From 2411147dd28724aafbeaecfc7074d1252034779c Mon Sep 17 00:00:00 2001 From: Felicitus Date: Mon, 11 Jan 2016 16:21:56 +0100 Subject: [PATCH] Fix for #553: Force setup to check if app/logs is readable. --- .gitignore | 2 + app/logs/.htaccess | 2 + web/setup/index.html | 1 + web/setup/js/Cards/PrerequisitesTestCard.js | 1 + web/setup/js/SetupTests/WebserverLogTest.js | 42 +++++++++++++++++++++ 5 files changed, 48 insertions(+) create mode 100644 app/logs/.htaccess create mode 100644 web/setup/js/SetupTests/WebserverLogTest.js diff --git a/.gitignore b/.gitignore index e35d11e41..ce4df8742 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,5 @@ app/config/parameters_setup.php /composer.phar !.keep +!app/logs/.htaccess +!app/logs/ignore.json diff --git a/app/logs/.htaccess b/app/logs/.htaccess new file mode 100644 index 000000000..93169e4eb --- /dev/null +++ b/app/logs/.htaccess @@ -0,0 +1,2 @@ +Order deny,allow +Deny from all diff --git a/web/setup/index.html b/web/setup/index.html index 66957dc7e..a7e87759a 100644 --- a/web/setup/index.html +++ b/web/setup/index.html @@ -36,6 +36,7 @@ + diff --git a/web/setup/js/Cards/PrerequisitesTestCard.js b/web/setup/js/Cards/PrerequisitesTestCard.js index ba794d8e8..d22855dd9 100644 --- a/web/setup/js/Cards/PrerequisitesTestCard.js +++ b/web/setup/js/Cards/PrerequisitesTestCard.js @@ -16,6 +16,7 @@ Ext.define('PartKeeprSetup.PrerequisitesTestCard', { this.tests.push(new PartKeeprSetup.PHPSettingsTest()); this.tests.push(new PartKeeprSetup.WebserverTest()); this.tests.push(new PartKeeprSetup.WebserverRewriteTest()); + this.tests.push(new PartKeeprSetup.WebserverLogDirectoryTest()); this.tests.push(new PartKeeprSetup.GenerateAuthKey()); } }); diff --git a/web/setup/js/SetupTests/WebserverLogTest.js b/web/setup/js/SetupTests/WebserverLogTest.js new file mode 100644 index 000000000..e0a4b8fc7 --- /dev/null +++ b/web/setup/js/SetupTests/WebserverLogTest.js @@ -0,0 +1,42 @@ +/** + * Tests if the web server can handle pathInfo + */ +Ext.define('PartKeeprSetup.WebserverLogDirectoryTest', { + extend: 'PartKeeprSetup.AbstractTest', + url: '../../app/logs/ignore.json', + method: 'GET', + name: "PHP", + message: "app/logs access check", + onSuccess: function (response) { + var responseObj = Ext.decode(response.responseText); + + if (responseObj.message && responseObj.message === "readable") { + this.success = false; + this.resultMessage = "Web Server misconfiguration"; + this.errors = ['Your app/logs directory is readable. Please either move your web server\'s document root to the web/ directory or configure app/logs to disallow access. For further information please read wiki about how to prevent access to the logs directory']; + + if (this.callback) { + this.callback.appendTestResult(this); + } + + if (this.success) { + this.fireEvent("complete", this); + } + + } + }, + onFailure: function () { + this.success = true; + this.resultMessage = "app/logs not readable"; + + if (this.callback) { + this.callback.appendTestResult(this); + } + + if (this.success) { + this.fireEvent("complete", this); + } + + + } +});