partkeepr

fork of partkeepr
git clone https://git.e1e0.net/partkeepr.git
Log | Files | Refs | Submodules | README | LICENSE

commit 8994391c54f3172b4c12a8d52558c0b164357df4
parent 3418c69404fba01ce12d8dea9144cab508d1b7a6
Author: Timo A. Hummel <felicitus@felicitus.org>
Date:   Mon, 11 Jan 2016 16:29:40 +0100

Merge pull request #560 from partkeepr/PartKeepr-553

Fix for #553 
Diffstat:
M.gitignore | 2++
Aapp/logs/.htaccess | 2++
Mweb/setup/index.html | 1+
Mweb/setup/js/Cards/PrerequisitesTestCard.js | 1+
Aweb/setup/js/SetupTests/WebserverLogTest.js | 42++++++++++++++++++++++++++++++++++++++++++
5 files changed, 48 insertions(+), 0 deletions(-)

diff --git a/.gitignore b/.gitignore @@ -41,3 +41,5 @@ app/config/parameters_setup.php /composer.phar !.keep +!app/logs/.htaccess +!app/logs/ignore.json diff --git a/app/logs/.htaccess b/app/logs/.htaccess @@ -0,0 +1,2 @@ +Order deny,allow +Deny from all diff --git a/web/setup/index.html b/web/setup/index.html @@ -36,6 +36,7 @@ <script type="text/javascript" src="js/SetupTests/GenerateAuthKey.js"></script> <script type="text/javascript" src="js/SetupTests/PHPTest.js"></script> <script type="text/javascript" src="js/SetupTests/WebserverTest.js"></script> + <script type="text/javascript" src="js/SetupTests/WebserverLogTest.js"></script> <script type="text/javascript" src="js/SetupTests/WebserverRewriteTest.js"></script> <script type="text/javascript" src="js/SetupTests/PHPPrerequisitesTest.js"></script> <script type="text/javascript" src="js/SetupTests/DatabaseConnectivityTest.js"></script> diff --git a/web/setup/js/Cards/PrerequisitesTestCard.js b/web/setup/js/Cards/PrerequisitesTestCard.js @@ -16,6 +16,7 @@ Ext.define('PartKeeprSetup.PrerequisitesTestCard', { this.tests.push(new PartKeeprSetup.PHPSettingsTest()); this.tests.push(new PartKeeprSetup.WebserverTest()); this.tests.push(new PartKeeprSetup.WebserverRewriteTest()); + this.tests.push(new PartKeeprSetup.WebserverLogDirectoryTest()); this.tests.push(new PartKeeprSetup.GenerateAuthKey()); } }); diff --git a/web/setup/js/SetupTests/WebserverLogTest.js b/web/setup/js/SetupTests/WebserverLogTest.js @@ -0,0 +1,42 @@ +/** + * Tests if the web server can handle pathInfo + */ +Ext.define('PartKeeprSetup.WebserverLogDirectoryTest', { + extend: 'PartKeeprSetup.AbstractTest', + url: '../../app/logs/ignore.json', + method: 'GET', + name: "PHP", + message: "app/logs access check", + onSuccess: function (response) { + var responseObj = Ext.decode(response.responseText); + + if (responseObj.message && responseObj.message === "readable") { + this.success = false; + this.resultMessage = "Web Server misconfiguration"; + this.errors = ['Your <code>app/logs</code> directory is readable. Please either move your web server\'s document root to the web/ directory or configure <code>app/logs</code> to disallow access. For further information please read <a href="https://wiki.partkeepr.org/wiki/KB00007:Prevent_Access_to_the_logs_directory" target="_blank">wiki about how to prevent access to the logs directory</a>']; + + if (this.callback) { + this.callback.appendTestResult(this); + } + + if (this.success) { + this.fireEvent("complete", this); + } + + } + }, + onFailure: function () { + this.success = true; + this.resultMessage = "app/logs not readable"; + + if (this.callback) { + this.callback.appendTestResult(this); + } + + if (this.success) { + this.fireEvent("complete", this); + } + + + } +});