Properly check the data dir
* fixes #1364 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
parent
efa9ac1230
commit
a2867c0664
|
@ -198,7 +198,8 @@
|
||||||
}
|
}
|
||||||
var afterCall = function(xhr) {
|
var afterCall = function(xhr) {
|
||||||
var messages = [];
|
var messages = [];
|
||||||
if (xhr.status !== 403 && xhr.status !== 307 && xhr.status !== 301 && xhr.responseText !== '') {
|
// .ocdata is an empty file in the data directory - if this is readable then the data dir is not protected
|
||||||
|
if (xhr.status === 200 && xhr.responseText === '') {
|
||||||
messages.push({
|
messages.push({
|
||||||
msg: t('core', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.'),
|
msg: t('core', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.'),
|
||||||
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
|
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
|
||||||
|
@ -209,7 +210,7 @@
|
||||||
|
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: 'GET',
|
type: 'GET',
|
||||||
url: OC.linkTo('', oc_dataURL+'/htaccesstest.txt?t=' + (new Date()).getTime()),
|
url: OC.linkTo('', oc_dataURL+'/.ocdata?t=' + (new Date()).getTime()),
|
||||||
complete: afterCall,
|
complete: afterCall,
|
||||||
allowAuthErrors: true
|
allowAuthErrors: true
|
||||||
});
|
});
|
||||||
|
|
|
@ -103,7 +103,7 @@ describe('OC.SetupChecks tests', function() {
|
||||||
it('should return an error if data directory is not protected', function(done) {
|
it('should return an error if data directory is not protected', function(done) {
|
||||||
var async = OC.SetupChecks.checkDataProtected();
|
var async = OC.SetupChecks.checkDataProtected();
|
||||||
|
|
||||||
suite.server.requests[0].respond(200, {'Content-Type': 'text/plain'}, 'file contents');
|
suite.server.requests[0].respond(200, {'Content-Type': 'text/plain'}, '');
|
||||||
|
|
||||||
async.done(function( data, s, x ){
|
async.done(function( data, s, x ){
|
||||||
expect(data).toEqual([
|
expect(data).toEqual([
|
||||||
|
|
|
@ -1169,6 +1169,8 @@ class OC_Util {
|
||||||
}
|
}
|
||||||
fwrite($fp, $testContent);
|
fwrite($fp, $testContent);
|
||||||
fclose($fp);
|
fclose($fp);
|
||||||
|
|
||||||
|
return $testContent;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue