2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
44 $ignoreCase = (substr_count(strtolower($_SERVER['SERVER_SOFTWARE']), 'apache/2') > 0)?'(?i)':'';
45 $htaccess_file = getcwd() . "/.htaccess";
48 $restrict_str = <<<EOQ
49 # BEGIN SUGARCRM RESTRICTIONS
50 RedirectMatch 403 {$ignoreCase}.*\.log$
51 RedirectMatch 403 {$ignoreCase}/+not_imported_.*\.txt
52 RedirectMatch 403 {$ignoreCase}/+(soap|cache|xtemplate|data|examples|include|log4php|metadata|modules)/+.*\.(php|tpl)
53 RedirectMatch 403 {$ignoreCase}/+emailmandelivery\.php
54 RedirectMatch 403 {$ignoreCase}/+upload
55 RedirectMatch 403 {$ignoreCase}/+cache/+diagnostic
56 RedirectMatch 403 {$ignoreCase}/+files\.md5\$
57 # END SUGARCRM RESTRICTIONS
60 if(file_exists($htaccess_file)){
61 $fp = fopen($htaccess_file, 'r');
63 while($line = fgets($fp)){
65 if(preg_match('/\s*#\s*BEGIN\s*SUGARCRM\s*RESTRICTIONS/i', $line))$skip = true;
66 if(!$skip)$contents .= $line;
67 if(preg_match('/\s*#\s*END\s*SUGARCRM\s*RESTRICTIONS/i', $line))$skip = false;
70 if(substr($contents, -1) != "\n") {
71 $restrict_str = "\n".$restrict_str;
73 $status = file_put_contents($htaccess_file, $contents . $restrict_str);
75 echo '<p>' . $mod_strings['LBL_HT_NO_WRITE'] . '<span class=stop>$htaccess_file</span></p>\n';
76 echo '<p>' . $mod_strings['LBL_HT_NO_WRITE_2'] . '</p>\n';
81 // cn: bug 9365 - security for filesystem
85 if (empty($GLOBALS['sugar_config']['upload_dir'])) {
86 $GLOBALS['sugar_config']['upload_dir']='upload/';
89 $uploadHta = "upload://.htaccess";
98 if(file_exists($uploadHta) && filesize($uploadHta)) {
99 // file exists, parse to make sure it is current
100 if(is_writable($uploadHta)) {
101 $oldHtaccess = file_get_contents($uploadHta);
102 // use a different regex boundary b/c .htaccess uses the typicals
103 if(strstr($oldHtaccess, $denyAll) === false) {
104 $oldHtaccess .= "\n";
105 $oldHtaccess .= $denyAll;
107 if(!file_put_contents($uploadHta, $oldHtaccess)) {
108 $htaccess_failed = true;
111 $htaccess_failed = true;
114 // no .htaccess yet, create a fill
115 if(!file_put_contents($uploadHta, $denyAll)) {
116 $htaccess_failed = true;
120 include('modules/Versions/ExpectedVersions.php');
122 global $expect_versions;
124 if (isset($expect_versions['htaccess'])) {
125 $version = new Version();
126 $version->retrieve_by_string_fields(array('name'=>'htaccess'));
128 $version->name = $expect_versions['htaccess']['name'];
129 $version->file_version = $expect_versions['htaccess']['file_version'];
130 $version->db_version = $expect_versions['htaccess']['db_version'];
134 /* Commenting out as this shows on upgrade screen
135 * echo "\n" . $mod_strings['LBL_HT_DONE']. "<br />\n";