Use temporary htaccesstest.txt for data dir security check
This commit is contained in:
parent
7f3f06cdd9
commit
eb34e95fd3
|
@ -197,7 +197,7 @@
|
|||
}
|
||||
var afterCall = function(xhr) {
|
||||
var messages = [];
|
||||
if (xhr.status !== 403 && xhr.status !== 307 && xhr.status !== 301 && xhr.responseText === '') {
|
||||
if (xhr.status !== 403 && xhr.status !== 307 && xhr.status !== 301 && xhr.responseText !== '') {
|
||||
messages.push({
|
||||
msg: t('core', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.'),
|
||||
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
|
||||
|
@ -208,7 +208,7 @@
|
|||
|
||||
$.ajax({
|
||||
type: 'GET',
|
||||
url: OC.linkTo('', oc_dataURL+'/.ocdata'),
|
||||
url: OC.linkTo('', oc_dataURL+'/htaccesstest.txt?t=' + (new Date()).getTime()),
|
||||
complete: afterCall
|
||||
});
|
||||
return deferred.promise();
|
||||
|
|
|
@ -103,7 +103,7 @@ describe('OC.SetupChecks tests', function() {
|
|||
it('should return an error if data directory is not protected', function(done) {
|
||||
var async = OC.SetupChecks.checkDataProtected();
|
||||
|
||||
suite.server.requests[0].respond(200);
|
||||
suite.server.requests[0].respond(200, {'Content-Type': 'text/plain'}, 'file contents');
|
||||
|
||||
async.done(function( data, s, x ){
|
||||
expect(data).toEqual([
|
||||
|
|
|
@ -1160,19 +1160,8 @@ class OC_Util {
|
|||
return $encoded;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the .htaccess file is working
|
||||
* @param \OCP\IConfig $config
|
||||
* @return bool
|
||||
* @throws Exception
|
||||
* @throws \OC\HintException If the test file can't get written.
|
||||
*/
|
||||
public function isHtaccessWorking(\OCP\IConfig $config) {
|
||||
|
||||
if (\OC::$CLI || !$config->getSystemValue('check_for_working_htaccess', true)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
public function createHtaccessTestFile(\OCP\IConfig $config) {
|
||||
// php dev server does not support htaccess
|
||||
if (php_sapi_name() === 'cli-server') {
|
||||
return false;
|
||||
|
@ -1180,7 +1169,7 @@ class OC_Util {
|
|||
|
||||
// testdata
|
||||
$fileName = '/htaccesstest.txt';
|
||||
$testContent = 'testcontent';
|
||||
$testContent = 'This is used for testing whether htaccess is properly enabled to disallow access from the outside. This file can be safely removed.';
|
||||
|
||||
// creating a test file
|
||||
$testFile = $config->getSystemValue('datadirectory', OC::$SERVERROOT . '/data') . '/' . $fileName;
|
||||
|
@ -1196,6 +1185,28 @@ class OC_Util {
|
|||
}
|
||||
fwrite($fp, $testContent);
|
||||
fclose($fp);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the .htaccess file is working
|
||||
* @param \OCP\IConfig $config
|
||||
* @return bool
|
||||
* @throws Exception
|
||||
* @throws \OC\HintException If the test file can't get written.
|
||||
*/
|
||||
public function isHtaccessWorking(\OCP\IConfig $config) {
|
||||
|
||||
if (\OC::$CLI || !$config->getSystemValue('check_for_working_htaccess', true)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$testContent = $this->createHtaccessTestFile($config);
|
||||
if ($testContent === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$fileName = '/htaccesstest.txt';
|
||||
$testFile = $config->getSystemValue('datadirectory', OC::$SERVERROOT . '/data') . '/' . $fileName;
|
||||
|
||||
// accessing the file via http
|
||||
$url = \OC::$server->getURLGenerator()->getAbsoluteURL(OC::$WEBROOT . '/data' . $fileName);
|
||||
|
|
|
@ -264,3 +264,7 @@ if ($updaterAppPanel) {
|
|||
$template->assign('forms', $formsAndMore);
|
||||
|
||||
$template->printPage();
|
||||
|
||||
$util = new \OC_Util();
|
||||
$util->createHtaccessTestFile(\OC::$server->getConfig());
|
||||
|
||||
|
|
Loading…
Reference in New Issue