_cache = $cache; $this->_backendConfig = $backendConfig; $this->_config = $config; $this->_curlFactory = $curlFactory; } /** * Check verification result and return true if system must to show notification message * * @return bool */ private function _canShowNotification() { if ($this->_cache->load(self::VERIFICATION_RESULT_CACHE_KEY)) { return false; } if ($this->_isFileAccessible()) { return true; } $adminSessionLifetime = (int)$this->_backendConfig->getValue('admin/security/session_lifetime'); $this->_cache->save(true, self::VERIFICATION_RESULT_CACHE_KEY, [], $adminSessionLifetime); return false; } /** * If file is accessible return true or false * * @return bool */ private function _isFileAccessible() { $unsecureBaseURL = $this->_config->getValue(Store::XML_PATH_UNSECURE_BASE_URL, 'default'); /** @var $http \Magento\Framework\HTTP\Adapter\Curl */ $http = $this->_curlFactory->create(); $http->setConfig(['timeout' => $this->_verificationTimeOut]); $http->write(\Zend_Http_Client::POST, $unsecureBaseURL . $this->_filePath); $responseBody = $http->read(); $responseCode = \Zend_Http_Response::extractCode($responseBody); $http->close(); return $responseCode == 200; } /** * Retrieve unique message identity * * @return string */ public function getIdentity() { return 'security'; } /** * Check whether * * @return bool */ public function isDisplayed() { return $this->_canShowNotification(); } /** * Retrieve message text * * @return \Magento\Framework\Phrase */ public function getText() { return __( 'Your web server is set up incorrectly and allows unauthorized access to sensitive files. ' . 'Please contact your hosting provider.' ); } /** * Retrieve message severity * * @return int */ public function getSeverity() { return \Magento\Framework\Notification\MessageInterface::SEVERITY_CRITICAL; } }