From a690a6a59c01939cf15f91f25519d53b63fd8eae Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 29 Sep 2010 08:09:17 +0000 Subject: [PATCH] Sec: If conf.php file is write protected, then all first install process is locked. --- htdocs/core/class/conf.class.php | 5 +- htdocs/install/check.php | 2 +- htdocs/install/etape0.php | 10 +- htdocs/install/etape1.php | 16 +- htdocs/install/etape2.php | 7 + htdocs/install/etape4.php | 8 + htdocs/install/etape5.php | 8 + htdocs/install/fileconf.php | 532 +++++++++++++++---------------- htdocs/install/licence.php | 33 +- htdocs/lib/functions2.lib.php | 17 +- 10 files changed, 340 insertions(+), 298 deletions(-) diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index 0aaa572ed03..344724f38f0 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -207,8 +207,9 @@ class Conf if (! $this->global->MAIN_MENUFRONT_BARRETOP) $this->global->MAIN_MENUFRONT_BARRETOP="eldy_backoffice.php"; if (! $this->global->MAIN_MENU_BARRELEFT) $this->global->MAIN_MENU_BARRELEFT="eldy_backoffice.php"; if (! $this->global->MAIN_MENUFRONT_BARRELEFT) $this->global->MAIN_MENUFRONT_BARRELEFT="eldy_backoffice.php"; - if (! $this->global->MAIN_MENU_SMARTPHONE) $this->global->MAIN_MENU_SMARTPHONE="iphone_backoffice.php"; - if (! $this->global->MAIN_MENUFRONT_SMARTPHONE) $this->global->MAIN_MENUFRONT_SMARTPHONE="iphone_backoffice.php"; + + if (empty($this->global->MAIN_MENU_SMARTPHONE)) $this->global->MAIN_MENU_SMARTPHONE="iphone_backoffice.php"; + if (empty($this->global->MAIN_MENUFRONT_SMARTPHONE)) $this->global->MAIN_MENUFRONT_SMARTPHONE="iphone_backoffice.php"; // Variable globales LDAP if (empty($this->global->LDAP_FIELD_FULLNAME)) $this->global->LDAP_FIELD_FULLNAME=''; diff --git a/htdocs/install/check.php b/htdocs/install/check.php index 33dbd1dac0d..fe554b0fc40 100644 --- a/htdocs/install/check.php +++ b/htdocs/install/check.php @@ -159,7 +159,7 @@ if (is_readable($conffile) && filesize($conffile) > 8) $confexists=1; include_once($conffile); - $databaseok=1; // TODO Check if database is ok + $databaseok=1; if ($databaseok) { // Already installed for all parts (config and database). We can propose upgrade. diff --git a/htdocs/install/etape0.php b/htdocs/install/etape0.php index 32de4e1a7d3..a0e4cad248a 100644 --- a/htdocs/install/etape0.php +++ b/htdocs/install/etape0.php @@ -1,6 +1,6 @@ - * Copyright (C) 2007-2009 Laurent Destailleur + * Copyright (C) 2007-2010 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -59,6 +59,14 @@ dolibarr_install_syslog("etape0: Entering etape0.php page"); pHeader($langs->trans("ConfigurationFile"),"etape1"); +// Test if we can run a first install process +if (is_writable($conffile)) +{ + print $langs->trans("ConfFileIsNotWritable",'htdocs/conf/conf.php'); + pFooter(1,$setuplang,'jscheckparam'); + exit; +} + // On reporte champ formulaire precedent pour propagation if ($_POST["action"] == "set") { diff --git a/htdocs/install/etape1.php b/htdocs/install/etape1.php index 19653023e2e..66e2db58b1f 100644 --- a/htdocs/install/etape1.php +++ b/htdocs/install/etape1.php @@ -48,6 +48,14 @@ dolibarr_install_syslog("etape1: Entering etape1.php page"); pHeader($langs->trans("ConfigurationFile"),"etape2"); +// Test if we can run a first install process +if (! is_writable($conffile)) +{ + print $langs->trans("ConfFileIsNotWritable",'htdocs/conf/conf.php'); + pFooter(1,$setuplang,'jscheckparam'); + exit; +} + $error = 0; // Repertoire des pages dolibarr @@ -70,11 +78,6 @@ $main_data_dir=isset($_POST["main_data_dir"])?$_POST["main_data_dir"]:''; if (! $main_data_dir) { $main_data_dir="$main_dir/documents"; } -/* - * Actions - */ - - if ($_POST["action"] == "set") { umask(0); @@ -499,7 +502,8 @@ pFooter($error,$setuplang,'jsinfo'); /** - * Save configuration file + * Save configuration file. No particular permissions are set by installer. + * @param conffile Path to conf file */ function write_conf_file($conffile) { diff --git a/htdocs/install/etape2.php b/htdocs/install/etape2.php index 69f79f1fb16..025649af16d 100644 --- a/htdocs/install/etape2.php +++ b/htdocs/install/etape2.php @@ -64,6 +64,13 @@ dolibarr_install_syslog("etape2: Entering etape2.php page"); pHeader($langs->trans("CreateDatabaseObjects"),"etape4"); +// Test if we can run a first install process +if (! is_writable($conffile)) +{ + print $langs->trans("ConfFileIsNotWritable",'htdocs/conf/conf.php'); + pFooter(1,$setuplang,'jscheckparam'); + exit; +} if ($_POST["action"] == "set") { diff --git a/htdocs/install/etape4.php b/htdocs/install/etape4.php index 3ea3f9bd33a..9ecafdbc147 100644 --- a/htdocs/install/etape4.php +++ b/htdocs/install/etape4.php @@ -56,6 +56,14 @@ $ok = 0; pHeader($langs->trans("AdminAccountCreation"),"etape5"); +// Test if we can run a first install process +if (! is_writable($conffile)) +{ + print $langs->trans("ConfFileIsNotWritable",'htdocs/conf/conf.php'); + pFooter(1,$setuplang,'jscheckparam'); + exit; +} + print ''; $db = new DoliDb($conf->db->type,$conf->db->host,$conf->db->user,$conf->db->pass,$conf->db->name,$conf->db->port); diff --git a/htdocs/install/etape5.php b/htdocs/install/etape5.php index 1e01b6b62d9..c71434170d3 100644 --- a/htdocs/install/etape5.php +++ b/htdocs/install/etape5.php @@ -102,6 +102,14 @@ if ($_POST["action"] == "set") pHeader($langs->trans("SetupEnd"),"etape5"); +// Test if we can run a first install process +if (! is_writable($conffile)) +{ + print $langs->trans("ConfFileIsNotWritable",'htdocs/conf/conf.php'); + pFooter(1,$setuplang,'jscheckparam'); + exit; +} + if ($_POST["action"] == "set" || preg_match('/upgrade/i',$_POST["action"])) { print '
'; diff --git a/htdocs/install/fileconf.php b/htdocs/install/fileconf.php index b44c732a7b3..58ea405085e 100644 --- a/htdocs/install/fileconf.php +++ b/htdocs/install/fileconf.php @@ -56,109 +56,123 @@ if (file_exists("./install.forced.php")) include_once("./install.forced.php"); dolibarr_install_syslog("Fileconf: Entering fileconf.php page"); + + /* -* View -*/ + * View + */ pHeader($langs->trans("ConfigurationFile"),"etape0"); +// Test if we can run a first install process +if (! is_writable($conffile)) +{ + print $langs->trans("ConfFileIsNotWritable",'htdocs/conf/conf.php'); + pFooter(1,$setuplang,'jscheckparam'); + exit; +} + if (! empty($force_install_message)) { - print ''.$langs->trans($force_install_message).'
'; + print ''.$langs->trans($force_install_message).'
'; } ?>
- - + + + - -'; -print $langs->trans("WebPagesDirectory"); -print ""; + + '; + print $langs->trans("WebPagesDirectory"); + print ""; -if(! isset($dolibarr_main_url_root) || dol_strlen($dolibarr_main_url_root) == 0) -{ - //print "x".$_SERVER["SCRIPT_FILENAME"]." y".$_SERVER["DOCUMENT_ROOT"]; - - // Si le php fonctionne en CGI, alors SCRIPT_FILENAME vaut le path du php et - // ce n'est pas ce qu'on veut. Dans ce cas, on propose $_SERVER["DOCUMENT_ROOT"] - if (preg_match('/^php$/i',$_SERVER["SCRIPT_FILENAME"]) || preg_match('/[\\/]php$/i',$_SERVER["SCRIPT_FILENAME"]) || preg_match('/php\.exe$/i',$_SERVER["SCRIPT_FILENAME"])) - { - $dolibarr_main_document_root=$_SERVER["DOCUMENT_ROOT"]; - - if (! preg_match('/[\\/]dolibarr[\\/]htdocs$/i',$dolibarr_main_document_root)) - { - $dolibarr_main_document_root.="/dolibarr/htdocs"; - } - } - else - { - $dolibarr_main_document_root = substr($_SERVER["SCRIPT_FILENAME"],0,dol_strlen($_SERVER["SCRIPT_FILENAME"]) - 21); - // Nettoyage du path propose - // Gere les chemins windows avec double "\" - $dolibarr_main_document_root = str_replace('\\\\','/',$dolibarr_main_document_root); - - // Supprime les slash ou antislash de fins - $dolibarr_main_document_root = preg_replace('/[\\/]+$/','',$dolibarr_main_document_root); - } -} -//echo $PMA_MYSQL_INT_VERSION; -?> - - - - - - - - + //print "x".$_SERVER["SCRIPT_FILENAME"]." y".$_SERVER["DOCUMENT_ROOT"]; - - + + + + + + + + + + + + + +?>"> + - - - + - + + + - - - - - - - + - + + + + + + -// Scan les drivers -$dir=DOL_DOCUMENT_ROOT.'/lib/databases'; -$handle=opendir($dir); -$modules = array(); -$nbok = $nbko = 0; -$option=''; + + // Switch to mysql if mysqli is not present + if ($defaultype=='mysqli' && !function_exists('mysqli_connect')) $defaultype = 'mysql'; - + // Affiche ligne dans liste + $option.=''; + } + } - + ?>   - - - - + - + - - - - + + + + - + - - + + + + - - - + - - + + - - - + + + - - - - - + + - - - - - + + + - - + + + + + - - - + + + + + + + + + + + + - + - - + + + - - - - - + + + + + - - - - - + + + + +

-trans("WebServer"); ?> -

+

trans("WebServer"); ?>

+
- -trans("WithNoSlashAtTheEnd")."
"; -print $langs->trans("Examples").":
"; -?> -
    -
  • /var/www/dolibarr/htdocs
    • -
  • C:/wwwroot/dolibarr/htdocs
    • -
-
-trans("DocumentsDirectory"); ?> - - -trans("WithNoSlashAtTheEnd")."
"; -print $langs->trans("DirectoryRecommendation")."
"; -print $langs->trans("Examples").":
"; -?> -
    -
  • /var/dolibarr_documents
    • -
  • C:/My Documents/dolibarr/
    • -
-
-trans("URLRoot"); ?> - + + trans("WithNoSlashAtTheEnd")."
"; + print $langs->trans("Examples").":
"; + ?> +
    +
  • /var/www/dolibarr/htdocs
    • +
  • C:/wwwroot/dolibarr/htdocs
    • +
+
trans("DocumentsDirectory"); ?> + + trans("WithNoSlashAtTheEnd")."
"; + print $langs->trans("DirectoryRecommendation")."
"; + print $langs->trans("Examples").":
"; + ?> +
    +
  • /var/dolibarr_documents
    • +
  • C:/My Documents/dolibarr/
    • +
+
trans("URLRoot"); ?> + - -trans("Examples").":
"; -?> -
    -
  • http://localhost/
    • -
  • http://www.myserver.com:8180/dolibarr
    • -
-
trans("Examples").":
"; + ?> +
    +
  • http://localhost/
    • +
  • http://www.myserver.com:8180/dolibarr
    • +
-
-trans("ForceHttps"); ?> -> -trans("CheckToForceHttps"); ?> -
trans("ForceHttps"); ?> + >trans("CheckToForceHttps"); ?> +

-trans("DolibarrDatabase"); ?> -

-trans("DriverType"); ?> -
- -$defaultype=! empty($dolibarr_main_db_type)?$dolibarr_main_db_type:($force_install_type?$force_install_type:'mysqli'); +

+

trans("DolibarrDatabase"); ?>

+
trans("DriverType"); ?> + = '.versiontostring($versionbasemin).')'; - if ($type=='mysqli') $note='(Mysql >= '.versiontostring($versionbasemin).')'; - if ($type=='pgsql') $note='(Postgresql >= '.versiontostring($versionbasemin).')'; - if ($type=='mssql') $note='(SQL Server >= '.versiontostring($versionbasemin).')'; + while (($file = readdir($handle))!==false) + { + if (is_readable($dir."/".$file) && preg_match('/^(.*)\.lib\.php/i',$file,$reg)) + { + $type=$reg[1]; - // Switch to mysql if mysqli is not present - if ($defaultype=='mysqli' && !function_exists('mysqli_connect')) $defaultype = 'mysql'; + // Version min de la base + $versionbasemin=array(); + if ($type=='mysql') { $versionbasemin=array(3,1,0); $testfunction='mysql_connect'; } + if ($type=='mysqli') { $versionbasemin=array(4,1,0); $testfunction='mysqli_connect'; } + if ($type=='pgsql') { $versionbasemin=array(8,1,0); $testfunction='pg_connect'; } + if ($type=='mssql') { $versionbasemin=array(2000); $testfunction='mssql_connect'; } - // Affiche ligne dans liste - $option.=''; - } -} + // Remarques + $note=''; + if ($type=='mysql') $note='(Mysql >= '.versiontostring($versionbasemin).')'; + if ($type=='mysqli') $note='(Mysql >= '.versiontostring($versionbasemin).')'; + if ($type=='pgsql') $note='(Postgresql >= '.versiontostring($versionbasemin).')'; + if ($type=='mssql') $note='(SQL Server >= '.versiontostring($versionbasemin).')'; -?> - -  - -trans("DatabaseType"); ?> -
-trans("Server"); ?> - - - -trans("ServerAddressDescription"); ?> -trans("DatabaseType"); ?>
-trans("Port"); ?> - - - -trans("ServerPortDescription"); ?> -
trans("Server"); ?> + + trans("ServerAddressDescription"); ?> +
-trans("DatabaseName"); ?> -
trans("Port"); ?> + trans("ServerPortDescription"); ?> + -trans("DatabaseName"); ?> -
-trans("CreateDatabase"); ?> -
trans("DatabaseName"); ?> + > -trans("CheckToCreateDatabase"); ?> -
trans("DatabaseName"); ?>
-trans("Login"); ?> - -trans("AdminLogin"); ?> -
trans("CreateDatabase"); ?> +
-trans("Password"); ?> - -trans("AdminPassword"); ?> -
>trans("CheckToCreateDatabase"); ?> +
-trans("CreateUser"); ?> -
trans("Login"); ?> + trans("AdminLogin"); ?>
> -trans("CheckToCreateUser"); ?> -
trans("Password"); ?> + trans("AdminPassword"); ?>
trans("CreateUser"); ?> + >trans("CheckToCreateUser"); ?> +

-trans("DatabaseSuperUserAccess"); ?> -


+

trans("DatabaseSuperUserAccess"); ?>

+
-trans("Login"); ?> -
-trans("DatabaseRootLoginDescription"); ?> -
-
trans("Login"); ?> +
trans("DatabaseRootLoginDescription"); ?> +
+
-trans("Password"); ?> -
-trans("KeepEmptyIfNoPassword"); ?> -
-
trans("Password"); ?> + +
trans("KeepEmptyIfNoPassword"); ?> +
+
diff --git a/htdocs/install/licence.php b/htdocs/install/licence.php index 4bdf971bedb..407e08da415 100644 --- a/htdocs/install/licence.php +++ b/htdocs/install/licence.php @@ -1,6 +1,6 @@ - * Copyright (C) 2005-2009 Laurent Destailleur + * Copyright (C) 2005-2010 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -18,11 +18,11 @@ */ /** - \file htdocs/install/licence.php - \ingroup install - \brief Page affichage license - \version $Id$ -*/ + * \file htdocs/install/licence.php + * \ingroup install + * \brief Page affichage license + * \version $Id$ + */ include_once("./inc.php"); require_once(DOL_DOCUMENT_ROOT."/lib/functions2.lib.php"); @@ -39,21 +39,28 @@ dolibarr_install_syslog("Licence: Entering licence.php page"); /* -* View -*/ + * View + */ pHeader($langs->trans("License"),"fileconf"); +// Test if we can run a first install process +if (! is_writable($conffile)) +{ + print $langs->trans("ConfFileIsNotWritable",'htdocs/conf/conf.php'); + pFooter(1,$setuplang,'jscheckparam'); + exit; +} //print '
';
 $result=dol_print_file($langs,"html/gpl.html",1);
 if (! $result)
 {
-	print '
'."\n";
-	print '';
-	print '
'."\n";
+    print '
'."\n";
+    print '';
+    print '
'."\n";
 }
 //print '
'; diff --git a/htdocs/lib/functions2.lib.php b/htdocs/lib/functions2.lib.php index 72c80b38309..c7b3fe14838 100644 --- a/htdocs/lib/functions2.lib.php +++ b/htdocs/lib/functions2.lib.php @@ -27,10 +27,11 @@ /** - * \brief Renvoi le fichier $filename dans la version de la langue courante, sinon alternative - * \param filename nom du fichier a rechercher - * \param searchalt cherche aussi dans langue alternative - * \return boolean + * Output content of a file $filename in version of current language (otherwise may use an alternate language) + * @param langs Object language to use for output + * @param filename Relative filename to output + * @param searchalt 1=Search also in alternative languages + * @return boolean */ function dol_print_file($langs,$filename,$searchalt=0) { @@ -40,7 +41,7 @@ function dol_print_file($langs,$filename,$searchalt=0) foreach($langs->dir as $searchdir) { $htmlfile=($searchdir."/langs/".$langs->defaultlang."/".$filename); - dol_syslog('Translate::print_file search file '.$htmlfile, LOG_DEBUG); + dol_syslog('functions2::dol_print_file search file '.$htmlfile, LOG_DEBUG); if (is_readable($htmlfile)) { $content=file_get_contents($htmlfile); @@ -50,13 +51,13 @@ function dol_print_file($langs,$filename,$searchalt=0) else print $content; return true; } - else dol_syslog('Translate::print_file not found', LOG_DEBUG); + else dol_syslog('functions2::dol_print_file not found', LOG_DEBUG); if ($searchalt) { // Test si fichier dans repertoire de la langue alternative if ($langs->defaultlang != "en_US") $htmlfilealt = $searchdir."/langs/en_US/".$filename; else $htmlfilealt = $searchdir."/langs/fr_FR/".$filename; - dol_syslog('Translate::print_file search alt file '.$htmlfilealt, LOG_DEBUG); + dol_syslog('functions2::dol_print_file search alt file '.$htmlfilealt, LOG_DEBUG); //print 'getcwd='.getcwd().' htmlfilealt='.$htmlfilealt.' X '.file_exists(getcwd().'/'.$htmlfilealt); if (is_readable($htmlfilealt)) { @@ -67,7 +68,7 @@ function dol_print_file($langs,$filename,$searchalt=0) else print $content; return true; } - else dol_syslog('Translate::print_file not found', LOG_DEBUG); + else dol_syslog('functions2::dol_print_file not found', LOG_DEBUG); } }