diff --git a/application/language/en-US/config_lang.php b/application/language/en-US/config_lang.php
index 67f9cddf7..e11a7cf09 100644
--- a/application/language/en-US/config_lang.php
+++ b/application/language/en-US/config_lang.php
@@ -155,8 +155,8 @@ $lang["config_invoice_email_message"] = "Invoice Email Template";
$lang["config_invoice_enable"] = "Enable Invoicing";
$lang["config_invoice_printer"] = "Invoice Printer";
$lang["config_invoice_type"] = "Invoice Type";
-$lang["config_is_readable"] = "is readable, but the permissions are higher than 660.";
-$lang["config_is_writable"] = "is writable, but the permissions are higher than 750.";
+$lang["config_is_readable"] = "is readable, but the permissions are incorrectly set. Please set it to 640 or 660 and refresh.";
+$lang["config_is_writable"] = "is writable, but the permissions are incorrectly set. Please set it to 750 and refresh.";
$lang["config_jsprintsetup_required"] = "Warning: This functionality will only work if you have the FireFox jsPrintSetup addon installed. Save anyway?";
$lang["config_language"] = "Language";
$lang["config_last_used_invoice_number"] = "Last used Invoice Number";
@@ -205,7 +205,7 @@ $lang["config_number_locale_tooltip"] = "Find a suitable locale through this lin
$lang["config_os_timezone"] = "OSPOS Timezone:";
$lang["config_ospos_info"] = "OSPOS Installation Info";
$lang["config_payment_options_order"] = "Payment Options Order";
-$lang["config_perm_risk"] = "Permissions higher than 750 for write and 660 for read leaves this software at risk.";
+$lang["config_perm_risk"] = "Incorrect permissions leaves this software at risk.";
$lang["config_phone"] = "Company Phone";
$lang["config_phone_required"] = "Company Phone is a required field.";
$lang["config_print_bottom_margin"] = "Margin Bottom";
diff --git a/application/views/configs/system_info.php b/application/views/configs/system_info.php
index 3b8187718..fb2debc44 100644
--- a/application/views/configs/system_info.php
+++ b/application/views/configs/system_info.php
@@ -65,8 +65,8 @@
echo ' - ' . substr(sprintf("%o",fileperms($logs)),-4) . ' | ' . ' Not Writable ✗ ';
}
clearstatcache();
- if (is_writable($logs) && substr(decoct(fileperms($logs)), -4) >= 751 ) {
- echo ' | Vulnerable ✗';
+ if (is_writable($logs) && substr(decoct(fileperms($logs)), -4) != 750 ) {
+ echo ' | Vulnerable or Incorrect Permissions ✗';
} else {
echo ' | Security Check Passed ✓ ';
}
@@ -81,8 +81,8 @@
echo ' - ' . substr(sprintf("%o",fileperms($uploads)),-4) . ' | ' . ' Not Writable ✗ ';
}
clearstatcache();
- if (is_writable($uploads) && substr(decoct(fileperms($uploads)), -4) >= 751 ) {
- echo ' | Vulnerable ✗';
+ if (is_writable($uploads) && substr(decoct(fileperms($uploads)), -4) != 750 ) {
+ echo ' | Vulnerable or Incorrect Permissions ✗';
} else {
echo ' | Security Check Passed ✓ ';
}
@@ -97,8 +97,8 @@
echo ' - ' . substr(sprintf("%o",fileperms($images)),-4) . ' | ' . ' Not Writable ✗ ';
}
clearstatcache();
- if (is_writable($images) && substr(decoct(fileperms($images)), -4) >= 751 ) {
- echo ' | Vulnerable ✗';
+ if (substr(decoct(fileperms($images)), -4) != 750 ) {
+ echo ' | Vulnerable or Incorrect Permissions ✗';
} else {
echo ' | Security Check Passed ✓ ';
}
@@ -113,8 +113,8 @@
echo ' - ' . substr(sprintf("%o",fileperms($importcustomers)),-4) . ' | ' . ' Not Readable ✗ ';
}
clearstatcache();
- if (is_writable($importcustomers) && substr(decoct(fileperms($importcustomers)), -4) > 660 ) {
- echo ' | Vulnerable ✗';
+ if (!((substr(decoct(fileperms($importcustomers)), -4) == 640) || (substr(decoct(fileperms($importcustomers)), -4) == 660) )) {
+ echo ' | Vulnerable or Incorrect Permissions ✗';
} else {
echo ' | Security Check Passed ✓ ';
}
@@ -122,34 +122,27 @@
?>
= 700)
- && (substr(decoct(fileperms($uploads)), -4) <= 750 && substr(decoct(fileperms($uploads)), -4) >= 700)
- && (substr(decoct(fileperms($images)), -4) <= 750 && substr(decoct(fileperms($images)), -4) >= 700)
- && (substr(decoct(fileperms($importcustomers)), -4) <= 660 && substr(decoct(fileperms($importcustomers)), -4) >= 400)) {
- echo '
' . $this->lang->line('config_all_set') . ' ';
- }
- else {
- echo '
' . $this->lang->line('config_file_perm') . '
';
- }
- if(substr(decoct(fileperms($logs)), -4) >= 751
- OR substr(decoct(fileperms($uploads)), -4) >= 751
- OR substr(decoct(fileperms($images)), -4) >= 751
- OR substr(decoct(fileperms($importcustomers)), -4) > 660) {
+
+ if(!((substr(decoct(fileperms($logs)), -4) == 750) && (substr(decoct(fileperms($uploads)), -4) == 750) && (substr(decoct(fileperms($images)), -4) == 750)
+ && ((substr(decoct(fileperms($importcustomers)), -4) == 640) || (substr(decoct(fileperms($importcustomers)), -4) == 660)))) {
+// OR substr(decoct(fileperms($uploads)), -4) != 750
+ // OR substr(decoct(fileperms($images)), -4) != 750
+ // OR substr(decoct(fileperms($importcustomers)), -4) != 660) {
echo '
' . $this->lang->line('config_security_issue') . '
' . $this->lang->line('config_perm_risk') . '
';
}
else {
echo '
' . $this->lang->line('config_no_risk') . '
';
}
- if(substr(decoct(fileperms($logs)), -4) > 750) {
+ if(substr(decoct(fileperms($logs)), -4) != 750) {
echo '
» [application/logs:] ' . $this->lang->line('config_is_writable') . '';
}
- if(substr(decoct(fileperms($uploads)), -4) > 750) {
+ if(substr(decoct(fileperms($uploads)), -4) != 750) {
echo '
» [public/uploads:] ' . $this->lang->line('config_is_writable') . '';
}
- if(substr(decoct(fileperms($images)), -4) > 750) {
+ if(substr(decoct(fileperms($images)), -4) != 750) {
echo '
» [public/uploads/item_pics:] ' . $this->lang->line('config_is_writable') . '';
}
- if(substr(decoct(fileperms($importcustomers)), -4) > 660) {
+ if(!((substr(decoct(fileperms($importcustomers)), -4) == 640) || (substr(decoct(fileperms($importcustomers)), -4) == 660))) {
echo '
» [import_customers.csv:] ' . $this->lang->line('config_is_readable') . '';
}
?>