Merge pull request #25045 from owncloud/stable9-admin-datadircheck-fix

[stable9] Use temporary htaccesstest.txt for data dir security check

core/js/setupchecks.js

@@ -197,7 +197,7 @@
 			}
 			var afterCall = function(xhr) {
 				var messages = [];
-				if (xhr.status !== 403 && xhr.status !== 307 && xhr.status !== 301 && xhr.responseText === '') {
+				if (xhr.status !== 403 && xhr.status !== 307 && xhr.status !== 301 && xhr.responseText !== '') {
 					messages.push({
 						msg: t('core', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.'),
 						type: OC.SetupChecks.MESSAGE_TYPE_ERROR
@@ -208,7 +208,7 @@
 
 			$.ajax({
 				type: 'GET',
-				url: OC.linkTo('', oc_dataURL+'/.ocdata'),
+				url: OC.linkTo('', oc_dataURL+'/htaccesstest.txt?t=' + (new Date()).getTime()),
 				complete: afterCall
 			});
 			return deferred.promise();

core/js/tests/specs/setupchecksSpec.js

@@ -103,7 +103,7 @@ describe('OC.SetupChecks tests', function() {
 		it('should return an error if data directory is not protected', function(done) {
 			var async = OC.SetupChecks.checkDataProtected();
 
-			suite.server.requests[0].respond(200);
+			suite.server.requests[0].respond(200, {'Content-Type': 'text/plain'}, 'file contents');
 
 			async.done(function( data, s, x ){
 				expect(data).toEqual([

lib/private/util.php

@@ -1160,19 +1160,8 @@ class OC_Util {
 		return $encoded;
 	}
 
-	/**
-	 * Check if the .htaccess file is working
-	 * @param \OCP\IConfig $config
-	 * @return bool
-	 * @throws Exception
-	 * @throws \OC\HintException If the test file can't get written.
-	 */
-	public function isHtaccessWorking(\OCP\IConfig $config) {
-
-		if (\OC::$CLI || !$config->getSystemValue('check_for_working_htaccess', true)) {
-			return true;
-		}
 
+	public function createHtaccessTestFile(\OCP\IConfig $config) {
 		// php dev server does not support htaccess
 		if (php_sapi_name() === 'cli-server') {
 			return false;
@@ -1180,7 +1169,7 @@ class OC_Util {
 
 		// testdata
 		$fileName = '/htaccesstest.txt';
-		$testContent = 'testcontent';
+		$testContent = 'This is used for testing whether htaccess is properly enabled to disallow access from the outside. This file can be safely removed.';
 
 		// creating a test file
 		$testFile = $config->getSystemValue('datadirectory', OC::$SERVERROOT . '/data') . '/' . $fileName;
@@ -1196,6 +1185,28 @@ class OC_Util {
 		}
 		fwrite($fp, $testContent);
 		fclose($fp);
+	}
+
+	/**
+	 * Check if the .htaccess file is working
+	 * @param \OCP\IConfig $config
+	 * @return bool
+	 * @throws Exception
+	 * @throws \OC\HintException If the test file can't get written.
+	 */
+	public function isHtaccessWorking(\OCP\IConfig $config) {
+
+		if (\OC::$CLI || !$config->getSystemValue('check_for_working_htaccess', true)) {
+			return true;
+		}
+
+		$testContent = $this->createHtaccessTestFile($config);
+		if ($testContent === false) {
+			return false;
+		}
+
+		$fileName = '/htaccesstest.txt';
+		$testFile = $config->getSystemValue('datadirectory', OC::$SERVERROOT . '/data') . '/' . $fileName;
 
 		// accessing the file via http
 		$url = \OC::$server->getURLGenerator()->getAbsoluteURL(OC::$WEBROOT . '/data' . $fileName);

settings/admin.php

@@ -264,3 +264,7 @@ if ($updaterAppPanel) {
 $template->assign('forms', $formsAndMore);
 
 $template->printPage();
+
+$util = new \OC_Util();
+$util->createHtaccessTestFile(\OC::$server->getConfig());
+