aboutsummaryrefslogtreecommitdiff
path: root/install/ElggInstaller.php
diff options
context:
space:
mode:
Diffstat (limited to 'install/ElggInstaller.php')
-rw-r--r--install/ElggInstaller.php128
1 files changed, 94 insertions, 34 deletions
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
index 1bf4808ef..c07839065 100644
--- a/install/ElggInstaller.php
+++ b/install/ElggInstaller.php
@@ -2,7 +2,27 @@
/**
* Elgg Installer.
- * Controller for installing Elgg.
+ * Controller for installing Elgg. Supports both web-based on CLI installation.
+ *
+ * This controller steps the user through the install process. The method for
+ * each step handles both the GET and POST requests. There is no XSS/CSRF protection
+ * on the POST processing since the installer is only run once by the administrator.
+ *
+ * The installation process can be resumed by hitting the first page. The installer
+ * will try to figure out where to pick up again.
+ *
+ * All the logic for the installation process is in this class, but it depends on
+ * the core libraries. To do this, we selectively load a subset of the core libraries
+ * for the first few steps and then load the entire engine once the database and
+ * site settings are configured. In addition, this controller does its own session
+ * handling until the database is setup.
+ *
+ * There is an aborted attempt in the code at creating the data directory for
+ * users as a subdirectory of Elgg's root. The idea was to protect this directory
+ * through a .htaccess file. The problem is that a malicious user can upload a
+ * .htaccess of his own that overrides the protection for his user directory. The
+ * best solution is server level configuration that turns off AllowOverride for the
+ * data directory. See ticket #3453 for discussion on this.
*
* @package Elgg.Core
* @subpackage Installer
@@ -32,6 +52,9 @@ class ElggInstaller {
* Constructor bootstraps the Elgg engine
*/
public function __construct() {
+ // load ElggRewriteTester as we depend on it
+ require_once(dirname(__FILE__) . "/ElggRewriteTester.php");
+
$this->isAction = $_SERVER['REQUEST_METHOD'] === 'POST';
$this->bootstrapConfig();
@@ -140,7 +163,6 @@ class ElggInstaller {
$params['password1'] = $params['password2'] = $params['password'];
if ($createHtaccess) {
- require_once(dirname(__FILE__) . "/ElggRewriteTester.php");
$rewriteTester = new ElggRewriteTester();
if (!$rewriteTester->createHtaccess($CONFIG->path)) {
throw new InstallationException(elgg_echo('install:error:htaccess'));
@@ -278,7 +300,7 @@ class ElggInstaller {
'dbpassword' => array(
'type' => 'password',
'value' => '',
- 'required' => TRUE,
+ 'required' => FALSE,
),
'dbname' => array(
'type' => 'text',
@@ -355,7 +377,6 @@ class ElggInstaller {
protected function settings($submissionVars) {
global $CONFIG;
- $languages = get_installed_translations();
$formVars = array(
'sitename' => array(
'type' => 'text',
@@ -389,8 +410,19 @@ class ElggInstaller {
),
);
+ // if Apache, we give user option of having Elgg create data directory
+ //if (ElggRewriteTester::guessWebServer() == 'apache') {
+ // $formVars['dataroot']['type'] = 'combo';
+ // $CONFIG->translations['en']['install:settings:help:dataroot'] =
+ // $CONFIG->translations['en']['install:settings:help:dataroot:apache'];
+ //}
+
if ($this->isAction) {
do {
+ //if (!$this->createDataDirectory($submissionVars, $formVars)) {
+ // break;
+ //}
+
if (!$this->validateSettingsVars($submissionVars, $formVars)) {
break;
}
@@ -448,7 +480,7 @@ class ElggInstaller {
'required' => TRUE,
),
);
-
+
if ($this->isAction) {
do {
if (!$this->validateAdminVars($submissionVars, $formVars)) {
@@ -492,6 +524,8 @@ class ElggInstaller {
$params['destination'] = 'index.php';
}
+ elgg_invalidate_simplecache();
+
$this->render('complete', $params);
}
@@ -709,6 +743,12 @@ class ElggInstaller {
session_name('Elgg');
session_start();
elgg_unregister_event_handler('boot', 'system', 'session_init');
+ } else if (!$this->isAction && $stepIndex == ($settingsIndex + 1)) {
+ // now using Elgg session handling so need to pass forward the system messages
+ // this is called on the GET of the next step
+ session_name('Elgg');
+ session_start();
+ $messages = $_SESSION['msg'];
}
if ($stepIndex > $dbIndex) {
@@ -745,12 +785,15 @@ class ElggInstaller {
}
}
- $this->initGlobals();
-
set_default_config();
elgg_trigger_event('boot', 'system');
elgg_trigger_event('init', 'system');
+
+ // @hack finish the process of pushing system messages into new session
+ if (!$this->isAction && $stepIndex == ($settingsIndex + 1)) {
+ $_SESSION['msg'] = $messages;
+ }
}
}
@@ -1025,8 +1068,6 @@ class ElggInstaller {
protected function checkRewriteRules(&$report) {
global $CONFIG;
- require_once(dirname(__FILE__) . "/ElggRewriteTester.php");
-
$tester = new ElggRewriteTester();
$url = elgg_get_site_url() . "rewrite.php";
$report['rewrite'] = array($tester->run($url, $CONFIG->path));
@@ -1221,6 +1262,39 @@ class ElggInstaller {
*/
/**
+ * Create the data directory if requested
+ *
+ * @param array $submissionVars Submitted vars
+ * @param array $formVars Variables in the form
+ * @return bool
+ */
+ protected function createDataDirectory(&$submissionVars, $formVars) {
+ // did the user have option of Elgg creating the data directory
+ if ($formVars['dataroot']['type'] != 'combo') {
+ return TRUE;
+ }
+
+ // did the user select the option
+ if ($submissionVars['dataroot'] != 'dataroot-checkbox') {
+ return TRUE;
+ }
+
+ $dir = sanitise_filepath($submissionVars['path']) . 'data';
+ if (file_exists($dir) || mkdir($dir, 0700)) {
+ $submissionVars['dataroot'] = $dir;
+ if (!file_exists("$dir/.htaccess")) {
+ $htaccess = "Order Deny,Allow\nDeny from All\n";
+ if (!file_put_contents("$dir/.htaccess", $htaccess)) {
+ return FALSE;
+ }
+ }
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ /**
* Validate the site settings form variables
*
* @param array $submissionVars Submitted vars
@@ -1229,6 +1303,7 @@ class ElggInstaller {
* @return bool
*/
protected function validateSettingsVars($submissionVars, $formVars) {
+ global $CONFIG;
foreach ($formVars as $field => $info) {
$submissionVars[$field] = trim($submissionVars[$field]);
@@ -1239,7 +1314,7 @@ class ElggInstaller {
}
}
- // check that data root is writable
+ // check that data root exists
if (!file_exists($submissionVars['dataroot'])) {
$msg = elgg_echo('install:error:datadirectoryexists', array($submissionVars['dataroot']));
register_error($msg);
@@ -1253,11 +1328,13 @@ class ElggInstaller {
return FALSE;
}
- // check that data root is not subdirectory of Elgg root
- if (stripos($submissionVars['dataroot'], $submissionVars['path']) !== FALSE) {
- $msg = elgg_echo('install:error:locationdatadirectory', array($submissionVars['dataroot']));
- register_error($msg);
- return FALSE;
+ if (!isset($CONFIG->data_dir_override) || !$CONFIG->data_dir_override) {
+ // check that data root is not subdirectory of Elgg root
+ if (stripos($submissionVars['dataroot'], $submissionVars['path']) === 0) {
+ $msg = elgg_echo('install:error:locationdatadirectory', array($submissionVars['dataroot']));
+ register_error($msg);
+ return FALSE;
+ }
}
// check that email address is email address
@@ -1329,8 +1406,6 @@ class ElggInstaller {
$CONFIG->dataroot = $dataroot;
$cache = new ElggFileCache($dataroot);
$cache->delete('view_paths');
- elgg_invalidate_simplecache();
- elgg_regenerate_simplecache();
return TRUE;
}
@@ -1344,8 +1419,8 @@ class ElggInstaller {
elgg_generate_plugin_entities();
$plugins = elgg_get_plugins('any');
foreach ($plugins as $plugin) {
- if ($plugin->manifest) {
- if ($plugin->manifest->getActivateOnInstall()) {
+ if ($plugin->getManifest()) {
+ if ($plugin->getManifest()->getActivateOnInstall()) {
$plugin->activate();
}
}
@@ -1449,19 +1524,4 @@ class ElggInstaller {
return TRUE;
}
-
- /**
- * Init globals because engine loaded within a function
- *
- * @return void
- */
- protected function initGlobals() {
- global $DB_QUERY_CACHE, $DB_DELAYED_QUERIES;
- $DB_QUERY_CACHE = array();
- $DB_DELAYED_QUERIES = array();
-
- global $METASTRINGS_CACHE, $METASTRINGS_DEADNAME_CACHE;
- $METASTRINGS_CACHE = array();
- $METASTRINGS_DEADNAME_CACHE = array();
- }
}