Commit Graph

194 Commits

Author SHA1 Message Date
Damian Mooyman
d8fd64c3e2 [ss-2015-016]: Fix XSS in install.php 2015-09-08 10:08:28 +12:00
Daniel Hensby
9e600e9e0c Removing redundant var declaration 2015-02-16 07:56:04 +00:00
zauberfisch
eb98b003b7 Fixed looking for _ss_environment.php in root dir and removed redundant code 2015-02-13 23:30:29 +00:00
Corey Sewell
1262115359 Fix #3794
Fix #3794
2015-01-20 13:21:12 +13:00
Corey Sewell
fbebf96d66 Add detection for PHP running in CGI mode and add HTTP_AUTHORIZATION rewrite rule
Detect and parse HTTP_AUTHORIZATION for basic authentication running PHP in CGI mode
Add comments about using CGI mode with Apache and Basic Auth in /docs/en/topics/environment-management.md
Added notes  to docs/en/changelogs/3.1.9.md
2014-12-05 11:35:52 +13:00
Ingo Schommer
5babab81ee Improve .htaccess commenting
Done alongside improvements of the execution-pipeline.md docs.
Installer comment taken from d5723f7.
2014-11-15 14:41:50 +13:00
Sean Harvey
8cf99b9bec Fixing inconsistent use of RewriteRule in docs and install.php5
It currently doesn't match the .htaccess that comes with a checkout of
silverstripe-installer.
2014-08-18 10:55:47 +12:00
Simon Welsh
b9ae401772 Don't block rewriting .php URLs 2014-08-16 22:08:52 +10:00
Stevie Mayhew
a261f223e4 BUG Delete Character \x01 2014-04-11 14:51:52 +12:00
Simon Welsh
7ee70cec0b Merge pull request #2778 from grooverdan/patch-1
Update install.php5 - error handling on getDatabaseConfigurationHelper
2014-03-15 21:17:30 +13:00
Damian Mooyman
0cbad41d3b Rewrote usages of error suppression operator 2014-03-05 15:48:55 +13:00
Daniel Black
fb12d1ee37 Update install.php5
Defaulting to MySQL here is really dumb. There is an explicit type as an argument so falling back to mysql could result in "I couldn't write to path ....db" despite the real error that the include of the sqlite3/code/SQLiteDatabaseConfigurationHelper.php failed for some reason.

Other uses of getDatabaseConfigurationHelper also need a similar error handler.
2014-01-14 13:07:09 +11:00
websTTer
cd3cc1b923 Fix installer isIIS() to include IIS versions greater than 7. 2013-11-18 14:34:32 +13:00
Sean Harvey
fd2e7c1dd3 Use getTempFolder() from core when checking for temp in installer.
Fix for issue #2420. Instead of using custom temp folder discovery
code in the installer, use the core getTempFolder() instead.
2013-11-01 13:53:53 +13:00
Stephen Shkardoon
d2360ec8aa MINOR typo where display_errors wasn't checked properly 2013-10-23 22:00:05 +13:00
zauberfisch
48049647d8 formatted install.php5 according to SilverStripe coding conventions (spaces) 2013-10-16 21:17:22 +01:00
zauberfisch
0b4c3946ff formatted install.php5 according to SilverStripe coding conventions (tabs instead of spaces, no 1 line if with else, ...) 2013-10-16 21:11:06 +01:00
zauberfisch
c4810b8e0f changed install.php5 to respect line length limit according to SilverStripe coding conventions 2013-10-16 21:00:20 +01:00
zauberfisch
e357fa298e suggest that arg_separator.output to be &, if set to something else it may result in issues with url parameters 2013-10-16 20:37:15 +01:00
Ingo Schommer
c05b7c2c8f Installer regression from dd49834 2013-10-16 11:28:33 +02:00
Ingo Schommer
795d3e4b3b Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	dev/install/install.php5
	docs/en/index.md
	tests/core/CoreTest.php
2013-10-07 16:18:20 +02:00
Sean Harvey
dd49834b9e BUG Fixing installer not checking display_errors correctly.
Fixes issue #2479. Installer sets display_errors on, but it checks
the changed value and not the original one set in php.ini.
2013-10-04 10:05:28 +13:00
Ingo Schommer
afe06661ef Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/templates/Includes/LeftAndMain_Menu.ss
	admin/templates/Includes/ModelAdmin_ImportSpec.ss
	admin/templates/Includes/ModelAdmin_Tools.ss
	admin/templates/LeftAndMain.ss
	admin/templates/ModelSidebar.ss
	i18n/i18n.php
	templates/ComplexTableField.ss
	templates/ComplexTableField_popup.ss
	templates/FileIFrameField_iframe.ss
	templates/Includes/GridFieldItemEditView.ss
	templates/Includes/TableListField_PageControls.ss
	templates/RelationComplexTableField.ss
	templates/TableField.ss
	templates/TableListField.ss
2013-08-07 17:14:47 +02:00
Ingo Schommer
b159284c6c Fixed "session started" error on install.php 2013-08-07 16:28:54 +02:00
Hamish Friedlander
2110493466 Merge branch '3.0' into 3.1 2013-08-07 09:43:52 +12:00
Hamish Friedlander
a685a8dee9 FIX Include flushtoken when install redirects to successfullyinstalled 2013-08-02 11:00:26 +12:00
Ingo Schommer
5d97f615ce Merge remote-tracking branch 'origin/3.0' into 3.1 2013-05-31 17:52:24 +02:00
Simon Welsh
e90012787d Merge branch 'hackfest_may_2013' of https://github.com/NightJar/sapphire into 3.1
Conflicts:
	docs/en/changelogs/3.1.0.md
2013-05-25 20:07:54 +12:00
Nightjar
5ec8158977 Check that Webserver is not Apache/1.x in light of installer assets/.htaccess alterations 2013-05-25 20:03:36 +12:00
Sam Minnée
f6fbd78cd9 Merge pull request #1786 from colymba/3.0-htaccess-fix
vendor folder is blocked only if outside themes
2013-05-24 23:50:41 -07:00
Stephen Shkardoon
aa3699ff0a Deprecate magic_quotes and fix bad install opts
Change the in_array call to not do bad things with strict casting off
Add a deprecated message if you run with magic_quotes on
Change the requirement for magic_quotes to an error
2013-05-25 12:42:52 +12:00
Daniel Hensby
ac989cc3c0 Regression due to previous patch
Fixing installer regression due to patch #1972
2013-05-24 15:29:39 +01:00
Daniel Hensby
bc9567c9ef FIX Environment file finder logic
Fixing the logic that searches for environment files so that warnings
due to open_basedir are suppressed and both the 'realdir' and the server
path are spidered for the environment file.
2013-05-22 14:35:33 +01:00
Daniel Hensby
9a6a6ec75d Arbitrary placement of _ss_environment.php in parent folders
Removes hardcoding to three levels
2013-05-14 13:39:43 +02:00
Ingo Schommer
8c9dd02d73 Merge pull request #1876 from wilr/open6449
Suggest users install curl, tidy on their machines.
2013-05-12 14:21:50 -07:00
Zauberfisch
6f11f92f5b Reverted 9a52dae207 & ed19bbc3ba 2013-05-11 18:50:02 +00:00
Will Rossiter
e56abaca4f Suggest users install curl, tidy on their machines. 2013-05-11 18:31:02 +12:00
Will Rossiter
22e8ba6ff6 FIX: Check for POST support in installer
Also two minor fixes for Web server configuration
	* Prevent notice on unsupported setups.
	* Show successful message.

Conflicts:
	dev/install/install.php5
2013-05-08 22:51:27 +12:00
colymba
41c0f8080e FIX Only block root vendor folder
Use RewriteRule instead to take in account any subfolder via RewriteBase. Deny ss-cache and composer via RewriteRule too.
2013-04-27 16:03:35 +03:00
Ingo Schommer
9856fcef21 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	javascript/DateField.js
	model/DataQuery.php
	model/Versioned.php
	tests/forms/RequirementsTest.php
	tests/model/DataObjectLazyLoadingTest.php
	view/Requirements.php
2013-04-09 14:45:35 +02:00
Ingo Schommer
9a52dae207 Removed LOLCAT locale from installer (fixes #1457) 2013-04-04 11:18:40 +02:00
Sean Harvey
a99c829ed1 Ensure composer files aren't accessible using IIS 2013-04-03 15:59:14 +13:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Simon Welsh
7ce010928d Merge pull request #1327 from ss23/patch-2
BUG Database config values aren't escaped
2013-03-23 12:16:13 -07:00
Stephen Shkardoon
9b9f367e93 BUG Database config values aren't escaped
Causes minor UI issues if you try use database configuration values that happen to have " or other values in them.
2013-03-24 01:05:33 +13:00
Stephen Shkardoon
f27410c257 Missing closing <a> tag in installer 2013-03-24 00:06:54 +13:00
Hamish Friedlander
7efae6b95f Merge remote-tracking branch 'origin/3.0' into 3.1 2013-02-18 14:31:57 +13:00
Ingo Schommer
ede381326b BUG Secure composer files from web access (fixes #8011)
Already applied to root .htaccess, but required for dynamically
generated file from installer as well. Also added upgrade instructions.
2013-02-17 22:33:04 +01:00
Ingo Schommer
634c91c6ff Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	email/Mailer.php
2013-01-30 12:46:24 +01:00
Hamish Friedlander
bec5ae1886 Include code to block yaml files in installer generated .htaccess 2013-01-29 14:20:12 +13:00