I compared the (english) language text in the install
module with the actual code and came to the following
comparison:
Code:
DIRECTORY............CHMOD............MENTIONED.IN.EN..
......MENTIONED.IN.$DIR....MENTIONED.IN.$FILES
......................................LANGUAGE.TEXT.ARR
AY....ARRAY.(777)..........ARRAY.(666)
usr/dump.............777..............Yes..............
......Yes..................No
usr/dump/*.*.........777..............Yes..............
......No...................No
usr/extensions.......777..............Yes..............
......Yes..................No
usr/extensions/*.*...666..............Yes..............
......No...................No
usr/templates........777..............Yes..............
......Yes..................No
usr/templates/*.*....666..............Yes..............
......No...................No
usr/templates/images.777..............Yes..............
......Yes..................No
usr/xml..............777..............Yes..............
......Yes..................No
usr/xml/*.*..........666..............Yes..............
......No...................No
usr/xml/content/.....777..............Yes..............
......Yes..................No
usr/xml/sdc/.........777..............Yes..............
......Yes..................No
usr/xml/vdb/.........777..............Yes..............
......Yes..................No
usr/xml/vdb/books/...777..............Yes..............
......No...................No
usr/xml/vdb/news/....777..............Yes..............
......No...................No
usr/xml/vdb/allcomments_index/..777...Yes..............
......No...................No
log..................777..............Yes..............
......Yes..................No
etc/rc.conf.php......666..............Yes..............
......No...................Yes
.htaccess............666..............Yes..............
......No...................Yes
usr/system/cache.....777..............No...............
......Yes..................No
Conclusion: there is a mismatch going on for those
directories that have two times 'No'. It should always
be mentioned as Yes in the text AND in $DIR OR $FILES.
Logged In: YES
user_id=1365667
with a new install; user contmanager and password are added
hardcoded to users.xml
Besides the fact it is not best programming practise, this
is also a security issue!
Code:
$users="<data>
<row ip=\"".$_SERVER["REMOTE_ADDR"]."\"
date_create=\"".date("Y-m-d H:i:s")."\">
<login><![CDATA[".$admin_login."]]></login>
<password><![CDATA[".$admin_password."]]></password>
<group><![CDATA[wheel]]></group>
</row>
<row ip=\"192.168.1.84\" date_create=\"2004-11-22
08:49:10\">
<login><![CDATA[contmanager]]></login>
<password><![CDATA[pass]]></password>
<group><![CDATA[managers]]></group>
</row>
For the creation of the contmanager the IP address and the
creation date should not be hardcoded. They should be the
same logic as for the admin user.
See: http://sapid-club.com/en/viewtopic.php?p=1275
Logged In: YES
user_id=1365667
Also I noticed that various methods are being used in the
install.php to change the CHMOD values.
Code:
@chmod(".htaccess", 0644);
@chmod($root_path."usr/xml/users.xml", 0644);
@chmod(getcwd() . "/etc/rc.conf", 0644);
@chmod($path . $entry, 0777);
I would advise to use one consistent method.
http://sapid-club.com/en/viewtopic.php?p=1276#1276