Merge pull request #7 from silverstripe-security/pulls/4.3/joseph-installin

[CVE-2019-12204]: install.php warning does not account for public dir
This commit is contained in:
Serge Latyntsev 2019-09-24 11:25:49 +12:00 committed by GitHub
commit c7e44f85aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -2011,7 +2011,7 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
); );
} }
if (file_exists(BASE_PATH . '/install.php')) { if (file_exists(PUBLIC_PATH . '/install.php')) {
$fields->addFieldToTab('Root.Main', LiteralField::create( $fields->addFieldToTab('Root.Main', LiteralField::create(
'InstallWarningHeader', 'InstallWarningHeader',
'<div class="alert alert-warning">' . _t( '<div class="alert alert-warning">' . _t(