aboutsummaryrefslogtreecommitdiff
path: root/install/ElggInstaller.php
diff options
context:
space:
mode:
Diffstat (limited to 'install/ElggInstaller.php')
-rw-r--r--install/ElggInstaller.php85
1 files changed, 79 insertions, 6 deletions
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
index 6b8b8d747..1a8edf1ae 100644
--- a/install/ElggInstaller.php
+++ b/install/ElggInstaller.php
@@ -2,7 +2,27 @@
/**
* Elgg Installer.
- * Controller for installing Elgg.
+ * Controller for installing Elgg. Supports both web-based on CLI installation.
+ *
+ * This controller steps the user through the install process. The method for
+ * each step handles both the GET and POST requests. There is no XSS/CSRF protection
+ * on the POST processing since the installer is only run once by the administrator.
+ *
+ * The installation process can be resumed by hitting the first page. The installer
+ * will try to figure out where to pick up again.
+ *
+ * All the logic for the installation process is in this class, but it depends on
+ * the core libraries. To do this, we selectively load a subset of the core libraries
+ * for the first few steps and then load the entire engine once the database and
+ * site settings are configured. In addition, this controller does its own session
+ * handling until the database is setup.
+ *
+ * There is an aborted attempt in the code at creating the data directory for
+ * users as a subdirectory of Elgg's root. The idea was to protect this directory
+ * through a .htaccess file. The problem is that a malicious user can upload a
+ * .htaccess of his own that overrides the protection for his user directory. The
+ * best solution is server level configuration that turns off AllowOverride for the
+ * data directory. See ticket #3453 for discussion on this.
*
* @package Elgg.Core
* @subpackage Installer
@@ -32,6 +52,9 @@ class ElggInstaller {
* Constructor bootstraps the Elgg engine
*/
public function __construct() {
+ // load ElggRewriteTester as we depend on it
+ require_once(dirname(__FILE__) . "/ElggRewriteTester.php");
+
$this->isAction = $_SERVER['REQUEST_METHOD'] === 'POST';
$this->bootstrapConfig();
@@ -140,7 +163,6 @@ class ElggInstaller {
$params['password1'] = $params['password2'] = $params['password'];
if ($createHtaccess) {
- require_once(dirname(__FILE__) . "/ElggRewriteTester.php");
$rewriteTester = new ElggRewriteTester();
if (!$rewriteTester->createHtaccess($CONFIG->path)) {
throw new InstallationException(elgg_echo('install:error:htaccess'));
@@ -355,7 +377,6 @@ class ElggInstaller {
protected function settings($submissionVars) {
global $CONFIG;
- $languages = get_installed_translations();
$formVars = array(
'sitename' => array(
'type' => 'text',
@@ -389,8 +410,19 @@ class ElggInstaller {
),
);
+ // if Apache, we give user option of having Elgg create data directory
+ //if (ElggRewriteTester::guessWebServer() == 'apache') {
+ // $formVars['dataroot']['type'] = 'combo';
+ // $CONFIG->translations['en']['install:settings:help:dataroot'] =
+ // $CONFIG->translations['en']['install:settings:help:dataroot:apache'];
+ //}
+
if ($this->isAction) {
do {
+ //if (!$this->createDataDirectory($submissionVars, $formVars)) {
+ // break;
+ //}
+
if (!$this->validateSettingsVars($submissionVars, $formVars)) {
break;
}
@@ -709,6 +741,11 @@ class ElggInstaller {
session_name('Elgg');
session_start();
elgg_unregister_event_handler('boot', 'system', 'session_init');
+ } else if ($stepIndex == ($settingsIndex + 1)) {
+ // now using Elgg session handling so need to pass forward the system messages
+ session_name('Elgg');
+ session_start();
+ $messages = $_SESSION['msg'];
}
if ($stepIndex > $dbIndex) {
@@ -751,6 +788,11 @@ class ElggInstaller {
elgg_trigger_event('boot', 'system');
elgg_trigger_event('init', 'system');
+
+ // @hack finish the process of pushing system messages into new session
+ if ($stepIndex == ($settingsIndex + 1)) {
+ $_SESSION['msg'] = $messages;
+ }
}
}
@@ -1025,8 +1067,6 @@ class ElggInstaller {
protected function checkRewriteRules(&$report) {
global $CONFIG;
- require_once(dirname(__FILE__) . "/ElggRewriteTester.php");
-
$tester = new ElggRewriteTester();
$url = elgg_get_site_url() . "rewrite.php";
$report['rewrite'] = array($tester->run($url, $CONFIG->path));
@@ -1221,6 +1261,39 @@ class ElggInstaller {
*/
/**
+ * Create the data directory if requested
+ *
+ * @param array $submissionVars Submitted vars
+ * @param array $formVars Variables in the form
+ * @return bool
+ */
+ protected function createDataDirectory(&$submissionVars, $formVars) {
+ // did the user have option of Elgg creating the data directory
+ if ($formVars['dataroot']['type'] != 'combo') {
+ return TRUE;
+ }
+
+ // did the user select the option
+ if ($submissionVars['dataroot'] != 'dataroot-checkbox') {
+ return TRUE;
+ }
+
+ $dir = sanitise_filepath($submissionVars['path']) . 'data';
+ if (file_exists($dir) || mkdir($dir, 0700)) {
+ $submissionVars['dataroot'] = $dir;
+ if (!file_exists("$dir/.htaccess")) {
+ $htaccess = "Order Deny,Allow\nDeny from All\n";
+ if (!file_put_contents("$dir/.htaccess", $htaccess)) {
+ return FALSE;
+ }
+ }
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ /**
* Validate the site settings form variables
*
* @param array $submissionVars Submitted vars
@@ -1239,7 +1312,7 @@ class ElggInstaller {
}
}
- // check that data root is writable
+ // check that data root exists
if (!file_exists($submissionVars['dataroot'])) {
$msg = elgg_echo('install:error:datadirectoryexists', array($submissionVars['dataroot']));
register_error($msg);