commit 8994391c54f3172b4c12a8d52558c0b164357df4
parent 3418c69404fba01ce12d8dea9144cab508d1b7a6
Author: Timo A. Hummel <felicitus@felicitus.org>
Date: Mon, 11 Jan 2016 16:29:40 +0100
Merge pull request #560 from partkeepr/PartKeepr-553
Fix for #553
Diffstat:
5 files changed, 48 insertions(+), 0 deletions(-)
diff --git a/.gitignore b/.gitignore
@@ -41,3 +41,5 @@ app/config/parameters_setup.php
/composer.phar
!.keep
+!app/logs/.htaccess
+!app/logs/ignore.json
diff --git a/app/logs/.htaccess b/app/logs/.htaccess
@@ -0,0 +1,2 @@
+Order deny,allow
+Deny from all
diff --git a/web/setup/index.html b/web/setup/index.html
@@ -36,6 +36,7 @@
<script type="text/javascript" src="js/SetupTests/GenerateAuthKey.js"></script>
<script type="text/javascript" src="js/SetupTests/PHPTest.js"></script>
<script type="text/javascript" src="js/SetupTests/WebserverTest.js"></script>
+ <script type="text/javascript" src="js/SetupTests/WebserverLogTest.js"></script>
<script type="text/javascript" src="js/SetupTests/WebserverRewriteTest.js"></script>
<script type="text/javascript" src="js/SetupTests/PHPPrerequisitesTest.js"></script>
<script type="text/javascript" src="js/SetupTests/DatabaseConnectivityTest.js"></script>
diff --git a/web/setup/js/Cards/PrerequisitesTestCard.js b/web/setup/js/Cards/PrerequisitesTestCard.js
@@ -16,6 +16,7 @@ Ext.define('PartKeeprSetup.PrerequisitesTestCard', {
this.tests.push(new PartKeeprSetup.PHPSettingsTest());
this.tests.push(new PartKeeprSetup.WebserverTest());
this.tests.push(new PartKeeprSetup.WebserverRewriteTest());
+ this.tests.push(new PartKeeprSetup.WebserverLogDirectoryTest());
this.tests.push(new PartKeeprSetup.GenerateAuthKey());
}
});
diff --git a/web/setup/js/SetupTests/WebserverLogTest.js b/web/setup/js/SetupTests/WebserverLogTest.js
@@ -0,0 +1,42 @@
+/**
+ * Tests if the web server can handle pathInfo
+ */
+Ext.define('PartKeeprSetup.WebserverLogDirectoryTest', {
+ extend: 'PartKeeprSetup.AbstractTest',
+ url: '../../app/logs/ignore.json',
+ method: 'GET',
+ name: "PHP",
+ message: "app/logs access check",
+ onSuccess: function (response) {
+ var responseObj = Ext.decode(response.responseText);
+
+ if (responseObj.message && responseObj.message === "readable") {
+ this.success = false;
+ this.resultMessage = "Web Server misconfiguration";
+ this.errors = ['Your <code>app/logs</code> directory is readable. Please either move your web server\'s document root to the web/ directory or configure <code>app/logs</code> to disallow access. For further information please read <a href="https://wiki.partkeepr.org/wiki/KB00007:Prevent_Access_to_the_logs_directory" target="_blank">wiki about how to prevent access to the logs directory</a>'];
+
+ if (this.callback) {
+ this.callback.appendTestResult(this);
+ }
+
+ if (this.success) {
+ this.fireEvent("complete", this);
+ }
+
+ }
+ },
+ onFailure: function () {
+ this.success = true;
+ this.resultMessage = "app/logs not readable";
+
+ if (this.callback) {
+ this.callback.appendTestResult(this);
+ }
+
+ if (this.success) {
+ this.fireEvent("complete", this);
+ }
+
+
+ }
+});