Menu

#37 Install.php

open
None
5
2006-07-03
2006-06-20
nlstart
No

I compared the (english) language text in the install
module with the actual code and came to the following
comparison:

Code:
DIRECTORY............CHMOD............MENTIONED.IN.EN..
......MENTIONED.IN.$DIR....MENTIONED.IN.$FILES
......................................LANGUAGE.TEXT.ARR
AY....ARRAY.(777)..........ARRAY.(666)
usr/dump.............777..............Yes..............
......Yes..................No
usr/dump/*.*.........777..............Yes..............
......No...................No
usr/extensions.......777..............Yes..............
......Yes..................No
usr/extensions/*.*...666..............Yes..............
......No...................No
usr/templates........777..............Yes..............
......Yes..................No
usr/templates/*.*....666..............Yes..............
......No...................No
usr/templates/images.777..............Yes..............
......Yes..................No
usr/xml..............777..............Yes..............
......Yes..................No
usr/xml/*.*..........666..............Yes..............
......No...................No
usr/xml/content/.....777..............Yes..............
......Yes..................No
usr/xml/sdc/.........777..............Yes..............
......Yes..................No
usr/xml/vdb/.........777..............Yes..............
......Yes..................No
usr/xml/vdb/books/...777..............Yes..............
......No...................No
usr/xml/vdb/news/....777..............Yes..............
......No...................No
usr/xml/vdb/allcomments_index/..777...Yes..............
......No...................No
log..................777..............Yes..............
......Yes..................No
etc/rc.conf.php......666..............Yes..............
......No...................Yes
.htaccess............666..............Yes..............
......No...................Yes
usr/system/cache.....777..............No...............
......Yes..................No

Conclusion: there is a mismatch going on for those
directories that have two times 'No'. It should always
be mentioned as Yes in the text AND in $DIR OR $FILES.

http://sapid-club.com/en/viewtopic.php?t=397

Discussion

  • nlstart

    nlstart - 2006-06-21

    Logged In: YES
    user_id=1365667

    with a new install; user contmanager and password are added
    hardcoded to users.xml
    Besides the fact it is not best programming practise, this
    is also a security issue!

    Code:
    $users="<data>
    <row ip=\"".$_SERVER["REMOTE_ADDR"]."\"
    date_create=\"".date("Y-m-d H:i:s")."\">
    <login><![CDATA[".$admin_login."]]></login>
    <password><![CDATA[".$admin_password."]]></password>
    <group><![CDATA[wheel]]></group>
    </row>
    <row ip=\"192.168.1.84\" date_create=\"2004-11-22
    08:49:10\">
    <login><![CDATA[contmanager]]></login>
    <password><![CDATA[pass]]></password>
    <group><![CDATA[managers]]></group>
    </row>

    For the creation of the contmanager the IP address and the
    creation date should not be hardcoded. They should be the
    same logic as for the admin user.

    See: http://sapid-club.com/en/viewtopic.php?p=1275

     
  • nlstart

    nlstart - 2006-06-21

    Logged In: YES
    user_id=1365667

    Also I noticed that various methods are being used in the
    install.php to change the CHMOD values.
    Code:
    @chmod(".htaccess", 0644);
    @chmod($root_path."usr/xml/users.xml", 0644);
    @chmod(getcwd() . "/etc/rc.conf", 0644);
    @chmod($path . $entry, 0777);

    I would advise to use one consistent method.

    http://sapid-club.com/en/viewtopic.php?p=1276#1276

     
  • nlstart

    nlstart - 2006-07-03
    • assigned_to: nobody --> sheiko
     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.