From cd39396bb56d3c3c042adbfad35c71cc4c302dd7 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Sun, 19 Feb 2012 18:04:37 +0100
Subject: file/cron: make accessible via CLI only

In production environments the cronjob might run quite some time and
could be used to overload the server.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/controllers/file.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'application/controllers')

diff --git a/application/controllers/file.php b/application/controllers/file.php
index cb2a27a9d..fb4809164 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -34,7 +34,7 @@ class File extends CI_Controller {
 		// official client uses "fb-client/$version" as useragent
 		$clients = array("fb-client", "libcurl", "pyfb");
 		foreach ($clients as $client) {
-			if (strpos($_SERVER['HTTP_USER_AGENT'], $client) !== false) {
+			if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], $client) !== false) {
 				$this->var->cli_client = true;
 				break;
 			}
@@ -258,6 +258,11 @@ class File extends CI_Controller {
 	// Removes old files
 	function cron()
 	{
+		/* cron can only be run via the CLI
+		 * `php index.php file cron`
+		 */
+		if (!$this->input->is_cli_request()) return;
+
 		if ($this->config->item('upload_max_age') == 0) return;
 
 		$oldest_time = (time()-$this->config->item('upload_max_age'));
-- 
cgit v1.2.3-24-g4f1b