diff options
| author | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-05-15 19:38:49 +0000 |
|---|---|---|
| committer | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-05-15 19:38:49 +0000 |
| commit | 77897d4efad074d9434a97a67052bc788c315dee (patch) | |
| tree | 1bcce8494ca5840393ecf4c849e0efc34e575707 /install | |
| parent | b7ea2e2e377568a3730ed46b8df1751cc747323f (diff) | |
| download | elgg-77897d4efad074d9434a97a67052bc788c315dee.tar.gz elgg-77897d4efad074d9434a97a67052bc788c315dee.tar.bz2 | |
Refs #3453 an implementation of creating the data directory. This capability is turned off due to security concerns.
git-svn-id: http://code.elgg.org/elgg/trunk@9088 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'install')
| -rw-r--r-- | install/ElggInstaller.php | 85 | ||||
| -rw-r--r-- | install/ElggRewriteTester.php | 10 | ||||
| -rw-r--r-- | install/css/install.css | 29 | ||||
| -rw-r--r-- | install/js/install.js | 16 | ||||
| -rw-r--r-- | install/languages/en.php | 2 |
5 files changed, 114 insertions, 28 deletions
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php index 6b8b8d747..1a8edf1ae 100644 --- a/install/ElggInstaller.php +++ b/install/ElggInstaller.php @@ -2,7 +2,27 @@ /** * Elgg Installer. - * Controller for installing Elgg. + * Controller for installing Elgg. Supports both web-based on CLI installation. + * + * This controller steps the user through the install process. The method for + * each step handles both the GET and POST requests. There is no XSS/CSRF protection + * on the POST processing since the installer is only run once by the administrator. + * + * The installation process can be resumed by hitting the first page. The installer + * will try to figure out where to pick up again. + * + * All the logic for the installation process is in this class, but it depends on + * the core libraries. To do this, we selectively load a subset of the core libraries + * for the first few steps and then load the entire engine once the database and + * site settings are configured. In addition, this controller does its own session + * handling until the database is setup. + * + * There is an aborted attempt in the code at creating the data directory for + * users as a subdirectory of Elgg's root. The idea was to protect this directory + * through a .htaccess file. The problem is that a malicious user can upload a + * .htaccess of his own that overrides the protection for his user directory. The + * best solution is server level configuration that turns off AllowOverride for the + * data directory. See ticket #3453 for discussion on this. * * @package Elgg.Core * @subpackage Installer @@ -32,6 +52,9 @@ class ElggInstaller { * Constructor bootstraps the Elgg engine */ public function __construct() { + // load ElggRewriteTester as we depend on it + require_once(dirname(__FILE__) . "/ElggRewriteTester.php"); + $this->isAction = $_SERVER['REQUEST_METHOD'] === 'POST'; $this->bootstrapConfig(); @@ -140,7 +163,6 @@ class ElggInstaller { $params['password1'] = $params['password2'] = $params['password']; if ($createHtaccess) { - require_once(dirname(__FILE__) . "/ElggRewriteTester.php"); $rewriteTester = new ElggRewriteTester(); if (!$rewriteTester->createHtaccess($CONFIG->path)) { throw new InstallationException(elgg_echo('install:error:htaccess')); @@ -355,7 +377,6 @@ class ElggInstaller { protected function settings($submissionVars) { global $CONFIG; - $languages = get_installed_translations(); $formVars = array( 'sitename' => array( 'type' => 'text', @@ -389,8 +410,19 @@ class ElggInstaller { ), ); + // if Apache, we give user option of having Elgg create data directory + //if (ElggRewriteTester::guessWebServer() == 'apache') { + // $formVars['dataroot']['type'] = 'combo'; + // $CONFIG->translations['en']['install:settings:help:dataroot'] = + // $CONFIG->translations['en']['install:settings:help:dataroot:apache']; + //} + if ($this->isAction) { do { + //if (!$this->createDataDirectory($submissionVars, $formVars)) { + // break; + //} + if (!$this->validateSettingsVars($submissionVars, $formVars)) { break; } @@ -709,6 +741,11 @@ class ElggInstaller { session_name('Elgg'); session_start(); elgg_unregister_event_handler('boot', 'system', 'session_init'); + } else if ($stepIndex == ($settingsIndex + 1)) { + // now using Elgg session handling so need to pass forward the system messages + session_name('Elgg'); + session_start(); + $messages = $_SESSION['msg']; } if ($stepIndex > $dbIndex) { @@ -751,6 +788,11 @@ class ElggInstaller { elgg_trigger_event('boot', 'system'); elgg_trigger_event('init', 'system'); + + // @hack finish the process of pushing system messages into new session + if ($stepIndex == ($settingsIndex + 1)) { + $_SESSION['msg'] = $messages; + } } } @@ -1025,8 +1067,6 @@ class ElggInstaller { protected function checkRewriteRules(&$report) { global $CONFIG; - require_once(dirname(__FILE__) . "/ElggRewriteTester.php"); - $tester = new ElggRewriteTester(); $url = elgg_get_site_url() . "rewrite.php"; $report['rewrite'] = array($tester->run($url, $CONFIG->path)); @@ -1221,6 +1261,39 @@ class ElggInstaller { */ /** + * Create the data directory if requested + * + * @param array $submissionVars Submitted vars + * @param array $formVars Variables in the form + * @return bool + */ + protected function createDataDirectory(&$submissionVars, $formVars) { + // did the user have option of Elgg creating the data directory + if ($formVars['dataroot']['type'] != 'combo') { + return TRUE; + } + + // did the user select the option + if ($submissionVars['dataroot'] != 'dataroot-checkbox') { + return TRUE; + } + + $dir = sanitise_filepath($submissionVars['path']) . 'data'; + if (file_exists($dir) || mkdir($dir, 0700)) { + $submissionVars['dataroot'] = $dir; + if (!file_exists("$dir/.htaccess")) { + $htaccess = "Order Deny,Allow\nDeny from All\n"; + if (!file_put_contents("$dir/.htaccess", $htaccess)) { + return FALSE; + } + } + return TRUE; + } + + return FALSE; + } + + /** * Validate the site settings form variables * * @param array $submissionVars Submitted vars @@ -1239,7 +1312,7 @@ class ElggInstaller { } } - // check that data root is writable + // check that data root exists if (!file_exists($submissionVars['dataroot'])) { $msg = elgg_echo('install:error:datadirectoryexists', array($submissionVars['dataroot'])); register_error($msg); diff --git a/install/ElggRewriteTester.php b/install/ElggRewriteTester.php index c8a503cb8..c01510f60 100644 --- a/install/ElggRewriteTester.php +++ b/install/ElggRewriteTester.php @@ -30,7 +30,7 @@ class ElggRewriteTester { */ public function run($url, $path) { - $this->guessWebServer(); + $this->webserver = ElggRewriteTester::guessWebServer(); $this->rewriteTestPassed = $this->runRewriteTest($url); @@ -48,17 +48,17 @@ class ElggRewriteTester { /** * Guess the web server from $_SERVER['SERVER_SOFTWARE'] * - * @return void + * @return string */ - protected function guessWebServer() { + public static function guessWebServer() { $serverString = strtolower($_SERVER['SERVER_SOFTWARE']); $possibleServers = array('apache', 'nginx', 'lighttpd', 'iis'); foreach ($possibleServers as $server) { if (strpos($serverString, $server) !== FALSE) { - $this->webserver = $server; - return; + return $server; } } + return 'unknown'; } /** diff --git a/install/css/install.css b/install/css/install.css index 7304127ce..25a8c865c 100644 --- a/install/css/install.css +++ b/install/css/install.css @@ -94,9 +94,9 @@ ul { width: 250px; } .elgg-body { - overflow:hidden; + overflow: hidden; min-height: 320px; - padding-bottom: 60px; + padding-bottom: 10px; position: relative; } .elgg-page-footer { @@ -149,11 +149,17 @@ h3 { margin: 15px 0 5px; } +form > div { + margin-bottom: 15px; +} label { font-weight: bold; - color:#333333; + color: #333333; font-size: 140%; } +.elgg-combo-label { + font-size: 120%; +} input[type="text"], input[type="password"] { font: 120% Arial, Helvetica, sans-serif; @@ -166,15 +172,7 @@ input[type="password"] { .database-settings input[type="password"] { width: 220px; } -textarea { - width: 100%; - height: 100%; - font: 120% Arial, Helvetica, sans-serif; - border: solid 1px #cccccc; - padding: 5px; - color: #666666; -} -textarea:focus, input[type="password"]:focus, input[type="text"]:focus { +input[type="password"]:focus, input[type="text"]:focus { border: solid 1px #4690d6; background: #e4ecf5; color: #333333; @@ -198,12 +196,10 @@ input[type="submit"] { cursor: pointer; float: right; } - input[type="submit"]:hover { background: #0054a7; border: 4px solid #0054a7; } - select { display: block; padding: 5px; @@ -257,6 +253,11 @@ select { background: #F7DAD8; } +.elgg-state-warning { + border: 1px solid #ded0a9; + background: #FEF5AA; +} + .elgg-body li { margin-top: 5px; padding: 5px; diff --git a/install/js/install.js b/install/js/install.js index 8d36c8a65..49b2be10c 100644 --- a/install/js/install.js +++ b/install/js/install.js @@ -1,11 +1,21 @@ -// prevent double-submission of forms $(function() { + // prevent double-submission of forms $('form').submit(function() { - if (this.data('submitted')) { + if ($(this).data('submitted')) { return false; } - this.data('submitted', true); + $(this).data('submitted', true); return true; }); + + // toggle the disable attribute of text box based on checkbox + $('.elgg-combo-checkbox').click(function() { + if ($(this).is(':checked')) { + $(this).prev().attr('disabled', true); + $(this).prev().val(''); + } else { + $(this).prev().attr('disabled', false); + } + }); }); diff --git a/install/languages/en.php b/install/languages/en.php index 80716069d..6b1398db4 100644 --- a/install/languages/en.php +++ b/install/languages/en.php @@ -79,12 +79,14 @@ If you are ready to proceed, click the Next button.", 'install:settings:label:dataroot' => 'Data Directory', 'install:settings:label:language' => 'Site Language', 'install:settings:label:siteaccess' => 'Default Site Access', + 'install:label:combo:dataroot' => 'Elgg creates data directory', 'install:settings:help:sitename' => 'The name of your new Elgg site', 'install:settings:help:siteemail' => 'Email address used by Elgg for communication with users', 'install:settings:help:wwwroot' => 'The address of the site (Elgg usually guesses this correctly)', 'install:settings:help:path' => 'The directory where you put the Elgg code (Elgg usually guesses this correctly)', 'install:settings:help:dataroot' => 'The directory that you created for Elgg to save files (the permissions on this directory are checked when you click Next)', + 'install:settings:help:dataroot:apache' => 'You have the option of Elgg creating the data directory or entering the directory that you already created for storing user files (the permissions on this directory are checked when you click Next)', 'install:settings:help:language' => 'The default language for the site', 'install:settings:help:siteaccess' => 'The default access level for new user created content', |