[security] warn about existence of config directory on main page

2009-03-25 08:32:33 +00:00
parent 8d7f812cd6
commit f6e8832f27
57 changed files with 64 additions and 0 deletions
--- a/main.php
+++ b/main.php
@@ -302,6 +302,14 @@ if (!empty($_SESSION['auto_blowfish_secret']) &&
    trigger_error($strSecretRequired, E_USER_WARNING);
 }

+/**
+ * Check for existence of config directory which should not exist in
+ * production environment.
+ */
+if (file_exists('./config')) {
+    trigger_error($strConfigDirectoryWarning, E_USER_WARNING);
+}
+
 /**
 * Check whether relations are supported.
 */