Page Menu
Home
In-Portal Phabricator
Search
Configure Global Search
Log In
Files
F847414
in-portal
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Fri, Apr 18, 1:45 PM
Size
7 KB
Mime Type
text/x-diff
Expires
Sun, Apr 20, 1:45 PM (5 h, 7 m)
Engine
blob
Format
Raw Data
Handle
602274
Attached To
rINP In-Portal
in-portal
View Options
Index: branches/5.0.x/core/install/step_templates/security.tpl
===================================================================
--- branches/5.0.x/core/install/step_templates/security.tpl (revision 12550)
+++ branches/5.0.x/core/install/step_templates/security.tpl (revision 12551)
@@ -1,110 +1,109 @@
<?php
$heading_tpl = '
<tr class="subsectiontitle">
<td class="%2$s" colspan="2" style="border-top: 1px solid #000000; border-bottom: 1px solid #000000;">%1$s</td>
</tr>';
$error_tpl = '
<tr class="table-color2">
<td class="text">%s</td>
<td align="center" width="30">%s</td>
</tr>';
$output = '';
$write_check = true;
$check_paths = Array ('/', '/index.php', '/config.php', ADMIN_DIRECTORY . '/index.php');
foreach ($check_paths as $check_path) {
$path_secure = true;
$path_check_status = $this->toolkit->checkWritePermissions(FULL_PATH . $check_path);
if (is_bool($path_check_status) && $path_check_status) {
$write_check = $path_secure = false;
}
$status_text = $path_secure ? '[<span style="color: green;">Secure</span>]' : '[<span style="color: red;">Vulnerable</span>]';
$output .= sprintf($error_tpl, $check_path . (!$path_secure? ' (<span style="color: red;">755 required</span>)' : ''), $status_text);
}
$skip_check = $write_check ? '<input type="hidden" name="skip_security_check" value="' . (int)$write_check . '"/>' : '';
$output = sprintf($heading_tpl, '<strong>Write Permissions Check</strong>' . $skip_check, 'text') . $output;
if (!$write_check) {
$output .= ' <tr class="table-color2">
<td class="error" colspan="2">
For security reasons it\'s REQUIRED to set 755 permissions on the above files to prevent from attacks on your website!<br /><br /></td>
</tr>';
}
// script execute check
if (file_exists(WRITEABLE . '/install_check.php')) {
unlink(WRITEABLE . '/install_check.php');
}
$fp = fopen(WRITEABLE . '/install_check.php', 'w');
fwrite($fp, "<?php\n\techo 'OK';\n");
fclose($fp);
$curl_helper =& $this->Application->recallObject('CurlHelper');
/* @var $curl_helper kCurlHelper */
$result = $curl_helper->Send($this->Application->BaseURL(WRITEBALE_BASE) . 'install_check.php');
unlink(WRITEABLE . '/install_check.php');
$execute_check = ($result !== 'OK');
$output .= sprintf($heading_tpl, '<strong>Ability to Execute PHP in Writable Folders</strong>', 'text');
$status_text = $execute_check ? '[<span style="color: green;">Secure</span>]' : '[<span style="color: red;">Vulnerable</span>]';
$output .= sprintf($error_tpl, 'Result of creating and executing PHP file(s) in "/system" (or "/system/images") folder', $status_text);
if (!$execute_check) {
$output .= '<tr class="table-color2">
<td colspan="2">
For security reasons it\'s highly recommended disable the access (execution) to PHP files within "/system" folder and it\'s subfolders.
</td>
</tr>
<tr class="table-color2">
<td class="text" colspan="2">
You can do this by:<br/><br/>
<ul style="margin: 0px; padding-left: 15px;">
<li>changing your "httpd.conf" file to deny requests for all "*.php" files</li>
<li>renaming ".htaccess-sample" (located in "/system") to ".htaccess" so it overrides default Apache settings</li>
</ul>
<br/>Note that "AllowOverride LIMIT" option should be enabled by your hosting provider.
</td>
</tr>';
}
$output .= sprintf($heading_tpl, '<strong>Webserver PHP Configuration</strong>', 'text');
$directive_check = true;
$ini_vars = Array ('register_globals' => false, 'open_basedir' => true, 'allow_url_fopen' => false);
foreach ($ini_vars as $var_name => $var_value) {
$current_value = ini_get($var_name);
-
- if (is_numeric($current_value)) {
+ if (!is_numeric($current_value)) {
$formatted_value = $current_value ? 'On' : 'Off';
}
else {
$formatted_value = "'" . $current_value . "'";
}
if (($var_value && !$current_value) || (!$var_value && $current_value)) {
$directive_check = false;
$message_text = 'set to <span style="color: red;"><strong>' . $formatted_value . '</strong></span>';
$status_text = '[<span style="color: red;">Vulnerable</span>]';
}
else {
$message_text = 'set to <strong>' . $formatted_value . '</strong>';
$status_text = '[<span style="color: green;">Secure</span>]';
}
$output .= sprintf($error_tpl, 'Directive: <strong>' . $var_name . '</strong> ' . $message_text, $status_text);
}
/*if (!$directive_check) {
// show additional warning about directives
}*/
echo $output;
?>
\ No newline at end of file
Index: branches/5.0.x/core/install/step_templates/choose_modules.tpl
===================================================================
--- branches/5.0.x/core/install/step_templates/choose_modules.tpl (revision 12550)
+++ branches/5.0.x/core/install/step_templates/choose_modules.tpl (revision 12551)
@@ -1,61 +1,61 @@
<?php
ob_start();
?>
<tr class="table-color2">
<td class="text" colspan="2" valign="middle">
<table cellpadding="0" cellspacing="0">
<tr>
<td valign="top">
<input type="checkbox" %3$s name="modules[]" id="module_%1$s" value="%1$s" style="margin-top: 8px;"/>
</td>
<td valign="top">
<label for="module_%1$s" style="">%2$s</label>
<div style="font-weight: bold; color: red;">%4$s</div>
</td>
</tr>
</table>
</td>
</tr>
<?php
$module_tpl = ob_get_clean();
- echo '<p>Please select Modules you would like to install:</p><br />';
+ echo '<br/><p> <strong>Please select Modules you would like to install:</strong></p>';
$first_time = $this->GetVar('step') != $this->currentStep; // data from this step was not submitted yet
$selected = $this->GetVar('modules');
if (!$selected) {
// preselect interface modules
$selected = Array ('core');
}
$modules_helper =& $this->Application->recallObject('ModulesHelper');
/* @var $modules_helper kModulesHelper */
$licensed_modules = array_map('strtolower', $modules_helper->_GetModules());
$modules = $this->ScanModules();
foreach ($modules as $module) {
$module_version = $this->toolkit->GetMaxModuleVersion($module);
$prerequisites_errors = $this->toolkit->CheckPrerequisites($module . '/', Array ($module_version), 'install');
$license_module = $module;
if (!in_array(strtolower($license_module), $licensed_modules)) {
// when module isn't licensed user can't install it
continue; // option #1: don't show non-licensed modules
array_unshift($prerequisites_errors, 'Module not licensed'); // option #2: show warning under module name
}
if ($prerequisites_errors) {
// disable checkbox, when some of prerequisites not passed
$checked = 'disabled';
}
else {
// preserve user selected checked status
$checked = in_array($module, $selected) || $first_time ? 'checked="checked"' : '';
}
$error_msg = $prerequisites_errors ? implode('<br />', $prerequisites_errors) : '';
$module_string = $this->toolkit->getModuleString($module, $module_version);
echo sprintf($module_tpl, $module, $module_string, $checked, $error_msg);
}
?>
\ No newline at end of file
Event Timeline
Log In to Comment