[TYPO3-core] RFC: #11731: [Bugfix] ENABLE_INSTALL_TOOL file check in yellow box doesn't check the file age
Moreno Feltscher
moreno at luagsh.ch
Tue Aug 25 13:31:58 CEST 2009
You're right, the comment wasn't correct. I now added a additional one so
it should fit.
Find new patch attached.
Cheers
Moreno
--- t3lib/class.t3lib_befunc.php 2009-08-17 17:34:49.000000000 +0200
+++ t3lib/class.t3lib_befunc.php 2009-08-25 13:26:20.000000000 +0200
@@ -4029,7 +4029,7 @@
public static function displayWarningMessages() {
if ($GLOBALS['BE_USER']->isAdmin()) {
$warnings = array(); // Array containing warnings that must be
displayed
- $enableInstallToolFile = PATH_site.'typo3conf/ENABLE_INSTALL_TOOL'; //
If this file exists, the Install Tool is enabled
+ $enableInstallToolFile = PATH_site .
'typo3conf/ENABLE_INSTALL_TOOL'; // If this file exists and it isn't older
than one hour, the Install Tool is enabled
$cmd = t3lib_div::_GET('adminWarning_cmd'); // Cleanup command, if set
switch($cmd) {
@@ -4062,7 +4062,10 @@
}
$GLOBALS['TYPO3_DB']->sql_free_result($res);
- if (@is_file($enableInstallToolFile)) {
+ // Check if the ENABLE_INSTALL_TOOL file contains the word
"KEEP_FILE" (if it does, the install tool is permanently enabled)
+ $content = file_get_contents($enableInstallToolFile);
+ $verifyString = 'KEEP_FILE';
+ if (trim($content) == $verifyString) {
$url =
t3lib_div::getIndpEnv('TYPO3_REQUEST_SCRIPT').'?adminWarning_cmd=remove_ENABLE_INSTALL_TOOL';
$warnings['install_enabled'] = sprintf(
$GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled'),
--- typo3/sysext/lang/locallang_core.xml 2009-08-07 21:32:36.000000000
+0200
+++ typo3/sysext/lang/locallang_core.xml 2009-08-17 17:50:16.000000000
+0200
@@ -241,7 +241,7 @@
<label index="warning.backend_admin">The default backend user "admin"
with password "password" is still present. %sEdit this
account%s, either deleting it completely or changing the username and
password.</label>
<label index="warning.file_deny_pattern">The value of fileDenyPattern
is not set to its default:%s If TYPO3 is running on Apache, a customized
value might enable backend or frontend users to execute malicious php
scripts.</label>
<label index="warning.file_deny_htaccess">The current value of
fileDenyPattern allows to upload/create files with the name ".htaccess".
If TYPO3 is running on Apache, this enables backend or frontend users to
create and execute php scripts. Please reset the value of fileDenyPattern
to its default.</label>
- <label index="warning.install_enabled">The Install Tool is enabled.
Delete the file "%s" when you have finished setting up
TYPO3.</label>
+ <label index="warning.install_enabled">The Install Tool is permanently
enabled. Delete the file "%s" when you have finished setting up
TYPO3.</label>
<label index="warning.install_enabled_cmd">Click to remove the file
now!</label>
<label index="warning.install_encryption">The encryption key is not
set. Set it in the %sBasic Configuration section%s of the Install
Tool.</label>
<label index="warning.install_update">This installation is not
configured for the TYPO3 version it is running. If you did so
intentionally, this message can be safely ignored. If you are unsure,
visit the %sUpdate Wizard%s section of the Install Tool to see how TYPO3
would change.</label>
On Tue, 25 Aug 2009 07:19:27 +0200, Steffen Ritter <info at rs-websystems.de>
wrote:
> Moreno Feltscher schrieb:
>> Of course. I thought I sent one but here it is:
>
> +1 by reading if you "correct" the comment
>
> // If this file exists, it doesn't contain the word "KEEP_FILE" and it
> isn't older than one hour, the Install Tool is enabled
>
> Shouldnt that be "If this file exists, it DOES contain the word ..."
>
> regards
>
> Steffen
--
More information about the TYPO3-team-core
mailing list