BUGFIX Don't delete index.php after successful installation - in ContentController->deleteinstallfiles(). URL routing might rely on it without mod_rewrite.

BUGFIX Require ADMIN permissions for ContentController->deleteinstallfiles() - together with retaining index.php this removed a vulnerability where unauthenticated users can disrupt mod_rewrite-less URL routing. 

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101227 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-03-17 22:28:36 +00:00 committed by Sam Minnee
parent 805337da0f
commit 7028a42658

View File

@ -29,7 +29,7 @@ class ContentController extends Controller {
public static $allowed_actions = array ( public static $allowed_actions = array (
'PageComments', 'PageComments',
'successfullyinstalled', 'successfullyinstalled',
'deleteinstallfiles' 'deleteinstallfiles' // secured through custom code
); );
/** /**
@ -423,6 +423,7 @@ HTML;
$fourohfour->publish("Stage", "Live"); $fourohfour->publish("Stage", "Live");
} }
// TODO Allow this to work when allow_url_fopen=0
if(isset($_SESSION['StatsID']) && $_SESSION['StatsID']) { if(isset($_SESSION['StatsID']) && $_SESSION['StatsID']) {
$url = 'http://ss2stat.silverstripe.com/Installation/installed?ID=' . $_SESSION['StatsID']; $url = 'http://ss2stat.silverstripe.com/Installation/installed?ID=' . $_SESSION['StatsID'];
@file_get_contents($url); @file_get_contents($url);
@ -443,8 +444,7 @@ HTML;
&nbsp; &nbsp; Email: $username<br /> &nbsp; &nbsp; Email: $username<br />
&nbsp; &nbsp; Password: $password<br /> &nbsp; &nbsp; Password: $password<br />
</p> </p>
<div style="background:#ddd; border:1px solid #ccc; padding:5px; margin:5px;"><img src="cms/images/dialogs/alert.gif" style="border: none; margin-right: 10px; float: left;" /><p style="color:red;">For security reasons you should now delete the install files, unless you are planning to reinstall later. The web server also now only needs write access to the "assets" folder, you can remove write access from all other folders.</p> <div style="background:#ddd; border:1px solid #ccc; padding:5px; margin:5px;"><img src="cms/images/dialogs/alert.gif" style="border: none; margin-right: 10px; float: left;" /><p style="color:red;">For security reasons you should now delete the install files, unless you are planning to reinstall later (<em>requires admin login, see above</em>). The web server also now only needs write access to the "assets" folder, you can remove write access from all other folders. <a href="home/deleteinstallfiles" style="text-align: center;">Click here to delete the install files.</a></p>
<div style="margin-left: auto; margin-right: auto; width: 50%;"><p><a href="home/deleteinstallfiles" style="text-align: center;">Click here to delete the install files.</a></p></div></div>
HTML HTML
); );
@ -455,14 +455,18 @@ HTML
} }
function deleteinstallfiles() { function deleteinstallfiles() {
if(!Permission::check("ADMIN")) return Security::permissionFailure($this);
$title = new Varchar("Title"); $title = new Varchar("Title");
$content = new HTMLText("Content"); $content = new HTMLText("Content");
$tempcontent = ''; $tempcontent = '';
$username = Session::get('username'); $username = Session::get('username');
$password = Session::get('password'); $password = Session::get('password');
// We can't delete index.php as it might be necessary for URL routing without mod_rewrite.
// There's no safe way to detect usage of mod_rewrite across webservers,
// so we have to assume the file is required.
$installfiles = array( $installfiles = array(
'index.php',
'install.php', 'install.php',
'rewritetest.php', 'rewritetest.php',
'config-form.css', 'config-form.css',