From 48af91afaadd1617b70c43369c2d680079806da7 Mon Sep 17 00:00:00 2001 From: cash Date: Sat, 14 May 2011 21:14:17 +0000 Subject: fixed the double form submission code for the installer git-svn-id: http://code.elgg.org/elgg/trunk@9083 36083f99-b078-4883-b0ff-0f9b5a30f544 --- views/installation/forms/install/template.php | 16 ---------------- 1 file changed, 16 deletions(-) (limited to 'views/installation/forms/install/template.php') diff --git a/views/installation/forms/install/template.php b/views/installation/forms/install/template.php index 7e7a668d3..ea9a08a3d 100644 --- a/views/installation/forms/install/template.php +++ b/views/installation/forms/install/template.php @@ -28,19 +28,3 @@ $submit_params = array( $form_body .= elgg_view('input/submit', $submit_params); echo $form_body; - -?> - - -- cgit v1.2.3 From 77897d4efad074d9434a97a67052bc788c315dee Mon Sep 17 00:00:00 2001 From: cash Date: Sun, 15 May 2011 19:38:49 +0000 Subject: Refs #3453 an implementation of creating the data directory. This capability is turned off due to security concerns. git-svn-id: http://code.elgg.org/elgg/trunk@9088 36083f99-b078-4883-b0ff-0f9b5a30f544 --- install/ElggInstaller.php | 85 +++++++++++++++++++++++++-- install/ElggRewriteTester.php | 10 ++-- install/css/install.css | 29 ++++----- install/js/install.js | 16 ++++- install/languages/en.php | 2 + views/installation/forms/install/template.php | 4 +- views/installation/input/checkbox.php | 37 ++++++------ views/installation/input/checkboxes.php | 64 -------------------- views/installation/input/combo.php | 19 ++++++ views/installation/input/form.php | 4 +- views/installation/input/hidden.php | 10 ---- views/installation/input/text.php | 22 ++++--- 12 files changed, 168 insertions(+), 134 deletions(-) delete mode 100644 views/installation/input/checkboxes.php create mode 100644 views/installation/input/combo.php delete mode 100644 views/installation/input/hidden.php (limited to 'views/installation/forms/install/template.php') diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php index 6b8b8d747..1a8edf1ae 100644 --- a/install/ElggInstaller.php +++ b/install/ElggInstaller.php @@ -2,7 +2,27 @@ /** * Elgg Installer. - * Controller for installing Elgg. + * Controller for installing Elgg. Supports both web-based on CLI installation. + * + * This controller steps the user through the install process. The method for + * each step handles both the GET and POST requests. There is no XSS/CSRF protection + * on the POST processing since the installer is only run once by the administrator. + * + * The installation process can be resumed by hitting the first page. The installer + * will try to figure out where to pick up again. + * + * All the logic for the installation process is in this class, but it depends on + * the core libraries. To do this, we selectively load a subset of the core libraries + * for the first few steps and then load the entire engine once the database and + * site settings are configured. In addition, this controller does its own session + * handling until the database is setup. + * + * There is an aborted attempt in the code at creating the data directory for + * users as a subdirectory of Elgg's root. The idea was to protect this directory + * through a .htaccess file. The problem is that a malicious user can upload a + * .htaccess of his own that overrides the protection for his user directory. The + * best solution is server level configuration that turns off AllowOverride for the + * data directory. See ticket #3453 for discussion on this. * * @package Elgg.Core * @subpackage Installer @@ -32,6 +52,9 @@ class ElggInstaller { * Constructor bootstraps the Elgg engine */ public function __construct() { + // load ElggRewriteTester as we depend on it + require_once(dirname(__FILE__) . "/ElggRewriteTester.php"); + $this->isAction = $_SERVER['REQUEST_METHOD'] === 'POST'; $this->bootstrapConfig(); @@ -140,7 +163,6 @@ class ElggInstaller { $params['password1'] = $params['password2'] = $params['password']; if ($createHtaccess) { - require_once(dirname(__FILE__) . "/ElggRewriteTester.php"); $rewriteTester = new ElggRewriteTester(); if (!$rewriteTester->createHtaccess($CONFIG->path)) { throw new InstallationException(elgg_echo('install:error:htaccess')); @@ -355,7 +377,6 @@ class ElggInstaller { protected function settings($submissionVars) { global $CONFIG; - $languages = get_installed_translations(); $formVars = array( 'sitename' => array( 'type' => 'text', @@ -389,8 +410,19 @@ class ElggInstaller { ), ); + // if Apache, we give user option of having Elgg create data directory + //if (ElggRewriteTester::guessWebServer() == 'apache') { + // $formVars['dataroot']['type'] = 'combo'; + // $CONFIG->translations['en']['install:settings:help:dataroot'] = + // $CONFIG->translations['en']['install:settings:help:dataroot:apache']; + //} + if ($this->isAction) { do { + //if (!$this->createDataDirectory($submissionVars, $formVars)) { + // break; + //} + if (!$this->validateSettingsVars($submissionVars, $formVars)) { break; } @@ -709,6 +741,11 @@ class ElggInstaller { session_name('Elgg'); session_start(); elgg_unregister_event_handler('boot', 'system', 'session_init'); + } else if ($stepIndex == ($settingsIndex + 1)) { + // now using Elgg session handling so need to pass forward the system messages + session_name('Elgg'); + session_start(); + $messages = $_SESSION['msg']; } if ($stepIndex > $dbIndex) { @@ -751,6 +788,11 @@ class ElggInstaller { elgg_trigger_event('boot', 'system'); elgg_trigger_event('init', 'system'); + + // @hack finish the process of pushing system messages into new session + if ($stepIndex == ($settingsIndex + 1)) { + $_SESSION['msg'] = $messages; + } } } @@ -1025,8 +1067,6 @@ class ElggInstaller { protected function checkRewriteRules(&$report) { global $CONFIG; - require_once(dirname(__FILE__) . "/ElggRewriteTester.php"); - $tester = new ElggRewriteTester(); $url = elgg_get_site_url() . "rewrite.php"; $report['rewrite'] = array($tester->run($url, $CONFIG->path)); @@ -1220,6 +1260,39 @@ class ElggInstaller { * Site settings support methods */ + /** + * Create the data directory if requested + * + * @param array $submissionVars Submitted vars + * @param array $formVars Variables in the form + * @return bool + */ + protected function createDataDirectory(&$submissionVars, $formVars) { + // did the user have option of Elgg creating the data directory + if ($formVars['dataroot']['type'] != 'combo') { + return TRUE; + } + + // did the user select the option + if ($submissionVars['dataroot'] != 'dataroot-checkbox') { + return TRUE; + } + + $dir = sanitise_filepath($submissionVars['path']) . 'data'; + if (file_exists($dir) || mkdir($dir, 0700)) { + $submissionVars['dataroot'] = $dir; + if (!file_exists("$dir/.htaccess")) { + $htaccess = "Order Deny,Allow\nDeny from All\n"; + if (!file_put_contents("$dir/.htaccess", $htaccess)) { + return FALSE; + } + } + return TRUE; + } + + return FALSE; + } + /** * Validate the site settings form variables * @@ -1239,7 +1312,7 @@ class ElggInstaller { } } - // check that data root is writable + // check that data root exists if (!file_exists($submissionVars['dataroot'])) { $msg = elgg_echo('install:error:datadirectoryexists', array($submissionVars['dataroot'])); register_error($msg); diff --git a/install/ElggRewriteTester.php b/install/ElggRewriteTester.php index c8a503cb8..c01510f60 100644 --- a/install/ElggRewriteTester.php +++ b/install/ElggRewriteTester.php @@ -30,7 +30,7 @@ class ElggRewriteTester { */ public function run($url, $path) { - $this->guessWebServer(); + $this->webserver = ElggRewriteTester::guessWebServer(); $this->rewriteTestPassed = $this->runRewriteTest($url); @@ -48,17 +48,17 @@ class ElggRewriteTester { /** * Guess the web server from $_SERVER['SERVER_SOFTWARE'] * - * @return void + * @return string */ - protected function guessWebServer() { + public static function guessWebServer() { $serverString = strtolower($_SERVER['SERVER_SOFTWARE']); $possibleServers = array('apache', 'nginx', 'lighttpd', 'iis'); foreach ($possibleServers as $server) { if (strpos($serverString, $server) !== FALSE) { - $this->webserver = $server; - return; + return $server; } } + return 'unknown'; } /** diff --git a/install/css/install.css b/install/css/install.css index 7304127ce..25a8c865c 100644 --- a/install/css/install.css +++ b/install/css/install.css @@ -94,9 +94,9 @@ ul { width: 250px; } .elgg-body { - overflow:hidden; + overflow: hidden; min-height: 320px; - padding-bottom: 60px; + padding-bottom: 10px; position: relative; } .elgg-page-footer { @@ -149,11 +149,17 @@ h3 { margin: 15px 0 5px; } +form > div { + margin-bottom: 15px; +} label { font-weight: bold; - color:#333333; + color: #333333; font-size: 140%; } +.elgg-combo-label { + font-size: 120%; +} input[type="text"], input[type="password"] { font: 120% Arial, Helvetica, sans-serif; @@ -166,15 +172,7 @@ input[type="password"] { .database-settings input[type="password"] { width: 220px; } -textarea { - width: 100%; - height: 100%; - font: 120% Arial, Helvetica, sans-serif; - border: solid 1px #cccccc; - padding: 5px; - color: #666666; -} -textarea:focus, input[type="password"]:focus, input[type="text"]:focus { +input[type="password"]:focus, input[type="text"]:focus { border: solid 1px #4690d6; background: #e4ecf5; color: #333333; @@ -198,12 +196,10 @@ input[type="submit"] { cursor: pointer; float: right; } - input[type="submit"]:hover { background: #0054a7; border: 4px solid #0054a7; } - select { display: block; padding: 5px; @@ -257,6 +253,11 @@ select { background: #F7DAD8; } +.elgg-state-warning { + border: 1px solid #ded0a9; + background: #FEF5AA; +} + .elgg-body li { margin-top: 5px; padding: 5px; diff --git a/install/js/install.js b/install/js/install.js index 8d36c8a65..49b2be10c 100644 --- a/install/js/install.js +++ b/install/js/install.js @@ -1,11 +1,21 @@ -// prevent double-submission of forms $(function() { + // prevent double-submission of forms $('form').submit(function() { - if (this.data('submitted')) { + if ($(this).data('submitted')) { return false; } - this.data('submitted', true); + $(this).data('submitted', true); return true; }); + + // toggle the disable attribute of text box based on checkbox + $('.elgg-combo-checkbox').click(function() { + if ($(this).is(':checked')) { + $(this).prev().attr('disabled', true); + $(this).prev().val(''); + } else { + $(this).prev().attr('disabled', false); + } + }); }); diff --git a/install/languages/en.php b/install/languages/en.php index 80716069d..6b1398db4 100644 --- a/install/languages/en.php +++ b/install/languages/en.php @@ -79,12 +79,14 @@ If you are ready to proceed, click the Next button.", 'install:settings:label:dataroot' => 'Data Directory', 'install:settings:label:language' => 'Site Language', 'install:settings:label:siteaccess' => 'Default Site Access', + 'install:label:combo:dataroot' => 'Elgg creates data directory', 'install:settings:help:sitename' => 'The name of your new Elgg site', 'install:settings:help:siteemail' => 'Email address used by Elgg for communication with users', 'install:settings:help:wwwroot' => 'The address of the site (Elgg usually guesses this correctly)', 'install:settings:help:path' => 'The directory where you put the Elgg code (Elgg usually guesses this correctly)', 'install:settings:help:dataroot' => 'The directory that you created for Elgg to save files (the permissions on this directory are checked when you click Next)', + 'install:settings:help:dataroot:apache' => 'You have the option of Elgg creating the data directory or entering the directory that you already created for storing user files (the permissions on this directory are checked when you click Next)', 'install:settings:help:language' => 'The default language for the site', 'install:settings:help:siteaccess' => 'The default access level for new user created content', diff --git a/views/installation/forms/install/template.php b/views/installation/forms/install/template.php index ea9a08a3d..385168fe4 100644 --- a/views/installation/forms/install/template.php +++ b/views/installation/forms/install/template.php @@ -15,11 +15,11 @@ foreach ($variables as $field => $params) { $help = elgg_echo("install:$type:help:$field"); $params['name'] = $field; - $form_body .= '

'; + $form_body .= '

'; $form_body .= ""; $form_body .= elgg_view("input/{$params['type']}", $params); $form_body .= "$help"; - $form_body .= '

'; + $form_body .= '
'; } $submit_params = array( diff --git a/views/installation/input/checkbox.php b/views/installation/input/checkbox.php index 898fe8458..378eae6fd 100644 --- a/views/installation/input/checkbox.php +++ b/views/installation/input/checkbox.php @@ -2,32 +2,29 @@ /** * Elgg checkbox input * Displays a checkbox input tag - * - * @package Elgg - * @subpackage Core * - * - * Pass input tag attributes as key value pairs. For a list of allowable - * attributes, see http://www.w3schools.com/tags/tag_input.asp - * - * @uses mixed $vars['default'] The default value to submit if not checked. - * Optional, defaults to 0. Set to false for no default. + * @uses $var['name'] + * @uses $vars['value'] + * @uses $vars['id'] + * @uses $vars['class'] */ -$defaults = array( - 'class' => 'elgg-input-checkbox', - 'default' => 0, -); - -$vars = array_merge($defaults, $vars); +if (isset($vars['id'])) { + $id = "id=\"{$vars['id']}\""; +} else { + $id = ''; +} -$default = $vars['default']; -unset($vars['default']); +if (isset($vars['class'])) { + $id = "class=\"{$vars['class']}\""; +} else { + $id = ''; +} -if (isset($vars['name']) && $default !== false) { - echo ""; +if (!isset($vars['value'])) { + $vars['value'] = $vars['name']; } ?> - /> \ No newline at end of file + name="" value="" /> \ No newline at end of file diff --git a/views/installation/input/checkboxes.php b/views/installation/input/checkboxes.php deleted file mode 100644 index 026ff04ba..000000000 --- a/views/installation/input/checkboxes.php +++ /dev/null @@ -1,64 +0,0 @@ - option for the each checkbox field - * @uses string $vars['id'] The id for each input field. Optional. - * (Only use this with a single value.) - * @uses string $vars['default'] The default value to send if nothing is checked. - * Optional, defaults to 0. Set to FALSE for no default. - * @uses bool $vars['disabled'] Make all input elements disabled. Optional. - * @uses string $vars['value'] The current value. Optional. - * @uses string $vars['class'] Additional class of the list. Optional. - * @uses string $vars['align'] 'horizontal' or 'vertical' Default: 'vertical' - * - */ - -$additional_class = elgg_extract('class', $vars); -$align = elgg_extract('align', $vars, 'vertical'); -$value = (isset($vars['value'])) ? $vars['value'] : NULL; -$value_array = (is_array($value)) ? array_map('elgg_strtolower', $value) : array(elgg_strtolower($value)); -$name = (isset($vars['name'])) ? $vars['name'] : ''; -$options = (isset($vars['options']) && is_array($vars['options'])) ? $vars['options'] : array(); -$default = (isset($vars['default'])) ? $vars['default'] : 0; - -$id = (isset($vars['id'])) ? $vars['id'] : ''; -$disabled = (isset($vars['disabled'])) ? $vars['disabled'] : FALSE; - -$class = "elgg-input-checkboxes elgg-$align"; -if ($additional_class) { - $class = " $additional_class"; -} - -if ($options && count($options) > 0) { - // include a default value so if nothing is checked 0 will be passed. - if ($name && $default !== FALSE) { - echo ""; - } - - echo "'; -} \ No newline at end of file diff --git a/views/installation/input/combo.php b/views/installation/input/combo.php new file mode 100644 index 000000000..508dbcd01 --- /dev/null +++ b/views/installation/input/combo.php @@ -0,0 +1,19 @@ +$label"; + +echo '
'; \ No newline at end of file diff --git a/views/installation/input/form.php b/views/installation/input/form.php index d48d5fed8..f8730b4f5 100644 --- a/views/installation/input/form.php +++ b/views/installation/input/form.php @@ -10,12 +10,12 @@ */ if (isset($vars['id'])) { - $id = "id = \"{$vars['id']}\""; + $id = "id=\"{$vars['id']}\""; } else { $id = ''; } if (isset($vars['name'])) { - $name = "name = \"{$vars['name']}\""; + $name = "name=\"{$vars['name']}\""; } else { $name = ''; } diff --git a/views/installation/input/hidden.php b/views/installation/input/hidden.php deleted file mode 100644 index 139ff03d7..000000000 --- a/views/installation/input/hidden.php +++ /dev/null @@ -1,10 +0,0 @@ - - \ No newline at end of file diff --git a/views/installation/input/text.php b/views/installation/input/text.php index 2caf547b6..ec8233461 100644 --- a/views/installation/input/text.php +++ b/views/installation/input/text.php @@ -3,17 +3,23 @@ * Elgg text input * Displays a text input field * - * * @uses $vars['value'] The current value, if any - * @uses $vars['name'] The name of the input field - * @uses $vars['disabled'] If true then control is read-only - * @uses $vars['class'] Class override + * @uses $vars['name'] The name of the input field + * @uses $vars['class'] CSS class + * @uses $vars['id'] CSS id */ -$class = $vars['class']; -if (!$class) { - $class = "input-text"; +if (isset($vars['class'])) { + $class = "class=\"{$vars['class']}\""; +} else { + $class = ""; +} + +if (isset($vars['id'])) { + $id = "id=\"{$vars['id']}\""; +} else { + $id = ''; } ?> - name="" value="" class=""/> \ No newline at end of file + /> \ No newline at end of file -- cgit v1.2.3