[Pkg-owncloud-commits] [owncloud] 44/67: Show a warning in the installer if .htaccess is not working

David Prévot taffit at alioth.debian.org
Fri Nov 8 23:10:41 UTC 2013 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v4.5.1
in repository owncloud.

commit a97d73d6162abded77f91f114b5776bee2a1ed70
Author: Lukas Reschke <lukas at statuscode.ch>
Date:   Mon Oct 15 23:25:10 2012 +0200

    Show a warning in the installer if .htaccess is not working
---
 core/templates/installation.php |    6 ++++++
 lib/setup.php                   |    7 +++++++
 2 files changed, 13 insertions(+)

diff --git a/core/templates/installation.php b/core/templates/installation.php
index 426d609..c0b29ea 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -26,6 +26,12 @@
 		<span><?php echo $l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.');?></span>		
 	</fieldset>
 	<?php endif; ?>
+	<?php if(!$_['htaccessWorking']): ?>
+	<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
+		<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+		<span><?php echo $l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.');?></span>		
+	</fieldset>
+	<?php endif; ?>
 	<fieldset>
 		<legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend>
 		<p class="infield">
diff --git a/lib/setup.php b/lib/setup.php
index be4101f..8b9103b 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -6,6 +6,12 @@ $hasPostgreSQL = is_callable('pg_connect');
 $hasOracle = is_callable('oci_connect');
 $datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
 
+// Test if  .htaccess is working
+$content = "<Directory /data>\n";
+$content.= "Deny from All\n";
+$content.= "</Directory>";
+file_put_contents(OC::$SERVERROOT.'/data/.htaccess', $content);
+
 $opts = array(
 	'hasSQLite' => $hasSQLite,
 	'hasMySQL' => $hasMySQL,
@@ -13,6 +19,7 @@ $opts = array(
 	'hasOracle' => $hasOracle,
 	'directory' => $datadir,
 	'secureRNG' => OC_Util::secureRNG_available(),
+	'htaccessWorking' => OC_Util::ishtaccessworking(),
 	'errors' => array(),
 );
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

More information about the Pkg-owncloud-commits mailing list