Changeset View
Changeset View
Standalone View
Standalone View
src/applications/config/check/PhabricatorSecuritySetupCheck.php
Show All 25 Lines | if (!$err && preg_match('/VULNERABLE/', $stdout)) { | ||||
$message = pht( | $message = pht( | ||||
'The version of %s on this system is out of date and contains a '. | 'The version of %s on this system is out of date and contains a '. | ||||
'major, widely disclosed vulnerability (the "Shellshock" '. | 'major, widely disclosed vulnerability (the "Shellshock" '. | ||||
'vulnerability).'. | 'vulnerability).'. | ||||
"\n\n". | "\n\n". | ||||
'Upgrade %s to a patched version.'. | 'Upgrade %s to a patched version.'. | ||||
"\n\n". | "\n\n". | ||||
'To learn more about how this issue affects Phabricator, see %s.', | 'To learn more about how this issue affects this software, see %s.', | ||||
phutil_tag('tt', array(), 'bash'), | phutil_tag('tt', array(), 'bash'), | ||||
phutil_tag('tt', array(), 'bash'), | phutil_tag('tt', array(), 'bash'), | ||||
phutil_tag( | phutil_tag( | ||||
'a', | 'a', | ||||
array( | array( | ||||
'href' => 'https://secure.phabricator.com/T6185', | 'href' => 'https://secure.phabricator.com/T6185', | ||||
'target' => '_blank', | 'target' => '_blank', | ||||
), | ), | ||||
Show All 13 Lines | if (!$file_domain) { | ||||
$this->newIssue('security.'.$file_key) | $this->newIssue('security.'.$file_key) | ||||
->setName(pht('Alternate File Domain Not Configured')) | ->setName(pht('Alternate File Domain Not Configured')) | ||||
->setSummary( | ->setSummary( | ||||
pht( | pht( | ||||
'Improve security by configuring an alternate file domain.')) | 'Improve security by configuring an alternate file domain.')) | ||||
->setMessage( | ->setMessage( | ||||
pht( | pht( | ||||
'Phabricator is currently configured to serve user uploads '. | 'This software is currently configured to serve user uploads '. | ||||
'directly from the same domain as other content. This is a '. | 'directly from the same domain as other content. This is a '. | ||||
'security risk.'. | 'security risk.'. | ||||
"\n\n". | "\n\n". | ||||
'Configure a CDN (or alternate file domain) to eliminate this '. | 'Configure a CDN (or alternate file domain) to eliminate this '. | ||||
'risk. Using a CDN will also improve performance. See the '. | 'risk. Using a CDN will also improve performance. See the '. | ||||
'guide below for instructions.')) | 'guide below for instructions.')) | ||||
->addPhabricatorConfig($file_key) | ->addPhabricatorConfig($file_key) | ||||
->addLink( | ->addLink( | ||||
$doc_href, | $doc_href, | ||||
pht('Configuration Guide: Configuring a File Domain')); | pht('Configuration Guide: Configuring a File Domain')); | ||||
} | } | ||||
} | } | ||||
} | } |