Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.235
diff -u -p -r1.235 system.install
--- modules/system/system.install	24 Jan 2008 10:41:17 -0000	1.235
+++ modules/system/system.install	27 Jan 2008 04:25:42 -0000
@@ -145,6 +145,35 @@ function system_requirements($phase) {
     $requirements['settings.php']['title'] = $t('Configuration file');
   }
 
+  // Test CHANGELOG.txt file readability
+  if ($phase == 'runtime') {
+    $warning = FALSE;
+    $txt_files = array('CHANGELOG.txt', 'INSTALL.txt', 'UPGRADE.txt', 'INSTALL.mysql.txt', 'INSTALL.pgsql.txt', 'MAINTAINERS.txt');
+    foreach ($txt_files as $file) {
+      if (is_readable($file)) {
+        if (!$warning) {
+          $warning = TRUE;
+          $requirements['CHANGELOG.txt'] = array(
+            'value' => $t('Not protected'),
+            'severity' => REQUIREMENT_WARNING,
+          );
+          $requirements['CHANGELOG.txt']['description'] = $t('The following files are not protected from being read by the world and may pose a security risk by revealing the exact version of your Drupal installation.  You should change the files\' permissions to be non-readable, or move the files to a location not accessible to the webserver.');
+          $requirements['CHANGELOG.txt']['description'] .= "\n<ul>\n";
+        }
+        $requirements['CHANGELOG.txt']['description'] .= "<li>". $file ."</li>\n";
+      }
+    }
+    if ($warning) {
+      $requirements['CHANGELOG.txt']['description'] .="</ul>\n";
+    }
+    else {
+      $requirements['CHANGELOG.txt'] = array(
+        'value' => $t('Protected'),
+      );
+    }
+    $requirements['CHANGELOG.txt']['title'] = $t('CHANGELOG.txt and other files that reveal version information.');
+  }
+
   // Report cron status.
   if ($phase == 'runtime') {
     // Cron warning threshold defaults to two days.