[CRM-17149] Unjustified security warning about debug log file being downloadable - CiviCRM Issue Tracker

Details

Type: Bug
Status: Done/Fixed
Priority: Trivial
Resolution: Fixed/Completed
Affects Version/s: 4.6.8
Fix Version/s: None
Component/s: Core CiviCRM
Labels:

Documentation Required?:
None
Funding Source:
Contributed Code

Description

Setting the CiviCRM debug log outside of the web root is best practices. Yet when you do so you are greeted with a warning message about this debug log being downloadable.

This is because the current security checks code assumes that the debug log is somewhere under the 'files' directory in Drupal/WordPress and does not check otherwise.

Attachments

Issue Links

supplements

CRM-13639 Do not write CiviCRM logfiles to web-accessible locations

Open

links to

PR: civicrm-core#6675: CRM-17149: full fix

Activity

People

Assignee:

Nicolas Ganivet

Reporter:

Nicolas Ganivet

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2015-09-03 17:50

Updated:

2015-09-05 15:43

Resolved:

2015-09-05 15:43

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified