ENHANCEMENT: protecting the "dms-assets" folder from web access

This commit is contained in:
Julian Seidenberg 2012-08-07 11:02:57 +12:00
parent c44434d498
commit c571d5bc8d
3 changed files with 19 additions and 3 deletions

View File

@ -6,7 +6,6 @@ class DMS implements DMSInterface {
//How many documents to store in a single folder. The square of this number is the maximum number of documents.
//The number should be a multiple of 10
static $dmsFolderSize = 1000;
static $dmsPath; //DMS path set on creation
static $modelClass = 'DMSDocument';
static function set_model_class($className){
@ -20,10 +19,18 @@ class DMS implements DMSInterface {
* @return DMSInterface An instance of the Document Management System
*/
static function getDMSInstance() {
self::$dmsPath = BASE_PATH . DIRECTORY_SEPARATOR . self::$dmsFolder;
$dmsPath = self::get_DMS_path();
$dms = new DMS();
self::createStorageFolder(self::get_DMS_path());
if (!is_dir($dmsPath)) {
self::createStorageFolder($dmsPath);
}
if (!file_exists($dmsPath . DIRECTORY_SEPARATOR . '.htaccess')) {
//restrict access to the storage folder
copy(BASE_PATH . DIRECTORY_SEPARATOR . 'dms' . DIRECTORY_SEPARATOR . 'resources' . DIRECTORY_SEPARATOR . '.htaccess', $dmsPath . DIRECTORY_SEPARATOR . '.htaccess');
copy(BASE_PATH . DIRECTORY_SEPARATOR . 'dms' . DIRECTORY_SEPARATOR . 'resources' . DIRECTORY_SEPARATOR . 'web.config', $dmsPath . DIRECTORY_SEPARATOR . 'web.config');
}
return $dms;
}

3
resources/.htaccess Normal file
View File

@ -0,0 +1,3 @@
<Files *>
Deny From All
</Files>

6
resources/web.config Normal file
View File

@ -0,0 +1,6 @@
<system.web>
<authorization>
<allow users="username">
<deny users="*"/>
</authorization>
</system.web>