From c2b1c6869901b7b6e0208a0d33cc50d5035f6c3b Mon Sep 17 00:00:00 2001
From: xisi <chaeldarrs@gmail.com>
Date: Wed, 29 Jan 2014 05:20:06 -0500
Subject: [PATCH] added check if we can write config files to admin_checks, we
 shouldnt be able to

---
 public/include/admin_checks.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/public/include/admin_checks.php b/public/include/admin_checks.php
index 2652659b..094555ce 100644
--- a/public/include/admin_checks.php
+++ b/public/include/admin_checks.php
@@ -44,6 +44,11 @@ if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA'][
   if (!is_writable(THEME_DIR.'/compile')) {
     $error[] = "templates/compile folder is not writable for uid {$apache_user['name']}";
   }
+  // check if we can write the config files, we should NOT be able to -> error
+  if (is_writable(INCLUDE_DIR.'/config/global.inc.php') || is_writable(INCLUDE_DIR.'/config/global.inc.dist.php') ||
+      is_writable(INCLUDE_DIR.'/config/security.inc.php') || is_writable(INCLUDE_DIR.'/config/security.inc.dist.php')) {
+    $error[] = "Your config files <b>SHOULD NOT be writable to this user</b>!";
+  }
   // check if daemon can connect -> error
   try {
     if ($bitcoin->can_connect() !== true) {