[Vtigercrm-commits] [vtiger-commits] r6809 - in /vtigercrm/branches/4.2.4: config.inc.php config.template.php log4php/appenders/LoggerAppenderFile.php

vtigercrm-commits at vtiger.fosslabs.com vtigercrm-commits at vtiger.fosslabs.com
Tue May 30 20:38:39 EDT 2006 

Author: allanbush
Date: Tue May 30 18:38:36 2006
New Revision: 6809

Log:
Added patch from #31, closes #31.

Modified:
    vtigercrm/branches/4.2.4/config.inc.php
    vtigercrm/branches/4.2.4/config.template.php
    vtigercrm/branches/4.2.4/log4php/appenders/LoggerAppenderFile.php

Modified: vtigercrm/branches/4.2.4/config.inc.php
==============================================================================
--- vtigercrm/branches/4.2.4/config.inc.php (original)
+++ vtigercrm/branches/4.2.4/config.inc.php Tue May 30 18:38:36 2006
@@ -67,4 +67,12 @@
 // this is for site specific special instructions
 $login_message = 'Please login to the application.';
 
+// access level for vtiger log files
+// set to 1, the vtiger.log will be readable by the owner (chmod: 0600)
+// set to 0, the vtiger.log will not be readable remotely (chmod: 0200)
+
+// 0 is recommended for security.
+// You may need to set it to 1 to read it for certain hosted accounts.
+$log_readable = 0;
+
 ?>

Modified: vtigercrm/branches/4.2.4/config.template.php
==============================================================================
--- vtigercrm/branches/4.2.4/config.template.php (original)
+++ vtigercrm/branches/4.2.4/config.template.php Tue May 30 18:38:36 2006
@@ -176,4 +176,12 @@
 // translation_string_prefix default value = false
 $translation_string_prefix = false;
 
+// access level for vtiger log files
+// set to 1, the vtiger.log will be readable by the owner (chmod: 0600)
+// set to 0, the vtiger.log will not be readable remotely (chmod: 0200)
+
+// 0 is recommended for security.
+// You may need to set it to 1 to read it for certain hosted accounts.
+$log_readable = 0;
+
 ?>

Modified: vtigercrm/branches/4.2.4/log4php/appenders/LoggerAppenderFile.php
==============================================================================
--- vtigercrm/branches/4.2.4/log4php/appenders/LoggerAppenderFile.php (original)
+++ vtigercrm/branches/4.2.4/log4php/appenders/LoggerAppenderFile.php Tue May 30 18:38:36 2006
@@ -26,6 +26,12 @@
 require_once(LOG4PHP_DIR . '/helpers/LoggerOptionConverter.php');
 require_once(LOG4PHP_DIR . '/LoggerLog.php');
 
+if (!defined('ROOT_DIR')) define('ROOT_DIR', LOG4PHP_DIR . '/..');
+if (!defined('LOG_READ'))
+{
+	include(ROOT_DIR . '/config.php');
+	define('LOG_READ', $log_readable);
+}
 /**
  * FileAppender appends log events to a file.
  *
@@ -77,7 +83,8 @@
         $this->fp = @fopen($fileName, ($this->getAppend()? 'a':'w'));
 
 	// Denying read option for log file. Added for Vulnerability fix
-        if (is_readable($fileName)) chmod ($fileName,0200);
+        if (is_readable($fileName) and (LOG_READ == 0)) chmod ($fileName,0200);
+        if (!is_readable($fileName) and (LOG_READ == 1)) chmod ($fileName,0600);
 
         if ($this->fp) {
             if ($this->getAppend())

More information about the vtigercrm-commits mailing list