cfd39650e..75532be0497b 100644 --- a/CRM/Utils/Check/Component/Env.php +++ b/CRM/Utils/Check/Component/Env.php @@ -581,7 +581,7 @@ public function checkExtensions() { elseif (!is_writable($basedir)) { $messages[] = new CRM_Utils_Check_Message( __FUNCTION__, - ts('Your extensions directory (%1) is read-only. If you would like perform downloads or upgrades, then change the file permissions.', + ts('Your extensions directory (%1) is read-only. If you would like to perform downloads or upgrades, then change the file permissions.', array(1 => $basedir)), ts('Read-Only Extensions'), \Psr\Log\LogLevel::WARNING,