[Pkg-owncloud-commits] [owncloud] 60/73: Show a warning in the installer if .htaccess is not working

David Prévot taffit at alioth.debian.org
Fri Nov 8 23:09:12 UTC 2013


This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v4.0.10
in repository owncloud.

commit 4a1f1a49a0fdad2f95b09c9c3c352fe3c74c9542
Author: Lukas Reschke <lukas at statuscode.ch>
Date:   Mon Oct 15 23:25:10 2012 +0200

    Show a warning in the installer if .htaccess is not working
---
 core/templates/installation.php |    6 ++++++
 lib/setup.php                   |    7 +++++++
 2 files changed, 13 insertions(+)

diff --git a/core/templates/installation.php b/core/templates/installation.php
index e27b31b..98eede3 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -25,6 +25,12 @@
 		<span><?php echo $l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.');?></span>		
 	</fieldset>
 	<?php endif; ?>
+	<?php if(!$_['htaccessWorking']): ?>
+	<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
+		<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+		<span><?php echo $l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.');?></span>		
+	</fieldset>
+	<?php endif; ?>
 	<fieldset>
 		<legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend>
 		<p class="infield">
diff --git a/lib/setup.php b/lib/setup.php
index 8d80e9d..44fa47a 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -5,12 +5,19 @@ $hasMySQL = is_callable('mysql_connect');
 $hasPostgreSQL = is_callable('pg_connect');
 $datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
 
+// Test if  .htaccess is working
+$content = "<Directory /data>\n";
+$content.= "Deny from All\n";
+$content.= "</Directory>";
+file_put_contents(OC::$SERVERROOT.'/data/.htaccess', $content);
+
 $opts = array(
 	'hasSQLite' => $hasSQLite,
 	'hasMySQL' => $hasMySQL,
 	'hasPostgreSQL' => $hasPostgreSQL,
 	'directory' => $datadir,
 	'secureRNG' => OC_Util::secureRNG_available(),
+	'htaccessWorking' => OC_Util::ishtaccessworking(),
 	'errors' => array(),
 );
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git



More information about the Pkg-owncloud-commits mailing list