Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

ENHANCEMENT: protecting the "dms-assets" folder from web access

  • Loading branch information...
commit c571d5bc8d0552708f24406b09f59f11d6993802 1 parent c44434d
Julian Seidenberg candidasa authored
Showing with 19 additions and 3 deletions.
  1. +10 −3 code/DMS.php
  2. +3 −0  resources/.htaccess
  3. +6 −0 resources/web.config
13 code/DMS.php
View
@@ -6,7 +6,6 @@ class DMS implements DMSInterface {
//How many documents to store in a single folder. The square of this number is the maximum number of documents.
//The number should be a multiple of 10
static $dmsFolderSize = 1000;
- static $dmsPath; //DMS path set on creation
static $modelClass = 'DMSDocument';
static function set_model_class($className){
@@ -20,10 +19,18 @@ static function set_model_class($className){
* @return DMSInterface An instance of the Document Management System
*/
static function getDMSInstance() {
- self::$dmsPath = BASE_PATH . DIRECTORY_SEPARATOR . self::$dmsFolder;
+ $dmsPath = self::get_DMS_path();
$dms = new DMS();
- self::createStorageFolder(self::get_DMS_path());
+ if (!is_dir($dmsPath)) {
+ self::createStorageFolder($dmsPath);
+ }
+
+ if (!file_exists($dmsPath . DIRECTORY_SEPARATOR . '.htaccess')) {
+ //restrict access to the storage folder
+ copy(BASE_PATH . DIRECTORY_SEPARATOR . 'dms' . DIRECTORY_SEPARATOR . 'resources' . DIRECTORY_SEPARATOR . '.htaccess', $dmsPath . DIRECTORY_SEPARATOR . '.htaccess');
+ copy(BASE_PATH . DIRECTORY_SEPARATOR . 'dms' . DIRECTORY_SEPARATOR . 'resources' . DIRECTORY_SEPARATOR . 'web.config', $dmsPath . DIRECTORY_SEPARATOR . 'web.config');
+ }
return $dms;
}
3  resources/.htaccess
View
@@ -0,0 +1,3 @@
+<Files *>
+ Deny From All
+</Files>
6 resources/web.config
View
@@ -0,0 +1,6 @@
+<system.web>
+ <authorization>
+ <allow users="username">
+ <deny users="*"/>
+ </authorization>
+</system.web>
Please sign in to comment.
Something went wrong with that request. Please try again.